diff options
79 files changed, 18516 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 000000000..70ac0349b --- /dev/null +++ b/debian/NEWS @@ -0,0 +1,111 @@ +strongswan (5.6.2-1) unstable; urgency=medium + + Starting 5.6.1, several algorithms were removed from the default ESP/AH and + IKEv2 proposals in compliance with RFC 8221[1] and RFC 8247[2], + respectively. + . + Removed from the default ESP/AH proposal were the 3DES and Blowfish + encryption algorithms and the HMAC-MD5 integrity algorithm. + . + From the IKEv2 default proposal the HMAC-MD5 integrity algorithm and the + MODP-1024 Diffie-Hellman group were removed (the latter is significant for + Windows clients in their default configuration). + . + These algorithms may still be used in custom proposals and MODP-2048 can be + enabled manually on Windows 7 clients [3]. + . + [1] https://tools.ietf.org/html/rfc8221 + [2] https://tools.ietf.org/html/rfc8247 + [3] https://wiki.strongswan.org/projects/strongswan/wiki/Windows7#AES-256-CBC-and-MODP2048 + + -- Yves-Alexis Perez <corsac@debian.org> Tue, 20 Feb 2018 12:27:00 +0100 + +strongswan (5.1.2-1) unstable; urgency=medium + + Starting 5.1.2, strongSwan natively support a configuration directory (in + /etc/strongswan.d/). This replaces the /etc/strongswan.conf.d/ configuration + directly which was added in 5.1.1-1. + . + More information can be found on the strongswan.d configuration mechanism on + the upstream commit [1] and user documentation [2]. + . + In Debian, these configurations directories are especially use to easily + toggle the loading of the various plugins shipped with the Debian packages. + Upstream defaults to load the plugins, and this can be overridden by + changing the files in /etc/strongswan.d. As those latter files are tracked + as configuration files, modifications won't be reverted when the package is + upgraded. Default settings for the plugins can be found in the templates dir + in the /usr/share/strongswan/templates/config folder. + . + [1]: http://wiki.strongswan.org/projects/strongswan/repository/revisions/55015036183c47692c2e2349a4c59bf00c107986 + [2]: http://wiki.strongswan.org/projects/strongswan/wiki/StrongswanDirectory + + -- Yves-Alexis Perez <corsac@debian.org> Wed, 12 Mar 2014 10:31:44 +0100 + +strongswan (5.1.1-2+splitplugins) experimental; urgency=medium + + In 5.1.1-2 package, few plugins have been split from the main libstrongswan + package. The plugins are now in following packages: + - libstrongswan: main/default plugins, as defined by the strongSwan + project + - libstrongswan-standard-plugins: non default but useful plugins (agent, + gcm and openssl) + - libstrongswan-extra-plugins: more scarcely used plugins + - libcharon-extra-plugins: more scarecely used plugins for the charon + daemon + + WARNING: this is an experimental release of the packaging, use at your own + risk. + + -- Yves-Alexis Perez <corsac@debian.org> Sun, 02 Feb 2014 20:05:15 +0100 + +strongswan (5.1.0-1) unstable; urgency=low + + Starting with strongSwan 5, the IKEv1 daemon (pluto) is gone, and the charon + daemon is now able to handle both IKEv1 and IKEv2 protocols. + + There should be no issue for previous charon users, but for pluto users that + means they need to re-configure strongSwan in order to use charon. Some + migration help can be found on the strongSwan website at + http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1 and in + some IKEv1 configuration examples at + http://wiki.strongswan.org/projects/strongswan/wiki/IKEv1Examples. + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 30 Sep 2013 20:43:03 +0200 + +strongswan (4.5.0-1) unstable; urgency=low + + Starting with strongswan 4.5.0 upstream, the IKEv2 protocol is now the + default. This can easily be changed using the keyexchange=ikev1 config + option (either in the respective "conn" section or by putting it in the + "default" section and therefore applying it to all existing connections). + + The IKEv2 protocol has less overhead, more features (e.g. NAT-Traversal by + default, MOBIKE, Mobile IPv6), and provides better error messages in case + the connection can not be established. It is therefore highly recommended + to use it when the other side also supports it. + + Addtionally, strongswan 4.5.0-1 now enables support for NAT Traversal in + combination with IPsec transport mode (the support for this has existed + for a long time, but was disabled due to security concerns). This is + required e.g. to let mobile phone clients (notably Android, iPhone) + connect to an L2TP/IPsec gateway using strongswan. The security + implications as described in the original README.NAT-Traversal file from + the openswan distribution are: + + * Transport Mode can't be used without NAT in the IPSec layer. Otherwise, + all packets for the NAT device (including all hosts behind it) would be + sent to the NAT-T Client. This would create a sort of blackhole between + the peer which is not behind NAT and the NAT device. + + * In Tunnel Mode with roadwarriors, we CAN'T accept any IP address, + otherwise, an evil roadwarrior could redirect all trafic for one host + (including a host on the private network) to himself. That's why, you have + to specify the private IP in the configuration file, use virtual IP + management, or DHCP-over-IPSec. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 28 Nov 2010 13:16:00 +0200 + +Local variables: +mode: debian-changelog +End: diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 000000000..2dc3a5831 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,124 @@ +strongswan for Debian +---------------------- + +1) General Remarks + +This package has been created from the openswan package, which was again +created from the freeswan package, which was created from scratch with some +ideas from the freeswan 1.3 package by Tommi Virtanen and the freeswan 1.5 +package by Aaron Johnson merged in. + +The differences between the strongSwan and the Openswan packages are +documented at http://www.strongswan.org/ . + +2) Kernel Support + +Note: This package can make use of the in-kernel IPSec stack, which is +available in the stock Debian kernel images (>=2.4.24 and 2.6.x). + +If you want to use the strongswan utilities, you will need the appropriate +kernel modules. The Debian default kernel native IPSec stack (which is +included in Linux 2.6 kernels and has been backported to Debian's 2.4 kernels) +can be used out-of-the-box with strongswan pluto, the key management daemon. +This native Linux IPSec stack is of high quality, has all of the features of +the latest Debian freeswan and openswan packages (i.e. support for other +ciphers like AES and NAT Traversal support) and is well integrated into the +kernel networking subsystem (which is not true for the freeswan kernel +modules). This is the recommended kernel support for strongswan. + +If you do not want to use the in-kernel IPSec stack of newer 2.6 kernels or +are building a custom 2.4 kernel, then the KLIPS kernel part can be used. +strongswan no longer ships this part, but is instead focussing on the newer +native IPSec stack. However, strongswan is interoperable with the KLIPS part +shipped with openswan, both for 2.4 and 2.6 series kernels. Please install +either the linux-patch-openswan or the openswan-modules-source packages and +follow their respective README.Debian files when you want to use KLIPS. + +3) Getting Started + +For connecting two Debian boxes using this strongswan package, the +simplest connection block on each side would look something like this: + +On host A, use + +conn to_hostb + left=%defaultroute + right=hostb.example.com + leftcert=hosta.pem + rightcert=hostb.pem + keyexchange=ikev2 + type=transport + auto=add + +On host B, use +conn to_hosta + left=%defaultroute + right=hosta.example.com + leftcert=hostb.pem + rightcert=hosta.pem + keyexchange=ikev2 + type=transport + auto=add + +This assumes that the respective hostnames hosta.example.com and +hostb.example.com can be resolved and that the internal hostnames are hosta +and hostb (and thus installing the strongswan package created the certificates +hosta.pem and hostb.pem, respectively). +Then the certificates (and not the private keys!) need to be exchanged between +the hosts, e.g. with + scp /etc/ipsec.d/certs/hosta.pem hostb.example.com:/etc/ipsec.d/certs/ + scp hostb.example.com:/etc/ipsec.d/certs/hostb.com /etc/ipsec.d/certs/ +from host A. The IPSec transport connection (that is, no subnets behind these +hosts that should be tunneled) can be started from either side using +"ipsec up to_hostb" (e.g. from host A). +Note that this example explicitly uses IKEv2 due to its nicer error messages. + +A more complicated example is to connect a "roadwarrior" (e.g. laptop) +to an internal network wbile it is behind another NAT. On the gateway +side, i.e. for the internal network the roadwarrior should connect to, +the configuration block could look something like this: + +conn roadwwarrior + left=%defaultroute + leftcert=gatewayCert.pem + rightcert=laptopCert.pem + rightrsasigkey=%cert + leftrsasigkey=%cert + auto=add + leftsubnet=10.0.0.0/24 + rightsubnetwithin=0.0.0.0/0 + right=%any + compress=yes + type=tunnel + dpddelay=30 + dpdtimeout=120 + dpdaction=clear + +On the laptop side, you could use something along the lines: + +conn %default + rightrsasigkey=%cert + leftrsasigkey=%cert + authby=rsasig + leftcert=laptopCert.pem + leftsendcert=always + leftsubnet= + dpddelay=30 + dpdtimeout=120 + dpdaction=clear + esp=aes128-sha1 + ike=aes128-sha1-modp2048 + +conn esys + left=%defaultroute + right=gateway.example.com + rightsubnet=10.0.0.0/24 + rightcert=gatewayCert.pem + auto=add + +Then load these new configuration blocks on both sides using "ipsec reload" +and, on the laptop, start the tunnel with "ipsec up mynetwork". +These configuration blocks assume host names "gateway" and "laptop" and an +inner subnet of 10.0.0.0/24. + +-- Rene Mayrhofer <rmayr@debian.org>, Sun, Jul 09 12:31:00 2006 diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 000000000..8213438f3 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,1558 @@ +strongswan (5.7.0-2) UNRELEASED; urgency=medium + + [ Ondřej Nový ] + * d/copyright: Use https protocol in Format field + * d/changelog: Remove trailing whitespaces + * d/rules: Remove trailing whitespaces + * d/control: Remove XS-Testsuite field, not needed anymore + + [ Yves-Alexis Perez ] + * enable chapoly plugin (closes: #814927) + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 01 Oct 2018 12:03:03 +0200 + +strongswan (5.7.0-1) unstable; urgency=medium + + * update AppArmor templates to handle usr merge (closes: #905082) + * d/gbp.conf added, following DEP-14 + * New upstream version 5.7.0 + - include fixes for CVE-2018-16151 and CVE-2018-16152, potential + Bleichenbacher-style low-exponent attacks leading to RSA signature forgery + in gmp plugin. + * d/control: fix typo in libstrongswan long description + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 24 Sep 2018 16:36:28 +0200 + +strongswan (5.6.3-1) unstable; urgency=medium + + * New upstream version 5.6.2 + * update charon-systemd AppArmor profile (closes: #896813) + * New upstream version 5.6.3 + - fix a DoS vulnerability in the IKEv2 key derivation if the openssl + plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF + (CVE-2018-10811) + - fix a vulnerability in the stroke plugin, which did not check the + received length before reading a message from the control socket + (CVE-2018-5388) + * d/p/05_charon-nm-Fix-building-list-of-DNS-MDNS-servers-with removed + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 04 Jun 2018 10:23:22 +0200 + +strongswan (5.6.2-2) unstable; urgency=medium + + * charon-nm: Fix building list of DNS/MDNS servers with libnm + * d/control: drop b-d on n-m-dev and make libnm-dev linux-any + (closes: #895434) + * d/compat bumped to 10 + * d/rules: drop parallel and autoreconf from dh, done with compat 10 + + -- Yves-Alexis Perez <corsac@debian.org> Fri, 13 Apr 2018 13:46:04 +0200 + +strongswan (5.6.2-1) unstable; urgency=medium + + * d/NEWS: add information about disabled algorithms (closes: #883072) + * d/control: remove Romain Françoise from uploaders + * strongswan-libcharon: add bypass-lan plugin + * New upstream version 5.6.2 + - Fix denial of service vulnerability in the parser for PKCS#1 RSASSA-PSS + signatures (CVE-2018-6459) + * d/control: move Vcs to salsa + * d/control: update build-deps for libnm port (closes: #862885) + * install tpm_extendpcr binary in libstrongswan-extra-plugins + + -- Yves-Alexis Perez <corsac@debian.org> Tue, 20 Feb 2018 12:26:54 +0100 + +strongswan (5.6.1-3) unstable; urgency=medium + + * move updown plugin from -starter to -libcharon. closes: #884578 + * debian/control: + - update standards version to 4.1.2. + + -- Yves-Alexis Perez <corsac@debian.org> Sun, 17 Dec 2017 16:40:39 +0100 + +strongswan (5.6.1-2) unstable; urgency=medium + + * move counters plugin from -starter to -libcharon. closes: #882431 + + -- Yves-Alexis Perez <corsac@debian.org> Thu, 23 Nov 2017 20:52:19 +0100 + +strongswan (5.6.1-1) unstable; urgency=medium + + * debian/control: + - remove strongswan-ike{,v1,v2} packages. closes: #878979 + * New upstream version 5.6.1 + - fix FTBFS with glibc 2.26+. closes: #880561 + * debian/rules: explicitly enable tpm plugin + * debian/strongswan-starter.install: install counters plugin + * debian/libstrongswan.install: install MGF1 plugin + * debian/libstrongswan-extra-plugins.install: install tpm plugin + * debian/control: + - update standards version to 4.1.1 + - replace dh-systemd build-dep by updated build-dep on debhelper + + -- Yves-Alexis Perez <corsac@debian.org> Tue, 21 Nov 2017 13:16:32 +0100 + +strongswan (5.6.0-2) unstable; urgency=medium + + * debian/rules: + - only use dh_missing --fail-missing when doing an architecture dependent + packages. closes: #874152 + + -- Yves-Alexis Perez <corsac@debian.org> Sun, 03 Sep 2017 19:24:55 +0200 + +strongswan (5.6.0-1) unstable; urgency=medium + + * New upstream release. + - fix insufficient input validation in gmp plugin, which can cause a + denial of service vulnerability (CVE-2017-11185) closes: #872155 + * debian/rules: + - remove .la files before install + - don't call dh_install with --fail-missing + - override dh_missing with --fail-missing to catch uninstalled files + - apply patch from Gerald Turner to restrict permissions on swanctl folder + containing private material. + - replace DEB_BUILD_* by DEB_HOST_* when needed, fix FTCBFS, for example + when building for ppc64el on x86. Thanks Helmut Grohne. closes: #866669 + * debian/strongswan-swanctl.install: + - install the whole /etc/swanctl folder, including (empty) subfolders. + closes: #866324 + * debian/charon-systemd.install: + - install charon-systemd.conf files, thanks Gerald Turner. closes: #866325 + * Add AppArmor profiles for swanctl and charon-system, thanks Gerald Turner. + closes: #866327 + * debian/libcharon-extra-plugins.install: + - install pt-tls-client in /u/b and also install its manpage. + * debian/strongswan-swanctl.lintian-overrides: + - add lintian overrides for private keys directories using 700 + permissions. + + -- Yves-Alexis Perez <corsac@debian.org> Sun, 03 Sep 2017 14:38:09 +0200 + +strongswan (5.5.3-2) unstable; urgency=medium + + * debian/control: + - fix typo in libstrongswan-extra-plugins long description. + * move curve25519 plugin from libcharon-extra-plugins to + libstrongswan-extra-plugins + + -- Yves-Alexis Perez <corsac@debian.org> Wed, 28 Jun 2017 13:07:19 +0200 + +strongswan (5.5.3-1) unstable; urgency=medium + + * New upstream release. + * debian/control: + - update standards version to 4.0.0 + + -- Yves-Alexis Perez <corsac@debian.org> Fri, 23 Jun 2017 14:07:42 +0200 + +strongswan (5.5.2-1) experimental; urgency=medium + + * New upstream release. + * debian/patches/03_systemd-service refreshed. + * debian/libcharon-extra-plugins.install: + - include curve25519 plugin. + * debian/libstrongswan-extra-plugins.install: + - install libtpmtss library. + + -- Yves-Alexis Perez <corsac@debian.org> Fri, 19 May 2017 11:32:00 +0200 + +strongswan (5.5.1-3) unstable; urgency=medium + + [ Christian Ehrhardt ] + * d/rules: Reorganize to ease maintenance + - one enable option per line + - sort enable options + * Add and install strongswan apparmor profiles + - d/rules install AppArmor profiles + - d/control add dh-apparmor as build-dep + - d/usr.lib.ipsec.{charon, lookip, stroke} add latest AppArmor profiles + for charon, lookip and stroke + * Add basic DEP8 tests + - d/tests/* add DEP8 tests + - d/control enable autotestpkg + * Add updated logcheck rules to match recent strongswan output + - debian/libstrongswan.strongswan.logcheck.* Remove outdated logcheck files + - debian/{rules,strongswan.logcheck}: Add updated logcheck rules + - this does no more provide different logcheck levels, but marks all + common output to be acceptable + + [ Yves-Alexis Perez ] + * debian/rules: + - re-enable mediation (but not medcli/medsrv) closes: #851507 + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 16 Jan 2017 12:58:26 +0100 + +strongswan (5.5.1-2) unstable; urgency=medium + + * debian/control: + - make the systemd build-dep linux-only. + + -- Yves-Alexis Perez <corsac@debian.org> Wed, 07 Dec 2016 08:34:52 +0100 + +strongswan (5.5.1-1) unstable; urgency=medium + + * New upstream bugfix release. + * debian/patches: + - 05_network-manager-strongswan-1.4 dropped, included upstream. + * debian/strongswan-starter.install: + - install the new,empty /etc/ipsec.secrets + * debian/strongswan-nm.install: + - install /etc/dbus-1/system.d/nm-strongswan-service.conf + * debian/control: + - add a Replaces on n-m-strongswan because it used to ship the Dbus service. + - add dependency on lsb-base to strongswan-starter because the init script + uses /lib/lsb/init-functions + + -- Yves-Alexis Perez <corsac@debian.org> Sat, 22 Oct 2016 21:33:46 +0200 + +strongswan (5.5.0-3) unstable; urgency=medium + + * debian/control: + - add build-dep on tzdata, fix FTBFS when absent. closes: #839459 + + -- Yves-Alexis Perez <corsac@debian.org> Sun, 02 Oct 2016 15:22:54 +0200 + +strongswan (5.5.0-2) unstable; urgency=medium + + * debian/rules: + - add patch from Raphaël Geissert to use /etc/ssl/certs instead of + /usr/share/ca-certificates for strongswan-nm. closes: #835095 + - update argument name for dh_strip dbgsym migration + * debian/control: + - update debhelper dependency to a version which supports dbgsym + migration. + * debian/patches: + - 05_network-manager-strongswan-1.4 added, backport two upstream patches + to support network-manager-strongswan 1.4 in charon-nm. closes: #838194 + + -- Yves-Alexis Perez <corsac@debian.org> Sun, 18 Sep 2016 13:47:41 +0200 + +strongswan (5.5.0-1) unstable; urgency=medium + + * New upstream release. + * debian/control: + - add build-dep on systemd. closes: #828945 + * debian/patches: + - 05_port-openssl-1.1.0 dropped, included upstream. + + -- Yves-Alexis Perez <corsac@debian.org> Sat, 16 Jul 2016 15:32:04 +0200 + +strongswan (5.4.0-3) unstable; urgency=medium + + * debian/patches: + - 05_port-openssl-1.1.0 added, port to OpenSSL 1.1.0. closes: #828561 + * debian/control: + - update standards version to 3.9.8. + * debian/NEWS: fix spelling error. + + -- Yves-Alexis Perez <corsac@debian.org> Thu, 07 Jul 2016 10:23:59 +0200 + +strongswan (5.4.0-2) unstable; urgency=medium + + * debian/rules: + - stop building web interface for now since clearsilver is not building + right now. + - enable connmark only on Linux + - install connmark plugins files only on Linux + * debian/control: + - drop build-dep on clearsilver-dev and libfcgi-dev + - make iptables-dev build-dep Linux-only. + * debian/libcharon-extra-plugins: + - stop shipping medsrv and medcli plugin. + * debian/libstrongswan-standard-plugins.install: + - stop installing connmark plugins files inconditionnaly. + + -- Yves-Alexis Perez <corsac@debian.org> Sun, 29 May 2016 21:02:06 +0200 + +strongswan (5.4.0-1) unstable; urgency=medium + + * New upstream release. + * debian/patches + - 0001-configure-Support-systemd-209 dropped, included upstream. + - 0001-charon-systemd-Inherit-all-settings-from-the-charon- dropped as + well, a different version was included upstream. + * debian/libstrongswan.install: + - drop libhydra lines, it's been removed. + * debian/copyright: remove hydra lines as well. + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 04 Apr 2016 11:35:16 +0200 + +strongswan (5.3.5-2) unstable; urgency=medium + + * debian/rules: + - migrate debug package to ddeb. + - enable systemd and swanctl. closes: #813788 + - enable aesni plugin on i386 and amd64. + * debian/control: + - drop strongswan-dbg package. + - add strongswan-swanctl and charon-systemd packages. + - replace sytemd build-dep by libsystemd-dev. + - create new strongswan-pki and strongswan-scepclient packages + - drop old Conflicts/Breaks/Replaces against versions older than stable. + - update standards version to 3.9.7. + * debian/strongswan-swanctl.install: + - install vici plugin and swanctl files + * debian/charon-systemd.install: + - install charon-systemd binary and strongswan-swanctl service file. + * debian/strongswan-pki.install: + - install pki files + * debian/strongswan-scepclient.install: + - install scepclient files + * move strongswan.conf manpage to libstrongswan package + * debian/patches + - 0001-charon-systemd-Inherit-all-settings-from-the-charon added, inherit + charon configuration settings for charon-systemd. + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 14 Mar 2016 23:53:34 +0100 + +strongswan (5.3.5-1) unstable; urgency=medium + + * New upstream bugfix release. + + -- Yves-Alexis Perez <corsac@debian.org> Thu, 26 Nov 2015 15:27:01 +0100 + +strongswan (5.3.4-1) unstable; urgency=medium + + * New upstream release. + * debian/patches: + - 03_systemd-service refreshed for new upstream release. + - 0001-socket-default-Refactor-setting-source-address-when-, + 0001-socket-dynamic-Refactor-setting-source-address-when- and + CVE-2015-8023_eap_mschapv2_state dropped, included upstream. + + -- Yves-Alexis Perez <corsac@debian.org> Thu, 19 Nov 2015 22:17:43 +0100 + +strongswan (5.3.3-3) unstable; urgency=high + + * Set urgency=high for security fix. + * debian/patches: + - CVE-2015-8023_eap_mschapv2_state added, fix authentication bypass when + using EAP MSCHAPv2. + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 16 Nov 2015 12:35:28 +0100 + +strongswan (5.3.3-2) unstable; urgency=medium + + * debian/rules: + - make the dh_install override arch-dependent only since it only acts on + arch:any packages, fix FTBFS on arch:all. + + -- Yves-Alexis Perez <corsac@debian.org> Wed, 04 Nov 2015 13:52:02 +0100 + +strongswan (5.3.3-1) unstable; urgency=medium + + * debian/rules: + - enable the connmark plugin. + * debian/control: + - add build-dep on iptables-dev. + * debian/libstrongswan-standard-plugins: + - add connmark plugin to the standard-plugins package. + * New upstream release. closes: #803772 + * debian/strongswan-starter.install: + - install new pki --dn manpage to ipsec-starter package. + * debian/patches: + - 0001-socket-default-Refactor-setting-source-address-when- and + 0001-socket-dynamic-Refactor-setting-source-address-when- added (taken + from c761db and 9e8b4a in the 1171-socket-default-scope branch), fix + source address selection with IPv6 (upstream #1171) + + -- Yves-Alexis Perez <corsac@debian.org> Tue, 03 Nov 2015 21:56:23 +0100 + +strongswan (5.3.2-1) unstable; urgency=medium + + * New upstream release. + * debian/patches: + - 05_ivgen-allow-reusing-same-message-id-twice dropped, included upstream. + - CVE-2015-4171_enforce_remote_auth dropped as well. + + -- Yves-Alexis Perez <corsac@debian.org> Thu, 11 Jun 2015 21:36:33 +0200 + +strongswan (5.3.1-1) unstable; urgency=high + + * New upstream release. + * debian/patches: + - strongswan-5.2.2-5.3.0_unknown_payload dropped, included upstream. + - 05_ivgen-allow-reusing-same-message-id-twice added, allow reusing the + same message ID twice in sequential IV gen. strongSwan issue #980. + - CVE-2015-4171_enforce_remote_auth added, fix potential leak of + authentication credential to rogue server when using PSK or EAP. This is + CVE-2015-4171. + + -- Yves-Alexis Perez <corsac@debian.org> Thu, 04 Jun 2015 19:18:07 +0200 + +strongswan (5.3.0-2) unstable; urgency=medium + + * debian/patches: + - strongswan-5.2.2-5.3.0_unknown_payload added, fixes a DoS and potential + remote code execution vulnerability (CVE-2015-3991). + * debian/strongswan-starter.lintian-overrides: add override for + command-with-path-in-maintainer-script since it's there to check for file + existence. + * Upload to unstable. + + -- Yves-Alexis Perez <corsac@debian.org> Sat, 23 May 2015 15:06:11 +0200 + +strongswan (5.3.0-1) experimental; urgency=medium + + * New upstream release. + * debian/patches: + - 01_fix-manpages refreshed for new upstream release. + - 02_chunk-endianness dropped, included upstream. + - CVE-2014-9221_modp_custom dropped, included upstream. + * debian/strongswan-starter.install + - don't install the _updown and _updown_espmark manpages anymore, they're + gone. + - also remove the _updown_espmark script, gone too. + * debian/copyright updated. + + -- Yves-Alexis Perez <corsac@debian.org> Wed, 15 Apr 2015 20:59:54 +0200 + +strongswan (5.2.1-6) unstable; urgency=medium + + * Ship /lib/systemd/system/ipsec.service as a symlink to + strongswan.service in strongswan-starter instead of using Alias= in + the service file. This makes the ipsec name available to invoke-rc.d + before the service gets actually enabled, which avoids some confusion + (closes: #781209). + + -- Romain Francoise <rfrancoise@debian.org> Sat, 04 Apr 2015 17:55:38 +0200 + +strongswan (5.2.1-5) unstable; urgency=high + + * debian/patches: + - debian/patches/CVE-2014-9221_modp_custom added, fix unauthenticated + denial of service in IKEv2 when using custom MODP value. + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 05 Jan 2015 13:11:51 +0100 + +strongswan (5.2.1-4) unstable; urgency=medium + + * Give up on trying to run the test suite on !amd64, it now times out on + both i386 and s390x, our chosen "fast" archs. + + -- Romain Francoise <rfrancoise@debian.org> Fri, 24 Oct 2014 21:08:17 +0200 + +strongswan (5.2.1-3) unstable; urgency=medium + + * Disable libtls tests again, they are still too intensive for the buildd + network... + + -- Romain Francoise <rfrancoise@debian.org> Thu, 23 Oct 2014 18:09:27 +0200 + +strongswan (5.2.1-2) unstable; urgency=medium + + * Cherry-pick commits 701d6ed and 1c70c6e from upstream to fix checksum + computation and FTBFS on big-endian hosts. + * Run the test suite only on amd64, i386, and s390x. It requires lots of + entropy and CPU time, which are typically hard to come by on slower + archs. + * Re-enable normal keylengths in test suite. + * Re-enable libtls tests. + * Update Dutch translation, thanks to Frans Spiesschaert (closes: #763798). + * Bump Standards-Version to 3.9.6. + + -- Romain Francoise <rfrancoise@debian.org> Wed, 22 Oct 2014 21:21:37 +0200 + +strongswan (5.2.1-1) unstable; urgency=medium + + * New upstream release. + * Stop shipping /etc/strongswan.conf.d in libstrongswan. + + -- Romain Francoise <rfrancoise@debian.org> Tue, 21 Oct 2014 19:38:25 +0200 + +strongswan (5.2.0-2) unstable; urgency=medium + + * Add systemd integration: + + Install upstream systemd service file in strongswan-starter. + + Alias strongswan.service to ipsec.service to match the sysv init script. + + Drop After=syslog.target (as syslog is socket-activated nowadays), but + add After=network.target to ensure that charon gets the chance to send + deletes on exit. + + Add ExecReload for reload action, since the starter script has one. + + On linux-any, add build-dep on systemd to ensure that the pkg-config + metadata file can be found. + + Add build-dep on dh-systemd, and use systemd dh addon. + * Remove debian/patches/03_include-stdint.patch. + + -- Romain Francoise <rfrancoise@debian.org> Wed, 30 Jul 2014 21:37:53 +0200 + +strongswan (5.2.0-1) unstable; urgency=medium + + * New upstream release. + [ Romain Francoise ] + * Amend build-dep on libgcrypt to 'libgcrypt20-dev | libgcrypt11-dev'. + * Drop hardening-wrapper from build-depends (unused since 5.0.4-1). + + [ Yves-Alexis Perez ] + * debian/po: + - pt_BR.po updated, thanks Adriano Rafael Gomes. closes: #752721 + * debian/patches: + 03_pfkey-Always-include-stdint.h dropped, included upstream. + * debian/strongswan-starter.install: + - replace tools.conf by pki.conf and scepclient.conf. + + -- Yves-Alexis Perez <corsac@debian.org> Fri, 11 Jul 2014 21:57:59 +0200 + +strongswan (5.1.3-4) unstable; urgency=medium + + * debian/control: + - add build-dep on pkg-config. + * debian/patches: + - 03_pfkey-Always-include-stdint.h added, cherry-picked from upstream git: + always include of stdint.h. Fix FTBFS on kFreeBSD. + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 19 May 2014 15:06:32 +0200 + +strongswan (5.1.3-3) unstable; urgency=medium + + * debian/watch: + - add pgpsigurlmangle to get PGP signature + * debian/upstream/signing-key.asc: + - bootstrap keyring by adding Andreas Steffen key (0xDF42C170B34DBA77) + * debian/control: + - add build-dep on libgcrypt20-dev, fix FTBFS. closes: #747796 + + -- Yves-Alexis Perez <corsac@debian.org> Tue, 13 May 2014 22:05:16 +0200 + +strongswan (5.1.3-2) unstable; urgency=low + + * Disable the new libtls test suite for now--it appears to be a + little too intensive for slower archs. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 19 Apr 2014 17:45:51 +0200 + +strongswan (5.1.3-1) unstable; urgency=low + + * New upstream release. + * debian/control: make strongswan-charon depend on iproute2 | iproute, + thanks to Ryo IGARASHI <rigarash@gmail.com> (closes: #744832). + + -- Romain Francoise <rfrancoise@debian.org> Tue, 15 Apr 2014 19:42:27 +0200 + +strongswan (5.1.2-4) unstable; urgency=high + + * debian/patches/04_cve-2014-2338.patch: added to fix CVE-2014-2338 + (authentication bypass vulnerability in IKEv2 code). + * debian/control: add myself to Uploaders. + + -- Romain Francoise <rfrancoise@debian.org> Tue, 08 Apr 2014 20:14:54 +0200 + +strongswan (5.1.2-3) unstable; urgency=medium + + * debian/patches/ + - 02_unit-tests-Fix-filtered-enumerator-tests-on-64-bit-b added, fix + testsuite failing on 64 bit big-endian platforms (s390x). + - 03_unit-tests-Fix-chunk-clear-armel added, fix testsuite failing on + armel. + + -- Yves-Alexis Perez <corsac@debian.org> Wed, 02 Apr 2014 21:20:33 +0200 + +strongswan (5.1.2-2) unstable; urgency=medium + + * debian/rules: + - use reduced keylengths in testsuite on various arches, hopefully fixing + FTBFS when the genrsa test runs. + + -- Yves-Alexis Perez <corsac@debian.org> Tue, 25 Mar 2014 12:09:49 +0100 + +strongswan (5.1.2-1) unstable; urgency=medium + + * New upstream release. + * debian/control: + - add conflicts against openSwan. closes: #740808 + * debian/strongswan-starter,postrm: + - remove /var/lib/strongswan on purge. + * debian/ipsec.secrets.proto: + - stop lying about ipsec showhostkey command. closes: #600382 + * debian/patches: + - 01_fix-manpages refreshed for new upstream. + - 02_include-strongswan.conf.d removed, strongswan.d is now supported + upstream. + * debian/rules, debian/*.install: + - install default configuration files for all plugins. + * debian/NEWS: + - fix spurious entry. + - add a NEWS entry to advertise about the new strongswan.d configuration + mechanism. + + -- Yves-Alexis Perez <corsac@debian.org> Wed, 12 Mar 2014 11:22:38 +0100 + +strongswan (5.1.1-3) unstable; urgency=low + + * Upload to unstable. + + -- Yves-Alexis Perez <corsac@debian.org> Tue, 04 Mar 2014 21:57:25 +0100 + +strongswan (5.1.1-2+splitplugins) experimental; urgency=medium + + * debian/control: + - drop dependency on host, inherited from openSwan. closes: #736661 + - split charon-cmd to a standalone package. + - add new plugins packages: libstrongswan-standard-plugins, + libstrongswan-extra-plugins and libcharon-extra-plugins. + - split strongswan-ike package to strongswan-libcharon (libcharon and + default libcharon plugins) and strongswan-charon (charon daemon), keep + strongswan-ike as transitional package for now. + * debian/po: + - sv.po updated, thanks Martin Bagge. closes: #725667 + * debian/charon-cmd.lintian-overrides: override lintian error about + charon-cmd rpath. + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 24 Feb 2014 10:42:49 +0100 + +strongswan (5.1.1-2) unstable; urgency=medium + + * debian/control: + - drop dependency on host, inherited from openSwan. closes: #736661 + * debian/po: + - sv.po updated, thanks Martin Bagge. closes: #725667 + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 24 Feb 2014 10:32:12 +0100 + +strongswan (5.1.1-1) unstable; urgency=low + + [ Yves-Alexis Perez ] + * New upstream bugfix release + * debian/rules: + - enable and install af-alg plugin on Linux. closes: #718292 + - enable certexpire plugin. closes: #718293 + - enable lookip plugin. closes: #718299 + - enable error-notify plugin. closes: #718304 + - enable unity plugin. closes: #718289 + * debian/strongswan-ike.install: + - install certexpire and unity plugins. + - install lookip binary and plugin. + - install error-notify binary and plugin. + * debian/strongswan-starter.install: + - pki tool is now in /usr/bin. + - add pt-tls-client for TCG Trusted Network Connect. + * debian/control: + - update long description, thanks to Justin B Rye. closes: #725085 + - make the pkg-swan-devel list the maintainer, and add René to uploaders. + - update standards version to 3.9.5. + * debian/po: + - eu.po updated, thanks Iñaki Larrañaga Murgoitio. closes: #726636 + - ja.po updated. closes: #726059 + - cs.po updated, thanks Miroslav Kure. closes: #728104 + - ru.po updated, thanks Yuri Kozlov. closes: #725709 + - da.po updated. closes: #725620 + - nb.po updated, thanks Bjørn Steensrud. closes: #725497 + - fr.po updated, thanks Christian Perrier. closes: #725469 + - tr.po updated, thanks Atila KOÇ. closes: #728874 + - it.po updated, thanks Beatrice Torracca. closes: #729122 + - de.po updated, thanks Helge Kreutzmann. closes: #729170 + - pt.po updated, thanks Américo Monteiro. closes: #729823 + - es.po updated, thanks Matias A. Bellone. closes: #733731 + * debian/patches: + - CVE-2013-6075 and CVE-2013-6076 dropped, included upstream. + - 01_fix-manpages updated, move pki --issue manpage to section 1. + * debian/strongswan-starter.ipsec.init: + - use daemon exe in start-stop-daemon test. closes: #730661 + + [ Romain Francoise ] + * debian/rules: + - disable built-in integrity tests; they've been broken for years, + don't provide security (by design) and we have better tools at the + package level anyway. closes: #598138 + - disable sql and attr-sql plugins, as per discussion in #718302 they + are useless without the database driver plugins. + * debian/libstrongswan.install: + - libchecksum.so is no longer built, remove. + - sql plugin is no longer built, remove. + * debian/strongswan-starter.install: + - 'ipsec pool' is no longer built, remove. + + [ Raphael Geissert ] + * Allow the configuration of strongswan.conf to be stored in snippets + in /etc/strongswan.conf.d/ + + -- Yves-Alexis Perez <corsac@debian.org> Fri, 24 Jan 2014 21:22:32 +0100 + +strongswan (5.1.0-3) unstable; urgency=high + + * urgency=high for the security fixes. + * debian/patches + - CVE-2013-6075 added, fix remote denial of service and authorization + bypass. + - CVE-2013-6076 added, fix remote denial of service in IKEv1 code. + + -- Yves-Alexis Perez <corsac@debian.org> Tue, 29 Oct 2013 21:07:04 +0100 + +strongswan (5.1.0-2) unstable; urgency=medium + + * urgency=medium since we already spent 16 days in unstable and the fix is + trivial + * debian/control: + - strongswan-ike: only depends on iproute on linux arches. + + -- Yves-Alexis Perez <corsac@debian.org> Thu, 17 Oct 2013 21:40:35 +0200 + +strongswan (5.1.0-1) unstable; urgency=low + + * New upstream release. + * debian/libstrongswan.install: + - install new rc2, pkcs12 and sshkey plugins. + * debian/control: + - update standards version to 3.9.4. + - add build-dep on dh-autoreconf. + * debian/rules: + - use autoreconf addon to refresh autotools helper files and gain support + for ARM64. + - enable charon-cmd command line tool. + * debian/source/options: ignore files regenerated by autoreconf addon. + * debian/strongswan-ike.install: + - install charon-cmd command and manpage. + * debian/NEWS: + - warn users about charon replacing pluto as IKEv1 daemon and provide some + migration pointers. + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 30 Sep 2013 20:59:04 +0200 + +strongswan (5.0.4-3) experimental; urgency=low + + * debian/rules, debian/libstrongswan.install: + - only install rdrand plugin on i386 and amd64. + + -- Yves-Alexis Perez <corsac@debian.org> Sat, 18 May 2013 09:26:22 +0200 + +strongswan (5.0.4-2) experimental; urgency=low + + * debian/rules: + - only enable RdRand on i386 and amd64. + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 06 May 2013 13:14:03 +0200 + +strongswan (5.0.4-1) experimental; urgency=low + + * New upstream release. + - Fix for ECDSA signature verification vulnerability (CVE-2013-2944). + * debian/patches: + - 01_fix-manpages refreshed. + - 02_add-LICENSE dropped, included upstream. + - 03_Pass-lo-as-faked-tundev-to-NM-as-it-now-needs-a-vali removed, + included upstream. + - 04-Fixed-IPv6-source-address-lookup dropped, included upstream. + * debian/rules: + - --enable-smartcard, --with-default-pkcs11 and --enable-nat-transport not + valid anymore for ./configure, remove them. + - add --enable-xauth-eap and --enable-xauth-pam. + - remove pluto handling since it's gone + - don't special-case XAuth on kFreeBSD anymore. + - add --enable-attr-sql and --enable-rdrand. + - build using all hardening flags. + - use -Wl,--as-needed -Wl,-O1 for LDFLAGS. + * debian/control: + - drop strongswan-ikev1 package + - rename strongswan-ikev2 package to strongswan-ike for now and makes it + replace strongswan-ikev1 and strongswan-ikev2. + - rephrase long description to remove references to pluto. + - provide transition -ikev{1,2} packages for upgrades. + * debian/strongswan-ikev1.install removed. + * debian/strongswan-ikev2.* renamed to strongswan-ike. + * debian/strongswan-nm.install: + - NetworkManager plugin is now a separate executable. + * debian/libstrongswan.install: + - install new pkcs7, xauth-eap, xauth-generic, xauth-pam and nonce plugins. + - install libpttls files (experimental implementation of PT-TLS, RFC 6876) + - install rdrand plugin. + * debian/strongswan.docs: CREDITS file is gone. + * debian/ipsec.secrets.proto: remove reference to pluto. + * debian/strongswan-starter.* remove references to pluto. + * debian/po: update potfiles for new phrasing. + + -- Yves-Alexis Perez <corsac@debian.org> Sun, 05 May 2013 11:06:20 +0200 + +strongswan (4.6.4-6) unstable; urgency=low + + * debian/rules: + - revert dropping privileges, it breaks too many setups for now and it's + not possible to disable it. reopens #529854 and closes: #680722 + * debian/control: + - add Breaks/Replaces strongswan-ikev2 on libstrongswan because of moved + plugins. closes: #681312 + + -- Yves-Alexis Perez <corsac@debian.org> Sat, 01 Dec 2012 14:24:49 +0100 + +strongswan (4.6.4-5) unstable; urgency=low + + [ Yves-Alexis Perez ] + * debian/control: + - and finally make libcap-dev linux-any too... + - make -ikev1 linux-any since pluto can't be build on FreeBSD. + * debian/rules: + - stop installing logcheck rules manually. closes: #679745 + - handle non kFreeBSD more carefully closes: #640928 + + don't enable NM and Linux capabilities drop; + + disable pluto (and xauth plugin); + + don't enable farp and dhcp, enable kernel-pf{key,route} plugins + * Handle logcheck files from dh_installlogcheck and thus name them correctly + so they are not installed in the wrong package. closes: #679745 + * debian/po + - add turkish translation, thanks Atila KOÇ. closes: #659879 + * debian/patches: + - 04-Fixed-IPv6-source-address-lookup added, backported from upstream. + Fix IPv6 tunnels, broken because of bad handling of source routing. + + [ Laurent Bigonville ] + * Do not use multi-arch paths, this makes no sense as only one instance of + the daemon can be run and all libraries are private. + * d/p/03_Pass-lo-as-faked-tundev-to-NM-as-it-now-needs-a-vali.patch: NM now + requires a tundev, pass the loopback interface to make it happy + (thanks to Martin Willi) + * debian/control: Fix Vcs-Browser URL + + -- Yves-Alexis Perez <corsac@debian.org> Sat, 07 Jul 2012 14:21:03 +0200 + +strongswan (4.6.4-4) unstable; urgency=low + + * debian/control: + - libnm-glib-vpn-dev also is linux-any, fix build-deps. + + -- Yves-Alexis Perez <corsac@debian.org> Sat, 30 Jun 2012 18:54:00 +0200 + +strongswan (4.6.4-3) unstable; urgency=low + + * debian/strongswan-starter.postrm + - remove strongswan user on purge. + * debian/rules: + - enable gcrypt plugin. closes: #600326 + * debian/libstrongswan.install: + - ship gcrypt plugin. + + -- Yves-Alexis Perez <corsac@debian.org> Sat, 30 Jun 2012 17:08:08 +0200 + +strongswan (4.6.4-2) unstable; urgency=low + + * Upload to unstable. + * debian/rules: + - use the strongswan user. closes: #529854 + * debian/control: + - fix libnm-glib-vpn-dev build-dep, it's linux-any. + + -- Yves-Alexis Perez <corsac@debian.org> Sat, 30 Jun 2012 15:37:58 +0200 + +strongswan (4.6.4-1) experimental; urgency=low + + * New upstream release. closes: #664190 + - stop including individual glib headers. closes: #665612 + * debian/patches: + - drop all patches, they're all included upstream now. + * debian/*.install: + - drop destination path + - libs are in ipsec folder now + - add libradius, libtls, libtnccs and libsimaka to libstrongswan. + - add tnc-tnccs, pkcs8 and cmac plugins to libstrongswan. + - use multiarch paths + - move ldap, curl, kernel-netlink and attr* plugins to libstrongswan, + since they are used by pluto too. closes: #611846 + * debian/control: + - add myself to uploaders, in hope that some others will join. + - update standards version to 3.9.3. + - add depend on adduser to strongswan-starter for use in maintainer + scripts. + - update debhelper build-dep to 9 and add dpkg-dev 1.16.2 build-dep for + hardening support. + - make strongswan-nm linux-any and adjust network-manager-dev build-dep to + only happen on linux arches. closes: #640928 + * debian/compat bumped to 9. + * debian/rules: + - enable hardening flags with PIE and bindnow. + - use multiarch paths. + - inconditionnally enable network-manager. + - switch to dh. + - ignore plugins in dh_makeshlibs. + - don't generate maintainer scripts snippets for init scripts, it's + already handled (atlhough we might want to change that later) + - stop bypassing dh_installdocs. + - disable DES and Blowfish plugin as they are under a 4 clauses BSD-like + license. + * debian/libstrongswan.lintian-overrides, + debian/libstrongswan-ikev2.lintian-overrides: + - override warning for hardening flags, we do use them. + * debian/patches: + - 01_fix-manpages added, fix space in NAME section. + - 02_add-LICENSE added, add the license file from upstream not yet present + in tarball. + * debian/copyright completely rewritten. + + -- Yves-Alexis Perez <corsac@debian.org> Fri, 29 Jun 2012 21:24:37 +0200 + +strongswan (4.5.2-1.5) unstable; urgency=low + + * Non-maintainer upload. + * Fix "package must not include /var/lock/subsys": + don't ship /var/lock/subsys but create it in the init script. + (Closes: #667764) + + -- gregor herrmann <gregoa@debian.org> Fri, 15 Jun 2012 16:21:27 +0200 + +strongswan (4.5.2-1.4) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * debian/patches: + - 0001-Fix-boolean-return-value-if-an-empty-RSA-signature-i added, + backported from upstream. Fix CVE-2012-2388 (when using gmp plugin, + zero length RSA signatures are considered valid). + - 0001-Added-support-for-the-resolvconf-framework-in-resolv added, + correctly handle resolvconf-managed /etc/resolv.conf. closes: #664873 + + -- Yves-Alexis Perez <corsac@debian.org> Thu, 24 May 2012 17:55:51 +0200 + +strongswan (4.5.2-1.3) unstable; urgency=low + + * Non-maintainer upload. + * Fix pending l10n issues. Debconf translations: + - Dutch; (Jeroen Schot). Closes: #631502 + - Norwegian Bokmål, (Bjørn Steensrud). Closes: #654411 + - Polish (Michał Kułach). Closes: #658125 + + -- Christian Perrier <bubulle@debian.org> Wed, 08 Feb 2012 07:22:07 +0100 + +strongswan (4.5.2-1.2) unstable; urgency=low + + * Non-maintainer upload. + * Drop libopensc2-dev from Build-Depends; that library is now private to + opensc and is not required at build time as it's loaded by dlopen() anyway. + (Closes: #635890) + + -- Laurent Bigonville <bigon@debian.org> Thu, 08 Sep 2011 16:50:11 +0200 + +strongswan (4.5.2-1.1) unstable; urgency=low + + * Non-maintainer upload. + * debian/strongswan-starter.ipsec.init: Init script should depends on + remote_fs instead of local_fs, also provide ipsec instead of vpn as + the other ipsec implementations (Closes: #629675) + * debian/patches/0001-fix-fprintf-format.patch: Fix FTBFS with gcc 4.6, + taken from upstream (Closes: #614486) + * debian/control: Tighten dependency version against libstrongswan + (Closes: #626170) + * debian/strongswan-starter.lintian-overrides, debian/rules: + Correctly set restricted permissions on /etc/ipsec.d/private/ + and /var/lib/strongswan (Closes: #598827) + + -- Laurent Bigonville <bigon@debian.org> Mon, 04 Jul 2011 10:58:59 +0200 + +strongswan (4.5.2-1) unstable; urgency=low + + * New upstream version 4.5.2. This removes a lot of old manpages that were + not properly updated since freeswan. + Closes: #616482: strongswan-ikev1: virtual ips not released if xauth name + does not match id + Closes: #626169: strongswan: ipsec tunnels fail because charon segfaults + Closes: #625228: strongswan-starter: left-/rightnexthop options are broken + Closes: #614105: strongswan-ikev2: charon continually respawns + * Fix typo in debian/rules that precluded --enable-nm from being passed to + configure (LP: #771778). + Closes: #627775: strongswan-nm package is missing nm module + * Make sure to install all newly added plugins (and generally files created + by make install) by calling dh_install with --fail-missing. Install some + newly enabled crypto plugins in the libstrongswan package. + Closes: #627783: Please disable modules that are not installed in package + at build time + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 19 May 2011 13:42:21 +0200 + +strongswan (4.5.1-1) unstable; urgency=low + + * New upstream version + + -- Rene Mayrhofer <rmayr@debian.org> Sat, 05 Mar 2011 09:27:49 +0100 + +strongswan (4.5.0-1) unstable; urgency=low + + * New upstream version 4.5.0 + * Enabled new configure options for additional libstrongswan plugins: + --enable-ctr --enable-ccm --enable-gcm --enable-addrblock --enable-led + --enable-pkcs11 --enable-eap-tls --enable-eap-ttls --enable-eap-tnc + * Enable NAT-Traversal with transport mode support so that strongswan + can be used for an L2TP/IPsec gateway (e.g. for Windows or mobile phone + clients). + * Special handling for strongswan-nm package during build time: only build + and install if headers are really available. This supports easier + backporting by simply ignoring build-deps and therefore to build all + packages except the strongswan-nm without any changes to the source + package. + * Install test-vectors and revocation plugins for libstrongswan. + Closes: #600996: strongswan-starter: plugin 'revocation' failed to load + * Acknowledge translations NMU. + Closes: #598925: Intent to NMU or help for an l10n upload of strongswan + to fix pending po-debconf l10n bugs + Closes: #598925 #599888 #600354 #600409 #602449 #603723 #603779 + * Update Brazilian Portugese debconf translation. + Closes: #607404: strongswan: [INTL:pt_BR] Brazilian Portuguese debconf + templates translation + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 28 Nov 2010 13:09:42 +0100 + +strongswan (4.4.1-5.1) unstable; urgency=low + + * Non-maintainer upload. + - Fix pending l10n issues. Debconf translations: + - Vietnamese (Clytie Siddall). Closes: #598925 + - Japanese (Hideki Yamane). Closes: #599888 + - Czech (Miroslav Kure). Closes: #600354 + - Spanish (Francisco Javier Cuadrado). Closes: #600409 + - Danish (Joe Hansen). Closes: #602449 + - Basque (Iñaki Larrañaga Murgoitio). Closes: #603723 + - Italian (Vincenzo Campanella). Closes: #603779 + + -- Christian Perrier <bubulle@debian.org> Wed, 17 Nov 2010 20:21:21 +0100 + +strongswan (4.4.1-5) unstable; urgency=medium + + * Fixed init script for restart to work when either pluto or charon + are not installed. + Closes: #598074: init script doesn't re-start the service on restart + * Enable built-in crypto test vectors. + Closes: #598136: strongswan: Please enable --enable-test-vectors + configure option + * Install libchecksum.so into correct directory (/usr/lib/ipsec instead of + /usr/lib). It still doesn't fix #598138 because of the size mismatch. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 26 Sep 2010 13:48:00 +0200 + +strongswan (4.4.1-4) unstable; urgency=medium + + * dh_clean should not be called by the install target. This caused the + arch: all package strongswan to be built but not included in the changes + file. + Closes: #593768: strongswan: 4.4.1 unavailable in testing notwhistanding + a freeze-exception request + * Rewrote parts of the init.d script to make stop/restart more robust + when pluto or charon fail. + * Closes: #595885: strongswan: FTBFS in squeeze: No package 'libnm_glib_vpn' + found + This bug was actually closed in 4.4.0 with changed dependencies. + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 19 Sep 2010 13:08:36 +0200 + +strongswan (4.4.1-3) unstable; urgency=low + + * Change make clean to make distclean to make package building + idempotent. + Really closes: Bug#593313: strongswan: FTBFS because clean rule fails + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 22 Aug 2010 21:39:03 +0200 + +strongswan (4.4.1-2) unstable; urgency=low + + * Recompiled with dpkg-buildpackage instead of svn-buildpackage to + make the clean target work. I am still looking for the root cause of + this quilt 3.0 format and svn-buildpackage incompatibility. + Closes: Bug#593313: strongswan: FTBFS because clean rule fails + * Removed the --enable-socket-* configure options again. Having multiple + socket variants for charon would force to explicitly enable one (in case + of pluto co-existance the socket-raw) in strongswan.conf. Disabling the + other variants for now at build-time relieves us from changing the + default config file and might be more future-proof concerning future + upstream changes to configure options. + Really closes: #587583 + + -- Rene Mayrhofer <rmayr@debian.org> Sat, 21 Aug 2010 23:28:47 +0200 + +strongswan (4.4.1-1) unstable; urgency=low + + * New upstream release. + Closes: #587583: strongswan 4.4.0-2 does not work here: charon seems not + to ignore all incoming requests/answers + Closes: #506320: strongswan: include directives error and ikev2 + * Fix typo in debconf templates. + Closes: #587564: strongswan: Minor typos in Debconf template + * Updated debconf translations. + Closes: #587562: strongswan: [INTL:de] updated German debconf translation + Closes: #580954: [INTL:es] Spanish debconf template translation for + strongswan + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 09 Aug 2010 11:37:25 +0200 + +strongswan (4.4.0-3) unstable; urgency=low + + * Updated debconf translations. + Closes: #587562: strongswan: [INTL:de] updated German debconf translation + + -- Rene Mayrhofer <rmayr@debian.org> Wed, 30 Jun 2010 09:50:31 +0200 + +strongswan (4.4.0-2) unstable; urgency=low + + * Force enable-socket-raw configure option and enable list-missing option + for dh_install to make sure that all required plugins get built and + installed. + Closes: #587282: plugins missing + * Updated debconf translations. + Closes: #587052: strongswan: [INTL:fr] French debconf templates + translation update + Closes: #587159: strongswan: [INTL:ru] Russian debconf templates + translation update + Closes: #587255: strongswan: [INTL:pt] Updated Portuguese + translation for debconf messages + Closes: #587241: [INTL:sv] po-debconf file for strongswan + * Disabled cisco-quirks configure option, as it causes pluto to emit a + bogus Cicso vendor ID attribute. Some Cicso VPN clients might not work + without this, but it is less confusing for standards-compliant remote + gateways. + * Removed leftover attribute plugin source caused by incomplete svn-upgrade + call. + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 24 Jun 2010 22:32:18 +0200 + +strongswan (4.4.0-1) unstable; urgency=HIGH + + * New upstream release, now with a high-availability plugin. + * Added patch to fix snprintf bug. + * Enable building of ha, dhcp, and farp plugins. + * Enable capability dropping (now depends on libcap). Switching + user to new system user strongswan (with nogroup) after startup + is still disabled until the iptables updown script can be made + to work. + + -- Rene Mayrhofer <rmayr@debian.org> Tue, 25 May 2010 21:03:52 +0200 + +strongswan (4.3.6-1) unstable; urgency=low + + * UNRELEASED + + * New upstream release, now build-depends on gperf. + Closes: #577855: New upstream release 4.3.6 + Closes: #569553: strongswan: Certificates CNs containing email address + OIDs are not correctly parsed + Closes: #557635: strongswan charon does not rekey forever + Closes: #569299: Please update configure check to use new nm-glib + pkgconfig file name + * Switch to dpkg-source 3.0 (quilt) format + * Synchronize debconf handling with current openswan 2.6.25 package to keep + X509 certificate handling etc. similar. Thanks to Harald Jenny for + implementing these changes in openswan, which I just converted to + strongswan. + * Now also build a strongswan-dbg package to ship debugging symbols. + * Include attr plugin in strongswan-ikev2 package. Thanks to Christoph Lukas + for pointing out that this was missing. + Closes: #569550: strongswan: Please include attr plugin + + -- Rene Mayrhofer <rmayr@debian.org> Tue, 23 Feb 2010 10:39:21 +0000 + +strongswan (4.3.4-1) unstable; urgency=low + + * New upstream release. + * This release supports integrity checking of libraries, which is + now enabled at build-time and can be enabled at run-time using + libstrongswan { + integrity_test = yes + } + in /etc/strongswan.conf. + * Don't disable internal crypto libraries for pluto. They might be + required when working with older ipsec.conf files. + * charon now supports "include" directives in ipsec.secrets for + compatibility with how the maintainer script includes RSA private keys. + * Patched starter to also look at routing table "default" when table + "main" doesn't have a default entry. This makes dealing with + "%defaulroute" in ipsec.conf more flexible. + Update: It seems Astaro was quicker then me sending a patch with + exactly that aim to upstream. Now applied this one, which will be + part of future upstream releases and uses netlink to read routing + tables. + + -- Rene Mayrhofer <rmayr@debian.org> Wed, 21 Oct 2009 11:14:56 +0000 + +strongswan (4.3.2-1) unstable; urgency=HIGH + + Urgency high because of security issue and FTBFS. + * New upstream release, fixes security bug. + * Fix padlock handling for i386 in debian/rules. + Closes: #525652 (FTBFS on i386) + * Acknowledge NMUs by security team. + Closes: #533837, #531612 + * Add "Conflicts: strongswan (< 4.2.12-1)" to libstrongswan, + strongswan-starter, strongswan-ikev1, and strongswan-ikev2 to force + update of the strongswan package on installation and avoid conflicts + caused by package restructuring. + Closes: #526037: strongswan-ikev2 and strongswan: error when trying to + install together + Closes: #526486: strongswan and libstrongswan: error when trying to + install together + Closes: #526487: strongswan-ikev1 and strongswan: error when trying to + install together + Closes: #526488: strongswan-starter and strongswan: error when trying to + install together + * Debconf templates and debian/control reviewed by the debian-l10n- + english team as part of the Smith review project. Closes: #528073 + * Debconf translation updates: + Closes: #525234: [INTL:ja] Update po-debconf template translation (ja.po) + Closes: #528323: [INTL:sv] po-debconf file for strongswan + Closes: #528370: [INTL:vi] Vietnamese debconf templates translation update + Closes: #529027: [INTL:pt] Updated Portuguese translation for debconf messages + Closes: #529071: [INTL:fr] French debconf templates translation update + Closes: #529592: nb translation of debconf PO for strongSWAN + Closes: #529638: [INTL:ru] Russian debconf templates translation + Closes: #529661: Updated Czech translation of strongswan debconf messages + Closes: #529742: [INTL:eu] strongswan debconf basque translation + Closes: #530273: [INTL:fi] Finnish translation of the debconf templates + Closes: #529063: [INTL:gl] strongswan 4.2.14-2 debconf translation update + + -- Rene Mayrhofer <rmayr@debian.org> Sat, 18 Apr 2009 20:28:51 +0200 + +strongswan (4.2.14-1.2) unstable; urgency=high + + * Non-maintainer upload. + * Fix build on i386 + Closes: #525652: FTBFS on i386: + libstrongswan-padlock.so*': No such file or directory + * Fix Two Denial of Service Vulnerabilities + Closes: #533837: strongSwan Two Denial of Service Vulnerabilities + + -- Ruben Puettmann <ruben@puettmann.net> Sun, 21 Jun 2009 17:50:02 +0200 + +strongswan (4.2.14-1.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix two possible null pointer dereferences leading to denial + of service via crafted IKE_SA_INIT, CREATE_CHILD_SA or + IKE_AUTH request (CVE-2009-1957; CVE-2009-1958; Closes: #531612). + + -- Nico Golde <nion@debian.org> Mon, 15 Jun 2009 13:06:05 +0200 + +strongswan (4.2.14-1) unstable; urgency=low + + * New upstream release, which incorporates the fix. Removed dpatch for it. + Closes: #521950: CVE-2009-0790: DoS + * New support for EAP RADIUS authentication, enabled for this package. + + -- Rene Mayrhofer <rmayr@debian.org> Wed, 01 Apr 2009 22:17:52 +0200 + +strongswan (4.2.13-2) unstable; urgency=low + + * Fix DoS issue via malicious Dead Peer Detection packet. Thanks to the + security team for providing the patch. + Closes: #521950: CVE-2009-0790: DoS + Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone + to a denial of service attack via a malicious packet. + + -- Rene Mayrhofer <rmayr@debian.org> Tue, 31 Mar 2009 12:00:51 +0200 + +strongswan (4.2.13-1) unstable; urgency=low + + * New upstream release. This is now compatible with network-manager 0.7 + in Debian, so start building the strongswan-side support. The actual + plugin will need to be another source package. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 22 Mar 2009 10:59:31 +0100 + +strongswan (4.2.12-1) unstable; urgency=low + + * New upstream release. Starting with this version, the strongswan + packages is modularized and includes support for plugins like the + NetworkManager plugin. Many details were adopted from Martin Willi's + packages. + * Dropping support for raw RSA public/private keypairs, as charon does + not support it. + * Explicitly remove directories /etc/ipsec.d and /var/run/pluto on purge. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 01 Mar 2009 10:46:08 +0000 + +strongswan (4.2.9-1) unstable; urgency=low + + * New upstream release, fixes a MOBIKE issue. + Closes: #507542: strongswan: endless loop + * Explicitly enable compilation with libcurl for CRL fetching + Closes: #497756: strongswan: not compiled with curl support; crl + fetching not available + * Enable compilation with SSH agent support. + + -- Rene Mayrhofer <rmayr@debian.org> Fri, 05 Dec 2008 17:21:42 +0100 + +strongswan (4.2.4-5) unstable; urgency=high + + Reason for urgency high: this is potentially security relevant. + * Patch backported from 4.2.7 to fix a potential DoS issue. + Thanks to Thomas Kallenberg for the patch. + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 29 Sep 2008 10:35:30 +0200 + +strongswan (4.2.4-4) unstable; urgency=low + + * Tweaked configure options for lenny to remove somewhat experimental, + incomplete, or unnecessary features. Removed --enable-xml, + --enable-padlock, and --enable-manager and added --disable-aes, + --disable-des, --disable-fips-prf, --disable-gmp, --disable-md5, + --disable-sha1, and --disable-sha2 because openssl already + contains this code, we depend on it and thus don't need it twice. + Padlock support does not do much, because the bulk encryption uses + it anyway (being done internally in the kernel) and using padlock + for IKEv2 key agreement adds complexity for little gain. + Thanks to Thomas Kallenberg of strongswan upstream team for + suggesting these changes. The package is now noticable smaller. + * Also remove dbus dependency, which is no longer necessary. + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 01 Sep 2008 08:59:10 +0200 + +strongswan (4.2.4-3) unstable; urgency=low + + * Changed configure option to build peer-to-peer service again. + Closes: #494678: strongswan: configure option --enable-p2p changed to + --enable-mediation + + -- Rene Mayrhofer <rmayr@debian.org> Tue, 12 Aug 2008 20:08:26 +0200 + +strongswan (4.2.4-2) unstable; urgency=medium + + Urgency medium because this fixes an FTFBS bug on non-i386. + * Only compile padlock crypto acceleration support for i386. Thanks for + the patch! + Closes: #492455: strongswan: FTBFS: Uses i386 assembler on non-i386 + arches. + * Updated Swedish debconf translation. + Closes: #492902: [INTL:sv] po-debconf file for strongswan + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 07 Aug 2008 13:02:54 +0200 + +strongswan (4.2.4-1) unstable; urgency=medium + + Urgency medium because this new upstream versions no longer uses + dbus and thus fixed the grave bug from the last Debian package. This + version should transit to testing. + * New upstream release. Starting with version 4.2.0, crypto algorithms have + beeen modularized with existing code ported over. Among other improvments, + this version now supports AES-CCM (e.g. with esp=aes128ccm12) and AES-GCM + (e.g. with esp=aes256gcm16) starting with kernel 2.6.25 and enables dead + peer detection by default. + Note that charon (IKEv2) now uses the new /etc/strongswan.conf. + * Enabled building of VIA Padlock and openssl crypto plugins. + * Drop patch to rename AES_cbc_encrypt so as not to conflict with an + openssl method of the same name. This has been applied upstream. + * This new upstream version no longer uses dbus. + Closes: #475098: charon needs dbus but strongswan does not depend on dbus + Closes: #475099: charon does not work any more + * This new upstream version no longer prints error messages in its + init script. + Closes: #465718: strongswan: startup on booting returns error messages + * Apply patch to ipsec init script to fix bashism. + Closes: #473703: strongswan: bashism in /bin/sh script + * Updated Czech debconf translation. + Closes: #480928: [l10n] Updated Czech translation of strongswan debconf + messages + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 10 Jul 2008 14:40:43 +0200 + +strongswan (4.1.11-1) unstable; urgency=low + + * New upstream release. + * DBUS support now interacts with network-manager, so need to build-depend + on network-manager-dev. + * The web interface has been improved and now requires libfcgi-dev and + clearsilver-dev to compile, so build-depend on them. Also build-depend + on libxml2-dev, libdbus-1-dev, libtool, and libsqlite3-dev (which were + all build-deps before but were not listed explicitly so far - fix that). + * Add patch to rename internal AES_cbc_encrypt function and thus avoid + conflict with the openssl function. + Closes: #470721: pluto segfaults when using pkcs11 library linked with + OpenSSL + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 30 Mar 2008 10:35:16 +0200 + +strongswan (4.1.10-2) unstable; urgency=low + + * Enable new configure options: dbus, xml, nonblocking, thread, peer- + to-peer NAT-traversal and the manager interface support. + * Also set the default path to the opensc-pkcs11 engine explicitly. + + -- Rene Mayrhofer <rmayr@debian.org> Fri, 15 Feb 2008 10:25:49 +0100 + +strongswan (4.1.10-1) unstable; urgency=low + + * New upstream release. + Closes: #455711: New upstream version 4.1.9 + * Updated Japanese debconf translation. + Closes: #463321: strongswan: [INTL:ja] Update po-debconf template + translation (ja.po) + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 07 Feb 2008 15:15:14 +0100 + +strongswan (4.1.8-3) unstable; urgency=low + + * Force use of hardening-wrapper when building the package by setting + a Build-Dep to it and setting export DEB_BUILD_HARDENING=1 in + debian/rules. + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 07 Feb 2008 14:14:48 +0100 + +strongswan (4.1.8-2) unstable; urgency=medium + + * Ship our own init script, since upstream no longer does. This is still + installed as /etc/init.d/ipsec (and not /etc/init.d/strongswan) to be + backwards compatible. + Really closes: #442880: strongswan: postinst failure (missing + /etc/init.d/ipsec) + * Actually, need to be smarter with ipsec.conf and ipsec.secrets. Not + marking them as conffiles isn't the right thing either. Instead, now + use the includes feature to pull in config snippets that are + modified by debconf. It's not perfect, though, as the IKEv1/IKEv2 + protocols can't be enabled/disabled with includes. Therefore don't + support this option in debconf for the time being, but default to + enabled for both IKE versions. The files edited with debconf are kept + under /var/lib/strongswan. + * Cleanup debian/rules: no longer need to remove leftover files from + patching, as currently there are no Debian-specific patches (fortunately). + * More cleanup: drop debconf translations hack for woody compatibility, + depend on build-stamp instead of build in the install-strongswan target, + and remove the now unnecessary dh_clean -k call in install-strongswan so + that configure shouldn't run twice during building the package. + * Update French debconf translation. + Closes: #448327: strongswan: [INTL:fr] French debconf templates + translation update + + -- Rene Mayrhofer <rmayr@debian.org> Fri, 02 Nov 2007 21:55:29 +0100 + +strongswan (4.1.8-1) unstable; urgency=low + + The "I'm back from my long semi-vacation, and strongswan is now bug-free + again" release. + * New upstream release. + Closes: #442880: strongswan: postinst failure (missing /etc/init.d/ipsec) + Closes: #431874: strongswan - FTBFS: cannot create regular file + `/etc/ipsec.conf': Permission denied + * Explicitly use debhalper compatbility version 5m now using debian/compat + instead of DH_COMPAT. + * Since there's no configurability in dh_installdeb's mania to flag + everything below /etc as a conffile, now hack DEBIAN/conffiles directly + to remove ipsec.conf and ipsec.secrets. + Closes: #442929: strongswan: Maintainer script modifies conffiles + * Add/update debconf translations. + Closes: #432189: strongswan: [INTL:de] updated German debconf translation + Closes: #432212: [l10n] Updated Czech translation of strongswan debconf + messages + Closes: #432642: strongswan: [INTL:fr] French debconf templates + translation update + Closes: #444710: strongswan: [INTL:pt] Updated Portuguese translation for + debconf messages + + -- Rene Mayrhofer <rmayr@debian.org> Fri, 26 Oct 2007 16:16:51 +0200 + +strongswan (4.1.4-1) unstable; urgency=low + + * New upstream release. + * Fixed debconf descriptions. + Closes: #431157: strongswan: Minor errors in Debconf template + * Include Portugese and + Closes: #415178: strongswan: [INTL:pt] Portuguese translation for debconf + messages + Closes: #431154: strongswan: [INTL:de] initial German debconf translation + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 05 Jul 2007 00:53:01 +0100 + +strongswan (4.1.3-1) unreleased; urgency=low + + * New upstream release. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 03 Jun 2007 18:39:11 +0100 + +strongswan (4.1.1-1) unreleased; urgency=low + + Major new upstream release: + * IKEv2 support with the new "charon" daemon in addition to the old "pluto" + which is still used for IKEv1. + * Switches to auto* tools build system. + * The postinst script is still not quite as complete in updating the 2.8.x + config automatically to a new 4.x config, but I don't want to wait any + longer with the upload. It can be improved later on. + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 12 Apr 2007 21:33:56 +0100 + +strongswan (2.8.3-1) unstable; urgency=low + + * New upstream release with fixes for the SHA-512-HMAC function and + added SHA-384 and SHA-2 implementations. + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 22 Feb 2007 20:19:45 +0000 + +strongswan (2.8.2-1) unstable; urgency=low + + * New upstream release with interoperability fixes for some VPN + clients. + + -- Rene Mayrhofer <rmayr@debian.org> Tue, 30 Jan 2007 12:21:20 +0000 + +strongswan (2.8.1+dfsg-1) unstable; urgency=low + + * New upstream release, now with XAUTH support. + * Explicitly enable smartcard and vendorid options as well as a + few more in debian/rules. + Closes: #407449: strongswan: smartcard support is disabled + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 28 Jan 2007 21:06:25 +0000 + +strongswan (2.8.1-1) UNRELEASED; urgency=low + + * New upstream release. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 28 Jan 2007 20:59:11 +0000 + +strongswan (2.8.0+dfsg-1) unstable; urgency=low + + * New upstream release. + * Update debconf templates. + Closes: #388672: strongswan: [INTL:fr] French debconf templates + translation update + Closes: #389253: [l10n] Updated Czech translation of strongswan + debconf messages + Closes: #391457: [INTL:nl] Updated dutch po-debconf translation + Closes: #396179: strongswan: [INTL:ja] Updated Japanese po-debconf + template translation (ja.po) + * Fix broken reference to a now non-existing config file. no_oe.conf + has been replaced by oe.conf, with the opposite meaning. Changed + postinst to deal with it correctly now, and also try to convert + older config file lines to newer (e.g. when updating from openswan + to strongswan). + Closes: #391565: fails to start : /etc/ipsec.conf:46: include + files found no matches + [/etc/ipsec.d/examples/no_oe.conf] + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 6 Nov 2006 19:01:58 +0000 + +strongswan (2.7.3+dfsg-1) unstable; urgency=low + + * New upstream release. Another try on getting it into unstable. + Closes: #372267: ITP: strongswan -- second fork of freeswan. + * Call debian-updatepo in the clean target, in line with the openswan + change for its version 2.4.6+dfsg-1. + * Remove man2html, htmldoc, and lynx from the Build-Deps because we no + longer rebuild the documentation tree. + * Starting shipping a lintian overrides file to finally silence the + warnings about non-standard-(file|dir)-perms (they are intentional). + * Clean up /usr/lib/ipsec somehow, again owing to lintian warnings. + * Add po-debconf to build dependencies. + + -- Rene Mayrhofer <rmayr@debian.org> Wed, 23 Aug 2006 21:23:36 +0100 + +strongswan (2.7.2+dfsg-1) unstable; urgency=low + + * First upload to the main Debian archive. This does no longer build + the linux-patch-strongswan and strongswan-modules-source packages, + as KLIPS will be removed from the strongswan upstream source anyway + for the next major release. However, the openswan KLIPS could should + be interoperable with strongswan user space. + Closes: #372267: ITP: strongswan -- second fork of freeswan. + * This upload removes the draft RFCs, as they are not considered free under + the DFSG. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 9 Jul 2006 12:40:34 +0100 + +strongswan (2.7.2-1) unstable; urgency=low + + * New upstream release. This release fixes a potential DoS problem. + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 26 Jun 2006 12:34:43 +0100 + +strongswan (2.7.0-1) unstable; urgency=low + + * Initial Debian packaging of strongswan. This is directly based on my + Debian package of openswan 2.4.5-3. + * Do not compile and ship fswcert right now, because it is not included + in strongswan upstream. If it turns out to be necessary for supporting + easy-to-use OE in the future (i.e. for generating the DNS format for the + public keys from generated X.509 certificates), I will re-add it to the + Debian package. + * Also disabled my patches to use /etc/default instead of /etc/sysconfig for + now. Something like that will be necessary in the future, but those parts + of strongswan differ significanty from openswan. + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 22 May 2006 07:37:00 +0100 diff --git a/debian/charon-cmd.install b/debian/charon-cmd.install new file mode 100644 index 000000000..1db15271f --- /dev/null +++ b/debian/charon-cmd.install @@ -0,0 +1,2 @@ +usr/sbin/charon-cmd +usr/share/man/man8/charon-cmd.8 diff --git a/debian/charon-cmd.lintian-overrides b/debian/charon-cmd.lintian-overrides new file mode 100644 index 000000000..26be392ba --- /dev/null +++ b/debian/charon-cmd.lintian-overrides @@ -0,0 +1,3 @@ +# strongswan libraries are installed in /usr/lib/ipsec because they are private +# to the strongSwan project. We still want to split multiple binaries from the lib +charon-cmd: binary-or-shlib-defines-rpath usr/sbin/charon-cmd /usr/lib/ipsec diff --git a/debian/charon-systemd.install b/debian/charon-systemd.install new file mode 100644 index 000000000..a1424ab88 --- /dev/null +++ b/debian/charon-systemd.install @@ -0,0 +1,5 @@ +etc/strongswan.d/charon-systemd.conf +lib/systemd/system/strongswan-swanctl.service +usr/sbin/charon-systemd +usr/share/strongswan/templates/config/strongswan.d/charon-systemd.conf +debian/usr.sbin.charon-systemd /etc/apparmor.d/ diff --git a/debian/charon-systemd.lintian-overrides b/debian/charon-systemd.lintian-overrides new file mode 100644 index 000000000..e6d0b55a1 --- /dev/null +++ b/debian/charon-systemd.lintian-overrides @@ -0,0 +1,4 @@ +# strongswan libraries are installed in /usr/lib/ipsec because they are private +# to the strongSwan project. We still want to split multiple binaries from the +# lib +charon-systemd: binary-or-shlib-defines-rpath usr/sbin/charon-systemd /usr/lib/ipsec diff --git a/debian/compat b/debian/compat new file mode 100644 index 000000000..f599e28b8 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +10 diff --git a/debian/control b/debian/control new file mode 100644 index 000000000..94cf913a4 --- /dev/null +++ b/debian/control @@ -0,0 +1,319 @@ +Source: strongswan +Section: net +Priority: optional +Maintainer: strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org> +Uploaders: Rene Mayrhofer <rmayr@debian.org>, + Yves-Alexis Perez <corsac@debian.org> +Standards-Version: 4.1.2 +Vcs-Browser: https://salsa.debian.org/debian/strongswan +Vcs-Git: https://salsa.debian.org/debian/strongswan.git +Build-Depends: bison, + bzip2, + debhelper (>= 10), + dh-apparmor, + dpkg-dev (>= 1.16.2), + flex, + gperf, + iptables-dev [linux-any], + libcap-dev [linux-any], + libcurl4-openssl-dev | libcurl3-dev | libcurl2-dev, + libgcrypt20-dev | libgcrypt11-dev, + libgmp3-dev, + libkrb5-dev, + libldap2-dev, + libnm-dev [linux-any], + libpam0g-dev, + libsqlite3-dev, + libssl-dev (>= 0.9.8), + libsystemd-dev [linux-any], + libtool, + libxml2-dev, + pkg-config, + po-debconf, + systemd [linux-any], + tzdata +Homepage: http://www.strongswan.org + +Package: strongswan +Architecture: all +Depends: strongswan-charon, strongswan-starter, ${misc:Depends} +Description: IPsec VPN solution metapackage + The strongSwan VPN suite uses the native IPsec stack in the standard Linux + kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This metapackage installs the packages required to maintain IKEv1 and IKEv2 + connections via ipsec.conf or ipsec.secrets. + +Package: libstrongswan +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Breaks: strongswan-starter (<< 5.3.5-2) +Replaces: strongswan-starter (<< 5.3.5-2) +Recommends: libstrongswan-standard-plugins +Suggests: libstrongswan-extra-plugins +Description: strongSwan utility and crypto library + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This package provides the underlying libraries of charon and other strongSwan + components. It is built in a modular way and is extendable through various + plugins. + . + Some default (as specified by the strongSwan projet) plugins are included. + For libstrongswan (cryptographic backends, URI fetchers and database layers): + - aes (AES-128/192/256 cipher software implementation) + - constraints (X.509 certificate advanced constraint checking) + - dnskey (Parse RFC 4034 public keys) + - fips-prf (PRF specified by FIPS, used by EAP-SIM/AKA algorithms) + - gmp (RSA/DH crypto backend based on libgmp) + - hmac (HMAC wrapper using various hashers) + - md5 (MD5 hasher software implementation) + - nonce (Default nonce generation plugin) + - pem (PEM encoding/decoding routines) + - pgp (PGP encoding/decoding routines) + - pkcs1 (PKCS#1 encoding/decoding routines) + - pkcs8 (PKCS#8 decoding routines) + - pkcs12 (PKCS#12 decoding routines) + - pubkey (Wrapper to handle raw public keys as trusted certificates) + - random (RNG reading from /dev/[u]random) + - rc2 (RC2 cipher software implementation) + - revocation (X.509 CRL/OCSP revocation checking) + - sha1 (SHA1 hasher software implementation) + - sha2 (SHA256/SHA384/SHA512 hasher software implementation) + - sshkey (SSH key decoding routines) + - x509 (Advanced X.509 plugin for parsing/generating X.509 certificates/CRLs + and OCSP messages) + - xcbc (XCBC wrapper using various ciphers) + - attr (Provides IKE attributes configured in strongswan.conf) + - kernel-netlink [linux] (IPsec/Networking kernel interface using Linux + Netlink) + - kernel-pfkey [kfreebsd] (IPsec kernel interface using PF_KEY) + - kernel-pfroute [kfreebsd] (Networking kernel interface using PF_ROUTE) + - resolve (Writes name servers received via IKE to a resolv.conf file or + installs them via resolvconf(8)) + . + Also included is the libtpmtss library adding support for TPM plugin + (https://wiki.strongswan.org/projects/strongswan/wiki/TpmPlugin) + +Package: libstrongswan-standard-plugins +Architecture: any +Depends: libstrongswan (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Breaks: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1) +Replaces: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1) +Description: strongSwan utility and crypto library (standard plugins) + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This package provides some common plugins for the strongSwan utility and + cryptograhic library. + . + Included plugins are: + - agent (RSA/ECDSA private key backend connecting to SSH-Agent) + - gcm (GCM cipher mode wrapper) + - openssl (Crypto backend based on OpenSSL, provides + RSA/ECDSA/DH/ECDH/ciphers/hashers/HMAC/X.509/CRL/RNG) + +Package: libstrongswan-extra-plugins +Architecture: any +Depends: libstrongswan (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Breaks: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1), libcharon-extra-plugins (<= 5.5.3-1) +Replaces: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1), libcharon-extra-plugins (<= 5.5.3-1) +Description: strongSwan utility and crypto library (extra plugins) + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This package provides extra plugins for the strongSwan utility and + cryptographic library. + . + Included plugins are: + - af-alg [linux] (AF_ALG Linux crypto API interface, provides + ciphers/hashers/hmac/xcbc) + - ccm (CCM cipher mode wrapper) + - cmac (CMAC cipher mode wrapper) + - ctr (CTR cipher mode wrapper) + - curl (libcurl based HTTP/FTP fetcher) + - curve25519 (support for Diffie-Hellman group 31 using Curve25519 and + support for the Ed25519 digital signature algorithm for IKEv2) + - gcrypt (Crypto backend based on libgcrypt, provides + RSA/DH/ciphers/hashers/rng) + - ldap (LDAP fetching plugin based on libldap) + - padlock (VIA padlock crypto backend, provides AES128/SHA1) + - pkcs11 (PKCS#11 smartcard backend) + - rdrand (High quality / high performance random source using the Intel + rdrand instruction found on Ivy Bridge processors) + - test-vectors (Set of test vectors for various algorithms) + +Package: libcharon-extra-plugins +Architecture: any +Depends: libstrongswan (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Breaks: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1) +Replaces: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1) +Description: strongSwan charon library (extra plugins) + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This package provides extra plugins for the charon library: + - addrblock (Narrow traffic selectors to RFC 3779 address blocks in X.509 + certificates) + - certexpire (Export expiration dates of used certificates) + - eap-aka (Generic EAP-AKA protocol handler using different backends) + - eap-gtc (EAP-GTC protocol handler authenticating with XAuth backends) + - eap-identity (EAP-Identity identity exchange algorithm, to use with other + EAP protocols) + - eap-md5 (EAP-MD5 protocol handler using passwords) + - eap-mschapv2 (EAP-MSCHAPv2 protocol handler using passwords/NT hashes) + - eap-radius (EAP server proxy plugin forwarding EAP conversations to a + RADIUS server) + - eap-tls (EAP-TLS protocol handler, to authenticate with certificates in + EAP) + - eap-tnc (EAP-TNC protocol handler, Trusted Network Connect in a TLS tunnel) + - eap-ttls (EAP-TTLS protocol handler, wraps other EAP methods securely) + - error-notify (Notification about errors via UNIX socket) + - ha (High-Availability clustering) + - led (Let Linux LED subsystem LEDs blink on IKE activity) + - lookip (Virtual IP lookup facility using a UNIX socket) + - medcli (Web interface based mediation client interface) + - medsrv (Web interface based mediation server interface) + - tnc (Trusted Network Connect) + - unity (Cisco Unity extensions for IKEv1) + - xauth-eap (XAuth backend that uses EAP methods to verify passwords) + - xauth-generic (Generic XAuth backend that provides passwords from + ipsec.secrets and other credential sets) + - xauth-pam (XAuth backend that uses PAM modules to verify passwords) + +Package: strongswan-starter +Architecture: any +Depends: adduser, + libstrongswan (= ${binary:Version}), + lsb-base (>= 3.0-6), + ${misc:Depends}, + ${shlibs:Depends} +Recommends: strongswan-charon +Conflicts: openswan +Description: strongSwan daemon starter and configuration file parser + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + The starter and the associated "ipsec" script control the charon daemon from + the command line. It parses ipsec.conf and loads the configurations to the + daemon. + +Package: strongswan-libcharon +Architecture: any +Depends: libstrongswan (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Breaks: strongswan-starter (<= 5.6.1-2) +Replaces: strongswan-starter (<= 5.6.1-2) +Suggests: libcharon-extra-plugins +Description: strongSwan charon library + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This package contains the charon library, used by IKE client like + strongswan-charon, strongswan-charon-cmd or strongswan-nm as well as standard + plugins: + - socket-default + - counters + - bypass-lan (disabled by default) + +Package: strongswan-charon +Architecture: any +Pre-Depends: debconf | debconf-2.0 +Depends: iproute2 [linux-any] | iproute [linux-any], + libstrongswan (= ${binary:Version}), + strongswan-starter, + ${misc:Depends}, + ${shlibs:Depends} +Provides: ike-server +Description: strongSwan Internet Key Exchange daemon + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + charon is an IPsec IKEv2 daemon which can act as an initiator or a responder. + It is written from scratch using a fully multi-threaded design and a modular + architecture. Various plugins can provide additional functionality. + +Package: strongswan-nm +Architecture: linux-any +Depends: ${misc:Depends}, ${shlibs:Depends} +Recommends: network-manager-strongswan +Replaces: network-manager-strongswan (<= 1.4.1-1~) +Description: strongSwan plugin to interact with NetworkManager + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This plugin provides an interface which allows NetworkManager to configure + and control the IKEv2 daemon directly through D-Bus. It is designed to work + in conjunction with the network-manager-strongswan package, providing + a simple graphical frontend to configure IPsec based VPNs. + +Package: charon-cmd +Architecture: any +Depends: libstrongswan (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Description: standalone IPsec client + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This package contains the charon-cmd command, which can be used as a client to + connect to a remote IKE daemon. + +Package: strongswan-pki +Architecture: any +Depends: libstrongswan (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Breaks: strongswan-starter (<< 5.3.5-2) +Replaces: strongswan-starter (<< 5.3.5-2) +Description: strongSwan IPsec client, pki command + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This package contains the pki tool which allows on to run a simple public key + infrastructure. + +Package: strongswan-scepclient +Architecture: any +Depends: libstrongswan (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Breaks: strongswan-starter (<< 5.3.5-2) +Replaces: strongswan-starter (<< 5.3.5-2) +Description: strongSwan IPsec client, SCEP client + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This package contains the SCEP client, an implementation of the Cisco System's + Simple Certificate Enrollment Protocol (SCEP). + +Package: strongswan-swanctl +Architecture: any +Depends: libstrongswan (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Description: strongSwan IPsec client, swanctl command + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This package contains the swanctl interface, used to configure a running + charon daemon + +Package: charon-systemd +Architecture: linux-any +Depends: libstrongswan (= ${binary:Version}), + strongswan-swanctl, + ${misc:Depends}, + ${shlibs:Depends} +Description: strongSwan IPsec client, systemd support + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This package contains the charon-systemd files. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 000000000..fa7d05a8e --- /dev/null +++ b/debian/copyright @@ -0,0 +1,2746 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: strongswan +Upstream-Contact: http://strongswan.org/ +Source: http://strongswan.org/ + +Files: * +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: conf/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: ltmain.sh +Copyright: 1996-2001, 2003-2005, 2006 +License: GPL-2+ + +Files: scripts/aes-test.c + scripts/settings-test.c +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: scripts/crypt_burn.c + scripts/fetch.c + scripts/hash_burn.c + scripts/oid2der.c + scripts/tls_test.c +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: scripts/dnssec.c +Copyright: 2011, 2012, Reto Guadagnini +License: GPL-2+ + +Files: scripts/keyid2sql.c + scripts/thread_analysis.c +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: scripts/malloc_speed.c +Copyright: 2013, revosec aG + 2013, Martin Willi +License: GPL-2+ + +Files: src/_copyright/* +Copyright: 2001, Henry Spencer + , reporter + , 1999-2013" +License: GPL-2+ + +Files: src/aikgen/* +Copyright: 2014, Andreas Steffen + 2008, Hal Finney +License: Expat + +Files: src/charon-cmd/* +Copyright: 2010-2014, revosec AG + 2009-2014, Tobias Brunner + 2007-2014, Martin Willi +License: GPL-2+ + +Files: src/charon-cmd/charon-cmd.c +Copyright: 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2013, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/charon-cmd/cmd/cmd_connection.h + src/charon-cmd/cmd/cmd_creds.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/charon-nm/charon-nm.c +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/charon-nm/nm/nm_backend.c + src/charon-nm/nm/nm_service.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/charon-nm/nm/nm_backend.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/charon-svc/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/charon-systemd/* +Copyright: 2010, 2014, revosec AG + 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2014, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/charon-tkm/* +Copyright: 2012-2014, Reto Buerki + 2012, 2013, Adrian-Ken Rueegsegger +License: GPL-2+ + +Files: src/charon-tkm/src/charon-tkm.c +Copyright: 2012, 2013, 2015, Tobias Brunner + 2012-2014, Reto Buerki + 2012, Adrian-Ken Rueegsegger +License: GPL-2+ + +Files: src/charon-tkm/src/tkm/tkm_keymat.c +Copyright: 2012, 2013, 2015, Tobias Brunner + 2012-2014, Reto Buerki + 2012, Adrian-Ken Rueegsegger +License: GPL-2+ + +Files: src/charon-tkm/tests/tests.c +Copyright: 2012, 2013, 2015, Tobias Brunner + 2012-2014, Reto Buerki + 2012, Adrian-Ken Rueegsegger +License: GPL-2+ + +Files: src/charon/* +Copyright: 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2013, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/conftest/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/conftest/hooks/reset_seq.c +Copyright: 2012, achelos GmbH + 2010, revosec AG + 2010, Martin Willi +License: Expat and GPL-2+ + +Files: src/dumm/* +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/dumm/bridge.c + src/dumm/bridge.h + src/dumm/iface.h + src/dumm/irdumm.c + src/dumm/main.c + src/dumm/mconsole.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/dumm/cowfs.c +Copyright: 2009, Tobias Brunner + 2007, Martin Willi + 2001-2007, Miklos Szeredi +License: GPL-2+ + +Files: src/dumm/ext/lib/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/dumm/iface.c +Copyright: 2008, Tobias Brunner + 2007, Martin Willi + 2002, Jeff Dike +License: GPL-2+ + +Files: src/dumm/mconsole.c +Copyright: 2007, Martin Willi + 2001-2004, Jeff Dike +License: GPL-2+ + +Files: src/include/* +Copyright: *No copyright* +License: GPL-2+ + +Files: src/include/linux/if_alg.h +Copyright: 2010, Herbert Xu <herbert@gondor.apana.org.au> +License: GPL-2+ + +Files: src/include/linux/udp.h +Copyright: Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> +License: GPL-2+ + +Files: src/include/sys/* +Copyright: 1991, 1993 +License: BSD-3-clause + +Files: src/libcharon/attributes/attributes.c + src/libcharon/attributes/attributes.h +Copyright: 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libcharon/attributes/mem_pool.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/attributes/mem_pool.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/bus/* +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/bus/listeners/logger.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/config/* +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/config/backend.h + src/libcharon/config/backend_manager.c + src/libcharon/config/backend_manager.h + src/libcharon/config/proposal.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/config/ike_cfg.c +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/config/proposal.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/control/controller.c +Copyright: 2010-2014, revosec AG + 2009-2014, Tobias Brunner + 2007-2014, Martin Willi +License: GPL-2+ + +Files: src/libcharon/daemon.c + src/libcharon/daemon.h +Copyright: 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2013, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/encoding/* +Copyright: 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libcharon/encoding/generator.c +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/encoding/generator.h + src/libcharon/encoding/parser.c +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/encoding/message.c +Copyright: 2010, 2014, revosec AG + 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2014, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/encoding/message.h +Copyright: 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2013, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/encoding/payloads/auth_payload.c + src/libcharon/encoding/payloads/certreq_payload.c + src/libcharon/encoding/payloads/configuration_attribute.c + src/libcharon/encoding/payloads/cp_payload.c + src/libcharon/encoding/payloads/ke_payload.c + src/libcharon/encoding/payloads/nonce_payload.c + src/libcharon/encoding/payloads/traffic_selector_substructure.c + src/libcharon/encoding/payloads/transform_attribute.c + src/libcharon/encoding/payloads/transform_substructure.c + src/libcharon/encoding/payloads/ts_payload.c + src/libcharon/encoding/payloads/vendor_id_payload.c +Copyright: 2010, revosec AG + 2005-2010, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/encoding/payloads/cert_payload.c + src/libcharon/encoding/payloads/id_payload.c +Copyright: 2010, 2011, revosec AG + 2007-2013, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/encoding/payloads/cert_payload.h + src/libcharon/encoding/payloads/eap_payload.c + src/libcharon/encoding/payloads/ike_header.h + src/libcharon/encoding/payloads/proposal_substructure.c + src/libcharon/encoding/payloads/sa_payload.c +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/encoding/payloads/configuration_attribute.h + src/libcharon/encoding/payloads/cp_payload.h + src/libcharon/encoding/payloads/vendor_id_payload.h +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/encoding/payloads/delete_payload.c + src/libcharon/encoding/payloads/encrypted_payload.c + src/libcharon/encoding/payloads/encrypted_payload.h +Copyright: 2011-2015, Tobias Brunner + 2010, revosec AG + 2005-2010, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/encoding/payloads/delete_payload.h + src/libcharon/encoding/payloads/eap_payload.h + src/libcharon/encoding/payloads/id_payload.h + src/libcharon/encoding/payloads/ike_header.c + src/libcharon/encoding/payloads/payload.c + src/libcharon/encoding/payloads/payload.h + src/libcharon/encoding/payloads/proposal_substructure.h +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libcharon/encoding/payloads/encrypted_fragment_payload.h + src/libcharon/encoding/payloads/endpoint_notify.c + src/libcharon/encoding/payloads/endpoint_notify.h + src/libcharon/encoding/payloads/fragment_payload.c + src/libcharon/encoding/payloads/fragment_payload.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/encoding/payloads/hash_payload.c + src/libcharon/encoding/payloads/hash_payload.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/encoding/payloads/notify_payload.c +Copyright: 2010, 2014, revosec AG + 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2014, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/encoding/payloads/notify_payload.h +Copyright: 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libcharon/kernel/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/network/* +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/network/receiver.c + src/libcharon/network/sender.c +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libcharon/network/receiver.h + src/libcharon/network/sender.h +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/network/socket.c +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/network/socket.h +Copyright: 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2013, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/plugins/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/addrblock/addrblock_narrow.c +Copyright: 2010, revosec AG + 2010, Martin Willi + 2009, Andreas Steffen +License: GPL-2+ + +Files: src/libcharon/plugins/addrblock/addrblock_validator.c +Copyright: 2010, Martin Willi, revosec AG + 2009, 2010, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil +License: GPL-2+ + +Files: src/libcharon/plugins/android_dns/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/plugins/android_dns/android_dns_handler.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/android_dns/android_dns_handler.h +Copyright: 2008-2010, Martin Willi + 2008-2012, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/plugins/android_log/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/plugins/attr/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/attr/attr_provider.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/attr_sql/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/attr_sql/attr_sql_plugin.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/dhcp/dhcp_plugin.c +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/dnscert/* +Copyright: 2013, Ruslan Marchenko +License: Expat + +Files: src/libcharon/plugins/dnscert/dnscert_cred.c + src/libcharon/plugins/dnscert/dnscert_plugin.c +Copyright: 2013, Tobias Brunner + 2013, Ruslan Marchenko + 2012, Reto Guadagnini +License: Expat and GPL-2+ + +Files: src/libcharon/plugins/eap_aka/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_aka_3gpp2/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_dynamic/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/plugins/eap_gtc/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_gtc/eap_gtc.c +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_identity/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_md5/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_mschapv2/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c +Copyright: 2008-2010, Martin Willi + 2008-2012, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/plugins/eap_peap/* +Copyright: 2010, 2011, HSR Hochschule fuer Technik Rapperswil + 2010, 2011, Andreas Steffen +License: GPL-2+ + +Files: src/libcharon/plugins/eap_peap/eap_peap.c +Copyright: 2010, Martin Willi, revosec AG + 2009, 2010, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil +License: GPL-2+ + +Files: src/libcharon/plugins/eap_radius/eap_radius.c + src/libcharon/plugins/eap_radius/eap_radius.h + src/libcharon/plugins/eap_radius/eap_radius_plugin.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_radius/eap_radius_plugin.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_sim/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_sim_file/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_sim_pcsc/* +Copyright: 2011, Duncan Salerno +License: GPL-2+ + +Files: src/libcharon/plugins/eap_simaka_pseudonym/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_simaka_reauth/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_tnc/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libcharon/plugins/eap_ttls/* +Copyright: 2010, 2011, HSR Hochschule fuer Technik Rapperswil + 2010, 2011, Andreas Steffen +License: GPL-2+ + +Files: src/libcharon/plugins/eap_ttls/eap_ttls.c +Copyright: 2010, Martin Willi, revosec AG + 2009, 2010, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil +License: GPL-2+ + +Files: src/libcharon/plugins/eap_ttls/eap_ttls_server.c +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libcharon/plugins/ext_auth/* +Copyright: 2014, Vyronas Tsingaras (vtsingaras@it.auth.gr) +License: Expat + +Files: src/libcharon/plugins/ext_auth/ext_auth_listener.c + src/libcharon/plugins/ext_auth/ext_auth_plugin.c +Copyright: 2014, revosec AG + 2014, Vyronas Tsingaras (vtsingaras@it.auth.gr) + 2014, Martin Willi +License: Expat + +Files: src/libcharon/plugins/ha/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/ha/ha_attribute.c + src/libcharon/plugins/ha/ha_attribute.h + src/libcharon/plugins/ha/ha_cache.c + src/libcharon/plugins/ha/ha_cache.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/ipseckey/* +Copyright: 2011, 2012, Reto Guadagnini +License: GPL-2+ + +Files: src/libcharon/plugins/ipseckey/ipseckey_cred.c + src/libcharon/plugins/ipseckey/ipseckey_plugin.c +Copyright: 2013, Tobias Brunner + 2012, Reto Guadagnini +License: GPL-2+ + +Files: src/libcharon/plugins/kernel_libipsec/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/plugins/load_tester/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/load_tester/load_tester.c + src/libcharon/plugins/load_tester/load_tester_control.c + src/libcharon/plugins/load_tester/load_tester_control.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/maemo/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/plugins/medcli/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/medcli/medcli_plugin.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/medsrv/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/medsrv/medsrv_plugin.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/resolve/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/resolve/resolve_handler.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/smp/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/socket_default/socket_default_plugin.c +Copyright: 2010-2014, revosec AG + 2009-2014, Tobias Brunner + 2007-2014, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/socket_default/socket_default_socket.c +Copyright: 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2013, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c +Copyright: 2010-2014, revosec AG + 2009-2014, Tobias Brunner + 2007-2014, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c +Copyright: 2010, 2014, revosec AG + 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2014, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/plugins/sql/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/sql/sql_config.c +Copyright: 2009-2015, Andreas Steffen + 2005-2009, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/sql/sql_cred.c + src/libcharon/plugins/sql/sql_plugin.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/stroke/* +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/stroke/stroke_attribute.h + src/libcharon/plugins/stroke/stroke_control.h + src/libcharon/plugins/stroke/stroke_list.c + src/libcharon/plugins/stroke/stroke_list.h + src/libcharon/plugins/stroke/stroke_plugin.c + src/libcharon/plugins/stroke/stroke_plugin.h + src/libcharon/plugins/stroke/stroke_socket.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/stroke/stroke_counter.c + src/libcharon/plugins/stroke/stroke_counter.h + src/libcharon/plugins/stroke/stroke_handler.c + src/libcharon/plugins/stroke/stroke_handler.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/systime_fix/systime_fix_plugin.c +Copyright: 2010-2014, revosec AG + 2009-2014, Tobias Brunner + 2007-2014, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/tnc_ifmap/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libcharon/plugins/tnc_pdp/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libcharon/plugins/uci/* +Copyright: 2008, Thomas Kallenberg + 2008, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/uci/uci_config.c + src/libcharon/plugins/uci/uci_creds.c +Copyright: 2008, Tobias Brunner + 2008, Thomas Kallenberg + 2008, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/uci/uci_control.h + src/libcharon/plugins/uci/uci_plugin.c +Copyright: 2008, Thomas Kallenberg +License: GPL-2+ + +Files: src/libcharon/plugins/unity/unity_handler.c + src/libcharon/plugins/unity/unity_narrow.c + src/libcharon/plugins/unity/unity_provider.c +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/updown/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/updown/updown_handler.c + src/libcharon/plugins/updown/updown_handler.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/updown/updown_listener.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/vici/ruby/* +Copyright: 2014, revosec AG + 2014, Martin Willi +License: Expat + +Files: src/libcharon/plugins/vici/vici_attribute.c +Copyright: 2010-2014, revosec AG + 2009-2014, Tobias Brunner + 2007-2014, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/xauth_generic/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/plugins/xauth_noauth/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/plugins/xauth_pam/xauth_pam_listener.c + src/libcharon/plugins/xauth_pam/xauth_pam_listener.h +Copyright: 2013, Endian srl +License: Expat + +Files: src/libcharon/processing/jobs/adopt_children_job.c +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/processing/jobs/adopt_children_job.h + src/libcharon/processing/jobs/dpd_timeout_job.c + src/libcharon/processing/jobs/dpd_timeout_job.h + src/libcharon/processing/jobs/initiate_tasks_job.c + src/libcharon/processing/jobs/initiate_tasks_job.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/processing/jobs/delete_ike_sa_job.c + src/libcharon/processing/jobs/delete_ike_sa_job.h +Copyright: 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libcharon/processing/jobs/initiate_mediation_job.c + src/libcharon/processing/jobs/initiate_mediation_job.h + src/libcharon/processing/jobs/mediation_job.c + src/libcharon/processing/jobs/mediation_job.h + src/libcharon/processing/jobs/retry_initiate_job.c + src/libcharon/processing/jobs/retry_initiate_job.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/processing/jobs/migrate_job.c + src/libcharon/processing/jobs/migrate_job.h + src/libcharon/processing/jobs/start_action_job.c + src/libcharon/processing/jobs/start_action_job.h +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libcharon/processing/jobs/process_message_job.c + src/libcharon/processing/jobs/process_message_job.h + src/libcharon/processing/jobs/retransmit_job.c + src/libcharon/processing/jobs/retransmit_job.h +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/processing/jobs/send_dpd_job.c + src/libcharon/processing/jobs/send_dpd_job.h + src/libcharon/processing/jobs/send_keepalive_job.c + src/libcharon/processing/jobs/send_keepalive_job.h +Copyright: 2006, Tobias Brunner, Daniel Roethlisberger +License: GPL-2+ + +Files: src/libcharon/sa/* +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/authenticator.h + src/libcharon/sa/ike_sa_manager.h +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/sa/child_sa.c + src/libcharon/sa/ike_sa.h +Copyright: 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2013, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/sa/child_sa.h +Copyright: 2006-2008, Tobias Brunner + 2006-2008, Martin Willi + 2006, Daniel Roethlisberger +License: GPL-2+ + +Files: src/libcharon/sa/child_sa_manager.c + src/libcharon/sa/child_sa_manager.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/eap/eap_inner_method.h +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libcharon/sa/eap/eap_method.c + src/libcharon/sa/eap/eap_method.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ike_sa.c +Copyright: 2014, Volker Rümelin + 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2009, Martin Willi + 2005, Jan Hutter +License: Expat and GPL-2+ + +Files: src/libcharon/sa/ike_sa_id.c + src/libcharon/sa/ike_sa_id.h +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ike_sa_manager.c +Copyright: 2010, 2011, revosec AG + 2007-2013, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/sa/ikev1/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev1/keymat_v1.c + src/libcharon/sa/ikev1/keymat_v1.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/sa/ikev1/phase1.c +Copyright: 2010-2014, revosec AG + 2009-2014, Tobias Brunner + 2007-2014, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev1/task_manager_v1.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev1/tasks/aggressive_mode.c +Copyright: 2010-2014, revosec AG + 2009-2014, Tobias Brunner + 2007-2014, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c +Copyright: 2013, Volker Rümelin + 2011, revosec AG + 2011, Martin Willi +License: Expat and GPL-2+ + +Files: src/libcharon/sa/ikev1/tasks/isakmp_delete.c +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev1/tasks/isakmp_natd.c +Copyright: 2012, Volker Rümelin + 2006-2011, Tobias Brunner + 2006, Daniel Roethlisberger + 2006, 2007, Martin Willi +License: Expat and GPL-2+ + +Files: src/libcharon/sa/ikev1/tasks/isakmp_natd.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/sa/ikev1/tasks/isakmp_vendor.c +Copyright: 2012-2014, Volker Rümelin + 2012, 2013, Tobias Brunner + 2009, Martin Willi +License: Expat and GPL-2+ + +Files: src/libcharon/sa/ikev1/tasks/main_mode.c +Copyright: 2011, 2012, 2014, revosec AG + 2011, 2012, 2014, Martin Willi + 2008, 2011-2013, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/sa/ikev1/tasks/quick_delete.c +Copyright: 2013, Oliver Smith + 2011, revosec AG + 2011, Martin Willi +License: Expat and GPL-2+ + +Files: src/libcharon/sa/ikev1/tasks/quick_mode.c +Copyright: 2012, Volker Rümelin + 2012, Tobias Brunner + 2011, revosec AG + 2011, Martin Willi +License: Expat and GPL-2+ + +Files: src/libcharon/sa/ikev2/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/authenticators/* +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/authenticators/eap_authenticator.h + src/libcharon/sa/ikev2/authenticators/psk_authenticator.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/authenticators/psk_authenticator.c +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/keymat_v2.c + src/libcharon/sa/ikev2/task_manager_v2.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/task_manager_v2.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/tasks/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/tasks/child_create.c + src/libcharon/sa/ikev2/tasks/ike_auth.c + src/libcharon/sa/ikev2/tasks/ike_init.c +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/tasks/child_rekey.c + src/libcharon/sa/ikev2/tasks/ike_rekey.c +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/tasks/ike_cert_post.c + src/libcharon/sa/ikev2/tasks/ike_cert_pre.c + src/libcharon/sa/ikev2/tasks/ike_mobike.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/tasks/ike_config.c +Copyright: 2007, Martin Willi + 2006, 2007, Fabian Hartmann, Noah Heusser +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/tasks/ike_me.c + src/libcharon/sa/ikev2/tasks/ike_me.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/tasks/ike_natd.c +Copyright: 2006, Tobias Brunner, Daniel Roethlisberger + 2006, 2007, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/tasks/ike_reauth_complete.c + src/libcharon/sa/ikev2/tasks/ike_reauth_complete.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/keymat.c + src/libcharon/sa/task_manager.c +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/sa/keymat.h + src/libcharon/sa/task_manager.h + src/libcharon/sa/trap_manager.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/shunt_manager.c + src/libcharon/sa/shunt_manager.h +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libcharon/sa/xauth/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/xauth/xauth_method.c + src/libcharon/sa/xauth/xauth_method.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/tests/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/tests/suites/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libfast/fast_smtp.c + src/libfast/fast_smtp.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libimcv/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libimcv/imcv.c + src/libimcv/imcv.h +Copyright: 2010, 2011, 2013, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil +License: GPL-2+ + +Files: src/libimcv/plugins/imc_attestation/* +Copyright: 2011-2014, Andreas Steffen + 2011, 2012, Sansar Choinyambuu +License: GPL-2+ + +Files: src/libimcv/plugins/imc_attestation/imc_attestation_process.c +Copyright: 2011, 2012, Sansar Choinyambuu, Andreas Steffen +License: GPL-2+ + +Files: src/libimcv/plugins/imc_attestation/imc_attestation_process.h + src/libimcv/plugins/imc_attestation/imc_attestation_state.h +Copyright: 2010, 2011, Sansar Choinyambuu +License: GPL-2+ + +Files: src/libimcv/plugins/imc_scanner/imc_scanner_state.h +Copyright: 2010, 2011, 2013, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil +License: GPL-2+ + +Files: src/libimcv/plugins/imc_swid/imc_swid_state.h +Copyright: 2010, 2011, 2013, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil +License: GPL-2+ + +Files: src/libimcv/plugins/imc_test/imc_test_state.h +Copyright: 2010, 2011, 2013, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil +License: GPL-2+ + +Files: src/libimcv/plugins/imv_attestation/imv_attestation_agent.c + src/libimcv/plugins/imv_attestation/imv_attestation_build.c + src/libimcv/plugins/imv_attestation/imv_attestation_process.c + src/libimcv/plugins/imv_attestation/imv_attestation_state.c +Copyright: 2011-2014, Andreas Steffen + 2011, 2012, Sansar Choinyambuu +License: GPL-2+ + +Files: src/libimcv/plugins/imv_attestation/imv_attestation_build.h + src/libimcv/plugins/imv_attestation/imv_attestation_process.h +Copyright: 2010, 2011, Sansar Choinyambuu +License: GPL-2+ + +Files: src/libimcv/plugins/imv_attestation/imv_attestation_state.h +Copyright: 2011, 2012, Sansar Choinyambuu, Andreas Steffen +License: GPL-2+ + +Files: src/libimcv/plugins/imv_test/imv_test_state.h +Copyright: 2010, 2011, 2013, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil +License: GPL-2+ + +Files: src/libimcv/pts/components/ita/ita_comp_func_name.h +Copyright: 2010, 2011, Sansar Choinyambuu +License: GPL-2+ + +Files: src/libimcv/pts/components/ita/ita_comp_tboot.h + src/libimcv/pts/components/ita/ita_comp_tgrub.h +Copyright: 2011, 2012, Sansar Choinyambuu, Andreas Steffen +License: GPL-2+ + +Files: src/libimcv/pts/components/pts_comp_evidence.c + src/libimcv/pts/components/pts_comp_evidence.h + src/libimcv/pts/components/pts_comp_func_name.h +Copyright: 2011, 2012, Sansar Choinyambuu, Andreas Steffen +License: GPL-2+ + +Files: src/libimcv/pts/components/tcg/tcg_comp_func_name.h +Copyright: 2010, 2011, Sansar Choinyambuu +License: GPL-2+ + +Files: src/libimcv/pts/pts.c + src/libimcv/pts/pts.h + src/libimcv/pts/pts_database.c + src/libimcv/pts/pts_file_meas.c + src/libimcv/pts/pts_file_meas.h + src/libimcv/pts/pts_meas_algo.h +Copyright: 2011-2014, Andreas Steffen + 2011, 2012, Sansar Choinyambuu +License: GPL-2+ + +Files: src/libimcv/pts/pts_dh_group.c + src/libimcv/pts/pts_dh_group.h + src/libimcv/pts/pts_error.c + src/libimcv/pts/pts_error.h + src/libimcv/pts/pts_file_meta.c + src/libimcv/pts/pts_file_meta.h + src/libimcv/pts/pts_file_type.h + src/libimcv/pts/pts_proto_caps.h + src/libimcv/pts/pts_req_func_comp_evid.h + src/libimcv/pts/pts_simple_evid_final.h +Copyright: 2010, 2011, Sansar Choinyambuu +License: GPL-2+ + +Files: src/libimcv/swid/swid_error.c +Copyright: 2010, 2011, Sansar Choinyambuu +License: GPL-2+ + +Files: src/libimcv/tcg/pts/* +Copyright: 2011-2014, Andreas Steffen + 2011, 2012, Sansar Choinyambuu +License: GPL-2+ + +Files: src/libipsec/* +Copyright: 2012, Tobias Brunner + 2012, Ralf Sager + 2012, Giuliano Grassi +License: GPL-2+ + +Files: src/libipsec/esp_context.c + src/libipsec/esp_context.h + src/libipsec/esp_packet.c +Copyright: 2012, Ralf Sager + 2012, Giuliano Grassi + 2012, 2013, Tobias Brunner +License: GPL-2+ + +Files: src/libipsec/ip_packet.c + src/libipsec/ip_packet.h + src/libipsec/ipsec_event_listener.h + src/libipsec/ipsec_processor.c + src/libipsec/ipsec_processor.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libipsec/ipsec_event_relay.h +Copyright: 2012, Ralf Sager + 2012, Giuliano Grassi +License: GPL-2+ + +Files: src/libpttls/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libradius/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libradius/radius_client.c + src/libradius/radius_client.h + src/libradius/radius_message.c + src/libradius/radius_message.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libradius/radius_mppe.h +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/AndroidConfigLocal.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/asn1/* +Copyright: 2006, Martin Will + 2000-2008, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/asn1/oid.c + src/libstrongswan/asn1/oid.h +Copyright: 2003-2008, Andreas Steffen, Hochschule fuer Technik Rapperswil +License: GPL-2+ +Comment: generated from oid.pl + +Files: src/libstrongswan/asn1/oid.pl +Copyright: 2003-2008, Andreas Steffen, Hochschule fuer Technik Rapperswil"; + 2003-2008, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/bio/* +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/collections/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/collections/array.c + src/libstrongswan/collections/array.h +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/collections/blocking_queue.c + src/libstrongswan/collections/blocking_queue.h +Copyright: 2012, Tobias Brunner + 2012, Ralf Sager + 2012, Giuliano Grassi +License: GPL-2+ + +Files: src/libstrongswan/collections/enumerator.c + src/libstrongswan/collections/enumerator.h +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/collections/linked_list.c +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/collections/linked_list.h +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/credentials/auth_cfg.c + src/libstrongswan/credentials/auth_cfg.h +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/credentials/cert_validator.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/credentials/certificates/ac.h + src/libstrongswan/credentials/certificates/pkcs10.h +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/credentials/certificates/crl.c + src/libstrongswan/credentials/certificates/crl.h +Copyright: 2008, 2009, Martin Willi + 2002-2009, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/credentials/containers/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/credentials/containers/container.h +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/credentials/containers/pkcs12.c + src/libstrongswan/credentials/containers/pkcs12.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/credentials/keys/public_key.c + src/libstrongswan/credentials/keys/public_key.h +Copyright: 2015, Tobias Brunner + 2014, Andreas Steffen + 2007, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/credentials/sets/auth_cfg_wrapper.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/credentials/sets/callback_cred.c + src/libstrongswan/credentials/sets/callback_cred.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/credentials/sets/mem_cred.c + src/libstrongswan/credentials/sets/mem_cred.h +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/crypto/* +Copyright: 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/crypto/aead.c + src/libstrongswan/crypto/aead.h +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/crypto/crypto_factory.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/crypto/crypto_factory.h + src/libstrongswan/crypto/crypto_tester.h + src/libstrongswan/crypto/transform.c + src/libstrongswan/crypto/transform.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/crypto/crypto_tester.c +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/crypto/diffie_hellman.c + src/libstrongswan/crypto/diffie_hellman.h + src/libstrongswan/crypto/mac.h +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/crypto/hashers/* +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/crypto/hashers/hash_algorithm_set.c + src/libstrongswan/crypto/hashers/hash_algorithm_set.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/crypto/iv/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/crypto/mgf1/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/crypto/nonce_gen.h +Copyright: 2012, Adrian-Ken Rueegsegger +License: GPL-2+ + +Files: src/libstrongswan/crypto/pkcs5.c + src/libstrongswan/crypto/pkcs5.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/crypto/prfs/mac_prf.c +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/crypto/prfs/mac_prf.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/crypto/proposal/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/crypto/proposal/proposal_keywords.c + src/libstrongswan/crypto/proposal/proposal_keywords.h +Copyright: 2012, Tobias Brunner + 2012, Nanoteq Pty Ltd +License: Expat and GPL-2+ + +Files: src/libstrongswan/crypto/rngs/* +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/crypto/signers/mac_signer.c +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/crypto/signers/mac_signer.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/crypto/signers/signer.h +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/database/database.c +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/database/database.h +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/eap/* +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/eap/eap.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/fetcher/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/fetcher/fetcher_manager.c + src/libstrongswan/fetcher/fetcher_manager.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/ipsec/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/library.c + src/libstrongswan/library.h +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/networking/* +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/networking/host.c +Copyright: 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/networking/host.h +Copyright: 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2013, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/networking/host_resolver.c + src/libstrongswan/networking/host_resolver.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/networking/streams/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/networking/tun_device.c +Copyright: 2012, Tobias Brunner + 2012, Ralf Sager + 2012, Martin Willi + 2012, Giuliano Grassi +License: GPL-2+ + +Files: src/libstrongswan/networking/tun_device.h +Copyright: 2012, Tobias Brunner + 2012, Ralf Sager + 2012, Giuliano Grassi +License: GPL-2+ + +Files: src/libstrongswan/pen/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/acert/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/aes/aes_crypter.c +Copyright: 2005, Jan Hutter + 2005, 2006, Martin Willi + 2001, Dr B. R. Gladman <brg@gladman.uk.net> +License: GPL-2+ + +Files: src/libstrongswan/plugins/aes/aes_crypter.h +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/plugins/af_alg/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/bliss/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/bliss/bliss_huffman.c +Copyright: 2012, 2014, Tobias Brunner + 2006, 2008, 2014, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/blowfish/* +Copyright: 1995-1998, Eric Young (eay@cryptsoft.com) +License: BSD-Young +Comment: not compiled since 4-clause BSD is incompatible with GPL + +Files: src/libstrongswan/plugins/blowfish/blowfish_crypter.h + src/libstrongswan/plugins/blowfish/blowfish_plugin.c + src/libstrongswan/plugins/blowfish/blowfish_plugin.h +Copyright: 2009-2015, Andreas Steffen + 2005-2009, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/ccm/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/cmac/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/plugins/constraints/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/ctr/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/curl/curl_fetcher.c +Copyright: 2008, 2009, Martin Willi + 2002-2009, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/des/des_crypter.c +Copyright: 2009, Tobias Brunner + 2006, Martin Willi + 1995-1997, Eric Young (eay@cryptsoft.com) +License: BSD-Young +Comment: not compiled since 4-clause BSD is incompatible with GPL + +Files: src/libstrongswan/plugins/dnskey/dnskey_encoder.c + src/libstrongswan/plugins/dnskey/dnskey_encoder.h +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/files/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/plugins/gcm/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/gcrypt/gcrypt_dh.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c +Copyright: 2010, Tobias Brunner + 2005-2008, Martin Willi + 2005, Jan Hutter + 1999-2001, Henry Spencer + 1998-2002, D. Hugh Redelmeier +License: GPL-2+ + +Files: src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h + src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c + src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +Copyright: 2012, Andreas Steffen + 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/plugins/hmac/hmac.c +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/hmac/hmac.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/plugins/keychain/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/ldap/ldap_fetcher.c +Copyright: 2008, 2009, Martin Willi + 2002-2009, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/md4/md4_hasher.c +Copyright: 2005, Jan Hutter + 2005, 2006, Martin Willi + 1990-1992, RSA Data Security, Inc. Created 1990 +License: GPL-2+ + +Files: src/libstrongswan/plugins/md4/md4_hasher.h +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/plugins/md5/md5_hasher.c +Copyright: 2005, Jan Hutter + 2005, 2006, Martin Willi + 1991, 1992, RSA Data Security, Inc. Created 1991 +License: GPL-2+ + +Files: src/libstrongswan/plugins/md5/md5_hasher.h +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/plugins/mysql/mysql_database.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/nonce/* +Copyright: 2012, Adrian-Ken Rueegsegger +License: GPL-2+ + +Files: src/libstrongswan/plugins/ntru/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/ntru/ntru_convert.c + src/libstrongswan/plugins/ntru/ntru_convert.h + src/libstrongswan/plugins/ntru/ntru_param_set.c + src/libstrongswan/plugins/ntru/ntru_param_set.h + src/libstrongswan/plugins/ntru/ntru_poly.c + src/libstrongswan/plugins/ntru/ntru_private_key.c + src/libstrongswan/plugins/ntru/ntru_public_key.c +Copyright: 2014, Andreas Steffen + 2009-2013, Security Innovation +License: GPL-2+ + +Files: src/libstrongswan/plugins/openssl/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/plugins/openssl/openssl_crl.c +Copyright: 2010, secunet Security Networks AG + 2010, revosec AG + 2010, Thomas Egerer + 2010, Martin Willi +License: Expat and GPL-2+ + +Files: src/libstrongswan/plugins/openssl/openssl_crl.h + src/libstrongswan/plugins/openssl/openssl_pkcs7.c + src/libstrongswan/plugins/openssl/openssl_pkcs7.h + src/libstrongswan/plugins/openssl/openssl_x509.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c + src/libstrongswan/plugins/openssl/openssl_plugin.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/openssl/openssl_ec_private_key.c + src/libstrongswan/plugins/openssl/openssl_ec_public_key.c + src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c + src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c + src/libstrongswan/plugins/openssl/openssl_util.c +Copyright: 2008-2010, Martin Willi + 2008-2012, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/plugins/openssl/openssl_hmac.c +Copyright: 2012, Tobias Brunner + 2012, Aleksandr Grinberg +License: Expat and GPL-2+ + +Files: src/libstrongswan/plugins/openssl/openssl_rng.c + src/libstrongswan/plugins/openssl/openssl_rng.h +Copyright: 2012, Aleksandr Grinberg +License: Expat + +Files: src/libstrongswan/plugins/openssl/openssl_sha1_prf.c + src/libstrongswan/plugins/openssl/openssl_sha1_prf.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/openssl/openssl_x509.c +Copyright: 2013, Technische Universität Ilmenau + 2013, Michael Rossberg + 2011, Tobias Brunner + 2010, secunet Security Networks AG + 2010, revosec AG + 2010, Thomas Egerer + 2010, Martin Willi +License: Expat and GPL-2+ + +Files: src/libstrongswan/plugins/padlock/* +Copyright: 2008, Thomas Kallenberg + 2008, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/padlock/padlock_plugin.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/padlock/padlock_plugin.h + src/libstrongswan/plugins/padlock/padlock_rng.c + src/libstrongswan/plugins/padlock/padlock_rng.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/pem/pem_builder.c +Copyright: 2008, 2013, Tobias Brunner + 2008, 2009, Martin Willi + 2000-2008, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/pem/pem_builder.h +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/pem/pem_encoder.c + src/libstrongswan/plugins/pem/pem_encoder.h +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/pgp/pgp_builder.c +Copyright: 2008, 2009, Martin Willi + 2002-2009, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/pkcs1/pkcs1_builder.c +Copyright: 2008, 2013, Tobias Brunner + 2008, 2009, Martin Willi + 2000-2008, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/pkcs11/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/pkcs11/pkcs11.h +Copyright: 2006, 2007 g10 Code GmbH / 2006, Andreas Jellinghaus +License: MIT + +Files: src/libstrongswan/plugins/pkcs11/pkcs11_dh.c + src/libstrongswan/plugins/pkcs11/pkcs11_dh.h + src/libstrongswan/plugins/pkcs11/pkcs11_rng.c + src/libstrongswan/plugins/pkcs11/pkcs11_rng.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/plugins/pkcs11/pkcs11_library.c + src/libstrongswan/plugins/pkcs11/pkcs11_library.h + src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c + src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c + src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h + src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/pkcs12/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/plugins/pkcs7/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c + src/libstrongswan/plugins/pkcs7/pkcs7_attributes.h +Copyright: 2012, 2014, Tobias Brunner + 2006, 2008, 2014, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/pkcs7/pkcs7_encrypted_data.c + src/libstrongswan/plugins/pkcs7/pkcs7_encrypted_data.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c + src/libstrongswan/plugins/pkcs7/pkcs7_generic.c +Copyright: 2012, revosec AG + 2012, Tobias Brunner + 2012, Martin Willi + 2005, Jan Hutter, Martin Willi + 2002-2008, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/pkcs8/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/plugins/plugin_feature.c + src/libstrongswan/plugins/plugin_feature.h +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/plugin_loader.c + src/libstrongswan/plugins/plugin_loader.h +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/random/random_rng.c +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/plugins/rc2/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/plugins/rdrand/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/revocation/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/revocation/revocation_validator.c +Copyright: 2010, revosec AG + 2010, Martin Willi + 2009, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/sha1/sha1_hasher.c +Copyright: 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/sha1/sha1_hasher.h +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/plugins/sha2/sha2_hasher.c +Copyright: 2006, Martin Willi + 2001, Jari Ruusu +License: GPL-2+ + +Files: src/libstrongswan/plugins/soup/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/sqlite/sqlite_database.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/sshkey/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/plugins/test_vectors/test_vectors/* +Copyright: 2009, Martin Willi +License: GPL + +Files: src/libstrongswan/plugins/test_vectors/test_vectors/3des_cbc.c + src/libstrongswan/plugins/test_vectors/test_vectors/camellia_cbc.c + src/libstrongswan/plugins/test_vectors/test_vectors/cast.c + src/libstrongswan/plugins/test_vectors/test_vectors/des.c + src/libstrongswan/plugins/test_vectors/test_vectors/idea.c + src/libstrongswan/plugins/test_vectors/test_vectors/md4.c + src/libstrongswan/plugins/test_vectors/test_vectors/null.c + src/libstrongswan/plugins/test_vectors/test_vectors/rc5.c + src/libstrongswan/plugins/test_vectors/test_vectors/serpent_cbc.c + src/libstrongswan/plugins/test_vectors/test_vectors/twofish_cbc.c +Copyright: 2009, Andreas Steffen +License: GPL + +Files: src/libstrongswan/plugins/test_vectors/test_vectors/aes_ccm.c + src/libstrongswan/plugins/test_vectors/test_vectors/aes_ctr.c + src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c + src/libstrongswan/plugins/test_vectors/test_vectors/camellia_ctr.c + src/libstrongswan/plugins/test_vectors/test_vectors/camellia_xcbc.c +Copyright: 2010, revosec AG + 2010, Martin Willi +License: GPL + +Files: src/libstrongswan/plugins/test_vectors/test_vectors/aes_cmac.c + src/libstrongswan/plugins/test_vectors/test_vectors/rc2.c +Copyright: 2012, 2013, Tobias Brunner +License: GPL + +Files: src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c +Copyright: 2009, Martin Willi + 2009, Andreas Steffen + , JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar> +License: GPL + +Files: src/libstrongswan/plugins/unbound/* +Copyright: 2011, 2012, Reto Guadagnini +License: GPL-2+ + +Files: src/libstrongswan/plugins/winhttp/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/x509/x509_ac.c + src/libstrongswan/plugins/x509/x509_ac.h +Copyright: 2009, Martin Willi + 2003, Martin Berner, Lukas Suter + 2002-2014, Andreas Steffen + 2002, Ueli Galizzi, Ariane Seiler +License: GPL-2+ + +Files: src/libstrongswan/plugins/x509/x509_cert.c +Copyright: 2008, Tobias Brunner + 2006-2009, Martin Willi + 2002, Mario Strasser + 2001, Marco Bertossa, Andreas Schleiss + 2000-2006, Andreas Steffen + 2000, Andreas Hess, Patric Lichtsteiner, Roger Wegmann +License: GPL-2+ + +Files: src/libstrongswan/plugins/x509/x509_ocsp_request.c + src/libstrongswan/plugins/x509/x509_ocsp_response.c +Copyright: 2008, 2009, Martin Willi + 2007-2014, Andreas Steffen + 2003, Christoph Gysin, Simon Zwahlen +License: GPL-2+ + +Files: src/libstrongswan/plugins/x509/x509_pkcs10.c +Copyright: 2009, Andreas Steffen + 2005, Jan Hutter, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/x509/x509_pkcs10.h +Copyright: 2009-2015, Andreas Steffen + 2005-2009, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/xcbc/xcbc.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/processing/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/processing/jobs/callback_job.c +Copyright: 2010-2014, revosec AG + 2009-2014, Tobias Brunner + 2007-2014, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/processing/jobs/callback_job.h +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/processing/jobs/job.h +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/processing/processor.c +Copyright: 2010, 2011, revosec AG + 2007-2013, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/processing/processor.h + src/libstrongswan/processing/scheduler.h +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/processing/scheduler.c +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/resolver/* +Copyright: 2011, 2012, Reto Guadagnini +License: GPL-2+ + +Files: src/libstrongswan/selectors/* +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/selectors/traffic_selector.c +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/settings/* +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/settings/settings_parser.c + src/libstrongswan/settings/settings_parser.h +Copyright: 1984, 1989, 1990, 2000-2013, Free Software Foundation, Inc +License: GPL-3+ + +Files: src/libstrongswan/settings/settings_types.c + src/libstrongswan/settings/settings_types.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/tests/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/tests/suites/test_array.c + src/libstrongswan/tests/suites/test_vectors.c +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/tests/suites/test_asn1.c + src/libstrongswan/tests/suites/test_asn1_parser.c + src/libstrongswan/tests/suites/test_crypter.c + src/libstrongswan/tests/suites/test_hasher.c + src/libstrongswan/tests/suites/test_mgf1.c + src/libstrongswan/tests/suites/test_ntru.c + src/libstrongswan/tests/suites/test_pen.c + src/libstrongswan/tests/suites/test_test_rng.c +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/tests/suites/test_bio_reader.c + src/libstrongswan/tests/suites/test_bio_writer.c + src/libstrongswan/tests/suites/test_crypto_factory.c + src/libstrongswan/tests/suites/test_enum.c + src/libstrongswan/tests/suites/test_hashtable.c + src/libstrongswan/tests/suites/test_host.c + src/libstrongswan/tests/suites/test_linked_list.c + src/libstrongswan/tests/suites/test_linked_list_enumerator.c + src/libstrongswan/tests/suites/test_settings.c + src/libstrongswan/tests/suites/test_utils.c +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/tests/suites/test_chunk.c + src/libstrongswan/tests/suites/test_enumerator.c + src/libstrongswan/tests/suites/test_identification.c + src/libstrongswan/tests/suites/test_threading.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/tests/test_runner.c + src/libstrongswan/tests/test_suite.h +Copyright: 2010-2014, revosec AG + 2009-2014, Tobias Brunner + 2007-2014, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/tests/tests.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/tests/utils/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/threading/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/threading/condvar.h + src/libstrongswan/threading/mutex.h + src/libstrongswan/threading/rwlock.h +Copyright: 2008-2010, Martin Willi + 2008-2012, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/threading/lock_profiler.h + src/libstrongswan/threading/mutex.c + src/libstrongswan/threading/rwlock.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/threading/windows/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/utils/backtrace.c + src/libstrongswan/utils/process.c + src/libstrongswan/utils/process.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/utils/capabilities.c +Copyright: 2011, 2012, 2014, revosec AG + 2011, 2012, 2014, Martin Willi + 2008, 2011-2013, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/utils/capabilities.h +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/utils/chunk.c +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/utils/chunk.h + src/libstrongswan/utils/identification.c + src/libstrongswan/utils/identification.h +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/utils/compat/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/utils/enum.h + src/libstrongswan/utils/leak_detective.c + src/libstrongswan/utils/utils.c + src/libstrongswan/utils/utils.h +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/utils/lexparser.c + src/libstrongswan/utils/lexparser.h + src/libstrongswan/utils/optionsfrom.c + src/libstrongswan/utils/optionsfrom.h +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/utils/parser_helper.c + src/libstrongswan/utils/parser_helper.h + src/libstrongswan/utils/test.c + src/libstrongswan/utils/test.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/utils/printf_hook/* +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/utils/printf_hook/printf_hook_builtin.c +Copyright: 2013, revosec AG + 2013, Martin Willi + 2002-2006, H. Peter Anvin +License: Expat and GPL-2+ + +Files: src/libstrongswan/utils/printf_hook/printf_hook_builtin.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/utils/utils/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libtls/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libtls/tls_application.h +Copyright: 2010, 2011, HSR Hochschule fuer Technik Rapperswil + 2010, 2011, Andreas Steffen +License: GPL-2+ + +Files: src/libtnccs/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libtnccs/plugins/tnc_imc/tnc_imc_bind_function.c +Copyright: 2010, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + 2006, Mike McCauley +License: GPL-2+ + +Files: src/libtnccs/plugins/tnc_imc/tnc_imc_manager.c +Copyright: 2010, 2011, Andreas Steffen + 2006, Mike McCauley +License: GPL-2+ + +Files: src/libtnccs/plugins/tnc_imv/tnc_imv_bind_function.c +Copyright: 2010, 2011, Andreas Steffen + 2006, Mike McCauley +License: GPL-2+ + +Files: src/libtnccs/plugins/tnccs_11/batch/* +Copyright: 2010, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + 2006, Mike McCauley (mikem@open.com.au) +License: GPL-2+ + +Files: src/libtnccs/plugins/tnccs_11/batch/tnccs_batch.h +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libtnccs/plugins/tnccs_11/messages/imc_imv_msg.c + src/libtnccs/plugins/tnccs_11/messages/tnccs_error_msg.c + src/libtnccs/plugins/tnccs_11/messages/tnccs_msg.c + src/libtnccs/plugins/tnccs_11/messages/tnccs_preferred_language_msg.c + src/libtnccs/plugins/tnccs_11/messages/tnccs_reason_strings_msg.c + src/libtnccs/plugins/tnccs_11/messages/tnccs_recommendation_msg.c +Copyright: 2010, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + 2006, Mike McCauley (mikem@open.com.au) +License: GPL-2+ + +Files: src/libtnccs/plugins/tnccs_11/messages/tnccs_tncs_contact_info_msg.c +Copyright: 2010, 2011, 2013, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil +License: GPL-2+ + +Files: src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c +Copyright: 2010-2015, Andreas Steffen + 2010, Sansar Choinyanbuu +License: GPL-2+ + +Files: src/libtnccs/plugins/tnccs_20/messages/ietf/* +Copyright: 2010, 2011, Sansar Choinyambuu +License: GPL-2+ + +Files: src/libtnccs/plugins/tnccs_20/messages/ietf/pb_experimental_msg.c + src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h + src/libtnccs/plugins/tnccs_20/messages/ietf/pb_remediation_parameters_msg.c + src/libtnccs/plugins/tnccs_20/messages/ietf/pb_remediation_parameters_msg.h +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c +Copyright: 2010, Sansar Choinyanbuu + 2010, Andreas Steffen +License: GPL-2+ + +Files: src/libtnccs/plugins/tnccs_20/tnccs_20.c +Copyright: 2010-2015, Andreas Steffen + 2010, Sansar Choinyanbuu +License: GPL-2+ + +Files: src/libtncif/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libtncif/tncif.h + src/libtncif/tncifimc.h + src/libtncif/tncifimv.h +Copyright: 2005-2011, Trusted Computing Group, Inc. All rights +License: BSD-3-clause + +Files: src/libtncif/tncif_pa_subtypes.h +Copyright: 2010, 2011, 2013, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil +License: GPL-2+ + +Files: src/manager/templates/* +Copyright: *No copyright* +License: GPL-2+ + +Files: src/medsrv/* +Copyright: 2008, Philip Boetschi, Adrian Doerig + 2008, Martin Willi +License: GPL-2+ + +Files: src/medsrv/templates/* +Copyright: *No copyright* +License: GPL-2+ + +Files: src/medsrv/user.c + src/medsrv/user.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/pki/commands/* +Copyright: 2009-2015, Andreas Steffen + 2005-2009, Martin Willi +License: GPL-2+ + +Files: src/pki/commands/keyid.c + src/pki/commands/verify.c +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/pki/commands/pkcs12.c +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/pki/commands/pkcs7.c + src/pki/commands/print.c + src/pki/commands/signcrl.c +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/pki/pki.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/pool/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/pool/pool.c +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/pool/pool_usage.c + src/pool/pool_usage.h +Copyright: 2009-2015, Andreas Steffen + 2005-2009, Martin Willi +License: GPL-2+ + +Files: src/pt-tls-client/* +Copyright: 2013-2015, Andreas Steffen + 2010-2013, Martin Willi, revosec AG +License: GPL-2+ + +Files: src/scepclient/* +Copyright: 2012, Tobias Brunner + 2005, Jan Hutter, Martin Willi +License: GPL-2+ + +Files: src/starter/* +Copyright: 2001, 2002, Mathieu Lafon - Arkoon Network Security +License: GPL-2+ + +Files: src/starter/args.c +Copyright: 2012, 2014, Tobias Brunner + 2006, 2008, 2014, Andreas Steffen +License: GPL-2+ + +Files: src/starter/args.h + src/starter/keywords.c + src/starter/keywords.h +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/starter/confread.c +Copyright: 2014, Tobias Brunner + 2001, 2002, Mathieu Lafon - Arkoon Network Security +License: GPL-2+ + +Files: src/starter/confread.h +Copyright: 2001, 2002, Mathieu Lafon +License: GPL-2+ + +Files: src/starter/invokecharon.c + src/starter/invokecharon.h +Copyright: 2006, Martin Willi - Hochschule fuer Technik Rapperswil + 2001, 2002, Mathieu Lafon - Arkoon Network Security +License: GPL-2+ + +Files: src/starter/parser/* +Copyright: 1984, 1989, 1990, 2000-2013, Free Software Foundation, Inc +License: GPL-3+ + +Files: src/starter/parser/conf_parser.c + src/starter/parser/conf_parser.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/starter/starterstroke.c + src/starter/starterstroke.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/starter/tests/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/stroke/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/stroke/stroke.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/stroke/stroke_msg.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/swanctl/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/swanctl/command.c + src/swanctl/command.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: testing/* +Copyright: Hochschule fuer Technik Rapperswil +License: GPL-2+ + +License: BSD-3 + The BSD License + . + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + . + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + . + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + . + * Neither the name of foo nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: BSD-3-clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + o Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + o Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + o Neither the name of the Trusted Computing Group nor the names of + its contributors may be used to endorse or promote products + derived from this software without specific prior written + permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +License: BSD-Young + This library is free for commercial and non-commercial use as long as + the following conditions are aheared to. The following conditions + apply to all code found in this distribution, be it the RC4, RSA, + lhash, DES, etc., code; not just the SSL code. The SSL documentation + included with this distribution is covered by the same copyright terms + except that the holder is Tim Hudson (tjh@cryptsoft.com). + . + Copyright remains Eric Young's, and as such any Copyright notices in + the code are not to be removed. + If this package is used in a product, Eric Young should be given attribution + as the author of the parts of the library used. + This can be in the form of a textual message at program startup or + in documentation (online or textual) provided with the package. + . + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + "This product includes cryptographic software written by + Eric Young (eay@cryptsoft.com)" + The word 'cryptographic' can be left out if the rouines from the library + being used are not cryptographic related :-). + 4. If you include any Windows specific code (or a derivative thereof) from + the apps directory (application code) you must include an acknowledgement: + "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + . + THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + . + The licence and distribution terms for any publically available version or + derivative of this code cannot be changed. i.e. this code cannot simply be + copied and put under another distribution licence + [including the GNU Public Licence.] + +License: Expat + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. + +License: GPL + On Debian systems, the complete text of the GNU General + Public License can be found in + `/usr/share/common-licenses/GPL'. + +License: GPL-2+ + On Debian systems, the complete text of the GNU General + Public License version 2 can be found in + `/usr/share/common-licenses/GPL-2'. + +License: GPL-2+ with OpenSSL exception + This program is free software; you can redistribute it + and/or modify it under the terms of the GNU General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later + version. + . + In addition, as a special exception, the author of this + program gives permission to link the code of its + release with the OpenSSL project's "OpenSSL" library (or + with modified versions of it that use the same license as + the "OpenSSL" library), and distribute the linked + executables. You must obey the GNU General Public + License in all respects for all of the code used other + than "OpenSSL". If you modify this file, you may extend + this exception to your version of the file, but you are + not obligated to do so. If you do not wish to do so, + delete this exception statement from your version. + . + This program is distributed in the hope that it will be + useful, but WITHOUT ANY WARRANTY; without even the implied + warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. See the GNU General Public License for more + details. + . + You should have received a copy of the GNU General Public + License along with this package; if not, write to the Free + Software Foundation, Inc., 51 Franklin St, Fifth Floor, + Boston, MA 02110-1301 USA + . + On Debian systems, the full text of the GNU General Public + License version 2 can be found in the file + `/usr/share/common-licenses/GPL-2'. + +License: GPL-3+ + On Debian systems, the complete text of the GNU General + Public License version 3 can be found in + `/usr/share/common-licenses/GPL-3'. + +License: LGPL-2+ + On Debian systems, the complete text of the Lesser GNU + General Public License version 2 can be found in + `/usr/share/common-licenses/LGPL-2'. + +License: MIT + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + . + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even + the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 000000000..48731a696 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,4 @@ +[DEFAULT] +pristine-tar = True +debian-branch = debian/master +upstream-branch = upstream/latest diff --git a/debian/ipsec.secrets.proto b/debian/ipsec.secrets.proto new file mode 100644 index 000000000..dfa6dde47 --- /dev/null +++ b/debian/ipsec.secrets.proto @@ -0,0 +1,8 @@ +# This file holds shared secrets or RSA private keys for authentication. + +# RSA private key for this host, authenticating it to any other host +# which knows the public part. + +# this file is managed with debconf and will contain the automatically created private key +include /var/lib/strongswan/ipsec.secrets.inc + diff --git a/debian/libcharon-extra-plugins.install b/debian/libcharon-extra-plugins.install new file mode 100644 index 000000000..1b0cbca96 --- /dev/null +++ b/debian/libcharon-extra-plugins.install @@ -0,0 +1,54 @@ +# libcharon plugins +usr/lib/ipsec/plugins/libstrongswan-addrblock.so +usr/lib/ipsec/plugins/libstrongswan-certexpire.so +usr/lib/ipsec/plugins/libstrongswan-eap*.so +usr/lib/ipsec/plugins/libstrongswan-error-notify.so +usr/lib/ipsec/plugins/libstrongswan-ha.so +usr/lib/ipsec/plugins/libstrongswan-led.so +usr/lib/ipsec/plugins/libstrongswan-lookip.so +#usr/lib/ipsec/plugins/libstrongswan-medsrv.so +#usr/lib/ipsec/plugins/libstrongswan-medcli.so +usr/lib/ipsec/plugins/libstrongswan-tnc-tnccs.so +usr/lib/ipsec/plugins/libstrongswan-unity.so +usr/lib/ipsec/plugins/libstrongswan-xauth-*.so +# standard configuration files +usr/share/strongswan/templates/config/plugins/addrblock.conf +usr/share/strongswan/templates/config/plugins/certexpire.conf +usr/share/strongswan/templates/config/plugins/eap-*.conf +usr/share/strongswan/templates/config/plugins/error-notify.conf +usr/share/strongswan/templates/config/plugins/ha.conf +usr/share/strongswan/templates/config/plugins/led.conf +usr/share/strongswan/templates/config/plugins/lookip.conf +#usr/share/strongswan/templates/config/plugins/medsrv.conf +#usr/share/strongswan/templates/config/plugins/medcli.conf +usr/share/strongswan/templates/config/plugins/tnc-tnccs.conf +usr/share/strongswan/templates/config/plugins/unity.conf +usr/share/strongswan/templates/config/plugins/xauth-*.conf +usr/share/strongswan/templates/config/strongswan.d/tnc.conf +etc/strongswan.d/tnc.conf +etc/strongswan.d/charon/addrblock.conf +etc/strongswan.d/charon/certexpire.conf +etc/strongswan.d/charon/eap-*.conf +etc/strongswan.d/charon/error-notify.conf +etc/strongswan.d/charon/ha.conf +etc/strongswan.d/charon/led.conf +etc/strongswan.d/charon/lookip.conf +#etc/strongswan.d/charon/medsrv.conf +#etc/strongswan.d/charon/medcli.conf +etc/strongswan.d/charon/tnc-tnccs.conf +etc/strongswan.d/charon/unity.conf +etc/strongswan.d/charon/xauth-*.conf +debian/usr.lib.ipsec.lookip /etc/apparmor.d/ +# support libs +#usr/lib/ipsec/libfast.so* +usr/lib/ipsec/libpttls.so* +usr/lib/ipsec/libradius.so* +usr/lib/ipsec/libsimaka.so* +usr/lib/ipsec/libtnccs.so* +usr/lib/ipsec/libtls.so* +# binaries +usr/bin/pt-tls-client +usr/lib/ipsec/error-notify +usr/lib/ipsec/lookip +# manpages +usr/share/man/man1/pt-tls-client.1 diff --git a/debian/libstrongswan-extra-plugins.install b/debian/libstrongswan-extra-plugins.install new file mode 100644 index 000000000..2846e2155 --- /dev/null +++ b/debian/libstrongswan-extra-plugins.install @@ -0,0 +1,40 @@ +# Tool for TPM PCR extension +usr/bin/tpm_extendpcr +# libstrongswan plugins +usr/lib/ipsec/plugins/libstrongswan-ccm.so +usr/lib/ipsec/plugins/libstrongswan-chapoly.so +usr/lib/ipsec/plugins/libstrongswan-cmac.so +usr/lib/ipsec/plugins/libstrongswan-ctr.so +usr/lib/ipsec/plugins/libstrongswan-curl.so +usr/lib/ipsec/plugins/libstrongswan-curve25519.so +usr/lib/ipsec/plugins/libstrongswan-gcrypt.so +usr/lib/ipsec/plugins/libstrongswan-ldap.so +usr/lib/ipsec/plugins/libstrongswan-pkcs11.so +usr/lib/ipsec/plugins/libstrongswan-test-vectors.so +usr/lib/ipsec/plugins/libstrongswan-tpm.so +# default configuration files +usr/share/strongswan/templates/config/plugins/ccm.conf +usr/share/strongswan/templates/config/plugins/cmac.conf +usr/share/strongswan/templates/config/plugins/chapoly.conf +usr/share/strongswan/templates/config/plugins/ctr.conf +usr/share/strongswan/templates/config/plugins/curl.conf +usr/share/strongswan/templates/config/plugins/curve25519.conf +usr/share/strongswan/templates/config/plugins/gcrypt.conf +usr/share/strongswan/templates/config/plugins/ldap.conf +usr/share/strongswan/templates/config/plugins/pkcs11.conf +usr/share/strongswan/templates/config/plugins/test-vectors.conf +usr/share/strongswan/templates/config/plugins/tpm.conf +etc/strongswan.d/charon/ccm.conf +etc/strongswan.d/charon/chapoly.conf +etc/strongswan.d/charon/cmac.conf +etc/strongswan.d/charon/ctr.conf +etc/strongswan.d/charon/curl.conf +etc/strongswan.d/charon/curve25519.conf +etc/strongswan.d/charon/gcrypt.conf +etc/strongswan.d/charon/ldap.conf +etc/strongswan.d/charon/pkcs11.conf +etc/strongswan.d/charon/test-vectors.conf +etc/strongswan.d/charon/tpm.conf +# TPM libs +usr/lib/ipsec/libtpmtss.so.* +usr/lib/ipsec/libtpmtss.so diff --git a/debian/libstrongswan-standard-plugins.install b/debian/libstrongswan-standard-plugins.install new file mode 100644 index 000000000..d97a36ae4 --- /dev/null +++ b/debian/libstrongswan-standard-plugins.install @@ -0,0 +1,11 @@ +# libstrongswan plugins +usr/lib/ipsec/plugins/libstrongswan-agent.so +usr/lib/ipsec/plugins/libstrongswan-gcm.so +usr/lib/ipsec/plugins/libstrongswan-openssl.so +# config file +usr/share/strongswan/templates/config/plugins/agent.conf +usr/share/strongswan/templates/config/plugins/gcm.conf +usr/share/strongswan/templates/config/plugins/openssl.conf +etc/strongswan.d/charon/agent.conf +etc/strongswan.d/charon/gcm.conf +etc/strongswan.d/charon/openssl.conf diff --git a/debian/libstrongswan.dirs b/debian/libstrongswan.dirs new file mode 100644 index 000000000..a7afdf5d6 --- /dev/null +++ b/debian/libstrongswan.dirs @@ -0,0 +1,6 @@ +/etc/logcheck/ignore.d.paranoid +/etc/logcheck/ignore.d.server +/etc/logcheck/ignore.d.workstation +/etc/logcheck/violations.ignore.d +/usr/lib/ipsec/plugins +/usr/share/lintian/overrides diff --git a/debian/libstrongswan.docs b/debian/libstrongswan.docs new file mode 100644 index 000000000..e845566c0 --- /dev/null +++ b/debian/libstrongswan.docs @@ -0,0 +1 @@ +README diff --git a/debian/libstrongswan.install b/debian/libstrongswan.install new file mode 100644 index 000000000..072ff7e08 --- /dev/null +++ b/debian/libstrongswan.install @@ -0,0 +1,85 @@ +# libstrongswan plugins +usr/lib/ipsec/libstrongswan.so* +usr/lib/ipsec/plugins/libstrongswan-aes.so +usr/lib/ipsec/plugins/libstrongswan-constraints.so +usr/lib/ipsec/plugins/libstrongswan-dnskey.so +usr/lib/ipsec/plugins/libstrongswan-fips-prf.so +usr/lib/ipsec/plugins/libstrongswan-gmp.so +usr/lib/ipsec/plugins/libstrongswan-hmac.so +usr/lib/ipsec/plugins/libstrongswan-md5.so +usr/lib/ipsec/plugins/libstrongswan-mgf1.so +usr/lib/ipsec/plugins/libstrongswan-nonce.so +usr/lib/ipsec/plugins/libstrongswan-pgp.so +usr/lib/ipsec/plugins/libstrongswan-pem.so +usr/lib/ipsec/plugins/libstrongswan-pkcs1.so +usr/lib/ipsec/plugins/libstrongswan-pkcs7.so +usr/lib/ipsec/plugins/libstrongswan-pkcs8.so +usr/lib/ipsec/plugins/libstrongswan-pkcs12.so +usr/lib/ipsec/plugins/libstrongswan-pubkey.so +usr/lib/ipsec/plugins/libstrongswan-random.so +usr/lib/ipsec/plugins/libstrongswan-rc2.so +usr/lib/ipsec/plugins/libstrongswan-revocation.so +usr/lib/ipsec/plugins/libstrongswan-sha1.so +usr/lib/ipsec/plugins/libstrongswan-sha2.so +usr/lib/ipsec/plugins/libstrongswan-sshkey.so +usr/lib/ipsec/plugins/libstrongswan-x509.so +usr/lib/ipsec/plugins/libstrongswan-xcbc.so +# config files +usr/share/strongswan/templates/config/plugins/aes.conf +usr/share/strongswan/templates/config/plugins/constraints.conf +usr/share/strongswan/templates/config/plugins/dnskey.conf +usr/share/strongswan/templates/config/plugins/fips-prf.conf +usr/share/strongswan/templates/config/plugins/gmp.conf +usr/share/strongswan/templates/config/plugins/hmac.conf +usr/share/strongswan/templates/config/plugins/md5.conf +usr/share/strongswan/templates/config/plugins/mgf1.conf +usr/share/strongswan/templates/config/plugins/nonce.conf +usr/share/strongswan/templates/config/plugins/pgp.conf +usr/share/strongswan/templates/config/plugins/pem.conf +usr/share/strongswan/templates/config/plugins/pkcs1.conf +usr/share/strongswan/templates/config/plugins/pkcs7.conf +usr/share/strongswan/templates/config/plugins/pkcs8.conf +usr/share/strongswan/templates/config/plugins/pkcs12.conf +usr/share/strongswan/templates/config/plugins/pubkey.conf +usr/share/strongswan/templates/config/plugins/random.conf +usr/share/strongswan/templates/config/plugins/rc2.conf +usr/share/strongswan/templates/config/plugins/revocation.conf +usr/share/strongswan/templates/config/plugins/sha1.conf +usr/share/strongswan/templates/config/plugins/sha2.conf +usr/share/strongswan/templates/config/plugins/sshkey.conf +usr/share/strongswan/templates/config/plugins/x509.conf +usr/share/strongswan/templates/config/plugins/xcbc.conf +etc/strongswan.d/charon/aes.conf +etc/strongswan.d/charon/constraints.conf +etc/strongswan.d/charon/dnskey.conf +etc/strongswan.d/charon/fips-prf.conf +etc/strongswan.d/charon/gmp.conf +etc/strongswan.d/charon/hmac.conf +etc/strongswan.d/charon/md5.conf +etc/strongswan.d/charon/mgf1.conf +etc/strongswan.d/charon/nonce.conf +etc/strongswan.d/charon/pgp.conf +etc/strongswan.d/charon/pem.conf +etc/strongswan.d/charon/pkcs1.conf +etc/strongswan.d/charon/pkcs7.conf +etc/strongswan.d/charon/pkcs8.conf +etc/strongswan.d/charon/pkcs12.conf +etc/strongswan.d/charon/pubkey.conf +etc/strongswan.d/charon/random.conf +etc/strongswan.d/charon/rc2.conf +etc/strongswan.d/charon/revocation.conf +etc/strongswan.d/charon/sha1.conf +etc/strongswan.d/charon/sha2.conf +etc/strongswan.d/charon/sshkey.conf +etc/strongswan.d/charon/x509.conf +etc/strongswan.d/charon/xcbc.conf +usr/lib/ipsec/plugins/libstrongswan-attr.so +usr/lib/ipsec/plugins/libstrongswan-resolve.so +# config files +usr/share/strongswan/templates/config/strongswan.conf +usr/share/strongswan/templates/config/plugins/attr.conf +usr/share/strongswan/templates/config/plugins/resolve.conf +etc/strongswan.d/charon/attr.conf +etc/strongswan.d/charon/resolve.conf +etc/strongswan.conf +usr/share/man/man5/strongswan.conf.5 diff --git a/debian/patches/01_fix-manpages.patch b/debian/patches/01_fix-manpages.patch new file mode 100644 index 000000000..f1de0a3ac --- /dev/null +++ b/debian/patches/01_fix-manpages.patch @@ -0,0 +1,11 @@ +--- a/src/scepclient/scepclient.8 ++++ b/src/scepclient/scepclient.8 +@@ -1,7 +1,7 @@ + .\" + .TH "IPSEC_SCEPCLIENT" "8" "2012-05-11" "strongSwan" "" + .SH "NAME" +-ipsec scepclient \- Client for the SCEP protocol ++ipsec_scepclient \- Client for the SCEP protocol + .SH "SYNOPSIS" + .B ipsec scepclient [argument ...] + .sp diff --git a/debian/patches/02_disable-bypass-lan.patch b/debian/patches/02_disable-bypass-lan.patch new file mode 100644 index 000000000..19333714e --- /dev/null +++ b/debian/patches/02_disable-bypass-lan.patch @@ -0,0 +1,13 @@ +diff --git a/conf/plugins/bypass-lan.conf b/conf/plugins/bypass-lan.conf +index ad496db67..e470ce68e 100644 +--- a/conf/plugins/bypass-lan.conf ++++ b/conf/plugins/bypass-lan.conf +@@ -11,7 +11,7 @@ bypass-lan { + + # Whether to load the plugin. Can also be an integer to increase the + # priority of this plugin. +- load = yes ++ load = no + + } + diff --git a/debian/patches/03_systemd-service.patch b/debian/patches/03_systemd-service.patch new file mode 100644 index 000000000..5eee9a9b8 --- /dev/null +++ b/debian/patches/03_systemd-service.patch @@ -0,0 +1,17 @@ +diff --git a/debian/patches/03_systemd-service.patch b/debian/patches/03_systemd-service.patch +diff --git a/init/systemd/strongswan.service.in b/init/systemd/strongswan.service.in +index 474284a19..8060d1ea2 100644 +--- a/init/systemd/strongswan.service.in ++++ b/init/systemd/strongswan.service.in +@@ -1,9 +1,10 @@ + [Unit] + Description=strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf +-After=syslog.target network-online.target ++After=network-online.target + + [Service] + ExecStart=@SBINDIR@/@IPSEC_SCRIPT@ start --nofork ++ExecReload=@SBINDIR@/@IPSEC_SCRIPT@ reload + StandardOutput=syslog + Restart=on-abnormal + diff --git a/debian/patches/04_disable-libtls-tests.patch b/debian/patches/04_disable-libtls-tests.patch new file mode 100644 index 000000000..a0b421596 --- /dev/null +++ b/debian/patches/04_disable-libtls-tests.patch @@ -0,0 +1,8 @@ +--- a/src/libtls/Makefile.am ++++ b/src/libtls/Makefile.am +@@ -26,4 +26,4 @@ + tls_server.h tls_handshake.h tls_application.h tls_aead.h tls.h + endif + +-SUBDIRS = . tests ++SUBDIRS = . diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 000000000..fde45f535 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,4 @@ +01_fix-manpages.patch +02_disable-bypass-lan.patch +03_systemd-service.patch +04_disable-libtls-tests.patch diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in new file mode 100644 index 000000000..d98f2ea90 --- /dev/null +++ b/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] strongswan-starter.templates diff --git a/debian/po/cs.po b/debian/po/cs.po new file mode 100644 index 000000000..4e0250126 --- /dev/null +++ b/debian/po/cs.po @@ -0,0 +1,796 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# Developers do not need to manually edit POT or PO files. +# +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-10-28 14:42+0100\n" +"Last-Translator: Miroslav Kure <kurem@debian.cz>\n" +"Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n" +"Language: cs\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Stará správa běhových úrovní je překonána." + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Dřívější verze balíku strongSwan dávaly na výběr mezi třemi různými Start/" +"Stop úrovněmi. Díky změnám ve způsobu zavádění systému to již není nutné a " +"ani užitečné. Novým i stávajícím instalacím používajícím některou ze tří " +"předefinovaných úrovní budou nyní automaticky nastaveny rozumné výchozí " +"úrovně. Přecházíte-li z dřívější verze strongSwanu, u které jste si " +"upravovali startovací parametry, podívejte se prosím do souboru NEWS.Debian, " +"kde naleznete pokyny, jak si příslušně upravit nastavení." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Restartovat nyní strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Restartování strongSwan je dobrý nápad, protože v případě, že aktualizace " +"obsahuje bezpečnostní záplatu, nebude tato funkční, dokud se démon " +"nerestartuje. Většina lidí s restartem daemona počítá, nicméně je možné, že " +"tím budou existující spojení ukončena a následně znovu nahozena. Pokud tuto " +"aktualizaci provádíte přes takovýto strongSwan tunel, restart nedoporučujeme." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "Spustit strongSwan daemona charon?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Pro podporu protokolu Internet Key Exchange musí běžet daemon charon." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Použít pro tento počítač certifikát X.509?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Pro tento počítač můžete automaticky vytvořit nebo importovat certifikát " +"X.509. Certifikát může být využit k autentizaci IPsec spojení na další " +"počítače a je upřednostňovaným způsobem pro sestavování bezpečných IPsec " +"spojení. Další možností autentizace je využití sdílených tajemství (hesel, " +"která jsou stejná na obou stranách tunelu), ale pro větší počet spojení je " +"RSA autentizace snazší na správu a mnohem bezpečnější." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Alternativně můžete tuto nabídku zamítnout a později se k ní vrátit příkazem " +"„dpkg-reconfigure strongswan“." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "vytvořit" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "importovat" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "Získání certifikátu X.509 pro autentizaci tohoto počítače:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Pro autentizaci IPsec spojení můžete buď vytvořit nový certifikát X.509 na " +"základě zadaných parametrů, nebo můžete naimportovat veřejný/soukromý pár " +"klíčů uložený v PEM souboru." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Rozhodnete-li se pro vytvoření nového certifikátu X.509, budete nejprve " +"dotázáni na řadu otázek. Pokud chcete podepsat veřejný klíč stávající " +"certifikační autoritou, nesmíte zvolit certifikát podepsaný sám sebou a také " +"zadané odpovědi musí splňovat požadavky dané certifikační autority. " +"Nesplnění požadavků může vést k zamítnutí požadavku na certifikát." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Zvolíte-li import stávajícího veřejného/soukromého páru klíčů, budete " +"dotázáni na názvy souborů, ve kterých se klíče nachází (může se také jednat " +"o jediný soubor, protože obě části mohou ležet v jednom souboru). Volitelně " +"můžete také zadat jméno souboru s veřejným klíčem certifikační autority, ale " +"zde to již musí být jiný soubor. Mějte prosím na paměti, že certifikát X.509 " +"musí být ve formátu PEM a že soukromý klíč nesmí být zašifrován, jinak " +"import selže." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Jméno souboru s certifikátem X.509 ve formátu PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Zadejte cestu k souboru obsahujícímu váš certifikát X.509 ve formátu PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Jméno souboru se soukromým klíčem X.509 ve formátu PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Zadejte cestu k souboru obsahujícímu soukromý RSA klíč odpovídající vašemu " +"certifikátu X.509 ve formátu PEM. Může to být stejný soubor jako ten, ve " +"kterém se nachází certifikát X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Jméno souboru s kořenovou certifikační autoritou X.509 ve formátu PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Nyní můžete zadat cestu k souboru obsahujícímu certifikační autoritu X.509, " +"kterou používáte pro podpis svých certifikátů ve formátu PEM. Pokud takovou " +"certifikační autoritu nemáte, nebo ji nechcete použít, ponechte prázdné. " +"Kořenovou certifikační autoritu nelze uchovávat ve stejném souboru se " +"soukromým klíčem nebo certifikátem X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Zadejte délku vytvářeného RSA klíče:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Zadejte délku vytvářeného RSA klíče. Kvůli bezpečnosti by neměla být menší " +"než 1024 bitů a pravděpodobně nepotřebujete víc než 4096 bitů, protože to " +"již jen zpomaluje proces autentizace." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Vytvořit certifikát X.509 podepsaný sám sebou?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Tento instalátor může automaticky vytvořit pouze certifikát X509 podepsaný " +"sám sebou, jelikož v opačném případě je k podpisu certifikátu potřeba " +"certifikační autorita. Tento certifikát můžete ihned použít k připojení na " +"další počítače s IPsec, které podporují autentizaci pomocí certifikátu X509. " +"Nicméně chcete-li využít PKI možností strongSwanu, budete k vytvoření " +"důvěryhodných cest potřebovat podepsat všechny certifikáty X509 jedinou " +"certifikační autoritou." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Jestliže nechcete vytvořit certifikát podepsaný sebou samým, vytvoří se " +"pouze soukromý RSA klíč a požadavek na certifikát. Vy potom musíte podepsat " +"požadavek svou certifikační autoritou." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "Kód státu pro požadavek na certifikát X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Zadejte dvojpísmenný kód státu, ve kterém se server nachází (například „CZ“ " +"pro Českou republiku)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"Nezadáte-li platný kód země dle ISO-3166, OpenSSL odmítne certifikát " +"vygenerovat. Prázdné pole je dovoleno ve všech ostatních polích certifikátu " +"X.509 kromě tohoto." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Jméno země nebo oblasti pro požadavek na certifikát X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Zadejte celé jméno země nebo oblasti, ve které se server nachází (například " +"„Morava“)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Jméno lokality pro požadavek na certifikát X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Zadejte jméno lokality, ve které se server nachází (často město, například " +"„Olomouc“)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Název organizace pro požadavek na certifikát X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "Zadejte název organizace, které server patří (například „Debian“)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Název organizační jednotky pro požadavek na certifikát X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Zadejte název organizační jednotky, které server patří (například „oddělení " +"pro odhalování daňových úniků“)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Obecné jméno pro požadavek na certifikát X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Zadejte obecné jméno (CN) tohoto počítače (například „cloud.example.org“)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "Emailová adresa pro požadavek na certifikát X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Zadejte emailovou adresu osoby nebo organizace zodpovědné za certifikát " +"X.509." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Povolit oportunistické šifrování?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Tato verze strongSwan podporuje oportunistické šifrování (OE), které " +"uchovává autentizační informace IPsecu (např. veřejné RSA klíče) v DNS " +"záznamech. Dokud nebude tato schopnost více rozšířena, způsobí její aktivace " +"výrazné zpomalení každého nového odchozího spojení." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Oportunistické šifrování byste měli povolit pouze v případě, že ho opravdu " +"chcete. Při startu daemona je možné, že se vaše probíhající spojení do " +"Internetu přeruší (přesněji přestane fungovat výchozí cesta)." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "Pro podporu 1. verze protokolu Internet Key Exchange musí běžet daemon " +#~ "pluto." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "Spustit strongSwan daemon IKEv2?" + +#~ msgid "Do you wish to restart strongSwan?" +#~ msgstr "Přejete si restartovat strongSwan?" + +#~ msgid "Please enter the location of your X509 certificate in PEM format:" +#~ msgstr "" +#~ "Zadejte cestu k souboru obsahujícímu váš certifikát X.509 ve formátu PEM." + +#~ msgid "Please enter the location of your X509 private key in PEM format:" +#~ msgstr "" +#~ "Zadejte cestu k souboru obsahujícímu váš certifikát X.509 ve formátu PEM." + +#~ msgid "" +#~ "Please enter the 2 letter country code for your country. This code will " +#~ "be placed in the certificate request." +#~ msgstr "" +#~ "Zadejte dvoumístný ISO3166 kód své země. Tento kód bude umístěn do " +#~ "požadavku na certifikát." + +#~ msgid "Example: AT" +#~ msgstr "Příklad: CZ" + +#~ msgid "Example: Upper Austria" +#~ msgstr "Příklad: Morava" + +#~ msgid "" +#~ "Please enter the locality (e.g. city) where you live. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Zadejte prosím místo (např. město), kde žijete. Toto jméno " +#~ "bude umístěno do požadavku na certifikát." + +#~ msgid "Example: Vienna" +#~ msgstr "Příklad: Olomouc" + +#~ msgid "" +#~ "Please enter the organization (e.g. company) that the X509 certificate " +#~ "should be created for. This name will be placed in the certificate " +#~ "request." +#~ msgstr "" +#~ "Zadejte prosím organizaci pro kterou je certifikát vytvářen. Toto jméno " +#~ "bude umístěno do požadavku na certifikát." + +#~ msgid "Example: Debian" +#~ msgstr "Příklad: Debian" + +#~ msgid "Example: security group" +#~ msgstr "Příklad: bezpečnostní oddělení" + +#~ msgid "Example: gateway.debian.org" +#~ msgstr "Příklad: gateway.debian.org" + +#~ msgid "earliest" +#~ msgstr "co nejdříve" + +#~ msgid "after NFS" +#~ msgstr "po NFS" + +#~ msgid "after PCMCIA" +#~ msgstr "po PCMCIA" + +#~ msgid "When to start strongSwan:" +#~ msgstr "Kdy spustit strongSwan:" + +#~ msgid "" +#~ "StrongSwan starts during system startup so that it can protect " +#~ "filesystems that are automatically mounted." +#~ msgstr "" +#~ "strongSwan se spouští při zavádění systému, takže může chránit " +#~ "automaticky připojované souborové systémy." + +#~ msgid "" +#~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" +#~ " PCMCIA network card, it is best to start strongSwan as soon as\n" +#~ " possible, so that NFS mounts can be secured by IPSec;\n" +#~ " * after NFS: recommended when /usr is mounted through NFS and no\n" +#~ " PCMCIA network card is used;\n" +#~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" +#~ " network card or if it needs keys to be fetched from a locally running " +#~ "DNS\n" +#~ " server with DNSSec support." +#~ msgstr "" +#~ " * co nejdříve: pokud není /usr připojeno přes NFS a nepoužíváte\n" +#~ " síťovou kartu PCMCIA, je lepší spustit strongSwan co nejdříve,\n" +#~ " aby bylo NFS chráněno pomocí IPSec;\n" +#~ " * po NFS: doporučeno, pokud je /usr připojeno přes NFS a pokud\n" +#~ " nepoužíváte síťovou kartu PCMCIA;\n" +#~ " * po PCMCIA: doporučeno pokud IPSec spojení používá síťovou kartu\n" +#~ " PCMCIA, nebo pokud vyžaduje stažení klíčů z lokálně běžícího DNS\n" +#~ " serveru s podporou DNSSec." + +#~ msgid "" +#~ "If you don't restart strongSwan now, you should do so manually at the " +#~ "first opportunity." +#~ msgstr "" +#~ "Pokud nerestartujete strongSwan nyní, měli byste to provést při nejbližší " +#~ "příležitosti." + +#~ msgid "Create an RSA public/private keypair for this host?" +#~ msgstr "Vytvořit veřejný/soukromý pár RSA klíčů pro tento počítač?" + +#~ msgid "" +#~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " +#~ "authenticate IPSec connections to other hosts. RSA authentication is " +#~ "generally considered more secure and is easier to administer. You can use " +#~ "PSK and RSA authentication simultaneously." +#~ msgstr "" +#~ "strongSwan může pro autentizaci IPSec spojení s jinými počítači používat " +#~ "předsdílený klíč (PSK), nebo veřejný/soukromý pár RSA klíčů. RSA " +#~ "autentizace se považuje za bezpečnější a jednodušší na správu. " +#~ "Autentizace PSK a RSA můžete používat současně." + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Jestliže si nepřejete vytvořit nový pár klíčů pro tento počítač, můžete " +#~ "si v příštím kroku zvolit existující klíče." + +#~ msgid "" +#~ "The required information can automatically be extracted from an existing " +#~ "X.509 certificate with a matching RSA private key. Both parts can be in " +#~ "one file, if it is in PEM format. You should choose this option if you " +#~ "have such an existing certificate and key file and want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "Potřebné informace lze získat automaticky z existujícího certifikátu " +#~ "X.509 s odpovídajícím soukromým RSA klíčem. Jedná-li se o formát PEM, " +#~ "mohou být obě části v jednom souboru. Vlastníte-li takový certifikát a " +#~ "soubor s klíčem a chcete-li je použít pro autentizaci IPSec spojení, " +#~ "odpovězte kladně." + +#~ msgid "RSA key length:" +#~ msgstr "Délka RSA klíče:" + +#~ msgid "" +#~ "Please enter the length of RSA key you wish to generate. A value of less " +#~ "than 1024 bits is not considered secure. A value of more than 2048 bits " +#~ "will probably affect performance." +#~ msgstr "" +#~ "Zadejte prosím délku vytvářeného RSA klíče. Z důvodu bezpečnosti by " +#~ "neměla být menší než 1024 bitů. Hodnota větší než 2048 bitů může ovlivnit " +#~ "výkon." + +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a certificate authority is needed to sign the certificate " +#~ "request." +#~ msgstr "" +#~ "Automaticky lze vytvořit pouze certifikát podepsaný sám sebou, protože " +#~ "jinak je zapotřebí certifikační autorita, která by podepsala požadavek na " +#~ "certifikát." + +#~ msgid "" +#~ "If you accept this option, the certificate created can be used " +#~ "immediately to connect to other IPSec hosts that support authentication " +#~ "via an X.509 certificate. However, using strongSwan's PKI features " +#~ "requires a trust path to be created by having all X.509 certificates " +#~ "signed by a single authority." +#~ msgstr "" +#~ "Odpovíte-li kladně, můžete nový certifikát ihned použít k připojení na " +#~ "další počítače s IPSec, které podporují autentizaci pomocí certifikátu " +#~ "X.509. Nicméně pro využití PKI možností ve strongSwanu je nutné, aby byly " +#~ "všechny certifikáty v cestě důvěry podepsány stejnou autoritou." + +#~ msgid "" +#~ "This field is mandatory; otherwise a certificate cannot be generated." +#~ msgstr "Toto pole je povinné, bez něj není možné certifikát vytvořit." + +#~ msgid "" +#~ "Please enter the locality name (often a city) that should be used in the " +#~ "certificate request." +#~ msgstr "" +#~ "Zadejte jméno lokality (např. města), které se má použít v požadavku na " +#~ "certifikát." + +#~ msgid "" +#~ "Please enter the organization name (often a company) that should be used " +#~ "in the certificate request." +#~ msgstr "" +#~ "Zadejte název organizace (firmy), který se má použít v požadavku na " +#~ "certifikát." + +#~ msgid "" +#~ "Please enter the organizational unit name (often a department) that " +#~ "should be used in the certificate request." +#~ msgstr "" +#~ "Zadejte název organizační jednotky (např. oddělení), který se má použít v " +#~ "požadavku na certifikát." + +#~ msgid "" +#~ "Please enter the common name (such as the host name of this machine) that " +#~ "should be used in the certificate request." +#~ msgstr "" +#~ "Zadejte běžné jméno (např. jméno počítače), které se má použít v " +#~ "požadavku na certifikát." + +#~ msgid "earliest, \"after NFS\", \"after PCMCIA\"" +#~ msgstr "\"co nejdříve\", \"po NFS\", \"po PCMCIA\"" + +#~ msgid "" +#~ "There are three possibilities when strongSwan can start: before or after " +#~ "the NFS services and after the PCMCIA services. The correct answer " +#~ "depends on your specific setup." +#~ msgstr "" +#~ "Existují tři možnosti, kdy se dá strongSwan spouštět: před NFS službami, " +#~ "po NFS službách nebo po PCMCIA službách. Správná odpověď závisí na vašem " +#~ "konkrétním nastavení." + +#~ msgid "" +#~ "If you do not have your /usr tree mounted via NFS (either you only mount " +#~ "other, less vital trees via NFS or don't use NFS mounted trees at all) " +#~ "and don't use a PCMCIA network card, then it's best to start strongSwan " +#~ "at the earliest possible time, thus allowing the NFS mounts to be secured " +#~ "by IPSec. In this case (or if you don't understand or care about this " +#~ "issue), answer \"earliest\" to this question (the default)." +#~ msgstr "" +#~ "Jestliže nemáte svůj strom /usr připojen skrz NFS (buď přes NFS " +#~ "připojujete jiné, ne tak důležité stromy, nebo NFS vůbec nepoužíváte) a " +#~ "nepoužíváte síťovou kartu PCMCIA, je nejlepší spouštět strongSwan co " +#~ "nejdříve, čímž umožníte aby byly NFS svazky chráněny pomocí IPSec. V " +#~ "takovém případě (nebo pokud si nejste jisti, nebo pokud vám na tom " +#~ "nezáleží) na otázku odpovězte „co nejdříve“ (výchozí)." + +#~ msgid "" +#~ "If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +#~ "card, then you will need to start strongSwan after NFS so that all " +#~ "necessary files are available. In this case, answer \"after NFS\" to this " +#~ "question. Please note that the NFS mount of /usr can not be secured by " +#~ "IPSec in this case." +#~ msgstr "" +#~ "Jestliže máte strom /usr připojen skrz NFS a nepoužíváte síťovou kartu " +#~ "PCMCIA, musíte spustit strongSwan po NFS, aby byly všechny potřebné " +#~ "soubory dostupné. V tomto případě na otázku odpovězte „po NFS“. Uvědomte " +#~ "si prosím, že v tomto případě nemůže být NFS svazek /usr chráněn pomocí " +#~ "IPSec." + +#~ msgid "" +#~ "If you use a PCMCIA network card for your IPSec connections, then you " +#~ "only have to choose to start it after the PCMCIA services. Answer \"after " +#~ "PCMCIA\" in this case. This is also the correct answer if you want to " +#~ "fetch keys from a locally running DNS server with DNSSec support." +#~ msgstr "" +#~ "Jestliže používáte PCMCIA síťovou kartu pro vaše IPSec připojení, pak je " +#~ "jedinou možností jej spustit po PCMCIA službách. V tom případě odpovězte " +#~ "„po PCMCIA“. Toto je také správná odpověď, pokud chcete získat klíče z " +#~ "lokálního DNS serveru s podporou DNSSec." + +#~ msgid "Do you wish to support IKEv1?" +#~ msgstr "Přejete si podporu IKEv1?" + +#~ msgid "" +#~ "strongSwan supports both versions of the Internet Key Exchange protocol, " +#~ "IKEv1 and IKEv2. Do you want to start the \"pluto\" daemon for IKEv1 " +#~ "support when strongSwan is started?" +#~ msgstr "" +#~ "strongSwan podporuje protokol Internet Key Exchange ve verzích 1 a 2 " +#~ "(IKEv1, IKEv2). Přejete si při startu strongSwanu spustit daemona „pluto“ " +#~ "podporujícího IKEv1?" + +#~ msgid "Do you wish to support IKEv2?" +#~ msgstr "Přejete si podporu IKEv2?" + +#~ msgid "" +#~ "strongSwan supports both versions of the Internet Key Exchange protocol, " +#~ "IKEv1 and IKEv2. Do you want to start the \"charon\" daemon for IKEv2 " +#~ "support when strongSwan is started?" +#~ msgstr "" +#~ "strongSwan podporuje protokol Internet Key Exchange ve verzích 1 a 2 " +#~ "(IKEv1, IKEv2). Přejete si při startu strongSwanu spustit daemona " +#~ "„charon“ podporujícího IKEv2?" + +#~ msgid "" +#~ "strongSwan comes with support for opportunistic encryption (OE), which " +#~ "stores IPSec authentication information (i.e. RSA public keys) in " +#~ "(preferably secure) DNS records. Until this is widely deployed, " +#~ "activating it will cause a significant slow-down for every new, outgoing " +#~ "connection. Since version 2.0, strongSwan upstream comes with OE enabled " +#~ "by default and is thus likely to break your existing connection to the " +#~ "Internet (i.e. your default route) as soon as pluto (the strongSwan " +#~ "keying daemon) is started." +#~ msgstr "" +#~ "strongSwan přichází s podporou pro oportunistické šifrování (OE), které " +#~ "uchovává autentizační informace IPSecu (např. veřejné RSA klíče) v " +#~ "(nejlépe zabezpečených) DNS záznamech. Dokud nebude tato schopnost více " +#~ "rozšířena, způsobí její aktivace výrazné zpomalení každého nového " +#~ "odchozího spojení. Od verze 2.0 přichází strongSwan s implicitně zapnutou " +#~ "podporou OE čímž pravděpodobně zruší vaše probíhající spojení do " +#~ "Internetu (tj. vaši výchozí cestu - default route) v okamžiku, kdy " +#~ "spustíte pluto (strongSwan keying démon)." + +#~ msgid "" +#~ "Please choose whether you want to enable support for OE. If unsure, do " +#~ "not enable it." +#~ msgstr "" +#~ "Prosím vyberte si zda chcete povolit podporu pro OE. Nejste-li si jisti, " +#~ "podporu nepovolujte." + +#~ msgid "x509, plain" +#~ msgstr "x509, prostý" + +#~ msgid "The type of RSA keypair to create:" +#~ msgstr "Typ páru RSA klíčů, který se vytvoří:" + +#~ msgid "" +#~ "It is possible to create a plain RSA public/private keypair for use with " +#~ "strongSwan or to create a X509 certificate file which contains the RSA " +#~ "public key and additionally stores the corresponding private key." +#~ msgstr "" +#~ "Je možné vytvořit prostý pár RSA klíčů pro použití se strongSwanem, nebo " +#~ "vytvořit soubor s certifikátem X509, který obsahuje veřejný RSA klíč a " +#~ "dodatečně uchovává odpovídající soukromý klíč." + +#~ msgid "" +#~ "If you only want to build up IPSec connections to hosts also running " +#~ "strongSwan, it might be a bit easier using plain RSA keypairs. But if you " +#~ "want to connect to other IPSec implementations, you will need a X509 " +#~ "certificate. It is also possible to create a X509 certificate here and " +#~ "extract the RSA public key in plain format if the other side runs " +#~ "strongSwan without X509 certificate support." +#~ msgstr "" +#~ "Pokud chcete vytvořit IPSec spojení jen k počítačům, na kterých taktéž " +#~ "běží strongSwan, může být mnohem jednodušší použít pár prostých RSA " +#~ "klíčů. Pokud se ale chcete připojit k jiným implementacím IPSec, budete " +#~ "potřebovat certifikát X509. Také je možné zde vytvořit certifikát X509 a " +#~ "později, pokud druhá strana používá strongSwan bez podpory certifikátů " +#~ "X509, z něj získat veřejný RSA klíč v prostém formátu." + +#~ msgid "" +#~ "Therefore a X509 certificate is recommended since it is more flexible and " +#~ "this installer should be able to hide the complex creation of the X509 " +#~ "certificate and its use in strongSwan anyway." +#~ msgstr "" +#~ "Certifikát X509 je proto doporučován zejména díky své flexibilitě. Tento " +#~ "instalátor by v měl být schopen skrýt komplexnost vytváření a používání " +#~ "certifikátu ve strongSwanu." diff --git a/debian/po/da.po b/debian/po/da.po new file mode 100644 index 000000000..23763f1e2 --- /dev/null +++ b/debian/po/da.po @@ -0,0 +1,461 @@ +# Danish translation strongswan. +# Copyright (C) 2010 strongswan & nedenstående oversættere. +# This file is distributed under the same license as the strongswan package. +# Joe Hansen (joedalton2@yahoo.dk), 2010, 2013. +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-10-06 12:42+0000\n" +"Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n" +"Language-Team: Danish <dansk@dansk-gruppen.dk>\n" +"Language: da\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Erstattede tidligere kørselsniveauhåndtering" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Tidligere versioner af pakken strongSwan havde et valg mellem tre " +"forskellige start-/stopniveauer. På grund af ændringer i den normale " +"procedure for systemopstart, er dette ikke længere nødvendigt eller " +"brugbart. For alle nye installationer samt ældre installationer der kører i " +"en af de prædefinerede tilstande, vil standardniveauer for sane ikke blive " +"angivet. Hvis du opgraderer fra en tidligere version og ændrede dine " +"opstartsparametre i strongSwan, så kig venligst i NEWS.Debian for " +"instruktioner om hvordan du ændrer din opsætning, så den passer." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Genstart strongSwan nu?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Genstart af strongSwan anbefales, da det er en sikkerhedsrettelse, rettelsen " +"vil ikke træde i kraft før dæmonen genstartes. De fleste forventer at " +"dæmonen genstartes, så dette er generelt en god ide. Det kan dog lægge " +"eksisterende forbindelser ned og så få dem op igen, så hvis du bruger sådan " +"en strongSwan-tunneltil at forbinde for denne opdatering, anbefales en " +"genstart ikke." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "Start strongSwans charon-dæmon?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Dæmonen charon skal køre for at understøtte Internet Key Exchange-" +"protokollen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Brug et X.509-certifikat for denne vært?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Et X.509-certifikat for denne vært kan oprettes automatisk eller importeres. " +"Det kan bruges til at godkende IPsec-forbindelser til andre værter og er den " +"foretrukne måde at opbygge sikre IPsec-forbindelser. Den anden mulighed " +"ville være at bruge delte hemmeligheder (adgangskoder der er de samme på " +"begge sider af tunnelen) til godkendelse af en forbindelse, men for et " +"større antal forbindelser, er nøglebaseret godkendelse nemmere at " +"administrere og mere sikkert." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Alternativt kan du afvise denne indstilling og senere bruge kommandoen »dpkg-" +"reconfigure strongswan«." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "opret" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "importer" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"Metoder hvormed et X.509-certifikat kan bruges til at godkende denne vært:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Det er muligt at oprette et nyt X.509-certifikat med brugerdefineret " +"opsætning eller at importere en eksisterende offentlig og privat nøgle gemt " +"i PEM-filer for godkendelse af IPsec-forbindelser." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Hvis du vælger at oprette et nyt X.509-certifikat, vil du først blive spurgt " +"om et antal spørgsmål, som skal besvares før oprettelsen kan begynde. Husk " +"venligst at hvis du ønsker at den offentlige nøgle skal underskrives af et " +"eksisterende Certificate Authority, så bør du ikke vælge at oprette et " +"certifikat underskrevet af dig selv og alle svarene skal svare præcis til " +"krævene i CA'en, ellers vil certifikatanmodningen blive afvist." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Hvis du ønsker at importere en eksisterende offentlig og privat nøgle, vil " +"du blive spurgt om deres filnavne (som kan være identiske, hvis begge er " +"gemt sammen i en fil). Du kan valgfrit angive et filnavn hvor de offentlige " +"nøgler fra Certificate Authority opbevares, men denne fil kan ikke være den " +"samme som den tidligere. Vær venligst også opmærksom på at formatet for " +"X.509-certifikatet skal være PEM, og at den private nøgle ikke må være " +"krypteret, ellers vil importproceduren fejle." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Filnavn på dit PEM-formateret X.509-certifikat:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Indtast venligst placeringen på filen der indeholder dit X.509-certifikat i " +"PEM-format." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Filnavn på din private PEM-formateret X.509-nøgle:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Indtast venligst placeringen på filen, der indeholder den private RSA-nøgle " +"der svarer til dit X.509-certifikat i PEM-format. Dette kan være den samme " +"fil som indeholder X.509-certifikatet." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Filnavn på dit PEM-formaterede X.509-RootCA:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Du kan nu valgfrit indtaste placeringen på filen, der indeholder X.509 " +"Certificate Authority-root brugt til at underskrive dit certifikat i PEM-" +"format. Hvis du ikke har et eller ikke ønsker at bruge det så efterlad dette " +"felt tomt. Bemærk venligst at det ikke er muligt at gemme RootCA'en i den " +"samme fil som dit X.509-certifikat eller din private nøgle." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Indtast venligst hvilken længde den oprettede RSA-nøgle skal have:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Indtast venligst længden på den oprettede RSA-nøgle. Den bør ike være mindre " +"end 1024 bit, da dette er usikkert, og du vil sikkert ikke have brug for " +"mere end 4096 bit, da det kun sløver godkendelsesprocessen ned og behovet " +"ikke er der i øjeblikket." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Opret et X.509-certifikat du selv har underskrevet?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Kun X.509-certifikater du selv har underskrevet kan oprettes automatisk, da " +"en Certifikat Authority ellers er nødvendig for at certifikatforespørgslen " +"biver underskrevet. Hvis du vælger at oprette et certifikat, du selv " +"underskriver, kan du umiddelbart bruge det efterfølgende til at forbinde til " +"andre IPsec-værter som understøtter X.509-certifikater til godkendelse af " +"IPsec-forbindelser. Brug af strongSwans PKI-funktioner kræver dog at alle " +"certifikater skal være underskrevet af en Certificate Authority for at " +"oprette en troværdighed." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Hvis du vælger ikke at oprette et certifikat, du selv har underskrevet, vil " +"kun den private RSA-nøgle og certifikatforespørgslen blive oprettet, og du " +"vil skulle underskrive certifikatforespørgslen med dit Certificate Authority." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "Landekode for X.509-certifikatforespørgslen:" + +# hvad er det for en tobogstavskode de henviser til her? DA eller DK. +# ISO 3166 som de nævner efterfølgende er trecifret (DNK), men underdelen af +# 3166 er tocifret og DK for Danmark, men det dækker områderne i Danmark +# som Midtjylland DK-82 med flere. +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Indtast venligst koden, der består af to bogstaver, for landet hvor serveren " +"befinder sig (såsom »DK« for Danmark)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL vil nægte at oprette et certifikat med mindre dette er en gyldig " +"ISO-3166 landekode. Et tomt felt er tilladt andre steder i X.509-" +"certifikatet men ikke her." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Stat eller provinsnavn for X.509-certifikatforespørgslen:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Indtast venligst det fulde navn på staten eller provinsen som serveren " +"befinder sig i (såsom »Nordjylland«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Lokalitetsnavn for X.509-certifikatforespørgslen:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Indtast venligst lokaliteten hvor serveren befinder sig (ofte en by, såsom " +"»Århus«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Organisationsnavn for X.509-certifikatforespørglsen:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Indtast venligst organisationen som serveren tilhører (såsom »Debian«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Organisationsgruppe for X.509-certifikatforespørgslen:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Indtast venligst organisationsgruppen som serveren tilhører (såsom " +"»sikkerhedsafdelingen«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Betegnelsen for X.509-certifikatforespørgslen:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Indtast venligst betegnelsen (navnet) for denne vært (såsom »gateway." +"eksempel.org«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "E-post-adresse for X.509-certifikatforespørgslen:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Indtast venligst e-post-adressen på personen eller organisationen der er " +"ansvarlig for X.509-certifikatet." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Aktiver opportunistisk kryptering?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Denne version af strongSwan understøtter opportunistisk kryptering (OE), som " +"gemmer IPSec-godkendelsesinformation i DNS-punkter. Indtil dette er udbredt, " +"vil aktivering medføre en væsentlig forsinkelse for hver ny udgående " +"forbindelse." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Du skal kun aktivere opportunistisk kryptering, hvis du er sikker på, at du " +"ønsker det. Det kan få internetforbindelsen til at gå ned (standardrute), " +"når dæmonen starter op." + + diff --git a/debian/po/de.po b/debian/po/de.po new file mode 100644 index 000000000..8cd707cbb --- /dev/null +++ b/debian/po/de.po @@ -0,0 +1,782 @@ +# German translation of strongswan templates +# Matthias Julius <mdeb@julius-net.net>, 2007. +# Martin Eberhard Schauer <Martin.E.Schauer@gmx.de>, 2010. +# Helge Kreutzmann <debian@helgefjell.de>, 2007, 2010, 2013. +# This file is distributed under the same license as the strongswan package. +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan 4.4.0-1\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-11-02 15:40+0100\n" +"Last-Translator: Helge Kreutzmann <debian@helgefjell.de>\n" +"Language-Team: German <debian-l10n-german@lists.debian.org>\n" +"Language: de\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +# (mes) andere Übersetzungen für supersede: etw.Akk. ersetzen, für etw.Akk. Ersatz sein, an die Stelle von etw. Dat. treten, etw.Akk. überflüssig machen, etw.Akk. verdrängen +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Alte Verwaltung der Runlevel abgelöst" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Frühere Versionen von strongSwan ermöglichten eine Wahl zwischen drei " +"verschiedenen Start/Stop-Modi. Aufgrund von Änderungen des standardmäßigen " +"Systemstarts ist dies nicht mehr notwendig oder nützlich. Sowohl für alle " +"neuen als auch bestehende Installationen, die in einem der vordefinierten " +"Modi betrieben wurden, werden jetzt vernünftige Standardwerte gesetzt. Wenn " +"Sie jetzt ein Upgrade von einer früheren Version durchführen und Sie die " +"strongSwan-Startparameter angepasst haben, werfen Sie bitte einen Blick auf " +"NEWS.Debian. Die Datei enthält Anweisungen, wie Sie Ihre Installation " +"entsprechend ändern." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "StrongSwan jetzt starten?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Es wird empfohlen, strongSwan neuzustarten, da eine Sicherheitskorrektur " +"erst nach dem Neustart des Daemons greift. Die meisten Leute erwarten, dass " +"der Daemon neustartet, daher ist diese Wahl eine gute Idee. Er kann " +"allerdings existierende Verbindungen beenden und erneut aufbauen. Falls Sie " +"solch eine Verbindung für diese Aktualisierung verwenden, wird der Neustart " +"nicht empfohlen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "strongSwans Charon-Daemon starten?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Der Charon-Daemon muss laufen, um das Internet-Key-Exchange-" +"Protokoll zu unterstützen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Für diesen Rechner ein X.509-Zertifikat verwenden?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Für diesen Rechner kann ein X.509-Zertifikat automatisch erstellt oder " +"importiert werden, das zur Authentifizierung von IPSec-Verbindungen zu " +"anderen Rechnern verwendet werden kann. Dieses Vorgehen ist für den Aufbau " +"gesicherter IPSec-Verbindungen vorzuziehen. Die andere Möglichkeit ist die " +"Verwendung von gemeinsamen Geheimnissen (engl.: shared secrets, gleiche " +"Passwörter an beiden Enden des Tunnels) zur Authentifizierung einer " +"Verbindung. Für eine größere Anzahl von Verbindungen ist aber die RSA-" +"Authentifizierung einfacher zu verwalten und sicherer." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Alternativ können Sie diese Option ablehnen und später den Befehl »dpkg-" +"reconfigure strongswan« zur Rückkehr zu dieser Option verwenden." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "erstellen" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "importieren" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"Methoden für die Authentifizierung dieses Rechners mittels eines X.509-" +"Zertifikats:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Es ist möglich, mit benutzerdefinierten Einstellungen ein neues X.509-" +"Zertifikat zu erstellen oder einen vorhandenen, in PEM-Datei(en) " +"gespeicherten, öffentlichen und privaten Schlüssel für die Authentifizierung " +"von IPSec-Verbindungen zu verwenden." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Wenn Sie sich für die Erstellung eines neuen X.509-Zertifikats entscheiden, " +"wird Ihnen zunächst eine Reihe von Fragen gestellt. Diese Fragen müssen " +"beantwortet werden, damit das Zertifikat erstellt werden kann. Bitte " +"beachten Sie: Wenn Sie den öffentliche Schlüssel von einer bestehenden " +"Zertifizierungsstelle (Certificate Authority, CA) bestätigen lassen wollen, " +"sollten Sie nicht wählen, ein selbstsigniertes Zertifikat zu erstellen. " +"Außerdem müssen dann alle gegebenen Antworten exakt den Anforderungen der CA " +"entsprechen, da sonst der Antrag auf Zertifizierung zurückgewiesen werden " +"kann." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Wenn Sie bestehende öffentliche und private Schlüssel importieren wollen, " +"werden Sie nach deren Dateinamen gefragt. (Die Namen können übereinstimmen, " +"wenn beide Teile zusammen in einer Datei gespeichert werden.) Optional " +"können Sie auch den Namen einer Datei angeben, die den/die öffentlichen " +"Schlüssel Ihrer Zertifizierungsstelle enthält. Dieser Name muss von den " +"Erstgenannten verschieden sein. Bitte beachten Sie auch, dass Sie für die " +"X.509-Zertifikate das Format PEM verwenden und dass der private Schlüssel " +"nicht verschlüsselt sein darf, weil sonst der Import-Vorgang fehlschlagen " +"wird." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Dateiname Ihres X.509-Zertifikats im PEM-Format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Bitte geben Sie den Speicherort der Datei ein, die Ihr X.509-Zertifikat im " +"PEM-Format enthält." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Dateiname des privaten X.509-Schlüssels im PEM-Format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Bitte geben Sie den Speicherort der Datei ein, die den zu Ihrem X.509-" +"Zertifikat passenden privaten RSA-Schlüssel im PEM-Format enthält. Dies kann " +"dieselbe Datei sein, die das X.509-Zertifikat enthält." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Dateinamen Ihrer PEM-Format-X.509-RootCA:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Optional können Sie nun den Speicherort der Datei mit dem »X.509 Certificate " +"Authority Root« angeben, mit dem Ihr Zertifikat im PEM-Format unterzeichnet " +"wurde. Wenn Sie keine haben oder diese nicht verwenden wollen, lassen Sie " +"dieses Feld bitte leer. Bitte beachten Sie, dass es nicht möglich ist, die " +"RootCA in der gleichen Datei wie Ihr X.509-Zertifikat oder den privaten " +"Schlüssel zu speichern." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "" +"Bitte geben Sie ein, welche Länge der erstellte RSA-Schlüssels haben soll:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Bitte geben Sie die Länge des erstellten RSA-Schlüssels an. Er sollte nicht " +"kürzer als 1024 Bits sein, da dies als unsicher betrachtet werden könnte und " +"Sie benötigen nicht mehr als 4096 Bits, da dies nur den Authentifizierungs-" +"Prozess verlangsamt und derzeit nicht benötigt wird." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Selbstsigniertes X.509-Zertifikat erstellen?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Nur selbstsignierte X.509-Zertifikate können automatisch erstellt werden, da " +"andernfalls eine Zertifizierungsstelle zur Signatur der " +"Zertifikatsanfrage benötigt wird. Falls Sie sich entscheiden, ein " +"selbstsigniertes Zertifikat zu erstellen, können Sie es sofort zur " +"Verbindung mit anderen IPSec-Rechnern verwenden, die X.509-Zertifikate zur " +"Authentifizierung von IPSec-Verbindungen unterstützen. Die Verwendung der PKI-" +"Funktionalität von strongSwan verlangt allerdings, dass alle Zertifikate von " +"einer Zertifizierungsstelle signiert sind, um einen Vertrauenspfad zu " +"erstellen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Falls Sie kein selbstsigniertes Zertifikat erstellen möchten, wird nur der " +"private RSA-Schlüssel und die Zertifikatsanforderung erstellt. Sie müssen " +"diese Zertifikatsanforderung von Ihrer Zertifizierungsstelle signieren " +"lassen." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "Ländercode für die X.509-Zertifikatsanforderung:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Geben Sie den Ländercode (zwei Zeichen) für das Land ein, in dem der Server " +"steht (z. B. »AT« für Österreich)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"Ohne einen gültigen Ländercode nach ISO-3166 wird es OpenSSL ablehnen, ein " +"Zertifikat zu generieren. Ein leeres Feld ist für andere Elemente des X.509-" +"Zertifikats zulässig, aber nicht für dieses." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Name des Landes oder der Provinz für diese X.509-Zertifikatsanfrage:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Bitte geben Sie den kompletten Namen des Landes oder der Provinz ein, in der " +"sich der Server befindet (wie »Oberösterreich«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Ort für die X.509-Zertifikatsanforderung:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Geben Sie bitte den Ort an, an dem der Server steht (oft ist das eine Stadt " +"wie beispielsweise »Wien«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Organisationsname für die X.509-Zertifikatsanforderung:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Bitte geben Sie die Organisation an, zu der der Server gehört (wie z.B. " +"»Debian«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Organisationseinheit für die X.509-Zertifikatsanforderung:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Bitte geben Sie die Organisationseinheit für die X.509-" +"Zertifikatsanforderung ein (z.B. »Sicherheitsgruppe«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "»Common Name« für die X.509-Zertifikatsanforderung:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Bitte geben Sie den »Common Name« für diesen Rechner ein (wie z.B. »gateway." +"example.org«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "E-Mail-Adresse für die X.509-Zertifikatsanforderung:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Bitte geben Sie die E-Mail-Adresse der für das X.509-Zertifikat " +"verantwortlichen Person oder Organisation ein." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Opportunistische Verschlüsselung aktivieren?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Diese Version von strongSwan unterstützt opportunistische Verschlüsselung " +"(OE), die IPSec-Authentifizierungsinformationen in DNS-Einträgen speichert. " +"Bis dies weit verbreitet ist, führt die Verwendung zu einer deutlichen " +"Verzögerung bei jeder ausgehenden Verbindung." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Sie sollten opportunistische Verschlüsselung nur verwenden, falls Sie sich " +"sicher sind, dass Sie sie verwenden möchten. Beim Starten des Daemons " +"könnte die Internetverbindung (Default Route) unterbrochen werden." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "Der Pluto-Daemon muss laufen, um Version 1 des Internet Key Exchange-" +#~ "Protokolls zu unterstützen." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "strongSwans IKEv2-Daemon starten?" + +#~ msgid "" +#~ "Previous versions of the Openswan package gave a choice between three " +#~ "different Start/Stop-Levels. Due to changes in the standard system " +#~ "startup procedure, this is no longer necessary or useful. For all new " +#~ "installations as well as old ones running in any of the predefined modes, " +#~ "sane default levels will now be set. If you are upgrading from a previous " +#~ "version and changed your Openswan startup parameters, then please take a " +#~ "look at NEWS.Debian for instructions on how to modify your setup " +#~ "accordingly." +#~ msgstr "" +#~ "Frühere Versionen von Openswan ermöglichten eine Wahl zwischen drei " +#~ "verschiedenen Start/Stop-Ebenen. Aufgrund von Änderungen des " +#~ "standardmäßigen Systemstarts ist dies nicht mehr notwendig oder nützlich. " +#~ "Sowohl für alle neuen als auch bestehende Installationen, die in einem " +#~ "der vordefinierten Modi betrieben wurden, werden jetzt vernünftige " +#~ "Standardwerte gesetzt. Wenn Sie jetzt ein Upgrade von einer früheren " +#~ "Version durchführen und Sie die Openswan-Startparameter angepasst haben, " +#~ "werfen Sie bitte einen Blick auf NEWS.Debian. Die Datei enthält " +#~ "Anweisungen, wie Sie Ihren Setup entsprechend ändern." + +#~ msgid "Restart Openswan now?" +#~ msgstr "Möchten Sie jetzt Openswan neustarten?" + +#~ msgid "" +#~ "Restarting Openswan is recommended, since if there is a security fix, it " +#~ "will not be applied until the daemon restarts. Most people expect the " +#~ "daemon to restart, so this is generally a good idea. However, this might " +#~ "take down existing connections and then bring them back up, so if you are " +#~ "using such an Openswan tunnel to connect for this update, restarting is " +#~ "not recommended." +#~ msgstr "" +#~ "Der Neustart von Openswan wird empfohlen. Wenn mit dieser Version ein " +#~ "Sicherheitsproblem beseitigt wurde, wird dies erst nach dem Neustart des " +#~ "Daemons wirksam. Da die meisten Anwender einen Neustart des Daemons " +#~ "erwarten, ist dies grundsätzlich eine gute Idee. Der Neustart kann aber " +#~ "bestehende Verbindungen schließen und anschließend wiederherstellen. Wenn " +#~ "Sie einen solchen Openswan-Tunnel für die Verbindung bei dieser " +#~ "Aktualisierung verwenden, wird von einem Neustart abgeraten." + +#~ msgid "" +#~ "Alternatively you can reject this option and later use the command \"dpkg-" +#~ "reconfigure openswan\" to come back." +#~ msgstr "" +#~ " Alternativ können Sie diese Option ablehnen und später mit dem Befehl " +#~ "»dpkg-reconfigure openswan« zurückzukommen." + +#~ msgid "Length of RSA key to be created:" +#~ msgstr "Länge des zu erstellenden RSA-Schlüssels:" + +#~ msgid "" +#~ "Please enter the required RSA key-length. Anything under 1024 bits should " +#~ "be considered insecure; anything more than 4096 bits slows down the " +#~ "authentication process and is not useful at present." +#~ msgstr "" +#~ "Bitte geben Sie die Länge des zu erstellenden RSA-Schlüssels ein. Sie " +#~ "sollte nicht weniger als 1024 Bit sein, da dies als unsicher betrachtet " +#~ "wird. Alles über 4098 Bit verlangsamt den Authentifizierungs-Prozess und " +#~ "ist zur Zeit nicht nützlich." + +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a Certificate Authority is needed to sign the certificate " +#~ "request. If you choose to create a self-signed certificate, you can use " +#~ "it immediately to connect to other IPsec hosts that support X.509 " +#~ "certificate for authentication of IPsec connections. However, using " +#~ "Openswan's PKI features requires all certificates to be signed by a " +#~ "single Certificate Authority to create a trust path." +#~ msgstr "" +#~ "Nur selbstsignierte X.509-Zertifikate können automatisch erstellt werden, " +#~ "da anderenfalls für die Unterzeichnung der Zertifikatsanforderung eine " +#~ "Zertifizierungsstelle benötigt wird. Falls Sie ein selbstsigniertes " +#~ "Zertifikat erstellen, können Sie dieses sofort verwenden, um sich mit " +#~ "anderen IPSec-Rechnern zu verbinden, die X.509-Zertifikate zur " +#~ "Authentifizierung von IPsec-Verbindungen benutzen. Falls Sie jedoch die " +#~ "PKI-Funktionen von Openswan verwenden möchten, müssen alle X.509-" +#~ "Zertifikate von einer einzigen Zertifizierungsstelle signiert sein, um " +#~ "einen Vertrauenspfad zu schaffen." + +#~ msgid "Modification of /etc/ipsec.conf" +#~ msgstr "Veränderung von /etc/ipsec.conf" + +#~ msgid "" +#~ "Due to a change in upstream Openswan, opportunistic encryption is no " +#~ "longer enabled by default. The no_oe.conf file that was shipped in " +#~ "earlier versions to explicitly disable it can therefore no longer be " +#~ "included by ipsec.conf. Any such include paragraph will now be " +#~ "automatically removed to ensure that Openswan can start correctly." +#~ msgstr "" +#~ "Aufgrund einer Änderung im Quelltext von Openswan ist opportunistische " +#~ "Verschlüsselung nicht mehr standardmäßig aktiviert. Ältere Versionen von " +#~ "Openswan enthielten die Datei no_oe.conf, die zur expliziten " +#~ "Deaktivierung der opportunistischen Verschlüsselung diente. Diese kann " +#~ "jetzt nicht mehr mittels ipsec.conf aufgenommen werden. Jeder " +#~ "entsprechende Absatz wird jetzt automatisch entfernt, um einen korrekten " +#~ "Start von Openswan sicherzustellen." + +#~ msgid "Do you wish to restart strongSwan?" +#~ msgstr "Möchten Sie strongSwan neustarten?" + +#~ msgid "Please enter the location of your X509 certificate in PEM format:" +#~ msgstr "" +#~ "Bitte geben Sie den Ort der Datei an, der Ihr X509-Zertifikat im PEM-" +#~ "Format enthält." + +#~ msgid "Please enter the location of your X509 private key in PEM format:" +#~ msgstr "" +#~ "Bitte geben Sie den Ort der Datei an, der Ihr X509-Zertifikat im PEM-" +#~ "Format enthält." + +#~ msgid "" +#~ "Please enter the 2 letter country code for your country. This code will " +#~ "be placed in the certificate request." +#~ msgstr "" +#~ "Bitte geben Sie den zweibuchstabigen Ländercode für Ihr Land ein. Dieser " +#~ "Code wird in der Zertifikatsanfrage verwendet." + +#~ msgid "Example: AT" +#~ msgstr "Beispiel: AT" + +#~ msgid "Example: Upper Austria" +#~ msgstr "Beispiel: Oberösterreich" + +#~ msgid "Example: Vienna" +#~ msgstr "Beispiel: Wien" + +#~ msgid "" +#~ "Please enter the organization (e.g. company) that the X509 certificate " +#~ "should be created for. This name will be placed in the certificate " +#~ "request." +#~ msgstr "" +#~ "Bitte geben Sie die Organisation (z.B. Firma) ein, für die das X509-" +#~ "Zertifikat erstellt werden soll. Dieser Name wird in der " +#~ "Zertifikatsanfrage verwandt." + +#~ msgid "Example: Debian" +#~ msgstr "Beispiel: Debian" + +#~ msgid "Example: security group" +#~ msgstr "Beispiel: Sicherheitsgruppe" + +#~ msgid "Example: gateway.debian.org" +#~ msgstr "Beispiel: gateway.debian.org" + +#~ msgid "When to start strongSwan:" +#~ msgstr "Wann soll strongSwan gestartet werden:" + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Falls Sie kein neues öffentliches/privates Schlüsselpaar erstellen " +#~ "wollen, können Sie im nächsten Schritt ein existierendes auswählen." + +#~ msgid "earliest, \"after NFS\", \"after PCMCIA\"" +#~ msgstr "frühestmöglich, »nach NFS«, »nach PCMCIA«" + +#~ msgid "" +#~ "There are three possibilities when strongSwan can start: before or after " +#~ "the NFS services and after the PCMCIA services. The correct answer " +#~ "depends on your specific setup." +#~ msgstr "" +#~ "Es gibt drei Möglichkeiten, wann strongSwan starten kann: vor oder nach " +#~ "den NFS-Diensten und nach den PCMCIA-Diensten. Die richtige Antwort hängt " +#~ "von Ihrer spezifischen Einrichtung ab." + +#~ msgid "" +#~ "If you do not have your /usr tree mounted via NFS (either you only mount " +#~ "other, less vital trees via NFS or don't use NFS mounted trees at all) " +#~ "and don't use a PCMCIA network card, then it's best to start strongSwan " +#~ "at the earliest possible time, thus allowing the NFS mounts to be secured " +#~ "by IPSec. In this case (or if you don't understand or care about this " +#~ "issue), answer \"earliest\" to this question (the default)." +#~ msgstr "" +#~ "Falls Sie Ihren /usr-Baum nicht über NFS eingehängt haben (entweder weil " +#~ "Sie nur andere, weniger lebenswichtige Bäume über NFS einhängen, oder " +#~ "falls Sie NFS überhaupt nicht verwenden) und keine PCMCIA-Netzwerkkarte " +#~ "benutzen, ist es am besten, strongSwan so früh wie möglich zu starten und " +#~ "damit durch IPSec gesicherte NFS-Einhängungen zu erlauben. In diesem Fall " +#~ "(oder falls Sie dieses Problem nicht verstehen oder es Ihnen egal ist), " +#~ "antworten Sie »frühestmöglich« (Standardwert) auf diese Frage." + +#~ msgid "" +#~ "If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +#~ "card, then you will need to start strongSwan after NFS so that all " +#~ "necessary files are available. In this case, answer \"after NFS\" to this " +#~ "question. Please note that the NFS mount of /usr can not be secured by " +#~ "IPSec in this case." +#~ msgstr "" +#~ "Falls Sie Ihren /usr-Baum über NFS eingehängt haben und keine PCMCIA-" +#~ "Netzwerkkarte benutzen, müssen Sie strongSwan nach NFS starten, so dass " +#~ "alle benötigten Dateien verfügbar sind. In diesem Fall antworten Sie " +#~ "»nach NFS« auf diese Frage. Bitte beachten Sie, dass NFS-Einhängungen " +#~ "von /usr in diesem Fall nicht über IPSec gesichert werden können." + +#~ msgid "" +#~ "If you use a PCMCIA network card for your IPSec connections, then you " +#~ "only have to choose to start it after the PCMCIA services. Answer \"after " +#~ "PCMCIA\" in this case. This is also the correct answer if you want to " +#~ "fetch keys from a locally running DNS server with DNSSec support." +#~ msgstr "" +#~ "Falls Sie eine PCMCIA-Netzwerkkarte für Ihre IPSec-Verbindungen benutzen, " +#~ "dann müssen Sie nur auswählen, dass er nach den PCMCIA-Diensten startet. " +#~ "Antworten Sie in diesem Fall »nach PCMCIA«. Dies ist auch die richtige " +#~ "Antwort, falls Sie Schlüssel von einem lokal laufenden DNS-Server mit " +#~ "DNSSec-Unterstützung abholen wollen." + +#~ msgid "Do you wish to support IKEv1?" +#~ msgstr "Möchten Sie IKEv1 unterstützen?" + +#~ msgid "" +#~ "strongSwan supports both versions of the Internet Key Exchange protocol, " +#~ "IKEv1 and IKEv2. Do you want to start the \"pluto\" daemon for IKEv1 " +#~ "support when strongSwan is started?" +#~ msgstr "" +#~ "strongSwan unterstützt beide Versionen des »Internet Key Exchange«-" +#~ "Protokolls (Schlüsselaustausch über Internet), IKEv1 und IKEv2. Möchten " +#~ "Sie den »pluto«-Daemon für IKEv1-Unterstützung starten, wenn strongSwan " +#~ "gestartet wird." + +#~ msgid "Do you wish to support IKEv2?" +#~ msgstr "Möchten Sie IKEv2 unterstützen?" + +#~ msgid "" +#~ "strongSwan supports both versions of the Internet Key Exchange protocol, " +#~ "IKEv1 and IKEv2. Do you want to start the \"charon\" daemon for IKEv2 " +#~ "support when strongSwan is started?" +#~ msgstr "" +#~ "strongSwan unterstützt beide Versionen des »Internet Key Exchange«-" +#~ "Protokolls (Schlüsselaustausch über Internet), IKEv1 und IKEv2. Möchten " +#~ "Sie den »charon«-Daemon für IKEv2-Unterstützung starten, wenn strongSwan " +#~ "gestartet wird." + +#~ msgid "" +#~ "strongSwan comes with support for opportunistic encryption (OE), which " +#~ "stores IPSec authentication information (i.e. RSA public keys) in " +#~ "(preferably secure) DNS records. Until this is widely deployed, " +#~ "activating it will cause a significant slow-down for every new, outgoing " +#~ "connection. Since version 2.0, strongSwan upstream comes with OE enabled " +#~ "by default and is thus likely to break your existing connection to the " +#~ "Internet (i.e. your default route) as soon as pluto (the strongSwan " +#~ "keying daemon) is started." +#~ msgstr "" +#~ "strongSwan enthält Unterstützung für opportunistische Verschlüsselung " +#~ "(OV), die Authentifizierungsinformationen von IPSec (z.B. öffentliche RSA-" +#~ "Schlüssel) in DNS-Datensätzen speichert. Solange dies nicht weit " +#~ "verbreitet ist, wird jede neue ausgehende Verbindung signifikant " +#~ "verlangsamt, falls diese Option aktiviert ist. Seit Version 2.0 wird " +#~ "strongSwan von den Autoren mit aktiviertem OV ausgeliefert und wird daher " +#~ "wahrscheinlich Ihre existierenden Verbindungen ins Internet (d.h. Ihre " +#~ "Standard-Route) stören, sobald Pluto (der strongSwan Schlüssel-Daemon) " +#~ "gestartet wird." + +#~ msgid "" +#~ "Please choose whether you want to enable support for OE. If unsure, do " +#~ "not enable it." +#~ msgstr "" +#~ "Bitte wählen Sie aus, ob Sie OV aktivieren möchten. Falls Sie unsicher " +#~ "sind, aktivieren Sie es nicht." + +#~ msgid "x509, plain" +#~ msgstr "x509, einfach" + +#~ msgid "The type of RSA keypair to create:" +#~ msgstr "Die Art des RSA-Schlüsselpaars, das erstellt werden soll:" + +#~ msgid "" +#~ "It is possible to create a plain RSA public/private keypair for use with " +#~ "strongSwan or to create a X509 certificate file which contains the RSA " +#~ "public key and additionally stores the corresponding private key." +#~ msgstr "" +#~ "Es besteht die Möglichkeit, ein einfaches öffentliches/privates " +#~ "Schlüsselpaar für den Einsatz mit strongSwan oder eine X509-" +#~ "Zertifikatsdatei zu erstellen, die den öffentlichen Schlüssel und " +#~ "zusätzlich den zugehörigen privaten Schlüssel enthält." + +#~ msgid "" +#~ "If you only want to build up IPSec connections to hosts also running " +#~ "strongSwan, it might be a bit easier using plain RSA keypairs. But if you " +#~ "want to connect to other IPSec implementations, you will need a X509 " +#~ "certificate. It is also possible to create a X509 certificate here and " +#~ "extract the RSA public key in plain format if the other side runs " +#~ "strongSwan without X509 certificate support." +#~ msgstr "" +#~ "Falls Sie nur IPSec-Verbindungen zu Rechnern aufbauen wollen, auf denen " +#~ "auch strongSwan läuft, könnte es etwas einfacher sein, einfache RSA-" +#~ "Schlüsselpaare zu verwenden. Falls Sie aber mit anderen IPSec-" +#~ "Implementierungen Verbindungen aufnehmen wollen, benötigen Sie ein X509-" +#~ "Zertifikat. Es besteht auch die Möglichkeit, hier ein X509-Zertifikat zu " +#~ "erstellen und den öffentlichen RSA-Schlüssel im einfachen Format zu " +#~ "extrahieren, falls die andere Seite strongSwan ohne X509-" +#~ "Zertifikatsunterstützung betreibt." + +#~ msgid "" +#~ "Therefore a X509 certificate is recommended since it is more flexible and " +#~ "this installer should be able to hide the complex creation of the X509 " +#~ "certificate and its use in strongSwan anyway." +#~ msgstr "" +#~ "Daher wird ein X509-Zertifikat empfohlen, da es flexibler ist und dieses " +#~ "Installationsprogramm in der Lage sein sollte, die komplexe Erstellung " +#~ "des X509-Zertifikates und seinen Einsatz in strongSwan zu verstecken." diff --git a/debian/po/es.po b/debian/po/es.po new file mode 100644 index 000000000..2361c2368 --- /dev/null +++ b/debian/po/es.po @@ -0,0 +1,655 @@ +# strongswan po-debconf translation to Spanish +# Copyright (C) 2010 Software in the Public Interest +# This file is distributed under the same license as the strongswan package. +# +# Changes: +# - Initial translation +# Francisco Javier Cuadrado <fcocuadrado@gmail.com>, 2010 +# +# - Updates +# Matías Bellone <matiasbellone+debian@gmail.com>, 2013 +# +# Traductores, si no conocen el formato PO, merece la pena leer la +# documentación de gettext, especialmente las secciones dedicadas a este +# formato, por ejemplo ejecutando: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Equipo de traducción al español, por favor lean antes de traducir +# los siguientes documentos: +# +# - El proyecto de traducción de Debian al español +# http://www.debian.org/intl/spanish/ +# especialmente las notas y normas de traducción en +# http://www.debian.org/intl/spanish/notas +# +# - La guía de traducción de po's de debconf: +# /usr/share/doc/po-debconf/README-trans +# o http://www.debian.org/intl/l10n/po-debconf/README-trans +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan 4.4.1-5\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-12-17 17:19-0300\n" +"Last-Translator: Matías Bellone <matiasbellone+debian@gmail.com>\n" +"Language-Team: Debian l10n Spanish <debian-l10n-spanish@lists.debian.org>\n" +"Language: es\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Se ha sustituido la antigua gestión del nivel de ejecución" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Las versiones previas del paquete de strongSwan daban la opción de elegir " +"entre tres niveles diferentes de inicio/parada. Debido a los cambios en el " +"procedimiento del sistema estándar de arranque esto ya no es necesario ni " +"útil. Para todas las instalaciones nuevas, así como para las antiguas que " +"ejecuten cualquiera de los modos predefinidos, se configurarán unos niveles " +"predeterminados válidos. Si está actualizando de una versión antigua y ha " +"cambiado los parámetros de arranque de strongSwan, revise el archivo «NEWS." +"Debian» para leer las instrucciones sobre cómo modificar su configuración " +"apropiadamente." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "¿Desea reiniciar strongSwan ahora mismo?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Se recomienda reiniciar strongSwan, porque si hay un parche de seguridad " +"éste no se aplicará hasta que reinicie el demonio. La mayoría de la gente " +"espera que el demonio se reinicie, así que generalmente es una buena idea. " +"Sin embargo, esto puede cerrar las conexiones existentes y después volverlas " +"a abrir, de modo que si está utilizando un túnel de strongSwan en la " +"conexión de esta actualización, no es recomendable reiniciar." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "¿Desea iniciar el demonio charon de strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"El demonio charon debe estar en ejecución para utilizar el protocolo de " +"intercambio de claves por Internet («Internet Key Exchange»)." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "¿Desea utilizar un certificado X.509 para esta máquina?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Se puede crear automáticamente o importar un certificado X.509 para esta " +"máquina. Puede utilizarlo para autenticar conexiones IPsec de otras máquinas " +"y es la forma preferida para construir conexiones IPsec seguras. La otra " +"posibilidad sería utilizar secretos compartidos (contraseñas que son la " +"misma en ambos lados del túnel) para autenticar una conexión, pero para un " +"gran número de conexiones, la autenticación basada en claves es más sencilla " +"de administrar y más segura." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"También puede rechazar esta opción y utilizar más tarde «dpkg-reconfigure " +"strongswan» para volver a configurar esta opción." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "crear" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "importar" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"Métodos para utilizar un certificado X.509 para autenticar esta máquina:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Puede crear un certificado X.509 nuevo con una configuración definida por el " +"usuario o importar una clave pública/privada almacenada en archivo/s PEM " +"para autenticar las conexiones IPsec." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Si elige crear un certificado X.509 nuevo, primero se le realizarán unas " +"cuantas preguntas que deberá contestar antes de que comience el proceso de " +"creación. Tenga en cuenta que si desea que una Autoridad de Certificación " +"(CA) firme la clave pública no debería elegir crear un certificado auto-" +"firmado y todas las respuestas deberán coincidir exactamente con los " +"requisitos de la CA, de otro modo puede que se rechace la petición del " +"certificado." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Si desea importar una clave pública/privada, se le preguntará por los " +"nombres de los archivos (que pueden ser idénticos si ambas partes se " +"almacenan en un único archivo). Opcionalmente, puede indicar el nombre de un " +"archivo donde se encuentran las clave/s pública/s de la Autoridad de " +"Certificación, pero este archivo no puede ser el mismo que los anteriores. " +"Tenga en cuenta que el formato para los certificados X.509 tiene que ser PEM " +"y que la clave privada no debe estar cifrada o el proceso de importación " +"fallará." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Nombre del archivo del certificado X.509 en formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Introduzca la ubicación completa del archivo que contiene el certificado " +"X.509 en formato PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "" +"Nombre del archivo de la clave privada del certificado X.509 en formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Introduzca la ubicación del archivo que contiene la clave privada RSA del " +"certificado X.509 en formato PEM. Puede ser el mismo archivo que contiene el " +"certificado X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "" +"Nombre del archivo del certificado X.509 de la raíz de la Autoridad de " +"Certificación (CA) en formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Opcionalmente, ahora puede introducir la ubicación del archivo que contiene " +"el certificado X.509 de la raíz de la Autoridad de Certificación (CA) " +"utilizado para firmar su certificado en formato PEM. Si no tiene uno o no " +"desea utilizarlo, deje este campo en blanco. Tenga en cuenta que no es " +"posible almacenar la raíz de la CA en el mismo archivo que su certificado " +"X.509 o la clave privada." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Introduzca la longitud que debería tener la clave RSA a crear:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Introduzca la longitud de la clave RSA a crear. No debería ser menor de 1024 " +"bits porque se considera inseguro, además probablemente no necesite más de " +"4096 bits porque sólo ralentiza el proceso de autenticación y no es " +"necesario en estos momentos." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "¿Desea crear un certificado X.509 auto-firmado?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Sólo se pueden crear automáticamente los certificados X.509 auto-firmados " +"porque en otros casos se necesita que la Autoridad de Certificación (CA) " +"firme la petición del certificado. Si elige crear un certificado auto-" +"firmado, puede utilizarlo inmediatamente para conectar a otras máquinas " +"IPsec que permitan la autenticación de conexiones IPsec con certificados " +"X.509. Sin embargo, si utiliza las funcionalidades PKI de strongSwan es " +"necesario que todos los certificados estén firmados por una única Autoridad " +"de Certificación para crear una ruta segura." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Si no elige crear un certificado auto-firmado, sólo se crearán la clave " +"privada y la petición del certificado, y tendrá que firmar la petición del " +"certificado con su Autoridad de Certificación." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "Código del país para la petición del certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Introduzca el código de dos letras para el país en el que el servidor está " +"ubicado (por ejemplo: «ES» para España)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL se negará a generar un certificado a menos que este campo sea un " +"código de país ISO-3166 válido, además no se permite que este campo quede en " +"blanco." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Estado o provincia para la petición del certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Introduzca el nombre completo del estado o la provincia donde está ubicado " +"el servidor (por ejemplo: «Comunidad de Madrid»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Nombre de la localidad para la petición del certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Introduzca la localidad donde está ubicado el servidor (normalmente una " +"ciudad, por ejemplo: «Madrid»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Nombre de la organización para la petición del certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Introduzca la organización a la que perteneces el servidor (por ejemplo: " +"«Debian»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Nombre del departamento para la petición del certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Introduzca el nombre del departamento o unidad de la organización " +"(«organizational unit», OU) al que pertenece el servidor (por ejemplo: " +"«departamento de seguridad»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Nombre Común (CN) para la petición del certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Introduzca el Nombre Común (CN) de esta máquina (por ejemplo: «gateway." +"example.org»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "" +"Dirección de correo electrónico para la petición del certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Introduzca la dirección de correo electrónico de la persona u organización " +"responsable del certificado X.509." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "¿Desea activar el cifrado oportunista?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Esta versión de strongSwan permite utilizar cifrado oportunista " +"(«Opportunistic Encryption», OE), que almacena la información de la " +"autenticación de IPSec en registros DNS. Hasta que estos registros estén " +"ampliamente difundidos, activarlo puede causar un gran retraso para cada " +"conexión saliente." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Sólo debería activar el cifrado oportunista si está seguro que lo desea. " +"Esto puede romper la conexión a internet (la ruta predeterminada) cuando " +"inicia el demonio pluto." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "El demonio pluto se debe ejecutar para poder utilizar la versión 1 del " +#~ "protocolo de intercambio de claves por internet («Internet Key Exchange»)." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "¿Desea iniciar el demonio IKEv2 de StrongSwan?" + +#~ msgid "earliest" +#~ msgstr "lo más pronto posible" + +#~ msgid "after NFS" +#~ msgstr "después de NFS" + +#~ msgid "after PCMCIA" +#~ msgstr "después de PCMCIA" + +#~ msgid "When to start strongSwan:" +#~ msgstr "Cuando se iniciará strongSwan:" + +#~ msgid "" +#~ "StrongSwan starts during system startup so that it can protect " +#~ "filesystems that are automatically mounted." +#~ msgstr "" +#~ "StrongSwan se inicia durante el arranque del sistema, de modo que pueda " +#~ "proteger los sistemas de archivos que se montan automáticamente." + +#~ msgid "" +#~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" +#~ " PCMCIA network card, it is best to start strongSwan as soon as\n" +#~ " possible, so that NFS mounts can be secured by IPSec;\n" +#~ " * after NFS: recommended when /usr is mounted through NFS and no\n" +#~ " PCMCIA network card is used;\n" +#~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" +#~ " network card or if it needs keys to be fetched from a locally running " +#~ "DNS\n" +#~ " server with DNSSec support." +#~ msgstr "" +#~ " * lo más pronto posible: si «/usr» no está montado mediante NFS y no usa " +#~ "una\n" +#~ " tarjeta de red PCMCIA, es mejor iniciar strongSwan lo más pronto " +#~ "posible,\n" +#~ " de modo que el montaje de NFS se pueda asegurar mediante IPSec.\n" +#~ " * después de NFS: se recomienda cuando «/usr» se monta mediante NFS y " +#~ "no\n" +#~ " se usa una tarjeta de red PCMCIA.\n" +#~ " * después de PCMCIA: se recomienda si la conexión IPSec usa una tarjeta\n" +#~ " de red PCMCIA o si necesita obtener las claves desde un servidor de " +#~ "DNS local\n" +#~ " compatible con DNSSec." + +#~ msgid "" +#~ "If you don't restart strongSwan now, you should do so manually at the " +#~ "first opportunity." +#~ msgstr "" +#~ "Si no quiere reiniciar strongSwan ahora mismo, debería realizarlo " +#~ "manualmente cuando considere oportuno." + +#~ msgid "Create an RSA public/private keypair for this host?" +#~ msgstr "" +#~ "¿Desea crear un par de claves (pública/privada) RSA para este equipo?" + +#~ msgid "" +#~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " +#~ "authenticate IPSec connections to other hosts. RSA authentication is " +#~ "generally considered more secure and is easier to administer. You can use " +#~ "PSK and RSA authentication simultaneously." +#~ msgstr "" +#~ "StrongSwan puede utilizar una clave pre-compartida («Pre-Shared Key», " +#~ "PSK) o un par de claves RSA para autenticarse en las conexiones IPSec con " +#~ "otras máquinas. La autenticación con RSA se considera, generalmente, más " +#~ "segura y más fácil de administrar. Puede utilizar la autenticación con " +#~ "PSK y con RSA de forma simultánea." + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Si no quiere crear un nuevo par de claves, puede escoger utilizar un par " +#~ "existente en el siguiente paso." + +#~ msgid "" +#~ "The required information can automatically be extracted from an existing " +#~ "X.509 certificate with a matching RSA private key. Both parts can be in " +#~ "one file, if it is in PEM format. You should choose this option if you " +#~ "have such an existing certificate and key file and want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "La información necesaria se puede extraer automáticamente desde un " +#~ "certificado X.509 con una clave privada RSA correspondiente. Ambas partes " +#~ "pueden estar en un único archivo, si está en el formato PEM. Debería " +#~ "escoger esta opción si tiene un certificado y un archivo de clave, y " +#~ "quiere utilizarlo para autenticar las conexiones IPSec." + +#~ msgid "RSA key length:" +#~ msgstr "Longitud de la clave RSA:" + +#~ msgid "" +#~ "Please enter the length of RSA key you wish to generate. A value of less " +#~ "than 1024 bits is not considered secure. A value of more than 2048 bits " +#~ "will probably affect performance." +#~ msgstr "" +#~ "Introduzca la longitud de la clave RSA que quiere generar. Un valor menor " +#~ "de 1024 bits no se considera seguro. Un valor de más de 2048 bits puede " +#~ "afectar al rendimiento." + +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a certificate authority is needed to sign the certificate " +#~ "request." +#~ msgstr "" +#~ "Sólo se pueden crear automáticamente certificados X.509 auto-firmados, " +#~ "porque de otro modo se necesitaría una autoridad de certificación para " +#~ "firmar la petición del certificado." + +#~ msgid "" +#~ "If you accept this option, the certificate created can be used " +#~ "immediately to connect to other IPSec hosts that support authentication " +#~ "via an X.509 certificate. However, using strongSwan's PKI features " +#~ "requires a trust path to be created by having all X.509 certificates " +#~ "signed by a single authority." +#~ msgstr "" +#~ "Si acepta esta opción, el certificado creado se puede utilizar " +#~ "inmediatamente para conectar a otras máquinas de IPSec que permitan la " +#~ "autenticación mediante un certificado X.509. Sin embargo, si se utilizan " +#~ "las funcionalidades PKI de strongSwan se requiere crear una ruta de " +#~ "confianza para tener todos los certificados X.509 firmados por una única " +#~ "autoridad." + +#~ msgid "" +#~ "Please enter the two-letter ISO3166 country code that should be used in " +#~ "the certificate request." +#~ msgstr "" +#~ "Introduzca el código ISO3166 de dos letras del país que se debería " +#~ "utilizar en la petición del certificado." + +#~ msgid "" +#~ "This field is mandatory; otherwise a certificate cannot be generated." +#~ msgstr "" +#~ "Este campo es obligatorio, de otro modo no se podría generar un " +#~ "certificado." + +#~ msgid "" +#~ "Please enter the locality name (often a city) that should be used in the " +#~ "certificate request." +#~ msgstr "" +#~ "Introduzca el nombre de la localidad (normalmente una ciudad) que se " +#~ "debería usar en la petición del certificado." + +#~ msgid "" +#~ "Please enter the organization name (often a company) that should be used " +#~ "in the certificate request." +#~ msgstr "" +#~ "Introduzca el nombre de la organización (normalmente una compañía) que se " +#~ "debería usar en la petición del certificado." + +#~ msgid "" +#~ "Please enter the common name (such as the host name of this machine) that " +#~ "should be used in the certificate request." +#~ msgstr "" +#~ "Introduzca el nombre común (como el nombre de la máquina) que se debería " +#~ "usar en la petición del certificado." diff --git a/debian/po/eu.po b/debian/po/eu.po new file mode 100644 index 000000000..8a7f0ae61 --- /dev/null +++ b/debian/po/eu.po @@ -0,0 +1,463 @@ +# translation of strongswan_4.4.1-5.1_eu.po to Basque +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Piarres Beobide <pi@beobide.net>, 2009. +# Iñaki Larrañaga Murgoitio <dooteo@zundan.com>, 2010, 2013. +msgid "" +msgstr "" +"Project-Id-Version: strongswan_4.4.1-5.1_eu\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-10-15 21:41+0200\n" +"Last-Translator: Iñaki Larrañaga Murgoitio <dooteo@zundan.com>\n" +"Language-Team: Basque <librezale@librezale.org>\n" +"Language: eu\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Lokalize 1.4\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Exekuzio-mailaren kudeaketa zaharra ordeztuta" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"strongSwan paketearen aurreko bertsioak hiru Abiarazte-/Gelditzen-maila " +"desberdinen arteko aukera eskaintzen zuen. Sistemaren abioaren prozedura " +"arruntean aldaketak gertatu direnez, ez dira beharrezkoak edo erabilgarriak. " +"Instalazio berri guztientzako, aurredefinitutako moduetako batean " +"exekutatzen diren zaharretan ere, zentzuzko maila lehenetsiak ezarriko dira " +"orain. Aurreko bertsiotik eguneratzen ari bazara, eta strongSwan-en abioko " +"parametroak aldatu bazenituen, irakur ezazu NEWS.Debian fitxategia. " +"konfigurazioa modu egokian nola aldatzen den jakiteko." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Berrabiarazi StrongSwan orain?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"StrongSwan berrabiaraztea gomendatzen da segurtasunezko konponketa bat " +"badago ez baita ezarriko daemona berrabiarazi artea. Erabiltzaile gehienek " +"daemona berrabiaraztea espero dutenez, burutazio ona da hori. Hala ere, " +"honek martxan dauden konexioak itxi eta gero berriz abiaraziko ditu. Hori " +"dela eta, eguneraketa honetan strongSwan tunela erabiltzen ari bazara, ez da " +"gomendatzen berrabiaraztea." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "Abiarazi StrongSwan-ren 'charon' daemona abiarazi?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"'charon' daemona exekutatzen egon behar da Interneteko Gakoen Trukaketa " +"(IKE) protokoloa onartzeko." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "X.509 ziurtagiria erabili ostalari honentzako?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Ostalari honentzako X.509 ziurtagiri bat automatikoki sor edo inportatu " +"daiteke. Beste ostalariekin IPsec bidez konektatzean autentifikatzeko " +"erabili daiteke, eta hobetsitako bidea da IPsec konexio seguruak " +"eraikitzeko. Beste aukera bat ezkutukoak (tunelaren bi aldeetan berdinak " +"diren pasahitzak) partekatzea litzateke konexio bat autentifikatzeko, baina " +"konexio kopuru handi batentzako gakoetan oinarritutako autentifikazioa " +"errazagoa eta askoz ere seguruagoa da kudeatzeko." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Bestela, aukera hau ukatu dezakezu eta beranduago itzuli \"dpkg-reconfigure " +"strongswan\" komandoa erabiliz." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "sortu" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "inportatu" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "Metodoa ostalari hau X.509 ziurtagiria erabiliz autentifikatzeko:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"X.509 ziurtagiri berri bat sor daiteke erabiltzaileak definitutako " +"ezarpenekin edo PEM fitxategietan gordetako gako publiko eta pribatuak " +"inportatu daiteke IPsec konexioak autentifikatzeko." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"X.509 ziurtagiri berri bat sortzea hautatzen baduzu aurrenik, eta sortzeko " +"lanak hasi aurretik, erantzun beharreko galdera batzuk egingo zaizkizu. " +"Jakin ezazu gako publikoa existitzen den Ziurtagiri-emaile batek sinatzea " +"nahi baduzu, ez zenukeela sortu beharko auto-sinatutako sinatzen duen " +"ziurtagiririk, eta emandako erantzun guztiak zehatz-meatz ZEren " +"eskakizunekin bat etorri beharko dutela, bestela ziurtagiriaren eskaera " +"ukatu egingo baita." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Existitzen den gako publiko eta pribatua inportatzea nahi izanez gero, haien " +"fitxategi-izenak eskatuko zaizkizu (berdinak izango dira bi zatiak fitxategi " +"batean gordeta badaude). Aukeran ziurtagiri-emailearen gako publikoa duen " +"fitxategia ere zehaz dezakezu, baina fitxategi hau ezin da aurrekoen berdina " +"izan. Kontuz ibili, X.509 ziurtagirien formatua PEM izan behar duelako, eta " +"gako pribatua ezin delako enkriptatuta egon, bestela inportatzeko prozesuak " +"huts egingo bait luke." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Zure PEM formatuko X.509 ziurtagiriaren fitxategi-izena :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Idatzi zure PEM formatuko X.509 ziurtagiria duen fitxategiaren bide-izen " +"osoa." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "PEM formatuko X.509 gako pribatuaren fitxategi-izena :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Idatzi dagoen zure PEM formatuko X.509 ziurtagiriaren pareko RSA gako " +"pribatua duen fitxategiaren kokapen osoa. Hau X.509 ziurtagiriaren fitxategi " +"berdina izan daiteke." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "PEM formatuko X.509 ziurtagiriaren fitxategi-izena:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Aukeran X.509 Ziurtagiri-emailearen erroa duen fitxategiaren kokalekua idatz " +"dezakezu zure ziurtagiria PEM formatuan sinatzeko. Ez badaukazu do ez baduzu " +"hori erabiltzerik nahi, utzi eremu hau hutsik. Jakin ezazu ezin dela gorde " +"erroko ZE (RootCA) zure X.509 ziurtagiria edo gako pribatua duen fitxategi " +"berdinean." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Sartu sortutako RSA gakoak edukiko duen luzera:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Sartu sortutako RSA gakoaren luzera. Ez luke 1024 bit baino txikiagoa izan " +"behar ez-segurutzat jotzen delako, eta litekeena da 4096 bit baino luzeagoa " +"behar ez izatea, autentifikatzeko prozesua soilik moteltzen duelako eta " +"unean ez delako behar." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Sortu auto-sinatutako X.509 ziurtagiria?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Soilik auto-sinatutako X.509 ziurtagiriak sor daitezke automatikoki, bestela " +"Ziurtagiri-emailea behar delako ziurtagiriaren eskaera sinatzeko. Auto-" +"sinatutako ziurtagiria sortzea aukeratzen baduzu, ziurtagiri hori berehala " +"erabil dezakezu X.509 ziurtagiria onartzen duten beste IPsec ostalariekin " +"IPsec konexioak autentifikatzeko. Hala ere, strongSwan-en PKI eginbidea " +"erabiltzeak ziurtagiri guztiak Ziurtagiri-emaile batek sinatuta egotea " +"eskatzen du bide fidagarri bat sortzeko." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Ez baduzu auto-sinatutako ziurtagiri bat sortzea aukeratzen, soilik RSAren " +"gako pribatua eta ziurtagiriaren eskaera sortuko dira, eta ziurtagiriaren " +"eskaera zure Ziurtagiri-emailearekin sinatu beharko duzu." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "X.509 ziurtagiriaren eskaeraren herrialdearen kodea:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Sartu zerbitzaria kokatuta dagoen herrialdeari dagokion bi hizkiko kodea " +"(hala nola \"AT\" Austriarentzako)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL-ek ukatu egingo du ziurtagiri bat sortzea baldin eta herrialdearen " +"baliozko ISO-3166 kodea ez bada. X.509 ziurtagiriko beste edozer eremu " +"hutsik egon daiteke, baina ez eremu hau." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "X.509 ziurtagiri eskaeraren estatu edo probintziaren izena:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Idatzi zerbitzaria kokatuta dagoen estatu edo probintziaren izen osoa " +"(adibidez, \"Goiko Austria\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "X.509 ziurtagiri eskaeraren herriaren izena:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Idatzi zerbitzaria kokatuta dagoen kokalekua (normalean herria, adibidez, " +"\"Bilbo\"). " + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "X.509 ziurtagiri eskaeraren erakundearen izena:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "Idatzi zerbitzaria duen erakundea (adibidez, \"Debian\")" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "X.509 ziurtagiri eskaeraren saila:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "Idatzi zerbitzaria duen saila (adibidez, \"segurtasunaren taldea\")" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "X.509 ziurtagiri eskaeraren izen arrunta:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Idatzi ostalari honen izen arrunta (adibidez, \"atebidea.adibidea.org\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "X.509 ziurtagiri eskaeraren helbide elektronikoa:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Idatzi X.509 ziurtagiriaren ardura duen pertsona edo erakundearen helbide " +"elektronikoa." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Gaitu enkriptazio oportunista?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"StrongSwan bertsio honek aukerako enkriptazio oportunistaren (OE) euskarria " +"du, honek IPSec autentifikazio informazioa DNS erregistroetan gordetzen " +"ditu. Hau guztiz garatua ez dagoenez gaitzeak kanporako konexio berri " +"guztien atzerapen esanguratsu bat eragin dezake." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Enkriptazio oportunista behar duzula ziur bazaude bakarrik gaitu beharko " +"zenuke. Interneteko konexioak moztu ditzake (lehenetsitako atebidea) daemona " +"abiaraztean." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "'pluto' daemona exekutatzen egon behar da Interneteko Gakoen Trukaketa " +#~ "(IKE) protokoloaren lehen bertsioa onartzeko." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "StrongSwan-ren IKEv2 daemona abiarazi?" diff --git a/debian/po/fi.po b/debian/po/fi.po new file mode 100644 index 000000000..f74f40e59 --- /dev/null +++ b/debian/po/fi.po @@ -0,0 +1,667 @@ +# Copyright (C) 2009 +# This file is distributed under the same license as the strongswan package. +# +# Esko Arajärvi <edu@iki.fi>, 2009. +msgid "" +msgstr "" +"Project-Id-Version: strongswan\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2009-05-25 14:49+0100\n" +"Last-Translator: Esko Arajärvi <edu@iki.fi>\n" +"Language-Team: Finnish <debian-l10n-finnish@lists.debian.org>\n" +"Language: fi\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 0.3\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Käynnistetäänkö strongSwan uudelleen nyt?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +#, fuzzy +#| msgid "" +#| "Restarting strongSwan is recommended, because if there is a security fix, " +#| "it will not be applied until the daemon restarts. However, this might " +#| "close existing connections and then bring them back up." +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"On suositeltavaa käynnistää strongSwan-taustaohjelma uudelleen, koska " +"mahdolliset tietoturvapäivitykset eivät tule käyttöön ennen tätä. Tämä " +"saattaa kuitenkin katkaista olemassa olevat yhteydet ja avata ne sitten " +"uudelleen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +#, fuzzy +#| msgid "Start strongSwan's IKEv1 daemon?" +msgid "Start strongSwan's charon daemon?" +msgstr "Käynnistetäänkö strongSwanin IKEv1-taustaohjelma?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +#, fuzzy +#| msgid "" +#| "The charon daemon must be running to support version 2 of the Internet " +#| "Key Exchange protocol." +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Internet Key Exchange -protokollan version 2 tuki vaatii, että charon-" +"taustaohjelma on käynnissä." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +#, fuzzy +#| msgid "Use an existing X.509 certificate for strongSwan?" +msgid "Use an X.509 certificate for this host?" +msgstr "Tulisiko strongSwanin käyttää olemassa olevaa X.509-varmennetiedostoa?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +#, fuzzy +#| msgid "File name of your X.509 certificate in PEM format:" +msgid "File name of your PEM format X.509 certificate:" +msgstr "PEM-muodossa olevan X.509-varmennetiedoston nimi:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +#, fuzzy +#| msgid "" +#| "Please enter the full location of the file containing your X.509 " +#| "certificate in PEM format." +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Anna PEM-muodossa olevan, X.509-varmenteen sisältävän tiedoston täydellinen " +"polku." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +#, fuzzy +#| msgid "File name of your existing X.509 private key in PEM format:" +msgid "File name of your PEM format X.509 private key:" +msgstr "PEM-muotoisen, olemassa olevan, salaisen X.509-avaimen tiedostonimi:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +#, fuzzy +#| msgid "" +#| "Please enter the full location of the file containing the private RSA key " +#| "matching your X.509 certificate in PEM format. This can be the same file " +#| "as the X.509 certificate." +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Anna PEM-muodossa olevaan X.509-varmenteeseen täsmäävän salaisen RSA-avaimen " +"täydellinen polku. Tämä voi olla sama tiedosto kuin X.509-varmenteen " +"sisältävä." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +#, fuzzy +#| msgid "File name of your X.509 certificate in PEM format:" +msgid "File name of your PEM format X.509 RootCA:" +msgstr "PEM-muodossa olevan X.509-varmennetiedoston nimi:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +#, fuzzy +#| msgid "Create a self-signed X.509 certificate?" +msgid "Create a self-signed X.509 certificate?" +msgstr "Luodaanko itseallekirjoitettu X.509-varmenne?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +#, fuzzy +#| msgid "" +#| "If you do not accept this option, only the RSA private key will be " +#| "created, along with a certificate request which you will need to have " +#| "signed by a certificate authority." +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Jos et valitse tätä vaihtoehtoa, luodaan vain salainen RSA-avain ja " +"varmennepyyntö, joka pitää lähettää ulkoisen varmentajan " +"allekirjoitettavaksi." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +#, fuzzy +#| msgid "Country code for the X.509 certificate request:" +msgid "Country code for the X.509 certificate request:" +msgstr "X.509-varmennepyynnön maakoodi:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +#, fuzzy +#| msgid "State or province name for the X.509 certificate request:" +msgid "State or province name for the X.509 certificate request:" +msgstr "X.509-varmennepyynnön osavaltio, lääni tai maakunta:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +#, fuzzy +#| msgid "" +#| "Please enter the full name of the state or province to include in the " +#| "certificate request." +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Anna varmennepyyntöön sisällytettävä osavaltion, läänin tai maakunnan koko " +"nimi." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +#, fuzzy +#| msgid "Locality name for the X.509 certificate request:" +msgid "Locality name for the X.509 certificate request:" +msgstr "X.509-varmennepyynnön paikkakunta:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +#, fuzzy +#| msgid "Organization name for the X.509 certificate request:" +msgid "Organization name for the X.509 certificate request:" +msgstr "X.509-varmennepyynnön järjestön nimi:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +#, fuzzy +#| msgid "Organizational unit for the X.509 certificate request:" +msgid "Organizational unit for the X.509 certificate request:" +msgstr "X.509-varmennepyynnön järjestön yksikkö:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +#, fuzzy +#| msgid "Organizational unit for the X.509 certificate request:" +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "X.509-varmennepyynnön järjestön yksikkö:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +#, fuzzy +#| msgid "Common name for the X.509 certificate request:" +msgid "Common Name for the X.509 certificate request:" +msgstr "X.509-varmennepyynnön yleinen nimi:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +#, fuzzy +#| msgid "Email address for the X.509 certificate request:" +msgid "Email address for the X.509 certificate request:" +msgstr "X.509-varmennepyynnön sähköpostiosoite:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +#, fuzzy +#| msgid "" +#| "Please enter the email address (for the individual or organization " +#| "responsible) that should be used in the certificate request." +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Anna varmennepyynnössä käytettävä sähköpostiosoite (yksityinen ja järjestön)." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Käytetäänkö opportunistista salausta?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"StrongSwanin tämä versio tukee opportunistista salausta (opportunistic " +"encryption, OE), joka tallentaa IPSec-varmennustietoja DNS-tietueisiin. " +"Ennen kuin tämä käytäntö yleistyy laajalti, sen käyttö aiheuttaa merkittävän " +"viiveen jokaiseen uuteen ulospäin otettavaan yhteyteen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +#, fuzzy +#| msgid "" +#| "You should only enable opportunistic encryption if you are sure you want " +#| "it. It may break the Internet connection (default route) as the pluto " +#| "daemon starts." +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Valitse opportunistinen salaus vain, jos olet varma, että haluat sen " +"käyttöön. Se saattaa rikkoa Internet-yhteyden (oletusreitityksen), kun pluto-" +"taustaohjelma käynnistyy." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "Internet Key Exchange -protokollan version 1 tuki vaatii, että pluto-" +#~ "taustaohjelma on käynnissä." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "Käynnistetäänkö strongSwanin IKEv2-taustaohjelma?" + +#, fuzzy +#~| msgid "When to start strongSwan:" +#~ msgid "Do you wish to restart strongSwan?" +#~ msgstr "Koska strongSwan käynnistetään:" + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "Please enter the location of your X509 certificate in PEM format:" +#~ msgstr "" +#~ "Anna PEM-muodossa olevan, X.509-varmenteen sisältävän tiedoston " +#~ "täydellinen polku." + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "Please enter the location of your X509 private key in PEM format:" +#~ msgstr "" +#~ "Anna PEM-muodossa olevan, X.509-varmenteen sisältävän tiedoston " +#~ "täydellinen polku." + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "You may now enter the location of your X509 RootCA in PEM format:" +#~ msgstr "" +#~ "Anna PEM-muodossa olevan, X.509-varmenteen sisältävän tiedoston " +#~ "täydellinen polku." + +#, fuzzy +#~| msgid "" +#~| "Please enter the two-letter ISO3166 country code that should be used in " +#~| "the certificate request." +#~ msgid "" +#~ "Please enter the 2 letter country code for your country. This code will " +#~ "be placed in the certificate request." +#~ msgstr "" +#~ "Anna varmennepyynnössä käytettävä kaksikirjaiminen ISO-3166-maakoodi." + +#, fuzzy +#~| msgid "" +#~| "Please enter the locality name (often a city) that should be used in the " +#~| "certificate request." +#~ msgid "" +#~ "Please enter the locality (e.g. city) where you live. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Anna varmennepyynnössä käytettävä paikkakunnan nimi (usein kaupunki)." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization name (often a company) that should be used " +#~| "in the certificate request." +#~ msgid "" +#~ "Please enter the organization (e.g. company) that the X509 certificate " +#~ "should be created for. This name will be placed in the certificate " +#~ "request." +#~ msgstr "Anna varmennepyynnössä käytettävä järjestön nimi (usein yritys)." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organizational unit name (often a department) that " +#~| "should be used in the certificate request." +#~ msgid "" +#~ "Please enter the organizational unit (e.g. section) that the X509 " +#~ "certificate should be created for. This name will be placed in the " +#~ "certificate request." +#~ msgstr "" +#~ "Valitse varmennepyynnössä käytettävä järjestön yksikkö (usein osasto)." + +#, fuzzy +#~| msgid "" +#~| "Please enter the common name (such as the host name of this machine) " +#~| "that should be used in the certificate request." +#~ msgid "" +#~ "Please enter the common name (e.g. the host name of this machine) for " +#~ "which the X509 certificate should be created for. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Anna varmennepyynnössä käytettävä yleinen nimi (kuten tämän koneen " +#~ "verkkonimi)." + +#~ msgid "earliest" +#~ msgstr "mahdollisimman aikaisin" + +#~ msgid "after NFS" +#~ msgstr "NFS:n jälkeen" + +#~ msgid "after PCMCIA" +#~ msgstr "PCMCIA:n jälkeen" + +#~ msgid "" +#~ "StrongSwan starts during system startup so that it can protect " +#~ "filesystems that are automatically mounted." +#~ msgstr "" +#~ "StrongSwan käynnistetään järjestelmän käynnistyessä, jotta se voi " +#~ "suojella automaattisesti liitettäviä levyjärjestelmiä." + +#~ msgid "" +#~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" +#~ " PCMCIA network card, it is best to start strongSwan as soon as\n" +#~ " possible, so that NFS mounts can be secured by IPSec;\n" +#~ " * after NFS: recommended when /usr is mounted through NFS and no\n" +#~ " PCMCIA network card is used;\n" +#~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" +#~ " network card or if it needs keys to be fetched from a locally running " +#~ "DNS\n" +#~ " server with DNSSec support." +#~ msgstr "" +#~ "* mahdollisimman aikaisin: Jos hakemistoa /usr ei liitetä NFS:n avulla,\n" +#~ " eikä käytössä ole PCMCIA-verkkokortteja, strongSwan kannattaa\n" +#~ " käynnistää mahdollisimman aikaisin, jotta liitettävät NFS-järjestelmät\n" +#~ " voidaan suojata IPSecillä.\n" +#~ "* NFS:n jälkeen: suositeltava, kun käytössä ei ole PCMCIA-verkkokortteja\n" +#~ " ja /usr liitetään NFS:n avulla.\n" +#~ "* PCMCIA:n jälkeen: suositeltava, jos IPSec-yhteys käyttää\n" +#~ " PCMCIA-verkkokorttia tai hakee avaimia paikalliselta DNS-palvelimelta\n" +#~ " DNSSec-tuen avulla." + +#~ msgid "" +#~ "If you don't restart strongSwan now, you should do so manually at the " +#~ "first opportunity." +#~ msgstr "" +#~ "Jos et käynnistä strongSwania nyt uudelleen, tee se käsin mahdollisimman " +#~ "pian." + +#~ msgid "Create an RSA public/private keypair for this host?" +#~ msgstr "" +#~ "Luodaanko tälle koneelle julkisesta ja salaisesta avaimesta koostuva RSA-" +#~ "avainpari?" + +#~ msgid "" +#~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " +#~ "authenticate IPSec connections to other hosts. RSA authentication is " +#~ "generally considered more secure and is easier to administer. You can use " +#~ "PSK and RSA authentication simultaneously." +#~ msgstr "" +#~ "StrongSwan voi käyttää ennalta vaihdettua avainta (Pre-Shared Key, PSK) " +#~ "tai RSA-avainparia varmentaessaan IPSec-yhteyksiä toisiin koneisiin. RSA-" +#~ "varmennusta pidetään yleisesti turvallisempana ja helpommin " +#~ "ylläpidettävänä. PSK- ja RSA-varmennuksia voidaan käyttää yhtä aikaa." + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Jos et halua luoda uutta avainparia, voi valita olemassa olevan parin " +#~ "seuraavassa vaiheessa." + +#~ msgid "" +#~ "The required information can automatically be extracted from an existing " +#~ "X.509 certificate with a matching RSA private key. Both parts can be in " +#~ "one file, if it is in PEM format. You should choose this option if you " +#~ "have such an existing certificate and key file and want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "Vaadittavat tiedot voidaan automaattisesti erottaa olemassa olevasta " +#~ "X.509-varmennetiedostosta täsmäävällä salaisella RSA-avaimella. Avaimen " +#~ "molemmat osat voivat olla samassa tiedostossa, jos se on PEM-muodossa. " +#~ "Valitse tämä vaihtoehto, jos tällaiset varmenne- ja avaintiedostot ovat " +#~ "olemassa ja haluat käyttää niitä IPSec-yhteyksien varmentamiseen." + +#~ msgid "RSA key length:" +#~ msgstr "RSA-avaimen pituus:" + +#~ msgid "" +#~ "Please enter the length of RSA key you wish to generate. A value of less " +#~ "than 1024 bits is not considered secure. A value of more than 2048 bits " +#~ "will probably affect performance." +#~ msgstr "" +#~ "Anna luotavan RSA-avaimen pituus. 1024 bittiä lyhyempiä avaimia ei pidetä " +#~ "turvallisina. 2048 bittiä pidemmät avaimet luultavasti heikentävät " +#~ "suorituskykyä." + +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a certificate authority is needed to sign the certificate " +#~ "request." +#~ msgstr "" +#~ "Vain itseallekirjoitettu X.509-varmenne voidaan luoda automaattisesti, " +#~ "koska muussa tapauksessa tarvitaan ulkoinen varmentaja allekirjoittamaan " +#~ "varmennepyyntö." + +#~ msgid "" +#~ "If you accept this option, the certificate created can be used " +#~ "immediately to connect to other IPSec hosts that support authentication " +#~ "via an X.509 certificate. However, using strongSwan's PKI features " +#~ "requires a trust path to be created by having all X.509 certificates " +#~ "signed by a single authority." +#~ msgstr "" +#~ "Jos valitset tämän vaihtoehdon, luotua varmennetta voidaan heti käyttää " +#~ "yhteyksien ottamiseen toisiin IPSEc-koneisiin, jotka tukevat " +#~ "varmentamista X.509-varmenteilla. StrongSwanin PKI-ominaisuuksien käyttö " +#~ "kuitenkin vaatii varmennuspolun, jossa sama varmentaja on " +#~ "allekirjoittanut kaikki X.509-varmenteet." + +#~ msgid "" +#~ "This field is mandatory; otherwise a certificate cannot be generated." +#~ msgstr "Tämä kenttä on pakollinen. Ilman sitä varmennetta ei voida luoda." diff --git a/debian/po/fr.po b/debian/po/fr.po new file mode 100644 index 000000000..1440912e3 --- /dev/null +++ b/debian/po/fr.po @@ -0,0 +1,1032 @@ +# Translation of strongswan debconf templates to French +# Copyright (C) 2005-2007 Christian Perrier <bubulle@debian.org> +# This file is distributed under the same license as the strongswan package. +# +# Christian Perrier <bubulle@debian.org>, 2005-2007, 2009, 2010. +msgid "" +msgstr "" +"Project-Id-Version: strongswan\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2010-06-24 22:17+0200\n" +"Last-Translator: Christian Perrier <bubulle@debian.org>\n" +"Language-Team: French <debian-l10n-french@lists.debian.org>\n" +"Language: fr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.0\n" +"Plural-Forms: Plural-Forms: nplurals=2; plural=n>1;\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Abandon de l'ancien système de lancement" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Les versions précédentes du paquet de stronSwan permettaient de choisir " +"entre trois séquences possibles de lancement au démarrage de la machine. " +"Comme l'organisation générale des scripts de lancement a été profondément " +"modifiée dans le système, cela n'est désormais plus utile. Pour toutes les " +"nouvelles installations, ainsi que pour les anciennes qui fonctionnaient " +"selon un des trois modes prédéfinis, une séquence de lancement sûre va être " +"mise en place. Si vous effectuez une mise à jour et aviez modifié les " +"paramètres de lancement de strongSwan, veuillez consulter le fichier NEWS." +"Debian pour trouver les informations qui vous permettront d'adapter vos " +"réglages." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Faut-il redémarrer StrongSwan maintenant ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Redémarrer strongSwan est préférable car un éventuel correctif de sécurité " +"ne prendra effet que si le démon est redémarré. La plupart des utilisateurs " +"s'attendent à ce que le démon redémarre et c'est donc le plus souvent le " +"meilleur choix. Cependant, cela pourrait interrompre provisoirement des " +"connexions en cours, y compris la connexion utilisée actuellement pour cette " +"mise à jour. En conséquence, il est déconseillé de redémarrer si le tunnel " +"est utilisé pour l'administration du système." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "Faut-il démarrer le démon charon de StrongSwan ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Le démon « charon » doit fonctionner pour que le protocole IKE " +"(Internet Key Exchange) puisse être géré." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Faut-il utiliser un certificat X.509 existant avec cet hôte ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Un certificat X.509 peut être créé automatiquement ou importé, pour cet " +"hôte. Il peut servir à authentifier des connexions IPSec vers d'autres " +"hôtes, ce qui est la méthode conseillée pour l'établissement de liaisons " +"IPSec sûres. L'autre possibilité d'authentification à la connexion est " +"l'utilisation d'un secret partagé (« pre-shared key » : des mots de passe " +"identiques aux deux extrémités du tunnel). Toutefois, pour de nombreuses " +"connexions, l'authentification à base de clés est plus simple à administrer " +"et plus sûre." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Vous pouvez ne pas choisir cette option et y revenir plus tard avec la " +"commande « dpkg-reconfigure strongswan »." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "Créer" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "Importer" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"Méthode de mise en place d'un certificat X.509 pour l'authentification de " +"cet hôte :" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Pour l'authentification des connexions IPsec, il est possible de créer un " +"nouveau certificat X.509 avec des réglages personnalisés ou importer une " +"paire de clés publique et privée depuis un ou plusieurs fichiers PEM." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Si vous choisissez de créer un nouveau certificat X.509, vous devrez fournir " +"plusieurs informations avant la création. Veuillez noter que si vous " +"souhaitez utiliser un certificat signé par une autorité de certification, " +"vous ne devez pas choisir de créer un certificat auto-signé et devrez donner " +"exactement les réponses souhaitées par l'autorité de certification sinon la " +"requête de certificat risquerait d'être rejetée." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Si vous souhaitez importer une paire de clés, vous devrez en fournir les " +"noms de fichiers (qui peuvent être identiques si les parties privée et " +"publique sont dans le même fichier). Vous pourrez facultativement fournir le " +"nom d'un fichier contenant la ou les clés publiques de l'autorité de " +"certification. Ce fichier devra être différent des précédents. Le format des " +"certificats X.509 doit être PEM et la clé privée ne doit pas être chiffrée. " +"Dans le cas contraire, l'importation échouera." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Nom du fichier PEM contenant le certificat X.509 :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Veuillez indiquer l'emplacement du fichier contenant votre certificat X.509 " +"au format PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Nom du fichier PEM contenant la clé privée X.509 :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Veuillez indiquer l'emplacement du fichier contenant la clé privée RSA " +"correspondant au certificat X.509 au format PEM. Cela peut être le fichier " +"qui contient le certificat X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "" +"Nom du fichier PEM contenant le certificat X.509 de l'autorité de " +"certification :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Veuillez indiquer facultativement l'emplacement du fichier (au format PEM) " +"contenant le certificat X.509 de l'autorité de certification qui a signé le " +"certificat que vous avez fourni. Si vous n'utilisez pas d'autorité de " +"certification, vous pouvez laisser ce champ vide. Veuillez noter que ce " +"fichier doit être différent du fichier de certificat X.509 et de la clé " +"privée que vous utilisez." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Longueur de la clé RSA à créer :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Veuillez indiquer la longueur de la clé RSA qui sera créée. Elle ne doit pas " +"être inférieure à 1024 bits car cela serait considéré comme insuffisamment " +"sûr. Un choix excédant 4096 bits est probablement inutile car cela ne fait " +"essentiellement que ralentir le processus d'authentification sans avoir " +"d'intérêt actuellement." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Souhaitez-vous créer un certificat X.509 auto-signé ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Seuls des certificats X.509 auto-signés peuvent être créés automatiquement " +"puisqu'une autorité de certification est indispensable pour signer la " +"demande de certificat. Si vous choisissez de créer un certificat auto-signé, " +"vous pourrez vous en servir immédiatement pour vous connecter aux hôtes qui " +"authentifient les connexions IPsec avec des certificats X.509. Cependant, si " +"vous souhaitez utiliser les nouvelles fonctionnalités PKI de strongSwan, " +"vous aurez besoin que tous les certificats soient signés par la même " +"autorité de certification afin de créer un chemin de confiance." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Si vous ne voulez pas créer de certificat auto-signé, seules la clé privée " +"RSA et la demande de certificat seront créées et vous devrez ensuite faire " +"signer la demande de certificat par votre autorité de certification." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "Code du pays pour la demande de certificat X.509 :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Veuillez indiquer le code à deux lettres du pays où est situé le serveur " +"(p. ex. « FR » pour la France)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"Il est impératif de choisir ici un code de pays ISO-3166 valable sinon " +"OpenSSL refusera de créer les certificats. Tous les autres champs d'un " +"certificat X.509 peuvent être vides, sauf celui-ci." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "État ou province pour la demande de certificat X.509 :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Veuillez indiquer le nom complet de l'état ou de la province qui sera inclus " +"dans la demande de certificat (p. ex. « Québec »)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Localité pour la demande de certificat X.509 :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Veuillez indiquer la localité où est situé le serveur (ce sera souvent une " +"ville, comme « Montcuq »)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Organisme pour la demande de certificat X.509 :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Veuillez indiquer l'organisme propriétaire du serveur (p. ex. « Debian »)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Unité d'organisation pour la demande de certificat X.509 :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Veuillez indiquer l'unité d'organisation pour la demande de certificat X.509 " +"(p. ex. « Équipe sécurité »)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Nom ordinaire pour la demande de certification X.509 :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Veuillez indiquer le nom ordinaire de ce serveur (ce sera souvent son nom " +"réseau)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "Adresse électronique pour la demande de certificat X.509 :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Veuillez indiquer l'adresse électronique de la personne ou de l'organisme " +"responsable du certificat X.509." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Faut-il activer le chiffrement opportuniste ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Cette version de strongSwan gère le chiffrement opportuniste (OE) qui " +"conserve les informations d'authentification IPSec dans des enregistrements " +"DNS. Tant que cette fonctionnalité n'est pas déployée largement, l'activer " +"augmentera notablement la durée d'établissement des connexions sortantes." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Vous ne devriez l'activer que s'il est indispensable de l'utiliser. Il est " +"possible que cela coupe la connexion Internet (la route par défaut) au " +"moment où le démon démarre." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "Le démon « pluto » doit fonctionner pour que la version 1 du protocole " +#~ "IKE (Internet Key Exchange) puisse être gérée." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "Faut-il démarrer le démon IKEv2 de StrongSwan ?" + +#, fuzzy +#~ msgid "Do you wish to restart strongSwan?" +#~ msgstr "Moment de démarrage de strongSwan :" + +#~ msgid "Please enter the location of your X509 certificate in PEM format:" +#~ msgstr "Emplacement du certificat X509 :" + +#~ msgid "Please enter the location of your X509 private key in PEM format:" +#~ msgstr "Emplacement de la clé privée X509 :" + +#~ msgid "You may now enter the location of your X509 RootCA in PEM format:" +#~ msgstr "Emplacement du certificat X509 de l'autorité de certification :" + +#~ msgid "" +#~ "Please enter the 2 letter country code for your country. This code will " +#~ "be placed in the certificate request." +#~ msgstr "" +#~ "Veuillez indiquer le code à deux lettres de votre pays. Ce code sera " +#~ "inclus dans la demande de certificat." + +#~ msgid "" +#~ "Please enter the locality (e.g. city) where you live. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Veuillez indiquer la localité (p. ex. la ville) où vous résidez. Ce nom " +#~ "sera inclus dans la demande de certificat." + +#~ msgid "" +#~ "Please enter the organization (e.g. company) that the X509 certificate " +#~ "should be created for. This name will be placed in the certificate " +#~ "request." +#~ msgstr "" +#~ "Veuillez indiquer l'organisme (p. ex. l'entreprise) pour qui sera créé le " +#~ "certificat X509. Ce nom sera inclus dans la demande de certificat." + +#~ msgid "" +#~ "Please enter the organizational unit (e.g. section) that the X509 " +#~ "certificate should be created for. This name will be placed in the " +#~ "certificate request." +#~ msgstr "" +#~ "Veuillez indiquer l'unité d'organisation (p. ex. département, division, " +#~ "etc.) pour qui sera créé le certificat X509. Ce nom sera inclus dans la " +#~ "demande de certificat." + +#~ msgid "" +#~ "Please enter the common name (e.g. the host name of this machine) for " +#~ "which the X509 certificate should be created for. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Veuillez indiquer le nom ordinaire (p. ex. le nom réseau de cette " +#~ "machine) pour qui sera créé le certificat X509. Ce nom sera inclus dans " +#~ "la demande de certificat." + +#~ msgid "earliest" +#~ msgstr "Le plus tôt possible" + +#~ msgid "after NFS" +#~ msgstr "Après NFS" + +#~ msgid "after PCMCIA" +#~ msgstr "Après PCMCIA" + +#~ msgid "" +#~ "StrongSwan starts during system startup so that it can protect " +#~ "filesystems that are automatically mounted." +#~ msgstr "" +#~ "StrongSwan est lancé au démarrage du système afin de pouvoir protéger les " +#~ "systèmes de fichiers qui sont montés automatiquement." + +#~ msgid "" +#~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" +#~ " PCMCIA network card, it is best to start strongSwan as soon as\n" +#~ " possible, so that NFS mounts can be secured by IPSec;\n" +#~ " * after NFS: recommended when /usr is mounted through NFS and no\n" +#~ " PCMCIA network card is used;\n" +#~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" +#~ " network card or if it needs keys to be fetched from a locally running " +#~ "DNS\n" +#~ " server with DNSSec support." +#~ msgstr "" +#~ " - Le plus tôt possible : conseillé si /usr n'est pas monté par NFS\n" +#~ " et que vous n'utilisez pas de carte réseau PCMCIA ;\n" +#~ " - Après NFS : recommandé si /usr est un montage NFS et qu'aucune\n" +#~ " carte réseau PCMCIA n'est utilisée ;\n" +#~ " - après PCMCIA : recommandé si la connexion IPSec utilise une carte\n" +#~ " réseau PCMCIA ou s'il est nécessaire de récupérer des clés\n" +#~ " depuis un serveur DNS qui gère DNSSec." + +#~ msgid "" +#~ "If you don't restart strongSwan now, you should do so manually at the " +#~ "first opportunity." +#~ msgstr "" +#~ "Si vous ne redémarrez pas StrongSwan maintenant, il est conseillé de le " +#~ "faire manuellement dès que possible." + +#~ msgid "Create an RSA public/private keypair for this host?" +#~ msgstr "" +#~ "Faut-il créer une paire de clés RSA publique et privée pour cet hôte ?" + +#~ msgid "" +#~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " +#~ "authenticate IPSec connections to other hosts. RSA authentication is " +#~ "generally considered more secure and is easier to administer. You can use " +#~ "PSK and RSA authentication simultaneously." +#~ msgstr "" +#~ "StrongSwan peut utiliser une clé secrète partagée (PSK : « Pre-Shared " +#~ "Key ») ou une paire de clés RSA pour gérer l'authentification des " +#~ "connexions IPSec vers d'autres hôtes. L'authentification RSA est en " +#~ "général considérée comme plus sûre et plus simple à administrer. Les deux " +#~ "modes d'authentification peuvent être utilisés en même temps." + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Si vous ne souhaitez pas créer une paire de clés publique et privée, vous " +#~ "pouvez choisir d'en utiliser une existante." + +#~ msgid "" +#~ "The required information can automatically be extracted from an existing " +#~ "X.509 certificate with a matching RSA private key. Both parts can be in " +#~ "one file, if it is in PEM format. You should choose this option if you " +#~ "have such an existing certificate and key file and want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "L'information nécessaire peut être récupérée depuis un fichier de " +#~ "certificat X.509 existant, avec la clé privée RSA correspondante. Les " +#~ "deux parties peuvent se trouver dans un seul fichier, s'il est en format " +#~ "PEM. Vous devriez choisir cette option si vous possédez un tel certificat " +#~ "ainsi que la clé privée, et si vous souhaitez vous en servir pour " +#~ "l'authentification des connexions IPSec." + +#~ msgid "RSA key length:" +#~ msgstr "Taille de la clé RSA :" + +#~ msgid "" +#~ "Please enter the length of RSA key you wish to generate. A value of less " +#~ "than 1024 bits is not considered secure. A value of more than 2048 bits " +#~ "will probably affect performance." +#~ msgstr "" +#~ "Veuillez indiquer la taille de la clé RSA que vous souhaitez créer. Une " +#~ "valeur inférieure à 1024 bits n'est pas considérée comme sûre. Une valeur " +#~ "supérieure à 2048 bits risque d'altérer les performances." + +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a certificate authority is needed to sign the certificate " +#~ "request." +#~ msgstr "" +#~ "Seuls les certificats X.509 auto-signés peuvent être créés " +#~ "automatiquement car, pour les autres certificats, une autorité de " +#~ "certification est indispensable." + +#~ msgid "" +#~ "If you accept this option, the certificate created can be used " +#~ "immediately to connect to other IPSec hosts that support authentication " +#~ "via an X.509 certificate. However, using strongSwan's PKI features " +#~ "requires a trust path to be created by having all X.509 certificates " +#~ "signed by a single authority." +#~ msgstr "" +#~ "Si vous choisissez cette option, le certificat qui sera créé pourra être " +#~ "utilisé immédiatement pour la connexion à d'autres hôtes IPSec qui gèrent " +#~ "l'authentification par certificat X.509. Cependant l'utilisation des " +#~ "fonctionnalités PKI (« Public Key Infrastructure » : infrastructure " +#~ "publique de clés) de strongSwan impose la création d'un chemin de " +#~ "confiance avec tous les certificats X.509 signés par la même autorité de " +#~ "certification." + +#~ msgid "" +#~ "This field is mandatory; otherwise a certificate cannot be generated." +#~ msgstr "" +#~ "Ce champ est obligatoire, sinon le certificat ne pourra pas être créé." + +#~| msgid "" +#~| "Previous versions of the Openswan package allowed the user to choose " +#~| "between three different Start/Stop-Levels. Due to changes in the " +#~| "standard system startup procedure, this is no longer necessary and " +#~| "useful. For all new installations as well as old ones running in any of " +#~| "the predefined modes, sane default levels set will now be set. If you " +#~| "are upgrading from a previous version and changed your Openswan startup " +#~| "parameters, then please take a look at NEWS.Debian for instructions on " +#~| "how to modify your setup accordingly." +#~ msgid "" +#~ "Previous versions of the Openswan package gave a choice between three " +#~ "different Start/Stop-Levels. Due to changes in the standard system " +#~ "startup procedure, this is no longer necessary or useful. For all new " +#~ "installations as well as old ones running in any of the predefined modes, " +#~ "sane default levels will now be set. If you are upgrading from a previous " +#~ "version and changed your Openswan startup parameters, then please take a " +#~ "look at NEWS.Debian for instructions on how to modify your setup " +#~ "accordingly." +#~ msgstr "" +#~ "Les versions précédentes du paquet d'Openswan permettaient de choisir " +#~ "entre trois séquences possibles de lancement au démarrage de la machine. " +#~ "Comme l'organisation générale des scripts de lancement a été profondément " +#~ "modifiée dans le système, cela n'est désormais plus utile. Pour toutes " +#~ "les nouvelles installations, ainsi que pour les anciennes qui " +#~ "fonctionnaient selon un des trois modes prédéfinis, une séquence de " +#~ "lancement sûre va être mise en place. Si vous effectuez une mise à jour " +#~ "et aviez modifié les paramètres de lancement d'Openswan, veuillez " +#~ "consulter le fichier NEWS.Debian pour trouver les informations qui vous " +#~ "permettront d'adapter vos réglages." + +#~| msgid "Do you wish to restart Openswan?" +#~ msgid "Restart Openswan now?" +#~ msgstr "Souhaitez-vous redémarrer Openswan ?" + +#~| msgid "" +#~| "Restarting Openswan is a good idea, since if there is a security fix, it " +#~| "will not be fixed until the daemon restarts. Most people expect the " +#~| "daemon to restart, so this is generally a good idea. However, this might " +#~| "take down existing connections and then bring them back up (including " +#~| "the connection currently used for this update, so it is recommended not " +#~| "to restart if you are using any of the tunnel for administration)." +#~ msgid "" +#~ "Restarting Openswan is recommended, since if there is a security fix, it " +#~ "will not be applied until the daemon restarts. Most people expect the " +#~ "daemon to restart, so this is generally a good idea. However, this might " +#~ "take down existing connections and then bring them back up, so if you are " +#~ "using such an Openswan tunnel to connect for this update, restarting is " +#~ "not recommended." +#~ msgstr "" +#~ "Redémarrer Openswan est préférable car un éventuel correctif de sécurité " +#~ "ne sera actif que si le démon est redémarré. La plupart des utilisateurs " +#~ "s'attendent à ce que le démon redémarre et c'est donc le plus souvent le " +#~ "meilleur choix. Cependant, cela pourrait interrompre provisoirement des " +#~ "connexions en cours, y compris la connexion utilisée actuellement pour " +#~ "cette mise à jour. En conséquence, il est déconseillé de redémarrer si le " +#~ "tunnel est utilisé pour l'administration du système." + +#~| msgid "" +#~| "If you do not want to this now you can answer \"No\" and later use the " +#~| "command \"dpkg-reconfigure openswan\" to come back." +#~ msgid "" +#~ "Alternatively you can reject this option and later use the command \"dpkg-" +#~ "reconfigure openswan\" to come back." +#~ msgstr "" +#~ "Vous pouvez ne pas choisir cette option et y revenir plus tard avec la " +#~ "commande « dpkg-reconfigure openswan »." + +#~ msgid "Length of RSA key to be created:" +#~ msgstr "Longueur de la clé RSA à créer :" + +#~| msgid "" +#~| "Please enter the length of the created RSA key. It should not be less " +#~| "than 1024 bits because this should be considered unsecure and you will " +#~| "probably not need anything more than 4096 bits because it only slows the " +#~| "authentication process down and is not needed at the moment." +#~ msgid "" +#~ "Please enter the required RSA key-length. Anything under 1024 bits should " +#~ "be considered insecure; anything more than 4096 bits slows down the " +#~ "authentication process and is not useful at present." +#~ msgstr "" +#~ "Veuillez indiquer la longueur de la clé RSA qui sera créée. Elle ne doit " +#~ "pas être inférieure à 1024 bits car cela serait considéré comme " +#~ "insuffisamment sûr. Un choix excédant 4096 bits est probablement inutile " +#~ "car cela ne fait essentiellement que ralentir le processus " +#~ "d'authentification sans avoir d'intérêt actuellement." + +#~| msgid "" +#~| "This installer can only create self-signed X509 certificates " +#~| "automatically, because otherwise a certificate authority is needed to " +#~| "sign the certificate request. If you want to create a self-signed " +#~| "certificate, you can use it immediately to connect to other IPsec hosts " +#~| "that support X509 certificate for authentication of IPsec connections. " +#~| "However, if you want to use the new PKI features of Openswan >= 1.91, " +#~| "you will need to have all X509 certificates signed by a single " +#~| "certificate authority to create a trust path." +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a Certificate Authority is needed to sign the certificate " +#~ "request. If you choose to create a self-signed certificate, you can use " +#~ "it immediately to connect to other IPsec hosts that support X.509 " +#~ "certificate for authentication of IPsec connections. However, using " +#~ "Openswan's PKI features requires all certificates to be signed by a " +#~ "single Certificate Authority to create a trust path." +#~ msgstr "" +#~ "Seuls des certificats X.509 auto-signés peuvent être créés " +#~ "automatiquement puisqu'une autorité de certification est indispensable " +#~ "pour signer la demande de certificat. Si vous choisissez de créer un " +#~ "certificat auto-signé, vous pourrez vous en servir immédiatement pour " +#~ "vous connecter aux hôtes qui authentifient les connexions IPsec avec des " +#~ "certificats X.509. Cependant, si vous souhaitez utiliser les nouvelles " +#~ "fonctionnalités PKI d'Openswan, vous aurez besoin que tous les " +#~ "certificats soient signés par la même autorité de certification afin de " +#~ "créer un chemin de confiance." + +#~ msgid "Modification of /etc/ipsec.conf" +#~ msgstr "Modification de /etc/ipsec.conf" + +#~| msgid "" +#~| "Due to a change in upstream Openswan, opportunistic encryption is no " +#~| "longer enabled by default. The no_oe.conf file that was shipped in " +#~| "earlier versions to explicitly disable it can therefore no longer be " +#~| "included by ipsec.conf. A respective include paragraph will now be " +#~| "automatically removed to ensure that Openswan can start correctly." +#~ msgid "" +#~ "Due to a change in upstream Openswan, opportunistic encryption is no " +#~ "longer enabled by default. The no_oe.conf file that was shipped in " +#~ "earlier versions to explicitly disable it can therefore no longer be " +#~ "included by ipsec.conf. Any such include paragraph will now be " +#~ "automatically removed to ensure that Openswan can start correctly." +#~ msgstr "" +#~ "En raison de modifications dans la version amont d'Openswan, le " +#~ "chiffrement opportuniste n'est plus activé par défaut. Le fichier no_oe." +#~ "conf qui était fourni avec les versions précédentes pour le désactiver " +#~ "explicitement ne peut donc plus être inclus dans ipsec.conf. Toute " +#~ "instruction d'inclusion de ce fichier sera automatiquement retirée afin " +#~ "qu'Openswan puisse démarrer correctement." + +#~ msgid "Example: AT" +#~ msgstr "Exemple : FR" + +#~ msgid "" +#~ "Please enter the state or province name for the X509 certificate request:" +#~ msgstr "État, province ou région :" + +#~ msgid "" +#~ "Please enter the full name of the state or province you live in. This " +#~ "name will be placed in the certificate request." +#~ msgstr "" +#~ "Veuillez indiquer le nom complet de l'état, de la province ou de la " +#~ "région où vous résidez. Ce nom sera inclus dans la demande de certificat." + +#~ msgid "Example: Upper Austria" +#~ msgstr "" +#~ "Exemples : Rhône-Alpes, Brabant Wallon, Bouches du Rhône, Québec, Canton " +#~ "de Vaud" + +#~ msgid "Example: Vienna" +#~ msgstr "Exemple : Saint-Étienne" + +#~ msgid "Example: Debian" +#~ msgstr "Exemple : Debian" + +#~ msgid "Example: security group" +#~ msgstr "Exemple : Département Réseaux et Informatique Scientifique" + +#~ msgid "Example: gateway.debian.org" +#~ msgstr "Exemple : gateway.debian.org" + +#~ msgid "Do you want to create a RSA public/private keypair for this host?" +#~ msgstr "" +#~ "Souhaitez-vous créer une paire de clés RSA publique et privée pour cet " +#~ "hÃŽte ?" + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one." +#~ msgstr "" +#~ "Si vous ne souhaitez pas créer une paire de clés publique et privée, " +#~ "vous pouvez choisir d'en utiliser une existante." + +#~ msgid "x509" +#~ msgstr "X509" + +#~ msgid "plain" +#~ msgstr "Simple paire" + +#~ msgid "" +#~ "It is possible to create a plain RSA public/private keypair for use with " +#~ "Openswan or to create a X509 certificate file which contains the RSA " +#~ "public key and additionally stores the corresponding private key." +#~ msgstr "" +#~ "Il est possible de créer une simple paire de clés destinée à être " +#~ "utilisée avec Openswan ou de créer un fichier de certificat X509 qui " +#~ "contient la clé publique RSA et de conserver la clé privée " +#~ "correspondante par ailleurs." + +#, fuzzy +#~| msgid "" +#~| "If you only want to build up IPSec connections to hosts also running " +#~| "Openswan, it might be a bit easier using plain RSA keypairs. But if you " +#~| "want to connect to other IPSec implementations, you will need a X509 " +#~| "certificate. It is also possible to create a X509 certificate here and " +#~| "extract the RSA public key in plain format if the other side runs " +#~| "Openswan without X509 certificate support." +#~ msgid "" +#~ "If you only want to create IPsec connections to hosts also running " +#~ "Openswan, it might be a bit easier using plain RSA keypairs. But if you " +#~ "want to connect to other IPsec implementations, you will need a X509 " +#~ "certificate. It is also possible to create a X509 certificate here and " +#~ "extract the RSA public key in plain format if the other side runs " +#~ "Openswan without X509 certificate support." +#~ msgstr "" +#~ "Si vous ne prévoyez d'établir des connexions IPSec qu'avec des hÃŽtes " +#~ "utilisant Openswan, il sera probablement plus facile d'utiliser des clés " +#~ "RSA simples. Mais si vous souhaitez vous connecter à des hÃŽtes " +#~ "utilisant d'autres implémentations d'IPSec, vous aurez besoin d'un " +#~ "certificat X509. Il est également possible de créer un certificat X509 " +#~ "puis d'en extraire une simple clé publique RSA, si l'autre extrémité " +#~ "de la connexion utilise Openswan sans la gestion des certificats X509." + +#, fuzzy +#~| msgid "" +#~| "Therefore a X509 certificate is recommended since it is more flexible " +#~| "and this installer should be able to hide the complex creation of the " +#~| "X509 certificate and its use in Openswan anyway." +#~ msgid "" +#~ "Therefore a X509 certificate is recommended since it is more flexible and " +#~ "this installer should be able to hide the complex creation of the X509 " +#~ "certificate and its use in Openswan." +#~ msgstr "" +#~ "Ainsi, il vous est conseillé d'utiliser un certificat X509 car cette " +#~ "méthode est plus souple. Cet outil d'installation devrait vous " +#~ "simplifier la tâche de création et d'utilisation de ce certificat X509." + +#, fuzzy +#~| msgid "" +#~| "This installer can automatically extract the needed information from an " +#~| "existing X509 certificate with a matching RSA private key. Both parts " +#~| "can be in one file, if it is in PEM format. Do you have such an existing " +#~| "certificate and key file and want to use it for authenticating IPSec " +#~| "connections?" +#~ msgid "" +#~ "This installer can automatically extract the needed information from an " +#~ "existing X509 certificate with a matching RSA private key. Both parts can " +#~ "be in one file, if it is in PEM format. If you have such an existing " +#~ "certificate and key file please select if want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "Cet outil d'installation est capable d'extraire automatiquement " +#~ "l'information nécessaire d'un fichier de certificat X509 existant, avec " +#~ "la clé privée RSA correspondante. Les deux parties peuvent se trouver " +#~ "dans un seul fichier, s'il est en format PEM. Indiquez si vous possédez " +#~ "un tel certificat ainsi que la clé privée, et si vous souhaitez vous en " +#~ "servir pour l'authentification des connexions IPSec." + +#~ msgid "x509, plain" +#~ msgstr "X509, Simple paire" + +#, fuzzy +#~| msgid "earliest, \"after NFS\", \"after PCMCIA\"" +#~ msgid "earliest, after NFS, after PCMCIA" +#~ msgstr "Le plus tÃŽt possible, AprÚs NFS, AprÚs PCMCIA" + +#, fuzzy +#~| msgid "" +#~| "With the current Debian startup levels (nearly everything starting in " +#~| "level 20), it is impossible for Openswan to always start at the correct " +#~| "time. There are three possibilities when Openswan can start: before or " +#~| "after the NFS services and after the PCMCIA services. The correct answer " +#~| "depends on your specific setup." +#~ msgid "" +#~ "With the default system startup levels (nearly everything starting in " +#~ "level 20), it is impossible for Openswan to always start at the correct " +#~ "time. There are three possibilities when Openswan can start: before or " +#~ "after the NFS services and after the PCMCIA services. The correct answer " +#~ "depends on your specific setup." +#~ msgstr "" +#~ "Avec les niveaux de démarrage actuellement utilisés par Debian (presque " +#~ "tout démarre au niveau 20), il est impossible de faire en sorte " +#~ "qu'Openswan démarre toujours au moment approprié. Il existe trois " +#~ "moments où il est opportun de le démarrer : avant ou aprÚs les " +#~ "services NFS, ou aprÚs les services PCMCIA. La réponse appropriée " +#~ "dépend de vos réglages spécifiques." + +#, fuzzy +#~| msgid "" +#~| "If you do not have your /usr tree mounted via NFS (either you only mount " +#~| "other, less vital trees via NFS or don't use NFS mounted trees at all) " +#~| "and don't use a PCMCIA network card, then it's best to start Openswan at " +#~| "the earliest possible time, thus allowing the NFS mounts to be secured " +#~| "by IPSec. In this case (or if you don't understand or care about this " +#~| "issue), answer \"earliest\" to this question (the default)." +#~ msgid "" +#~ "If the /usr tree of this system is not mounted via NFS (either you only " +#~ "mount other, less vital trees via NFS or don't use NFS mounted trees at " +#~ "all) and no PCMCIA network card is used, then it's best to start Openswan " +#~ "at the earliest possible time, thus allowing the NFS mounts to be secured " +#~ "by IPSec. In this case (or if you don't understand or care about this " +#~ "issue), answer \"earliest\" to this question (the default)." +#~ msgstr "" +#~ "Si votre arborescence /usr n'est pas un montage NFS (soit parce que vos " +#~ "montages NFS sont à d'autres endroits, moins critiques, soit parce que " +#~ "vous n'utilisez pas du tout de montage NFS) et si vous n'utilisez pas de " +#~ "carte réseau PCMCIA, il est préférable de démarrer Openswan le plus " +#~ "tÃŽt possible, ce qui permettra de sécuriser les montages NFS avec " +#~ "IPSec. Dans ce cas (ou bien si vous ne comprenez pas l'objet de la " +#~ "question ou qu'elle ne vous concerne pas), choisissez « le plus tÃŽt " +#~ "possible », qui est le choix par défaut." + +#, fuzzy +#~| msgid "" +#~| "If you have your /usr tree mounted via NFS and don't use a PCMCIA " +#~| "network card, then you will need to start Openswan after NFS so that all " +#~| "necessary files are available. In this case, answer \"after NFS\" to " +#~| "this question. Please note that the NFS mount of /usr can not be secured " +#~| "by IPSec in this case." +#~ msgid "" +#~ "If the /usr tree is mounted via NFS and no PCMCIA network card is used, " +#~ "then you will need to start Openswan after NFS so that all necessary " +#~ "files are available. In this case, answer \"after NFS\" to this question. " +#~ "Please note that the NFS mount of /usr can not be secured by IPSec in " +#~ "this case." +#~ msgstr "" +#~ "Si /usr est un montage NFS et que vous n'utilisez pas de carte réseau " +#~ "PCMCIA, vous devrez alors démarrer Openswan aprÚs les services NFS afin " +#~ "que tous les fichiers nécessaires soient disponibles. Dans ce cas, " +#~ "choisissez « AprÚs NFS ». Veuillez noter que le montage NFS de /usr " +#~ "n'est alors pas sécurisé par IPSec." + +#~ msgid "" +#~ "If you use a PCMCIA network card for your IPSec connections, then you " +#~ "only have to choose to start it after the PCMCIA services. Answer \"after " +#~ "PCMCIA\" in this case. This is also the correct answer if you want to " +#~ "fetch keys from a locally running DNS server with DNSSec support." +#~ msgstr "" +#~ "Si vous utilisez une carte PCMCIA pour vos connexions IPSec, votre seul " +#~ "choix possible est le démarrage aprÚs les services PCMCIA. Choisissez " +#~ "alors « AprÚs PCMCIA ». Faites également ce choix si vous souhaitez " +#~ "récupérer les clés d'authentification sur un serveur DNS reconnaissant " +#~ "DNSSec." + +#, fuzzy +#~| msgid "At which level do you wish to start Openswan?" +#~ msgid "Please select the level at which you wish to start Openswan:" +#~ msgstr "Ãtape de lancement d'Openswan :" + +#, fuzzy +#~| msgid "Which type of RSA keypair do you want to create?" +#~ msgid "Please select which type of RSA keypair you want to create:" +#~ msgstr "Type de paire de clés RSA à créer :" + +#~ msgid "Do you wish to enable opportunistic encryption in Openswan?" +#~ msgstr "Souhaitez-vous activer le chiffrement opportuniste dans Openswan ?" + +#~ msgid "" +#~ "Openswan comes with support for opportunistic encryption (OE), which " +#~ "stores IPSec authentication information (i.e. RSA public keys) in " +#~ "(preferably secure) DNS records. Until this is widely deployed, " +#~ "activating it will cause a significant slow-down for every new, outgoing " +#~ "connection. Since version 2.0, Openswan upstream comes with OE enabled by " +#~ "default and is thus likely to break your existing connection to the " +#~ "Internet (i.e. your default route) as soon as pluto (the Openswan keying " +#~ "daemon) is started." +#~ msgstr "" +#~ "Openswan gÚre le chiffrement opportuniste (« opportunistic " +#~ "encryption » : OE) qui permet de conserver les informations " +#~ "d'authentification IPSec (c'est-à -dire les clés publiques RSA) dans des " +#~ "enregistrements DNS, de préférence sécurisés. Tant que cette " +#~ "fonctionnalité ne sera pas déployée largement, son activation " +#~ "provoquera un ralentissement significatif pour toute nouvelle connexion " +#~ "sortante. à partir de la version 2.0, cette fonctionnalité est activée " +#~ "par défaut dans Openswan, ce qui peut interrompre le fonctionnement de " +#~ "votre connexion à l'Internet (c'est-à -dire votre route par défaut) " +#~ "dÚs le démarrage de pluto, le démon de gestion de clés d'Openswan." + +#~ msgid "" +#~ "Please choose whether you want to enable support for OE. If unsure, do " +#~ "not enable it." +#~ msgstr "" +#~ "Veuillez choisir si vous souhaitez activer la gestion du chiffrement " +#~ "opportuniste. Ne l'activez pas si vous n'êtes pas certain d'en avoir " +#~ "besoin." diff --git a/debian/po/gl.po b/debian/po/gl.po new file mode 100644 index 000000000..11125f690 --- /dev/null +++ b/debian/po/gl.po @@ -0,0 +1,671 @@ +# Copyright (C) 2009 THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the strongswan package. +# +# marce villarino <mvillarino@users.sourceforge.net>, 2009. +msgid "" +msgstr "" +"Project-Id-Version: templates_[kI6655]\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2009-05-25 14:50+0100\n" +"Last-Translator: marce villarino <mvillarino@users.sourceforge.net>\n" +"Language-Team: Galician <proxecto@trasno.ent>\n" +"Language: gl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 0.2\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Desexa reiniciar strongSwan agora?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +#, fuzzy +#| msgid "" +#| "Restarting strongSwan is recommended, because if there is a security fix, " +#| "it will not be applied until the daemon restarts. However, this might " +#| "close existing connections and then bring them back up." +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Recoméndase reiniciar strongSwan porque se houbese algunha actualización de " +"seguridade non se aplicará até que se reinicie o daemon. Porén, pode pechar " +"as conexións existentes e logo volver a recuperalas." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +#, fuzzy +#| msgid "Start strongSwan's IKEv1 daemon?" +msgid "Start strongSwan's charon daemon?" +msgstr "Desexa iniciar o daemon IKEv1 de strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +#, fuzzy +#| msgid "" +#| "The charon daemon must be running to support version 2 of the Internet " +#| "Key Exchange protocol." +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"O daemon charon debe estar en execución para soportar a versión 2 do " +"protocolo Internet Key Exchange." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +#, fuzzy +#| msgid "Use an existing X.509 certificate for strongSwan?" +msgid "Use an X.509 certificate for this host?" +msgstr "Desexa empregar un certificado X.509 xa existente para strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +#, fuzzy +#| msgid "File name of your X.509 certificate in PEM format:" +msgid "File name of your PEM format X.509 certificate:" +msgstr "Nome do ficheiro do certificado X.509 en formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +#, fuzzy +#| msgid "" +#| "Please enter the full location of the file containing your X.509 " +#| "certificate in PEM format." +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Indique a rota completa ao ficheiro que contén o certificado X.509 en " +"formato PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +#, fuzzy +#| msgid "File name of your existing X.509 private key in PEM format:" +msgid "File name of your PEM format X.509 private key:" +msgstr "Nome do ficheiro coa chave privada X.509 en formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +#, fuzzy +#| msgid "" +#| "Please enter the full location of the file containing the private RSA key " +#| "matching your X.509 certificate in PEM format. This can be the same file " +#| "as the X.509 certificate." +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Indique a rota completa ao ficheiro que contén a chave privada RSA que se " +"corresponde do certificado X.509 en formato PEM. Este pode ser o mesmo " +"ficheiro que o do certificado X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +#, fuzzy +#| msgid "File name of your X.509 certificate in PEM format:" +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Nome do ficheiro do certificado X.509 en formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +#, fuzzy +#| msgid "Create a self-signed X.509 certificate?" +msgid "Create a self-signed X.509 certificate?" +msgstr "Desexa crear un certificado X.509 autoasinado?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +#, fuzzy +#| msgid "" +#| "If you do not accept this option, only the RSA private key will be " +#| "created, along with a certificate request which you will need to have " +#| "signed by a certificate authority." +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Se non acepta esta opción só se creará a chave privada RSA, xunto cun pedido " +"de certificado que precisará que lle asine unha autoridade de certificación." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +#, fuzzy +#| msgid "Country code for the X.509 certificate request:" +msgid "Country code for the X.509 certificate request:" +msgstr "Código de país para o pedido do certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +#, fuzzy +#| msgid "State or province name for the X.509 certificate request:" +msgid "State or province name for the X.509 certificate request:" +msgstr "Nome do estado ou provincia para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +#, fuzzy +#| msgid "" +#| "Please enter the full name of the state or province to include in the " +#| "certificate request." +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Indique o nome completo do estado ou provincia a incluír no pedido de " +"certificado." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +#, fuzzy +#| msgid "Locality name for the X.509 certificate request:" +msgid "Locality name for the X.509 certificate request:" +msgstr "Nome de localidade para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +#, fuzzy +#| msgid "Organization name for the X.509 certificate request:" +msgid "Organization name for the X.509 certificate request:" +msgstr "Nome da organización para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +#, fuzzy +#| msgid "Organizational unit for the X.509 certificate request:" +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Unidade organizacional para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +#, fuzzy +#| msgid "Organizational unit for the X.509 certificate request:" +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "Unidade organizacional para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +#, fuzzy +#| msgid "Common name for the X.509 certificate request:" +msgid "Common Name for the X.509 certificate request:" +msgstr "Nome común para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +#, fuzzy +#| msgid "Email address for the X.509 certificate request:" +msgid "Email address for the X.509 certificate request:" +msgstr "Enderezo de correo electrónico para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +#, fuzzy +#| msgid "" +#| "Please enter the email address (for the individual or organization " +#| "responsible) that should be used in the certificate request." +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Indique o enderezo de correo electrónico (do individuo ou do responsábel da " +"organización) que se debe empregar no pedido de certificado." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Desexa activar a cifraxe oportunista?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Esta versión de strongSwan soporta a cifraxe oportunista (OE) que garda a " +"información de autenticación de IPSec en rexistros de DNS. Até que estea " +"amplamente utilizado activalo provocará un retardo significativo en cada " +"nova conexión saínte." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +#, fuzzy +#| msgid "" +#| "You should only enable opportunistic encryption if you are sure you want " +#| "it. It may break the Internet connection (default route) as the pluto " +#| "daemon starts." +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Só debería activar a cifraxe oportunista se está certo de que a desexa. Pode " +"estragar a conexión a Internet (a rota por omisión) segundo se inicie o " +"daemon pluto." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "O daemon pluto debe estar en execución para soportar a versión 1 do " +#~ "protocolo Internet Key Exchange." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "Desexa iniciar o IKEv2 de strongSwan?" + +#, fuzzy +#~| msgid "When to start strongSwan:" +#~ msgid "Do you wish to restart strongSwan?" +#~ msgstr "Cando iniciar strongSwan:" + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "Please enter the location of your X509 certificate in PEM format:" +#~ msgstr "" +#~ "Indique a rota completa ao ficheiro que contén o certificado X.509 en " +#~ "formato PEM." + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "Please enter the location of your X509 private key in PEM format:" +#~ msgstr "" +#~ "Indique a rota completa ao ficheiro que contén o certificado X.509 en " +#~ "formato PEM." + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "You may now enter the location of your X509 RootCA in PEM format:" +#~ msgstr "" +#~ "Indique a rota completa ao ficheiro que contén o certificado X.509 en " +#~ "formato PEM." + +#, fuzzy +#~| msgid "" +#~| "Please enter the two-letter ISO3166 country code that should be used in " +#~| "the certificate request." +#~ msgid "" +#~ "Please enter the 2 letter country code for your country. This code will " +#~ "be placed in the certificate request." +#~ msgstr "" +#~ "Indique o código de país ISO3166 de dúas letras que se debe empregar no " +#~ "pedido de certificado." + +#, fuzzy +#~| msgid "" +#~| "Please enter the locality name (often a city) that should be used in the " +#~| "certificate request." +#~ msgid "" +#~ "Please enter the locality (e.g. city) where you live. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Indique o nome da localidade (xeralmente unha cidade) que se debe " +#~ "empregar no pedido de certificado." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization name (often a company) that should be used " +#~| "in the certificate request." +#~ msgid "" +#~ "Please enter the organization (e.g. company) that the X509 certificate " +#~ "should be created for. This name will be placed in the certificate " +#~ "request." +#~ msgstr "" +#~ "Indique o nome da organización (xeralmente unha empresa) que se debe " +#~ "empregar no pedido de certificado." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organizational unit name (often a department) that " +#~| "should be used in the certificate request." +#~ msgid "" +#~ "Please enter the organizational unit (e.g. section) that the X509 " +#~ "certificate should be created for. This name will be placed in the " +#~ "certificate request." +#~ msgstr "" +#~ "Indique o nome da unidade organizacional (xeralmente un departamento) que " +#~ "debe empregarse no pedido de certificado." + +#, fuzzy +#~| msgid "" +#~| "Please enter the common name (such as the host name of this machine) " +#~| "that should be used in the certificate request." +#~ msgid "" +#~ "Please enter the common name (e.g. the host name of this machine) for " +#~ "which the X509 certificate should be created for. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Indique o nome común (como o nome desta máquina) que se debe empregar no " +#~ "pedido de certificado." + +#~ msgid "earliest" +#~ msgstr "o primeiro" + +#~ msgid "after NFS" +#~ msgstr "despois do NFS" + +#~ msgid "after PCMCIA" +#~ msgstr "despois do PCMCIA" + +#~ msgid "" +#~ "StrongSwan starts during system startup so that it can protect " +#~ "filesystems that are automatically mounted." +#~ msgstr "" +#~ "StrongSwan iniciase durante o arrinque do sistema de maneira que poda " +#~ "protexer sistemas de ficheiros que se monten automaticamente." + +#~ msgid "" +#~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" +#~ " PCMCIA network card, it is best to start strongSwan as soon as\n" +#~ " possible, so that NFS mounts can be secured by IPSec;\n" +#~ " * after NFS: recommended when /usr is mounted through NFS and no\n" +#~ " PCMCIA network card is used;\n" +#~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" +#~ " network card or if it needs keys to be fetched from a locally running " +#~ "DNS\n" +#~ " server with DNSSec support." +#~ msgstr "" +#~ " * o primeiro: se /usr non se monta mediante NFS e non se emprega unha\n" +#~ " tarxeta PCMCIA, é mellor iniciar strongSwan tan axiña como se poda,\n" +#~ " para que as montaxes NFS podan asegurarse mediante IPSec,\n" +#~ " * despois do NFS: recoméndase cando /usr se monte mediante NFS e non\n" +#~ " se empregue ningunha tarxeta PCMCIA,\n" +#~ " * despois do PCMCIA: recoméndase se a conexión IPSec emprega unha " +#~ "tarxeta\n" +#~ " de rede PCMCIA ou se fose preciso que as chaves se obteñan desde un\n" +#~ " servidor DNS a executarse localmente con soporte para DNSSec." + +#~ msgid "" +#~ "If you don't restart strongSwan now, you should do so manually at the " +#~ "first opportunity." +#~ msgstr "" +#~ "Se non reinicia agora strongSwan debería facelo manualmente en canto poda." + +#~ msgid "Create an RSA public/private keypair for this host?" +#~ msgstr "" +#~ "Desexa crear un par de chaves pública/privada RSA para este servidor?" + +#~ msgid "" +#~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " +#~ "authenticate IPSec connections to other hosts. RSA authentication is " +#~ "generally considered more secure and is easier to administer. You can use " +#~ "PSK and RSA authentication simultaneously." +#~ msgstr "" +#~ "StrongSwan pode empregar unha chave precompartida (PSK) ou un par de " +#~ "chaves RSA para autenticar as conexións IPSec con outros servidores. A " +#~ "autenticación RSA xeralmente considérase máis segura e é máis fácil de " +#~ "administrar. Pode empregar as autenticacións PSK e RSA á vez." + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Se son quer crear un novo par de chaves pública/privada, no seguinte paso " +#~ "pode escoller empregar unha xa existente." + +#~ msgid "" +#~ "The required information can automatically be extracted from an existing " +#~ "X.509 certificate with a matching RSA private key. Both parts can be in " +#~ "one file, if it is in PEM format. You should choose this option if you " +#~ "have such an existing certificate and key file and want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "A información requirida pode extraerse automaticamente a partir dun " +#~ "certificado X.509 xa existente coa chave privada RSA que corresponda. " +#~ "Ambas as partes poden estar nun ficheiro se este está no formato PEM. " +#~ "Debe escoller esta opción se ten tal certificado e chave e quere " +#~ "empregalo para autenticar conexións IPSec." + +#~ msgid "RSA key length:" +#~ msgstr "Lonxitude da chave RSA:" + +#~ msgid "" +#~ "Please enter the length of RSA key you wish to generate. A value of less " +#~ "than 1024 bits is not considered secure. A value of more than 2048 bits " +#~ "will probably affect performance." +#~ msgstr "" +#~ "Indique a lonxitude da chave RSA que desexe xerar. Os valores menores de " +#~ "1024 bits non se consideran seguros, mentres que os maiores de 2048 bits " +#~ "posibelmente afecten ao rendemento." + +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a certificate authority is needed to sign the certificate " +#~ "request." +#~ msgstr "" +#~ "Só se poden crear automaticamente certificados X.509 autoasinados, porque " +#~ "noutro caso é precisa unha autoridade de certificación para asinar o " +#~ "pedido de certificado." + +#~ msgid "" +#~ "If you accept this option, the certificate created can be used " +#~ "immediately to connect to other IPSec hosts that support authentication " +#~ "via an X.509 certificate. However, using strongSwan's PKI features " +#~ "requires a trust path to be created by having all X.509 certificates " +#~ "signed by a single authority." +#~ msgstr "" +#~ "Se acepta esta opción o certificado que se cree pode empregarse " +#~ "inmediatamente para conectarse con outros servidores IPSec que soporten a " +#~ "autenticación mediante un certificado X.509. Porén, par empregar as " +#~ "funcionalidades PKI de strongSwan requírese que se cree unha rota de " +#~ "confianza asinando todos os certificados X.509 por unha única autoridade." + +#~ msgid "" +#~ "This field is mandatory; otherwise a certificate cannot be generated." +#~ msgstr "" +#~ "Este campo é obrigatorio, caso contrario non se poderá xerar un " +#~ "certificado." diff --git a/debian/po/it.po b/debian/po/it.po new file mode 100644 index 000000000..3d3a5f1d8 --- /dev/null +++ b/debian/po/it.po @@ -0,0 +1,470 @@ +# Italian translation of strongswan's po-debconf file. +# Copyright (c) 2013, strongswan package copyright holder +# This file is distributed under the same license as the strongswan package. +# Vincenzo Campanella <vinz65@gmail.com>, 2010. +# Beatrice Torracca <beatricet@libero.it>, 2013. +msgid "" +msgstr "" +"Project-Id-Version: strongswan\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-11-09 13:41+0200\n" +"Last-Translator: Beatrice Torracca <beatricet@libero.it>\n" +"Language-Team: Italian <debian-l10n-italian@lists.debian.org>\n" +"Language: it\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Virtaal 0.7.1\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Vecchia gestione del runlevel sostituita" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Le versioni precedenti di strongSwan lasciavano la scelta fra tre diversi " +"livelli di avvio/arresto. A seguito dei cambiamenti nella procedura standard " +"di avvio, questo non è più necessario né utile. Per tutte le nuove " +"installazioni e per quelle già esistenti che vengono eseguite in qualsiasi " +"modalità predefinita vengono ora impostati dei livelli predefiniti " +"ragionevoli. Se si sta aggiornando da una versione precedente e si sono " +"modificati i parametri di avvio di strongSwan, consultare le NEWS.Debian su " +"come modificare le impostazioni." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Riavviare strongSwan adesso?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"È raccomandato il riavvio di strongSwan, in quanto un'eventuale correzione " +"di sicurezza non verrà applicata fino al riavvio del demone. La maggior " +"parte degli utenti si attende che il demone si riavvii, per cui in genere è " +"una buona scelta. Il riavvio potrebbe però interrompere e riavviare le " +"connessioni esistenti, per cui se si sta utilizzando un tunnel strongSwan " +"per l'aggiornamento il riavvio non è raccomandabile." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "Avviare il demone charon di strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Per il supporto al protocollo Internet Key Exchange è necessario che il " +"demone charon sia in esecuzione." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Utilizzare un certificato X.509 per questo host?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Per questo host è possibile la creazione o l'importazione automatica di un " +"certificato X.509 per l'autenticazione di connessioni IPsec ad altri host; è " +"la modalità preferita per la creazione di connessioni IPsec sicure. L'altra " +"possibilità è l'utilizzo di password segrete condivise e identiche fra le " +"due estremità del tunnel, ma il funzionamento tramite chiavi è più agevole " +"da amministrare per un elevato numero di connessioni e più sicuro." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"In alternativa è possibile rifiutare questa opzione e ritornare sulla scelta " +"in un secondo tempo, eseguendo «dpkg-reconfigure strongswan»." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "creare" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "importare" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"Metodi per l'utilizzo di un certificato X.509 per autenticare questo host:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"È possibile creare un nuovo certificato X.509 con impostazioni definite " +"dall'utente, oppure importare una chiave esistente pubblica e privata " +"memorizzata in file PEM per l'autenticazione di connessioni IPsec." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Se si sceglie di creare un nuovo certificato X.509 verranno poste alcune " +"domande cui è necessario rispondere prima che la creazione venga avviata. È " +"da ricordare che, se si desidera che la chiave pubblica venga firmata da " +"un'autorità di certificazione (CA) esistente, non si dovrebbe creare un " +"certificato auto-firmato e inoltre tutte le risposte fornite devono " +"soddisfare esattamente i requisiti della CA, in quanto altrimenti la " +"richiesta di certificato potrebbe essere rifiutata." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Se si desidera importare una chiave esistente pubblica e privata verrà " +"richiesto il loro nome file, che può essere identico se entrambe le parti " +"sono memorizzate insieme in un solo file. Opzionalmente si può specificare " +"un nome file in cui vengono mantenute le chiavi pubbliche dell'autorità di " +"certificazione, ma in questo caso il file non può essere il medesimo dei " +"precedenti. Si presti attenzione anche al fatto che il formato dei " +"certificati X.509 deve essere PEM e che la chiave privata non deve essere " +"cifrata, altrimenti la procedura d'importazione fallirà." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Nome file del proprio certificato X.509 in formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Inserire la posizione del file che contiene il proprio certificato X.509 in " +"formato PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Nome file della propria chiave privata X.509 in formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Inserire la posizione del file che contiene la chiave privata RSA " +"corrispondente al proprio certificato X.509 in formato PEM. Può essere il " +"medesimo file che contiene il certificato X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Nome file del proprio RootCA X.509 in formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Opzionalmente è possibile inserire la posizione del file che contiene " +"l'autorità di certificazione root X.509 utilizzata per la firma del proprio " +"certificato in formato PEM. Se non se ne possiede uno o non si desidera " +"utilizzarlo lasciare il campo vuoto. Notare che non è possibile memorizzare " +"il RootCA nello stesso file del proprio certificato o chiave privata X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Inserire la lunghezza che la chiave RSA creata dovrà avere:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Inserire la lunghezza della chiave RSA creata. Non dovrebbe essere minore di " +"1024 bit, in quanto altrimenti potrebbe essere considerata insicura, né " +"superiore a 4096 bit, in quanto altrimenti rallenterebbe il processo di " +"autenticazione e al momento attuale non è una misura necessaria." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Creare un certificato X.509 auto-firmato?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"È possibile creare automaticamente solo certificati X.509 auto-firmati, in " +"quanto altrimenti è necessario l'intervento di un'autorità di certificazione " +"per firmare la richiesta di certificato. Se si sceglie di creare un " +"certificato auto-firmato è possibile utilizzarlo immediatamente per " +"collegarsi ad altri host IPsec che supportano il certificato X.509 per " +"l'autenticazione di connessioni IPsec. L'utilizzo delle funzionalità PKI di " +"strongSwan richiede però che tutti i certificati vengano firmati da una " +"singola autorità di certificazione per creare un percorso fidato." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Se non si sceglie di creare un certificato auto-firmato verranno create solo " +"la chiave privata RSA e la richiesta di certificato che andrà poi firmata " +"con l'autorità di certificazione scelta." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "Codice paese per la richiesta di certificato X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Inserire il codice a due lettere corrispondente al paese in cui il server " +"risiede (per esempio, «IT» per l'Italia)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL rifiuterà di generare un certificato se il codice paese non è valido " +"e conforme a ISO-3166. È permesso un campo vuoto altrove nel certificato " +"X.509, ma non in questo campo." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "" +"Nome dello stato o della provincia per la richiesta di certificato X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Inserire il nome completo dello stato o della provincia in cui il server " +"risiede (per esempio, «Italia»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Nome della località per la richiesta di certificato X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Inserire il nome della località in cui il server risiede (spesso una città, " +"per esempio «Milano»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Nome dell'organizzazione per la richiesta di certificato X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Inserire il nome dell'organizzazione cui il server appartiene (per esempio, " +"«Debian»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Unità organizzativa per la richiesta di certificato X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Inserire l'unità organizzativa cui il server appartiene (per esempio, " +"«gruppo sicurezza»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Nome comune host per la richiesta di certificato X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Inserire il nome comune di questo host (per esempio, «gateway.example.org»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "Indirizzo e-mail per la richiesta di certificato X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Inserire l'indirizzo di posta elettronica della persona o " +"dell'organizzazione responsabile per il certificato X.509." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Abilitare la cifratura opportunistica?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Questa versione di strongSwan supporta la cifratura opportunistica (OE), la " +"quale memorizza le informazioni di autenticazione IPsec in record DNS. " +"Finché non sarà una soluzione largamente applicata, l'attivazione della " +"cifratura opportunistica causerà un ritardo significativo per ogni " +"connessione in uscita." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Si dovrebbe abilitare la cifratura opportunistica solo se lo si desidera " +"veramente. Potrebbe interrompere la connessione Internet (route predefinita) " +"durante l'avvio del demone." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "Per il supporto alla versione 1 del protocollo IKE (Internet Key " +#~ "Exchange) è necessario che il demone pluto sia in esecuzione." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "Avviare il demone di strongSwan IKEv2?" diff --git a/debian/po/ja.po b/debian/po/ja.po new file mode 100644 index 000000000..15131481a --- /dev/null +++ b/debian/po/ja.po @@ -0,0 +1,443 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan 4.4.1-4\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-02-07 21:28+0900\n" +"Last-Translator: Hideki Yamane <henrich@debian.org>\n" +"Language-Team: Japanese <debian-japanese@lists.debian.org>\n" +"Language: ja\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "以前のランレベル管理は不要になりました" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"strongSwan パッケージの以前のバージョンでは、3 つの異なった Start/Stop レベル" +"から選べるようになっていました。標準のシステム起動手順が変更されたことによっ" +"て、これはもう必要ではなくなったりあるいは役立たなくなったりしています。これ" +"まで事前定義されていたモードで動作していたのものと同様に、新規にインストール" +"したものは適切なデフォルトのレベルが設定されるようになっています。以前のバー" +"ジョンからのアップグレードで strongSwan の起動パラメータを変更していた場合" +"は、どのように設定を修正するかは NEWS.Debian の指示を参照してください。" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "strongSwan を今すぐ再起動しますか?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"セキュリティ修正があった場合など、デーモンが再起動されるまでは修正が反映され" +"ないので、strongSwan の再起動をお勧めします。多くの人はデーモンが再起動するの" +"を予期していますので、これは大抵の場合問題ありません。しかし、この作業では現" +"在の接続が一旦切断されてから再度繋ぎなおすことになるので、今回のアップデート" +"に strongSwan のトンネルを使っているような場合は、再起動はお勧めしません。" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "strongSwan の charon デーモンを起動しますか?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Internet Key Exchange プロトコルをサポートするには charon デーモンが実行されて" +"いる必要があります。" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "このホストに対して X.509 証明書を利用しますか?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"このホスト用に X.509 証明書を自動的に生成あるいはインポートできます。他のホス" +"トとの IPSec 通信での認証に利用可能で、セキュアな IPSec 通信を確立する方法と" +"して好まれています。他に利用可能な方法としては共通鍵 (PSK、トンネルの双方で同" +"じパスワードを利用する) を通信の認証に利用するというのがありますが、多数の接" +"続に対しては RSA 認証のほうが管理がより簡単でよりセキュアです。" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"または、この選択肢を選ばないでおいて、後ほど「dpkg-reconfigure strongswan」を" +"実行して再度呼び出すこともできます。" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "作成する" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "インポートする" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "このホストを認証するのに利用する X.509 証明書をどうするか:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"ユーザが定義した設定で新規に X.509 証明書を作成することも、IPsec 接続認証用の" +"既存の PEM ファイル形式で保存されている公開鍵および秘密鍵をインポートすること" +"も可能です。" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"新規に X.509 証明書を作るのを選択した場合は、作成を始める前に答える必要がある" +"質問をまず大量に尋ねられます。既存の認証局によって署名された公開鍵が必要な場" +"合は、自己署名認証を作成するのを選んではならず、回答はすべて認証局 (CA) の要" +"求項目に完全に一致している必要があることに留意してください。そうでない場合" +"は、証明書要求は拒否されることになるでしょう。" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"既存の公開鍵および秘密鍵をインポートしたい場合は、ファイル名を尋ねられます " +"(両方が一つのファイルに保存されている場合は全く同じになるかもしれません)。ど" +"こに認証局の公開鍵が保存されているかを指定することも任意で可能ですが、この" +"ファイルは先ほどのものと同じにはできません。X.509 証明書は PEM 形式であり、秘" +"密鍵は暗号化されていないことが必要なことにも注意ください。さもなくばインポー" +"ト作業は失敗します。" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "PEM 形式の X.509 証明書のファイル名:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "PEM 形式の X.509 証明書を含んでいるファイルの場所を入力してください。" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "PEM 形式の X.509 秘密鍵のファイル名:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"PEM 形式の X.509 証明書に対応する RSA 秘密鍵を含むファイルの場所を入力してく" +"ださい。これは X.509 証明書を含んでいるファイルと同じで構いません。" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "PEM 形式の X.509 ルート CA のファイル名:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"X.509 認証局のルートが証明書に署名するのに使った PEM 形式のファイルを含んだ" +"ファイルの場所を入力することも任意で可能です。これを持っていない、あるいは利" +"用したくないという場合にはこの欄を空のままにしておいてください。ルート CA を " +"X.509 証明書や秘密鍵と同じファイルに保存するのはできないことにご注意くださ" +"い。" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "作成する RSA 鍵の鍵長を入力してください:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"生成する RSA 鍵の長さを入力してください。安全のため、1024 ビット未満にすべき" +"ではありません。4096 ビットより大きなものにする必要もないでしょう。認証プロセ" +"スが遅くなりますし、現時点ではおそらく必要ありません。" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "自己署名 X.509 証明書を生成しますか?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"証明書要求に署名するためには認証局が必要となるので、自動的に行うには自己署名 " +"X.509 証明書のみが生成が可能です。自己署名証明書の作成を選んだ場合は、すぐに" +"これを利用して、IPSec 接続の認証に X.509 証明書を利用している他の IPSec ホス" +"トへの接続が可能になります。しかし、strongSwan の PKI 機能を使いたい場合は、" +"trust path を生成するために単一の認証局によってすべての X.509 証明書に署名し" +"てもらう必要があります。" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"自己署名証明書を作成したくない場合、RSA 秘密鍵と対応する証明書要求のみが作成" +"されるので、認証局に対して証明書要求に署名をしてもらう必要が生じます。" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "X.509 証明書要求に記載する国コード:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"サーバが存在する場所の二文字の国コード (例えば日本の場合は「JP」) を入力して" +"ください。" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL は、正規の ISO-3166 国コードが無いと証明書の生成を拒否します。X.509 " +"証明書において、他のフィールドについては空でも構いませんが、これについては許" +"可されていません。" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "X.509 証明書要求に記載する都道府県名:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "サーバ所在地の都道府県名 (例:「Tokyo」)を入力してください。" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "X.509 証明書要求に記載する地域名:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "サーバ所在地 (大抵は「Shinjuku」のような市区名)を入力してください。" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "X.509 証明書要求に記載する組織名:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "サーバが所属する組織 (「Debian」など) を入力してください。" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "X.509 証明書要求に記載する部署名:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "サーバが所属する部署名 (「security group」など) を入力してください。" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "X.509 証明書要求に記載するコモンネーム:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"このホスト用の (「gateway.example.org」のような) コモンネームを入力してくださ" +"い。" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "X.509 証明書要求に記載するメールアドレス:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"X.509 証明書についての対応を行う、個人あるいは団体のメールアドレスを入力して" +"ください。" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "opportunistic encryption を有効にしますか?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"このバージョンの strongSwan は opportunistic encryption (OE) をサポートしてい" +"ます。OE は IPSec 認証情報を DNS レコードに含めたものです。これが広く適用され" +"るようになるまでは、これを有効にすると全ての新規の外部接続に著しい遅延を引き" +"起こします。" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"opportunistic encryption を有効にするのは、本当に利用したいと考えた時のみにす" +"べきです。この設定は、デーモンの起動などインターネット接続 (デフォルトルート) " +"を切断する可能性があります。" diff --git a/debian/po/nb.po b/debian/po/nb.po new file mode 100644 index 000000000..674e317c5 --- /dev/null +++ b/debian/po/nb.po @@ -0,0 +1,659 @@ +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Bjørn Steensrud <bjornst@skogkatt.homelinux.org>, 2009, 2012, 2013. +msgid "" +msgstr "" +"Project-Id-Version: nb\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-10-06 17:37+0200\n" +"Last-Translator: Bjørn Steensrud <bjornst@skogkatt.homelinux.org>\n" +"Language-Team: Norwegian Bokmål <i18n-nb@lister.ping.uio.no>\n" +"Language: nb\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.5\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Gammel kjørenivåstyring erstattet" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Tidligere versjoner av strongSwan-pakka ga et valg mellom tre forskjellige " +"nivåer for start/stopp. På grunn av endringer i standard oppstartsprosedyre " +"for systemet er dette ikke lenger verken nødvendig eller nyttig. Det blir nå " +"satt opp fornuftige standardnivåer både for nye installasjoner og for gamle " +"som kjører på en av de forhåndsinnstilte nivåene. Hvis du er i ferd med å " +"oppgradere fra en tidligere versjon og har endret oppstartsparametrene for " +"strongSwan, kan du lese NEWS.Debian for å finne ut hvordan du kan endre " +"oppsettet ditt tilsvarende." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr " Start strongSwan på nytt nå" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Det anbefales å starte strongSwan på nytt nå, for om det var en " +"sikkerhetsrettelse, så får den ikke effekt før daemonen startes på nytt. " +"Imidlertid kan dette lukke eksisterende forbindelser og deretter koble dem " +"opp igjen, så hvis du bruker en slik strongSwan-tilkobling for denne " +"oppdateringen er det best å ikke starte på nytt." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "Skal strongSwans charon-daemon startes?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Charon-daemonen må kjøre for å kunne støtte versjon 2 av Internet Key " +"Exchange-protokollen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Skal et X.509-sertifikat brukes for denne vertsmaskinen?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Et X.509-sertifikat for denne verten kan importeres eller lages automatisk. " +"Det kan brukes til å autentisere IPSec-tilkoblinger til andre verter og er " +"den foretrukne måten å bygge opp sikre IPSec-tilkoblinger. Den andre " +"muligheten er å bruke felles hemmeligheter (passord som er de samme på begge " +"sider av tunnelen) til å autentisere en tilkobling, men for større antall " +"tilkoblinger er det lettere å administrere nøkkel-basert autentisering, og " +"det er også sikrere." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Du kan også avvise dette valget og senere bruke kommandoen «dpkg -" +"reconfigure strongswan» for å komme tilbake hit." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "opprett" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "importer" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"Metoder for å bruke et X.509-sertifikat til å autentisere denne verten:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Det er mulig å opprette et nytt X.509-sertifikat med brukerdefinerte " +"innstillinger, eller å importere en eksisterende offentlig og privat nøkkel " +"lagret i PEM-fil(er) til å autentisere IPSec-tilkoblinger." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Hvis du velger å opprette et nytt X.509-sertifikat blir det først stilt noen " +"spørsmål som du må svare på før det kan lages et sertifikat. Husk på at hvis " +"du vil at en eksisterende sertifikatutsteder (CA) skal signere den " +"offentlige nøkkelen, så må du ikke lage et selvsignert sertifikat, og alle " +"svarene du gir må stemme nøyaktig overens med CA-ens krav, ellers kan " +"sertifikatsøknaden bli avvist." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Hvis du vil importere en eksisterende offentlig og privat nøkkel blir du " +"spurt etter filnavnene, som kan være samme navn hvis begge nøklene er lagret " +"i én fil. Du kan også om du vil oppgi et filnavn der offentlig(e) nøkkel/" +"nøkler for sertifikatutstederen er lagret, men dette kan ikke være samme fil " +"som de forrige. Vær også oppmerksom på at formatet for X.509-sertifikatene " +"må være PEM og at den private nøkkelen ikke må være kryptert, ellers kan " +"nøklene ikke importeres." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Filnavn for ditt X.509-sertifikat i PEM-format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Skriv inn stien til fila som inneholder ditt X.509-sertifikat i PEM-format." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Filnavn for din eksisterende private X.509-nøkkel i PEM-format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Skriv inn sti til fila som inneholder den private nøkkelen som tilsvarer " +"ditt X.509-sertifikat i PEM-format. Dette kan være den samme fila som X.509-" +"sertifikatet." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Filnavn for ditt rot-sertifikat i PEM-format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Om du vil kan du nå skrive inn stien til fila som inneholder rotsertifikatet " +"til den sertifikatutstederen som brukes til å signere ditt sertifikat, i PEM-" +"format. Hvis du ikke har ett eller ikke vil bruke det, så la det være tomt. " +"Merk at det ikke er mulig å lagre rot-sertifikatet (RootCA) i samme fil som " +"ditt X.509-sertifikat eller provate nøkkel." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Skriv inn hvilken lengde det skal være på den genererte RSA-nøkkelen:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Skriv inn lengden for den RSA-nøkkelen som blir laget. Den bør ikke være " +"kortere enn 1024 bit fordi dette blir betraktet som usikkert, og du trenger " +"antakelig ikke mer enn 4096 bit fordi det bare forsinker " +"autentiseringsprosessen og ikke trengs nå." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Skal det lages et selvsignert X.509-sertifikat?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Bare selvsignerte X.509-sertifikater kan opprettes automatisk, fordi ellers " +"må en sertifikatutsteder (CA) signere sertifikatsøknaden. Hvis du velger å " +"lage et selvsignert sertifikat, kan du straks bruke det til å koble til " +"andre IPSec-verter som støtter X.509-sertifikater for autentisering av IPSec-" +"tilkoblinger. Men bruk av strongSwans PKI-funksjoner krever at alle " +"sertifikater må være signert av en enkelt sertifikatutsteder for å lage en " +"tiltrodd kjede." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Hvis du velger å ikke lage et selvsignert sertifikat, så blir bare en privat " +"RSA-nøkkel opprettet, sammen med en sertifikatsøknad som du må signere med " +"din CA (Certificate Authority)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "Landskode for X.509-sertifikatsøknaden:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Skriv inn to-bokstavskoden for landet der tjeneren holder til (slik som «NO» " +"for Norge)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL vil ikke lage et sertifikat hvis dette ikke er en gyldig landskode i " +"følge ISO-3166, tomme felter godtas andre steder i X.509-sertifikatet, men " +"ikke her." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Stat eller provinsnavn for X.509-sertifikatsøknaden:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Skriv inn fullt navn på stat eller provins der tjeneren holder til (f.eks. " +"«Troms»)" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Stedsnavn for X.509-sertifikatsøknaden:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Skriv inn navnet på stedet der tjeneren holder til (ofte en by, slik som " +"«Tromsø»)" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Organisasjonsnavn for X.509-sertifikatsøknaden:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "Skriv inn organisasjonen som tjeneren tilhører (slik som «Debian»)" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Organisasjonsenhet for X.509-sertifikatsøknaden:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Skriv inn organisasjonsenhet som tjeneren tilhører (slik som " +"«sikkerhetsgruppa»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Entydig navn for X.509-sertifikatsøknaden:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Skriv inn entydig navn for denne verten (slik som «gateway.example.org»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "E-postadresse for X.509-sertifikatsøknaden:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Oppgi e-postadressen til person eller organisasjon som er ansvarlig for " +"X.509-sertifikatet." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Slå på opportunistisk kryptering?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Denne versjonen av strongSwan støtter opportunistisk kryptering (OE), som " +"lagrer autentiseringsinformasjon for IPSec i DNS-data. Inntil dette er tatt " +"i vanlig bruk vil det gi en betydelig forsinkelse for hver ny utgående " +"tilkobling hvis dette er aktivert." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Du bør bare slå på opportunistisk kryptering hvis du er sikker på at du vil " +"ha det. Det kan koble ut Internett-forbindelsen (standardruten) når daemonen " +"starter." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "Pluto-daemonen må kjøre for å kunne støtte versjon 1 av Internet Key " +#~ "Exchange-protokollen." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "Skal strongSwans IKEv2-daemon startes?" + +#, fuzzy +#~| msgid "When to start strongSwan:" +#~ msgid "Do you wish to restart strongSwan?" +#~ msgstr "Når strongSwan skal startes:" + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "Please enter the location of your X509 certificate in PEM format:" +#~ msgstr "" +#~ "Oppgi full sti til fila som inneholder ditt X.509-sertifikat i PEM-format." + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "Please enter the location of your X509 private key in PEM format:" +#~ msgstr "" +#~ "Oppgi full sti til fila som inneholder ditt X.509-sertifikat i PEM-format." + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "You may now enter the location of your X509 RootCA in PEM format:" +#~ msgstr "" +#~ "Oppgi full sti til fila som inneholder ditt X.509-sertifikat i PEM-format." + +#, fuzzy +#~| msgid "" +#~| "Please enter the two-letter ISO3166 country code that should be used in " +#~| "the certificate request." +#~ msgid "" +#~ "Please enter the 2 letter country code for your country. This code will " +#~ "be placed in the certificate request." +#~ msgstr "" +#~ "Oppgi tobokstavers ISO3166 landskode som skal brukes i sertifikatsøknaden." + +#, fuzzy +#~| msgid "" +#~| "Please enter the locality name (often a city) that should be used in the " +#~| "certificate request." +#~ msgid "" +#~ "Please enter the locality (e.g. city) where you live. This name will be " +#~ "placed in the certificate request." +#~ msgstr "Oppgi stedsnavn (ofte en by) som skal brukes i sertifikatsøknaden." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization name (often a company) that should be used " +#~| "in the certificate request." +#~ msgid "" +#~ "Please enter the organization (e.g. company) that the X509 certificate " +#~ "should be created for. This name will be placed in the certificate " +#~ "request." +#~ msgstr "" +#~ "Oppgi organisasjonsnavn (ofte et firma) som skal brukes i " +#~ "sertifikatsøknaden." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organizational unit name (often a department) that " +#~| "should be used in the certificate request." +#~ msgid "" +#~ "Please enter the organizational unit (e.g. section) that the X509 " +#~ "certificate should be created for. This name will be placed in the " +#~ "certificate request." +#~ msgstr "" +#~ "Oppgi organisasjonsenhet (ofte en avdeling som skal brukes i " +#~ "sertifikatsøknaden." + +#, fuzzy +#~| msgid "" +#~| "Please enter the common name (such as the host name of this machine) " +#~| "that should be used in the certificate request." +#~ msgid "" +#~ "Please enter the common name (e.g. the host name of this machine) for " +#~ "which the X509 certificate should be created for. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Oppgi vanlig navn (slik som vertsnavnet på denne maskinen) som skal " +#~ "brukes i sertifikatsøknaden." + +#~ msgid "earliest" +#~ msgstr "tidligst" + +#~ msgid "after NFS" +#~ msgstr "etter NFS" + +#~ msgid "after PCMCIA" +#~ msgstr "etter PCMCIA" + +#~ msgid "" +#~ "StrongSwan starts during system startup so that it can protect " +#~ "filesystems that are automatically mounted." +#~ msgstr "" +#~ "StrongSwan starter under systemoppstart, slik at det kan beskytte " +#~ "filsystemer som monteres automatisk." + +#~ msgid "" +#~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" +#~ " PCMCIA network card, it is best to start strongSwan as soon as\n" +#~ " possible, so that NFS mounts can be secured by IPSec;\n" +#~ " * after NFS: recommended when /usr is mounted through NFS and no\n" +#~ " PCMCIA network card is used;\n" +#~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" +#~ " network card or if it needs keys to be fetched from a locally running " +#~ "DNS\n" +#~ " server with DNSSec support." +#~ msgstr "" +#~ " * tidligst: hvis /usr ikke monteres via NFS og du ikke bruker et\n" +#~ " PCMCIA nettverkskort, så er det best å starte strongSwan\n" +#~ " snarest mulig, slik at NFS-montering kan sikres med IPSec;\n" +#~ " * etter NFS: anbefales når /usr monteres via NFS og det ikke\n" +#~ " brukes noe PCMCIA nettverkskort.\n" +#~ " * etter PCMCIA: anbefales hvis IPSec-tilkoblingen bruker et PCMCIA\n" +#~ " nettverkskort eller om den trenger å hente nøkler fra en lokal\n" +#~ " DNS-tjener med DNSSec-støtte. " + +#~ msgid "" +#~ "If you don't restart strongSwan now, you should do so manually at the " +#~ "first opportunity." +#~ msgstr "" +#~ "Hvis du ikke gjør en omstart på strongSwan nå, så bør du gjøre det " +#~ "manuelt ved første anledning." + +#~ msgid "Create an RSA public/private keypair for this host?" +#~ msgstr "Skal det lages et offentlig/privat RSA-nøkkelpar for denne verten?" + +#~ msgid "" +#~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " +#~ "authenticate IPSec connections to other hosts. RSA authentication is " +#~ "generally considered more secure and is easier to administer. You can use " +#~ "PSK and RSA authentication simultaneously." +#~ msgstr "" +#~ "StrongSwan kan bruke en delt nøkkel (PSK) eller et RSA-nøkkelpar for å " +#~ "autentisere IPSec-forbindelser til andre verter. RSA-autentisering " +#~ "betraktes for det meste som sikrere og lettere å administrere. Du kan " +#~ "bruke PSK og RSA-autentisering samtidig." + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Hvis du ikke vil lage et nytt offentlig/privat nøkkelpar, så kan du velge " +#~ "å bruke et eksisterende nøkkelpar i neste steg." + +#~ msgid "" +#~ "The required information can automatically be extracted from an existing " +#~ "X.509 certificate with a matching RSA private key. Both parts can be in " +#~ "one file, if it is in PEM format. You should choose this option if you " +#~ "have such an existing certificate and key file and want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "Den informasjonen som trengs kan hentes automatisk fra et eksisterende " +#~ "X.509-sertifikat med tilhørende privat RSA-nøkkel. Begge deler kan være i " +#~ "én fil, hvis den er i PEM-format. Du bør velge dette hvis du har et slikt " +#~ "sertifikat og vil bruke det til å autentisere IPSec-forbindelser." + +#~ msgid "RSA key length:" +#~ msgstr "RSA nøkkellengde:" + +#~ msgid "" +#~ "Please enter the length of RSA key you wish to generate. A value of less " +#~ "than 1024 bits is not considered secure. A value of more than 2048 bits " +#~ "will probably affect performance." +#~ msgstr "" +#~ "Oppgi lengde for RSA-nøkkelen du vil opprette. Kortere nøkler enn 1024 " +#~ "bit betraktes ikke som sikre. En nøkkellengde på mer enn 2048 bit vil " +#~ "antakelig gå ut over ytelsen." + +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a certificate authority is needed to sign the certificate " +#~ "request." +#~ msgstr "" +#~ "Bare selvsignerte X.509-sertifikater kan lages automatisk, for ellers må " +#~ "en sertifikatutsteder signere sertifikatsøknaden." + +#~ msgid "" +#~ "If you accept this option, the certificate created can be used " +#~ "immediately to connect to other IPSec hosts that support authentication " +#~ "via an X.509 certificate. However, using strongSwan's PKI features " +#~ "requires a trust path to be created by having all X.509 certificates " +#~ "signed by a single authority." +#~ msgstr "" +#~ "Hvis du godtar dette, så kan det sertifikatet som lages bli brukt straks " +#~ "til å kople til andre IPSec-verter som støtter autentisering via et X.509-" +#~ "sertifikat. Men om strongSwans PKI-del skal brukes, må det lages en " +#~ "tillitskjede ved at alle X.509-sertifikatene signeres av en enkelt " +#~ "utsteder." + +#~ msgid "" +#~ "This field is mandatory; otherwise a certificate cannot be generated." +#~ msgstr "" +#~ "Dette feltet er obligatorisk, uten det kan det ikke lages et sertifikat." diff --git a/debian/po/nl.po b/debian/po/nl.po new file mode 100644 index 000000000..77adcc076 --- /dev/null +++ b/debian/po/nl.po @@ -0,0 +1,461 @@ +# Dutch translation of strongswan debconf templates. +# Copyright (C) 2005-2011 THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the strongswan package. +# Luk Claes <luk.claes@ugent.be>, 2005 +# Kurt De Bree <kdebree@telenet.be>, 2006. +# Jeroen Schot <schot@a-eskwadraat.nl>, 2011. +# Frans Spiesschaert <Frans.Spiesschaert@yucom.be>, 2014. +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan 4.5.0-1\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2014-09-24 18:39+0200\n" +"Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n" +"Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n" +"Language: nl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Het oude runlevel-beheer is vervangen" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Vorige versies van het strongSwan-pakket gaven de keuze tussen drie " +"verschillende Start/Stop-niveaus. Vanwege veranderingen aan de standaard " +"opstartprocedure van het systeem is dit niet langer nodig of nuttig. Er " +"worden nu logische standaardwaardes ingesteld voor zowel nieuwe installaties " +"als oude waarvoor één van de keuzes is gemaakt. Als u opwaardeert van een " +"vorige versie en uw strongSwan-opstartparameters heeft aangepast vindt u in " +"NEWS.Debian instructies over het aanpassen van uw opstelling." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "StrongSwan nu herstarten?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"U wordt aanbevolen om strongSwan te herstarten, want indien deze nieuwe " +"versie veiligheidsproblemen verhelpt worden deze pas echt opgelost bij een " +"herstart van de achtergronddienst. De meeste mensen verwachten dat de " +"achtergronddienst herstart, dus dit is meestal een goed idee. Hoewel, dit " +"kan bestaande verbindingen verbreken en ze dan opnieuw herstellen. Dus als u " +"een strongSwan-tunnel gebruikt voor deze verbinding kunt u beter niet " +"herstarten." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "Charon-achtergronddienst van strongSwan starten?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"De charon-achtergronddienst moet actief zijn om het Internet Key Exchange " +"protocol te ondersteunen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Moet er een X.509-certificaat voor deze computer gebruikt worden?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Een X.509-certificaat voor deze computer kan automatisch worden aangemaakt " +"of geïmporteerd. Deze kan worden gebruikt voor het authenticeren van IPsec-" +"verbindingen naar andere computers en is de beste manier om veilige IPsec-" +"verbindingen op te bouwen. Een andere mogelijkheid is om het gebruik van " +"shared secrets (wachtwoorden die hetzelfde zijn aan beide kanten van de " +"tunnel) voor het authenticeren van een verbinding, maar voor een groter " +"aantal verbindingen is authenticatie gebaseerd op sleutels makkelijker om te " +"beheren en veiliger." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"U kunt deze optie ook weigeren en op een later moment hier terug komen met " +"het commando \"dpkg-reconfigure strongswan\"." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "aanmaken" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "importeren" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"Methodes bij het gebruik van een X.509-certificaat voor authenticatie van " +"deze computer:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"U kunt een nieuw X.509-certificaat aanmaken met eigen instellingen of een " +"bestaand sleutelpaar in PEM-indeling importeren voor de authenticatie van " +"IPsec-verbindingen." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Als u ervoor kiest om een nieuw X.509-certificaat te maken zal u antwoord " +"moeten geven op een aantal vragen voordat het aanmaken kan beginnen. Wanneer " +"u uw publieke sleutel door een bestaande certificaat-autoriteit (CA) wilt " +"laten ondertekenen moet u niet voor een door uzelf getekend certificaat " +"kiezen. Ook moet u er op letten dat al uw antwoorden voldoen aan de eisen " +"van deze CA om te voorkomen dat deze uw ondertekeningsaanvraag zal weigeren." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Als u een bestaand sleutelpaar wilt importeren zal u gevraagd worden naar " +"hun bestandsnamen (deze kunnen hetzelfde zijn als beide delen in één bestand " +"zijn opgeslagen). U krijgt daarna ook de mogelijkheid om de bestandsnaam van " +"de publieke sleutel(s) van de certificaat-autoriteit op te geven. Dit moet " +"wel een ander bestand zijn. Let er ook op dat de X.509-certificaten in PEM-" +"indeling moeten zijn en dat de geheime sleutel niet versleuteld mag zijn, " +"anders zal de import-procedure mislukken." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Bestandsnaam van uw X.509-certificaat in PEM-indeling:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Geef de volledige locatie van het bestand dat uw X.509-certificaat in PEM-" +"indeling bevat." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Bestandsnaam van uw geheime X.509-sleutel in PEM-indeling:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Geef de volledige locatie van het bestand dat uw geheime RSA-sleutel bevat " +"die behoort bij uw X.509-certificaat in PEM-indeling. Dit kan hetzelfde " +"bestand zijn als dat wat uw X.509-certificaat bevat." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Bestandsnaam van uw X.509-RootCA in PEM-indeling:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"U heeft nu de mogelijkheid om de locatie van het bestand (in PEM-indeling) " +"op te geven dat het X.509-certificaat van de certificaat-autoriteit bevat " +"waarmee uw certificaat wordt ondertekend. Als u deze niet heeft of als u " +"geen gebruik wilt maken van deze mogelijkheid dient u het veld leeg te " +"laten. Let op: Het is niet mogelijk om de RootCA in hetzelfde bestand te " +"bewaren als uw X.509-certificaat of geheime sleutel." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Geef de lengte voor de aan te maken RSA-sleutel:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Geef de lengte van de aan te maken RSA-sleutel. Die mag niet minder dan 1024 " +"bits zijn omdat dit als onveilig wordt beschouwd en u zult waarschijnlijk " +"niet meer dan 4096 bits nodig hebben omdat het enkel het authenticatieproces " +"vertraagt en op dit moment niet nodig is." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Wilt u een door uzelf getekend X.509-certificaat aanmaken?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Deze installatie kan enkel een door uzelf getekend X.509-certificaat " +"automatisch aanmaken omdat anders een certificaat-autoriteit nodig is om de " +"certificaataanvraag te tekenen. Als u een door uzelf getekend certificaat " +"wilt aanmaken, dan kunt u het onmiddellijk gebruiken om een verbinding te " +"leggen met andere IPsec-hosts die X.509-certificaten ondersteunen voor IPSec-" +"verbindingen. Als u echter strongSwan's PKI-mogelijkheden wilt gebruiken, " +"dan zult u alle X.509-certificaten moeten laten tekenen door één enkele " +"certificaat-autoriteit om een vertrouwenspad aan te maken." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Als u geen door uzelf getekend certificaat wilt aanmaken, dan zullen enkel " +"de geheime RSA-sleutel en de certificaataanvraag worden aangemaakt en zult u " +"de certificaataanvraag moeten laten tekenen door uw certificaat-autoriteit." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "Landcode van de X.509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Geef de tweeletterige code voor het land waarin de server staat (zoals \"NL" +"\" voor Nederland)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL zal geen certificaat genereren als dit niet een geldige landcode uit " +"ISO-3166 is. Voor andere velden van het X.509-certificaat is het toegestaan " +"om ze leeg te laten, maar niet voor dit veld." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Staat of provincie voor de X.509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Geef de volledige naam van de staat of provincie waarin de server staat " +"(zoals \"Noord-Holland\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Plaatsnaam voor de X.509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Geef de plaats waar de server staat (vaak een stad zoals \"Amsterdam\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Naam van de organisatie voor de X.509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Geef op van welke organisatie deze server deel uitmaakt (zoals \"Debian\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Organisatie-eenheid voor de X.509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Geef op van welke organisatie-eenheid deze server deel uitmaakt (zoals " +"\"Afdeling beveiliging\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Naam (Common Name) voor de X.509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Geef de naam (Common Name) voor deze computer op (zoals \"gateway.example.org" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "E-mailadres voor de X.509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Geef het e-mailadres van de persoon of organisatie die verantwoordelijk is " +"voor het X.509-certificaat." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Wilt u opportunistische encryptie inschakelen?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Deze versie van strongSwan ondersteunt opportunistische versleuteling (OE), " +"welke IPsec-authenticatie-informatie opslaat in DNS-velden. Totdat dit op " +"grote schaal wordt toegepast zal het inschakelen hiervan voor een " +"significante vertraging zorgen voor nieuwe verbindingen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Schakel opportunistische versleuteling alleen in als u er zeker van bent dat " +"u dit wilt. Het kan er voor zorgen dat uw internetverbinding " +"(standaardroute) niet meer werkt zodra de achtergronddienst opstart." + diff --git a/debian/po/pl.po b/debian/po/pl.po new file mode 100644 index 000000000..7d3a3fd26 --- /dev/null +++ b/debian/po/pl.po @@ -0,0 +1,485 @@ +# Copyright (C) 2010 +# This file is distributed under the same license as the strongswan package. +# +# Michał Kułach <michal.kulach@gmail.com>, 2012. +msgid "" +msgstr "" +"Project-Id-Version: \n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2012-01-31 15:36+0100\n" +"Last-Translator: Michał Kułach <michal.kulach@gmail.com>\n" +"Language-Team: Polish <debian-l10n-polish@lists.debian.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.2\n" +"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " +"|| n%100>=20) ? 1 : 2);\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Zastąpiono stare zarządzanie poziomami uruchamiania" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Poprzednie wersje pakietu strongSwan umożliwiały wybór pomiędzy trzema " +"różnymi Start/Stop-Level. Z powodu zmian w procedurze uruchamiania systemu " +"podstawowego nie jest to dłużej ani potrzebne, ani użyteczne. W przypadku " +"zarównowszystkich nowych instalacji, jak i starych z którymś z działających " +"trybów predefiniowanych, zostaną przyjęte domyślne, rozsądne poziomy. Jeśli " +"jest to aktualizacja z poprzedniej wersji i zmieniono parametry uruchamiania " +"strongSwan, proszę zapoznać się z plikiem NEWS.Debian, aby dowiedzieć się " +"jak odpowiednio zmodyfikować swoją konfigurację." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Zrestartować strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Restart strongSwan jest zalecany, ponieważ jest to poprawka bezpieczeństwa, " +"która nie zostanie uwzględniona przed zrestartowaniem demona. Większość " +"użytkowników oczekuje restartu demona, więc jest to z reguły dobry pomysł. Z " +"drugiej strony może spowodować zerwanie i ponowne nawiązanie istniejących " +"połączeń, więc jeśli aktualizacja jest przeprowadzana przez tunel " +"strongSwan, restartowanie nie jest wskazane." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +#, fuzzy +#| msgid "Start strongSwan's IKEv1 daemon?" +msgid "Start strongSwan's charon daemon?" +msgstr "Uruchomić demona IKEv1 strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +#, fuzzy +#| msgid "" +#| "The charon daemon must be running to support version 2 of the Internet " +#| "Key Exchange protocol." +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Demon charon musi być uruchomiony, aby obsłużyć 2 wersję protokołu Internet " +"Key Exchange." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Użyć certyfikatu X.509 dla tego komputera?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Certyfikat X.509 dla tego komputera może być automatycznie utworzony lub " +"zaimportowany. Może zostać wykorzystany do uwierzytelnienia połączeń IPsec " +"do innych hostów i jest zalecaną metodą tworzenia bezpiecznych połączeń " +"IPsec. Inną możliwością jest użycie takich samych haseł znanych obu stronom " +"tunelu (ang. shared secret) do uwierzytelnienia połączenia, ale przy " +"większej liczbie połączeń łatwiej jest zarządzać uwierzytelnieniem za pomocą " +"kluczy; jest to również bezpieczniejsze." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Można również wybrać \"nie\" i użyć później polecenia \"dpkg-reconfigure " +"strongswan\", aby powrócić do niniejszego wyboru opcji." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "utwórz" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "zaimportuj" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "Metody używające certyfikatu X.509 do uwierzytelniania tego komputera:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Istnieje możliwość stworzenia nowego certyfikatu X.509 z ustawieniami " +"użytkownika lub zaimportowania istniejącego klucza publicznego i prywatnego " +"z pliku/plików PEM do uwierzytelniania połączeń IPsec." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Jeśli zostanie wybrana opcja stworzenia nowego certyfikatu X.509, najpierw " +"zostaną zadane pytania, na które będzie trzeba odpowiedzieć przed " +"uruchomieniem procesu tworzenia certyfikatu. Proszę wziąć pod uwagę, że aby " +"używać klucza publicznego podpisanego przez istniejący ośrodek certyfikacji " +"(CA), nie powinno się wybierać opcji tworzenia podpisanego przez siebie " +"samego (ang. self-signed) certyfikatu, a wszystkie odpowiedzi muszą idealnie " +"spełniać wymagania CA, w innym przypadku bowiem, certyfikat może zostać " +"odrzucony." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"W przypadku importowania istniejącego klucza publicznego i prywatnego, " +"pojawią się pytania o ich nazwy (mogą być identyczne, jeśli obie części są " +"przechowywane w jednym pliku). Opcjonalnie, można również określić nazwę " +"pliku, gdzie będzie przechowywany klucz (lub klucze) publiczny ośrodka " +"certyfikacji (CA), nie może być jednak taka sama jak dwie poprzednie. Proszę " +"zauważyć, że formatem certyfikatów X.509 musi być PEM, a klucz prywatny nie " +"może być zaszyfrowany - w przeciwnym wypadku procedura zakończy się " +"niepowodzeniem." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Nazwa pliku certyfikatu X.509 użytkownika, w formacie PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Proszę określić położenie pliku zawierającego certyfikat X.509 w formacie " +"PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Nazwa pliku klucza prywatnego X.509 użytkownika, w formacie PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Proszę określić położenie pliku zawierającego certyfikat klucza publicznego " +"RSA użytkownika, odpowiadającego certyfikatowi X.509 użytkownika w formacie " +"PEM. Może być to ten sam plik, który zawiera certyfikat X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Nazwa pliku X.509 RootCA użytkownika, w formacie PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Opcjonalnie, można teraz podać lokalizację pliku zawierającego główny urząd " +"certyfikacji użyty do podpisu certyfikatu użytkownika w formacie PEM. W " +"przypadku nieposiadania takowego, proszę pozostawić pole puste. Proszę " +"zauważyć, że nie można przechowywać RootCA w tym samym pliku co certyfikat " +"X.509 lub klucz publiczny." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Proszę wprowadzić długość tworzonego klucza RSA:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Proszę wprowadzić długość tworzonego klucza RSA. Nie powinna być ona " +"mniejsza niż 1024 bity, ponieważ może być wtedy niebezpieczna; nie ma " +"również potrzeby aby była większa niż 4096 bity, ponieważ będzie wtedy tylko " +"spowalniać proces uwierzytelnienia, a aktualnie nie ma potrzeby używania tak " +"długich kluczy." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Utworzyć podpisany przez samego siebie certyfikat X.509?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Wyłącznie certyfikaty X.509 podpisane przez siebie mogą być tworzone " +"automatycznie, ponieważ w przeciwnym wypadku potrzebny jest urząd " +"certyfikacji, aby podpisać żądany certyfikat. W przypadku wybrania opcji " +"utworzenia podpisanego przez siebie samego certyfikatu, można użyć go od " +"razu do połączenia z innymi hostami IPsec, które obsługują certyfikat X.509 " +"do uwierzytelniania połączeń IPsec. Jednakże, używanie funkcji PKI " +"strongSwan wymaga, aby wszystkie certyfikaty były podpisane przez pojedynczy " +"urząd certyfikacji, aby utworzyć zaufaną ścieżkę." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"W przypadku niewybrania opcji tworzenia certyfikatu podpisanego przez siebie " +"samego, utworzone zostaną tylko klucz prywatny RSA i żądanie podpisania " +"certyfikatu, które będzie musiało zostać podpisane przez odpowiedni urząd " +"certyfikacji, już za pośrednictwem użytkownika." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "Kod kraju do żądania podpisania certyfikatu X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Proszę wprowadzić dwuliterowy kod kraju, w którym położony jest serwer (np. " +"\"PL\" dla Polski)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL odmówi utworzenia certyfikatu, jeśli nie jest to właściwy kod kraju " +"ISO-3166; pozostawienie pustego pola, przy certyfikacie X.509, jest " +"dozwolone we wszystkich innych przypadkach, poza tym." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Nazwa regionu lub prowincji do żądania podpisania certyfikatu X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Proszę wprowadzić pełną nazwę regionu lub prowincji w której położony jest " +"serwer (np. \"Malopolska\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Nazwa lokalizacji do żądania podpisania certyfikatu X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Proszę wprowadzić nazwę lokalizacji serwera (z reguły miasto, np. \"Krakow" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Nazwa organizacji do żądania podpisania certyfikatu X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Proszę wprowadzić nazwę organizacji, do której należy serwer (np. \"Debian" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Jednostka organizacyjna do żądania podpisania certyfikatu X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Proszę wprowadzić nazwę jednostki organizacyjnej do której należy serwer " +"(np. \"grupa bezpieczeństwa\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "" +"Nazwa domeny (ang. Common Name) do żądania podpisania certyfikatu X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Proszę wprowadzić nazwę domeny (ang. Common Name) dla tego komputera (np. " +"\"gateway.example.org\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "Adres poczty elektronicznej do żądania podpisania certyfikatu X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Proszę wprowadzić adres poczty elektronicznej osoby lub organizacji " +"odpowiedzialnej za certyfikat X.509." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Włączyć szyfrowanie oportunistyczne?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Ta wersja stronSwan obsługuje tzw. szyfrowanie oportunistyczne (ang. " +"opportunistic encryption - OE), które przechowuje informacje o " +"uwierzytelnieniu IPSec w rekordach DNS. Dopóki nie zostanie ono szeroko " +"wdrożone, aktywacja tej opcji spowoduje odczuwalne opóźnienie dla każdego " +"nowego połączenia wychodzącego." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +#, fuzzy +#| msgid "" +#| "You should only enable opportunistic encryption if you are sure you want " +#| "it. It may break the Internet connection (default route) as the pluto " +#| "daemon starts." +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Szyfrowanie oportunistyczne powinno być włączone tylko przez osoby, które go " +"potrzebują. Może bowiem doprowadzić do przerwania połączenia internetowego " +"(domyślnej trasy), kiedy tylko uruchomi się demon pluto." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "Demon pluto musi być uruchomiony, aby obsłużyć 1 wersję protokołu " +#~ "Internet Key Exchange." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "Uruchomić demona IKEv2 strongSwan?" diff --git a/debian/po/pt.po b/debian/po/pt.po new file mode 100644 index 000000000..faf336e14 --- /dev/null +++ b/debian/po/pt.po @@ -0,0 +1,470 @@ +# translation of strongswan debconf to Portuguese +# Copyright (C) 2007 the strongswan's copyright holder +# This file is distributed under the same license as the strongswan package. +# +# Luísa Lourenço <kikentai@gmail.com>, 2007. +# Américo Monteiro <a_monteiro@gmx.com>, 2009, 2010, 2013. +msgid "" +msgstr "" +"Project-Id-Version: strongswan 5.1.0-3\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-11-18 00:33+0000\n" +"Last-Translator: Américo Monteiro <a_monteiro@gmx.com>\n" +"Language-Team: Portuguese <traduz@debianpt.org>\n" +"Language: pt\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.4\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Antiga gestão de Runlevels substituída." + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Versões anteriores do pacote strongSwan deram uma hipótese entre três Níveis-" +"Arranque/Paragem diferentes. Devido a alterações no procedimento standard de " +"arranque do sistema, isto não é mais necessário ou útil. Para todas as novas " +"instalação assim como para as antigas que correm em qualquer dos modos " +"predefinidos, serão agora definidos níveis sãos predefinidos. Se você está a " +"actualizar uma versão anterior e alterou os seus parâmetros de arranque do " +"strongSwan, então por favor veja NEWS.Debian para instruções sobre como " +"modificar a sua configuração apropriadamente." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Reiniciar agora o strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"É recomendado reiniciar o strongSwan, porque se existir uma correcção de " +"segurança, esta não será aplicada até que o daemon seja reiniciado. A " +"maioria das pessoas espera que o daemon reinicie, portanto isto é geralmente " +"uma boa ideia. No entanto isto poderá fechar ligações existentes e depois " +"ligá-las de novo, portanto se você está a usar algo como um túnel do " +"strongSwan para ligar a esta actualização, o reiniciar não é recomendado." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "Iniciar o daemon charon do strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"O daemon charon precisa de estar a correr para suportar o protocolo Internet " +"Key Exchange." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Usar um certificado X.509 para esta máquina?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Pode ser criado automaticamente ou importado um certificado X.509 para esta " +"máquina. Pode ser usado para autenticar ligações IPsec para outras máquinas " +"e é a maneira preferida de construir ligações IPsec seguras. A outra " +"possibilidade seria usar segredos partilhados (palavras-passe que são iguais " +"em ambos os lados do túnel) para autenticar a ligação, mas para um grande " +"número de ligações, a autenticação baseada em chaves é mais fácil de " +"administrar e mais segura." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Alternativamente, você pode rejeitar esta opção e mais tarde usar o comando " +"\"dpkg-reconfigure strongswan\" para voltar aqui." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "criar" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "importar" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "Métodos de usar um certificado X.509 para autenticar esta máquina:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"É possível criar um novo certificado X.509 com configurações definidas pelo " +"utilizador ou importar uma chave pública e privada existente em ficheiro(s) " +"PEM para autenticar ligações IPsec." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Se escolher criar um novo certificado X.509 ser-lhe-à primeiro perguntado um " +"número de questões que têm de ser respondidas antes da criação poder " +"iniciar. Por favor tenha em mente que se deseja que a chave pública seja " +"assinada por uma Autoridade de Certificados existente, você não deve " +"seleccionar a criação de um certificado auto-assinado e todas as respostas " +"dadas devem corresponder exactamente aos requisitos da AC, caso contrário o " +"pedido de certificado pode ser rejeitado." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Se deseja importar uma chave pública e privada existente, ser-lhe-à pedido " +"os seus nomes de ficheiros (que podem ser idênticos se ambas as partes " +"estiverem armazenadas juntamente no mesmo ficheiro). Opcionalmente você " +"também pode especificar um nome de ficheiro onde as chave(s) pública(s) da " +"Autoridade de Certificados são mantidas, mas este ficheiro não pode ser o " +"mesmo que os anteriores. Por favor tenha também em mente que o formato dos " +"certificados X.509 tem de ser PEM e que a chave privada não pode estar " +"encriptada ou o procedimento de importação irá falhar." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Nome de ficheiro do seu certificado X.509 em formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Por favor insira a localização do ficheiro que contém o seu certificado " +"X.509 em formato PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Nome do ficheiro da sua chave privada X.509 em formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Por favor insira a localização do ficheiro que contém a chave privada RSA " +"que coincide com o seu certificado X.509 em formato PEM. Este pode ser o " +"mesmo ficheiro que contém o certificado X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Nome de ficheiro do seu RootCA X.509 em formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Opcionalmente você pode agora indicar a localização do ficheiro que contém a " +"raiz da Autoridade de Certificados X.509 usada para assinar o seu " +"certificado em formato PEM. Se você não tem um ou não o quer usar, por favor " +"deixe o campo vazio. Por favor note que não é possível armazenar a RootCA no " +"mesmo ficheiro que o seu certificado X.509 ou chave privada." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Por favor indique o comprimento que a chave RSA criada deve ter:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Por favor indique o comprimento que a chave RSA criada. Não deve ser menos " +"que 1024 bits porque isto seria considerado inseguro e provavelmente você " +"não vai precisar de nada maior que 4096 bits porque apenas atrasa o processo " +"de autenticação e de momento não é necessário." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Criar um certificado X.509 auto-assinado?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Apenas os certificados X.509 auto-assinados podem ser criados " +"automaticamente, porque caso contrário é necessário uma Autoridade de " +"Certificados para assinar o pedido de certificado. Se escolher criar um " +"certificado auto-assinado, você pode usá-lo imediatamente para ligar a " +"outras máquinas IPsec que suportam certificados X.509 para autenticação de " +"ligações IPsec. No entanto, usar as funcionalidades PKI do strongSwan requer " +"que todos os certificados seja assinados por uma única Autoridade de " +"Certificados para criar um caminho de confiança." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Se escolher não criar um certificado auto-assinado, apenas a chave RSA " +"privada e o pedido de certificado serão criados, e você tem que assinar o " +"pedido de certificado com a sua Autoridade de Certificados." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "Código de país para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Por favor indique o código de duas letras para o país onde o servidor reside " +"(algo como \"PT\" para Portugal)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"O OpenSSL irá recusar gerar um certificado a menos que isto seja um código " +"ISO-3166 de país válido; um campo vazio é permitido em qualquer parte do " +"certificado X.509, mas não aqui." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Estado ou nome da província para o pedido do certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Por favor insira o nome completo do estado ou província onde o servidor " +"reside (algo como \"Estremadura Portugal\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Nome da localidade para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Por favor indique a localidade onde o servidor reside (geralmente uma " +"cidade, tal como \"Lisboa\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Nome da organização para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Por favor indique a organização a que o servidor pertence (algo como \"Debian" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Unidade organizativa para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Por favor indique a unidade organizacional a que o servidor pertence (algo " +"como \"Departamento de Segurança\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Nome comum para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Por favor indique o Nome Comum para esta máquina (algo como \"gateway." +"exemplo.org\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "Endereço de email para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Por favor insira o endereço de email da pessoa ou organização responsável " +"pelo certificado X.509." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Activar encriptação oportunista?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Esta versão do strongSwan suporta encriptação oportunista (OE), a qual " +"guarda informação de autenticação IPSec em registos DNS. Até que isto esteja " +"amplamente instalado, a sua activação irá causar um atraso significativo em " +"cada nova ligação de saída." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Você deverá apenas activar a encriptação oportunista se tiver a certeza que " +"a quer. Pode quebrar a ligação à Internet (rota predefinida) assim que o " +"daemon arrancar." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "O daemon pluto precisa de estar a correr para suportar a versão 1 do " +#~ "protocolo Internet Key Exchange." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "Iniciar o daemon IKEv2 do strongSwan?" diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po new file mode 100644 index 000000000..3adf094a0 --- /dev/null +++ b/debian/po/pt_BR.po @@ -0,0 +1,811 @@ +# Debconf translations for strongswan. +# Copyright (C) 2010 THE strongswan'S COPYRIGHT HOLDER +# This file is distributed under the same license as the strongswan package. +# +# André Luís Lopes <andrelop@debian.org>, 2005. +# Adriano Rafael Gomes <adrianorg@arg.eti.br>, 2010, 2013-2014. +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan 5.1.3-4\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2014-06-25 18:13-0300\n" +"Last-Translator: Adriano Rafael Gomes <adrianorg@arg.eti.br>\n" +"Language-Team: Brazilian Portuguese <debian-l10n-portuguese@lists.debian." +"org>\n" +"Language: pt_BR\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Antigo gerenciamento de nível de execução (\"runlevel\") obsoleto" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Versões anteriores do pacote strongSwan permitiam escolher entre três " +"diferentes Níveis de Início/Parada (\"Start/Stop-Levels\"). Devido a " +"mudanças no procedimento padrão de inicialização do sistema, isso não é mais " +"necessário ou útil. Para todas as novas instalações, bem como para as " +"antigas instalações executando em qualquer dos modos predefinidos, níveis " +"padrão adequados serão definidos agora. Se você está atualizando a partir de " +"uma versão anterior e alterou seus parâmetros de inicialização do " +"strongSwan, então, por favor, veja o arquivo NEWS.Debian para instruções " +"sobre como modificar sua configuração de acordo." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Reiniciar o strongSwan agora?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Reiniciar o strongSwan é recomendado, uma vez que caso exista uma correção " +"para uma falha de segurança, a mesma não será aplicada até que o daemon seja " +"reiniciado. A maioria das pessoas espera que o daemon seja reiniciado, " +"portanto essa é geralmente uma boa idéia. Porém, isso pode derrubar conexões " +"existentes, e então posteriormente trazê-las de volta, assim se você está " +"usando um túnel strongSwan para se conectar para fazer esta atualização, não " +"é recomendado reiniciar." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "Iniciar o daemon \"charon\" do strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"O daemon \"charon\" deve estar em execução para suportar o protocolo " +"Internet Key Exchange." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Usar um certificado X.509 para este host?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Um certificado X.509 para este host pode ser automaticamente criado ou " +"importado. Ele pode ser usado para autenticar conexões IPsec para outros " +"hosts e é a maneira preferida para construir conexões IPsec seguras. A outra " +"possibilidade seria usar segredos compartilhados (senhas que são iguais em " +"ambos os lados do túnel) para autenticar uma conexão, mas para um grande " +"número de conexões, a autenticação baseada em chaves é mais fácil de " +"administrar e mais segura." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Alternativamente, você pode rejeitar esta opção e mais tarde usar o comando " +"\"dpkg-reconfigure strongswan\" para voltar atrás." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "criar" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "importar" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "Métodos para usar um certificado X.509 para autenticar este host:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"É possível criar um novo certificado X.509 com configurações definidas pelo " +"usuário ou importar um par de chaves pública e privada existente armazenado " +"em arquivo(s) PEM para autenticar conexões IPsec." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Se você escolher criar um novo certificado X.509, você primeiro será " +"perguntado sobre uma série de questões que devem ser respondidas antes que a " +"criação possa iniciar. Por favor, tenha em mente que se você quer que a " +"chave pública seja assinada por uma Autoridade Certificadora existente, você " +"não deve selecionar a criação de um certificado auto-assinado, e todas as " +"respostas dadas devem atender exatamente os requisitos da CA, ou a " +"requisição do certificado pode ser rejeitada." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Se você quiser importar um par de chaves pública e privada existente, você " +"será perguntado pelos seus nomes de arquivo (que podem ser idênticos se " +"ambas as partes estão armazenadas juntas em um arquivo único). " +"Opcionalmente, você pode também especificar um nome de arquivo onde a(s) " +"chave(s) pública(s) da Autoridade Certificadora é(são) mantida(s), mas este " +"arquivo não pode ser o mesmo que os anteriores. Por favor, também esteja " +"ciente de que os certificados X.509 devem estar no formato PEM, e de que a " +"chave privada não deve estar criptografada, ou o procedimento de importação " +"falhará." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Nome de arquivo do seu certificado X.509 no formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Por favor, informe a localização do arquivo contendo seu certificado X.509 " +"no formato PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Nome de arquivo da sua chave privada X.509 no formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Por favor, informe a localização do arquivo contendo a chave privada RSA que " +"casa com seu certificado X.509 no formato PEM. Este pode ser o mesmo arquivo " +"que contém o certificado X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Nome de arquivo da sua RootCA X.509 no formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Opcionalmente, você pode informar a localização do arquivo contendo a " +"Autoridade Certificadora X.509 raiz usada para assinar seu certificado no " +"formato PEM. Se você não tem uma, ou não quer usá-la, por favor, deixe o " +"campo vazio. Por favor, note que não é possível armazenar a RootCA no mesmo " +"arquivo do seu certificado X.509 ou chave privada." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Por favor, informe que tamanho a chave RSA a ser criada deve ter:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Por favor, informe o tamanho da chave RSA a ser criada. A mesma não deve ser " +"menor que 1024 bits devido a uma chave de tamanho menor que esse ser " +"considerada insegura. Você também não precisará de nada maior que 4096 " +"porque isso somente deixaria o processo de autenticação mais lento e não " +"seria necessário no momento." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Criar um certificado X.509 auto-assinado?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Somente certificados X.509 auto-assinados podem ser criados automaticamente, " +"devido a uma Autoridade Certificadora ser necessária para assinar a " +"requisição de certificado. Caso você queira criar um certificado auto-" +"assinado, você poderá usá-lo imediatamente para conectar a outros hosts " +"IPsec que suportem certificados X.509 para autenticação de conexões IPsec. " +"Porém, usar os novos recursos PKI do strongSwan requer que todos seus " +"certificados sejam assinados por uma única Autoridade Certificadora para " +"criar um caminho de confiança." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Caso você não queira criar um certificado auto-assinado, somente a chave " +"privada RSA e a requisição de certificado serão criadas, e você terá que " +"assinar a requisição de certificado junto a sua Autoridade Certificadora." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "Código de país para a requisição de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Por favor, informe o código de duas letras do país onde o servidor reside " +"(como \"BR\" para Brasil)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"O OpenSSL se recusará a gerar um certificado a menos que este valor seja um " +"código de país ISO-3166 válido; um valor vazio é permitido em qualquer outro " +"campo do certificado X.509, mas não aqui." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Estado ou nome de província para a requisição de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Por favor, informe o nome completo do estado ou província em que o servidor " +"reside (como \"São Paulo\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Nome da localidade para a requisição de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Por favor, informe a localidade em que o servidor reside (como \"São Paulo" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Nome da organização para a requisição de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Por favor, informe a organização à qual o servidor pertence (como \"Debian" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Unidade organizacional para a requisição de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Por favor, informe a unidade organizacional à qual o servidor pertence (como " +"\"grupo de segurança\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Nome Comum para a requisição de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Por favor, informe o Nome Comum (\"Common Name\") para este host (como " +"\"gateway.example.org\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "Endereço de e-mail para a requisição de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Por favor, informe o endereço de e-mail da pessoa ou organização responsável " +"pelo certificado X.509." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Habilitar encriptação oportunista?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Esta versão do strongSwan suporta encriptação oportunista (OE), a qual " +"armazena informação de autenticação IPsec em registros DNS. Até que isso " +"seja amplamente difundido, ativá-la causará uma demora significante para " +"cada nova conexão de saída." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Você deve habilitar a encriptação oportunista somente se você tiver certeza " +"de querê-la. Ela pode quebrar a conexão à Internet (rota padrão) quando o " +"daemon iniciar." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "O daemon \"pluto\" deve estar em execução para suportar a versão 1 do " +#~ "protocolo Internet Key Exchange." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "Iniciar o daemon IKEv2 do strongSwan?" + +#, fuzzy +#~ msgid "Do you wish to restart strongSwan?" +#~ msgstr "Você deseja reiniciar o Openswan ?" + +#, fuzzy +#~ msgid "Please enter the location of your X509 certificate in PEM format:" +#~ msgstr "" +#~ "Por favor, informe a localização do arquivo contendo seu certificado X509 " +#~ "no formato PEM." + +#, fuzzy +#~ msgid "Please enter the location of your X509 private key in PEM format:" +#~ msgstr "" +#~ "Por favor, informe a localização do arquivo contendo seu certificado X509 " +#~ "no formato PEM." + +#, fuzzy +#~ msgid "You may now enter the location of your X509 RootCA in PEM format:" +#~ msgstr "" +#~ "Por favor, informe a localização do arquivo contendo seu certificado X509 " +#~ "no formato PEM." + +#, fuzzy +#~| msgid "" +#~| "Please enter the 2 letter country code for your country. This code will " +#~| "be placed in the certificate request." +#~ msgid "" +#~ "Please enter the 2 letter country code for your country. This code will " +#~ "be placed in the certificate request." +#~ msgstr "" +#~ "Por favor, informe o códifo de país de duas letras para seu país. Esse " +#~ "código será inserido na requisição de certificado." + +#~ msgid "Example: AT" +#~ msgstr "Exemplo: BR" + +#~ msgid "Example: Upper Austria" +#~ msgstr "Exemplo : Sao Paulo" + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization (e.g. company) that the X509 certificate " +#~| "should be created for. This name will be placed in the certificate " +#~| "request." +#~ msgid "" +#~ "Please enter the locality (e.g. city) where you live. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Por favor, informe a organização (ou seja, a empresa) para a qual este " +#~ "certificado X509 deverá ser criado. Esse nome será inserido na requisição " +#~ "de certificado." + +#~ msgid "Example: Vienna" +#~ msgstr "Exemplo : Sao Paulo" + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization (e.g. company) that the X509 certificate " +#~| "should be created for. This name will be placed in the certificate " +#~| "request." +#~ msgid "" +#~ "Please enter the organization (e.g. company) that the X509 certificate " +#~ "should be created for. This name will be placed in the certificate " +#~ "request." +#~ msgstr "" +#~ "Por favor, informe a organização (ou seja, a empresa) para a qual este " +#~ "certificado X509 deverá ser criado. Esse nome será inserido na requisição " +#~ "de certificado." + +#~ msgid "Example: Debian" +#~ msgstr "Exemplo : Debian" + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization (e.g. company) that the X509 certificate " +#~| "should be created for. This name will be placed in the certificate " +#~| "request." +#~ msgid "" +#~ "Please enter the organizational unit (e.g. section) that the X509 " +#~ "certificate should be created for. This name will be placed in the " +#~ "certificate request." +#~ msgstr "" +#~ "Por favor, informe a organização (ou seja, a empresa) para a qual este " +#~ "certificado X509 deverá ser criado. Esse nome será inserido na requisição " +#~ "de certificado." + +#~ msgid "Example: security group" +#~ msgstr "Exemplo : Grupo de Segurança" + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization (e.g. company) that the X509 certificate " +#~| "should be created for. This name will be placed in the certificate " +#~| "request." +#~ msgid "" +#~ "Please enter the common name (e.g. the host name of this machine) for " +#~ "which the X509 certificate should be created for. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Por favor, informe a organização (ou seja, a empresa) para a qual este " +#~ "certificado X509 deverá ser criado. Esse nome será inserido na requisição " +#~ "de certificado." + +#~ msgid "Example: gateway.debian.org" +#~ msgstr "Exemplo : gateway.debian.org" + +#, fuzzy +#~ msgid "When to start strongSwan:" +#~ msgstr "Você deseja reiniciar o Openswan ?" + +#, fuzzy +#~ msgid "Create an RSA public/private keypair for this host?" +#~ msgstr "" +#~ "Você deseja criar um par de chaves RSA pública/privada para este host ?" + +#, fuzzy +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Você deseja criar um par de chaves RSA pública/privada para este host ?" + +#, fuzzy +#~ msgid "" +#~ "The required information can automatically be extracted from an existing " +#~ "X.509 certificate with a matching RSA private key. Both parts can be in " +#~ "one file, if it is in PEM format. You should choose this option if you " +#~ "have such an existing certificate and key file and want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "Este instalador pode extrair automaticamente a informação necessária de " +#~ "um certificado X509 existente com uma chave RSA privada adequada. Ambas " +#~ "as partes podem estar em um arquivo, caso estejam no formato PEM. Você " +#~ "possui um certificado existente e um arquivo de chave e quer usá-los para " +#~ "autenticar conexões IPSec ?" + +#, fuzzy +#~| msgid "" +#~| "Please enter the locality (e.g. city) where you live. This name will be " +#~| "placed in the certificate request." +#~ msgid "" +#~ "Please enter the locality name (often a city) that should be used in the " +#~ "certificate request." +#~ msgstr "" +#~ "Por favor, informe a localidade (ou seja, cidade) onde você mora. Esse " +#~ "nome será inserido na requisição de certificado." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organizational unit (e.g. section) that the X509 " +#~| "certificate should be created for. This name will be placed in the " +#~| "certificate request." +#~ msgid "" +#~ "Please enter the organization name (often a company) that should be used " +#~ "in the certificate request." +#~ msgstr "" +#~ "Por favor, informe a unidade organizacional (ou seja, seção ou " +#~ "departamento) para a qual este certificado deverá ser criado. Esse nome " +#~ "será inserido na requisição de certificado." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organizational unit (e.g. section) that the X509 " +#~| "certificate should be created for. This name will be placed in the " +#~| "certificate request." +#~ msgid "" +#~ "Please enter the organizational unit name (often a department) that " +#~ "should be used in the certificate request." +#~ msgstr "" +#~ "Por favor, informe a unidade organizacional (ou seja, seção ou " +#~ "departamento) para a qual este certificado deverá ser criado. Esse nome " +#~ "será inserido na requisição de certificado." + +#, fuzzy +#~| msgid "" +#~| "Please enter the common name (e.g. the host name of this machine) for " +#~| "which the X509 certificate should be created for. This name will be " +#~| "placed in the certificate request." +#~ msgid "" +#~ "Please enter the common name (such as the host name of this machine) that " +#~ "should be used in the certificate request." +#~ msgstr "" +#~ "Por favor, informe o nome comum (ou seja, o nome do host dessa máquina) " +#~ "para o qual o certificado X509 deverá ser criado. Esse nome será inserido " +#~ "na requisição de certificado." + +#~ msgid "earliest, \"after NFS\", \"after PCMCIA\"" +#~ msgstr "o quando antes, \"depois do NFS\", \"depois do PCMCIA\"" + +#, fuzzy +#~ msgid "" +#~ "There are three possibilities when strongSwan can start: before or after " +#~ "the NFS services and after the PCMCIA services. The correct answer " +#~ "depends on your specific setup." +#~ msgstr "" +#~ "Com os níveis de inicialização atuais do Debian (quase todos os serviços " +#~ "iniciando no nível 20) é impossível para o Openswan sempre iniciar no " +#~ "momento correto. Existem três possibilidades para quando iniciar o " +#~ "Openswan : antes ou depois dos serviços NFS e depois dos serviços PCMCIA. " +#~ "A resposta correta depende se sua configuração específica." + +#, fuzzy +#~ msgid "" +#~ "If you do not have your /usr tree mounted via NFS (either you only mount " +#~ "other, less vital trees via NFS or don't use NFS mounted trees at all) " +#~ "and don't use a PCMCIA network card, then it's best to start strongSwan " +#~ "at the earliest possible time, thus allowing the NFS mounts to be secured " +#~ "by IPSec. In this case (or if you don't understand or care about this " +#~ "issue), answer \"earliest\" to this question (the default)." +#~ msgstr "" +#~ "Caso você não possua sua àrvore /usr montada via NFS (você somente monta " +#~ "outras àrvores não vitais via NFS ou não usa àrvores montadas via NFS) e " +#~ "não use um cartão de rede PCMCIA, a melhor opção é iniciar o Openswan o " +#~ "quando antes, permitindo dessa forma que os pontos de montagem NFS " +#~ "estejam protegidos por IPSec. Nesse caso (ou caso você não compreenda ou " +#~ "não se importe com esse problema), responda \"o quando antes\" para esta " +#~ "pergunta (o que é o padrão)." + +#, fuzzy +#~ msgid "" +#~ "If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +#~ "card, then you will need to start strongSwan after NFS so that all " +#~ "necessary files are available. In this case, answer \"after NFS\" to this " +#~ "question. Please note that the NFS mount of /usr can not be secured by " +#~ "IPSec in this case." +#~ msgstr "" +#~ "Caso você possua sua àrvore /usr montada via NFS e não use um cartão de " +#~ "rede PCMCIA, você precisará iniciar o Openswan depois do NFS de modo que " +#~ "todos os arquivos necessários estejam disponíveis. Nesse caso, responda " +#~ "\"depois do NFS\" para esta pergunta. Por favor, note que a montagem NFS " +#~ "de /usr não poderá ser protegida pelo IPSec nesse caso." + +#~ msgid "" +#~ "If you use a PCMCIA network card for your IPSec connections, then you " +#~ "only have to choose to start it after the PCMCIA services. Answer \"after " +#~ "PCMCIA\" in this case. This is also the correct answer if you want to " +#~ "fetch keys from a locally running DNS server with DNSSec support." +#~ msgstr "" +#~ "Caso você use um cartão de rede PCMCIA para suas conexões IPSec você " +#~ "precisará somente optar por iniciar o Opensan depois dos serviços PCMCIA. " +#~ "Responda \"depois do PCMCIA\" nesse caso. Esta é também a maneira correta " +#~ "de obter chaves de um servidor DNS sendo executado localmente e com " +#~ "suporte a DNSSec." + +#, fuzzy +#~ msgid "Do you wish to support IKEv1?" +#~ msgstr "Você deseja reiniciar o Openswan ?" + +#, fuzzy +#~ msgid "Do you wish to support IKEv2?" +#~ msgstr "Você deseja reiniciar o Openswan ?" + +#, fuzzy +#~ msgid "" +#~ "strongSwan comes with support for opportunistic encryption (OE), which " +#~ "stores IPSec authentication information (i.e. RSA public keys) in " +#~ "(preferably secure) DNS records. Until this is widely deployed, " +#~ "activating it will cause a significant slow-down for every new, outgoing " +#~ "connection. Since version 2.0, strongSwan upstream comes with OE enabled " +#~ "by default and is thus likely to break your existing connection to the " +#~ "Internet (i.e. your default route) as soon as pluto (the strongSwan " +#~ "keying daemon) is started." +#~ msgstr "" +#~ "O Openswan suporta encriptação oportunística (OE), a qual armazena " +#~ "informações de autenticação IPSec (por exemplo, chaves públicas RSA) em " +#~ "registros DNS (preferivelmente seguros). Até que esse suporte esteja " +#~ "largamento sendo utilizado, ativá-lo irá causar uma signficante lentidão " +#~ "para cada nova conexão de saída. Iniciando a partir da versão 2.0, o " +#~ "Openswan, da forma como é distribuído pelos desenvolvedores oficiais, é " +#~ "fornecido com o suporte a OE habilitado por padrão e, portanto, " +#~ "provavelmente irá quebrar suas conexões existentes com a Internet (por " +#~ "exemplo, sua rota padrão) tão logo o pluto (o daemon de troca de chaves " +#~ "do Openswan) seja iniciado." + +#~ msgid "" +#~ "Please choose whether you want to enable support for OE. If unsure, do " +#~ "not enable it." +#~ msgstr "" +#~ "Por favor, informe se você deseja habilitar o suporte a OE. Em caso de " +#~ "dúvidas, não habilite esse suporte." + +#~ msgid "x509, plain" +#~ msgstr "x509, pura" + +#, fuzzy +#~ msgid "The type of RSA keypair to create:" +#~ msgstr "Qual tipo de par de chaves RSA você deseja criar ?" + +#, fuzzy +#~ msgid "" +#~ "It is possible to create a plain RSA public/private keypair for use with " +#~ "strongSwan or to create a X509 certificate file which contains the RSA " +#~ "public key and additionally stores the corresponding private key." +#~ msgstr "" +#~ "É possível criar um par de chaves RSA pública/privada pura (plain) para " +#~ "uso com o Openswan ou para criar um arquivo de certificado X509 que irá " +#~ "conter a chave RSA pública e adicionalmente armazenar a chave privada " +#~ "correspondente." + +#, fuzzy +#~ msgid "" +#~ "If you only want to build up IPSec connections to hosts also running " +#~ "strongSwan, it might be a bit easier using plain RSA keypairs. But if you " +#~ "want to connect to other IPSec implementations, you will need a X509 " +#~ "certificate. It is also possible to create a X509 certificate here and " +#~ "extract the RSA public key in plain format if the other side runs " +#~ "strongSwan without X509 certificate support." +#~ msgstr "" +#~ "Caso você queira somente construir conexões IPsec para hosts e também " +#~ "executar o Openswan, pode ser um pouco mais fácil usar pares de chaves " +#~ "RSA puros (plain). Mas caso você queira se conectar a outras " +#~ "implementações IPSec, você precisará de um certificado X509. É também " +#~ "possível criar um certificado X509 aqui e extrair a chave pública em " +#~ "formato puro (plain) caso o outro lado execute o Openswan sem suporte a " +#~ "certificados X509." + +#, fuzzy +#~ msgid "" +#~ "Therefore a X509 certificate is recommended since it is more flexible and " +#~ "this installer should be able to hide the complex creation of the X509 " +#~ "certificate and its use in strongSwan anyway." +#~ msgstr "" +#~ "Um certificado X509 é recomendado, uma vez que o mesmo é mais flexível e " +#~ "este instalador é capaz de simplificar a complexa criação do certificado " +#~ "X509 e seu uso com o Openswan." + +#, fuzzy +#~ msgid "Please choose the when to start strongSwan:" +#~ msgstr "Você deseja reiniciar o Openswan ?" + +#, fuzzy +#~ msgid "At which level do you wish to start strongSwan ?" +#~ msgstr "Em que nível você deseja iniciar o Openswan ?" + +#~ msgid "2048" +#~ msgstr "2048" diff --git a/debian/po/ru.po b/debian/po/ru.po new file mode 100644 index 000000000..a5eb51724 --- /dev/null +++ b/debian/po/ru.po @@ -0,0 +1,454 @@ +# translation of ru.po to Russian +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the strongswan package. +# +# Yuri Kozlov <yuray@komyakino.ru>, 2009, 2010. +msgid "" +msgstr "" +"Project-Id-Version: strongswan 5.1.0-1\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-10-07 19:08+0400\n" +"Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n" +"Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n" +"Language: ru\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" +"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Заменена система управления уровнями выполнения" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"В предыдущих версиях пакета strongSwan предлагался выбор между тремя " +"уровнями запуска/останова. Из-за изменений стандартной процедуры запуска в " +"системе это больше не требуется и ненужно. В новых установках, а также в " +"старых, работающих на любом уровне, будут выбраны разумные уровни по " +"умолчанию. Если выполнятся обновление предыдущей версии и вы изменяли " +"параметры запуска strongSwan, прочитайте инструкции из файла NEWS.Debian о " +"том, как изменить соответствующую настройку." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Перезапустить strongSwan прямо сейчас?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Рекомендуется перезапустить strongSwan, так как при наличии исправлений " +"безопасности они не заработают, пока служба не будет перезапущена. " +"Большинство людей всё равно перезапускают службу, поэтому обычно лучше это " +"сделать. Однако это может привести к кратковременному разрыву существующих " +"соединений, поэтому если вы сейчас используете туннель strongSwan для " +"подключения перезапуск не рекомендуется." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "Запустить службу strongSwan charon?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Для поддержки протокола обмена ключами Интернет должна быть запущена служба " +"charon." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Использовать существующий сертификат X.509 для этого узла?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Сертификат X.509 для этого узла может быть автоматически создан или " +"импортирован. Он может использоваться для аутентификации IPSec соединений с " +"другими узлами, и это является предпочтительным способом создания безопасных " +"соединений IPSec. Также для аутентификации соединения можно использовать " +"общие секреты (одинаковые пароли на обоих концах туннеля), но при большом " +"количестве соединений аутентификация по ключам легче в администрировании и " +"она более безопасна." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Или же вы можете ответить отрицательно и позже вернуться к этому вопросу " +"запустив команду \"dpkg-reconfigure ostrongswan\"." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "создать" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "импортировать" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "Методы, использующие сертификат X.509 для аутентификации данного узла:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Возможно создать новый сертификат X.509, заданный пользователем, или " +"импортировать существующий открытый и закрытый ключи из файла(ов) PEM для " +"аутентификации соединений IPsec." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Если вы выберете создание нового сертификата X.509, то сначала вам будет " +"задано несколько вопросов, на которые нужно ответить до начала создания. " +"Учтите, что если вы хотите подписать открытый ключ в действующем центре " +"сертификации, то вам ненужно выбирать создание самоподписанного сертификата, " +"и все ответы должны точно удовлетворять требованиям ЦС, иначе запрос " +"сертификата может быть отклонён." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Если вы хотите импортировать существующий открытый и закрытый ключи, то вам " +"будет предложено указать имена файлов с ними (которые могут быть одинаковы, " +"если обе части хранятся в одном файле). Также вы можете указать имя файла, " +"где хранится открытый ключ(и) центра сертификации, но этот файл не может " +"совпадать с предыдущими. Заметим, что формат сертификатов X.509 должен быть " +"PEM и что закрытый ключ не должен быть зашифрован, иначе процедура импорта " +"завершится неудачно." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Имя файла сертификата X.509 в формате PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Введите полный путь к файлу, содержащему ваш сертификат X.509 в формате PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Имя файла сертификата X.509 в формате PEM с закрытым ключом:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Введите путь к файлу, содержащему закрытый ключ RSA для вашего сертификата " +"X.509 в формате PEM. Это может быть тот же файл, что и для сертификата X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Имя файла сертификата X.509 в формате PEM для RootCA:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Также вы можете ввести расположение файла с сертификатом корневого центра " +"сертификации X.509, используемого для подписи вашего сертификата в формате " +"PEM. Если у вас его нет или вы не хотите его использовать, то оставьте поле " +"пустым. Заметим, что невозможно хранить RootCA в одном файле с вашим " +"открытым или закрытым ключом сертификата X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Длина создаваемого ключа RSA:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Введите длину необходимую длину ключа RSA. Она должна быть не менее 1024 " +"бит, так как меньшая не считается безопасной, и вам, вероятно, не нужно " +"задавать значение более 4096, так как это только замедлит процесс " +"аутентификации и, в настоящее время, не очень рационально." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Создать самоподписанный сертификат X.509?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Процесс установки умеет создавать автоматически только самоподписанные " +"сертификаты X.509, так как иначе требуется работа центра сертификации для " +"подписи запроса сертификата. Созданный самоподписанный сертификат сразу " +"можно использовать для подключения к другим машинам с IPSec, которые " +"поддерживают сертификаты X.509 для аутентификации соединений IPSec. Однако, " +"если вы хотите воспользоваться новыми возможностями PKI из strongSwan, то " +"все ваши сертификаты X.509 должны быть подписаны единым сертификационным " +"центром для создания доверительного пути." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Если вы ответите отрицательно, то будет создан только закрытый ключ RSA, а " +"также запрос для сертификата, который вам нужно подписать в центре " +"сертификации." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "Код страны для запроса сертификата X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Введите двухбуквенный код страны, где расположен сервер (например, \"RU\" в " +"России)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"Здесь нужно ввести правильный код страны согласно ISO-3166, так как OpenSSL " +"откажется генерировать сертификаты в противном случае. Пустое значение " +"разрешено для любого поля сертификата X.509 кроме этого." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Название области или округа для запроса сертификата X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Укажите полное название области или округа, в котором находится сервер " +"(например, \"Moscow region\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Название места для запроса сертификата X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Укажите название места, где располагается сервер (например город, \"Sergiev " +"Posad\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Название организации для запроса сертификата X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Укажите название организации, которой принадлежит сервер (например, \"Debian" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "" +"Название структурной единицы организации для запроса сертификата X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Название структурной единицы организации для запроса сертификата X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Общеизвестное название для запроса сертификата X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Укажите общеизвестное название (например, имя данного компьютера), например, " +"\"gateway.example.org\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "Адрес электронной почты для запроса сертификата X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Укажите адрес электронной почты (человека или организации) для включения в " +"запрос сертификата." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Включить поддержку гибкого шифрования?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Эта версия strongSwan поддерживает гибкое шифрование (opportunistic " +"encryption, OE), при котором информация об аутентификации IPSec хранится в " +"записях DNS. Пока это широко не станет распространено, данная поддержка " +"приведёт к значительной задержке при каждом новом исходящем соединении." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Включайте гибкое шифрование, если вам это действительно нужно. Это может " +"прервать соединение с интернетом (маршрут по умолчанию) при запуске службы." diff --git a/debian/po/sv.po b/debian/po/sv.po new file mode 100644 index 000000000..14ee84013 --- /dev/null +++ b/debian/po/sv.po @@ -0,0 +1,461 @@ +# Translation of strongswan debconf template to Swedish +# Copyright (C) 2013 Martin Bagge <brother@bsnet.se> +# This file is distributed under the same license as the strongswan package. +# +# Martin Ågren <martin.agren@gmail.com>, 2008, 2009, 2010. +# Martin Bagge <brother@bsnet.se>, 2013 +msgid "" +msgstr "" +"Project-Id-Version: strongswan_sv\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-10-07 09:05+0100\n" +"Last-Translator: Martin Bagge / brother <brother@bsnet.se>\n" +"Language-Team: Swedish <debian-l10n-swedish@lists.debian.org>\n" +"Language: Swedish\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 1.5.4\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Gammal körnivåhantering har ersatts" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Tidigare versioner av paketet strongswan erbjöd ett val mellan tre olika " +"start-/stoppnivåer. På grund av ändringar i systemuppstartproceduren är " +"detta inte längre nödvändigt eller användbart. För alla nya installationer, " +"såväl som gamla installationer som kör i något av de fördefinierade lägena, " +"kommer rimliga standardvärden nu sättas. Om du uppgraderar från en tidigare " +"version och ändrade dina uppstartsparametrar för strongSwan, bör du ta en " +"titt på NEWS.Debian för instruktioner om hur du kan ändra din installation " +"på motsvarande sätt." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Starta om strongSwan nu?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Att starta om strongSwan rekommenderas eftersom en eventuell " +"säkerhetsrättning inte kommer användas förrän demonen startas om. De flesta " +"förväntar att servern startas om, så detta är normalt en bra ide. Detta kan " +"dock stänga existerande anslutningar och sedan ta upp dem igen, så om du " +"använder en strongSwan-tunnel för att genomföra den här uppdateringen är en " +"omstart inte rekommenderad." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "Starta strongSwans charon-demon?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Charon-demonen måste köras för att stödja Internet Key Exchange-protokollet." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Vill du använda ett X.509-certifikat för den här värden?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Ett X.509-certifikat för den här värden kan skapas eller importeras " +"automatiskt. Det kan användas för att autentisera IPsec-anslutningar till " +"andra värdar och är det rekommenderade sättet för att bygga upp säkra IPsec-" +"anslutningar. Den andra möjligheten skulle vara att använda delade " +"säkerheter (lösenord som är samma på båda sidor av tunneln) för " +"autentisering av en anslutning, men för ett större antal anslutningar är " +"nyckelbaserad autentisering lättare att administrera och säkrare." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Alternativt kan du avfärda det här valet och använda kommandot \"dpkg-" +"reconfigure strongswan\" för att komma tillbaka vid ett senare tillfälle." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "skapa" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "importera" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"Metoder för användning av ett X.509-certifikat för autentisering av den här " +"värden:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Det är möjligt att skapa ett nytt X.509-certifikat med användar-definierade " +"inställningar eller att importera existerande publika och privata nycklar " +"lagrade i PEM-fil(er) för autentisering av IPsec-anslutningar." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Om du väljer att skapa ett nytt X.509-certifikat kommer du först få svara på " +"några frågor innan genereringen kan startas. Kom ihåg att du, om du vill att " +"den publika nyckeln ska signeras av existerande certifikatsutställare (CA), " +"inte ska välja att skapa ett självsignerat certifikat och att alla svar " +"precis måste motsvara de krav CA:n ställer. Annars kan certifikatsförfrågan " +"komma att avslås." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Om du vill importera existerande publika och privata nycklar kommer du " +"ombeds ange deras filnamn (som kan vara identiska om båda delarna sparas " +"tillsammans i en fil). Du kan även ange ett filnamn där CA:n publika nyckel " +"finns, men denna fil kan inte vara samma som de tidigare. Notera också att " +"formatet för X.509-certifikaten måste vara PEM och att den privata nyckeln " +"inte får vara krypterad för att den ska kunna importeras." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Namn på filen med ditt X.509-certifikat i PEM-format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Ange platsen för den fil som innehåller ditt X.509-certifikat i PEM-format." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Namn på filen med din privata X.509-nyckel i PEM-format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Ange platsen för den fil som innehåller den privata RSA-nyckel som matchar " +"ditt X.509-certifikat i PEM-format. Detta kan vara samma fil som innehåller " +"X.509-certifikatet." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Namn på filen med rot-CA:ns X.509-certifikat i PEM-format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Du kan nu, om du vill, ange platsen för den fil som innehåller ett X.509-" +"certifikat för den rot-CA som använts för att signera ditt certifikat i PEM-" +"format. Lämna fältet tomt om du inte har något sådant certifikat eller om du " +"inte vill använda det. Observera att det inte är möjligt att lagra rot-CA:n " +"i samma fil som ditt X.509-certifikat eller den privata nyckeln." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Ange vilken längd den skapade RSA-nyckeln ska ha:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Ange längden på den skapade RSA-nyckeln. Den bör inte vara kortare än 1024 " +"bitar eftersom det anses osäkert. Du behöver troligtvis inte mer än 4096 " +"bitar eftersom det gör autentiseringen långsammare och anses innebära en " +"onödigt stor säkerhetsmarginal för tillfället." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Vill du skapa ett självsignerat X.509-certifikat?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Endast självsignerade X.509-certifikat kan skapas automatiskt eftersom det " +"annars krävs en CA för att signera certifikatsförfrågan. Om du väljer att " +"skapa ett självsignerat certifikat, kan du genast använda det för att " +"ansluta till andra IPsec-värdar som stödjer X.509-certifikat för " +"autentisering av IPsec-anslutningar. Användning av strongSwans PKI-" +"funktioner kräver dock att alla certifikat har signerats av en och samma CA " +"för att skapa en tillitskedja." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Om du inte väljer att skapa ett självsignerat certifikta, kommer endast den " +"privata RSA-nyckeln och certifikatsförfrågan att skapas. Du måste dåfå " +"certifikatsförfrån signerad av din certifikatsutställare." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "Landskod för X.509-certifikatsförfrågan:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Ange den kod om två bokstäver som identifierar landet som servern står i " +"(exempelvis \"SE\" för Sverige)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL kommer vägra generera ett certifikat såvida det här värdet inte är " +"en giltig landskod enligt ISO-3166; ett tomt fält är giltigt på andra " +"ställen i X.509-certifikat, men inte här." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Region eller län för X.509-certifikatsförfrågan:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Ange namnet på den region eller den stat som servern står i (exempelvis " +"\"Skåne län\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Lokaliteten för X.509-certifikatsförfrågan:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "Ange den lokalitet servern står i (ofta en stad, såsom \"Malmö\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Organisationsnamn för X.509-certifikatsförfrågan:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Ange namnet på den organisation servern tillhör (exempelvis \"Debian\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Organisationsenhet för X.509-certifikatsförfrågan:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Ange den organisationsenhet servern tillhör (exempelvis \"säkerhetsgruppen" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Namn på X.509-certifikatsförfrågan:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "Ange namnet på den här värden (exempelvis \"gateway.example.org\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "E-postadress för X.509-certifikatsförfrågan:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Ange e-postadressen till den person eller organisation som är ansvarig för " +"X.509-certifikatet." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Vill du aktivera opportunistisk kryptering?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Denna version av strongSwan stödjer opportunistisk kryptering (OE), som " +"lagrar IPSec-autentiseringsinformation i DNS-registret. Till dess detta " +"används i stor utsträckning, kommer aktivering av det att orsaka betydande " +"fördröjningar för varje ny utgående anslutning." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Du ska bara aktivera opportunistisk kryptering om du är säker på att du vill " +"ha det. Det kan bryta internetanslutningen (standardvägen) när demonen " +"startas." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "Pluto-demonen måste köras för att stödja version 1 av Internet Key " +#~ "Exchange-protokollet." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "Starta strongSwans IKEv2-demon?" diff --git a/debian/po/templates.pot b/debian/po/templates.pot new file mode 100644 index 000000000..1a7f922ba --- /dev/null +++ b/debian/po/templates.pot @@ -0,0 +1,366 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: strongswan\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" diff --git a/debian/po/tr.po b/debian/po/tr.po new file mode 100644 index 000000000..b9a5b77b8 --- /dev/null +++ b/debian/po/tr.po @@ -0,0 +1,455 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# Atila KOÇ <koc@artielektronik.com.tr>, 2012, 2013. +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-10-24 11:17+0200\n" +"Last-Translator: Atila KOÇ <koc@artielektronik.com.tr>\n" +"Language-Team: Türkçe <debian-l10n-turkish@lists.debian.org>\n" +"Language: tr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 1.5.4\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Eski çalışma düzeyi yönetimi yerine yenisi geçti" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"strongSwan paketinin önceki sürümleri üç farklı Başlama/Durma-Seviyesi " +"arasında seçim şansı tanırdı. Bu, olağan sistem başlatma yordamındaki " +"değişiklikler nedeni ile artık gerekli ya da faydalı değildir. Şimdi tüm " +"yeni kurulumlar ve herhangi bir öntanımlı kipte çalışan eskiler için aynı " +"öntanımlı seviyeler ayarlanacaktır. Eğer eski bir sürümü yükseltiyorsanız ya " +"da strongSwan başlatma değişkenlerinizi değiştirdiyseniz, kurulumunuzu nasıl " +"uyumlandıracağınızı anlamak için NEWS.Debian'a göz atınız." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "strongSwan şimdi yeniden başlatılsın mı?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Yapılan güvenlik iyileştirmesi artalan süreci yeniden başlatılmadan " +"uygulanamayacağından, strongSwan'ı yeniden başlatmanız önerilir. Çoğu kişi " +"artalan sürecinin tekrar başlayacağını düşünür ve bu genellikle aldatıcıdır. " +"Oysa, yeniden başlatma, varolan bağlantıları koparıp yeniden yapar ki, eğer " +"bu güncellemeyi bir strongSwan tüneli bağlantısını kullanarak yapıyorsanız " +"yeniden başlatma önerilmez." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "strongSwan'ın 'charon' artalan süreci başlatılsın mı?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Internet Anahtar Değişimi (IKE) protokolünün desteklenmesi için 'charon' " +"artalan süreci çalışıyor olmalıdır." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Bu makine için bir X.509 sertifikası kullanılsın mı?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Bu makine için bir X.509 sertifikası kendiliğinden yaratılabilir ya da içe " +"aktarılabilir. Bu sertifika diğer makinelerle IPsec bağlantılarını " +"yetkilendirmek için kullanılacaktır ve bu yöntem güvenli IPsec bağlantıları " +"için yeğlenen seçenektir. Başka bir seçenek de bağlantıyı yetkilendirmek " +"için paylaşılan gizlerin (tünelin her iki tarafında da aynı olan parolalar) " +"kullanılmasıdır, fakat çoğu bağlantılarda anahtar tabanlı yetkilendirme daha " +"kolay yönetilir ve daha güvenlidir." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Dilerseniz bu öneriyi geri çevirir ve daha sonra \"dpkg-reconfigure " +"strongswan\" komutu ile yeniden değerlendirebilirisiniz." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "yarat" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "içe aktar" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "Bu makineyi yetkilendirmek için X.509 sertifika kullanım yöntemleri:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"IPsec bağlantılarını yetkilendirmek için kullanıcı tanımlı ayarlar ile yeni " +"bir X.509 sertifikası yaratmak ya da PEM dosyası içinde varolan bir anahtarı " +"içe aktarmak olasıdır." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Eğer yeni bir X.509 sertifikası yaratma seçeneğini seçerseniz, sertifika " +"yaratılmadan önce bir takım soruları yanıtlamanız gerekecektir. Unutmayın, " +"eğer ortak anahtarın varolan bir Sertifika Yetkilisi (CA) tarafından " +"imzalanmasını istiyorsanız, kendiliğinden imzalı bir sertifika yaratmayı " +"seçmemeli ve vereceğiniz tüm yanıtların Sertifika Yetkilisinin koşullarını " +"bütünüyle karşıladığından emin olmalısınız, tersi durumda sertifika " +"isteğiniz geri çevirilebilir." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Eğer varolan bir özel ve genel anahtarı içe aktarmak istiyorsanız, onların " +"dosya adlarını girmeniz istenecektir (eğer anahtarların ikisi de aynı " +"dosyada ise dosya adları da aynı olacaktır). İsteğe bağlı olarak, Sertifika " +"Yetkilisinin genel anahtarını barındıran dosya adını belirtebilirsiniz, " +"fakat bu dosya öncekilerle aynı olamaz. X.509 sertifikalarının biçiminin PEM " +"ve özel anahtarın şifrelenmemiş olması gerektiğini unutmayın yoksa içe " +"aktarma süreci başarısız olacaktır." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "PEM biçimindeki X.509 sertifikanızın dosya adı:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"PEM biçimindeki X.509 sertifikanızı barındıran dosyanın yolunu giriniz." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "PEM biçimindeki X.509 özel anahtarınızın dosya adı:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"X.509 sertifikanıza karşılık gelen özel RSA anahtarınızı barındıran PEM " +"biçimindeki dosyanın yolunu giriniz. Bu dosya, X.509 sertifikasını " +"barındıran dosya ile aynı olabilir." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "PEM biçimindeki X.509 KökSY (RootCA) dosya adı:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Şimdi, isteğe bağlı olarak, sertifikanızı imzalamak için kullanılan X.509 " +"Sertifika Yetkilisi kökünü barındıran dosyanın yolunu girebilirsiniz. Eğer " +"yoksa ya da kullanmak istemiyorsanız bu alanı boş bırakınız. Unutmayın, " +"KökSY (RootCA) ile X.509 sertifikanızı ya da özel anahtarınızı aynı dosyada " +"tutamazsınız." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "" +"Lütfen yaratılacak RSA anahtarının sahip olması gereken uzunluğu girin:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Yaratılacak RSA anahtar uzunluğunu giriniz. Anahtar uzunluğu, yeterince " +"güvenli olması için, 1024 bit'ten kısa olmamalı; doğrulama sürecini " +"yavaşlatmaması için de 4096 bit'ten fazla olmamalıdır ve zaten şu anda daha " +"fazlasına da gerek yoktur." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Öz imzalı bir sertifika yaratılsın mı?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Yalnızca öz imzalı X.509 sertifikaları kendiliğinden yaratılabilir, çünkü " +"öteki durumda sertifika isteğini imzalaması için bir Sertifika Yetkilisi " +"gereklidir. Eğer öz imzalı bir sertifika yaratmayı seçerseniz, onu hemen " +"X.509 sertifikaları ile yetkilendirmeyi destekleyen diğer IPsec makineleri " +"ile bağlanmak için kullanabilirsiniz. Öte yandan, strongSwan'ın PKI " +"özellikleri, güven yolu oluşturmak için tüm sertifikaların aynı Sertifika " +"Yetkilisi tarafından imzalanmış olmasını gerektirir." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Eğer öz imzalı bir sertifika yaratmayı seçmezseniz, yalnızca RSA özel " +"anahtarı ve sertifika isteği yaratılacaktır ve sizin bu isteği Sertifika " +"Yetkilinize imzalatmanız gerekecektedir." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "X.509 sertifika isteği için ülke kodu:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Sunucunun bulunduğu ülke için iki harfli ülke kodunu giriniz (Türkiye için " +"\"TR\" gibi)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"Bu geçerli bir ISO-3166 ülke kodu olmadığı sürece OpenSSL sertifika üretmeyi " +"geri çevirecektir; X.509 sertifikasının başka bir yerinde boş alan kabul " +"edilir ama burada değil." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "X.509 sertifika isteği için şehir adı:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "Sunucunun bulunduğu şehrin tam adını giriniz (örneğin \"Ankara\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "X.509 sertifika isteği için ilçe adı:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "Sunucunun bulunduğu ilçeyi girin (örneğin \"Yenimahalle\" gibi):" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "X.509 sertifika isteği için örgüt adı:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "Sunucunuzun bağlı olduğu örgütü giriniz (örneğin \"Debian\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "X.509 sertifika isteği için örgütsel birim:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Sunucunuzun bağlı olduğu örgütsel birimi giriniz (örneğin \"Çeviri Birimi\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "X.509 sertifika isteği için Genel Ad:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "Bu makine için Genel Ad giriniz (örneğin \"gumruk.example.org\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "X.509 sertifika isteği için e-posta adresi:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"X.509 sertifikasından sorumlu kişinin ya da örgütün e-posta adresini giriniz." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Fırsatçı şifrelemeye izin verilsin mi?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"strongSwan'ın bu sürümü IPsec doğrulama bilgisini DNS kayıtlarında tutan " +"fırsatçı şifrelemeyi (OE) desteklemektedir. Kullanımı yaygınlaşmadan " +"etkinleştirilirse her yeni çıkış bağlantısında ciddi gecikmelere neden " +"olacaktır." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Fırsatçı şifrelemeyi onu kullanmak istediğinizden eminseniz " +"etkinleştirmelisiniz. Bu, artalan süreci başladığında, Internet bağlantısını " +"(varsayılan rota) koparabilir." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "Internet Anahtar Değişimi (IKE) protokolü 1. sürümünün desteklenmesi için " +#~ "'pluto' artalan süreci çalışıyor olmalıdır." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "strongSwan'ın IKEv2 artalan süreci başlatılsın mı?" diff --git a/debian/po/vi.po b/debian/po/vi.po new file mode 100644 index 000000000..41358dbd7 --- /dev/null +++ b/debian/po/vi.po @@ -0,0 +1,462 @@ +# Vietnamese translation for StrongSwan. +# Copyright © 2010 Free Software Foundation, Inc. +# Clytie Siddall <clytie@riverland.net.au>, 2005-2010. +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan 4.4.0-1\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2010-10-03 19:22+1030\n" +"Last-Translator: Clytie Siddall <clytie@riverland.net.au>\n" +"Language-Team: Vietnamese <vi-VN@googlegroups.com>\n" +"Language: vi\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: LocFactoryEditor 1.8\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Quản lý cấp chạy cũ đã được thay thế" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Các phiên bản trước của gói strongSwan đã cho phép chọn trong ba cấp Chạy/" +"Dừng. Do thay đổi trong thủ tục khởi chạy tiêu chuẩn, không còn có thể làm " +"như thế, nó cũng không còn có ích. Cho mọi bản cài đặt mới, cũng như bản cài " +"đặt cũ nào đang chạy trong một của những chế độ xác định sẵn này, một cấp " +"mặc định thích hợp sắp được lập. Nếu bạn đang nâng cấp từ một phiên bản " +"trước và đã sửa đổi tham số khởi chạy nào của strongSwan, hãy xem tập tin " +"tin tức « NEWS.Debian » để tìm hướng dẫn về cách sửa đổi thiết lập cho phù " +"hợp." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Khởi chạy lại strongSwan ngay bây giờ ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Khuyên bạn khởi chạy lại strongSwan, vì sự sửa chữa bảo mật nào không phải " +"được áp dụng đến khi trình nền khởi chạy. Phần lớn các người trông đợi trình " +"nền khởi chạy thì nói chung nó là một ý kiến tốt. Tuy nhiên nó có thể tắt " +"rồi bật lại kết nối đã có, vì thế nếu bạn đang sử dụng (v.d.) một đường hầm " +"strongSwan để kết nối đến bản cập nhật này, không nên khởi chạy lại vào lúc " +"này." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +#, fuzzy +#| msgid "Start strongSwan's IKEv1 daemon?" +msgid "Start strongSwan's charon daemon?" +msgstr "Khởi chạy trình nền IKEv1 của strongSwan ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +#, fuzzy +#| msgid "" +#| "The charon daemon must be running to support version 2 of the Internet " +#| "Key Exchange protocol." +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Đồng thời cũng cần phải chạy trình nền charon, để hỗ trợ phiên bản 2 của " +"giao thức Trao Đổi Khoá Internet (IKE)." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Dùng chứng nhận X.509 cho máy này ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Một chứng nhận X.509 có thể được tự động tạo hoặc nhập cho máy này. Chứng " +"nhận này có thể được sử dụng để xác thực kết nối IPsec đến máy khác: nó là " +"phương pháp ưa thích để xây dựng kết nối IPsec bảo mật. Tuỳ chọn khác là sử " +"dụng điều bí mật chia sẻ (cùng một mật khẩu ở hai bên đường hầm) để xác thực " +"kết nối, nhưng mà cho nhiều kết nối dễ hơn quản lý sự xác thức dựa vào khoá, " +"và phương pháp này bảo mật hơn." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Hoặc bạn có thể từ chối tuỳ chọn này, và chạy câu lệnh « dpkg-reconfigure " +"strongswan » về sau để trở về tiến trình cấu hình này." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "tạo" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "nhập" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "Phương pháp sử dụng chứng nhận X.509 để xác thực máy này:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Có thể tạo một chứng nhận X.509 mới với thiết lập được người dùng xác định, " +"hoặc có thể nhập một cặp khoá (công và riêng) đã có theo tập tin PEM, để xác " +"thực kết nối IPsec." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Nếu bạn chọn tạo một chứng nhận X.509 mới thì đầu tiên bạn được hỏi một số " +"câu bắt buộc phải trả lời trước khi có thể bắt đầu tạo chứng nhận. Ghi nhớ " +"rằng nếu bạn muốn có khoá công được ký bởi một CA (nhà cầm quyền cấp chứng " +"nhận) đã tồn tại, bạn không nên chọn tạo một chứng nhận tự ký, và tất cả các " +"đáp ứng bạn làm phải tương ứng chính xác với yêu cầu của CA, không thì yêu " +"cầu chứng nhận có thể bị từ chối." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Nếu bạn muốn nhập một cặp khoá công và riêng đã có, bạn sẽ được nhắc nhập " +"(các) tên tập tin (mà có thể là trùng nếu cả hai khoá được giữ trong cùng " +"một tập tin). Tuỳ chọn bạn cũng có thể ghi rõ một tên tập tin chứa (các) " +"khoá công của CA, nhưng mà tập tin này phải khác với tập tin nhập trước. " +"Cũng ghi nhớ rằng định dạng của chứng nhận X.509 phải là PEM, và khoá riêng " +"không thể được mật mã, không thì tiến trình nhập không thành công." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Tên tập tin của chứng nhận X.509 dạng PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "Hãy nhập vị trí của tập tin chứa chứng nhận X.509 dạng PEM của bạn." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Tên tập tin cỳa khoá riêng X.509 dạng PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Hãy nhập vị trí của tập tin chứa khoá RSA riêng tương ứng với chứng nhận " +"X.509, cả hai theo định dạng PEM. (Đây có thể là cùng một tập tin với tập " +"tin chứa chứng nhận X.509.)" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Tên tập tin của RootCA X.509 dạng PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Tuỳ chọn bạn bây giờ có thể nhập vị trí của tập tin chứa gốc nhà cầm quyền " +"cấp chứng nhận X.509 được dùng để ký chứng nhận theo định dạng PEM của bạn. " +"Không có hoặc không muốn sử dụng nó thì bỏ trống trường này. Ghi chú rằng " +"không thể giữ RootCA trong cùng một tập tin với chứng nhận X.509 hoặc khoá " +"riêng của bạn." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Gõ chiều dài dự định của khoá RSA cần tạo :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Hãy nhập chiều dài của khoá RSA cần tạo. Ít hơn 1024 bit được thấy là không " +"an toàn, và lớn hơn 4096 bit chỉ làm chậm tiến trình xác thực và chưa cần " +"thiết." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Tạo một chứng nhận X.509 tự ký ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Chỉ chứng nhận X.509 tự ký có thể được tự động tạo, vì bằng cách khác một CA " +"cần thiết để ký yêu cầu chứng nhận. Nếu bạn chọn tạo một chứng nhận tự ký, " +"bạn có thể sử dụng nó ngay lập tức để kết nối tới máy IPsec khác có hỗ trợ " +"chứng nhận X.509 để xác thực kết nối IPsec. Tuy nhiên, tính năng PKI của " +"strongSwan yêu cầu tất cả các chứng nhận được ký bởi cùng một CA, để tạo một " +"đường dẫn tin cậy." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Nếu bạn không chọn tạo một chứng nhận tự ký thì chỉ khoá riêng RSA và yêu " +"cầu chứng nhận sẽ được tạo, và bạn cần phải ký yêu cầu chứng nhận bằng CA." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "Mã quốc gia cho yêu cầu chứng nhận X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Hãy nhập mã hai chữ cho quốc gia chứa máy phục vụ (v.d. « VI » cho Việt Nam)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"Không có mã quốc gia ISO-3166 đúng thì OpenSSL từ chối tạo chứng nhận. Có " +"thể bỏ trống trường ở một số nơi khác trong chứng nhận X.509 mà không phải ở " +"đây." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Tên của bảng hay tỉnh cho yêu cầu chứng nhận X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Hãy nhập tên đầy đủ của bang hay tỉnh chứa máy phục vụ (v.d. « Nghệ An »)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Tên vùng cho yêu cầu chứng nhận X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Hãy nhập vùng chứa máy phục vụ (thường là một thành phố, v.d. « Nhà Trắng »)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Tên tổ chức cho yêu cầu chứng nhận X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Hãy nhập tổ chức sở hữu máy phục vụ (v.d. « Debian » hoặc « Dự án MOST »)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Tên đơn vị tổ chức cho yêu cầu chứng nhận X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Hãy nhập tên đơn vị của tổ chức sở hữu máy phục vụ (v.d. « nhóm địa phương " +"hoá »)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Tên chung cho yêu cầu chứng nhận X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "Hãy nhập Tên Chung cho máy này (v.d. « cổng_ra.vị_dụ.org »)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "Địa chỉ thư cho yêu cầu chứng nhận X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Hãy nhập địa chỉ thư điện tử của người hoặc tổ chức chịu trách nhiệm về yêu " +"cầu chứng nhận này." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Bật mật mã cơ hội chủ nghĩa ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Phiên bản strongSwan này hỗ trợ mật mã cơ hội chủ nghĩa (OE) mà cất giữ " +"thông tin xác thực IPSec trong mục ghi DNS. Chức năng này chưa phổ biến thì " +"vẫn còn làm trễ mỗi kết nối mới gửi đi." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +#, fuzzy +#| msgid "" +#| "You should only enable opportunistic encryption if you are sure you want " +#| "it. It may break the Internet connection (default route) as the pluto " +#| "daemon starts." +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Chưa chắc thì không nên hiệu lực chức năng mật mã cơ hội chủ nghĩa. Nó cũng " +"có thể đóng kết nối Internet (đường dẫn mặc định) do trình nền pluto khởi " +"chạy." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "Đồng thời cũng cần phải chạy trình nền pluto, để hỗ trợ phiên bản 1 của " +#~ "giao thức Trao Đổi Khoá Internet (IKE)." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "Khởi chạy trình nền IKEv2 của strongSwan ?" diff --git a/debian/rules b/debian/rules new file mode 100755 index 000000000..ca02a0635 --- /dev/null +++ b/debian/rules @@ -0,0 +1,260 @@ +#!/usr/bin/make -f +export DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed -Wl,-O1 +#export DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed -Wl,-O1 -Wl,-z,defs +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \ + --enable-addrblock \ + --enable-agent \ + --enable-bypass-lan \ + --enable-ccm \ + --enable-certexpire \ + --enable-chapoly \ + --enable-cmd \ + --enable-ctr \ + --enable-curl \ + --enable-eap-aka \ + --enable-eap-gtc \ + --enable-eap-identity \ + --enable-eap-md5 \ + --enable-eap-mschapv2 \ + --enable-eap-radius \ + --enable-eap-tls \ + --enable-eap-tnc \ + --enable-eap-ttls \ + --enable-error-notify \ + --enable-gcm \ + --enable-gcrypt \ + --enable-ha \ + --enable-ldap \ + --enable-led \ + --enable-lookip \ + --enable-mediation \ + --enable-openssl \ + --enable-pkcs11 \ + --enable-test-vectors \ + --enable-tpm \ + --enable-unity \ + --enable-xauth-eap \ + --enable-xauth-pam \ + --disable-blowfish \ + --disable-des # BSD-Young license + #--with-user=strongswan --with-group=nogroup + # --enable-kernel-pfkey --enable-kernel-klips \ + # And for --enable-eap-sim we would need the library, which we don't + # have right now. + # Don't --enable-cisco-quirks, because some other IPsec implementations + # (most notably the Phion one) have problems connecting when pluto + # sends these Cisco options. + # don't enable medsrv/medcli right now (20160523) since clearsilver FTBFS + #--enable-medsrv --enable-medcli \ + +# get the various DEB_BUILD/DEB_HOST variables +include /usr/share/dpkg/architecture.mk + +# the padlock plugin only makes sense on i386 +# AESNI and RdRand only make sense on i386 and amd64 +ifeq ($(DEB_HOST_ARCH_CPU),i386) + CONFIGUREARGS += --enable-padlock --enable-rdrand --enable-aesni +endif + +ifeq ($(DEB_HOST_ARCH_CPU),amd64) + CONFIGUREARGS += --enable-rdrand --enable-aesni +endif + +ifeq ($(DEB_HOST_ARCH_OS),linux) + # only enable network-manager and capabilities dropping on linux hosts + # some plugins are linux-only too + CONFIGUREARGS += --enable-nm \ + --with-nm-ca-dir=/etc/ssl/certs \ + --with-capabilities=libcap \ + --enable-farp \ + --enable-dhcp \ + --enable-af-alg \ + --enable-connmark \ + --enable-systemd --enable-swanctl +endif + +ifeq ($(DEB_HOST_ARCH_OS),kfreebsd) + # recommended configure line for FreeBSD + # http://wiki.strongswan.org/projects/strongswan/wiki/FreeBSD + CONFIGUREARGS += --disable-kernel-netlink \ + --enable-kernel-pfkey --enable-kernel-pfroute \ + --with-group=wheel +endif + +override_dh_auto_configure: + dh_auto_configure -- $(CONFIGUREARGS) + +override_dh_auto_clean: + dh_auto_clean + # after a make clean, no binaries _should_ be left, but .... + -find $(CURDIR) -name "*.o" | xargs --no-run-if-empty rm + + # Really clean (#356716) + # This is a hack: should be better implemented + rm -f lib/libstrongswan/libstrongswan.a || true + rm -f lib/libstrongswan/liboswlog.a || true + + # just in case something went wrong + rm -f $(CURDIR)/debian/ipsec.secrets + + # and make sure that template are up-to-date + debconf-updatepo + + +override_dh_install-arch: + # remove all .la files + find debian/tmp/usr/lib -name '*.la' -delete + + # first special cases +ifeq ($(DEB_HOST_ARCH_OS),linux) + # handle Linux-only plugins + dh_install -p libstrongswan-standard-plugins usr/lib/ipsec/plugins/libstrongswan-connmark.so + dh_install -p libstrongswan-standard-plugins usr/share/strongswan/templates/config/plugins/connmark.conf + dh_install -p libstrongswan-standard-plugins etc/strongswan.d/charon/connmark.conf + dh_install -p libcharon-extra-plugins usr/lib/ipsec/plugins/libstrongswan-dhcp.so + dh_install -p libcharon-extra-plugins usr/share/strongswan/templates/config/plugins/dhcp.conf + dh_install -p libcharon-extra-plugins etc/strongswan.d/charon/dhcp.conf + + dh_install -p libcharon-extra-plugins usr/lib/ipsec/plugins/libstrongswan-farp.so + dh_install -p libcharon-extra-plugins usr/share/strongswan/templates/config/plugins/farp.conf + dh_install -p libcharon-extra-plugins etc/strongswan.d/charon/farp.conf + + dh_install -p libstrongswan usr/lib/ipsec/plugins/libstrongswan-kernel-netlink.so + dh_install -p libstrongswan usr/share/strongswan/templates/config/plugins/kernel-netlink.conf + dh_install -p libstrongswan etc/strongswan.d/charon/kernel-netlink.conf + + dh_install -p libstrongswan-extra-plugins usr/lib/ipsec/plugins/libstrongswan-af-alg.so + dh_install -p libstrongswan-extra-plugins usr/share/strongswan/templates/config/plugins/af-alg.conf + dh_install -p libstrongswan-extra-plugins etc/strongswan.d/charon/af-alg.conf + # the systemd service file only gets generated on Linux + dh_install -p strongswan-starter lib/systemd/system/strongswan.service +endif + +ifeq ($(DEB_HOST_ARCH_OS),kfreebsd) + # handle FreeBSD-only plugins + dh_install -p libstrongswan usr/lib/ipsec/plugins/libstrongswan-kernel-pfkey.so + dh_install -p libstrongswan usr/share/strongswan/templates/config/plugins/kernel-pfkey.conf + dh_install -p libstrongswan etc/strongswan.d/charon/kernel-pfkey.conf + + dh_install -p libstrongswan usr/lib/ipsec/plugins/libstrongswan-kernel-pfroute.so + dh_install -p libstrongswan usr/share/strongswan/templates/config/plugins/kernel-pfroute.conf + dh_install -p libstrongswan etc/strongswan.d/charon/kernel-pfroute.conf +endif + +ifeq ($(DEB_HOST_ARCH_CPU),i386) + # special handling for padlock, as it is only built on i386 + dh_install -p libstrongswan-extra-plugins usr/lib/ipsec/plugins/libstrongswan-padlock.so + dh_install -p libstrongswan-extra-plugins usr/share/strongswan/templates/config/plugins/padlock.conf + dh_install -p libstrongswan-extra-plugins etc/strongswan.d/charon/padlock.conf + + dh_install -p libstrongswan-extra-plugins usr/lib/ipsec/plugins/libstrongswan-rdrand.so + dh_install -p libstrongswan-extra-plugins usr/share/strongswan/templates/config/plugins/rdrand.conf + dh_install -p libstrongswan-extra-plugins etc/strongswan.d/charon/rdrand.conf + + dh_install -p libstrongswan-standard-plugins usr/lib/ipsec/plugins/libstrongswan-aesni.so + dh_install -p libstrongswan-standard-plugins usr/share/strongswan/templates/config/plugins/aesni.conf + dh_install -p libstrongswan-standard-plugins etc/strongswan.d/charon/aesni.conf +endif + +ifeq ($(DEB_HOST_ARCH_CPU), amd64) + dh_install -p libstrongswan-extra-plugins usr/lib/ipsec/plugins/libstrongswan-rdrand.so + dh_install -p libstrongswan-extra-plugins usr/share/strongswan/templates/config/plugins/rdrand.conf + dh_install -p libstrongswan-extra-plugins etc/strongswan.d/charon/rdrand.conf + + dh_install -p libstrongswan-standard-plugins usr/lib/ipsec/plugins/libstrongswan-aesni.so + dh_install -p libstrongswan-standard-plugins usr/share/strongswan/templates/config/plugins/aesni.conf + dh_install -p libstrongswan-standard-plugins etc/strongswan.d/charon/aesni.conf +endif + + # then install the rest, ignoring the above + dh_install \ + -X\.la -X\.a \ + -Xmedsrv -Xman3 \ + -Xlibstrongswan-connmark.so -X connmark.conf \ + -Xlibstrongswan-kernel- -X kernel- \ + -Xlibstrongswan-dhcp.so -X dhcp.conf \ + -Xlibstrongswan-farp.so -X farp.conf \ + -Xlibstrongswan-padlock.so -X padlock.conf \ + -Xlibstrongswan-rdrand.so -X rdrand.conf \ + -Xlibstrongswan-aesni.so -X aesni.conf \ + -Xlibstrongswan-af-alg.so -X af-alg.conf \ + -Xstrongswan.service + + # AppArmor. + dh_apparmor --profile-name=usr.lib.ipsec.charon -p strongswan-charon + dh_apparmor --profile-name=usr.lib.ipsec.lookip -p libcharon-extra-plugins + dh_apparmor --profile-name=usr.lib.ipsec.stroke -p strongswan-starter + dh_apparmor --profile-name=usr.sbin.swanctl -p strongswan-swanctl + dh_apparmor --profile-name=usr.sbin.charon-systemd -p charon-systemd + + # add additional files not covered by upstream makefile... + install --mode=0600 $(CURDIR)/debian/ipsec.secrets.proto $(CURDIR)/debian/strongswan-starter/etc/ipsec.secrets + # also "patch" ipsec.conf to include the debconf-managed file + echo >> $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf + echo "include /var/lib/strongswan/ipsec.conf.inc" >> $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf + # and to enable both IKEv1 and IKEv2 by default + sed -r 's/^[ \t]+# *charonstart=(yes|no) */\tcharonstart=yes/' < $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf > $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf.tmp + mv $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf.tmp $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf + + # set permissions on ipsec.secrets and private key directories + chmod 600 $(CURDIR)/debian/strongswan-starter/etc/ipsec.secrets + chmod 700 -R $(CURDIR)/debian/strongswan-starter/etc/ipsec.d/private/ + chmod 700 -R $(CURDIR)/debian/strongswan-starter/var/lib/strongswan/ + chmod 700 -R $(CURDIR)/debian/strongswan-swanctl/etc/swanctl/bliss/ + chmod 700 -R $(CURDIR)/debian/strongswan-swanctl/etc/swanctl/ecdsa/ + chmod 700 -R $(CURDIR)/debian/strongswan-swanctl/etc/swanctl/pkcs8/ + chmod 700 -R $(CURDIR)/debian/strongswan-swanctl/etc/swanctl/private/ + chmod 700 -R $(CURDIR)/debian/strongswan-swanctl/etc/swanctl/rsa/ + + # this is handled by update-rc.d + rm -rf $(CURDIR)/debian/strongswan-starter/etc/rc?.d + + # delete var/lock/subsys and var/run to satisfy lintian + rm -rf $(CURDIR)/debian/openswan/var/lock + rm -rf $(CURDIR)/debian/openswan/var/run + + # more lintian cleanups + find $(CURDIR)/debian/*strongswan*/ -name ".cvsignore" | xargs --no-run-if-empty rm -f + find $(CURDIR)/debian/*strongswan*/ -name "/.svn/" | xargs --no-run-if-empty rm -rf + +override_dh_installinit: + dh_installinit -n --name=ipsec + +override_dh_installchangelogs: + dh_installchangelogs NEWS + +override_dh_strip: + dh_strip --dbgsym-migration='strongswan-dbg (<< 5.3.5-2~)' + +override_dh_fixperms: + dh_fixperms \ + -X etc/ipsec.d \ + -X etc/ipsec.secrets \ + -X etc/swanctl/bliss \ + -X etc/swanctl/ecdsa \ + -X etc/swanctl/pkcs8 \ + -X etc/swanctl/private \ + -X etc/swanctl/rsa \ + -X var/lib/strongswan + +override_dh_makeshlibs: + dh_makeshlibs -n -X usr/lib/ipsec/plugins + +override_dh_installlogcheck: + dh_installlogcheck --name strongswan + +override_dh_auto_test: +ifeq ($(DEB_BUILD_ARCH),amd64) + dh_auto_test +endif + +override_dh_missing-arch: + dh_missing --fail-missing + +override_dh_missing-indep: + dh_missing --list-missing + +%: + dh $@ --with systemd diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 000000000..163aaf8d8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/source/options b/debian/source/options new file mode 100644 index 000000000..9942c61f1 --- /dev/null +++ b/debian/source/options @@ -0,0 +1 @@ +extend-diff-ignore = "(^|/)(config\.sub|config\.guess|Makefile)$" diff --git a/debian/strongswan-charon.install b/debian/strongswan-charon.install new file mode 100644 index 000000000..cd4ca6cac --- /dev/null +++ b/debian/strongswan-charon.install @@ -0,0 +1,6 @@ +usr/lib/ipsec/charon +usr/share/strongswan/templates/config/strongswan.d/charon.conf +usr/share/strongswan/templates/config/strongswan.d/charon-logging.conf +etc/strongswan.d/charon-logging.conf +etc/strongswan.d/charon.conf +debian/usr.lib.ipsec.charon /etc/apparmor.d/ diff --git a/debian/strongswan-libcharon.install b/debian/strongswan-libcharon.install new file mode 100644 index 000000000..06b4859b5 --- /dev/null +++ b/debian/strongswan-libcharon.install @@ -0,0 +1,19 @@ +usr/lib/ipsec/libcharon* +## libcharon plugins +# socket-default +usr/lib/ipsec/plugins/libstrongswan-socket-default.so +usr/share/strongswan/templates/config/plugins/socket-default.conf +etc/strongswan.d/charon/socket-default.conf +# counters +usr/lib/ipsec/plugins/libstrongswan-counters.so +usr/share/strongswan/templates/config/plugins/counters.conf +etc/strongswan.d/charon/counters.conf +# updown +usr/lib/ipsec/plugins/libstrongswan-updown.so +usr/share/strongswan/templates/config/plugins/updown.conf +etc/strongswan.d/charon/updown.conf +usr/lib/ipsec/_updown +# bypass-lan +usr/lib/ipsec/plugins/libstrongswan-bypass-lan.so +usr/share/strongswan/templates/config/plugins/bypass-lan.conf +etc/strongswan.d/charon/bypass-lan.conf diff --git a/debian/strongswan-nm.install b/debian/strongswan-nm.install new file mode 100644 index 000000000..12665af1f --- /dev/null +++ b/debian/strongswan-nm.install @@ -0,0 +1,2 @@ +usr/lib/ipsec/charon-nm +etc/dbus-1/system.d/nm-strongswan-service.conf diff --git a/debian/strongswan-pki.install b/debian/strongswan-pki.install new file mode 100644 index 000000000..7cccf5241 --- /dev/null +++ b/debian/strongswan-pki.install @@ -0,0 +1,16 @@ +usr/bin/pki +usr/share/man/man1/pki---acert.1 +usr/share/man/man1/pki---dn.1 +usr/share/man/man1/pki---gen.1 +usr/share/man/man1/pki---issue.1 +usr/share/man/man1/pki---keyid.1 +usr/share/man/man1/pki---pkcs7.1 +usr/share/man/man1/pki---print.1 +usr/share/man/man1/pki---pub.1 +usr/share/man/man1/pki---req.1 +usr/share/man/man1/pki---self.1 +usr/share/man/man1/pki---signcrl.1 +usr/share/man/man1/pki---verify.1 +usr/share/man/man1/pki.1 +usr/share/strongswan/templates/config/strongswan.d/pki.conf +etc/strongswan.d/pki.conf diff --git a/debian/strongswan-pki.lintian-overrides b/debian/strongswan-pki.lintian-overrides new file mode 100644 index 000000000..444d88b26 --- /dev/null +++ b/debian/strongswan-pki.lintian-overrides @@ -0,0 +1,4 @@ +# strongswan libraries are installed in /usr/lib/ipsec because they are private +# to the strongSwan project. We still want to split multiple binaries from the +# lib +strongswan-pki: binary-or-shlib-defines-rpath usr/bin/pki /usr/lib/ipsec diff --git a/debian/strongswan-scepclient.install b/debian/strongswan-scepclient.install new file mode 100644 index 000000000..e04bc65d0 --- /dev/null +++ b/debian/strongswan-scepclient.install @@ -0,0 +1,4 @@ +usr/lib/ipsec/scepclient +usr/share/man/man8/scepclient.8 +usr/share/strongswan/templates/config/strongswan.d/scepclient.conf +etc/strongswan.d/scepclient.conf diff --git a/debian/strongswan-starter.config b/debian/strongswan-starter.config new file mode 100644 index 000000000..cb9de0964 --- /dev/null +++ b/debian/strongswan-starter.config @@ -0,0 +1,46 @@ +#!/bin/sh -e + +. /usr/share/debconf/confmodule + +# disable for now, until we can deal with the don't-edit-conffiles situation +#db_input high strongswan/ikev1 || true +#db_input high strongswan/ikev2 || true + +db_input medium strongswan/restart || true + +db_input high strongswan/enable-oe || true + +db_get strongswan/install_x509_certificate +if [ "$RET" = "true" ]; then + db_input high strongswan/how_to_get_x509_certificate || true + db_go || true + + db_get strongswan/how_to_get_x509_certificate + if [ "$RET" = "create" ]; then + # create a new certificate + db_input medium strongswan/rsa_key_length || true + db_input high strongswan/x509_self_signed || true + # we can't allow the country code to be empty - openssl will + # refuse to create a certificate this way + countrycode="" + while [ -z "$countrycode" ]; do + db_input medium strongswan/x509_country_code || true + db_go || true + db_get strongswan/x509_country_code + countrycode="$RET" + done + db_input medium strongswan/x509_state_name || true + db_input medium strongswan/x509_locality_name || true + db_input medium strongswan/x509_organization_name || true + db_input medium strongswan/x509_organizational_unit || true + db_input medium strongswan/x509_common_name || true + db_input medium strongswan/x509_email_address || true + db_go || true + elif [ "$RET" = "import" ]; then + # existing certificate - use it + db_input critical strongswan/existing_x509_certificate_filename || true + db_input critical strongswan/existing_x509_key_filename || true + db_input critical strongswan/existing_x509_rootca_filename || true + db_go || true + fi +fi diff --git a/debian/strongswan-starter.dirs b/debian/strongswan-starter.dirs new file mode 100644 index 000000000..ae7ee9ea8 --- /dev/null +++ b/debian/strongswan-starter.dirs @@ -0,0 +1,9 @@ +/etc +/etc/init.d +/etc/ipsec.d +/etc/ipsec.d/cacerts +/etc/ipsec.d/crls +/etc/ipsec.d/ocspcerts +/etc/ipsec.d/policies +/etc/ipsec.d/private +/var/lib/strongswan diff --git a/debian/strongswan-starter.install b/debian/strongswan-starter.install new file mode 100644 index 000000000..9a4c0d169 --- /dev/null +++ b/debian/strongswan-starter.install @@ -0,0 +1,18 @@ +#starter +usr/lib/ipsec/starter +usr/share/strongswan/templates/config/strongswan.d/starter.conf +etc/strongswan.d/starter.conf +usr/lib/ipsec/_copyright +usr/sbin/ipsec +etc/ipsec.d +etc/ipsec.conf +etc/ipsec.secrets +usr/share/man/man8/ipsec.8 +usr/share/man/man5/ipsec.conf.5 +usr/share/man/man5/ipsec.secrets.5 +#stroke +usr/lib/ipsec/stroke +usr/lib/ipsec/plugins/libstrongswan-stroke.so +usr/share/strongswan/templates/config/plugins/stroke.conf +etc/strongswan.d/charon/stroke.conf +debian/usr.lib.ipsec.stroke /etc/apparmor.d/ diff --git a/debian/strongswan-starter.ipsec.init b/debian/strongswan-starter.ipsec.init new file mode 100644 index 000000000..e90f0e731 --- /dev/null +++ b/debian/strongswan-starter.ipsec.init @@ -0,0 +1,151 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: ipsec +# Required-Start: $network $remote_fs +# Required-Stop: $network $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Strongswan IPsec services +### END INIT INFO + +# Author: Rene Mayrhofer <rene@mayrhofer.eu.org> + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="strongswan IPsec services" +NAME=ipsec +STARTER=/usr/sbin/$NAME +PIDFILE=/var/run/charon.pid +CHARON=/usr/lib/ipsec/charon +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$STARTER" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# Create lock dir +mkdir -p /var/lock/subsys + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + + # test if charon is currently running + if [ -e $CHARON ]; then + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $CHARON --test > /dev/null \ + || return 1 + fi + + $STARTER start || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + # give the proper signal to stop + $STARTER stop || return 2 + + RETVAL=0 + # but kill if that didn't work + if [ -e $PIDFILE ]; then + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + fi + + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + if [ -e $CHARON ]; then + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $CHARON + [ "$?" = 2 ] && return 2 + fi + + # strongswan is known to leave PID files behind when something goes wrong, cleanup here + rm -f $PIDFILE + # and just to make sure they are really really dead at this point... + killall -9 $CHARON 2>/dev/null + + return "$RETVAL" +} + +do_reload() { + $STARTER reload + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + $STARTER status || exit $? + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/debian/strongswan-starter.links b/debian/strongswan-starter.links new file mode 100644 index 000000000..cf397abbe --- /dev/null +++ b/debian/strongswan-starter.links @@ -0,0 +1 @@ +lib/systemd/system/strongswan.service lib/systemd/system/ipsec.service diff --git a/debian/strongswan-starter.lintian-overrides b/debian/strongswan-starter.lintian-overrides new file mode 100644 index 000000000..7c1f5ea8b --- /dev/null +++ b/debian/strongswan-starter.lintian-overrides @@ -0,0 +1,6 @@ +# as here private data is stored we need tighter perms here +strongswan-starter: non-standard-dir-perm etc/ipsec.d/private/ 0700 != 0755 +strongswan-starter: non-standard-file-perm etc/ipsec.secrets 0600 != 0644 +strongswan-starter: non-standard-dir-perm var/lib/strongswan/ 0700 != 0755 +# the full path is used to check the command presence +strongswan-starter: command-with-path-in-maintainer-script postrm:36 /usr/sbin/deluser diff --git a/debian/strongswan-starter.postinst b/debian/strongswan-starter.postinst new file mode 100644 index 000000000..9e4d7b10e --- /dev/null +++ b/debian/strongswan-starter.postinst @@ -0,0 +1,326 @@ +#! /bin/bash +# postinst script for strongswan +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postinst> `configure' <most-recently-configured-version> +# * <old-postinst> `abort-upgrade' <new version> +# * <conflictor's-postinst> `abort-remove' `in-favour' <package> +# <new-version> +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' +# <failed-install-package> <version> `removing' +# <conflicting-package> <version> +# for details, see /usr/share/doc/packaging-manual/ +# +# quoting from the policy: +# Any necessary prompting should almost always be confined to the +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' +# <failed-install-package> <version> `removing' +# <conflicting-package> <version> +# for details, see /usr/share/doc/packaging-manual/ +# +# quoting from the policy: +# Any necessary prompting should almost always be confined to the +# post-installation script, and should be protected with a conditional +# so that unnecessary prompting doesn't happen if a package's +# installation fails and the `postinst' is called with `abort-upgrade', +# `abort-remove' or `abort-deconfigure'. + +CONF_FILE=/var/lib/strongswan/ipsec.conf.inc +SECRETS_FILE=/var/lib/strongswan/ipsec.secrets.inc + +Warn () +{ + echo "$*" >&2 +} + +Error () +{ + Warn "Error: $*" +} + +insert_private_key_filename() { + if ! ( [ -e $SECRETS_INC_FILE ] && egrep -q ": RSA $1" $SECRETS_INC_FILE ); then + echo ": RSA $1" >> $SECRETS_INC_FILE + fi +} + +make_x509_cert() { + if [ $# -ne 12 ]; then + echo "Error in creating X.509 certificate" + exit 1 + fi + + case $5 in + false) + certreq=$4.req + selfsigned="" + ;; + true) + certreq=$4 + selfsigned="-x509" + ;; + *) + echo "Error in creating X.509 certificate" + exit 1 + ;; + esac + + echo -e "$6\n$7\n$8\n$9\n${10}\n${11}\n${12}\n\n\n" | \ + /usr/bin/openssl req -new -outform PEM -out $certreq \ + -newkey rsa:$1 -nodes -keyout $3 -keyform PEM \ + -days $2 $selfsigned >/dev/null +} + +enable_daemon_start() { + daemon=$1 + protocol=$2 + + echo -n "Enabling ${protocol} support by ${daemon}... " + if [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=yes\w*$" $CONF_FILE; then + echo "already enabled" + elif [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE; then + sed "s/${daemon}start=no/${daemon}start=yes/" < $CONF_FILE > $CONF_FILE.tmp + cp $CONF_FILE.tmp $CONF_FILE + rm $CONF_FILE.tmp + echo "done" + elif [ -e $CONF_FILE ] && egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" $CONF_FILE; then + sed "s/^\w+#\w*${daemon}start=(yes|no)\w*$/\t${daemon}start=yes/" < $CONF_FILE > $CONF_FILE.tmp + cp $CONF_FILE.tmp $CONF_FILE + rm $CONF_FILE.tmp + echo "done" + elif [ ! -e $CONF_FILE ]; then + echo -e "\t${daemon}start=yes" > $CONF_FILE + else + echo "ERROR: unknown or nonexistant ${daemon}start= directive, please fix manually!" + fi +} + +disable_daemon_start() { + daemon=$1 + protocol=$2 + + echo -n "Disabling ${protocol} support by ${daemon}... " + if [ -e $CONF_FILE ] && ( egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE || + egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" $CONF_FILE ); then + echo "already disabled" + elif [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=yes\w*$" $CONF_FILE; then + sed "s/${daemon}start=yes/${daemon}start=no/" < $CONF_FILE > $CONF_FILE.tmp + cp $CONF_FILE.tmp $CONF_FILE + rm $CONF_FILE.tmp + echo "done" + elif [ ! -e $CONF_FILE ]; then + echo -e "\t${daemon}start=yes" > $CONF_FILE + else + echo "ERROR: unknown or nonexistant ${daemon}start= directive, please fix manually!" + fi +} + +setup_strongswan_user() { + if ! getent passwd strongswan >/dev/null; then + adduser --quiet --system --no-create-home --home /var/lib/strongswan --shell /usr/sbin/nologin strongswan + fi +} + +. /usr/share/debconf/confmodule + +case "$1" in + configure) + db_get strongswan/install_x509_certificate + if [ "$RET" = "true" ]; then + db_get strongswan/how_to_get_x509_certificate + if [ "$RET" = "create" ]; then + # extract the key from a (newly created) x509 certificate + host=`hostname` + newkeyfile="/etc/ipsec.d/private/${host}Key.pem" + newcertfile="/etc/ipsec.d/certs/${host}Cert.pem" + if [ -e $newcertfile -o -e $newkeyfile ]; then + Error "$newcertfile or $newkeyfile already exists." + Error "Please remove them first an then re-run dpkg-reconfigure to create a new keypair." + else + # create a new certificate + db_get strongswan/rsa_key_length + keylength=$RET + db_get strongswan/x509_self_signed + selfsigned=$RET + db_get strongswan/x509_country_code + countrycode=$RET + if [ -z "$countrycode" ]; then countrycode="."; fi + db_get strongswan/x509_state_name + statename=$RET + if [ -z "$statename" ]; then statename="."; fi + db_get strongswan/x509_locality_name + localityname=$RET + if [ -z "$localityname" ]; then localityname="."; fi + db_get strongswan/x509_organization_name + orgname=$RET + if [ -z "$orgname" ]; then orgname="."; fi + db_get strongswan/x509_organizational_unit + orgunit=$RET + if [ -z "$orgunit" ]; then orgunit="."; fi + db_get strongswan/x509_common_name + commonname=$RET + if [ -z "$commonname" ]; then commonname="."; fi + db_get strongswan/x509_email_address + email=$RET + if [ -z "$email" ]; then email="."; fi + make_x509_cert $keylength 1500 "$newkeyfile" "$newcertfile" "$selfsigned" "$countrycode" "$statename" "$localityname" "$orgname" "$orgunit" "$commonname" "$email" + chmod 0600 "$newkeyfile" + umask 077 + insert_private_key_filename "$newkeyfile" + echo "Successfully created x509 certificate." + fi + elif [ "$RET" = "import" ]; then + # existing certificate - use it + db_get strongswan/existing_x509_certificate_filename + certfile=$RET + db_get strongswan/existing_x509_key_filename + keyfile=$RET + db_get strongswan/existing_x509_rootca_filename + cafile=$RET + + if [ ! "$certfile" ] || [ ! "$keyfile" ]; then + Error "Either the certificate or the key filename is not specified." + elif ! ( ( [ -f "$certfile" ] || [ -L "$certfile" ] ) && ( [ -f "$keyfile" ] || [ -L "$keyfile" ] ) && ( [ "$cafile" = "" ] || ( [ -f "$cafile" ] || [ -L "$cafile" ] ) ) ); then + Error "Either the certificate or the key"${cafile:+ or the rootca}" file is not a regular file or symbolic link." + elif [ ! "`grep 'BEGIN CERTIFICATE' $certfile`" ] || [ ! "`grep 'BEGIN RSA PRIVATE KEY' $keyfile`" ] || ( [ "$cafile" != "" ] && [ ! "`grep 'BEGIN CERTIFICATE' $cafile`" ] ); then + Error "Either the certificate or the key"${cafile:+ or the rootca}" file is not a valid PEM type file." + elif [ "$cafile" ] && ( [ "$certfile" = "$cafile" ] || [ "$keyfile" = "$cafile" ]); then + Error "The certificate or the key file contains the rootca - unable to import automatically." + elif [ "`grep 'BEGIN CERTIFICATE' $certfile | wc -l`" -gt 1 ]; then + Error "The certificate file contains more than one certificate - unable to import automatically." + elif [ "`grep 'ENCRYPTED' $keyfile`" ]; then + Error "The key file contains an encrypted key - unable to import automatically." + else + newcertfile="/etc/ipsec.d/certs/$(basename "$certfile")" + newkeyfile="/etc/ipsec.d/private/$(basename "$keyfile")" + if [ "$cafile" ]; then + newcafile="/etc/ipsec.d/private/$(basename "$cafile")" + else + newcafile="" + fi + + if [ -e "$newcertfile" ] || [ -e "$newkeyfile" ] || ( [ "$newcafile" != "" ] && [ -e "$newcafile" ] ); then + Error "$newcertfile or $newkeyfile"${newcafile:+ or $newcafile}" already exists." + Error "Please remove them first and then re-run dpkg-reconfigure to extract an existing keypair"${newcafile:+ and a rootca}"." + else + openssl x509 -in $certfile -out $newcertfile 2>/dev/null + umask 077 + openssl rsa -passin pass:"" -in $keyfile -out $newkeyfile 2>/dev/null + chmod 0600 "$newkeyfile" + insert_private_key_filename "$newkeyfile" + cp "$cafile" /etc/ipsec.d/cacerts + echo "Successfully integrated existing x509 certificate." + fi + fi + fi + db_set strongswan/install_x509_certificate false + fi + + # lets see if we are already using dependency based booting or the correct runlevel parameters + if ! ( [ "`find /etc/init.d/ -name '.depend.*'`" ] || [ "$runlevels" = "0K841K842S163S164S165S166K84" ] ); then + db_fset strongswan/runlevel_changes seen false + db_input high strongswan/runlevel_changes || true + db_go + + # if the admin did not change the runlevels which got installed by older packages we can modify them + if [ "$runlevels" = "0K346K34SS41" ] || [ "$runlevels" = "0K301K302S153S154S155S156K30" ] || [ "$runlevels" = "0K191K192S213S214S215S216K19" ]; then + update-rc.d -f ipsec remove + fi + + update-rc.d ipsec defaults 16 84 > /dev/null + fi + + db_get strongswan/enable-oe + if [ "$RET" != "true" ]; then + echo -n "Disabling opportunistic encryption (OE) in config file ... " + if [ -e $CONF_FILE ] && egrep -q "include /etc/ipsec.d/examples/no_oe.conf$" $CONF_FILE; then + # also update to new-style config + sed 's/.*include \/etc\/ipsec.d\/examples\/no_oe.conf/#include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp + mv $CONF_FILE.tmp $CONF_FILE + echo -n "converted old config line to new format" + fi + if [ -e $CONF_FILE ] && egrep -q "^include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then + sed 's/include \/etc\/ipsec.d\/examples\/oe.conf/#include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp + mv $CONF_FILE.tmp $CONF_FILE + echo "done" + elif [ ! -e $CONF_FILE ]; then + echo "#include /etc/ipsec.d/examples/oe.conf" > $CONF_FILE + else + echo "already disabled" + fi + else + echo -n "Enabling opportunistic encryption (OE) in config file ... " + if [ -e $CONF_FILE ] && egrep -q "include /etc/ipsec.d/examples/no_oe.conf$" $CONF_FILE; then + # also update to new-style config + sed 's/.*include \/etc\/ipsec.d\/examples\/no_oe.conf/include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp + mv $CONF_FILE.tmp $CONF_FILE + echo -n "converted old config line to new format" + fi + if [ -e $CONF_FILE ] && egrep -q "^include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then + echo "already enabled" + elif [ -e $CONF_FILE ] && egrep -q "^#.*include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then + sed 's/#.*include \/etc\/ipsec.d\/examples\/oe.conf/include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp + mv $CONF_FILE.tmp $CONF_FILE + echo "done" + elif [ ! -e $CONF_FILE ]; then + echo "include /etc/ipsec.d/examples/oe.conf" > $CONF_FILE + else + cat <<EOF >> $CONF_FILE +#Enable Opportunistic Encryption +include /etc/ipsec.d/examples/oe.conf +EOF + echo "done" + fi + fi + + # disabled for now, until we can solve the don't-edit-conffiles issue + #db_get strongswan/ikev1 + #if [ "$RET" != "true" ]; then + # enable_daemon_start "pluto" "IKEv1" + #else + # disable_daemon_start "pluto" "IKEv1" + #fi + #db_get strongswan/ikev2 + #if [ "$RET" != "true" ]; then + # enable_daemon_start "charon" "IKEv2" + #else + # disable_daemon_start "charon" "IKEv2" + #fi + + # create user for strongswan to change its uid into + setup_strongswan_user + + if [ -z "$2" ]; then + # no old configured version - start strongswan now + invoke-rc.d ipsec start || true + else + # does the user wish strongswan to restart? + db_get strongswan/restart + if [ "$RET" = "true" ]; then + invoke-rc.d ipsec restart || true # sure, we'll restart it for you + fi + fi + + db_stop + + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + ;; + + *) + echo "postinst called with unknown argument '$1'" >&2 + exit 0 + ;; +esac + +# dh_installdeb will replace this with shell code automatically + +#DEBHELPER# + +exit 0 diff --git a/debian/strongswan-starter.postrm b/debian/strongswan-starter.postrm new file mode 100644 index 000000000..ec4e6165e --- /dev/null +++ b/debian/strongswan-starter.postrm @@ -0,0 +1,51 @@ +#! /bin/sh +# postrm script for strongswan +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postrm> `remove' +# * <postrm> `purge' +# * <old-postrm> `upgrade' <new-version> +# * <new-postrm> `failed-upgrade' <old-version> +# * <new-postrm> `abort-install' +# * <new-postrm> `abort-install' <old-version> +# * <new-postrm> `abort-upgrade' <old-version> +# * <disappearer's-postrm> `disappear' <r>overwrit>r> <new-version> +# for details, see /usr/share/doc/packaging-manual/ + +case "$1" in + purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + + # update the menu system +# if [ -x /usr/bin/update-menus ]; then update-menus; fi + + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 0 + +esac + +if [ "$1" = "purge" ] ; then + update-rc.d ipsec remove >/dev/null + if getent passwd strongswan>/dev/null; then + if [ -x /usr/sbin/deluser ]; then + deluser --system strongswan + fi + fi + + rm -rf /etc/ipsec.d/ + rm -rf /var/run/pluto/ + rm -rf /var/lib/strongswan/ +fi + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + + diff --git a/debian/strongswan-starter.prerm b/debian/strongswan-starter.prerm new file mode 100644 index 000000000..c1ba063d6 --- /dev/null +++ b/debian/strongswan-starter.prerm @@ -0,0 +1,40 @@ +#! /bin/sh +# prerm script for strongswan +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <prerm> `remove' +# * <old-prerm> `upgrade' <new-version> +# * <new-prerm> `failed-upgrade' <old-version> +# * <conflictor's-prerm> `remove' `in-favour' <package> <new-version> +# * <deconfigured's-prerm> `deconfigure' `in-favour' +# <package-being-installed> <version> `removing' +# <conflicting-package> <version> +# for details, see /usr/share/doc/packaging-manual/ + +case "$1" in + upgrade) + ;; + remove|deconfigure) + invoke-rc.d ipsec stop || true +# install-info --quiet --remove /usr/info/strongswan.info.gz + ;; + failed-upgrade) + ;; + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + diff --git a/debian/strongswan-starter.templates b/debian/strongswan-starter.templates new file mode 100644 index 000000000..a54581e8a --- /dev/null +++ b/debian/strongswan-starter.templates @@ -0,0 +1,186 @@ +# These templates have been reviewed by the debian-l10n-english +# team +# +# If modifications/additions/rewording are needed, please ask +# debian-l10n-english@lists.debian.org for advice. +# +# Even minor modifications require translation updates and such +# changes should be coordinated with translators and reviewers. + +Template: strongswan/runlevel_changes +Type: note +_Description: Old runlevel management superseded + Previous versions of the strongSwan package gave a choice between + three different Start/Stop-Levels. Due to changes in the standard system + startup procedure, this is no longer necessary or useful. For all new + installations as well as old ones running in any of the predefined modes, + sane default levels will now be set. If you are upgrading from a previous + version and changed your strongSwan startup parameters, then please take a + look at NEWS.Debian for instructions on how to modify your setup accordingly. + +Template: strongswan/restart +Type: boolean +Default: true +_Description: Restart strongSwan now? + Restarting strongSwan is recommended, since if there is a security fix, it + will not be applied until the daemon restarts. Most people expect the daemon + to restart, so this is generally a good idea. However, this might take down + existing connections and then bring them back up, so if you are using such + a strongSwan tunnel to connect for this update, restarting is not recommended. + +Template: strongswan/charon +Type: boolean +Default: true +_Description: Start strongSwan's charon daemon? + The charon daemon must be running to support the Internet Key + Exchange protocol. + +Template: strongswan/install_x509_certificate +Type: boolean +Default: false +_Description: Use an X.509 certificate for this host? + An X.509 certificate for this host can be automatically created or imported. + It can be used to authenticate IPsec connections to other hosts + and is the preferred way of building up secure IPsec connections. The other + possibility would be to use shared secrets (passwords that are the same on + both sides of the tunnel) for authenticating a connection, but for a larger + number of connections, key based authentication is easier to administer and + more secure. + . + Alternatively you can reject this option and later use the command + "dpkg-reconfigure strongswan" to come back. + +Template: strongswan/how_to_get_x509_certificate +Type: select +__Choices: create, import +Default: create +_Description: Methods for using a X.509 certificate to authenticate this host: + It is possible to create a new X.509 certificate with user-defined settings + or to import an existing public and private key stored in PEM file(s) for + authenticating IPsec connections. + . + If you choose to create a new X.509 certificate you will first be asked + a number of questions which must be answered before the creation can start. + Please keep in mind that if you want the public key to get signed by + an existing Certificate Authority you should not select to create a + self-signed certificate and all the answers given must match exactly the + requirements of the CA, otherwise the certificate request may be rejected. + . + If you want to import an existing public and private key you will be + prompted for their filenames (which may be identical if both parts are stored + together in one file). Optionally you may also specify a filename where the + public key(s) of the Certificate Authority are kept, but this file cannot + be the same as the former ones. Please also be aware that the format for the + X.509 certificates has to be PEM and that the private key must not be encrypted + or the import procedure will fail. + +Template: strongswan/existing_x509_certificate_filename +Type: string +_Description: File name of your PEM format X.509 certificate: + Please enter the location of the file containing your X.509 certificate in + PEM format. + +Template: strongswan/existing_x509_key_filename +Type: string +_Description: File name of your PEM format X.509 private key: + Please enter the location of the file containing the private RSA key + matching your X.509 certificate in PEM format. This can be the same file + that contains the X.509 certificate. + +Template: strongswan/existing_x509_rootca_filename +Type: string +_Description: File name of your PEM format X.509 RootCA: + Optionally you can now enter the location of the file containing the X.509 + Certificate Authority root used to sign your certificate in PEM format. If you + do not have one or do not want to use it please leave the field empty. Please + note that it's not possible to store the RootCA in the same file as your X.509 + certificate or private key. + +Template: strongswan/rsa_key_length +Type: string +Default: 2048 +_Description: Please enter which length the created RSA key should have: + Please enter the length of the created RSA key. It should not be less than + 1024 bits because this should be considered unsecure and you will probably + not need anything more than 4096 bits because it only slows the + authentication process down and is not needed at the moment. + +Template: strongswan/x509_self_signed +Type: boolean +Default: true +_Description: Create a self-signed X.509 certificate? + Only self-signed X.509 certificates can be created + automatically, because otherwise a Certificate Authority is needed to sign + the certificate request. If you choose to create a self-signed certificate, + you can use it immediately to connect to other IPsec hosts that support + X.509 certificate for authentication of IPsec connections. However, using + strongSwan's PKI features requires all certificates to be signed by a single + Certificate Authority to create a trust path. + . + If you do not choose to create a self-signed certificate, only the RSA + private key and the certificate request will be created, and you will + have to sign the certificate request with your Certificate Authority. + +Template: strongswan/x509_country_code +Type: string +Default: AT +_Description: Country code for the X.509 certificate request: + Please enter the two-letter code for the country the server resides in + (such as "AT" for Austria). + . + OpenSSL will refuse to generate a certificate unless this is a valid + ISO-3166 country code; an empty field is allowed elsewhere in the X.509 + certificate, but not here. + +Template: strongswan/x509_state_name +Type: string +Default: +_Description: State or province name for the X.509 certificate request: + Please enter the full name of the state or province the server resides in + (such as "Upper Austria"). + +Template: strongswan/x509_locality_name +Type: string +Default: +_Description: Locality name for the X.509 certificate request: + Please enter the locality the server resides in (often a city, such + as "Vienna"). + +Template: strongswan/x509_organization_name +Type: string +Default: +_Description: Organization name for the X.509 certificate request: + Please enter the organization the server belongs to (such as "Debian"). + +Template: strongswan/x509_organizational_unit +Type: string +Default: +_Description: Organizational unit for the X.509 certificate request: + Please enter the organizational unit the server belongs to (such as + "security group"). + +Template: strongswan/x509_common_name +Type: string +Default: +_Description: Common Name for the X.509 certificate request: + Please enter the Common Name for this host (such as + "gateway.example.org"). + +Template: strongswan/x509_email_address +Type: string +Default: +_Description: Email address for the X.509 certificate request: + Please enter the email address of the person or organization + responsible for the X.509 certificate. + +Template: strongswan/enable-oe +Type: boolean +Default: false +_Description: Enable opportunistic encryption? + This version of strongSwan supports opportunistic encryption (OE), which stores + IPSec authentication information in + DNS records. Until this is widely deployed, activating it will + cause a significant delay for every new outgoing connection. + . + You should only enable opportunistic encryption if you are sure you want it. + It may break the Internet connection (default route) as the daemon starts. diff --git a/debian/strongswan-swanctl.install b/debian/strongswan-swanctl.install new file mode 100644 index 000000000..184ae88da --- /dev/null +++ b/debian/strongswan-swanctl.install @@ -0,0 +1,11 @@ +etc/strongswan.d/swanctl.conf +etc/strongswan.d/charon/vici.conf +etc/swanctl +usr/share/strongswan/templates/config/plugins/vici.conf +usr/share/strongswan/templates/config/strongswan.d/swanctl.conf +usr/share/man/man5/swanctl.conf.5 +usr/share/man/man8/swanctl.8 +usr/sbin/swanctl +usr/lib/ipsec/libvici.so* +usr/lib/ipsec/plugins/libstrongswan-vici.so +debian/usr.sbin.swanctl /etc/apparmor.d/ diff --git a/debian/strongswan-swanctl.lintian-overrides b/debian/strongswan-swanctl.lintian-overrides new file mode 100644 index 000000000..1af6f10d2 --- /dev/null +++ b/debian/strongswan-swanctl.lintian-overrides @@ -0,0 +1,6 @@ +# directories for private keys so tighten the permissions +strongswan-swanctl: non-standard-dir-perm etc/swanctl/bliss/ 0700 != 0755 +strongswan-swanctl: non-standard-dir-perm etc/swanctl/ecdsa/ 0700 != 0755 +strongswan-swanctl: non-standard-dir-perm etc/swanctl/pkcs8/ 0700 != 0755 +strongswan-swanctl: non-standard-dir-perm etc/swanctl/private/ 0700 != 0755 +strongswan-swanctl: non-standard-dir-perm etc/swanctl/rsa/ 0700 != 0755 diff --git a/debian/strongswan.docs b/debian/strongswan.docs new file mode 100644 index 000000000..e845566c0 --- /dev/null +++ b/debian/strongswan.docs @@ -0,0 +1 @@ +README diff --git a/debian/strongswan.logcheck b/debian/strongswan.logcheck new file mode 100644 index 000000000..e0ec04b3b --- /dev/null +++ b/debian/strongswan.logcheck @@ -0,0 +1,83 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] added child to existing configuration '[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] added configuration '[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] adding virtual IP address pool [.:[:xdigit:]]+/[0-9]{1,3}$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] assigning new lease to '[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] certificate status is not available$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] checking certificate status of "[^"]+"$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] deleted connection '[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] id '%any' not confirmed by certificate, defaulting to '[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] lease [.:[:xdigit:]]+ by '[^']+' went offline$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] left nor right host is our side, assuming left=local$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] loaded (ca )?certificate "[^"]+" from '[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] loaded (ECDSA|RSA) private key from '[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] loaded (IKE|EAP) secret for .+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] loading (aa|attribute|ca|ocsp signer) certificates from '[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] loading (crls|secrets) from '/[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] looking for (XAuthInitPSK )?peer configs matching [.:[:xdigit:]]+(\[[^\[]+\])?\.\.\.[.:[:xdigit:]]+\[[^\[]+\]$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] reached self-signed root ca with a path length of 0$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] reassigning offline lease to '[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] received stroke: add connection '[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] received stroke: ((add|delete) connection|initiate|terminate) '[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] selected peer config .+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] sending UNITY_SPLIT_INCLUDE: [.:[:xdigit:]]+/[0-9]{1,3}$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] using trusted (ca )?certificate "[^"]+"$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[DMN\] signal of type SIGINT received\. Shutting down$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[DMN\] Starting IKE charon daemon \(strongSwan [^)]+\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[ENC\] (generating|parsed) (CREATE_CHILD_SA|INFORMATIONAL(|_V1)|ID_PROT|IKE_(AUTH|SA_INIT)|QUICK_MODE|TRANSACTION) re(sponse|quest) [0-9]+ \[ [^]]*\]$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[ENC\] received unknown vendor ID: [:[:xdigit:]]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[ENC\] unknown attribute type \(28683\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] assigning virtual IP [.:[:xdigit:]]+ to peer '.+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] authentication of '[^']+' (\(myself\) )?with .+ (signature )?successful$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] CHILD_SA [^{]+\{[0-9]+\} established with SPIs [[:xdigit:]]+_i [[:xdigit:]]+_o and TS [.:[:xdigit:]]+/[0-9]{1,3}(\[[^]]+\])? === [.:[:xdigit:]]+/[0-9]{1,3}(\[[^]]+\])?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] CHILD_SA closed$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] CHILD_SA not found, ignored$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] closing CHILD_SA [^{]+\{[0-9]+\} with SPIs [[:xdigit:]]+_i \([0-9]+ bytes\) [[:xdigit:]]+_o \([0-9]+ bytes\) and TS [.:[:xdigit:]]+/[0-9]{1,3}(\[[^]]+\])? === [.:[:xdigit:]]+/[0-9]{1,3}(\[[^]]+\])?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] closing expired CHILD_SA [^{]+\{[0-9]+\} with SPIs [[:xdigit:]]+_i [[:xdigit:]]+_o and TS [.:[:xdigit:]]+/[0-9]{1,3}(\[[^]]+\])? === [.:[:xdigit:]]+/[0-9]{1,3}(\[[^]]+\])?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] deleting IKE_SA [^\[]+\[[0-9]+\] between [.:[:xdigit:]]+\[[^]]+\]\.\.\.[.:[:xdigit:]]+\[[^]]+\]$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] destroying IKE_SA in state CONNECTING without notification$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] (establish|restart)ing CHILD_SA .+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] faking NAT situation to enforce UDP encapsulation$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] giving up after [0-9]+ retransmits$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] IKE_SA [^\[]+\[[0-9]+\] established between [.:[:xdigit:]]+\[[^]]+\]\.\.\.[.:[:xdigit:]]+\[[^]]+\]$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] IKE_SA deleted$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] initiating (Main Mode )?IKE_SA [^\[]+\[[0-9]+\] to [.:[:xdigit:]]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] local host is behind NAT, sending keep alives$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] looking for a route to [.:[:xdigit:]]+ \.\.\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] maximum IKE_SA lifetime [0-9]+s$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] no route found to reach [.:[:xdigit:]]+, MOBIKE update deferred$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] old path is not available anymore, try to find another$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] peer not responding, trying again \([0-9]+/[0-9]+\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] peer requested virtual IP (%any|[.:[:xdigit:]]+)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] reauthenticating IKE_SA .+(\[[0-9]+\])$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] reauthenticating IKE_SA due to address change$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] received AUTH_LIFETIME of [0-9]+s, scheduling reauthentication in [0-9]+s$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] received retransmit of response with ID [0-9]+, but next request already sent$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] (received|sending) (cert request|end entity cert) for "[^"]+"$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] (received|sending) DELETE for ESP CHILD_SA with SPI [[:xdigit:]]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] (received|sending) DELETE for IKE_SA .+\[[0-9]+\]$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] received .+ vendor ID$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] remote host is behind NAT$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] retransmit [0-9]+ of request with message ID [0-9]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] scheduling reauthentication in [0-9]+s$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] sending DPD request$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] sending keep alive to [.:[:xdigit:]]+\[[0-9]+\]$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] sending retransmit [0-9]+ of request message ID [0-9]+, seq [0-9]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] XAuth authentication of '[^']+' successful$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] [.:[:xdigit:]]+ is initiating an IKE_SA$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[JOB\] deleting CHILD_SA after [0-9]+ seconds of inactivity$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[JOB\] DPD check timed out, enforcing DPD action$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[JOB\] spawning [0-9]+ worker threads$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[KNL\] creating (delete|rekey) job for CHILD_SA ESP/0x[[:xdigit:]]+/[.:[:xdigit:]]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[KNL\] creating (delete|rekey) job for ESP CHILD_SA with SPI [[:xdigit:]]+ and reqid \{[0-9]+\}$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[KNL\] interface .+ ((de)?activated|deleted)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[KNL\] [.:[:xdigit:]]+ (dis)?appeared (from|on) .+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[LIB\] dropped capabilities, running as uid [0-9]+, gid [0-9]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[LIB\] loaded plugins: .+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[LIB\] unable to load [0-9]+ plugin features \([0-9]+ due to unmet dependencies\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[NET\] error writing to socket: Network is unreachable$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[NET\] (received|sending) packet: from [.:[:xdigit:]]+\[[0-9]+\] to [.:[:xdigit:]]+\[[0-9]+\]( \([0-9]+ bytes\))?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ipsec\[[0-9]+\]: Stopping strongSwan IPsec\.\.\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ipsec_starter\[[0-9]+\]: charon \([0-9]+\) started after [0-9]+ ms$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ipsec_starter\[[0-9]+\]: charon stopped after [0-9]+ ms$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ipsec_starter\[[0-9]+\]: ipsec starter stopped$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ipsec(_starter)?\[[0-9]+\]: Starting strongSwan [0-9.]+ IPsec \[starter\]\.\.\.$ diff --git a/debian/tests/admin-strongswan-charon b/debian/tests/admin-strongswan-charon new file mode 100755 index 000000000..e9b57bd57 --- /dev/null +++ b/debian/tests/admin-strongswan-charon @@ -0,0 +1,17 @@ +#!/bin/sh +#-------------------------- +# Testing strongswan-charon +#-------------------------- +CMDS=" +/usr/lib/ipsec/charon +" + +for cmd in $CMDS; do + $cmd --help > /dev/null 2>&1 + RET=$? + + if [ $RET -ne 0 ]; then + echo "ERROR, failed to run ${cmd}" >&2 + exit $RET + fi +done diff --git a/debian/tests/admin-strongswan-starter b/debian/tests/admin-strongswan-starter new file mode 100755 index 000000000..7b32e00fd --- /dev/null +++ b/debian/tests/admin-strongswan-starter @@ -0,0 +1,21 @@ +#!/bin/sh +#--------------------------- +# Testing strongswan-starter +#--------------------------- +CMDS=" +/usr/bin/pki +/usr/lib/ipsec/_copyright +/usr/lib/ipsec/scepclient +/usr/lib/ipsec/stroke +/usr/sbin/ipsec +" + +for cmd in $CMDS; do + $cmd --help > /dev/null 2>&1 + RET=$? + + if [ $RET -ne 0 ]; then + echo "ERROR, failed to run ${cmd}" >&2 + exit $RET + fi +done diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 000000000..eb9e20463 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,3 @@ +Tests: daemon admin-strongswan-charon admin-strongswan-starter plugins +Depends: strongswan, libstrongswan-standard-plugins, libstrongswan-extra-plugins, libcharon-extra-plugins, strongswan-pki, strongswan-scepclient +Restrictions: needs-root isolation-container allow-stderr diff --git a/debian/tests/daemon b/debian/tests/daemon new file mode 100755 index 000000000..2a8b5e688 --- /dev/null +++ b/debian/tests/daemon @@ -0,0 +1,14 @@ +#!/bin/sh +#------------------------ +# Testing starter, charon +#------------------------ +DAEMONS="starter charon" + +for daemon in $DAEMONS; do + if pidof -x $daemon > /dev/null; then + echo "$daemon OK" + else + echo "ERROR: ${daemon} IS NOT RUNNING" + exit 1 + fi +done diff --git a/debian/tests/plugins b/debian/tests/plugins new file mode 100644 index 000000000..24825c83d --- /dev/null +++ b/debian/tests/plugins @@ -0,0 +1,28 @@ +#!/bin/bash +# find the set of plugins from default installed libraries +# and compare that with what ipsec has loaded. + +# restart strongswan to get current list of loaded modules +invoke-rc.d strongswan restart +invoke-rc.d strongswan status + +STRONGSWAN_PKGS="$(dpkg --list | awk '/(strongswan|charon)/ {print $2}')" +PLUGIN_PATH="/usr/lib/ipsec/plugins/" +EXPECTED_MODULES="charon" +for pkg in $STRONGSWAN_PKGS; do + P=$(dpkg -L $pkg | grep "^${PLUGIN_PATH}" | + sed -e "s,${PLUGIN_PATH}libstrongswan-,,g" -e 's,.so$,,') + EXPECTED_MODULES="${EXPECTED_MODULES} ${P}" +done +# expected to not load; they require configuration +# NB: keep leading/trailing space for regex generation +NOLOAD=" attr-sql coupling eap-simaka-sql eap-sim-file kernel-libipsec load-tester medcli medsrv sql systime-fix " +# rdrand is dynamically detected +MAYBELOAD="rdrand " +NOLOADR="(`echo "${NOLOAD}${MAYBELOAD}" | sed 's, ,$|^,g'`)" +MAYBELOADR="(`echo " ${MAYBELOAD}" | sed 's, ,$|^,g'`)" +EXPECTED=( `echo $EXPECTED_MODULES | fmt -w1 | egrep -v "$NOLOADR"` ) +LOADED=( `ipsec listplugins | grep :$ | grep -v "Plugin" | egrep -v "$MAYBELOADR" | sed 's,:,,g'` ) + +diff <(printf "%s\n" "${EXPECTED[@]}"|sort) <(printf "%s\n" "${LOADED[@]}"|sort) +exit $? diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc new file mode 100644 index 000000000..43fb530c6 --- /dev/null +++ b/debian/upstream/signing-key.asc @@ -0,0 +1,292 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.22 (GNU/Linux) + +mQGNBEoycP0BDACzL8ymURD7gnaNbGx2VGieNQr/gNISWhqgHaeUxuSkrInxl89A +ClvN7DoF2cD7slEqIMQh/8t6xVzmh9teu5uyeV1eyG/CuFMUqawXqpn/sYa2SkgX +C/qHB2hIbFg2K4k5LJHxzqHb1OdtOcU6lHg9yrvYcoO+FTVR+rYaVgYbbbziTB/v +hAAzvdTdgwMgoQMSXA7FsJ0mALny4IeiCoi6S6qRVDm4zcu11UFT9g1VmhmeHqtU +SQso72bPKKhYvu7ZaQrLhkvY9inWr6m9dxV8Zgb1ivZGhzsNzrhGAsz9jmiB5POF +Mfph0hREMiS33ph/YMJducGQHYGEza9mKBdUaaAAEL3fCpde7vRa+c5Gc/Y5RUB7 +iUsb2KQY+7xTiSUnCHbsMwhndG0dJspVXcz6X+2S3Ty4GaiqkvxI9KLiwiECNl0I +oLX5s/FIW6KW+GnxJTp/3h6vvqm8i0+yIwk+ETM4XfhHMwuPkDyf6km1ag3nIUw6 +pSSfnQMPhj5rXIMAEQEAAbQwQW5kcmVhcyBTdGVmZmVuIDxhbmRyZWFzLnN0ZWZm +ZW5Ac3Ryb25nc3dhbi5vcmc+iEYEEBECAAYFAkpF88QACgkQF3q9fEkqhHAu/gCe +MK30wjslGbZNWhwDqIw9eP35/gUAmwQGDq3htgY+Janap6FB1iEG5hGViEYEEBEC +AAYFAkpHR54ACgkQrtMaUngdkk4avACfaY1gM5ZJ034lBf2DeFArc34SttkAn1cZ +qX+njDSiAOOU0MZmvYdT81F8iEYEEBECAAYFAkpHXHEACgkQSRB4xVHMaXQWCgCe +IkdHv7Ya4QQzkmY9X0w8fkQriBQAn1CLpqfZR6S5loW6ZQzYys63cZ7ZiEYEEBEC +AAYFAkpHlEgACgkQbJa6vxmEnbA2iQCdE6UIz6Fymm3SYTXyjFFufgHWTp4AnRuu +qBFHHCSfQMBk5usCUfYkMHJpiEYEEBECAAYFAkpHlFEACgkQ1jbYdc10LeSyqACg +iXy5VKGWmEzfZN/PZgizgVkQg6oAmQHw1lZhb2V3WYdVZsrSmZoVO0rhiEYEEBEC +AAYFAkpHwBYACgkQ7LZ5x4fpqr7hoACgkP2Yg4hx0OOaYQ/+Q5F/iy/dGToAoIrz +JZFlvr1xvxMwgCaY1v6tzGnsiEYEEBECAAYFAkpH2FEACgkQxIHfCcnL5ACRqwCg +tkAdtC4t8PuIzFPUqGRasGMtKmgAn0HGo8mJtoV5AK+uj3YBYyyJRcxviEYEEBEC +AAYFAkpIuAcACgkQO46kH4L2EkBRfgCeMhOEdYE/w8WRYq1S6bCYFzOldNUAnAgb +vQ/OWvxLk+u8bUxe+BbUqkE0iEYEEBECAAYFAkpJEUYACgkQ+bsc/f29F/IMJQCe +LtrPDs0Wo3AGvcbTHoZPtHzLaJQAnjGY5/j6SX+XIW/dSgdNY04zVZwriEYEEBEC +AAYFAkpJFGcACgkQVzc9bUjjZszelgCfYGkK5rcRY548yybHJ7DVeGpp3CkAn0zY +q1UGOhWKVfCxuFkLfyoNSZS3iEYEEBECAAYFAkpJIHoACgkQadKmHeJj/NRjygCg +l9TQykiqtpndMUR5OpZqVgSbNjIAn2KZ4kdlb8lUeITgJsIbpK0TNPimiEYEEBEC +AAYFAkpJKo0ACgkQjh6iDnpWUB0HvQCgtcEat8Ku0Zccm/k2jBv5SWWD6JgAnjDu +ujKedxSBSgohQAd1mXHmtraviEYEEBECAAYFAkpKf/UACgkQryDNjGqAEEE1rwCe +MbE9awFSsAEaj6XGJ8UaxbCHyJgAoK3xbaGBoFGr5Um4o1PqV2gtC3tniEYEEBEC +AAYFAkpKr94ACgkQR7UWzzhrTL9WVQCgtvTMa2R7cfx0onbtBQgGkr75gtIAoN08 +gdOYBnh8LGV0irHbfb9hS8WPiEYEEBECAAYFAkpLDLMACgkQzWRwz0BT686RugCd +Eloj9w9L9nTyR/BwQ7uNQ/Gr8OQAn3UsjIpEazjP2jjwmJQTngElLLEsiEYEEBEC +AAYFAkpLLa0ACgkQeQ6MlGH/2qsrKACeLmabelozki4nGHzvJQN1IRnGmBIAnj4Z +alB1OEEsgg6ttnzT/UQptSQsiEYEEBECAAYFAkpLLoQACgkQvl+ScPvxHiIPVQCg +mZxoWebrJgp8e0UFLnFrQapwXxoAn3uwfpLI0Q94TRQQ/WN1oClop3XtiEYEEBEC +AAYFAkpLRGQACgkQKzt+ucU7M5im5wCeIkCFuNa+Ij771y0ZhbwbXyhZ48AAnRTz +rXuClmAqNjG2pJjXGUwS4fwpiEYEEBECAAYFAkpLbsUACgkQowczOzpadH+cpwCd +GEbDhuqigR/xldG9A787gKQWuwEAn1vhGKiS48GokSVREMhD/6RzYMM6iEYEEBEC +AAYFAkpL894ACgkQecnFg9AIQHJX4wCfbZ24TRoj8jARaent8puW/7VwzjkAn1B6 +IygDxuiJyzaTjMc3qeEl4NKliEYEEBECAAYFAkpMErwACgkQiqNir+lyMs0TLwCg +nfpQZORxoKNdzF3rb0yM2oDA5hsAn2yW05EBb2w8rpot65E6iiuwg1JfiEYEEBEC +AAYFAkpMEsEACgkQp99YcnDUTCPHDwCZAfHNU/2nMW116z9cKiM5LtYiUvMAoIKy ++T0mJT11yFePg9y7rY/5WCkHiEYEEBECAAYFAkpMEsQACgkQ4gEcJ5SEGX4B7QCf +ZmDVDP+RfLV9B+rL/MV6/TMXFLoAoLjznB/JN10JfN/u5IZWCi+dqsJtiEYEEBEC +AAYFAkpMicIACgkQsta551Pt/1VIgwCgnUQFiZ9N4qbhqOiQzfPCnSB/hnsAoIhq +ukM9rO0RH1ikGd4VQz0cIgatiEYEEBECAAYFAkpMnwsACgkQN8SUWat0lhnoRwCg +p+qTCC79bMlilGKfLYV7Oa6t47MAoIfpyNnCXMNZdSIUdLRiZPE6Ck/NiEYEEBEC +AAYFAkpM6UgACgkQaT2DDHtihbfIPwCfbeX7jAuzbiKq5XtuDE1OjNh68cAAoLOh +3nXliAm79mFgbXl8OXOZinThiEYEEBECAAYFAkpPKEQACgkQdns1tqFIBbkNfACd +HzblbPJ2vDdm0ya2Ksccwn9u5GcAoJzzX8AULChnHmBqrc8kphR4oRB2iEYEEBEC +AAYFAkpRzYEACgkQ6aFpZ+X9qBIKbgCgiDp8DUKtkxOcwoC2z04seh2FwM0AnRmG +B/h118ajrYsRglYjT3nkjzTIiEYEEBECAAYFAkpSIt4ACgkQ1R6CjUnlJYMh8ACb +BA4fUWIRHZSAz4nAFrXAzKQCnJoAnRxWq3sHkP03qzpZyOIBkeNfKwzkiEYEEBEC +AAYFAkpSPaUACgkQPzXj4jNu7sQ4mgCfTwP/zE3chyiYXpuV73jrRRGhIKYAnRUF +jjxLvplfo5moUMR2QiK47ga8iEYEEBECAAYFAkpSW2sACgkQ9/DnDzB9Vu2jGQCe +MuugKHBTV07TW/+ChrTGk9lxOlgAn0KOdNP3CbTngoklhrCD6OVeO1YziEYEEBEC +AAYFAkpU/y8ACgkQ+hT4QImNDmpfGwCeP4wasOPdWp/ZYd+50YirQtogjDoAn04n +T+MiIMh9aiQ5naOvg/veZ8oyiEYEEBECAAYFAkpXHsYACgkQbj3LoLfDuD9cPACg +y2iM7gVr7z4gRJoEqqHIFl0g8y0AoOUC5MOQP43Apr2vO1iSrsOZgZ7UiEYEEBEC +AAYFAkpYhioACgkQEAHIxXV27I9v4ACfXnb16A79Hpg4+6Hb41CyRVl/xBEAniIU +npMD0UdFUpP+pxDWC+Kq+aJLiEYEEBECAAYFAkpZg+oACgkQOx7JtKW5uMsdmwCg +uQPIL1vZ8RVXYlBIA2pzfOOX1roAn240p5krhDUp79Xh0wEVbh2P8qB4iEYEEBEC +AAYFAkpdjx4ACgkQls7o9YEjUnrzjwCeLqBpBk4/1Jamy3LadIeGwPxOeEIAoNDI +tPbpm73wu6JmccRzeSOzHqUniEYEEBECAAYFAkpdzc8ACgkQVkEm8inxm9EIbQCf +RxHhOqSSLkpENJWRBy0waV91v/kAnR2lEeiMPOQ4NtkiQZ+0tar/HHO2iEYEEBEC +AAYFAkpjcCEACgkQbR36slPFltjkYwCeMhatLo23Qo2diWftXI8U+c400jgAn2Ym +TTJqGj7GLCYmBA/edCwu9T6WiEYEEBECAAYFAkpm9OMACgkQXjCu8kSU1W2K0ACa +A6cVaqZpOCdQk8cYUIO4NZYA2FcAn3m9tqEZ2BDMWPZg4uiIIsD4zK8tiEYEEBEC +AAYFAkpzavAACgkQEF0sD5X3mmquSgCg1zHjdAKxf1WbfV2TVfBgVDT2/XEAoOrE +KJrkjfzB7QuaDg7lfAWWva92iEYEEBECAAYFAkqDIqYACgkQ9D4zU/gevQPkagCg +wiYyNlH/F2+lNMVHlqb1hvon84wAn3Wc+QhEr/WcR10pSqIWw+Hin5vCiEYEExEC +AAYFAkpGjCgACgkQePhWFewOlUwncwCgmhwsGQ/+AqmIAPDmWv29NkMwvq0AnAy9 +wvRuZicC1AKliorx2MBVxgD4iEYEExECAAYFAkpHLxgACgkQO7/Pd72LBQ1xvQCe +P8yw0EU2sFi+uqb+Q5tnfXQjntEAoKdCMeKRmBKWUcB3FaW2XzYMPrRWiEYEExEC +AAYFAkpHaKYACgkQcVwuIf1YDMADCwCfbGeq2p2km6QULrgsRZCE3r/TKPwAnRui +4QT5LVCok1JfVxniy4ejpPS7iEYEExECAAYFAkpKkLQACgkQrpwLPnGbxnuU4wCg +jqJR1B+O5NrSYTgEJy3zT5mwnKEAn022uXzOocJyFfh3oOHuFuexM9/7iEYEExEC +AAYFAkpNCFkACgkQL5UVCKrmAi6I/wCfUP4cGY27+mP1AqLsGZnU4bVtEdQAoIit +ueT0lAg1skwv2h1vldV0cfyoiEYEExECAAYFAkpNUAQACgkQtfXMjywV26BLWQCg +r0yk6lOtO5fKGLbjxFCCVUG2bckAoLgO+0Nuzwb6vpyC1K1OEuhIEJTgiEYEExEC +AAYFAkp8YgoACgkQ26aJnILW8pa9LgCfTN/s9d8BH+mke5x0vEd0XTbIFgQAn0bJ +X7dfPPi/75gA09tlyH07U3WBiEYEExECAAYFAkqAZyMACgkQyoukcaP2scQE4QCe +OcULnUE4fftMmo79HAS0k7tsN3YAnA6tUWnIg9dBCfjbGSORVRRpa6vSiFYEExEK +AAYFAkpFO5sACgkQGOp6XeD8cQ1KWADfRbqErKPsEIVI4IiNTJ+FDQ4oStxUwMYV +KQQweADeKEegvlBzGL7eWlcK8ZgHx7QWV9giHsKSdQIZa4hWBBMRCwAGBQJKRy8y +AAoJEOasLSK2aDBATmwA3jh9KHEYVx0jvIzKAr18Y9ocCxlc3cN7ykEnLcYA33FH +VAkmGAWUbkvld/VWkgQbeEj/oJlFwT4Flm6IdAQSEQIANAUCSkeAXy0aaHR0cDov +L3d3dy5hMnguY2gvZGUva29udGFrdC9wZ3AtcG9saWN5Lmh0bWwACgkQVtUpPsl6 +BlTzFACgxDfPHvU2uKpo/Trfl3CcY0/kt90AoOtNtHOhcHwV+FiDz5Yr+97ia39y +iJwEEAECAAYFAkpI+XAACgkQO30BxOBIP8WV4QP9Gtb/JYUSpina9+fYFYt9DWmQ +2LQJgkouQwhYrZt8+B20xAKc26xBRB39NK5c7vEqvSyJsc67tNkIR4Plp+HSCB/h +PSY+h63CKZbl0W7u+4MxcIl98rHaMEnf6eRzXyNzYR6h855xHqClEXkwFVXXOiAj +aXTvLIkdvol308SIad+InAQQAQIABgUCSkoQygAKCRDWGw5zQJlTWQ17BAC7Cw5h +yA53oNiWjMJl42xyiLX4XLcR+g/FEtvzpctE4dS/JOkzIk2Y14Zydar6QGIBCVcX +I58fswKQewfRdZPQLIUNuZex13dY2qId0dOSruJhj2uM7R0f64kJW1u6AtFhcVky +uNQyH2jY5TJpS113Yd/cizN0k3Uawpg90I26nYkBCwQTEQIAywUCSkYcNFwUgAAA +AAAaADltaWNoYWVsamdydWJlckBmYXN0bWFpbC5mbWh0dHA6Ly9taWNoYWVsamdy +dWJlci5mYXN0bWFpbC5mbS9DOTIwQTEyNC1MVDA5Lm5vdGVzLmFzY2caaHR0cDov +L21pY2hhZWxqZ3J1YmVyLmZhc3RtYWlsLmZtLzYyODhiZjkyOTY0YmEyYWVkMDk5 +YTVhMjBkNmRhNzczMDcyNzAzMzg2MzBiZjIxZmRmYjI1MGVmYzhiZDgyNTYuYXNj +AAoJEKyCSx/JIKEkUPIAnjIyTwvNmZ1DmuTuxgzQPSrRvaAYAJ9Qn3DR07NGciAK +4mf/2Itux9jPDYkBDAQTEQIAzAUCSkYSsl0UgAAAAAAbADlncnViZXJAbWF0aC50 +dS1jbGF1c3RoYWwuZGVodHRwOi8vbWljaGFlbGpncnViZXIuZmFzdG1haWwuZm0v +N0Y3M0Q5Q0MtTFQwOS5ub3Rlcy5hc2NnGmh0dHA6Ly9taWNoYWVsamdydWJlci5m +YXN0bWFpbC5mbS80YTE3NjFhMTkxY2RhYzU2ZWM4MTYyNGE2MTg5ZDQ5YjhlOTgx +YTlmMWUzZjg1ZjI1OTM5ZWNhYThjMGVlNWVhLmFzYwAKCRCtG95Wf3PZzIS+AJ9R +L44Uig1ZdaeXRXl+nOgf4avrfwCcCyfw+nrw6iV4/Gt8RBzbX9lmjZKJARwEEAEC +AAYFAkpHoBoACgkQjBSFwK87aXS6tQgAizuHDOgoFLnRrFAatCQK4nF2J2/nxrwE +L1dyV4hFKmQaNiULhVD64LHsJC9K9WNWrdWe3jSzZzIbPwGqqvi5F3YcieTLDbvM ++5zyX1w9276u1PQIxIJ8hirlh5TXuJhspFOLdDd8pLUpHGwKA5HzuZT1K6tN82J1 +SQ4lbqC5nmrNlOMloKkyce39ehdWVxmG0NxoN9qjv8QSY4ZhIkk1a29AYtQ3Em3p +oHn92rFgueKYPQDX1c7YMyas87lnsN0r/anB3orHGdk2KfefriGCLn1f1aSkYWvX +bFe8eP5SeI9E6GQgouklLDPuSswj6akOOWmcyZ+UKxhrqayxJByKZYkBHAQQAQIA +BgUCSkfANwAKCRDhksSyWuqYqX8+B/9uOJFH52T0yEuCAeoNYUUyNkPmw9d8llaI +hjhlDM1OpruR4Q9x2wF5+HFgdV/FnGbhviWQfiXzOoukJK4FuJyEoGPrBQH6tDIb +ztfWwFLh3zstkzn3i9ycqdujTXn8C5F4WeLZfw6o/Rm8J2ZTqeHONf6sdwpaLTwS +9RNoKcs22T81ndmM4Li/NKqO2c9pUP1ezRhBHu6rq9D8DZhCIvOB0fK47ruSa0hu +9ngMPW+tLIPZaN+ZI6RD/KzgpwIestX9n8sWY+EV4ScoSB4AWO/+VkmbLr0su88l +1ZcpMRsnwWPSbOhWhB5kwjgX3YgmA0mg6iO1Utlo2mCZSeE5+s1SiQEcBBABAgAG +BQJKXupgAAoJEBAa7p7BMvTDwhQIAKAKiFO85sFurP6KliGSLA0s4savHfXGHk/q +vzzICONh4plIN/nCk9EA26fONaCMohBM/MeeFI9tTDE90NshSzGl3YwCxpK0OaGb +qmpD+99xQ6FdqKyY9f/X4QZczPPS8mrZCWXkzvbo+20Jav3FzEkkAW8/1qJ8rwOi +Rzs/1m/Bq/zZnApppGcwMD5Mu57VJZB7xngADOBurRwseE2fcRZlKX/81pquX0hL +oJKQcggcgmbX/aTgRthrv52NdIwtRj1KVvmtdoiYV+OjzUbHKfjuPrKiAMQ9xknn +BUq/BT42k//AuoT5umuQh+j43MtkSJKNcsRJoJxShZv4hYzWe/OJARwEEAECAAYF +AkqRpeIACgkQTejfprp/Jq6jFAf8CZhiNE6WMuJfrDDag98AwkhxHhIn1VScpQKd +9cS/zz1Be98GEeHkVgEDvk6ZI3+SHhzNH0HBPb9jGJq8oymWGjuldBWZ6jYfMJOs +H5h+DWRVq9JWC6PJZvdcA45LuPvMS4QULOJblB8HkMOQ2Q4wX2Y54Lpxkjo9vLEY +340Ptq04/kMuq+1NQB5KUB5WgXnDMerj1VQr2crdfJPrIGgdS5YN2TWqNjVJMTFQ +IVnK0w/xEGGSGsCLw7qJhRL4y/A89NQ938oJV7Y2oEOaisd9i0ypz2dLMXRn6DDs +lmCvTcgaXWkyxxPxXxPrX4vFKuYLRtauKGR1nYrH3I4d592bnIkBPwQSAQIAKQUC +SkoDUSIaaHR0cDovL2RhdmlkLmJhZWhyZW5zLm5ldC9vcGVucGdwAAoJEIJVX55T +hvr4sf8H/1GfCCWxB7W8S9rTEPDi7VAuAyoG1uOmFeo0nQBF0ayXmiyF3u55DvWs +3bhA4xxuXsLt1HNigKMd5A0UpOUkXx/EjOFIO74wu6cQJjpynAwpVpRauam198lm +NcFYxe6FG81VIeLF+pGbi9g1FF2HpobpGhYJK9gArOIgJ1UipI1sCW+/psGCfh6c +3Q5tFoc1PfqQVmusM4QZEFGxhef6fE7h4oJPa11ePOIct0fvYNWEmFSx7GD1jeO9 +DDKE771zPeg7fyJkqgMCDDugtbAuP6jtmshWsqv3Fxu/mY7U9BDFTT/E8bgRbf+L +BMpQ7OQM2h6D62mlvo334aCT7c/+6CuJAbcEEwECACEFAkoycP0CGwMHCwkIBwMC +AQQVAggDBBYCAwECHgECF4AACgkQ30LBcLNNune3kAv+OteecYgcufwz2ubKh417 +slBQTkAZJXdQVpkeAeaNu8gcD51G+HUw+Ue5ZtpmQdU+1EW8W0SCSxz3jj5dwqg2 +gTEoYqvAtBxQTFSJDQjI3AfvS7t/W4U1xtjzk657kBLOb7ACe2eYiU2w34wd7BFY +Lp/qBifVofCy+HT1/PQDfi/3B22KbZ6T9WjF7cAgMjDYxM2bAXrWlcSysfTCpica +FgtntBu2GcOcdBpR3cg9Jrq4CA46IKgJsoK8/i7+JWbSuZc327Oab+LhjRwTcOik +ayqtHkN9ZgmOA/goEKWfQuBa1gjylxhyYDkT6X5+KM1wyJ23NYcxbYyPShlmw77C +VFRgsaH+NEBKCrute7FX6gYpwGfhGpIeVnn8FiW+jBTGc0ULi0suWd4eJ1LxO6uN +pwzd/BEw/k0yZxLl32xUsbW7GX7+DZxEy2mEeLOLP7v2MNz61LGpE7mWGrIi0APo +sLYbEHeILlp+czHj35hbOFRN4v8p+SsP3Df+fs7TSQu0iQIcBBABAgAGBQJKRRsb +AAoJEI6IlUTZhQANZ4UP/1z1R1UkXHBiT/SAO8hUK7zAQFbWoV6e5foS0muNAtgv +1NWlYgzTZw7UkVeUCxOuqS3hIbG6WuR0bcUqJvOwSfRy89Gcaes+7rGwnjrzb0so +pL2FejjW1uC5XhnwIJGM7iaDzlrDMhUFyyKP9R/ZBLoz0lVTC4DBn2mx/2NNancX +APhLTMiAKyBqarXvhe6lVtIQdobxwf8SfE/gWcUobC603/LGda4IBWJiPEpfN6dr +o0AI628AtjhrdRNgVAZpLPbVSHoBUwaemNk1rgNDVW2f3WMdfDUUCQd10Rq990ry +F/Na+0bxQgm37BXMRfexU7pd9b/vV9BA3eZN/kP5JGqz+16BrK7iDapvNB2bPttx +GvF/GgQa9Oz4gR8deAoaYiHnT27trc/G6S+HwiBRnX+w7JLU+VptiHY33AWd9zJH +aMMXFmSol34Bywe1HIBb+tv1dwnuCkXVY6lqSVAfQd3waBqn2KQ6S+2qca7sT7pC +DN8ZAcM0ugPxCP2G87hq98dXNtEWkvD3RN5iEypwPYLzVLetDtUgrOnYdMkPNOzh +Hz4Dc4Q6bSyKWxm23ykczcwj5iyvIF11r5Uow0CkriqsmUWUKyxz1hnKdeBw54qO +EsjGAhWkDzPIeo1hTofK1XQUsHLMD7TMGWSh9y7bPF/8VdrA/KtDzlpOVjFJgPrT +iQIcBBABAgAGBQJKR+aXAAoJEKc+AFVVj7jdI2kP/A0g9ef142XmMPNZ9NyBJXKO +g56L2+/g3o4HAmGkW16Ftini4VURnaPzqZRraDvBBq2ztqqYdYP+pkY6zLSq1jWv +v63dd6hIHa9kTWUXM3HvN2xW+V8DQdJXCVnT0d7PxN7BfdCk+ITts7ZdcB1PVblT +IH2ZC3yTReWMbwF+/rZAA9Q3z8h0cIdwXNxiPCqeF4JyZmH0IZiZ/Kq+YR29hvQR +TdaeZyvTW+QgL/rkWh/WnJjoc4w8djTKQDXc7bzVzCxH2cJLDK5E7Ge3CO4pILNf +1nZ9X29XR5wFYXHGcjEpjFq1Bn0phR8LIdxZskdhl+Vk5cHQP3rcIFFpBLv7FKfz +b72YWFUmycnNg8YvaS2PwQf1VDshlhip1Eyhjzlm0Fh6Ead0gReRLydBVUX60Ph1 +GpvEBmHcCW9LFptb+D9tSG2c0yk5mGjId33p2Sd8VHar6L1S4g9xO5bznYn3HItS +W/yv4VbBxVQ2Idg7PLfywSVRmG1FR3/IczYRFGtyhYVXEAr56oHwQ9/XPv/ruDjT +wmMqJWeGwCPO8LNPj7cw2viHs1/eoR8lUNTLAmkJFh9ID5Z4vYYAt/2/Red8G4OH +qzYF3jQATsyKPvb1nqBmxPvQaKgUwyEYxJLYtpjGV7I3/W9gVGCucLgi+k7QHR8d +IwwDDB6bv9/swM6L6owniQIcBBABAgAGBQJKSQ6LAAoJEMamgupjyC8cAzUP/0pf +AfL9aamv2MMA1+b39K5AgtMMKT0owTrY39X8a+g1Gi6w97Ac68cr3Bu3jP4gXkAV +s6jhMC4fSwX15jkEeywtKhKqdzUrCkHgy5VQEiNJepzRH55q/UNlerYK0uL3Xc/x +impeShraeJ+YHKb55jRYr+ukZKkkt/jXJmQg+VcIauCiIw9s6JY11XI5FU3d82W4 +XRYF838MSHW/q40g72Xb+u1cMRYJ6zxqJOEFJLwtKgG6BwoiN6kGQ2lyeMVDqJ2Q +jvVfpZE4yiUlfSn6tx/7FG0OgTdqzvS93FkhJkw29dvZ5SEUFv5tqeg3PX0zSDNu +zTQ7i4LSxmhoTuf/mUWbgd5SXABWA7yW5ZKfch9JN0sW0UYDlqmIjbvmeWBGUzbE +sxZT6x5g5DsTKRi0UJSSzZZOhTEyAFgxtZpvaKMJga9IUCFf3nlkmb8b0Y8+kgay +iIKm/HxGnYjjNs3bX7f1QqPTizsPx8K4YW588HpgR+f4dja9nkb8SSBw5P5oaadf +yYBDoP1IE7FOQ75nXOxjYuqyOQz6zVT0jfcDw5VhGK0BW9+M0Fsv4ad5kvjeJb5V +NoY/uQdaeuSJkX+TAvQ5l9sAIvJSz6/ytDFt09loVyDpRQK/Wx6qGe0aqhJLb3Av +Pz2TL5YbsgC4gZrx3u2PoeaoEKQ+Z60Km0MJKpNuiQIcBBABAgAGBQJKTJK1AAoJ +EOc596WBW0pqWo8P/iezz8v39iD35EhsTAE0RB4DbULvvXU/EW+iIZo7mS3Gretz +269tBZWJeNw4wvH+U+E7JGg9dxq+D68f6K5AFMytZpbeWc5jiFwe7n2PF64kuV/9 +qw1mV6bt0MPbIYn98DRMvEphC2BvVE4z7omw2UapOUvKrOB/56p8G0zm84Nr/axl +B5TznxzP6Xs5lBmT4MqXVx0wPEkhMEJTAhqKYt94faoknhRcnL4Oj+weTeyOSwHI +2aC7xj6wAdb+PXWih6qzCFDFiC5Jn+V0qo3D3XPGZ5jOQM0fsr8FDH6qEfWQiH6e +4iknnNYH1LNarfTsi742mcucRbwWGKa9ZUiIGvnMr0E9pn2pZrvpAe+NfNUG7kNP +l5A1I9rE8Da9MH6XqFhymB4xxAC0XIb/bKQJ/MnOAxWQPD553WJH71bqdetrR4Uw +1M2BErrgi7w+RDK+l3z9bErCRHMtXhGY382F2jtooxGps3SXQAwycIdFQSXKmtN5 +qZ1P73DNnHdozPwbvxHbldiYufIVHqzLhPKMRISQVtZM3czfKmPeGNb4Q8r8yBOw ++2wcy2EJAbACcyXPWboowtVvqdb37AiTciyi6Ua/Q0kPBGD/bewucXXWxuD5H2Ax +l/a3pxUm72BINNP0ptlinWwHu0e0c3zlNdsipoNTVN7tj9iISwWmyqUOY6kQiQIc +BBABAgAGBQJKUc2OAAoJEGacjiM+Hv8PN/0P/RACW24ojji9K2kUqvRCeBzA2SgW +fX3KasRWOZB2Z29pgbOZ5+ZVcyqf5P3tEojOvR9oYx7OllK4Yp90jzx0TyHa5iQQ +9NNJm464duYkMD9cemAh0HgLNxoZzmFGTPaOCoq19vdoq1lkilWvGappXjXXYtiR +3Frmpm9G0TR0Knmi1Ah+66G/nIzeoNeIjaHZKKStu1Y3Gy/XuZDG/CsribuX6L2T +2/dBtnCEIyrX7XV2BXosuua6h4KgAKfespv06gzATHxotXN6wAHzq8fkwJNY4Y7U +qYtKwG2TX31I0DsCV76ymp2hQ7iCgbZ0LggRwp1fSq2Nh/+4UBh06TV1TmVEWoEd +plAnG8ynfOwJBjaGUodgseLzoM1srnR7H3cTFlUNi65UiHevZGxAMe2zKUUsV88k +PR4vzaP3hxfuv1xTFuxioxisJSoFwpsVVkffYFyKhqXjYzlCjWg7WAufDsSyXpS3 +slWD5hICcJRtpuW/mBObrNLHKqL6hK3x1GlV7QqUEvmwZU2drjlaEDOp2E55NBYJ +LedXbbmGemDbXejbjHsXG33/ffVfzFIjJ9qdFkoGLVRGIQaZv+zRlkzmQH5mFZV4 +KUxOAYmoAsR1xngXj4Rk1J3NTiAksxC9IWtL9rmBGHObp7nqx2U6MVPFfjis+wYW +TRsbHI8M0lABCYLSiQIcBBABCAAGBQJKbLe8AAoJEE5uQpnq57CtVpQP/3xuYUpU +dw4CLyxStlO1mBqfXyInpADS14QSAEs9ZaZedyNswJ5g6LLFiahmPfffD1CZbRlF +ZqyfwnSnUHdOdPg+o/nVTBrFYfgwBqg+B5gdnNzG1WZejCDc1K365YDJIbfrIFm9 +cNW33OgAq0AADpXw10hd49PCOHj5b+HF0NX17eVWDnu3yITybgnfllHqkn8lAM4p +vgIeFwGV79TaelagBKuxa74PBPjTA7xjzDI4wYy1EUijNkDpQTOk/5ofHsmomcI1 +H4K74JJHuh8vJgjYrg+FD7yI7YhcxLEkDqKMVURf2q7pE7Y7MCv3qVRe3QlLl+rx +vTNaxOcC2GSs1XXiWabwa8Bhl/R01QRg5Ph536ihxd9qhhisrW+C5ODq1Cd7n9wB +xIZhJgt2CIX5gpeWc23i5riMbKF7kdzyzA/bdHgD7lOFMVBZ7A+TrYclCbeY1F+Q +c1Ybp7W4qeasaQcDrhk0Lmd2n7e/FJvxF4oIeETPFN5+0jYWuIwQvxnh2fHRoI8x +DZ5Zf29tAfy2mCABa9edAGv/ZqL1TpmdyDDxffkj7gwc8Y34kNK4L4j/TF2Q7rSc +pfbHpFe9eIpJJVLaK6td0p4Gme3AHydhLwPWGEe3SZWrLZqEQuDuC7zbD3mb3/zY +Jrx85bmBxV93eSac38iKaiTG7c9Ccce5jP4/iQIcBBABCAAGBQJKiSdzAAoJEMBk +12wn2FYBlVoQAJ5RmoS3YB4kzOp2GWXwMB6WBUQM3fBuGen8TLwSgIijV2ml4rp2 +hG7KWA429jTN5vlvbXZBXHlSbzzXf6HVNFtiFUNif6uBRNPV94XMcSYT0YnypT4d +3/9Q8vauCeTs7dEIWQLNKsw2DflarPLVW7FWCzq3oH9KCTi7gF9149zPHzLfXkdE +AYAVLZqLL7ZrMLz4xZqhaAVJAnC7ATH8qPiF94XnxLWA+MfrPTdLaAMhZvT3sxOt +pU/ovwI13xJtaWOzmP4tcUyqU84Ju3MvtQjQsjTFLrqHU2sfWt6w3BE6Et/hz6wu +7FIFqi4rr5PUZdtKBoUmn7hYHior28UTtzZ1Vlx1IlIxHXiQjRAM79cdsnrNykdW +4Nxppoiv+2Ds6piRLRA6bsHeORKKHgAALhhuQLNKW3hwZ7crLsAbV99tT3CpqIZQ +ltfoIE8TYJWvpVVyBI3suR+qJvqeQBffNJYhZzHLNYdQzmrfRM5iaY3eltkx4F5d +5Iak/H87NBr4nBNl04hZJKunIO41ODun+qPMn6TfmLfagHLTzRSD95WUs6XGBME3 +v+L21o336sCVV86eGo44bmuR2GLlH7UWN3suikU2HRMKaGdLTMomGmUztJQWZUAP +3ZthSbLTa9gVLpJe4BzO9f2mveFBGCAV0Xls+EsUrSmT2TXhL6WHa1ihiQIcBBIB +CgAGBQJKT2MTAAoJEPU2qnARHVcWLNcP/2JAi3Tvnc+lLGAcGCdzRVf/w9WYeplC +kyD78s/tTedG7BVFi8lUOmAz9oTQaDQh4felYXXTHSetavfcnY02w8VqtNcpTNGa +m3R+K5CYH7UTRFvM1q8aUQ29eD7Pgr12I7IQq6d9Qe3bVbe6at/DuK+39+HcbQ3b +dAGkc4kuAPuSrxVbvwY/XUuiMhjqG5goohaFp3ug1gl5XWEDJes+nf+MRil5JYSg +MxdQsiPiAOqUREOf9RaJ+vLFaNiFZ00h6H+qtD5DM0wY1uT+OLaG7wo7z1cgkrti +k5RxehrgbGo5u9FUtVlb3wg6MzLA0LmD/v0H6q8qxbw5VGjXLypuN+JYMRGpLfnU +GqshkgeV1rKxsaacXQpSpqEFaK6PGPA1gv2VFks0vRqYy9qs9TWGbQ7SUCD6ECEm +3Ud3Fl1f5bCFeN9glKKMunqbh+uYdq1dR8kI11eKlp3nsmo7WvtrpeHdQlgLBfCY +Or6FU0czD1kNFgT3LS2ADITgRGph3InuP2xkLMFquVBEhikX4J3oqumCsO/G8ggg +CG3FQaEKoUaO+dErKmK9WSL7FWPAQeMHtvwerraESgZE5KHNEGmG6BeZMAzHHiom +LbYX4GaZfMnEMTGc8qzZ6kgqxMgLI9onk0h98Eo8xOAISkGsuAnj9skupdEhvQvN +9lp7u+VgCiWMiQIcBBMBCAAGBQJKUlPwAAoJEKwwh5qrVbMSo48QAIb58aQB0y2s +zEn05GgENs1ojmffiXYJFHhgLO4PVwXtTAho85TmkN2aX2nyUKO9659+lgzRKNYI +b/GnonUnu3c27ccKt5RLpxdQXD7WgD6MnvahtQoz+dEJvvG1LF9b3HAK9d0KSdLN +oHxsX7FWSGJ0GMsjo6Bc4Z87I0LekUnKKa89xu6aDViZDhgzowlu2bqSNmqduyme +oTZKaC3wt0EJEzdHKzEi5NXLwc7ucxGou8TypZzV6O4J3QRLgJauZFGL040MnQwf +Isv3NBiCv1+k//nEUvQCFFEtCDTAyp62jT7MZ9SpKuZ3IgLxhIB61QCxjvcdOsLM +WEIMtizW867clb6KFaxJjSoU06jgr6x2Rp8r/Gk7zmtHOtOOCDg7S153MLGdoHKL +ZeGewQZlwL9QesdCkWMXJIz1yyWbVm6LBQAOIHj8SsxrX27XoVmG1onBtohLfZU0 +uXipjq7PNjrewnXhbtkLzjFHJOXCuSmDyzP77yh9KdsfJQVJwAe0MqxMGwpZT35F +hq0E6YHTU2KQoBJ7dToooQebKryMtwVbYNYWfOgYr+SGRxilBdMgFEn7F1hNDBxg +cc1ZOeH6lrFFN3s298dzjsPfuaq38udby+yniVPaWDw4cP9ZeVF7MN04C6ERCiEZ +bfCmuqBOg2nk2oyBhLuaqpKWgzmR/ytniEYEEBECAAYFAkpe7I8ACgkQR2BKbzEc +4IXowwCfaFz/ArLz4JlmVFIsOEseWH0sNAYAn0OU+bj11gvVjsROncfcJmWHMR8t +iQIcBBMBCAAGBQJTWmj7AAoJEHZf4mxrRnWE84sP/icjT5xJ2iVQOuWi5UK5y9s7 +sXcF7eUM5J7KWj3035f3CAweVgBSH6LPa8pPb+/Rmur5S8/NbcU0g2HB9on1i9qa +7Linh0rcBpase7w4zZ+4RFgIhHO6pC6sylWwpZXgQRc9FsVwHAHJYKUuxur1jmVL +PyiNuC5aubtZQlgJEYwFczesb3v8ziwBBewRNA4gUmY+hubSfd8w1b/ImPQx1s5K +s01jDL1xzY3NNYm01HzWBL9ZNli1SRgKVBkRzam35LfGTc78OvNrlk6Ov1Eny7Up +S9XkAbgvbm5cGRllL+hXJebXXXM9/RM4Kg3l00dnQtdCa5PPtwNHNIpJJhI9GQk1 +iEm2hPXriVdLFFX5fjYuimxrVr5igmgzNgNVYWMxLCKK04pKuELIlRrCuUkYSdKs +SGwX7mFIJhxfWG4sQRzB7LHLeabS27merpavB9OxCkNXXVq4r/SzXYFnxbVwVOKj +cxrakrPo/lgNpDHFeD0AXDeRhnKnrh78/72Oj/Ov11oXvzNIjmuEohuHO6Y05OHw +FSRYBnk5P6XwJYAwj4c1cP0r8wz2PmyETbfE+IeHANzGW0K2u/USBDQVcpsA1hSr +LmgORXv2p9ap3z9IsRfGIicndzCruE+rNqXUV8iHs7PAJhnBEuxoNdGz+vO/6M2V +UY5jqhWWQ0TLW0YENpgUuQMNBEqM4cMQDADF2HxbuP9CETcpk2Ykawr9C0nvbNlE +ZFx1Q8foYb/8ZoAbmFIKMzyr7QxH8b7fW6TfZFvNEiPWwdDx9jTOfE+Zp4PXCjDS +EJsNOr4Sncryi5qqiqOU/it34j3g63E19eCaWV/sEM5nqUjBRjxtrxwUI9iy/xm9 +FejzZd/AVh69D2RMuqQlPnaYzI9kvBjHgM3C6oW1BAQEsqAhVdWCkrpITvYwU/y/ +IWx2svQ5GDGhYjo8gduchFjUqJZTM5KuqKtlQcf0w+7MW4FHT6MQBqN4qjHJyfQg +sszk8EAQVcWAF2000K2yF7V9Hlo+xdwZmxlGNzuZsActGpqlWGTuhffVasaoYeRI +z8YCd/doDOycKQ7n5ON7aLK6gbk6FBsey8wE6129CvCeiuXnoSC7O4rWYYOxzM2y +4BhFwqJqwJamyOjK0Mf50YRCYpfJ0P2vTpzE/H6ZaZYoujjD6TiYwLSUVFgqLzdz +BOloykc55bj7d3W0l+QJDL6+NTPhpkn9ZJcAAwUMAKqZ5cACXtayweSNVn+/BB8c +sc0xmwYQS5y9Xso2owXgV7qdFtsToYk67Pq1p4WQkimkGpXGFI06x/myg5d8anQi +BigLfsY8joABvhScbkZVxoAxABdRhzB8MYa5X8Q7mk+sTI+PL74a+OHFwpXceZS4 +B9yDKFMaEM5U/FTbxGjPf7wSKDTzm/6XKoCyAV24Gt/5lX6UeMg5JdJaZOJPwRVI +Dd+k3Xj+qGW252F0Yhn+kJbfTcf0F31zhRz07NiFGvVWk7qWlh9MU17LwpAvjP0q +O3RE+xzPaFgM4nVxMVaz/hn72YEk4PCuciI5EuWBXY2U/kRljgxxxUV30rsT849B +23dS/r7oGNhGe1jvCxfrXtPlGaPyfoCFumeCZaDYPrBF+btPIjRa3PmJwKgkgQdD +AH/cSEHNCXu0FzRwKXAJibudNhG35Iva1/KVbL0t5qKX5rIzrPAxbSSVXjYTi7wM +LL9omvCYSJXC7AZtcvrPjoz0RmC6h/fwxMSYuweWz4kBnwQYAQIACQUCSozhwwIb +DAAKCRDfQsFws026d98GC/9v+/d5ChlNaA4HkydeEiuD8qKRhNhucQb3BYztchJP +xuk/t/9QrIPjgIJUkftJVMYBd7KOCWe5hfLgXBpN0WabpqVbSwKniueYAOLkEsvN +CUJRrknSJn6gBmcAfrQF7NQz4JjP9AFbc0mY/ffbc94zgfgxnS8u/fCBouQWVor9 +4BIGgLsq5lYCe+w050tDb0vgFiBbYnCTX4/GzONPfr0OwxRjeJjqAz2szvUCN3zH +3yF3Wvbosgsae0AQRfGz7XcqRrsngYKp/z8n1lHTV0OnxAz4z0QcUue2GkDJS5Je +blCWCVq+d/u1ToADRIW4DSk/kJdUsbUMtPV8m806qN3M+x+7/jwAzYunGPSAq3XI +NBzz3QbHCc4vWJnr5cyH3+6NbLtDt0jgzaa2HBgVeV1as9IKYxOhZ+XrYHE91jkU +gQJd5HBMg72wjQtBVzZ4AbyUOyB7TmrWckXGj1Yqvt7AB0Vv98wivtczCgyPZJBL +L+1lUIGcNdHkbDkdLFGcgBI= +=oXqN +-----END PGP PUBLIC KEY BLOCK----- diff --git a/debian/usr.lib.ipsec.charon b/debian/usr.lib.ipsec.charon new file mode 100644 index 000000000..de110d837 --- /dev/null +++ b/debian/usr.lib.ipsec.charon @@ -0,0 +1,73 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2016 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# Author: Jonathan Davies <jonathan.davies@canonical.com> +# Ryan Harper <ryan.harper@canonical.com> +# +# ------------------------------------------------------------------ + +#include <tunables/global> + +/usr/lib/ipsec/charon flags=(attach_disconnected) { + #include <abstractions/base> + #include <abstractions/nameservice> + #include <abstractions/authentication> + #include <abstractions/openssl> + #include <abstractions/p11-kit> + + capability ipc_lock, + capability net_admin, + capability net_raw, + + # allow priv dropping (LP: #1333655) + capability chown, + capability setgid, + capability setuid, + + # libcharon-extra-plugins: xauth-pam + capability audit_write, + + # libstrongswan-standard-plugins: agent + capability dac_override, + + network, + network raw, + + /{,usr/}bin/dash rmPUx, + + # libcharon-extra-plugins: kernel-libipsec + /dev/net/tun rw, + + /etc/ipsec.conf r, + /etc/ipsec.secrets r, + /etc/ipsec.*.secrets r, + /etc/ipsec.d/ r, + /etc/ipsec.d/** r, + /etc/ipsec.d/crls/* rw, + /etc/opensc/opensc.conf r, + /etc/strongswan.conf r, + /etc/strongswan.d/ r, + /etc/strongswan.d/** r, + /etc/tnc_config r, + + /proc/sys/net/core/xfrm_acq_expires w, + + /run/charon.* rw, + /run/pcscd/pcscd.comm rw, + + /usr/lib/ipsec/charon rmix, + /usr/lib/ipsec/imcvs/ r, + /usr/lib/ipsec/imcvs/** rm, + + /usr/lib/*/opensc-pkcs11.so rm, + + /var/lib/strongswan/* r, + + # Site-specific additions and overrides. See local/README for details. + #include <local/usr.lib.ipsec.charon> +} diff --git a/debian/usr.lib.ipsec.lookip b/debian/usr.lib.ipsec.lookip new file mode 100644 index 000000000..de104331c --- /dev/null +++ b/debian/usr.lib.ipsec.lookip @@ -0,0 +1,22 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2014 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# Author: Jonathan Davies <jonathan.davies@canonical.com> +# +# ------------------------------------------------------------------ + +#include <tunables/global> + +/usr/lib/ipsec/lookip { + #include <abstractions/base> + + /run/charon.lkp rw, + + # Site-specific additions and overrides. See local/README for details. + #include <local/usr.lib.ipsec.lookip> +} diff --git a/debian/usr.lib.ipsec.stroke b/debian/usr.lib.ipsec.stroke new file mode 100644 index 000000000..9d20ee7c9 --- /dev/null +++ b/debian/usr.lib.ipsec.stroke @@ -0,0 +1,28 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2014 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# Author: Jonathan Davies <jonathan.davies@canonical.com> +# +# ------------------------------------------------------------------ + +#include <tunables/global> + +/usr/lib/ipsec/stroke flags=(attach_disconnected) { + #include <abstractions/base> + + capability dac_override, + + /etc/strongswan.conf r, + /etc/strongswan.d/ r, + /etc/strongswan.d/** r, + + /run/charon.ctl rw, + + # Site-specific additions and overrides. See local/README for details. + #include <local/usr.lib.ipsec.stroke> +} diff --git a/debian/usr.sbin.charon-systemd b/debian/usr.sbin.charon-systemd new file mode 100644 index 000000000..0540b89e0 --- /dev/null +++ b/debian/usr.sbin.charon-systemd @@ -0,0 +1,75 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2016 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# Author: Jonathan Davies <jonathan.davies@canonical.com> +# Ryan Harper <ryan.harper@canonical.com> +# +# ------------------------------------------------------------------ + +#include <tunables/global> + +/usr/sbin/charon-systemd flags=(complain,attach_disconnected) { + #include <abstractions/base> + #include <abstractions/nameservice> + #include <abstractions/authentication> + #include <abstractions/openssl> + #include <abstractions/p11-kit> + + capability ipc_lock, + capability net_admin, + capability net_raw, + + # allow priv dropping (LP: #1333655) + capability chown, + capability setgid, + capability setuid, + + # libcharon-extra-plugins: xauth-pam + capability audit_write, + + # libstrongswan-standard-plugins: agent + capability dac_override, + + network, + network raw, + + /{,usr/}bin/dash rmPUx, + + # libcharon-extra-plugins: kernel-libipsec + /dev/net/tun rw, + + /etc/ipsec.conf r, + /etc/ipsec.secrets r, + /etc/ipsec.*.secrets r, + /etc/ipsec.d/ r, + /etc/ipsec.d/** r, + /etc/ipsec.d/crls/* rw, + /etc/opensc/opensc.conf r, + /etc/strongswan.conf r, + /etc/strongswan.d/ r, + /etc/strongswan.d/** r, + /etc/tnc_config r, + + /proc/sys/net/core/xfrm_acq_expires w, + + /run/charon.* rw, + /run/pcscd/pcscd.comm rw, + + /usr/lib/ipsec/charon rmix, + /usr/lib/ipsec/imcvs/ r, + /usr/lib/ipsec/imcvs/** rm, + + /usr/lib/*/opensc-pkcs11.so rm, + + /var/lib/strongswan/* r, + + /{,var/}run/systemd/notify w, + + # Site-specific additions and overrides. See local/README for details. + #include <local/usr.sbin.charon-systemd> +} diff --git a/debian/usr.sbin.swanctl b/debian/usr.sbin.swanctl new file mode 100644 index 000000000..627f5c0b3 --- /dev/null +++ b/debian/usr.sbin.swanctl @@ -0,0 +1,32 @@ +#include <tunables/global> + +/usr/sbin/swanctl { + #include <abstractions/base> + + # Allow /etc/swanctl/x509ca/ files to symlink to system-wide ca-certificates + #include <abstractions/ssl_certs> + + # CAP_DAC_OVERRIDE is needed for optional charon.user/charon.group + # configuration + capability dac_override, + + # Allow reading strongswan.conf configuration files + /etc/strongswan.conf r, + /etc/strongswan.d/ r, + /etc/strongswan.d/** r, + + # All reading configuration, certificate, and key files beneath /etc/swanctl/ + /etc/swanctl/** r, + + # Allow communication with VICI plugin UNIX domain socket + /run/charon.vici rw, + + # As of 5.5.2, swanctl unnecessarily loads plugins by default, even though no + # plugins are actually used by swanctl. The following can be removed if + # plugin loading is disabled. + #include <abstractions/nameservice> + #include <abstractions/openssl> + + # Site-specific additions and overrides. See local/README for details. + #include <local/usr.sbin.swanctl> +} diff --git a/debian/watch b/debian/watch new file mode 100644 index 000000000..65947ff35 --- /dev/null +++ b/debian/watch @@ -0,0 +1,3 @@ +version=3 +opts=pgpsigurlmangle=s/$/.sig/ \ +http://download.strongswan.org/strongswan-([\d.]+)\.tar\.bz2 |