diff options
194 files changed, 17673 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000..e47cdedcc --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +*~ +*.old +*.orig +*.rej diff --git a/.pc/.quilt_patches b/.pc/.quilt_patches new file mode 100644 index 000000000..6857a8d44 --- /dev/null +++ b/.pc/.quilt_patches @@ -0,0 +1 @@ +debian/patches diff --git a/.pc/.quilt_series b/.pc/.quilt_series new file mode 100644 index 000000000..c2067066a --- /dev/null +++ b/.pc/.quilt_series @@ -0,0 +1 @@ +series diff --git a/.pc/.version b/.pc/.version new file mode 100644 index 000000000..0cfbf0888 --- /dev/null +++ b/.pc/.version @@ -0,0 +1 @@ +2 diff --git a/testing/hosts/winnetou/etc/openssl/duck/index.txt.old b/.pc/applied-patches index e69de29bb..e69de29bb 100644 --- a/testing/hosts/winnetou/etc/openssl/duck/index.txt.old +++ b/.pc/applied-patches diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 000000000..dfdd1a4a7 --- /dev/null +++ b/debian/NEWS @@ -0,0 +1,36 @@ +strongswan (4.5.0-1) unstable; urgency=low + + Starting with strongswan 4.5.0 upstream, the IKEv2 protocol is now the + default. This can easily be changed using the keyexchange=ikev1 config + option (either in the respective "conn" section or by putting it in the + "default" section and therefore applying it to all existing connections). + + The IKEv2 protocol has less overhead, more features (e.g. NAT-Traversal by + default, MOBIKE, Mobile IPv6), and provides better error messages in case + the connection can not be established. It is therefore highly recommended + to use it when the other side also supports it. + + Addtionally, strongswan 4.5.0-1 now enables support for NAT Traversal in + combination with IPsec transport mode (the support for this has existed + for a long time, but was disabled due to security concerns). This is + required e.g. to let mobile phone clients (notably Android, iPhone) + connect to an L2TP/IPsec gateway using strongswan. The security + implications as described in the original README.NAT-Traversal file from + the openswan distribution are: + + * Transport Mode can't be used without NAT in the IPSec layer. Otherwise, + all packets for the NAT device (including all hosts behind it) would be + sent to the NAT-T Client. This would create a sort of blackhole between + the peer which is not behind NAT and the NAT device. + + * In Tunnel Mode with roadwarriors, we CAN'T accept any IP address, + otherwise, an evil roadwarrior could redirect all trafic for one host + (including a host on the private network) to himself. That's why, you have + to specify the private IP in the configuration file, use virtual IP + management, or DHCP-over-IPSec. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 28 Nov 2010 13:16:00 +0200 + +Local variables: +mode: debian-changelog +End: diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 000000000..2dc3a5831 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,124 @@ +strongswan for Debian +---------------------- + +1) General Remarks + +This package has been created from the openswan package, which was again +created from the freeswan package, which was created from scratch with some +ideas from the freeswan 1.3 package by Tommi Virtanen and the freeswan 1.5 +package by Aaron Johnson merged in. + +The differences between the strongSwan and the Openswan packages are +documented at http://www.strongswan.org/ . + +2) Kernel Support + +Note: This package can make use of the in-kernel IPSec stack, which is +available in the stock Debian kernel images (>=2.4.24 and 2.6.x). + +If you want to use the strongswan utilities, you will need the appropriate +kernel modules. The Debian default kernel native IPSec stack (which is +included in Linux 2.6 kernels and has been backported to Debian's 2.4 kernels) +can be used out-of-the-box with strongswan pluto, the key management daemon. +This native Linux IPSec stack is of high quality, has all of the features of +the latest Debian freeswan and openswan packages (i.e. support for other +ciphers like AES and NAT Traversal support) and is well integrated into the +kernel networking subsystem (which is not true for the freeswan kernel +modules). This is the recommended kernel support for strongswan. + +If you do not want to use the in-kernel IPSec stack of newer 2.6 kernels or +are building a custom 2.4 kernel, then the KLIPS kernel part can be used. +strongswan no longer ships this part, but is instead focussing on the newer +native IPSec stack. However, strongswan is interoperable with the KLIPS part +shipped with openswan, both for 2.4 and 2.6 series kernels. Please install +either the linux-patch-openswan or the openswan-modules-source packages and +follow their respective README.Debian files when you want to use KLIPS. + +3) Getting Started + +For connecting two Debian boxes using this strongswan package, the +simplest connection block on each side would look something like this: + +On host A, use + +conn to_hostb + left=%defaultroute + right=hostb.example.com + leftcert=hosta.pem + rightcert=hostb.pem + keyexchange=ikev2 + type=transport + auto=add + +On host B, use +conn to_hosta + left=%defaultroute + right=hosta.example.com + leftcert=hostb.pem + rightcert=hosta.pem + keyexchange=ikev2 + type=transport + auto=add + +This assumes that the respective hostnames hosta.example.com and +hostb.example.com can be resolved and that the internal hostnames are hosta +and hostb (and thus installing the strongswan package created the certificates +hosta.pem and hostb.pem, respectively). +Then the certificates (and not the private keys!) need to be exchanged between +the hosts, e.g. with + scp /etc/ipsec.d/certs/hosta.pem hostb.example.com:/etc/ipsec.d/certs/ + scp hostb.example.com:/etc/ipsec.d/certs/hostb.com /etc/ipsec.d/certs/ +from host A. The IPSec transport connection (that is, no subnets behind these +hosts that should be tunneled) can be started from either side using +"ipsec up to_hostb" (e.g. from host A). +Note that this example explicitly uses IKEv2 due to its nicer error messages. + +A more complicated example is to connect a "roadwarrior" (e.g. laptop) +to an internal network wbile it is behind another NAT. On the gateway +side, i.e. for the internal network the roadwarrior should connect to, +the configuration block could look something like this: + +conn roadwwarrior + left=%defaultroute + leftcert=gatewayCert.pem + rightcert=laptopCert.pem + rightrsasigkey=%cert + leftrsasigkey=%cert + auto=add + leftsubnet=10.0.0.0/24 + rightsubnetwithin=0.0.0.0/0 + right=%any + compress=yes + type=tunnel + dpddelay=30 + dpdtimeout=120 + dpdaction=clear + +On the laptop side, you could use something along the lines: + +conn %default + rightrsasigkey=%cert + leftrsasigkey=%cert + authby=rsasig + leftcert=laptopCert.pem + leftsendcert=always + leftsubnet= + dpddelay=30 + dpdtimeout=120 + dpdaction=clear + esp=aes128-sha1 + ike=aes128-sha1-modp2048 + +conn esys + left=%defaultroute + right=gateway.example.com + rightsubnet=10.0.0.0/24 + rightcert=gatewayCert.pem + auto=add + +Then load these new configuration blocks on both sides using "ipsec reload" +and, on the laptop, start the tunnel with "ipsec up mynetwork". +These configuration blocks assume host names "gateway" and "laptop" and an +inner subnet of 10.0.0.0/24. + +-- Rene Mayrhofer <rmayr@debian.org>, Sun, Jul 09 12:31:00 2006 diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 000000000..26d3a19cd --- /dev/null +++ b/debian/changelog @@ -0,0 +1,683 @@ +strongswan (4.5.2-1.5) unstable; urgency=low + + * Non-maintainer upload. + * Fix "package must not include /var/lock/subsys": + don't ship /var/lock/subsys but create it in the init script. + (Closes: #667764) + + -- gregor herrmann <gregoa@debian.org> Fri, 15 Jun 2012 16:21:27 +0200 + +strongswan (4.5.2-1.4) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * debian/patches: + - 0001-Fix-boolean-return-value-if-an-empty-RSA-signature-i added, + backported from upstream. Fix CVE-2012-2388 (when using gmp plugin, + zero length RSA signatures are considered valid). + - 0001-Added-support-for-the-resolvconf-framework-in-resolv added, + correctly handle resolvconf-managed /etc/resolv.conf. closes: #664873 + + -- Yves-Alexis Perez <corsac@debian.org> Thu, 24 May 2012 17:55:51 +0200 + +strongswan (4.5.2-1.3) unstable; urgency=low + + * Non-maintainer upload. + * Fix pending l10n issues. Debconf translations: + - Dutch; (Jeroen Schot). Closes: #631502 + - Norwegian BokmÃ¥l, (Bjørn Steensrud). Closes: #654411 + - Polish (MichaÅ‚ KuÅ‚ach). Closes: #658125 + + -- Christian Perrier <bubulle@debian.org> Wed, 08 Feb 2012 07:22:07 +0100 + +strongswan (4.5.2-1.2) unstable; urgency=low + + * Non-maintainer upload. + * Drop libopensc2-dev from Build-Depends; that library is now private to + opensc and is not required at build time as it's loaded by dlopen() anyway. + (Closes: #635890) + + -- Laurent Bigonville <bigon@debian.org> Thu, 08 Sep 2011 16:50:11 +0200 + +strongswan (4.5.2-1.1) unstable; urgency=low + + * Non-maintainer upload. + * debian/strongswan-starter.ipsec.init: Init script should depends on + remote_fs instead of local_fs, also provide ipsec instead of vpn as + the other ipsec implementations (Closes: #629675) + * debian/patches/0001-fix-fprintf-format.patch: Fix FTBFS with gcc 4.6, + taken from upstream (Closes: #614486) + * debian/control: Tighten dependency version against libstrongswan + (Closes: #626170) + * debian/strongswan-starter.lintian-overrides, debian/rules: + Correctly set restricted permissions on /etc/ipsec.d/private/ + and /var/lib/strongswan (Closes: #598827) + + -- Laurent Bigonville <bigon@debian.org> Mon, 04 Jul 2011 10:58:59 +0200 + +strongswan (4.5.2-1) unstable; urgency=low + + * New upstream version 4.5.2. This removes a lot of old manpages that were + not properly updated since freeswan. + Closes: #616482: strongswan-ikev1: virtual ips not released if xauth name + does not match id + Closes: #626169: strongswan: ipsec tunnels fail because charon segfaults + Closes: #625228: strongswan-starter: left-/rightnexthop options are broken + Closes: #614105: strongswan-ikev2: charon continually respawns + * Fix typo in debian/rules that precluded --enable-nm from being passed to + configure (LP: #771778). + Closes: #627775: strongswan-nm package is missing nm module + * Make sure to install all newly added plugins (and generally files created + by make install) by calling dh_install with --fail-missing. Install some + newly enabled crypto plugins in the libstrongswan package. + Closes: #627783: Please disable modules that are not installed in package + at build time + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 19 May 2011 13:42:21 +0200 + +strongswan (4.5.1-1) unstable; urgency=low + + * New upstream version + + -- Rene Mayrhofer <rmayr@debian.org> Sat, 05 Mar 2011 09:27:49 +0100 + +strongswan (4.5.0-1) unstable; urgency=low + + * New upstream version 4.5.0 + * Enabled new configure options for additional libstrongswan plugins: + --enable-ctr --enable-ccm --enable-gcm --enable-addrblock --enable-led + --enable-pkcs11 --enable-eap-tls --enable-eap-ttls --enable-eap-tnc + * Enable NAT-Traversal with transport mode support so that strongswan + can be used for an L2TP/IPsec gateway (e.g. for Windows or mobile phone + clients). + * Special handling for strongswan-nm package during build time: only build + and install if headers are really available. This supports easier + backporting by simply ignoring build-deps and therefore to build all + packages except the strongswan-nm without any changes to the source + package. + * Install test-vectors and revocation plugins for libstrongswan. + Closes: #600996: strongswan-starter: plugin 'revocation' failed to load + * Acknowledge translations NMU. + Closes: #598925: Intent to NMU or help for an l10n upload of strongswan + to fix pending po-debconf l10n bugs + Closes: #598925 #599888 #600354 #600409 #602449 #603723 #603779 + * Update Brazilian Portugese debconf translation. + Closes: #607404: strongswan: [INTL:pt_BR] Brazilian Portuguese debconf + templates translation + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 28 Nov 2010 13:09:42 +0100 + +strongswan (4.4.1-5.1) unstable; urgency=low + + * Non-maintainer upload. + - Fix pending l10n issues. Debconf translations: + - Vietnamese (Clytie Siddall). Closes: #598925 + - Japanese (Hideki Yamane). Closes: #599888 + - Czech (Miroslav Kure). Closes: #600354 + - Spanish (Francisco Javier Cuadrado). Closes: #600409 + - Danish (Joe Hansen). Closes: #602449 + - Basque (Iñaki Larrañaga Murgoitio). Closes: #603723 + - Italian (Vincenzo Campanella). Closes: #603779 + + -- Christian Perrier <bubulle@debian.org> Wed, 17 Nov 2010 20:21:21 +0100 + +strongswan (4.4.1-5) unstable; urgency=medium + + * Fixed init script for restart to work when either pluto or charon + are not installed. + Closes: #598074: init script doesn't re-start the service on restart + * Enable built-in crypto test vectors. + Closes: #598136: strongswan: Please enable --enable-test-vectors + configure option + * Install libchecksum.so into correct directory (/usr/lib/ipsec instead of + /usr/lib). It still doesn't fix #598138 because of the size mismatch. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 26 Sep 2010 13:48:00 +0200 + +strongswan (4.4.1-4) unstable; urgency=medium + + * dh_clean should not be called by the install target. This caused the + arch: all package strongswan to be built but not included in the changes + file. + Closes: #593768: strongswan: 4.4.1 unavailable in testing notwhistanding + a freeze-exception request + * Rewrote parts of the init.d script to make stop/restart more robust + when pluto or charon fail. + * Closes: #595885: strongswan: FTBFS in squeeze: No package 'libnm_glib_vpn' + found + This bug was actually closed in 4.4.0 with changed dependencies. + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 19 Sep 2010 13:08:36 +0200 + +strongswan (4.4.1-3) unstable; urgency=low + + * Change make clean to make distclean to make package building + idempotent. + Really closes: Bug#593313: strongswan: FTBFS because clean rule fails + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 22 Aug 2010 21:39:03 +0200 + +strongswan (4.4.1-2) unstable; urgency=low + + * Recompiled with dpkg-buildpackage instead of svn-buildpackage to + make the clean target work. I am still looking for the root cause of + this quilt 3.0 format and svn-buildpackage incompatibility. + Closes: Bug#593313: strongswan: FTBFS because clean rule fails + * Removed the --enable-socket-* configure options again. Having multiple + socket variants for charon would force to explicitly enable one (in case + of pluto co-existance the socket-raw) in strongswan.conf. Disabling the + other variants for now at build-time relieves us from changing the + default config file and might be more future-proof concerning future + upstream changes to configure options. + Really closes: #587583 + + -- Rene Mayrhofer <rmayr@debian.org> Sat, 21 Aug 2010 23:28:47 +0200 + +strongswan (4.4.1-1) unstable; urgency=low + + * New upstream release. + Closes: #587583: strongswan 4.4.0-2 does not work here: charon seems not + to ignore all incoming requests/answers + Closes: #506320: strongswan: include directives error and ikev2 + * Fix typo in debconf templates. + Closes: #587564: strongswan: Minor typos in Debconf template + * Updated debconf translations. + Closes: #587562: strongswan: [INTL:de] updated German debconf translation + Closes: #580954: [INTL:es] Spanish debconf template translation for + strongswan + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 09 Aug 2010 11:37:25 +0200 + +strongswan (4.4.0-3) unstable; urgency=low + + * Updated debconf translations. + Closes: #587562: strongswan: [INTL:de] updated German debconf translation + + -- Rene Mayrhofer <rmayr@debian.org> Wed, 30 Jun 2010 09:50:31 +0200 + +strongswan (4.4.0-2) unstable; urgency=low + + * Force enable-socket-raw configure option and enable list-missing option + for dh_install to make sure that all required plugins get built and + installed. + Closes: #587282: plugins missing + * Updated debconf translations. + Closes: #587052: strongswan: [INTL:fr] French debconf templates + translation update + Closes: #587159: strongswan: [INTL:ru] Russian debconf templates + translation update + Closes: #587255: strongswan: [INTL:pt] Updated Portuguese + translation for debconf messages + Closes: #587241: [INTL:sv] po-debconf file for strongswan + * Disabled cisco-quirks configure option, as it causes pluto to emit a + bogus Cicso vendor ID attribute. Some Cicso VPN clients might not work + without this, but it is less confusing for standards-compliant remote + gateways. + * Removed leftover attribute plugin source caused by incomplete svn-upgrade + call. + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 24 Jun 2010 22:32:18 +0200 + +strongswan (4.4.0-1) unstable; urgency=HIGH + + * New upstream release, now with a high-availability plugin. + * Added patch to fix snprintf bug. + * Enable building of ha, dhcp, and farp plugins. + * Enable capability dropping (now depends on libcap). Switching + user to new system user strongswan (with nogroup) after startup + is still disabled until the iptables updown script can be made + to work. + + -- Rene Mayrhofer <rmayr@debian.org> Tue, 25 May 2010 21:03:52 +0200 + +strongswan (4.3.6-1) unstable; urgency=low + + * UNRELEASED + + * New upstream release, now build-depends on gperf. + Closes: #577855: New upstream release 4.3.6 + Closes: #569553: strongswan: Certificates CNs containing email address + OIDs are not correctly parsed + Closes: #557635: strongswan charon does not rekey forever + Closes: #569299: Please update configure check to use new nm-glib + pkgconfig file name + * Switch to dpkg-source 3.0 (quilt) format + * Synchronize debconf handling with current openswan 2.6.25 package to keep + X509 certificate handling etc. similar. Thanks to Harald Jenny for + implementing these changes in openswan, which I just converted to + strongswan. + * Now also build a strongswan-dbg package to ship debugging symbols. + * Include attr plugin in strongswan-ikev2 package. Thanks to Christoph Lukas + for pointing out that this was missing. + Closes: #569550: strongswan: Please include attr plugin + + -- Rene Mayrhofer <rmayr@debian.org> Tue, 23 Feb 2010 10:39:21 +0000 + +strongswan (4.3.4-1) unstable; urgency=low + + * New upstream release. + * This release supports integrity checking of libraries, which is + now enabled at build-time and can be enabled at run-time using + libstrongswan { + integrity_test = yes + } + in /etc/strongswan.conf. + * Don't disable internal crypto libraries for pluto. They might be + required when working with older ipsec.conf files. + * charon now supports "include" directives in ipsec.secrets for + compatibility with how the maintainer script includes RSA private keys. + * Patched starter to also look at routing table "default" when table + "main" doesn't have a default entry. This makes dealing with + "%defaulroute" in ipsec.conf more flexible. + Update: It seems Astaro was quicker then me sending a patch with + exactly that aim to upstream. Now applied this one, which will be + part of future upstream releases and uses netlink to read routing + tables. + + -- Rene Mayrhofer <rmayr@debian.org> Wed, 21 Oct 2009 11:14:56 +0000 + +strongswan (4.3.2-1) unstable; urgency=HIGH + + Urgency high because of security issue and FTBFS. + * New upstream release, fixes security bug. + * Fix padlock handling for i386 in debian/rules. + Closes: #525652 (FTBFS on i386) + * Acknowledge NMUs by security team. + Closes: #533837, #531612 + * Add "Conflicts: strongswan (< 4.2.12-1)" to libstrongswan, + strongswan-starter, strongswan-ikev1, and strongswan-ikev2 to force + update of the strongswan package on installation and avoid conflicts + caused by package restructuring. + Closes: #526037: strongswan-ikev2 and strongswan: error when trying to + install together + Closes: #526486: strongswan and libstrongswan: error when trying to + install together + Closes: #526487: strongswan-ikev1 and strongswan: error when trying to + install together + Closes: #526488: strongswan-starter and strongswan: error when trying to + install together + * Debconf templates and debian/control reviewed by the debian-l10n- + english team as part of the Smith review project. Closes: #528073 + * Debconf translation updates: + Closes: #525234: [INTL:ja] Update po-debconf template translation (ja.po) + Closes: #528323: [INTL:sv] po-debconf file for strongswan + Closes: #528370: [INTL:vi] Vietnamese debconf templates translation update + Closes: #529027: [INTL:pt] Updated Portuguese translation for debconf messages + Closes: #529071: [INTL:fr] French debconf templates translation update + Closes: #529592: nb translation of debconf PO for strongSWAN + Closes: #529638: [INTL:ru] Russian debconf templates translation + Closes: #529661: Updated Czech translation of strongswan debconf messages + Closes: #529742: [INTL:eu] strongswan debconf basque translation + Closes: #530273: [INTL:fi] Finnish translation of the debconf templates + Closes: #529063: [INTL:gl] strongswan 4.2.14-2 debconf translation update + + -- Rene Mayrhofer <rmayr@debian.org> Sat, 18 Apr 2009 20:28:51 +0200 + +strongswan (4.2.14-1.2) unstable; urgency=high + + * Non-maintainer upload. + * Fix build on i386 + Closes: #525652: FTBFS on i386: + libstrongswan-padlock.so*': No such file or directory + * Fix Two Denial of Service Vulnerabilities + Closes: #533837: strongSwan Two Denial of Service Vulnerabilities + + -- Ruben Puettmann <ruben@puettmann.net> Sun, 21 Jun 2009 17:50:02 +0200 + +strongswan (4.2.14-1.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix two possible null pointer dereferences leading to denial + of service via crafted IKE_SA_INIT, CREATE_CHILD_SA or + IKE_AUTH request (CVE-2009-1957; CVE-2009-1958; Closes: #531612). + + -- Nico Golde <nion@debian.org> Mon, 15 Jun 2009 13:06:05 +0200 + +strongswan (4.2.14-1) unstable; urgency=low + + * New upstream release, which incorporates the fix. Removed dpatch for it. + Closes: #521950: CVE-2009-0790: DoS + * New support for EAP RADIUS authentication, enabled for this package. + + -- Rene Mayrhofer <rmayr@debian.org> Wed, 01 Apr 2009 22:17:52 +0200 + +strongswan (4.2.13-2) unstable; urgency=low + + * Fix DoS issue via malicious Dead Peer Detection packet. Thanks to the + security team for providing the patch. + Closes: #521950: CVE-2009-0790: DoS + Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone + to a denial of service attack via a malicious packet. + + -- Rene Mayrhofer <rmayr@debian.org> Tue, 31 Mar 2009 12:00:51 +0200 + +strongswan (4.2.13-1) unstable; urgency=low + + * New upstream release. This is now compatible with network-manager 0.7 + in Debian, so start building the strongswan-side support. The actual + plugin will need to be another source package. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 22 Mar 2009 10:59:31 +0100 + +strongswan (4.2.12-1) unstable; urgency=low + + * New upstream release. Starting with this version, the strongswan + packages is modularized and includes support for plugins like the + NetworkManager plugin. Many details were adopted from Martin Willi's + packages. + * Dropping support for raw RSA public/private keypairs, as charon does + not support it. + * Explicitly remove directories /etc/ipsec.d and /var/run/pluto on purge. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 01 Mar 2009 10:46:08 +0000 + +strongswan (4.2.9-1) unstable; urgency=low + + * New upstream release, fixes a MOBIKE issue. + Closes: #507542: strongswan: endless loop + * Explicitly enable compilation with libcurl for CRL fetching + Closes: #497756: strongswan: not compiled with curl support; crl + fetching not available + * Enable compilation with SSH agent support. + + -- Rene Mayrhofer <rmayr@debian.org> Fri, 05 Dec 2008 17:21:42 +0100 + +strongswan (4.2.4-5) unstable; urgency=high + + Reason for urgency high: this is potentially security relevant. + * Patch backported from 4.2.7 to fix a potential DoS issue. + Thanks to Thomas Kallenberg for the patch. + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 29 Sep 2008 10:35:30 +0200 + +strongswan (4.2.4-4) unstable; urgency=low + + * Tweaked configure options for lenny to remove somewhat experimental, + incomplete, or unnecessary features. Removed --enable-xml, + --enable-padlock, and --enable-manager and added --disable-aes, + --disable-des, --disable-fips-prf, --disable-gmp, --disable-md5, + --disable-sha1, and --disable-sha2 because openssl already + contains this code, we depend on it and thus don't need it twice. + Padlock support does not do much, because the bulk encryption uses + it anyway (being done internally in the kernel) and using padlock + for IKEv2 key agreement adds complexity for little gain. + Thanks to Thomas Kallenberg of strongswan upstream team for + suggesting these changes. The package is now noticable smaller. + * Also remove dbus dependency, which is no longer necessary. + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 01 Sep 2008 08:59:10 +0200 + +strongswan (4.2.4-3) unstable; urgency=low + + * Changed configure option to build peer-to-peer service again. + Closes: #494678: strongswan: configure option --enable-p2p changed to + --enable-mediation + + -- Rene Mayrhofer <rmayr@debian.org> Tue, 12 Aug 2008 20:08:26 +0200 + +strongswan (4.2.4-2) unstable; urgency=medium + + Urgency medium because this fixes an FTFBS bug on non-i386. + * Only compile padlock crypto acceleration support for i386. Thanks for + the patch! + Closes: #492455: strongswan: FTBFS: Uses i386 assembler on non-i386 + arches. + * Updated Swedish debconf translation. + Closes: #492902: [INTL:sv] po-debconf file for strongswan + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 07 Aug 2008 13:02:54 +0200 + +strongswan (4.2.4-1) unstable; urgency=medium + + Urgency medium because this new upstream versions no longer uses + dbus and thus fixed the grave bug from the last Debian package. This + version should transit to testing. + * New upstream release. Starting with version 4.2.0, crypto algorithms have + beeen modularized with existing code ported over. Among other improvments, + this version now supports AES-CCM (e.g. with esp=aes128ccm12) and AES-GCM + (e.g. with esp=aes256gcm16) starting with kernel 2.6.25 and enables dead + peer detection by default. + Note that charon (IKEv2) now uses the new /etc/strongswan.conf. + * Enabled building of VIA Padlock and openssl crypto plugins. + * Drop patch to rename AES_cbc_encrypt so as not to conflict with an + openssl method of the same name. This has been applied upstream. + * This new upstream version no longer uses dbus. + Closes: #475098: charon needs dbus but strongswan does not depend on dbus + Closes: #475099: charon does not work any more + * This new upstream version no longer prints error messages in its + init script. + Closes: #465718: strongswan: startup on booting returns error messages + * Apply patch to ipsec init script to fix bashism. + Closes: #473703: strongswan: bashism in /bin/sh script + * Updated Czech debconf translation. + Closes: #480928: [l10n] Updated Czech translation of strongswan debconf + messages + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 10 Jul 2008 14:40:43 +0200 + +strongswan (4.1.11-1) unstable; urgency=low + + * New upstream release. + * DBUS support now interacts with network-manager, so need to build-depend + on network-manager-dev. + * The web interface has been improved and now requires libfcgi-dev and + clearsilver-dev to compile, so build-depend on them. Also build-depend + on libxml2-dev, libdbus-1-dev, libtool, and libsqlite3-dev (which were + all build-deps before but were not listed explicitly so far - fix that). + * Add patch to rename internal AES_cbc_encrypt function and thus avoid + conflict with the openssl function. + Closes: #470721: pluto segfaults when using pkcs11 library linked with + OpenSSL + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 30 Mar 2008 10:35:16 +0200 + +strongswan (4.1.10-2) unstable; urgency=low + + * Enable new configure options: dbus, xml, nonblocking, thread, peer- + to-peer NAT-traversal and the manager interface support. + * Also set the default path to the opensc-pkcs11 engine explicitly. + + -- Rene Mayrhofer <rmayr@debian.org> Fri, 15 Feb 2008 10:25:49 +0100 + +strongswan (4.1.10-1) unstable; urgency=low + + * New upstream release. + Closes: #455711: New upstream version 4.1.9 + * Updated Japanese debconf translation. + Closes: #463321: strongswan: [INTL:ja] Update po-debconf template + translation (ja.po) + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 07 Feb 2008 15:15:14 +0100 + +strongswan (4.1.8-3) unstable; urgency=low + + * Force use of hardening-wrapper when building the package by setting + a Build-Dep to it and setting export DEB_BUILD_HARDENING=1 in + debian/rules. + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 07 Feb 2008 14:14:48 +0100 + +strongswan (4.1.8-2) unstable; urgency=medium + + * Ship our own init script, since upstream no longer does. This is still + installed as /etc/init.d/ipsec (and not /etc/init.d/strongswan) to be + backwards compatible. + Really closes: #442880: strongswan: postinst failure (missing + /etc/init.d/ipsec) + * Actually, need to be smarter with ipsec.conf and ipsec.secrets. Not + marking them as conffiles isn't the right thing either. Instead, now + use the includes feature to pull in config snippets that are + modified by debconf. It's not perfect, though, as the IKEv1/IKEv2 + protocols can't be enabled/disabled with includes. Therefore don't + support this option in debconf for the time being, but default to + enabled for both IKE versions. The files edited with debconf are kept + under /var/lib/strongswan. + * Cleanup debian/rules: no longer need to remove leftover files from + patching, as currently there are no Debian-specific patches (fortunately). + * More cleanup: drop debconf translations hack for woody compatibility, + depend on build-stamp instead of build in the install-strongswan target, + and remove the now unnecessary dh_clean -k call in install-strongswan so + that configure shouldn't run twice during building the package. + * Update French debconf translation. + Closes: #448327: strongswan: [INTL:fr] French debconf templates + translation update + + -- Rene Mayrhofer <rmayr@debian.org> Fri, 02 Nov 2007 21:55:29 +0100 + +strongswan (4.1.8-1) unstable; urgency=low + + The "I'm back from my long semi-vacation, and strongswan is now bug-free + again" release. + * New upstream release. + Closes: #442880: strongswan: postinst failure (missing /etc/init.d/ipsec) + Closes: #431874: strongswan - FTBFS: cannot create regular file + `/etc/ipsec.conf': Permission denied + * Explicitly use debhalper compatbility version 5m now using debian/compat + instead of DH_COMPAT. + * Since there's no configurability in dh_installdeb's mania to flag + everything below /etc as a conffile, now hack DEBIAN/conffiles directly + to remove ipsec.conf and ipsec.secrets. + Closes: #442929: strongswan: Maintainer script modifies conffiles + * Add/update debconf translations. + Closes: #432189: strongswan: [INTL:de] updated German debconf translation + Closes: #432212: [l10n] Updated Czech translation of strongswan debconf + messages + Closes: #432642: strongswan: [INTL:fr] French debconf templates + translation update + Closes: #444710: strongswan: [INTL:pt] Updated Portuguese translation for + debconf messages + + -- Rene Mayrhofer <rmayr@debian.org> Fri, 26 Oct 2007 16:16:51 +0200 + +strongswan (4.1.4-1) unstable; urgency=low + + * New upstream release. + * Fixed debconf descriptions. + Closes: #431157: strongswan: Minor errors in Debconf template + * Include Portugese and + Closes: #415178: strongswan: [INTL:pt] Portuguese translation for debconf + messages + Closes: #431154: strongswan: [INTL:de] initial German debconf translation + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 05 Jul 2007 00:53:01 +0100 + +strongswan (4.1.3-1) unreleased; urgency=low + + * New upstream release. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 03 Jun 2007 18:39:11 +0100 + +strongswan (4.1.1-1) unreleased; urgency=low + + Major new upstream release: + * IKEv2 support with the new "charon" daemon in addition to the old "pluto" + which is still used for IKEv1. + * Switches to auto* tools build system. + * The postinst script is still not quite as complete in updating the 2.8.x + config automatically to a new 4.x config, but I don't want to wait any + longer with the upload. It can be improved later on. + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 12 Apr 2007 21:33:56 +0100 + +strongswan (2.8.3-1) unstable; urgency=low + + * New upstream release with fixes for the SHA-512-HMAC function and + added SHA-384 and SHA-2 implementations. + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 22 Feb 2007 20:19:45 +0000 + +strongswan (2.8.2-1) unstable; urgency=low + + * New upstream release with interoperability fixes for some VPN + clients. + + -- Rene Mayrhofer <rmayr@debian.org> Tue, 30 Jan 2007 12:21:20 +0000 + +strongswan (2.8.1+dfsg-1) unstable; urgency=low + + * New upstream release, now with XAUTH support. + * Explicitly enable smartcard and vendorid options as well as a + few more in debian/rules. + Closes: #407449: strongswan: smartcard support is disabled + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 28 Jan 2007 21:06:25 +0000 + +strongswan (2.8.1-1) UNRELEASED; urgency=low + + * New upstream release. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 28 Jan 2007 20:59:11 +0000 + +strongswan (2.8.0+dfsg-1) unstable; urgency=low + + * New upstream release. + * Update debconf templates. + Closes: #388672: strongswan: [INTL:fr] French debconf templates + translation update + Closes: #389253: [l10n] Updated Czech translation of strongswan + debconf messages + Closes: #391457: [INTL:nl] Updated dutch po-debconf translation + Closes: #396179: strongswan: [INTL:ja] Updated Japanese po-debconf + template translation (ja.po) + * Fix broken reference to a now non-existing config file. no_oe.conf + has been replaced by oe.conf, with the opposite meaning. Changed + postinst to deal with it correctly now, and also try to convert + older config file lines to newer (e.g. when updating from openswan + to strongswan). + Closes: #391565: fails to start : /etc/ipsec.conf:46: include + files found no matches + [/etc/ipsec.d/examples/no_oe.conf] + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 6 Nov 2006 19:01:58 +0000 + +strongswan (2.7.3+dfsg-1) unstable; urgency=low + + * New upstream release. Another try on getting it into unstable. + Closes: #372267: ITP: strongswan -- second fork of freeswan. + * Call debian-updatepo in the clean target, in line with the openswan + change for its version 2.4.6+dfsg-1. + * Remove man2html, htmldoc, and lynx from the Build-Deps because we no + longer rebuild the documentation tree. + * Starting shipping a lintian overrides file to finally silence the + warnings about non-standard-(file|dir)-perms (they are intentional). + * Clean up /usr/lib/ipsec somehow, again owing to lintian warnings. + * Add po-debconf to build dependencies. + + -- Rene Mayrhofer <rmayr@debian.org> Wed, 23 Aug 2006 21:23:36 +0100 + +strongswan (2.7.2+dfsg-1) unstable; urgency=low + + * First upload to the main Debian archive. This does no longer build + the linux-patch-strongswan and strongswan-modules-source packages, + as KLIPS will be removed from the strongswan upstream source anyway + for the next major release. However, the openswan KLIPS could should + be interoperable with strongswan user space. + Closes: #372267: ITP: strongswan -- second fork of freeswan. + * This upload removes the draft RFCs, as they are not considered free under + the DFSG. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 9 Jul 2006 12:40:34 +0100 + +strongswan (2.7.2-1) unstable; urgency=low + + * New upstream release. This release fixes a potential DoS problem. + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 26 Jun 2006 12:34:43 +0100 + +strongswan (2.7.0-1) unstable; urgency=low + + * Initial Debian packaging of strongswan. This is directly based on my + Debian package of openswan 2.4.5-3. + * Do not compile and ship fswcert right now, because it is not included + in strongswan upstream. If it turns out to be necessary for supporting + easy-to-use OE in the future (i.e. for generating the DNS format for the + public keys from generated X.509 certificates), I will re-add it to the + Debian package. + * Also disabled my patches to use /etc/default instead of /etc/sysconfig for + now. Something like that will be necessary in the future, but those parts + of strongswan differ significanty from openswan. + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 22 May 2006 07:37:00 +0100 + +Local variables: +mode: debian-changelog +End: diff --git a/debian/compat b/debian/compat new file mode 100644 index 000000000..7f8f011eb --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +7 diff --git a/debian/control b/debian/control new file mode 100644 index 000000000..084c7bc34 --- /dev/null +++ b/debian/control @@ -0,0 +1,120 @@ +Source: strongswan +Section: net +Priority: optional +Maintainer: Rene Mayrhofer <rmayr@debian.org> +Standards-Version: 3.9.1 +Vcs-Browser: http://anonscm.debian.org/git/pkg-swn/strongswan.git +Vcs-Git: git://anonscm.debian.org/pkg-swan/strongswan.git +Build-Depends: debhelper (>= 7.1), libtool, libgmp3-dev, + libssl-dev (>= 0.9.8), libcurl4-openssl-dev | libcurl3-dev | libcurl2-dev, + libldap2-dev, libpam0g-dev, libkrb5-dev, bison, flex, bzip2, po-debconf, + hardening-wrapper, network-manager-dev, libfcgi-dev, clearsilver-dev, + libxml2-dev, libsqlite3-dev, network-manager-dev (>= 0.7), + libnm-glib-vpn-dev (>= 0.7), libnm-util-dev (>= 0.7), + gperf, libcap-dev +Homepage: http://www.strongswan.org + +Package: strongswan +Architecture: all +Depends: ${misc:Depends}, strongswan-ikev1, strongswan-ikev2 +Suggests: network-manager-strongswan +Description: IPsec VPN solution metapackage + The strongSwan VPN suite is based on the IPsec stack in standard Linux 2.6 + kernels. It supports both the IKEv1 and IKEv2 protocols. + . + StrongSwan is one of the two remaining forks of the original FreeS/WAN + project and focuses on IKEv2 support, X.509 authentication and complete PKI + support. For a focus on Opportunistic Encryption (OE) and interoperability + with non-standard IPsec features, see Openswan. + . + This metapackage installs the packages required to maintain IKEv1 and IKEv2 + connections via ipsec.conf or ipsec.secrets. + +Package: libstrongswan +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, openssl +Conflicts: strongswan (<< 4.2.12-1) +Description: strongSwan utility and crypto library + StrongSwan is an IPsec-based VPN solution for the Linux kernel. It uses the + native IPsec stack and runs on any recent 2.6 kernel (no patching required). + It supports both IKEv1 and the newer IKEv2 protocols. + . + This package provides the underlying library of charon and other strongSwan + components. It is built in a modular way and is extendable through various + plugins. + +Package: strongswan-dbg +Architecture: any +Section: debug +Priority: extra +Depends: ${misc:Depends}, strongswan, libstrongswan +Description: strongSwan library and binaries - debugging symbols + StrongSwan is an IPsec-based VPN solution for the Linux kernel. It uses the + native IPsec stack and runs on any recent 2.6 kernel (no patching required). + It supports both IKEv1 and the newer IKEv2 protocols. + . + This package provides the symbols needed for debugging of strongswan. + +Package: strongswan-starter +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), strongswan-ikev1 | strongswan-ikev2 +Conflicts: strongswan (<< 4.2.12-1) +Description: strongSwan daemon starter and configuration file parser + StrongSwan is an IPsec-based VPN solution for the Linux kernel. It uses the + native IPsec stack and runs on any recent 2.6 kernel (no patching required). + It supports both IKEv1 and the newer IKEv2 protocols. + . + The starter and the associated "ipsec" script control both pluto and charon + from the command line. It parses ipsec.conf and loads the configurations to + the daemons. While the IKEv2 daemon can use other configuration backends, the + IKEv1 daemon is limited to configurations from ipsec.conf. + +Package: strongswan-ikev1 +Architecture: any +Pre-Depends: debconf | debconf-2.0 +Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), strongswan-starter, bsdmainutils, debianutils (>=1.7), ipsec-tools, host, iproute +Suggests: curl +Provides: ike-server +Conflicts: freeswan (<< 2.04-12), openswan, strongswan (<< 4.2.12-1) +Replaces: openswan +Description: strongSwan Internet Key Exchange (v1) daemon + StrongSwan is an IPsec-based VPN solution for the Linux kernel. It uses the + native IPsec stack and runs on any recent 2.6 kernel (no patching required). + It supports both IKEv1 and the newer IKEv2 protocols. + . + Pluto is an IPsec IKEv1 daemon. It was inherited from the FreeS/WAN + project, but provides improved X.509 certificate support and other features. + . + Pluto can run in parallel with charon, the newer IKEv2 daemon. + +Package: strongswan-ikev2 +Architecture: any +Pre-Depends: debconf | debconf-2.0 +Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), strongswan-starter | strongswan-nm, bsdmainutils, debianutils (>=1.7), ipsec-tools, host, iproute +Suggests: curl +Provides: ike-server +Conflicts: freeswan (<< 2.04-12), openswan, strongswan (<< 4.2.12-1) +Description: strongSwan Internet Key Exchange (v2) daemon + StrongSwan is an IPsec-based VPN solution for the Linux kernel. It uses the + native IPsec stack and runs on any recent 2.6 kernel (no patching required). + It supports both IKEv1 and the newer IKEv2 protocols. + . + Charon is an IPsec IKEv2 daemon. It is + written from scratch using a fully multi-threaded design and a modular + architecture. Various plugins provide additional functionality. + . + This build of charon can run in parallel with pluto, the IKEv1 daemon. + +Package: strongswan-nm +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, strongswan-ikev2 +Recommends: network-manager-strongswan +Description: strongSwan plugin to interact with NetworkManager + StrongSwan is an IPsec-based VPN solution for the Linux kernel. It uses the + native IPsec stack and runs on any recent 2.6 kernel (no patching required). + It supports both IKEv1 and the newer IKEv2 protocols. + . + This plugin provides an interface which allows NetworkManager to configure + and control the IKEv2 daemon directly through D-Bus. It is designed to work + in conjunction with the network-manager-strongswan package, providing + a simple graphical frontend to configure IPsec based VPNs. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 000000000..d0bd31ab9 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,418 @@ +This package was debianized by Rene Mayrhofer <rene.mayrhofer@gibraltar.at> on +Thu, 10 Aug 2000 10:50:33 +0200. + +The Debian package was created from scratch with some hints taken from +previous freeswan packages by Tommi Virtanen and Aaron Johnson. +The upstream software was downloaded from http://www.freeswan.org/ + +After the FreeS/WAN folks decided to cease development, we used the forked +code base at http://www.strongswan.org/. + +This project has multiple authors, please see the file CREDITS for details. +However, all of the code is DFSG-free and, since 2002-09-16, +the LICENSE file in the upstream distribution includes a special GPL addition +to allow linking with libdes (which contains an advertising clause). +This LICENSE file was added to the Debian package of freeswan version 1.98b +by me, but has been authorized by Michael Richardson of freeswan upstream +(who sent the file to a mailing list). + +The contents of this LICENSE file are: +------------------------------------------------------------------------------ +Except for the DES library, this software is under the GNU Public License, +see the file COPYING. + +The DES library is under a BSD style license, see + linux/crypto/ciphers/des/COPYRIGHT. +Note that this software has a advertising clause in it. + +In addition to the terms set out under the GPL, permission is granted to +link the software against the libdes library just mentioned. +------------------------------------------------------------------------------ +A copy of this COPYRIGHT file can be found below, starting with the copyright +by Eric Young. + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. + +Rene Mayrhofer, 2006-08-25 + + + +These are various licenses from the code: + +--8<-- + * Copyright (C) 1996, 1997 John Ioannidis. + * Copyright (C) 1998, 1999 Richard Guy Briggs. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. +--8<-- + +The source tarball also includes several miscellanous libraries. + + + +An MD5 implementation: + +--8<-- +The MD5 implementation is from RSADSI, so this package must include the +following phrase: "derived from the RSA Data Security, Inc. MD5 +Message-Digest Algorithm". It is not under the GPL; see details in +klips/net/ipsec/ipsec_md5c.c. +--8<-- + +--8<-- +/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm + */ + +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All +rights reserved. + +License to copy and use this software is granted provided that it +is identified as the "RSA Data Security, Inc. MD5 Message-Digest +Algorithm" in all material mentioning or referencing this software +or this function. + +License is also granted to make and use derivative works provided +that such works are identified as "derived from the RSA Data +Security, Inc. MD5 Message-Digest Algorithm" in all material +mentioning or referencing the derived work. + +RSA Data Security, Inc. makes no representations concerning either +the merchantability of this software or the suitability of this +software for any particular purpose. It is provided "as is" +without express or implied warranty of any kind. + +These notices must be retained in any copies of any part of this +documentation and/or software. + */ +--8<-- + + + +An implementation of DES: + +--8<-- +The LIBDES library by Eric Young is used. It is not under the GPL -- see +details in libdes/COPYRIGHT -- although he has graciously waived the +advertising clause for FreeS/WAN use of LIBDES. +--8<-- + +--8<-- +Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +All rights reserved. + +This package is an DES implementation written by Eric Young (eay@cryptsoft.com). +The implementation was written so as to conform with MIT's libdes. + +This library is free for commercial and non-commercial use as long as +the following conditions are aheared to. The following conditions +apply to all code found in this distribution. + +Copyright remains Eric Young's, and as such any Copyright notices in +the code are not to be removed. +If this package is used in a product, Eric Young should be given attribution +as the author of that the SSL library. This can be in the form of a textual +message at program startup or in documentation (online or textual) provided +with the package. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by Eric Young (eay@cryptsoft.com) + +THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +The license and distribution terms for any publically available version or +derivative of this code cannot be changed. i.e. this code cannot simply be +copied and put under another distrubution license +[including the GNU Public License.] + +The reason behind this being stated in this direct manner is past +experience in code simply being copied and the attribution removed +from it and then being distributed as part of other packages. This +implementation was a non-trivial and unpaid effort. +--8<-- + +--8<-- +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +--8<-- + +An implementation of SHA-1: + +--8<-- +The SHA-1 code is derived from Steve Reid's; it is public domain. +--8<-- + +--8<-- +/* + * The rest of the code is derived from sha1.c by Steve Reid, which is + * public domain. + * Minor cosmetic changes to accommodate it in the Linux kernel by ji. + */ +--8<-- + + + +Portions of Linux kernel source code: + +--8<-- +Some bits of Linux code, notably drivers/net/new_tunnel.c and net/ipv4/ipip.c, +are used in heavily modified forms. +--8<-- + +The Linux kernel is licensed under the Gnu General Public License. + + + +Radix-tree library: + +--8<-- +The radix-tree code from 4.4BSD is used in a modified form. It is not +under the GPL; see details in klips/net/ipsec/radij.c. +--8<-- + +--8<-- +/* + * Copyright (c) 1988, 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)radix.c 8.2 (Berkeley) 1/4/94 + */ +--8<-- + + +The license from the OpenSSL code that is included in the extension algorithm +patch (the kernel-patch-freeswan-ext package): + +--8<-- + The OpenSSL toolkit stays under a dual license, i.e. both the conditions of + the OpenSSL License and the original SSLeay license apply to the toolkit. + See below for the actual license texts. Actually both licenses are BSD-style + Open Source licenses. In case of any license issues related to OpenSSL + please contact openssl-core@openssl.org. + + OpenSSL License + --------------- + +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + Original SSLeay License + ----------------------- + +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +--8<-- diff --git a/debian/info b/debian/info new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/debian/info diff --git a/debian/ipsec.secrets.proto b/debian/ipsec.secrets.proto new file mode 100644 index 000000000..0fe54b65d --- /dev/null +++ b/debian/ipsec.secrets.proto @@ -0,0 +1,11 @@ +# This file holds shared secrets or RSA private keys for inter-Pluto +# authentication. See ipsec_pluto(8) manpage, and HTML documentation. + +# RSA private key for this host, authenticating it to any other host +# which knows the public part. Suitable public keys, for ipsec.conf, DNS, +# or configuration of other implementations, can be extracted conveniently +# with "ipsec showhostkey". + +# this file is managed with debconf and will contain the automatically created private key +include /var/lib/strongswan/ipsec.secrets.inc + diff --git a/debian/libstrongswan.dirs b/debian/libstrongswan.dirs new file mode 100644 index 000000000..3550fea6f --- /dev/null +++ b/debian/libstrongswan.dirs @@ -0,0 +1,6 @@ +/etc/logcheck/ignore.d.paranoid +/etc/logcheck/ignore.d.server +/etc/logcheck/ignore.d.workstation +/etc/logcheck/violations.ignore.d +/usr/share/lintian/overrides +/usr/lib/ipsec/plugins diff --git a/debian/libstrongswan.install b/debian/libstrongswan.install new file mode 100644 index 000000000..0fee520d5 --- /dev/null +++ b/debian/libstrongswan.install @@ -0,0 +1,38 @@ +usr/lib/libstrongswan.so* usr/lib/ +usr/lib/libhydra.so* usr/lib/ +usr/lib/libfast.so* usr/lib/ +usr/lib/ipsec/libchecksum.so* usr/lib/ipsec/ +usr/lib/ipsec/plugins/libstrongswan-gmp.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-openssl.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-x509.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-pkcs11.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-pgp.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-pem.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-pkcs1.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-pubkey.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-hmac.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-xcbc.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-random.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-aes.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-des.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-xcbc.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-ctr.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-ccm.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-gcm.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-led.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-addrblock.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-md5.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-sha1.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-sha2.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-dhcp.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-dnskey.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-farp.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-fips-prf.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-resolve.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-sql.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-ha.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-xauth.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-revocation.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-constraints.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-test-vectors.so* usr/lib/ipsec/plugins/ +etc/strongswan.conf etc/ diff --git a/debian/libstrongswan.lintian-overrides b/debian/libstrongswan.lintian-overrides new file mode 100644 index 000000000..eec04b42c --- /dev/null +++ b/debian/libstrongswan.lintian-overrides @@ -0,0 +1,2 @@ +libstrongswan: package-name-doesnt-match-sonames libchecksum libfast0 libhydra0 libstrongswan0 +libstrongswan: possible-gpl-code-linked-with-openssl diff --git a/debian/logcheck.ignore.paranoid b/debian/logcheck.ignore.paranoid new file mode 100644 index 000000000..ca6c97dde --- /dev/null +++ b/debian/logcheck.ignore.paranoid @@ -0,0 +1,20 @@ +ipsec_setup: KLIPS debug \`none\' +ipsec_setup: Stopping FreeS/WAN IPsec\.\.\. +ipsec_setup: stop ordered +ipsec_setup: doing cleanup anywan... +ipsec_setup: \.\.\.FreeS/WAN IPsec stopped +ipsec_setup: Starting FreeS/WAN IPsec +ipsec_setup: \.\.\.FreeS/WAN IPsec started +ipsec_plutorun: .*: initiate +pluto.*: deleting state +pluto.*: forgetting secrets +pluto.*: shutting down +pluto.*: \| +pluto.*: .* bytes loaded +pluto.*: including X\.509 patch +pluto.*: Loading my X\.509 certificate +pluto.*: Starting pluto +pluto.*: adding interface +pluto.*: listening for IKE messages +pluto.*: loading secrets +pluto.*: regenerating DH private secret diff --git a/debian/logcheck.ignore.server b/debian/logcheck.ignore.server new file mode 100644 index 000000000..7ab04c524 --- /dev/null +++ b/debian/logcheck.ignore.server @@ -0,0 +1,25 @@ +ipsec_setup: KLIPS debug \`none\' +ipsec_setup: Stopping FreeS/WAN IPsec\.\.\. +ipsec_setup: stop ordered +ipsec_setup: doing cleanup anywan... +ipsec_setup: \.\.\.FreeS/WAN IPsec stopped +ipsec_setup: Starting FreeS/WAN IPsec +ipsec_setup: \.\.\.FreeS/WAN IPsec started +ipsec_plutorun: .*: initiate +pluto.*: deleting state +pluto.*: forgetting secrets +pluto.*: shutting down +pluto.*: \| +pluto.*: .* bytes loaded +pluto.*: including X\.509 patch +pluto.*: Loading my X\.509 certificate +pluto.*: Starting pluto +pluto.*: added connection description +pluto.*: adding interface +pluto.*: listening for IKE messages +pluto.*: loading secrets +pluto.*: .* SA established +pluto.*: .* SA expired +pluto.*: replacing stale .* SA +pluto.*: initiating Quick Mode +pluto.*: regenerating DH private secret diff --git a/debian/logcheck.violations.ignore b/debian/logcheck.violations.ignore new file mode 100644 index 000000000..1a190fc28 --- /dev/null +++ b/debian/logcheck.violations.ignore @@ -0,0 +1 @@ +ipsec_setup: KLIPS debug `none' diff --git a/debian/patches/0001-Added-support-for-the-resolvconf-framework-in-resolv.patch b/debian/patches/0001-Added-support-for-the-resolvconf-framework-in-resolv.patch new file mode 100644 index 000000000..f3a2d92db --- /dev/null +++ b/debian/patches/0001-Added-support-for-the-resolvconf-framework-in-resolv.patch @@ -0,0 +1,312 @@ +From 1ad1c0f41311296d22fa183a7b7cba0b97dc03b3 Mon Sep 17 00:00:00 2001 +From: Tobias Brunner <tobias@strongswan.org> +Date: Mon, 26 Mar 2012 15:00:14 +0200 +Subject: [PATCH] Added support for the resolvconf framework in resolve plugin. + +If /sbin/resolvconf is found nameservers are not written directly to +/etc/resolv.conf but instead resolvconf is invoked. +--- + src/libhydra/plugins/resolve/resolve_handler.c | 201 ++++++++++++++++++------ + 1 files changed, 149 insertions(+), 52 deletions(-) + +diff --git a/src/libhydra/plugins/resolve/resolve_handler.c b/src/libhydra/plugins/resolve/resolve_handler.c +index feb2fd0..21bc3af 100644 +--- a/src/libhydra/plugins/resolve/resolve_handler.c ++++ b/src/libhydra/plugins/resolve/resolve_handler.c +@@ -1,4 +1,5 @@ + /* ++ * Copyright (C) 2012 Tobias Brunner + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * +@@ -15,12 +16,20 @@ + + #include "resolve_handler.h" + ++#include <sys/types.h> ++#include <sys/stat.h> + #include <unistd.h> + + #include <hydra.h> + #include <debug.h> + #include <threading/mutex.h> + ++/* path to resolvconf executable */ ++#define RESOLVCONF_EXEC "/sbin/resolvconf" ++ ++/* prefix used for resolvconf interfaces */ ++#define RESOLVCONF_PREFIX "lo.inet.ipsec." ++ + typedef struct private_resolve_handler_t private_resolve_handler_t; + + /** +@@ -39,49 +48,35 @@ struct private_resolve_handler_t { + char *file; + + /** ++ * use resolvconf instead of writing directly to resolv.conf ++ */ ++ bool use_resolvconf; ++ ++ /** + * Mutex to access file exclusively + */ + mutex_t *mutex; + }; + + /** +- * Implementation of attribute_handler_t.handle ++ * Writes the given nameserver to resolv.conf + */ +-static bool handle(private_resolve_handler_t *this, identification_t *server, +- configuration_attribute_type_t type, chunk_t data) ++static bool write_nameserver(private_resolve_handler_t *this, ++ identification_t *server, host_t *addr) + { + FILE *in, *out; + char buf[1024]; +- host_t *addr; + size_t len; + bool handled = FALSE; + +- switch (type) +- { +- case INTERNAL_IP4_DNS: +- addr = host_create_from_chunk(AF_INET, data, 0); +- break; +- case INTERNAL_IP6_DNS: +- addr = host_create_from_chunk(AF_INET6, data, 0); +- break; +- default: +- return FALSE; +- } +- +- if (!addr || addr->is_anyaddr(addr)) +- { +- DESTROY_IF(addr); +- return FALSE; +- } +- this->mutex->lock(this->mutex); +- + in = fopen(this->file, "r"); + /* allows us to stream from in to out */ + unlink(this->file); + out = fopen(this->file, "w"); + if (out) + { +- fprintf(out, "nameserver %H # by strongSwan, from %Y\n", addr, server); ++ fprintf(out, "nameserver %H # by strongSwan, from %Y\n", addr, ++ server); + DBG1(DBG_IKE, "installing DNS server %H to %s", addr, this->file); + handled = TRUE; + +@@ -99,40 +94,17 @@ static bool handle(private_resolve_handler_t *this, identification_t *server, + { + fclose(in); + } +- this->mutex->unlock(this->mutex); +- addr->destroy(addr); +- +- if (!handled) +- { +- DBG1(DBG_IKE, "adding DNS server failed", this->file); +- } + return handled; + } + + /** +- * Implementation of attribute_handler_t.release ++ * Removes the given nameserver from resolv.conf + */ +-static void release(private_resolve_handler_t *this, identification_t *server, +- configuration_attribute_type_t type, chunk_t data) ++static void remove_nameserver(private_resolve_handler_t *this, ++ identification_t *server, host_t *addr) + { + FILE *in, *out; + char line[1024], matcher[512]; +- host_t *addr; +- int family; +- +- switch (type) +- { +- case INTERNAL_IP4_DNS: +- family = AF_INET; +- break; +- case INTERNAL_IP6_DNS: +- family = AF_INET6; +- break; +- default: +- return; +- } +- +- this->mutex->lock(this->mutex); + + in = fopen(this->file, "r"); + if (in) +@@ -142,7 +114,6 @@ static void release(private_resolve_handler_t *this, identification_t *server, + out = fopen(this->file, "w"); + if (out) + { +- addr = host_create_from_chunk(family, data, 0); + snprintf(matcher, sizeof(matcher), + "nameserver %H # by strongSwan, from %Y\n", + addr, server); +@@ -160,13 +131,133 @@ static void release(private_resolve_handler_t *this, identification_t *server, + fputs(line, out); + } + } +- addr->destroy(addr); + fclose(out); + } + fclose(in); + } ++} + ++/** ++ * Add or remove the given nameserver by invoking resolvconf. ++ */ ++static bool invoke_resolvconf(private_resolve_handler_t *this, ++ identification_t *server, host_t *addr, ++ bool install) ++{ ++ char cmd[128]; ++ ++ /* we use the nameserver's IP address as part of the interface name to ++ * make them unique */ ++ if (snprintf(cmd, sizeof(cmd), "%s %s %s%H", RESOLVCONF_EXEC, ++ install ? "-a" : "-d", RESOLVCONF_PREFIX, addr) >= sizeof(cmd)) ++ { ++ return FALSE; ++ } ++ ++ if (install) ++ { ++ FILE *out; ++ ++ out = popen(cmd, "w"); ++ if (!out) ++ { ++ return FALSE; ++ } ++ DBG1(DBG_IKE, "installing DNS server %H via resolvconf", addr); ++ fprintf(out, "nameserver %H # by strongSwan, from %Y\n", addr, ++ server); ++ if (ferror(out) || pclose(out)) ++ { ++ return FALSE; ++ } ++ } ++ else ++ { ++ ignore_result(system(cmd)); ++ } ++ return TRUE; ++} ++ ++/** ++ * Implementation of attribute_handler_t.handle ++ */ ++static bool handle(private_resolve_handler_t *this, identification_t *server, ++ configuration_attribute_type_t type, chunk_t data) ++{ ++ host_t *addr; ++ bool handled; ++ ++ switch (type) ++ { ++ case INTERNAL_IP4_DNS: ++ addr = host_create_from_chunk(AF_INET, data, 0); ++ break; ++ case INTERNAL_IP6_DNS: ++ addr = host_create_from_chunk(AF_INET6, data, 0); ++ break; ++ default: ++ return FALSE; ++ } ++ ++ if (!addr || addr->is_anyaddr(addr)) ++ { ++ DESTROY_IF(addr); ++ return FALSE; ++ } ++ ++ this->mutex->lock(this->mutex); ++ if (this->use_resolvconf) ++ { ++ handled = invoke_resolvconf(this, server, addr, TRUE); ++ } ++ else ++ { ++ handled = write_nameserver(this, server, addr); ++ } + this->mutex->unlock(this->mutex); ++ addr->destroy(addr); ++ ++ if (!handled) ++ { ++ DBG1(DBG_IKE, "adding DNS server failed"); ++ } ++ return handled; ++} ++ ++/** ++ * Implementation of attribute_handler_t.release ++ */ ++static void release(private_resolve_handler_t *this, identification_t *server, ++ configuration_attribute_type_t type, chunk_t data) ++{ ++ host_t *addr; ++ int family; ++ ++ switch (type) ++ { ++ case INTERNAL_IP4_DNS: ++ family = AF_INET; ++ break; ++ case INTERNAL_IP6_DNS: ++ family = AF_INET6; ++ break; ++ default: ++ return; ++ } ++ addr = host_create_from_chunk(family, data, 0); ++ ++ this->mutex->lock(this->mutex); ++ if (this->use_resolvconf) ++ { ++ invoke_resolvconf(this, server, addr, FALSE); ++ } ++ else ++ { ++ remove_nameserver(this, server, addr); ++ } ++ this->mutex->unlock(this->mutex); ++ ++ addr->destroy(addr); + } + + /** +@@ -237,6 +328,7 @@ static void destroy(private_resolve_handler_t *this) + resolve_handler_t *resolve_handler_create() + { + private_resolve_handler_t *this = malloc_thing(private_resolve_handler_t); ++ struct stat st; + + this->public.handler.handle = (bool(*)(attribute_handler_t*, identification_t*, configuration_attribute_type_t, chunk_t))handle; + this->public.handler.release = (void(*)(attribute_handler_t*, identification_t*, configuration_attribute_type_t, chunk_t))release; +@@ -247,6 +339,11 @@ resolve_handler_t *resolve_handler_create() + this->file = lib->settings->get_str(lib->settings, + "%s.plugins.resolve.file", RESOLV_CONF, hydra->daemon); + ++ if (stat(RESOLVCONF_EXEC, &st) == 0) ++ { ++ this->use_resolvconf = TRUE; ++ } ++ + return &this->public; + } + +-- +1.7.4.1 + diff --git a/debian/patches/0001-Fix-boolean-return-value-if-an-empty-RSA-signature-i.patch b/debian/patches/0001-Fix-boolean-return-value-if-an-empty-RSA-signature-i.patch new file mode 100644 index 000000000..984696de9 --- /dev/null +++ b/debian/patches/0001-Fix-boolean-return-value-if-an-empty-RSA-signature-i.patch @@ -0,0 +1,27 @@ +From 5a858c3197bbda9acda5289003e9015bef560dc7 Mon Sep 17 00:00:00 2001 +From: Martin Willi <martin@revosec.ch> +Date: Mon, 7 May 2012 13:51:46 +0200 +Subject: [PATCH] Fix boolean return value if an empty RSA signature is + detected in gmp plugin + +--- + src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +index a7ba801..898892f 100644 +--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c ++++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +@@ -137,7 +137,7 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, + + if (signature.len == 0 || signature.len > this->k) + { +- return INVALID_ARG; ++ return FALSE; + } + + /* unpack signature */ +-- +1.7.5.4 + + diff --git a/debian/patches/0001-fix-fprintf-format.patch b/debian/patches/0001-fix-fprintf-format.patch new file mode 100644 index 000000000..24ec36a82 --- /dev/null +++ b/debian/patches/0001-fix-fprintf-format.patch @@ -0,0 +1,15 @@ +Description: Fix FTBFS with gcc 4.6 +Author: Laurent Bigonville <bigon@debian.org> +Bug-Debian: http://bugs.debian.org/614486 + +--- a/src/libcharon/plugins/stroke/stroke_ca.c ++++ b/src/libcharon/plugins/stroke/stroke_ca.c +@@ -319,7 +319,7 @@ + { + if (first) + { +- fprintf(out, label); ++ fprintf(out, "%s", label); + first = FALSE; + } + else diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 000000000..0a5a7c8de --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,3 @@ +0001-fix-fprintf-format.patch +0001-Fix-boolean-return-value-if-an-empty-RSA-signature-i.patch +0001-Added-support-for-the-resolvconf-framework-in-resolv.patch diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in new file mode 100644 index 000000000..d98f2ea90 --- /dev/null +++ b/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] strongswan-starter.templates diff --git a/debian/po/cs.po b/debian/po/cs.po new file mode 100644 index 000000000..abaab5d9a --- /dev/null +++ b/debian/po/cs.po @@ -0,0 +1,830 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# Developers do not need to manually edit POT or PO files. +# +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2010-08-16 14:23+0200\n" +"PO-Revision-Date: 2010-10-16 13:09+0200\n" +"Last-Translator: Miroslav Kure <kurem@debian.cz>\n" +"Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n" +"Language: cs\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Stará správa bÄ›hových úrovnà je pÅ™ekonána." + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"DÅ™ÃvÄ›jÅ¡Ã verze balÃku strongSwan dávaly na výbÄ›r mezi tÅ™emi různými Start/" +"Stop úrovnÄ›mi. DÃky zmÄ›nám ve způsobu zavádÄ›nà systému to již nenà nutné a " +"ani užiteÄné. Novým i stávajÃcÃm instalacÃm použÃvajÃcÃm nÄ›kterou ze třà " +"pÅ™edefinovaných úrovnà budou nynà automaticky nastaveny rozumné výchozà " +"úrovnÄ›. PÅ™echázÃte-li z dÅ™ÃvÄ›jÅ¡Ã verze strongSwanu, u které jste si " +"upravovali startovacà parametry, podÃvejte se prosÃm do souboru NEWS.Debian, " +"kde naleznete pokyny, jak si pÅ™ÃsluÅ¡nÄ› upravit nastavenÃ." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Restartovat nynà strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Restartovánà strongSwan je dobrý nápad, protože v pÅ™ÃpadÄ›, že aktualizace " +"obsahuje bezpeÄnostnà záplatu, nebude tato funkÄnÃ, dokud se démon " +"nerestartuje. VÄ›tÅ¡ina lidà s restartem daemona poÄÃtá, nicménÄ› je možné, že " +"tÃm budou existujÃcà spojenà ukonÄena a následnÄ› znovu nahozena. Pokud tuto " +"aktualizaci provádÃte pÅ™es takovýto strongSwan tunel, restart nedoporuÄujeme." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's IKEv1 daemon?" +msgstr "Spustit strongSwan daemon IKEv1?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The pluto daemon must be running to support version 1 of the Internet Key " +"Exchange protocol." +msgstr "" +"Pro podporu 1. verze protokolu Internet Key Exchange musà běžet daemon pluto." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Start strongSwan's IKEv2 daemon?" +msgstr "Spustit strongSwan daemon IKEv2?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"The charon daemon must be running to support version 2 of the Internet Key " +"Exchange protocol." +msgstr "" +"Pro podporu 2. verze protokolu Internet Key Exchange musà běžet daemon " +"charon." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "Use an X.509 certificate for this host?" +msgstr "PoužÃt pro tento poÄÃtaÄ certifikát X.509?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Pro tento poÄÃtaÄ můžete automaticky vytvoÅ™it nebo importovat certifikát " +"X.509. Certifikát může být využit k autentizaci IPsec spojenà na dalÅ¡Ã " +"poÄÃtaÄe a je upÅ™ednostňovaným způsobem pro sestavovánà bezpeÄných IPsec " +"spojenÃ. DalÅ¡Ã možnostà autentizace je využità sdÃlených tajemstvà (hesel, " +"která jsou stejná na obou stranách tunelu), ale pro vÄ›tÅ¡Ã poÄet spojenà je " +"RSA autentizace snazÅ¡Ã na správu a mnohem bezpeÄnÄ›jÅ¡Ã." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"AlternativnÄ› můžete tuto nabÃdku zamÃtnout a pozdÄ›ji se k nà vrátit pÅ™Ãkazem " +"„dpkg-reconfigure strongswan“." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "create" +msgstr "vytvoÅ™it" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "import" +msgstr "importovat" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "ZÃskánà certifikátu X.509 pro autentizaci tohoto poÄÃtaÄe:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Pro autentizaci IPsec spojenà můžete buÄ vytvoÅ™it nový certifikát X.509 na " +"základÄ› zadaných parametrů, nebo můžete naimportovat veÅ™ejný/soukromý pár " +"klÃÄů uložený v PEM souboru." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Rozhodnete-li se pro vytvoÅ™enà nového certifikátu X.509, budete nejprve " +"dotázáni na Å™adu otázek. Pokud chcete podepsat veÅ™ejný klÃÄ stávajÃcà " +"certifikaÄnà autoritou, nesmÃte zvolit certifikát podepsaný sám sebou a také " +"zadané odpovÄ›di musà splňovat požadavky dané certifikaÄnà autority. " +"NesplnÄ›nà požadavků může vést k zamÃtnutà požadavku na certifikát." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"ZvolÃte-li import stávajÃcÃho veÅ™ejného/soukromého páru klÃÄů, budete " +"dotázáni na názvy souborů, ve kterých se klÃÄe nacházà (může se také jednat " +"o jediný soubor, protože obÄ› Äásti mohou ležet v jednom souboru). VolitelnÄ› " +"můžete také zadat jméno souboru s veÅ™ejným klÃÄem certifikaÄnà autority, ale " +"zde to již musà být jiný soubor. MÄ›jte prosÃm na pamÄ›ti, že certifikát X.509 " +"musà být ve formátu PEM a že soukromý klÃÄ nesmà být zaÅ¡ifrován, jinak " +"import selže." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Jméno souboru s certifikátem X.509 ve formátu PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Zadejte cestu k souboru obsahujÃcÃmu váš certifikát X.509 ve formátu PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Jméno souboru se soukromým klÃÄem X.509 ve formátu PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Zadejte cestu k souboru obsahujÃcÃmu soukromý RSA klÃÄ odpovÃdajÃcà vaÅ¡emu " +"certifikátu X.509 ve formátu PEM. Může to být stejný soubor jako ten, ve " +"kterém se nacházà certifikát X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Jméno souboru s koÅ™enovou certifikaÄnà autoritou X.509 ve formátu PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Nynà můžete zadat cestu k souboru obsahujÃcÃmu certifikaÄnà autoritu X.509, " +"kterou použÃváte pro podpis svých certifikátů ve formátu PEM. Pokud takovou " +"certifikaÄnà autoritu nemáte, nebo ji nechcete použÃt, ponechte prázdné. " +"KoÅ™enovou certifikaÄnà autoritu nelze uchovávat ve stejném souboru se " +"soukromým klÃÄem nebo certifikátem X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Zadejte délku vytvářeného RSA klÃÄe:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Zadejte délku vytvářeného RSA klÃÄe. Kvůli bezpeÄnosti by nemÄ›la být menÅ¡Ã " +"než 1024 bitů a pravdÄ›podobnÄ› nepotÅ™ebujete vÃc než 4096 bitů, protože to " +"již jen zpomaluje proces autentizace." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Create a self-signed X.509 certificate?" +msgstr "VytvoÅ™it certifikát X.509 podepsaný sám sebou?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Tento instalátor může automaticky vytvoÅ™it pouze certifikát X509 podepsaný " +"sám sebou, jelikož v opaÄném pÅ™ÃpadÄ› je k podpisu certifikátu potÅ™eba " +"certifikaÄnà autorita. Tento certifikát můžete ihned použÃt k pÅ™ipojenà na " +"dalÅ¡Ã poÄÃtaÄe s IPsec, které podporujà autentizaci pomocà certifikátu X509. " +"NicménÄ› chcete-li využÃt PKI možnostà strongSwanu, budete k vytvoÅ™enà " +"důvÄ›ryhodných cest potÅ™ebovat podepsat vÅ¡echny certifikáty X509 jedinou " +"certifikaÄnà autoritou." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Jestliže nechcete vytvoÅ™it certifikát podepsaný sebou samým, vytvořà se " +"pouze soukromý RSA klÃÄ a požadavek na certifikát. Vy potom musÃte podepsat " +"požadavek svou certifikaÄnà autoritou." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "Country code for the X.509 certificate request:" +msgstr "Kód státu pro požadavek na certifikát X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Zadejte dvojpÃsmenný kód státu, ve kterém se server nacházà (napÅ™Ãklad „CZ“ " +"pro ÄŒeskou republiku)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"Nezadáte-li platný kód zemÄ› dle ISO-3166, OpenSSL odmÃtne certifikát " +"vygenerovat. Prázdné pole je dovoleno ve vÅ¡ech ostatnÃch polÃch certifikátu " +"X.509 kromÄ› tohoto." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Jméno zemÄ› nebo oblasti pro požadavek na certifikát X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Zadejte celé jméno zemÄ› nebo oblasti, ve které se server nacházà (napÅ™Ãklad " +"„Morava“)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Jméno lokality pro požadavek na certifikát X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Zadejte jméno lokality, ve které se server nacházà (Äasto mÄ›sto, napÅ™Ãklad " +"„Olomouc“)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Název organizace pro požadavek na certifikát X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "Zadejte název organizace, které server patřà (napÅ™Ãklad „Debian“)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Název organizaÄnà jednotky pro požadavek na certifikát X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Zadejte název organizaÄnà jednotky, které server patřà (napÅ™Ãklad „oddÄ›lenà " +"pro odhalovánà daňových úniků“)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Obecné jméno pro požadavek na certifikát X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Zadejte obecné jméno (CN) tohoto poÄÃtaÄe (napÅ™Ãklad „cloud.example.org“)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Email address for the X.509 certificate request:" +msgstr "Emailová adresa pro požadavek na certifikát X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Zadejte emailovou adresu osoby nebo organizace zodpovÄ›dné za certifikát " +"X.509." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "Enable opportunistic encryption?" +msgstr "Povolit oportunistické Å¡ifrovánÃ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Tato verze strongSwan podporuje oportunistické Å¡ifrovánà (OE), které " +"uchovává autentizaÄnà informace IPsecu (napÅ™. veÅ™ejné RSA klÃÄe) v DNS " +"záznamech. Dokud nebude tato schopnost vÃce rozÅ¡ÃÅ™ena, způsobà jejà aktivace " +"výrazné zpomalenà každého nového odchozÃho spojenÃ." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the pluto daemon " +"starts." +msgstr "" +"Oportunistické Å¡ifrovánà byste mÄ›li povolit pouze v pÅ™ÃpadÄ›, že ho opravdu " +"chcete. PÅ™i startu daemona pluto je možné, že se vaÅ¡e probÃhajÃcà spojenà do " +"Internetu pÅ™eruÅ¡Ã (pÅ™esnÄ›ji pÅ™estane fungovat výchozà cesta)." + +#~ msgid "Do you wish to restart strongSwan?" +#~ msgstr "PÅ™ejete si restartovat strongSwan?" + +#~ msgid "Please enter the location of your X509 certificate in PEM format:" +#~ msgstr "" +#~ "Zadejte cestu k souboru obsahujÃcÃmu váš certifikát X.509 ve formátu PEM." + +#~ msgid "Please enter the location of your X509 private key in PEM format:" +#~ msgstr "" +#~ "Zadejte cestu k souboru obsahujÃcÃmu váš certifikát X.509 ve formátu PEM." + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "You may now enter the location of your X509 RootCA in PEM format:" +#~ msgstr "" +#~ "Zadejte celou cestu k souboru obsahujÃcÃmu váš certifikát X.509 ve " +#~ "formátu PEM." + +#~ msgid "" +#~ "Please enter the 2 letter country code for your country. This code will " +#~ "be placed in the certificate request." +#~ msgstr "" +#~ "Zadejte dvoumÃstný ISO3166 kód své zemÄ›. Tento kód bude umÃstÄ›n do " +#~ "požadavku na certifikát." + +#~ msgid "Example: AT" +#~ msgstr "PÅ™Ãklad: CZ" + +#~ msgid "Example: Upper Austria" +#~ msgstr "PÅ™Ãklad: Morava" + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization (e.g. company) that the X509 certificate " +#~| "should be created for. This name will be placed in the certificate " +#~| "request." +#~ msgid "" +#~ "Please enter the locality (e.g. city) where you live. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Zadejte prosÃm organizaci pro kterou je certifikát vytvářen. Toto jméno " +#~ "bude umÃstÄ›no do požadavku na certifikát." + +#~ msgid "Example: Vienna" +#~ msgstr "PÅ™Ãklad: Olomouc" + +#~ msgid "" +#~ "Please enter the organization (e.g. company) that the X509 certificate " +#~ "should be created for. This name will be placed in the certificate " +#~ "request." +#~ msgstr "" +#~ "Zadejte prosÃm organizaci pro kterou je certifikát vytvářen. Toto jméno " +#~ "bude umÃstÄ›no do požadavku na certifikát." + +#~ msgid "Example: Debian" +#~ msgstr "PÅ™Ãklad: Debian" + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization (e.g. company) that the X509 certificate " +#~| "should be created for. This name will be placed in the certificate " +#~| "request." +#~ msgid "" +#~ "Please enter the organizational unit (e.g. section) that the X509 " +#~ "certificate should be created for. This name will be placed in the " +#~ "certificate request." +#~ msgstr "" +#~ "Zadejte prosÃm organizaci pro kterou je certifikát vytvářen. Toto jméno " +#~ "bude umÃstÄ›no do požadavku na certifikát." + +#~ msgid "Example: security group" +#~ msgstr "PÅ™Ãklad: bezpeÄnostnà oddÄ›lenÃ" + +#~ msgid "Example: gateway.debian.org" +#~ msgstr "PÅ™Ãklad: gateway.debian.org" + +#~ msgid "earliest" +#~ msgstr "co nejdÅ™Ãve" + +#~ msgid "after NFS" +#~ msgstr "po NFS" + +#~ msgid "after PCMCIA" +#~ msgstr "po PCMCIA" + +#~ msgid "When to start strongSwan:" +#~ msgstr "Kdy spustit strongSwan:" + +#~ msgid "" +#~ "StrongSwan starts during system startup so that it can protect " +#~ "filesystems that are automatically mounted." +#~ msgstr "" +#~ "strongSwan se spouÅ¡tà pÅ™i zavádÄ›nà systému, takže může chránit " +#~ "automaticky pÅ™ipojované souborové systémy." + +#~ msgid "" +#~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" +#~ " PCMCIA network card, it is best to start strongSwan as soon as\n" +#~ " possible, so that NFS mounts can be secured by IPSec;\n" +#~ " * after NFS: recommended when /usr is mounted through NFS and no\n" +#~ " PCMCIA network card is used;\n" +#~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" +#~ " network card or if it needs keys to be fetched from a locally running " +#~ "DNS\n" +#~ " server with DNSSec support." +#~ msgstr "" +#~ " * co nejdÅ™Ãve: pokud nenà /usr pÅ™ipojeno pÅ™es NFS a nepoužÃváte\n" +#~ " sÃÅ¥ovou kartu PCMCIA, je lepÅ¡Ã spustit strongSwan co nejdÅ™Ãve,\n" +#~ " aby bylo NFS chránÄ›no pomocà IPSec;\n" +#~ " * po NFS: doporuÄeno, pokud je /usr pÅ™ipojeno pÅ™es NFS a pokud\n" +#~ " nepoužÃváte sÃÅ¥ovou kartu PCMCIA;\n" +#~ " * po PCMCIA: doporuÄeno pokud IPSec spojenà použÃvá sÃÅ¥ovou kartu\n" +#~ " PCMCIA, nebo pokud vyžaduje staženà klÃÄů z lokálnÄ› běžÃcÃho DNS\n" +#~ " serveru s podporou DNSSec." + +#~ msgid "" +#~ "If you don't restart strongSwan now, you should do so manually at the " +#~ "first opportunity." +#~ msgstr "" +#~ "Pokud nerestartujete strongSwan nynÃ, mÄ›li byste to provést pÅ™i nejbližšà " +#~ "pÅ™Ãležitosti." + +#~ msgid "Create an RSA public/private keypair for this host?" +#~ msgstr "VytvoÅ™it veÅ™ejný/soukromý pár RSA klÃÄů pro tento poÄÃtaÄ?" + +#~ msgid "" +#~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " +#~ "authenticate IPSec connections to other hosts. RSA authentication is " +#~ "generally considered more secure and is easier to administer. You can use " +#~ "PSK and RSA authentication simultaneously." +#~ msgstr "" +#~ "strongSwan může pro autentizaci IPSec spojenà s jinými poÄÃtaÄi použÃvat " +#~ "pÅ™edsdÃlený klÃÄ (PSK), nebo veÅ™ejný/soukromý pár RSA klÃÄů. RSA " +#~ "autentizace se považuje za bezpeÄnÄ›jÅ¡Ã a jednoduÅ¡Å¡Ã na správu. " +#~ "Autentizace PSK a RSA můžete použÃvat souÄasnÄ›." + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Jestliže si nepÅ™ejete vytvoÅ™it nový pár klÃÄů pro tento poÄÃtaÄ, můžete " +#~ "si v pÅ™ÃÅ¡tÃm kroku zvolit existujÃcà klÃÄe." + +#~ msgid "" +#~ "The required information can automatically be extracted from an existing " +#~ "X.509 certificate with a matching RSA private key. Both parts can be in " +#~ "one file, if it is in PEM format. You should choose this option if you " +#~ "have such an existing certificate and key file and want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "PotÅ™ebné informace lze zÃskat automaticky z existujÃcÃho certifikátu " +#~ "X.509 s odpovÃdajÃcÃm soukromým RSA klÃÄem. Jedná-li se o formát PEM, " +#~ "mohou být obÄ› Äásti v jednom souboru. VlastnÃte-li takový certifikát a " +#~ "soubor s klÃÄem a chcete-li je použÃt pro autentizaci IPSec spojenÃ, " +#~ "odpovÄ›zte kladnÄ›." + +#~ msgid "RSA key length:" +#~ msgstr "Délka RSA klÃÄe:" + +#~ msgid "" +#~ "Please enter the length of RSA key you wish to generate. A value of less " +#~ "than 1024 bits is not considered secure. A value of more than 2048 bits " +#~ "will probably affect performance." +#~ msgstr "" +#~ "Zadejte prosÃm délku vytvářeného RSA klÃÄe. Z důvodu bezpeÄnosti by " +#~ "nemÄ›la být menÅ¡Ã než 1024 bitů. Hodnota vÄ›tÅ¡Ã než 2048 bitů může ovlivnit " +#~ "výkon." + +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a certificate authority is needed to sign the certificate " +#~ "request." +#~ msgstr "" +#~ "Automaticky lze vytvoÅ™it pouze certifikát podepsaný sám sebou, protože " +#~ "jinak je zapotÅ™ebà certifikaÄnà autorita, která by podepsala požadavek na " +#~ "certifikát." + +#~ msgid "" +#~ "If you accept this option, the certificate created can be used " +#~ "immediately to connect to other IPSec hosts that support authentication " +#~ "via an X.509 certificate. However, using strongSwan's PKI features " +#~ "requires a trust path to be created by having all X.509 certificates " +#~ "signed by a single authority." +#~ msgstr "" +#~ "OdpovÃte-li kladnÄ›, můžete nový certifikát ihned použÃt k pÅ™ipojenà na " +#~ "dalÅ¡Ã poÄÃtaÄe s IPSec, které podporujà autentizaci pomocà certifikátu " +#~ "X.509. NicménÄ› pro využità PKI možnostà ve strongSwanu je nutné, aby byly " +#~ "vÅ¡echny certifikáty v cestÄ› důvÄ›ry podepsány stejnou autoritou." + +#~ msgid "" +#~ "This field is mandatory; otherwise a certificate cannot be generated." +#~ msgstr "Toto pole je povinné, bez nÄ›j nenà možné certifikát vytvoÅ™it." + +#~ msgid "" +#~ "Please enter the locality name (often a city) that should be used in the " +#~ "certificate request." +#~ msgstr "" +#~ "Zadejte jméno lokality (napÅ™. mÄ›sta), které se má použÃt v požadavku na " +#~ "certifikát." + +#~ msgid "" +#~ "Please enter the organization name (often a company) that should be used " +#~ "in the certificate request." +#~ msgstr "" +#~ "Zadejte název organizace (firmy), který se má použÃt v požadavku na " +#~ "certifikát." + +#~ msgid "" +#~ "Please enter the organizational unit name (often a department) that " +#~ "should be used in the certificate request." +#~ msgstr "" +#~ "Zadejte název organizaÄnà jednotky (napÅ™. oddÄ›lenÃ), který se má použÃt v " +#~ "požadavku na certifikát." + +#~ msgid "" +#~ "Please enter the common name (such as the host name of this machine) that " +#~ "should be used in the certificate request." +#~ msgstr "" +#~ "Zadejte běžné jméno (napÅ™. jméno poÄÃtaÄe), které se má použÃt v " +#~ "požadavku na certifikát." + +#~ msgid "earliest, \"after NFS\", \"after PCMCIA\"" +#~ msgstr "\"co nejdÅ™Ãve\", \"po NFS\", \"po PCMCIA\"" + +#~ msgid "" +#~ "There are three possibilities when strongSwan can start: before or after " +#~ "the NFS services and after the PCMCIA services. The correct answer " +#~ "depends on your specific setup." +#~ msgstr "" +#~ "Existujà tÅ™i možnosti, kdy se dá strongSwan spouÅ¡tÄ›t: pÅ™ed NFS službami, " +#~ "po NFS službách nebo po PCMCIA službách. Správná odpovÄ›Ä závisà na vaÅ¡em " +#~ "konkrétnÃm nastavenÃ." + +#~ msgid "" +#~ "If you do not have your /usr tree mounted via NFS (either you only mount " +#~ "other, less vital trees via NFS or don't use NFS mounted trees at all) " +#~ "and don't use a PCMCIA network card, then it's best to start strongSwan " +#~ "at the earliest possible time, thus allowing the NFS mounts to be secured " +#~ "by IPSec. In this case (or if you don't understand or care about this " +#~ "issue), answer \"earliest\" to this question (the default)." +#~ msgstr "" +#~ "Jestliže nemáte svůj strom /usr pÅ™ipojen skrz NFS (buÄ pÅ™es NFS " +#~ "pÅ™ipojujete jiné, ne tak důležité stromy, nebo NFS vůbec nepoužÃváte) a " +#~ "nepoužÃváte sÃÅ¥ovou kartu PCMCIA, je nejlepÅ¡Ã spouÅ¡tÄ›t strongSwan co " +#~ "nejdÅ™Ãve, ÄÃmž umožnÃte aby byly NFS svazky chránÄ›ny pomocà IPSec. V " +#~ "takovém pÅ™ÃpadÄ› (nebo pokud si nejste jisti, nebo pokud vám na tom " +#~ "nezáležÃ) na otázku odpovÄ›zte „co nejdÅ™Ãve“ (výchozÃ)." + +#~ msgid "" +#~ "If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +#~ "card, then you will need to start strongSwan after NFS so that all " +#~ "necessary files are available. In this case, answer \"after NFS\" to this " +#~ "question. Please note that the NFS mount of /usr can not be secured by " +#~ "IPSec in this case." +#~ msgstr "" +#~ "Jestliže máte strom /usr pÅ™ipojen skrz NFS a nepoužÃváte sÃÅ¥ovou kartu " +#~ "PCMCIA, musÃte spustit strongSwan po NFS, aby byly vÅ¡echny potÅ™ebné " +#~ "soubory dostupné. V tomto pÅ™ÃpadÄ› na otázku odpovÄ›zte „po NFS“. UvÄ›domte " +#~ "si prosÃm, že v tomto pÅ™ÃpadÄ› nemůže být NFS svazek /usr chránÄ›n pomocà " +#~ "IPSec." + +#~ msgid "" +#~ "If you use a PCMCIA network card for your IPSec connections, then you " +#~ "only have to choose to start it after the PCMCIA services. Answer \"after " +#~ "PCMCIA\" in this case. This is also the correct answer if you want to " +#~ "fetch keys from a locally running DNS server with DNSSec support." +#~ msgstr "" +#~ "Jestliže použÃváte PCMCIA sÃÅ¥ovou kartu pro vaÅ¡e IPSec pÅ™ipojenÃ, pak je " +#~ "jedinou možnostà jej spustit po PCMCIA službách. V tom pÅ™ÃpadÄ› odpovÄ›zte " +#~ "„po PCMCIA“. Toto je také správná odpovÄ›Ä, pokud chcete zÃskat klÃÄe z " +#~ "lokálnÃho DNS serveru s podporou DNSSec." + +#~ msgid "Do you wish to support IKEv1?" +#~ msgstr "PÅ™ejete si podporu IKEv1?" + +#~ msgid "" +#~ "strongSwan supports both versions of the Internet Key Exchange protocol, " +#~ "IKEv1 and IKEv2. Do you want to start the \"pluto\" daemon for IKEv1 " +#~ "support when strongSwan is started?" +#~ msgstr "" +#~ "strongSwan podporuje protokol Internet Key Exchange ve verzÃch 1 a 2 " +#~ "(IKEv1, IKEv2). PÅ™ejete si pÅ™i startu strongSwanu spustit daemona „pluto“ " +#~ "podporujÃcÃho IKEv1?" + +#~ msgid "Do you wish to support IKEv2?" +#~ msgstr "PÅ™ejete si podporu IKEv2?" + +#~ msgid "" +#~ "strongSwan supports both versions of the Internet Key Exchange protocol, " +#~ "IKEv1 and IKEv2. Do you want to start the \"charon\" daemon for IKEv2 " +#~ "support when strongSwan is started?" +#~ msgstr "" +#~ "strongSwan podporuje protokol Internet Key Exchange ve verzÃch 1 a 2 " +#~ "(IKEv1, IKEv2). PÅ™ejete si pÅ™i startu strongSwanu spustit daemona " +#~ "„charon“ podporujÃcÃho IKEv2?" + +#~ msgid "" +#~ "strongSwan comes with support for opportunistic encryption (OE), which " +#~ "stores IPSec authentication information (i.e. RSA public keys) in " +#~ "(preferably secure) DNS records. Until this is widely deployed, " +#~ "activating it will cause a significant slow-down for every new, outgoing " +#~ "connection. Since version 2.0, strongSwan upstream comes with OE enabled " +#~ "by default and is thus likely to break your existing connection to the " +#~ "Internet (i.e. your default route) as soon as pluto (the strongSwan " +#~ "keying daemon) is started." +#~ msgstr "" +#~ "strongSwan pÅ™icházà s podporou pro oportunistické Å¡ifrovánà (OE), které " +#~ "uchovává autentizaÄnà informace IPSecu (napÅ™. veÅ™ejné RSA klÃÄe) v " +#~ "(nejlépe zabezpeÄených) DNS záznamech. Dokud nebude tato schopnost vÃce " +#~ "rozÅ¡ÃÅ™ena, způsobà jejà aktivace výrazné zpomalenà každého nového " +#~ "odchozÃho spojenÃ. Od verze 2.0 pÅ™icházà strongSwan s implicitnÄ› zapnutou " +#~ "podporou OE ÄÃmž pravdÄ›podobnÄ› zruÅ¡Ã vaÅ¡e probÃhajÃcà spojenà do " +#~ "Internetu (tj. vaÅ¡i výchozà cestu - default route) v okamžiku, kdy " +#~ "spustÃte pluto (strongSwan keying démon)." + +#~ msgid "" +#~ "Please choose whether you want to enable support for OE. If unsure, do " +#~ "not enable it." +#~ msgstr "" +#~ "ProsÃm vyberte si zda chcete povolit podporu pro OE. Nejste-li si jisti, " +#~ "podporu nepovolujte." + +#~ msgid "x509, plain" +#~ msgstr "x509, prostý" + +#~ msgid "The type of RSA keypair to create:" +#~ msgstr "Typ páru RSA klÃÄů, který se vytvoÅ™Ã:" + +#~ msgid "" +#~ "It is possible to create a plain RSA public/private keypair for use with " +#~ "strongSwan or to create a X509 certificate file which contains the RSA " +#~ "public key and additionally stores the corresponding private key." +#~ msgstr "" +#~ "Je možné vytvoÅ™it prostý pár RSA klÃÄů pro použità se strongSwanem, nebo " +#~ "vytvoÅ™it soubor s certifikátem X509, který obsahuje veÅ™ejný RSA klÃÄ a " +#~ "dodateÄnÄ› uchovává odpovÃdajÃcà soukromý klÃÄ." + +#~ msgid "" +#~ "If you only want to build up IPSec connections to hosts also running " +#~ "strongSwan, it might be a bit easier using plain RSA keypairs. But if you " +#~ "want to connect to other IPSec implementations, you will need a X509 " +#~ "certificate. It is also possible to create a X509 certificate here and " +#~ "extract the RSA public key in plain format if the other side runs " +#~ "strongSwan without X509 certificate support." +#~ msgstr "" +#~ "Pokud chcete vytvoÅ™it IPSec spojenà jen k poÄÃtaÄům, na kterých taktéž " +#~ "běžà strongSwan, může být mnohem jednoduÅ¡Å¡Ã použÃt pár prostých RSA " +#~ "klÃÄů. Pokud se ale chcete pÅ™ipojit k jiným implementacÃm IPSec, budete " +#~ "potÅ™ebovat certifikát X509. Také je možné zde vytvoÅ™it certifikát X509 a " +#~ "pozdÄ›ji, pokud druhá strana použÃvá strongSwan bez podpory certifikátů " +#~ "X509, z nÄ›j zÃskat veÅ™ejný RSA klÃÄ v prostém formátu." + +#~ msgid "" +#~ "Therefore a X509 certificate is recommended since it is more flexible and " +#~ "this installer should be able to hide the complex creation of the X509 " +#~ "certificate and its use in strongSwan anyway." +#~ msgstr "" +#~ "Certifikát X509 je proto doporuÄován zejména dÃky své flexibilitÄ›. Tento " +#~ "instalátor by v mÄ›l být schopen skrýt komplexnost vytvářenà a použÃvánà " +#~ "certifikátu ve strongSwanu." diff --git a/debian/po/da.po b/debian/po/da.po new file mode 100644 index 000000000..0687e0219 --- /dev/null +++ b/debian/po/da.po @@ -0,0 +1,476 @@ +# Danish translation strongswan. +# Copyright (C) 2010 strongswan & nedenstÃ¥ende oversættere. +# This file is distributed under the same license as the strongswan package. +# Joe Hansen (joedalton2@yahoo.dk), 2010. +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2010-08-16 14:23+0200\n" +"PO-Revision-Date: 2010-11-04 12:42+0000\n" +"Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n" +"Language-Team: Danish <dansk@dansk-gruppen.dk>\n" +"Language: da\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Erstattede tidligere kørselsniveauhÃ¥ndtering" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Tidligere versioner af pakken strongSwan havde et valg mellem tre " +"forskellige start-/stopniveauer. PÃ¥ grund af ændringer i den normale " +"procedure for systemopstart, er dette ikke længere nødvendigt eller " +"brugbart. For alle nye installationer samt ældre installationer der kører i " +"en af de prædefinerede tilstande, vil standardniveauer for sane ikke blive " +"angivet. Hvis du opgraderer fra en tidligere version og ændrede dine " +"opstartsparametre i strongSwan, sÃ¥ kig venligst i NEWS.Debian for " +"instruktioner om hvordan du ændrer din opsætning, sÃ¥ den passer." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Genstart strongSwan nu?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Genstart af strongSwan anbefales, da det er en sikkerhedsrettelse, rettelsen " +"vil ikke træde i kraft før dæmonen genstartes. De fleste forventer at " +"dæmonen genstartes, sÃ¥ dette er generelt en god ide. Det kan dog lægge " +"eksisterende forbindelser ned og sÃ¥ fÃ¥ dem op igen, sÃ¥ hvis du bruger sÃ¥dan " +"en strongSwan-tunneltil at forbinde for denne opdatering, anbefales en " +"genstart ikke." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's IKEv1 daemon?" +msgstr "Start strongSwans IKEv1-dæmon?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The pluto daemon must be running to support version 1 of the Internet Key " +"Exchange protocol." +msgstr "" +"Dæmonen pluto skal køre for at understøtte version 1 af Internet Key " +"Exchange-protokollen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Start strongSwan's IKEv2 daemon?" +msgstr "Start streongSwans IKEv2-dæmon?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"The charon daemon must be running to support version 2 of the Internet Key " +"Exchange protocol." +msgstr "" +"Dæmonen charon skal køre for at understøtte version 2 af Internet Key " +"Exchange-protokollen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "Use an X.509 certificate for this host?" +msgstr "Brug et X.509-certifikat for denne vært?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Et X.509-certifikat for denne vært kan oprettes automatisk eller importeres. " +"Det kan bruges til at godkende IPsec-forbindelser til andre værter og er den " +"foretrukne mÃ¥de at opbygge sikre IPsec-forbindelser. Den anden mulighed " +"ville være at bruge delte hemmeligheder (adgangskoder der er de samme pÃ¥ " +"begge sider af tunnelen) til godkendelse af en forbindelse, men for et " +"større antal forbindelser, er nøglebaseret godkendelse nemmere at " +"administrere og mere sikkert." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Alternativt kan du afvise denne indstilling og senere bruge kommandoen »dpkg-" +"reconfigure strongswan«." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "create" +msgstr "opret" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "import" +msgstr "importer" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"Metoder hvormed et X.509-certifikat kan bruges til at godkende denne vært:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Det er muligt at oprette et nyt X.509-certifikat med brugerdefineret " +"opsætning eller at importere en eksisterende offentlig og privat nøgle gemt " +"i PEM-filer for godkendelse af IPsec-forbindelser." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Hvis du vælger at oprette et nyt X.509-certifikat, vil du først blive spurgt " +"om et antal spørgsmÃ¥l, som skal besvares før oprettelsen kan begynde. Husk " +"venligst at hvis du ønsker at den offentlige nøgle skal underskrives af et " +"eksisterende Certificate Authority, sÃ¥ bør du ikke vælge at oprette et " +"certifikat underskrevet af dig selv og alle svarene skal svare præcis til " +"krævene i CA'en, ellers vil certifikatanmodningen blive afvist." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Hvis du ønsker at importere en eksisterende offentlig og privat nøgle, vil " +"du blive spurgt om deres filnavne (som kan være identiske, hvis begge er " +"gemt sammen i en fil). Du kan valgfrit angive et filnavn hvor de offentlige " +"nøgler fra Certificate Authority opbevares, men denne fil kan ikke være den " +"samme som den tidligere. Vær venligst ogsÃ¥ opmærksom pÃ¥ at formatet for " +"X.509-certifikatet skal være PEM, og at den private nøgle ikke mÃ¥ være " +"krypteret, ellers vil importproceduren fejle." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Filnavn pÃ¥ dit PEM-formateret X.509-certifikat:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Indtast venligst placeringen pÃ¥ filen der indeholder dit X.509-certifikat i " +"PEM-format." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Filnavn pÃ¥ din private PEM-formateret X.509-nøgle:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Indtast venligst placeringen pÃ¥ filen, der indeholder den private RSA-nøgle " +"der svarer til dit X.509-certifikat i PEM-format. Dette kan være den samme " +"fil som indeholder X.509-certifikatet." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Filnavn pÃ¥ dit PEM-formaterede X.509-RootCA:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Du kan nu valgfrit indtaste placeringen pÃ¥ filen, der indeholder X.509 " +"Certificate Authority-root brugt til at underskrive dit certifikat i PEM-" +"format. Hvis du ikke har et eller ikke ønsker at bruge det sÃ¥ efterlad dette " +"felt tomt. Bemærk venligst at det ikke er muligt at gemme RootCA'en i den " +"samme fil som dit X.509-certifikat eller din private nøgle." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Indtast venligst hvilken længde den oprettede RSA-nøgle skal have:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Indtast venligst længden pÃ¥ den oprettede RSA-nøgle. Den bør ike være mindre " +"end 1024 bit, da dette er usikkert, og du vil sikkert ikke have brug for " +"mere end 4096 bit, da det kun sløver godkendelsesprocessen ned og behovet " +"ikke er der i øjeblikket." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Opret et X.509-certifikat du selv har underskrevet?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Kun X.509-certifikater du selv har underskrevet kan oprettes automatisk, da " +"en Certifikat Authority ellers er nødvendig for at certifikatforespørgslen " +"biver underskrevet. Hvis du vælger at oprette et certifikat, du selv " +"underskriver, kan du umiddelbart bruge det efterfølgende til at forbinde til " +"andre IPsec-værter som understøtter X.509-certifikater til godkendelse af " +"IPsec-forbindelser. Brug af strongSwans PKI-funktioner kræver dog at alle " +"certifikater skal være underskrevet af en Certificate Authority for at " +"oprette en troværdighed." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Hvis du vælger ikke at oprette et certifikat, du selv har underskrevet, vil " +"kun den private RSA-nøgle og certifikatforespørgslen blive oprettet, og du " +"vil skulle underskrive certifikatforespørgslen med dit Certificate Authority." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "Country code for the X.509 certificate request:" +msgstr "Landekode for X.509-certifikatforespørgslen:" + +# hvad er det for en tobogstavskode de henviser til her? DA eller DK. +# ISO 3166 som de nævner efterfølgende er trecifret (DNK), men underdelen af +# 3166 er tocifret og DK for Danmark, men det dækker omrÃ¥derne i Danmark +# som Midtjylland DK-82 med flere. +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Indtast venligst koden, der bestÃ¥r af to bogstaver, for landet hvor serveren " +"befinder sig (sÃ¥som »DK« for Danmark)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL vil nægte at oprette et certifikat med mindre dette er en gyldig " +"ISO-3166 landekode. Et tomt felt er tilladt andre steder i X.509-" +"certifikatet men ikke her." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Stat eller provinsnavn for X.509-certifikatforespørgslen:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Indtast venligst det fulde navn pÃ¥ staten eller provinsen som serveren " +"befinder sig i (sÃ¥som »Nordjylland«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Lokalitetsnavn for X.509-certifikatforespørgslen:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Indtast venligst lokaliteten hvor serveren befinder sig (ofte en by, sÃ¥som " +"ȁrhus«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Organisationsnavn for X.509-certifikatforespørglsen:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Indtast venligst organisationen som serveren tilhører (sÃ¥som »Debian«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Organisationsgruppe for X.509-certifikatforespørgslen:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Indtast venligst organisationsgruppen som serveren tilhører (sÃ¥som " +"»sikkerhedsafdelingen«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Betegnelsen for X.509-certifikatforespørgslen:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Indtast venligst betegnelsen (navnet) for denne vært (sÃ¥som »gateway." +"eksempel.org«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Email address for the X.509 certificate request:" +msgstr "E-post-adresse for X.509-certifikatforespørgslen:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Indtast venligst e-post-adressen pÃ¥ personen eller organisationen der er " +"ansvarlig for X.509-certifikatet." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "Enable opportunistic encryption?" +msgstr "Aktiver opportunistisk kryptering?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Denne version af strongSwan understøtter opportunistisk kryptering (OE), som " +"gemmer IPSec-godkendelsesinformation i DNS-punkter. Indtil dette er udbredt, " +"vil aktivering medføre en væsentlig forsinkelse for hver ny udgÃ¥ende " +"forbindelse." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the pluto daemon " +"starts." +msgstr "" +"Du skal kun aktivere opportunistisk kryptering, hvis du er sikker pÃ¥, at du " +"ønsker det. Det kan fÃ¥ internetforbindelsen til at gÃ¥ ned (standardrute), " +"nÃ¥r plutodæmonen starter op." diff --git a/debian/po/de.po b/debian/po/de.po new file mode 100644 index 000000000..8930d6b5b --- /dev/null +++ b/debian/po/de.po @@ -0,0 +1,789 @@ +# German translation of strongswan templates +# Matthias Julius <mdeb@julius-net.net>, 2007. +# Martin Eberhard Schauer <Martin.E.Schauer@gmx.de>, 2010. +# Helge Kreutzmann <debian@helgefjell.de>, 2007, 2010. +# This file is distributed under the same license as the strongswan package. +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan 4.4.0-1\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2010-08-16 14:23+0200\n" +"PO-Revision-Date: 2010-06-29 21:55+0200\n" +"Last-Translator: Helge Kreutzmann <debian@helgefjell.de>\n" +"Language-Team: German <debian-l10n-german@lists.debian.org>\n" +"Language: de\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +# (mes) andere Ãœbersetzungen für supersede: etw.Akk. ersetzen, für etw.Akk. Ersatz sein, an die Stelle von etw. Dat. treten, etw.Akk. überflüssig machen, etw.Akk. verdrängen +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Alte Verwaltung der Runlevel abgelöst" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Frühere Versionen von strongSwan ermöglichten eine Wahl zwischen drei " +"verschiedenen Start/Stop-Modi. Aufgrund von Änderungen des standardmäßigen " +"Systemstarts ist dies nicht mehr notwendig oder nützlich. Sowohl für alle " +"neuen als auch bestehende Installationen, die in einem der vordefinierten " +"Modi betrieben wurden, werden jetzt vernünftige Standardwerte gesetzt. Wenn " +"Sie jetzt ein Upgrade von einer früheren Version durchführen und Sie die " +"strongSwan-Startparameter angepasst haben, werfen Sie bitte einen Blick auf " +"NEWS.Debian. Die Datei enthält Anweisungen, wie Sie Ihren Installation " +"entsprechend ändern." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "StrongSwan jetzt starten?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Es wird empfohlen, strongSwan neuzustarten, da eine Sicherheitskorrektur " +"erst nach dem Neustart des Daemons greift. Die meisten Leute erwarten, dass " +"der Daemon neu startet, daher ist diese Wahl eine gute Idee. Er kann " +"allerdings existierende Verbindungen beenden und erneut aufbauen. Falls Sie " +"solch eine Verbindung für diese Aktualisierung verwenden, wird der Neustart " +"nicht empfohlen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's IKEv1 daemon?" +msgstr "strongSwans IKEv1-Daemon starten?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The pluto daemon must be running to support version 1 of the Internet Key " +"Exchange protocol." +msgstr "" +"Der Pluto-Daemon muss laufen, um Version 1 des Internet Key Exchange-" +"Protokolls zu unterstützen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Start strongSwan's IKEv2 daemon?" +msgstr "strongSwans IKEv2-Daemon starten?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"The charon daemon must be running to support version 2 of the Internet Key " +"Exchange protocol." +msgstr "" +"Der Charon-Daemon muss laufen, um Version 2 des Internet Key Exchange-" +"Protokolls zu unterstützen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "Use an X.509 certificate for this host?" +msgstr "Für diesen Rechner ein X.509-Zertifikat verwenden?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Für diesen Rechner kann ein X.509-Zertifikat automatisch erstellt oder " +"importiert werden, das zur Authentifizierung von IPSec-Verbindungen zu " +"anderen Rechnern verwendet werden kann. Dieses Vorgehen ist für den Aufbau " +"gesicherter IPSec-Verbindungen vorzuziehen. Die andere Möglichkeit ist die " +"Verwendung von gemeinsamen Geheimnissen (engl.: shared secrets, gleiche " +"Passwörter an beiden Enden des Tunnels) zur Authentifizierung einer " +"Verbindung. Für eine größere Anzahl von Verbindungen ist aber die RSA-" +"Authentifizierung einfacher zu verwalten und sicherer." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Alternativ können Sie diese Option ablehnen und später den Befehl »dpkg-" +"reconfigure strongswan« zur Rückkehr zu dieser Option verwenden." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "create" +msgstr "erstellen" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "import" +msgstr "importieren" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"Methoden für die Authentifizierung dieses Rechners mittels eines X.509-" +"Zertifikats:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Es ist möglich, mit benutzerdefinierten Einstellungen ein neues X.509-" +"Zertifikat zu erstellen oder einen vorhandenen, in PEM-Datei(en) " +"gespeicherten, öffentlichen und privaten Schlüssel für die Authentifizierung " +"von IPSec-Verbindungen zu verwenden." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Wenn Sie sich für die Erstellung eines neuen X.509-Zertifikats entscheiden, " +"wird Ihnen zunächst eine Reihe von Fragen gestellt. Diese Fragen müssen " +"beantwortet werden, damit das Zertifikat erstellt werden kann. Bitte " +"beachten Sie: Wenn der öffentliche Schlüssel von einer bestehenden " +"Zertifizierungsstelle (Certificate Authority, CA) bestätigen lassen wollen, " +"sollten Sie nicht wählen, ein selbstsigniertes Zertifikat zu erstellen. " +"Außerdem müssen dann alle gegebenen Antworten exakt den Anforderungen der CA " +"entsprechen, da sonst der Antrag auf Zertifizierung zurückgewiesen werden " +"kann." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Wenn Sie bestehende öffentliche und private Schlüssel importieren wollen, " +"werden Sie nach deren Dateinamen gefragt. (Die Namen können übereinstimmen, " +"wenn beide Teile zusammen in einer Datei gespeichert werden.) Optional " +"können Sie auch den Namen einer Datei angeben, die den/die öffentlichen " +"Schlüssel Ihrer Zertifizierungsstelle enthält. Dieser Name muss von den " +"Erstgenannten verschieden sein. Bitte beachten Sie auch, dass Sie für die " +"X.509-Zertifikate das Format PEM verwenden und dass der private Schlüssel " +"nicht verschlüsselt sein darf, weil sonst der Import-Vorgang fehlschlagen " +"wird." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Dateiname Ihres X.509-Zertifikats im PEM-Format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Bitte geben Sie den Speicherort der Datei ein, die Ihr X.509-Zertifikat im " +"PEM-Format enthält." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Dateiname des privaten X.509-Schlüssels im PEM-Format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Bitte geben Sie den Speicherort der Datei ein, die den zu Ihrem X.509-" +"Zertifikat passenden privaten RSA-Schlüssel im PEM-Format enthält. Dies kann " +"dieselbe Datei sein, die das X.509-Zertifikat enthält." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Dateinamen Ihrer PEM-Format-X.509-RootCA:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Optional können Sie nun den Speicherort der Datei mit dem »X.509 Certificate " +"Authority Root« angeben, mit dem Ihr Zertifikat im PEM-Format unterzeichnet " +"wurde. Wenn Sie keine haben oder diese nicht verwenden wollen, lassen Sie " +"dieses Feld bitte leer. Bitte beachten Sie, dass es nicht möglich ist, die " +"RootCA in der gleichen Datei wie Ihr X.509-Zertifikat oder den privaten " +"Schlüssel zu speichern." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Please enter which length the created RSA key should have:" +msgstr "" +"Bitte geben Sie ein, welche Länge der erstellte RSA-Schlüssels haben soll:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Bitte geben Sie die Länge des erstellten RSA-Schlüssels an. Er sollte nicht " +"kürzer als 1024 Bits sein, da dies als unsicher betrachtet werden könnte und " +"Sie benötigen nicht mehr als 4096 Bits, da dies nur den Authentifizierungs-" +"Prozess verlangsamt und derzeit nicht benötigt wird." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Selbstsigniertes X.509-Zertifikat erstellen?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Nur selbstsignierte X.509-Zertifikate können automatisch erstellt werden, da " +"da andernfalls eine Zertifizierungsstelle zur Signatur der " +"Zertifikatsanfrage benötigt wird. Falls Sie sich entscheiden, ein " +"selbstsigniertes Zertifikat zu erstellen, können Sie es sofort zur " +"Verbindung mit anderen IPSec-Rechnern verwenden, die X.509-Zertifikate zur " +"Authentifizierung von IPSec-Verbindungen verwenden. Die Verwendung der PKI-" +"Funktionalität von strongSwan verlangt allerdings, dass alle Zertifikate von " +"einer Zertifizierungsstelle signiert sind, um einen Vertrauenspfad zu " +"erstellen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Falls Sie kein selbstsigniertes Zertifikat erstellen möchten, wird nur der " +"private RSA-Schlüssel und die Zertifikatsanforderung erstellt. Sie müssen " +"diese Zertifikatsanforderung von Ihrer Zertifizierungsstelle signieren " +"lassen." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "Country code for the X.509 certificate request:" +msgstr "Ländercode für die X.509-Zertifikatsanforderung:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Geben Sie den Ländercode (zwei Zeichen) für das Land ein, in dem der Server " +"steht (z. B. »AT« für Österreich)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"Ohne einen gültigen Ländercode nach ISO-3166 wird es OpenSSL ablehnen, ein " +"Zertifikat zu generieren. Ein leeres Feld ist für andere Elemente des X.509-" +"Zertifikats zulässig, aber nicht für dieses." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Name des Landes oder der Provinz für diese X.509-Zertifikatsanfrage:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Bitte geben Sie den kompletten Namen des Landes oder der Provinz ein, in der " +"sich der Server befindet (wie »Oberösterreich«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Ort für die X.509-Zertifikatsanforderung:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Geben Sie bitte den Ort an, an dem der Server steht (oft ist das eine Stadt " +"wie beispielsweise »Wien«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Organisationsname für die X.509-Zertifikatsanforderung:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Bitte geben Sie die Organisation an, zu der der Server gehört (wie z.B. " +"»Debian«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Organisationseinheit für die X.509-Zertifikatsanforderung:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Bitte geben Sie die Organisationseinheit für die X.509-" +"Zertifikatsanforderung ein (z.B. »Sicherheitsgruppe«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Common Name for the X.509 certificate request:" +msgstr "»Common Name« für die X.509-Zertifikatsanforderung:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Bitte geben Sie den »Common Name« für diesen Rechner ein (wie z.B. »gateway." +"example.org«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Email address for the X.509 certificate request:" +msgstr "E-Mail-Adresse für die X.509-Zertifikatsanforderung:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Bitte geben Sie die E-Mail-Adresse der für das X.509-Zertifikat " +"verantwortlichen Person oder Organisation ein." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "Enable opportunistic encryption?" +msgstr "Opportunistische Verschlüsselung aktivieren?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Diese Version von strongSwan unterstützt opportunistische Verschlüsselung " +"(OE), die IPSec-Authentifizierungsinformationen in DNS-Einträgen speichert. " +"Bis dies weit verbreitet ist, führt die Verwendung zu einer deutlichen " +"Verzögerung bei jeder ausgehenden Verbindung." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the pluto daemon " +"starts." +msgstr "" +"Sie sollten opportunistische Verschlüsselung nur verwenden, falls Sie sich " +"sicher sind, dass Sie sie verwenden möchten. Beim Starten des Pluto-Daemons " +"könnte die Internetverbindung (Default Route) unterbrochen werden." + +#~ msgid "" +#~ "Previous versions of the Openswan package gave a choice between three " +#~ "different Start/Stop-Levels. Due to changes in the standard system " +#~ "startup procedure, this is no longer necessary or useful. For all new " +#~ "installations as well as old ones running in any of the predefined modes, " +#~ "sane default levels will now be set. If you are upgrading from a previous " +#~ "version and changed your Openswan startup parameters, then please take a " +#~ "look at NEWS.Debian for instructions on how to modify your setup " +#~ "accordingly." +#~ msgstr "" +#~ "Frühere Versionen von Openswan ermöglichten eine Wahl zwischen drei " +#~ "verschiedenen Start/Stop-Ebenen. Aufgrund von Änderungen des " +#~ "standardmäßigen Systemstarts ist dies nicht mehr notwendig oder nützlich. " +#~ "Sowohl für alle neuen als auch bestehende Installationen, die in einem " +#~ "der vordefinierten Modi betrieben wurden, werden jetzt vernünftige " +#~ "Standardwerte gesetzt. Wenn Sie jetzt ein Upgrade von einer früheren " +#~ "Version durchführen und Sie die Openswan-Startparameter angepasst haben, " +#~ "werfen Sie bitte einen Blick auf NEWS.Debian. Die Datei enthält " +#~ "Anweisungen, wie Sie Ihren Setup entsprechend ändern." + +#~ msgid "Restart Openswan now?" +#~ msgstr "Möchten Sie jetzt Openswan neu starten?" + +#~ msgid "" +#~ "Restarting Openswan is recommended, since if there is a security fix, it " +#~ "will not be applied until the daemon restarts. Most people expect the " +#~ "daemon to restart, so this is generally a good idea. However, this might " +#~ "take down existing connections and then bring them back up, so if you are " +#~ "using such an Openswan tunnel to connect for this update, restarting is " +#~ "not recommended." +#~ msgstr "" +#~ "Der Neustart von Openswan wird empfohlen. Wenn mit dieser Version ein " +#~ "Sicherheitsproblem beseitigt wurde, wird dies erst nach dem Neustart des " +#~ "Daemons wirksam. Da die meisten Anwender einen Neustart des Daemons " +#~ "erwarten, ist dies grundsätzlich eine gute Idee. Der Neustart kann aber " +#~ "bestehende Verbindungen schließen und anschließend wiederherstellen. Wenn " +#~ "Sie einen solchen Openswan-Tunnel für die Verbindung bei dieser " +#~ "Aktualisierung verwenden, wird von einem Neustart abgeraten." + +#~ msgid "" +#~ "Alternatively you can reject this option and later use the command \"dpkg-" +#~ "reconfigure openswan\" to come back." +#~ msgstr "" +#~ " Alternativ können Sie diese Option ablehnen und später mit dem Befehl " +#~ "»dpkg-reconfigure openswan« zurückzukommen." + +#~ msgid "Length of RSA key to be created:" +#~ msgstr "Länge des zu erstellenden RSA-Schlüssels:" + +#~ msgid "" +#~ "Please enter the required RSA key-length. Anything under 1024 bits should " +#~ "be considered insecure; anything more than 4096 bits slows down the " +#~ "authentication process and is not useful at present." +#~ msgstr "" +#~ "Bitte geben Sie die Länge des zu erstellenden RSA-Schlüssels ein. Sie " +#~ "sollte nicht weniger als 1024 Bit sein, da dies als unsicher betrachtet " +#~ "wird. Alles über 4098 Bit verlangsamt den Authentifizierungs-Prozess und " +#~ "ist zur Zeit nicht nützlich." + +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a Certificate Authority is needed to sign the certificate " +#~ "request. If you choose to create a self-signed certificate, you can use " +#~ "it immediately to connect to other IPsec hosts that support X.509 " +#~ "certificate for authentication of IPsec connections. However, using " +#~ "Openswan's PKI features requires all certificates to be signed by a " +#~ "single Certificate Authority to create a trust path." +#~ msgstr "" +#~ "Nur selbstsignierte X.509-Zertifikate können automatisch erstellt werden, " +#~ "da anderenfalls für die Unterzeichnung der Zertifikatsanforderung eine " +#~ "Zertifizierungsstelle benötigt wird. Falls Sie ein selbstsigniertes " +#~ "Zertifikat erstellen, können Sie dieses sofort verwenden, um sich mit " +#~ "anderen IPSec-Rechnern zu verbinden, die X.509-Zertifikate zur " +#~ "Authentifizierung von IPsec-Verbindungen benutzen. Falls Sie jedoch die " +#~ "PKI-Funktionen von Openswan verwenden möchten, müssen alle X.509-" +#~ "Zertifikate von einer einzigen Zertifizierungsstelle signiert sein, um " +#~ "einen Vertrauenspfad zu schaffen." + +#~ msgid "Modification of /etc/ipsec.conf" +#~ msgstr "Veränderung von /etc/ipsec.conf" + +#~ msgid "" +#~ "Due to a change in upstream Openswan, opportunistic encryption is no " +#~ "longer enabled by default. The no_oe.conf file that was shipped in " +#~ "earlier versions to explicitly disable it can therefore no longer be " +#~ "included by ipsec.conf. Any such include paragraph will now be " +#~ "automatically removed to ensure that Openswan can start correctly." +#~ msgstr "" +#~ "Aufgrund einer Änderung im Quelltext von Openswan ist opportunistische " +#~ "Verschlüsselung nicht mehr standardmäßig aktiviert. Ältere Versionen von " +#~ "Openswan enthielten die Datei no_oe.conf, die zur expliziten " +#~ "Deaktivierung der opportunistischen Verschlüsselung diente. Diese kann " +#~ "jetzt nicht mehr mittels ipsec.conf aufgenommen werden. Jeder " +#~ "entsprechende Absatz wird jetzt automatisch entfernt, um einen korrekten " +#~ "Start von Openswan sicherzustellen." + +#~ msgid "Do you wish to restart strongSwan?" +#~ msgstr "Möchten Sie strongSwan neustarten?" + +#~ msgid "Please enter the location of your X509 certificate in PEM format:" +#~ msgstr "" +#~ "Bitte geben Sie den Ort der Datei an, der Ihr X509-Zertifikat im PEM-" +#~ "Format enthält." + +#~ msgid "Please enter the location of your X509 private key in PEM format:" +#~ msgstr "" +#~ "Bitte geben Sie den Ort der Datei an, der Ihr X509-Zertifikat im PEM-" +#~ "Format enthält." + +#~ msgid "" +#~ "Please enter the 2 letter country code for your country. This code will " +#~ "be placed in the certificate request." +#~ msgstr "" +#~ "Bitte geben Sie den zweibuchstabigen Ländercode für Ihr Land ein. Dieser " +#~ "Code wird in der Zertifikatsanfrage verwendet." + +#~ msgid "Example: AT" +#~ msgstr "Beispiel: AT" + +#~ msgid "Example: Upper Austria" +#~ msgstr "Beispiel: Oberösterreich" + +#~ msgid "Example: Vienna" +#~ msgstr "Beispiel: Wien" + +#~ msgid "" +#~ "Please enter the organization (e.g. company) that the X509 certificate " +#~ "should be created for. This name will be placed in the certificate " +#~ "request." +#~ msgstr "" +#~ "Bitte geben Sie die Organisation (z.B. Firma) ein, für die das X509-" +#~ "Zertifikat erstellt werden soll. Dieser Name wird in der " +#~ "Zertifikatsanfrage verwandt." + +#~ msgid "Example: Debian" +#~ msgstr "Beispiel: Debian" + +#~ msgid "Example: security group" +#~ msgstr "Beispiel: Sicherheitsgruppe" + +#~ msgid "Example: gateway.debian.org" +#~ msgstr "Beispiel: gateway.debian.org" + +#~ msgid "When to start strongSwan:" +#~ msgstr "Wann soll strongSwan gestartet werden:" + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Falls Sie kein neues öffentliches/privates Schlüsselpaar erstellen " +#~ "wollen, können Sie im nächsten Schritt ein existierendes auswählen." + +#~ msgid "earliest, \"after NFS\", \"after PCMCIA\"" +#~ msgstr "frühestmöglich, »nach NFS«, »nach PCMCIA«" + +#~ msgid "" +#~ "There are three possibilities when strongSwan can start: before or after " +#~ "the NFS services and after the PCMCIA services. The correct answer " +#~ "depends on your specific setup." +#~ msgstr "" +#~ "Es gibt drei Möglichkeiten, wann strongSwan starten kann: vor oder nach " +#~ "den NFS-Diensten und nach den PCMCIA-Diensten. Die richtige Antwort hängt " +#~ "von Ihrer spezifischen Einrichtung ab." + +#~ msgid "" +#~ "If you do not have your /usr tree mounted via NFS (either you only mount " +#~ "other, less vital trees via NFS or don't use NFS mounted trees at all) " +#~ "and don't use a PCMCIA network card, then it's best to start strongSwan " +#~ "at the earliest possible time, thus allowing the NFS mounts to be secured " +#~ "by IPSec. In this case (or if you don't understand or care about this " +#~ "issue), answer \"earliest\" to this question (the default)." +#~ msgstr "" +#~ "Falls Sie Ihren /usr-Baum nicht über NFS eingehängt haben (entweder weil " +#~ "Sie nur andere, weniger lebenswichtige Bäume über NFS einhängen, oder " +#~ "falls Sie NFS überhaupt nicht verwenden) und keine PCMCIA-Netzwerkkarte " +#~ "benutzen, ist es am besten, strongSwan so früh wie möglich zu starten und " +#~ "damit durch IPSec gesicherte NFS-Einhängungen zu erlauben. In diesem Fall " +#~ "(oder falls Sie dieses Problem nicht verstehen oder es Ihnen egal ist), " +#~ "antworten Sie »frühestmöglich« (Standardwert) auf diese Frage." + +#~ msgid "" +#~ "If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +#~ "card, then you will need to start strongSwan after NFS so that all " +#~ "necessary files are available. In this case, answer \"after NFS\" to this " +#~ "question. Please note that the NFS mount of /usr can not be secured by " +#~ "IPSec in this case." +#~ msgstr "" +#~ "Falls Sie Ihren /usr-Baum über NFS eingehängt haben und keine PCMCIA-" +#~ "Netzwerkkarte benutzen, müssen Sie strongSwan nach NFS starten, so dass " +#~ "alle benötigten Dateien verfügbar sind. In diesem Fall antworten Sie " +#~ "»nach NFS« auf diese Frage. Bitte beachten Sie, dass NFS-Einhängungen " +#~ "von /usr in diesem Fall nicht über IPSec gesichert werden können." + +#~ msgid "" +#~ "If you use a PCMCIA network card for your IPSec connections, then you " +#~ "only have to choose to start it after the PCMCIA services. Answer \"after " +#~ "PCMCIA\" in this case. This is also the correct answer if you want to " +#~ "fetch keys from a locally running DNS server with DNSSec support." +#~ msgstr "" +#~ "Falls Sie eine PCMCIA-Netzwerkkarte für Ihre IPSec-Verbindungen benutzen, " +#~ "dann müssen Sie nur auswählen, dass er nach den PCMCIA-Diensten startet. " +#~ "Antworten Sie in diesem Fall »nach PCMCIA«. Dies ist auch die richtige " +#~ "Antwort, falls Sie Schlüssel von einem lokal laufenden DNS-Server mit " +#~ "DNSSec-Unterstützung abholen wollen." + +#~ msgid "Do you wish to support IKEv1?" +#~ msgstr "Möchten Sie IKEv1 unterstützen?" + +#~ msgid "" +#~ "strongSwan supports both versions of the Internet Key Exchange protocol, " +#~ "IKEv1 and IKEv2. Do you want to start the \"pluto\" daemon for IKEv1 " +#~ "support when strongSwan is started?" +#~ msgstr "" +#~ "strongSwan unterstützt beide Versionen des »Internet Key Exchange«-" +#~ "Protokolls (Schlüsselaustausch über Internet), IKEv1 und IKEv2. Möchten " +#~ "Sie den »pluto«-Daemon für IKEv1-Unterstützung starten, wenn strongSwan " +#~ "gestartet wird." + +#~ msgid "Do you wish to support IKEv2?" +#~ msgstr "Möchten Sie IKEv2 unterstützen?" + +#~ msgid "" +#~ "strongSwan supports both versions of the Internet Key Exchange protocol, " +#~ "IKEv1 and IKEv2. Do you want to start the \"charon\" daemon for IKEv2 " +#~ "support when strongSwan is started?" +#~ msgstr "" +#~ "strongSwan unterstützt beide Versionen des »Internet Key Exchange«-" +#~ "Protokolls (Schlüsselaustausch über Internet), IKEv1 und IKEv2. Möchten " +#~ "Sie den »charon«-Daemon für IKEv2-Unterstützung starten, wenn strongSwan " +#~ "gestartet wird." + +#~ msgid "" +#~ "strongSwan comes with support for opportunistic encryption (OE), which " +#~ "stores IPSec authentication information (i.e. RSA public keys) in " +#~ "(preferably secure) DNS records. Until this is widely deployed, " +#~ "activating it will cause a significant slow-down for every new, outgoing " +#~ "connection. Since version 2.0, strongSwan upstream comes with OE enabled " +#~ "by default and is thus likely to break your existing connection to the " +#~ "Internet (i.e. your default route) as soon as pluto (the strongSwan " +#~ "keying daemon) is started." +#~ msgstr "" +#~ "strongSwan enthält Unterstützung für opportunistische Verschlüsselung " +#~ "(OV), die Authentifizierungsinformationen von IPSec (z.B. öffentliche RSA-" +#~ "Schlüssel) in DNS-Datensätzen speichert. Solange dies nicht weit " +#~ "verbreitet ist, wird jede neue ausgehende Verbindung signifikant " +#~ "verlangsamt, falls diese Option aktiviert ist. Seit Version 2.0 wird " +#~ "strongSwan von den Autoren mit aktiviertem OV ausgeliefert und wird daher " +#~ "wahrscheinlich Ihre existierenden Verbindungen ins Internet (d.h. Ihre " +#~ "Standard-Route) stören, sobald Pluto (der strongSwan Schlüssel-Daemon) " +#~ "gestartet wird." + +#~ msgid "" +#~ "Please choose whether you want to enable support for OE. If unsure, do " +#~ "not enable it." +#~ msgstr "" +#~ "Bitte wählen Sie aus, ob Sie OV aktivieren möchten. Falls Sie unsicher " +#~ "sind, aktivieren Sie es nicht." + +#~ msgid "x509, plain" +#~ msgstr "x509, einfach" + +#~ msgid "The type of RSA keypair to create:" +#~ msgstr "Die Art des RSA-Schlüsselpaars, das erstellt werden soll:" + +#~ msgid "" +#~ "It is possible to create a plain RSA public/private keypair for use with " +#~ "strongSwan or to create a X509 certificate file which contains the RSA " +#~ "public key and additionally stores the corresponding private key." +#~ msgstr "" +#~ "Es besteht die Möglichkeit, ein einfaches öffentliches/privates " +#~ "Schlüsselpaar für den Einsatz mit strongSwan oder eine X509-" +#~ "Zertifikatsdatei zu erstellen, die den öffentlichen Schlüssel und " +#~ "zusätzlich den zugehörigen privaten Schlüssel enthält." + +#~ msgid "" +#~ "If you only want to build up IPSec connections to hosts also running " +#~ "strongSwan, it might be a bit easier using plain RSA keypairs. But if you " +#~ "want to connect to other IPSec implementations, you will need a X509 " +#~ "certificate. It is also possible to create a X509 certificate here and " +#~ "extract the RSA public key in plain format if the other side runs " +#~ "strongSwan without X509 certificate support." +#~ msgstr "" +#~ "Falls Sie nur IPSec-Verbindungen zu Rechnern aufbauen wollen, auf denen " +#~ "auch strongSwan läuft, könnte es etwas einfacher sein, einfache RSA-" +#~ "Schlüsselpaare zu verwenden. Falls Sie aber mit anderen IPSec-" +#~ "Implementierungen Verbindungen aufnehmen wollen, benötigen Sie ein X509-" +#~ "Zertifikat. Es besteht auch die Möglichkeit, hier ein X509-Zertifikat zu " +#~ "erstellen und den öffentlichen RSA-Schlüssel im einfachen Format zu " +#~ "extrahieren, falls die andere Seite strongSwan ohne X509-" +#~ "Zertifikatsunterstützung betreibt." + +#~ msgid "" +#~ "Therefore a X509 certificate is recommended since it is more flexible and " +#~ "this installer should be able to hide the complex creation of the X509 " +#~ "certificate and its use in strongSwan anyway." +#~ msgstr "" +#~ "Daher wird ein X509-Zertifikat empfohlen, da es flexibler ist und dieses " +#~ "Installationsprogramm in der Lage sein sollte, die komplexe Erstellung " +#~ "des X509-Zertifikates und seinen Einsatz in strongSwan zu verstecken." diff --git a/debian/po/es.po b/debian/po/es.po new file mode 100644 index 000000000..b1b8cb1f3 --- /dev/null +++ b/debian/po/es.po @@ -0,0 +1,659 @@ +# strongswan po-debconf translation to Spanish +# Copyright (C) 2010 Software in the Public Interest +# This file is distributed under the same license as the strongswan package. +# +# Changes: +# - Initial translation +# Francisco Javier Cuadrado <fcocuadrado@gmail.com>, 2010 +# +# Traductores, si no conocen el formato PO, merece la pena leer la +# documentación de gettext, especialmente las secciones dedicadas a este +# formato, por ejemplo ejecutando: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Equipo de traducción al español, por favor lean antes de traducir +# los siguientes documentos: +# +# - El proyecto de traducción de Debian al español +# http://www.debian.org/intl/spanish/ +# especialmente las notas y normas de traducción en +# http://www.debian.org/intl/spanish/notas +# +# - La guÃa de traducción de po's de debconf: +# /usr/share/doc/po-debconf/README-trans +# o http://www.debian.org/intl/l10n/po-debconf/README-trans +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan 4.4.1-5\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2010-08-16 14:23+0200\n" +"PO-Revision-Date: 2010-10-09 20:45+0100\n" +"Last-Translator: Francisco Javier Cuadrado <fcocuadrado@gmail.com>\n" +"Language-Team: Debian l10n Spanish <debian-l10n-spanish@lists.debian.org>\n" +"Language: es\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Se ha sustituido la antigua gestión del nivel de ejecución" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Las versiones previas del paquete de StrongSwan daban la opción de elegir " +"entre tres niveles diferentes de Inicio/Parada. Debido a los cambios en el " +"procedimiento del sistema estándar de arranque, esto ya no es necesario ni " +"útil. Para todas las instalaciones nuevas, asà como para las antiguas que " +"ejecuten cualquiera de los modos predefinidos, se configurarán unos niveles " +"predeterminado válidos. Si está actualizando de una versión antigua y ha " +"cambiado los parámetros de arranque de StrongSwan, eche un vistazo al " +"archivo «NEWS.Debian» para leer las instrucciones sobre cómo modificar su " +"configuración apropiadamente." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "¿Desea reiniciar StrongSwan ahora mismo?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Se recomienda reiniciar StrongSwan, porque si hay un parche de seguridad, " +"éste no se aplicará hasta que el demonio se reinicie. La mayorÃa de la gente " +"espera que el demonio se reinicie, asà que generalmente es una buena idea. " +"Sin embargo, esto puede cerrar las conexiones existentes y después volverlas " +"a abrir, de modo que si está utilizando un túnel de StrongSwan en la " +"conexión de esta actualización, no se recomienda reiniciar." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's IKEv1 daemon?" +msgstr "¿Desea iniciar el demonio IKEv1 de StrongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The pluto daemon must be running to support version 1 of the Internet Key " +"Exchange protocol." +msgstr "" +"El demonio pluto se debe ejecutar para poder utilizar la versión 1 del " +"protocolo de intercambio de claves por internet («Internet Key Exchange»)." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Start strongSwan's IKEv2 daemon?" +msgstr "¿Desea iniciar el demonio IKEv2 de StrongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"The charon daemon must be running to support version 2 of the Internet Key " +"Exchange protocol." +msgstr "" +"El demonio charon se debe ejecutar para permitir utilizar la versión 2 del " +"protocolo de intercambio de claves por internet («Internet Key Exchange»)." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "Use an X.509 certificate for this host?" +msgstr "¿Desea utilizar un certificado X.509 para esta máquina?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Se puede crear automáticamente o importar un certificado X.509 para esta " +"máquina. Esto se puede utilizar para autenticar conexiones IPsec de otras " +"máquinas y es la forma preferida para construir conexiones IPsec seguras. La " +"otra posibilidad serÃa utilizar secretos compartidos (contraseñas que son la " +"misma en ambos lados del túnel) para autenticar una conexión, pero para un " +"gran número de conexiones, la autenticación basada en claves es más sencilla " +"de administrar y más segura." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"También puede rechazar esta opción y utilizar más tarde la orden «dpkg-" +"reconfigure strongswan» para volver a este proceso." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "create" +msgstr "crear" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "import" +msgstr "importar" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"Métodos para utilizar un certificado X.509 para autenticar esta máquina:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Es posible crear un certificado X.509 nuevo con la configuración definida " +"por el usuario o importar una clave pública/privada almacenada en archivo/s " +"PEM para autenticar las conexiones IPsec." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Si escoge crear un certificado X.509 nuevo, primero se le realizarán unas " +"cuantas preguntas que deberá contestar antes de que la creación comience. " +"Por favor, tenga en cuenta que si quiere que una Autoridad de Certificación " +"(CA) firme la clave pública no deberÃa escoger crear un certificado auto-" +"firmado y todas las respuestas deberán coincidir exactamente con los " +"requisitos de la CA, de otro modo puede que se rechace la petición del " +"certificado." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Si quiere importar una clave pública/privada, se le preguntará por los " +"nombres de los archivos (que deberán ser idénticos si ambas partes se " +"almacenan en un único archivo). Opcionalmente, puede indicar el nombre de un " +"archivo dónde las clave/s pública/s de la Autoridad de Certificación se " +"almacenen, pero este archivo no puede ser el mismo que los anteriores. Por " +"favor, tenga en cuenta que el formato para los certificados X.509 tiene que " +"ser PEM y que la clave privada no debe estar cifrada o el proceso de " +"importación fallará." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Nombre del archivo del certificado X.509 en el formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Introduzca la ubicación completa del archivo que contiene el certificado " +"X.509 en el formato PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 private key:" +msgstr "" +"Nombre del archivo de la clave privada del certificado X.509 en el formato " +"PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Introduzca la ubicación del archivo que contiene la clave privada RSA del " +"certificado X.509 en el formato PEM. Puede ser el mismo archivo que contiene " +"el del certificado X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "" +"Nombre del archivo del certificado X.509 de la raÃz de la Autoridad de " +"Certificación (CA) en el formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Opcionalmente, ahora puede introducir la ubicación del archivo que contiene " +"el certificado X.509 de la raÃz de la Autoridad de Certificación (CA) " +"utilizado para firmar su certificado en formato PEM. Si no tiene uno o no " +"quiere utilizarlo, deje este campo en blanco. Por favor, tenga en cuenta que " +"no es posible almacenar la raÃz de la CA en el mismo archivo que su " +"certificado X.509 o la clave privada." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Introduzca la longitud que deberÃa tener la clave RSA creada:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Introduzca la longitud de la clave RSA creada. No deberÃa ser menor de 1024 " +"bits porque se considera inseguro, además probablemente no necesite más de " +"4096 bits porque sólo ralentiza el proceso de autenticación y no es " +"necesario en estos momentos." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Create a self-signed X.509 certificate?" +msgstr "¿Desea crear un certificado X.509 auto-firmado?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Sólo los certificados X.509 se pueden crear automáticamente, porque de otro " +"modo la Autoridad de Certificación (CA) se necesitará para firmar la " +"petición del certificado. Si escoge crear un certificado auto-firmado, puede " +"utilizarlo inmediatamente para conectar a otras máquinas IPsec que permitan " +"la autenticación de conexiones IPsec con certificados X.509. Sin embargo, si " +"se utilizan las funcionalidades PKI de StrongSwan se necesita que todos los " +"certificados estén firmados por una única Autoridad de Certificación para " +"crear una ruta segura." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Si no escoge crear un certificado auto-firmado, sólo se crearán las " +"peticiones de la clave privada y la petición del certificado, y tendrá que " +"firmar la petición del certificado con su Autoridad de Certificación." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "Country code for the X.509 certificate request:" +msgstr "Código del paÃs para la petición del certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Introduzca el código de dos letras para el paÃs en el que el servidor está " +"ubicado (por ejemplo «ES» para España)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL rechazará generar un certificado a menos que este campo sea un " +"código de paÃs ISO-3166 válido, además no se permite que este campo se deje " +"en blanco." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Estado o provincia para la petición del certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Introduzca el nombre completo del estado o la provincia en la que el " +"servidor está ubicado (por ejemplo «Comunidad de Madrid»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Localidad para la petición del certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Introduzca la localidad en la que el servidor está ubicado (normalmente una " +"ciudad, por ejemplo «Madrid»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Nombre de la organización para la petición del certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Introduzca la organización a la que el servidor pertenece (por ejemplo " +"«Debian»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Unidad de la organización para la petición del certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Introduzca el nombre de la unidad de la organización (o departamento) a la " +"que el servidor pertenece (por ejemplo «departamento de seguridad»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Nombre Común (CN) para la petición del certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Introduzca el Nombre Común (CN) de esta máquina (por ejemplo «gateway." +"example.org»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Email address for the X.509 certificate request:" +msgstr "" +"Dirección de correo electrónico para la petición del certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Introduzca la dirección de correo electrónico del responsable individual o " +"de la organización del certificado X.509." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "Enable opportunistic encryption?" +msgstr "¿Desea activar el cifrado oportunÃstico?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Esta versión de StrongSwan permite utilizar cifrado oportunÃstico " +"(«Opportunistic Encryption», OE), que almacena la información de la " +"autenticación de IPSec en los registros del DNS. Hasta que esto esté " +"ampliamente difundido, activarlo puede causar un gran retraso para cada " +"conexión saliente." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the pluto daemon " +"starts." +msgstr "" +"Sólo deberÃa activar el cifrado oportunÃstico si está seguro que lo quiere. " +"Esto puede romper la conexión a internet (la ruta predeterminada) cuando el " +"demonio pluto se inicie." + +#~ msgid "earliest" +#~ msgstr "lo más pronto posible" + +#~ msgid "after NFS" +#~ msgstr "después de NFS" + +#~ msgid "after PCMCIA" +#~ msgstr "después de PCMCIA" + +#~ msgid "When to start strongSwan:" +#~ msgstr "Cuando se iniciará strongSwan:" + +#~ msgid "" +#~ "StrongSwan starts during system startup so that it can protect " +#~ "filesystems that are automatically mounted." +#~ msgstr "" +#~ "StrongSwan se inicia durante el arranque del sistema, de modo que pueda " +#~ "proteger los sistemas de archivos que se montan automáticamente." + +#~ msgid "" +#~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" +#~ " PCMCIA network card, it is best to start strongSwan as soon as\n" +#~ " possible, so that NFS mounts can be secured by IPSec;\n" +#~ " * after NFS: recommended when /usr is mounted through NFS and no\n" +#~ " PCMCIA network card is used;\n" +#~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" +#~ " network card or if it needs keys to be fetched from a locally running " +#~ "DNS\n" +#~ " server with DNSSec support." +#~ msgstr "" +#~ " * lo más pronto posible: si «/usr» no está montado mediante NFS y no usa " +#~ "una\n" +#~ " tarjeta de red PCMCIA, es mejor iniciar strongSwan lo más pronto " +#~ "posible,\n" +#~ " de modo que el montaje de NFS se pueda asegurar mediante IPSec.\n" +#~ " * después de NFS: se recomienda cuando «/usr» se monta mediante NFS y " +#~ "no\n" +#~ " se usa una tarjeta de red PCMCIA.\n" +#~ " * después de PCMCIA: se recomienda si la conexión IPSec usa una tarjeta\n" +#~ " de red PCMCIA o si necesita obtener las claves desde un servidor de " +#~ "DNS local\n" +#~ " compatible con DNSSec." + +#~ msgid "" +#~ "If you don't restart strongSwan now, you should do so manually at the " +#~ "first opportunity." +#~ msgstr "" +#~ "Si no quiere reiniciar strongSwan ahora mismo, deberÃa realizarlo " +#~ "manualmente cuando considere oportuno." + +#~ msgid "Create an RSA public/private keypair for this host?" +#~ msgstr "" +#~ "¿Desea crear un par de claves (pública/privada) RSA para este equipo?" + +#~ msgid "" +#~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " +#~ "authenticate IPSec connections to other hosts. RSA authentication is " +#~ "generally considered more secure and is easier to administer. You can use " +#~ "PSK and RSA authentication simultaneously." +#~ msgstr "" +#~ "StrongSwan puede utilizar una clave pre-compartida («Pre-Shared Key», " +#~ "PSK) o un par de claves RSA para autenticarse en las conexiones IPSec con " +#~ "otras máquinas. La autenticación con RSA se considera, generalmente, más " +#~ "segura y más fácil de administrar. Puede utilizar la autenticación con " +#~ "PSK y con RSA de forma simultánea." + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Si no quiere crear un nuevo par de claves, puede escoger utilizar un par " +#~ "existente en el siguiente paso." + +#~ msgid "" +#~ "The required information can automatically be extracted from an existing " +#~ "X.509 certificate with a matching RSA private key. Both parts can be in " +#~ "one file, if it is in PEM format. You should choose this option if you " +#~ "have such an existing certificate and key file and want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "La información necesaria se puede extraer automáticamente desde un " +#~ "certificado X.509 con una clave privada RSA correspondiente. Ambas partes " +#~ "pueden estar en un único archivo, si está en el formato PEM. DeberÃa " +#~ "escoger esta opción si tiene un certificado y un archivo de clave, y " +#~ "quiere utilizarlo para autenticar las conexiones IPSec." + +#~ msgid "RSA key length:" +#~ msgstr "Longitud de la clave RSA:" + +#~ msgid "" +#~ "Please enter the length of RSA key you wish to generate. A value of less " +#~ "than 1024 bits is not considered secure. A value of more than 2048 bits " +#~ "will probably affect performance." +#~ msgstr "" +#~ "Introduzca la longitud de la clave RSA que quiere generar. Un valor menor " +#~ "de 1024 bits no se considera seguro. Un valor de más de 2048 bits puede " +#~ "afectar al rendimiento." + +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a certificate authority is needed to sign the certificate " +#~ "request." +#~ msgstr "" +#~ "Sólo se pueden crear automáticamente certificados X.509 auto-firmados, " +#~ "porque de otro modo se necesitarÃa una autoridad de certificación para " +#~ "firmar la petición del certificado." + +#~ msgid "" +#~ "If you accept this option, the certificate created can be used " +#~ "immediately to connect to other IPSec hosts that support authentication " +#~ "via an X.509 certificate. However, using strongSwan's PKI features " +#~ "requires a trust path to be created by having all X.509 certificates " +#~ "signed by a single authority." +#~ msgstr "" +#~ "Si acepta esta opción, el certificado creado se puede utilizar " +#~ "inmediatamente para conectar a otras máquinas de IPSec que permitan la " +#~ "autenticación mediante un certificado X.509. Sin embargo, si se utilizan " +#~ "las funcionalidades PKI de strongSwan se requiere crear una ruta de " +#~ "confianza para tener todos los certificados X.509 firmados por una única " +#~ "autoridad." + +#~ msgid "" +#~ "Please enter the two-letter ISO3166 country code that should be used in " +#~ "the certificate request." +#~ msgstr "" +#~ "Introduzca el código ISO3166 de dos letras del paÃs que se deberÃa " +#~ "utilizar en la petición del certificado." + +#~ msgid "" +#~ "This field is mandatory; otherwise a certificate cannot be generated." +#~ msgstr "" +#~ "Este campo es obligatorio, de otro modo no se podrÃa generar un " +#~ "certificado." + +#~ msgid "" +#~ "Please enter the locality name (often a city) that should be used in the " +#~ "certificate request." +#~ msgstr "" +#~ "Introduzca el nombre de la localidad (normalmente una ciudad) que se " +#~ "deberÃa usar en la petición del certificado." + +#~ msgid "" +#~ "Please enter the organization name (often a company) that should be used " +#~ "in the certificate request." +#~ msgstr "" +#~ "Introduzca el nombre de la organización (normalmente una compañÃa) que se " +#~ "deberÃa usar en la petición del certificado." + +#~ msgid "" +#~ "Please enter the common name (such as the host name of this machine) that " +#~ "should be used in the certificate request." +#~ msgstr "" +#~ "Introduzca el nombre común (como el nombre de la máquina) que se deberÃa " +#~ "usar en la petición del certificado." diff --git a/debian/po/eu.po b/debian/po/eu.po new file mode 100644 index 000000000..0b672b811 --- /dev/null +++ b/debian/po/eu.po @@ -0,0 +1,470 @@ +# translation of strongswan_4.4.1-5.1_eu.po to Basque +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Piarres Beobide <pi@beobide.net>, 2009. +# Iñaki Larrañaga Murgoitio <dooteo@zundan.com>, 2010. +msgid "" +msgstr "" +"Project-Id-Version: strongswan_4.4.1-5.1_eu\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2010-08-16 14:23+0200\n" +"PO-Revision-Date: 2010-11-16 20:23+0100\n" +"Last-Translator: Iñaki Larrañaga Murgoitio <dooteo@zundan.com>\n" +"Language-Team: Basque <debian-l10n-basque@lists.debian.org>\n" +"Language: eu\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Exekuzio-mailaren kudeaketa zaharra ordeztuta" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"strongSwan paketearen aurreko bertsioak hiru Abiarazte-/Gelditzen-maila " +"desberdinen arteko aukera eskaintzen zuen. Sistemaren abioaren prozedura " +"arruntean aldaketak gertatu direnez, ez dira beharrezkoak edo erabilgarriak. " +"Instalazio berri guztientzako, aurredefinitutako moduetako batean " +"exekutatzen diren zaharretan ere, zentzuzko maila lehenetsiak ezarriko dira " +"orain. Aurreko bertsiotik eguneratzen ari bazara, eta strongSwan-en abioko " +"parametroak aldatu bazenituen, irakur ezazu NEWS.Debian fitxategia. " +"konfigurazioa modu egokian nola aldatzen den jakiteko." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Berrabiarazi StrongSwan orain?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"StrongSwan berrabiaraztea gomendatzen da segurtasunezko konponketa bat " +"badago ez baita ezarriko daemona berrabiarazi artea. Erabiltzaile gehienek " +"daemona berrabiaraztea espero dutenez, burutazio ona da hori. Hala ere, " +"honek martxan dauden konexioak itxi eta gero berriz abiaraziko ditu. Hori " +"dela eta, eguneraketa honetan strongSwan tunela erabiltzen ari bazara, ez da " +"gomendatzen berrabiaraztea." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's IKEv1 daemon?" +msgstr "StrongSwan-ren IKEv1 daemona abiarazi?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The pluto daemon must be running to support version 1 of the Internet Key " +"Exchange protocol." +msgstr "" +"'pluto' daemona exekutatzen egon behar da Interneteko Gakoen Trukaketa (IKE) " +"protokoloaren lehen bertsioa onartzeko." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Start strongSwan's IKEv2 daemon?" +msgstr "StrongSwan-ren IKEv2 daemona abiarazi?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"The charon daemon must be running to support version 2 of the Internet Key " +"Exchange protocol." +msgstr "" +"'charon' daemona exekutatzen egon behar da Interneteko Gakoen Trukaketa " +"(IKE) protokoloaren lehen bertsioa onartzeko." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "Use an X.509 certificate for this host?" +msgstr "X.509 ziurtagiria erabili ostalari honentzako?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Ostalari honentzako X.509 ziurtagiri bat automatikoki sor edo inportatu " +"daiteke. Beste ostalariekin IPsec bidez konektatzean autentifikatzeko " +"erabili daiteke, eta hobetsitako bidea da IPsec konexio seguruak " +"eraikitzeko. Beste aukera bat ezkutukoak (tunelaren bi aldeetan berdinak " +"diren pasahitzak) partekatzea litzateke konexio bat autentifikatzeko, baina " +"konexio kopuru handi batentzako gakoetan oinarritutako autentifikazioa " +"errazagoa eta askoz ere seguruagoa da kudeatzeko." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Bestela, aukera hau ukatu dezakezu eta beranduago itzuli \"dpkg-reconfigure " +"strongswan\" komandoa erabiliz." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "create" +msgstr "sortu" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "import" +msgstr "inportatu" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "Metodoa ostalari hau X.509 ziurtagiria erabiliz autentifikatzeko:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"X.509 ziurtagiri berri bat sor daiteke erabiltzaileak definitutako " +"ezarpenekin edo PEM fitxategietan gordetako gako publiko eta pribatuak " +"inportatu daiteke IPsec konexioak autentifikatzeko." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"X.509 ziurtagiri berri bat sortzea hautatzen baduzu aurrenik, eta sortzeko " +"lanak hasi aurretik, erantzun beharreko galdera batzuk egingo zaizkizu. " +"Jakin ezazu gako publikoa existitzen den Ziurtagiri-emaile batek sinatzea " +"nahi baduzu, ez zenukeela sortu beharko auto-sinatutako sinatzen duen " +"ziurtagiririk, eta emandako erantzun guztiak zehatz-meatz ZEren " +"eskakizunekin bat etorri beharko dutela, bestela ziurtagiriaren eskaera " +"ukatu egingo baita." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Existitzen den gako publiko eta pribatua inportatzea nahi izanez gero, haien " +"fitxategi-izenak eskatuko zaizkizu (berdinak izango dira bi zatiak fitxategi " +"batean gordeta badaude). Aukeran ziurtagiri-emailearen gako publikoa duen " +"fitxategia ere zehaz dezakezu, baina fitxategi hau ezin da aurrekoen berdina " +"izan. Kontuz ibili, X.509 ziurtagirien formatua PEM izan behar duelako, eta " +"gako pribatua ezin delako enkriptatuta egon, bestela inportatzeko prozesuak " +"huts egingo bait luke." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Zure PEM formatuko X.509 ziurtagiriaren fitxategi-izena :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Idatzi zure PEM formatuko X.509 ziurtagiria duen fitxategiaren bide-izen " +"osoa." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 private key:" +msgstr "PEM formatuko X.509 gako pribatuaren fitxategi-izena :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Idatzi dagoen zure PEM formatuko X.509 ziurtagiriaren pareko RSA gako " +"pribatua duen fitxategiaren kokapen osoa. Hau X.509 ziurtagiriaren fitxategi " +"berdina izan daiteke." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "PEM formatuko X.509 ziurtagiriaren fitxategi-izena:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Aukeran X.509 Ziurtagiri-emailearen erroa duen fitxategiaren kokalekua idatz " +"dezakezu zure ziurtagiria PEM formatuan sinatzeko. Ez badaukazu do ez baduzu " +"hori erabiltzerik nahi, utzi eremu hau hutsik. Jakin ezazu ezin dela gorde " +"erroko ZE (RootCA) zure X.509 ziurtagiria edo gako pribatua duen fitxategi " +"berdinean." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Sartu sortutako RSA gakoak edukiko duen luzera:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Sartu sortutako RSA gakoaren luzera. Ez luke 1024 bit baino txikiagoa izan " +"behar ez-segurutzat jotzen delako, eta litekeena da 4096 bit baino luzeagoa " +"behar ez izatea, autentifikatzeko prozesua soilik moteltzen duelako eta " +"unean ez delako behar." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Sortu auto-sinatutako X.509 ziurtagiria?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Soilik auto-sinatutako X.509 ziurtagiriak sor daitezke automatikoki, bestela " +"Ziurtagiri-emailea behar delako ziurtagiriaren eskaera sinatzeko. Auto-" +"sinatutako ziurtagiria sortzea aukeratzen baduzu, ziurtagiri hori berehala " +"erabil dezakezu X.509 ziurtagiria onartzen duten beste IPsec ostalariekin " +"IPsec konexioak autentifikatzeko. Hala ere, strongSwan-en PKI eginbidea " +"erabiltzeak ziurtagiri guztiak Ziurtagiri-emaile batek sinatuta egotea " +"eskatzen du bide fidagarri bat sortzeko." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Ez baduzu auto-sinatutako ziurtagiri bat sortzea aukeratzen, soilik RSAren " +"gako pribatua eta ziurtagiriaren eskaera sortuko dira, eta ziurtagiriaren " +"eskaera zure Ziurtagiri-emailearekin sinatu beharko duzu." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "Country code for the X.509 certificate request:" +msgstr "X.509 ziurtagiriaren eskaeraren herrialdearen kodea:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Sartu zerbitzaria kokatuta dagoen herrialdeari dagokion bi hizkiko kodea " +"(hala nola \"AT\" Austriarentzako)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL-ek ukatu egingo du ziurtagiri bat sortzea baldin eta herrialdearen " +"baliozko ISO-3166 kodea ez bada. X.509 ziurtagiriko beste edozer eremu " +"hutsik egon daiteke, baina ez eremu hau." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "State or province name for the X.509 certificate request:" +msgstr "X.509 ziurtagiri eskaeraren estatu edo probintziaren izena:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Idatzi zerbitzaria kokatuta dagoen estatu edo probintziaren izen osoa " +"(adibidez, \"Goiko Austria\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Locality name for the X.509 certificate request:" +msgstr "X.509 ziurtagiri eskaeraren herriaren izena:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Idatzi zerbitzaria kokatuta dagoen kokalekua (normalean herria, adibidez, " +"\"Bilbo\"). " + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organization name for the X.509 certificate request:" +msgstr "X.509 ziurtagiri eskaeraren erakundearen izena:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "Idatzi zerbitzaria duen erakundea (adibidez, \"Debian\")" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "X.509 ziurtagiri eskaeraren saila:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "Idatzi zerbitzaria duen saila (adibidez, \"segurtasunaren taldea\")" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Common Name for the X.509 certificate request:" +msgstr "X.509 ziurtagiri eskaeraren izen arrunta:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Idatzi ostalari honen izen arrunta (adibidez, \"atebidea.adibidea.org\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Email address for the X.509 certificate request:" +msgstr "X.509 ziurtagiri eskaeraren helbide elektronikoa:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Idatzi X.509 ziurtagiriaren ardura duen pertsona edo erakundearen helbide " +"elektronikoa." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "Enable opportunistic encryption?" +msgstr "Gaitu enkriptazio oportunista?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"StrongSwan bertsio honek aukerako enkriptazio oportunistaren (OE) euskarria " +"du, honek IPSec autentifikazio informazioa DNS erregistroetan gordetzen " +"ditu. Hau guztiz garatua ez dagoenez gaitzeak kanporako konexio berri " +"guztien atzerapen esanguratsu bat eragin dezake." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the pluto daemon " +"starts." +msgstr "" +"Enkriptazio oportunista behar duzula ziur bazaude bakarrik gaitu beharko " +"zenuke. Interneteko konexioak moztuko dira (lehenetsitako atebidea) pluto " +"daemona abiaraztean." diff --git a/debian/po/fi.po b/debian/po/fi.po new file mode 100644 index 000000000..1b226f9a9 --- /dev/null +++ b/debian/po/fi.po @@ -0,0 +1,664 @@ +# Copyright (C) 2009 +# This file is distributed under the same license as the strongswan package. +# +# Esko Arajärvi <edu@iki.fi>, 2009. +msgid "" +msgstr "" +"Project-Id-Version: strongswan\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2010-08-09 12:15+0200\n" +"PO-Revision-Date: 2009-05-25 14:49+0100\n" +"Last-Translator: Esko Arajärvi <edu@iki.fi>\n" +"Language-Team: Finnish <debian-l10n-finnish@lists.debian.org>\n" +"Language: fi\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 0.3\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Käynnistetäänkö strongSwan uudelleen nyt?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +#, fuzzy +#| msgid "" +#| "Restarting strongSwan is recommended, because if there is a security fix, " +#| "it will not be applied until the daemon restarts. However, this might " +#| "close existing connections and then bring them back up." +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such " +"a strongSwan tunnel to connect for this update, restarting is not " +"recommended." +msgstr "" +"On suositeltavaa käynnistää strongSwan-taustaohjelma uudelleen, koska " +"mahdolliset tietoturvapäivitykset eivät tule käyttöön ennen tätä. Tämä " +"saattaa kuitenkin katkaista olemassa olevat yhteydet ja avata ne sitten " +"uudelleen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's IKEv1 daemon?" +msgstr "Käynnistetäänkö strongSwanin IKEv1-taustaohjelma?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The pluto daemon must be running to support version 1 of the Internet Key " +"Exchange protocol." +msgstr "" +"Internet Key Exchange -protokollan version 1 tuki vaatii, että pluto-" +"taustaohjelma on käynnissä." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Start strongSwan's IKEv2 daemon?" +msgstr "Käynnistetäänkö strongSwanin IKEv2-taustaohjelma?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"The charon daemon must be running to support version 2 of the Internet Key " +"Exchange protocol." +msgstr "" +"Internet Key Exchange -protokollan version 2 tuki vaatii, että charon-" +"taustaohjelma on käynnissä." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +#, fuzzy +#| msgid "Use an existing X.509 certificate for strongSwan?" +msgid "Use an X.509 certificate for this host?" +msgstr "Tulisiko strongSwanin käyttää olemassa olevaa X.509-varmennetiedostoa?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "create" +msgstr "" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "import" +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +#, fuzzy +#| msgid "File name of your X.509 certificate in PEM format:" +msgid "File name of your PEM format X.509 certificate:" +msgstr "PEM-muodossa olevan X.509-varmennetiedoston nimi:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +#, fuzzy +#| msgid "" +#| "Please enter the full location of the file containing your X.509 " +#| "certificate in PEM format." +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Anna PEM-muodossa olevan, X.509-varmenteen sisältävän tiedoston täydellinen " +"polku." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +#, fuzzy +#| msgid "File name of your existing X.509 private key in PEM format:" +msgid "File name of your PEM format X.509 private key:" +msgstr "PEM-muotoisen, olemassa olevan, salaisen X.509-avaimen tiedostonimi:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +#, fuzzy +#| msgid "" +#| "Please enter the full location of the file containing the private RSA key " +#| "matching your X.509 certificate in PEM format. This can be the same file " +#| "as the X.509 certificate." +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Anna PEM-muodossa olevaan X.509-varmenteeseen täsmäävän salaisen RSA-avaimen " +"täydellinen polku. Tämä voi olla sama tiedosto kuin X.509-varmenteen " +"sisältävä." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +#, fuzzy +#| msgid "File name of your X.509 certificate in PEM format:" +msgid "File name of your PEM format X.509 RootCA:" +msgstr "PEM-muodossa olevan X.509-varmennetiedoston nimi:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Please enter which length the created RSA key should have:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +#, fuzzy +#| msgid "Create a self-signed X.509 certificate?" +msgid "Create a self-signed X.509 certificate?" +msgstr "Luodaanko itseallekirjoitettu X.509-varmenne?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +#, fuzzy +#| msgid "" +#| "If you do not accept this option, only the RSA private key will be " +#| "created, along with a certificate request which you will need to have " +#| "signed by a certificate authority." +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Jos et valitse tätä vaihtoehtoa, luodaan vain salainen RSA-avain ja " +"varmennepyyntö, joka pitää lähettää ulkoisen varmentajan " +"allekirjoitettavaksi." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +#, fuzzy +#| msgid "Country code for the X.509 certificate request:" +msgid "Country code for the X.509 certificate request:" +msgstr "X.509-varmennepyynnön maakoodi:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +#, fuzzy +#| msgid "State or province name for the X.509 certificate request:" +msgid "State or province name for the X.509 certificate request:" +msgstr "X.509-varmennepyynnön osavaltio, lääni tai maakunta:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +#, fuzzy +#| msgid "" +#| "Please enter the full name of the state or province to include in the " +#| "certificate request." +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Anna varmennepyyntöön sisällytettävä osavaltion, läänin tai maakunnan koko " +"nimi." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +#, fuzzy +#| msgid "Locality name for the X.509 certificate request:" +msgid "Locality name for the X.509 certificate request:" +msgstr "X.509-varmennepyynnön paikkakunta:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +#, fuzzy +#| msgid "Organization name for the X.509 certificate request:" +msgid "Organization name for the X.509 certificate request:" +msgstr "X.509-varmennepyynnön järjestön nimi:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +#, fuzzy +#| msgid "Organizational unit for the X.509 certificate request:" +msgid "Organizational unit for the X.509 certificate request:" +msgstr "X.509-varmennepyynnön järjestön yksikkö:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +#, fuzzy +#| msgid "Organizational unit for the X.509 certificate request:" +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "X.509-varmennepyynnön järjestön yksikkö:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +#, fuzzy +#| msgid "Common name for the X.509 certificate request:" +msgid "Common Name for the X.509 certificate request:" +msgstr "X.509-varmennepyynnön yleinen nimi:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +#, fuzzy +#| msgid "Email address for the X.509 certificate request:" +msgid "Email address for the X.509 certificate request:" +msgstr "X.509-varmennepyynnön sähköpostiosoite:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +#, fuzzy +#| msgid "" +#| "Please enter the email address (for the individual or organization " +#| "responsible) that should be used in the certificate request." +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Anna varmennepyynnössä käytettävä sähköpostiosoite (yksityinen ja järjestön)." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "Enable opportunistic encryption?" +msgstr "Käytetäänkö opportunistista salausta?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"StrongSwanin tämä versio tukee opportunistista salausta (opportunistic " +"encryption, OE), joka tallentaa IPSec-varmennustietoja DNS-tietueisiin. " +"Ennen kuin tämä käytäntö yleistyy laajalti, sen käyttö aiheuttaa merkittävän " +"viiveen jokaiseen uuteen ulospäin otettavaan yhteyteen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the pluto daemon " +"starts." +msgstr "" +"Valitse opportunistinen salaus vain, jos olet varma, että haluat sen " +"käyttöön. Se saattaa rikkoa Internet-yhteyden (oletusreitityksen), kun pluto-" +"taustaohjelma käynnistyy." + +#, fuzzy +#~| msgid "When to start strongSwan:" +#~ msgid "Do you wish to restart strongSwan?" +#~ msgstr "Koska strongSwan käynnistetään:" + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "Please enter the location of your X509 certificate in PEM format:" +#~ msgstr "" +#~ "Anna PEM-muodossa olevan, X.509-varmenteen sisältävän tiedoston " +#~ "täydellinen polku." + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "Please enter the location of your X509 private key in PEM format:" +#~ msgstr "" +#~ "Anna PEM-muodossa olevan, X.509-varmenteen sisältävän tiedoston " +#~ "täydellinen polku." + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "You may now enter the location of your X509 RootCA in PEM format:" +#~ msgstr "" +#~ "Anna PEM-muodossa olevan, X.509-varmenteen sisältävän tiedoston " +#~ "täydellinen polku." + +#, fuzzy +#~| msgid "" +#~| "Please enter the two-letter ISO3166 country code that should be used in " +#~| "the certificate request." +#~ msgid "" +#~ "Please enter the 2 letter country code for your country. This code will " +#~ "be placed in the certificate request." +#~ msgstr "" +#~ "Anna varmennepyynnössä käytettävä kaksikirjaiminen ISO-3166-maakoodi." + +#, fuzzy +#~| msgid "" +#~| "Please enter the locality name (often a city) that should be used in the " +#~| "certificate request." +#~ msgid "" +#~ "Please enter the locality (e.g. city) where you live. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Anna varmennepyynnössä käytettävä paikkakunnan nimi (usein kaupunki)." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization name (often a company) that should be used " +#~| "in the certificate request." +#~ msgid "" +#~ "Please enter the organization (e.g. company) that the X509 certificate " +#~ "should be created for. This name will be placed in the certificate " +#~ "request." +#~ msgstr "Anna varmennepyynnössä käytettävä järjestön nimi (usein yritys)." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organizational unit name (often a department) that " +#~| "should be used in the certificate request." +#~ msgid "" +#~ "Please enter the organizational unit (e.g. section) that the X509 " +#~ "certificate should be created for. This name will be placed in the " +#~ "certificate request." +#~ msgstr "" +#~ "Valitse varmennepyynnössä käytettävä järjestön yksikkö (usein osasto)." + +#, fuzzy +#~| msgid "" +#~| "Please enter the common name (such as the host name of this machine) " +#~| "that should be used in the certificate request." +#~ msgid "" +#~ "Please enter the common name (e.g. the host name of this machine) for " +#~ "which the X509 certificate should be created for. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Anna varmennepyynnössä käytettävä yleinen nimi (kuten tämän koneen " +#~ "verkkonimi)." + +#~ msgid "earliest" +#~ msgstr "mahdollisimman aikaisin" + +#~ msgid "after NFS" +#~ msgstr "NFS:n jälkeen" + +#~ msgid "after PCMCIA" +#~ msgstr "PCMCIA:n jälkeen" + +#~ msgid "" +#~ "StrongSwan starts during system startup so that it can protect " +#~ "filesystems that are automatically mounted." +#~ msgstr "" +#~ "StrongSwan käynnistetään järjestelmän käynnistyessä, jotta se voi " +#~ "suojella automaattisesti liitettäviä levyjärjestelmiä." + +#~ msgid "" +#~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" +#~ " PCMCIA network card, it is best to start strongSwan as soon as\n" +#~ " possible, so that NFS mounts can be secured by IPSec;\n" +#~ " * after NFS: recommended when /usr is mounted through NFS and no\n" +#~ " PCMCIA network card is used;\n" +#~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" +#~ " network card or if it needs keys to be fetched from a locally running " +#~ "DNS\n" +#~ " server with DNSSec support." +#~ msgstr "" +#~ "* mahdollisimman aikaisin: Jos hakemistoa /usr ei liitetä NFS:n avulla,\n" +#~ " eikä käytössä ole PCMCIA-verkkokortteja, strongSwan kannattaa\n" +#~ " käynnistää mahdollisimman aikaisin, jotta liitettävät NFS-järjestelmät\n" +#~ " voidaan suojata IPSecillä.\n" +#~ "* NFS:n jälkeen: suositeltava, kun käytössä ei ole PCMCIA-verkkokortteja\n" +#~ " ja /usr liitetään NFS:n avulla.\n" +#~ "* PCMCIA:n jälkeen: suositeltava, jos IPSec-yhteys käyttää\n" +#~ " PCMCIA-verkkokorttia tai hakee avaimia paikalliselta DNS-palvelimelta\n" +#~ " DNSSec-tuen avulla." + +#~ msgid "" +#~ "If you don't restart strongSwan now, you should do so manually at the " +#~ "first opportunity." +#~ msgstr "" +#~ "Jos et käynnistä strongSwania nyt uudelleen, tee se käsin mahdollisimman " +#~ "pian." + +#~ msgid "Create an RSA public/private keypair for this host?" +#~ msgstr "" +#~ "Luodaanko tälle koneelle julkisesta ja salaisesta avaimesta koostuva RSA-" +#~ "avainpari?" + +#~ msgid "" +#~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " +#~ "authenticate IPSec connections to other hosts. RSA authentication is " +#~ "generally considered more secure and is easier to administer. You can use " +#~ "PSK and RSA authentication simultaneously." +#~ msgstr "" +#~ "StrongSwan voi käyttää ennalta vaihdettua avainta (Pre-Shared Key, PSK) " +#~ "tai RSA-avainparia varmentaessaan IPSec-yhteyksiä toisiin koneisiin. RSA-" +#~ "varmennusta pidetään yleisesti turvallisempana ja helpommin " +#~ "ylläpidettävänä. PSK- ja RSA-varmennuksia voidaan käyttää yhtä aikaa." + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Jos et halua luoda uutta avainparia, voi valita olemassa olevan parin " +#~ "seuraavassa vaiheessa." + +#~ msgid "" +#~ "The required information can automatically be extracted from an existing " +#~ "X.509 certificate with a matching RSA private key. Both parts can be in " +#~ "one file, if it is in PEM format. You should choose this option if you " +#~ "have such an existing certificate and key file and want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "Vaadittavat tiedot voidaan automaattisesti erottaa olemassa olevasta " +#~ "X.509-varmennetiedostosta täsmäävällä salaisella RSA-avaimella. Avaimen " +#~ "molemmat osat voivat olla samassa tiedostossa, jos se on PEM-muodossa. " +#~ "Valitse tämä vaihtoehto, jos tällaiset varmenne- ja avaintiedostot ovat " +#~ "olemassa ja haluat käyttää niitä IPSec-yhteyksien varmentamiseen." + +#~ msgid "RSA key length:" +#~ msgstr "RSA-avaimen pituus:" + +#~ msgid "" +#~ "Please enter the length of RSA key you wish to generate. A value of less " +#~ "than 1024 bits is not considered secure. A value of more than 2048 bits " +#~ "will probably affect performance." +#~ msgstr "" +#~ "Anna luotavan RSA-avaimen pituus. 1024 bittiä lyhyempiä avaimia ei pidetä " +#~ "turvallisina. 2048 bittiä pidemmät avaimet luultavasti heikentävät " +#~ "suorituskykyä." + +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a certificate authority is needed to sign the certificate " +#~ "request." +#~ msgstr "" +#~ "Vain itseallekirjoitettu X.509-varmenne voidaan luoda automaattisesti, " +#~ "koska muussa tapauksessa tarvitaan ulkoinen varmentaja allekirjoittamaan " +#~ "varmennepyyntö." + +#~ msgid "" +#~ "If you accept this option, the certificate created can be used " +#~ "immediately to connect to other IPSec hosts that support authentication " +#~ "via an X.509 certificate. However, using strongSwan's PKI features " +#~ "requires a trust path to be created by having all X.509 certificates " +#~ "signed by a single authority." +#~ msgstr "" +#~ "Jos valitset tämän vaihtoehdon, luotua varmennetta voidaan heti käyttää " +#~ "yhteyksien ottamiseen toisiin IPSEc-koneisiin, jotka tukevat " +#~ "varmentamista X.509-varmenteilla. StrongSwanin PKI-ominaisuuksien käyttö " +#~ "kuitenkin vaatii varmennuspolun, jossa sama varmentaja on " +#~ "allekirjoittanut kaikki X.509-varmenteet." + +#~ msgid "" +#~ "This field is mandatory; otherwise a certificate cannot be generated." +#~ msgstr "Tämä kenttä on pakollinen. Ilman sitä varmennetta ei voida luoda." diff --git a/debian/po/fr.po b/debian/po/fr.po new file mode 100644 index 000000000..22a9f6bc7 --- /dev/null +++ b/debian/po/fr.po @@ -0,0 +1,1040 @@ +# Translation of strongswan debconf templates to French +# Copyright (C) 2005-2007 Christian Perrier <bubulle@debian.org> +# This file is distributed under the same license as the strongswan package. +# +# Christian Perrier <bubulle@debian.org>, 2005-2007, 2009, 2010. +msgid "" +msgstr "" +"Project-Id-Version: strongswan\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2010-08-09 12:15+0200\n" +"PO-Revision-Date: 2010-06-24 22:17+0200\n" +"Last-Translator: Christian Perrier <bubulle@debian.org>\n" +"Language-Team: French <debian-l10n-french@lists.debian.org>\n" +"Language: fr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.0\n" +"Plural-Forms: Plural-Forms: nplurals=2; plural=n>1;\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Abandon de l'ancien système de lancement" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Les versions précédentes du paquet de stronSwan permettaient de choisir " +"entre trois séquences possibles de lancement au démarrage de la machine. " +"Comme l'organisation générale des scripts de lancement a été profondément " +"modifiée dans le système, cela n'est désormais plus utile. Pour toutes les " +"nouvelles installations, ainsi que pour les anciennes qui fonctionnaient " +"selon un des trois modes prédéfinis, une séquence de lancement sûre va être " +"mise en place. Si vous effectuez une mise à jour et aviez modifié les " +"paramètres de lancement de strongSwan, veuillez consulter le fichier NEWS." +"Debian pour trouver les informations qui vous permettront d'adapter vos " +"réglages." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Faut-il redémarrer StrongSwan maintenant ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such " +"a strongSwan tunnel to connect for this update, restarting is not " +"recommended." +msgstr "" +"Redémarrer strongSwan est préférable car un éventuel correctif de sécurité " +"ne prendra effet que si le démon est redémarré. La plupart des utilisateurs " +"s'attendent à ce que le démon redémarre et c'est donc le plus souvent le " +"meilleur choix. Cependant, cela pourrait interrompre provisoirement des " +"connexions en cours, y compris la connexion utilisée actuellement pour cette " +"mise à jour. En conséquence, il est déconseillé de redémarrer si le tunnel " +"est utilisé pour l'administration du système." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's IKEv1 daemon?" +msgstr "Faut-il démarrer le démon IKEv1 de StrongSwan ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The pluto daemon must be running to support version 1 of the Internet Key " +"Exchange protocol." +msgstr "" +"Le démon « pluto » doit fonctionner pour que la version 1 du protocole IKE " +"(Internet Key Exchange) puisse être gérée." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Start strongSwan's IKEv2 daemon?" +msgstr "Faut-il démarrer le démon IKEv2 de StrongSwan ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"The charon daemon must be running to support version 2 of the Internet Key " +"Exchange protocol." +msgstr "" +"Le démon « charon » doit fonctionner pour que la version 2 du protocole IKE " +"(Internet Key Exchange) puisse être gérée." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "Use an X.509 certificate for this host?" +msgstr "Faut-il utiliser un certificat X.509 existant avec cet hôte ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Un certificat X.509 peut être créé automatiquement ou importé, pour cet " +"hôte. Il peut servir à authentifier des connexions IPSec vers d'autres " +"hôtes, ce qui est la méthode conseillée pour l'établissement de liaisons " +"IPSec sûres. L'autre possibilité d'authentification à la connexion est " +"l'utilisation d'un secret partagé (« pre-shared key » : des mots de passe " +"identiques aux deux extrémités du tunnel). Toutefois, pour de nombreuses " +"connexions, l'authentification à base de clés est plus simple à administrer " +"et plus sûre." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Vous pouvez ne pas choisir cette option et y revenir plus tard avec la " +"commande « dpkg-reconfigure strongswan »." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "create" +msgstr "Créer" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "import" +msgstr "Importer" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"Méthode de mise en place d'un certificat X.509 pour l'authentification de " +"cet hôte :" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Pour l'authentification des connexions IPsec, il est possible de créer un " +"nouveau certificat X.509 avec des réglages personnalisés ou importer une " +"paire de clés publique et privée depuis un ou plusieurs fichiers PEM." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Si vous choisissez de créer un nouveau certificat X.509, vous devrez fournir " +"plusieurs informations avant la création. Veuillez noter que si vous " +"souhaitez utiliser un certificat signé par une autorité de certification, " +"vous ne devez pas choisir de créer un certificat auto-signé et devrez donner " +"exactement les réponses souhaitées par l'autorité de certification sinon la " +"requête de certificat risquerait d'être rejetée." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Si vous souhaitez importer une paire de clés, vous devrez en fournir les " +"noms de fichiers (qui peuvent être identiques si les parties privée et " +"publique sont dans le même fichier). Vous pourrez facultativement fournir le " +"nom d'un fichier contenant la ou les clés publiques de l'autorité de " +"certification. Ce fichier devra être différent des précédents. Le format des " +"certificats X.509 doit être PEM et la clé privée ne doit pas être chiffrée. " +"Dans le cas contraire, l'importation échouera." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Nom du fichier PEM contenant le certificat X.509 :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Veuillez indiquer l'emplacement du fichier contenant votre certificat X.509 " +"au format PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Nom du fichier PEM contenant la clé privée X.509 :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Veuillez indiquer l'emplacement du fichier contenant la clé privée RSA " +"correspondant au certificat X.509 au format PEM. Cela peut être le fichier " +"qui contient le certificat X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "" +"Nom du fichier PEM contenant le certificat X.509 de l'autorité de " +"certification :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Veuillez indiquer facultativement l'emplacement du fichier (au format PEM) " +"contenant le certificat X.509 de l'autorité de certification qui a signé le " +"certificat que vous avez fourni. Si vous n'utilisez pas d'autorité de " +"certification, vous pouvez laisser ce champ vide. Veuillez noter que ce " +"fichier doit être différent du fichier de certificat X.509 et de la clé " +"privée que vous utilisez." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Longueur de la clé RSA à créer :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Veuillez indiquer la longueur de la clé RSA qui sera créée. Elle ne doit pas " +"être inférieure à 1024 bits car cela serait considéré comme insuffisamment " +"sûr. Un choix excédant 4096 bits est probablement inutile car cela ne fait " +"essentiellement que ralentir le processus d'authentification sans avoir " +"d'intérêt actuellement." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Souhaitez-vous créer un certificat X.509 auto-signé ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Seuls des certificats X.509 auto-signés peuvent être créés automatiquement " +"puisqu'une autorité de certification est indispensable pour signer la " +"demande de certificat. Si vous choisissez de créer un certificat auto-signé, " +"vous pourrez vous en servir immédiatement pour vous connecter aux hôtes qui " +"authentifient les connexions IPsec avec des certificats X.509. Cependant, si " +"vous souhaitez utiliser les nouvelles fonctionnalités PKI de strongSwan, " +"vous aurez besoin que tous les certificats soient signés par la même " +"autorité de certification afin de créer un chemin de confiance." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Si vous ne voulez pas créer de certificat auto-signé, seules la clé privée " +"RSA et la demande de certificat seront créées et vous devrez ensuite faire " +"signer la demande de certificat par votre autorité de certification." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "Country code for the X.509 certificate request:" +msgstr "Code du pays pour la demande de certificat X.509 :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Veuillez indiquer le code à deux lettres du pays où est situé le serveur " +"(p. ex. « FR » pour la France)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"Il est impératif de choisir ici un code de pays ISO-3166 valable sinon " +"OpenSSL refusera de créer les certificats. Tous les autres champs d'un " +"certificat X.509 peuvent être vides, sauf celui-ci." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "State or province name for the X.509 certificate request:" +msgstr "État ou province pour la demande de certificat X.509 :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Veuillez indiquer le nom complet de l'état ou de la province qui sera inclus " +"dans la demande de certificat (p. ex. « Québec »)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Localité pour la demande de certificat X.509 :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Veuillez indiquer la localité où est situé le serveur (ce sera souvent une " +"ville, comme « Montcuq »)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Organisme pour la demande de certificat X.509 :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Veuillez indiquer l'organisme propriétaire du serveur (p. ex. « Debian »)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Unité d'organisation pour la demande de certificat X.509 :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Veuillez indiquer l'unité d'organisation pour la demande de certificat X.509 " +"(p. ex. « Équipe sécurité »)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Nom ordinaire pour la demande de certification X.509 :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Veuillez indiquer le nom ordinaire de ce serveur (ce sera souvent son nom " +"réseau)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Email address for the X.509 certificate request:" +msgstr "Adresse électronique pour la demande de certificat X.509 :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Veuillez indiquer l'adresse électronique de la personne ou de l'organisme " +"responsable du certificat X.509." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "Enable opportunistic encryption?" +msgstr "Faut-il activer le chiffrement opportuniste ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Cette version de strongSwan gère le chiffrement opportuniste (OE) qui " +"conserve les informations d'authentification IPSec dans des enregistrements " +"DNS. Tant que cette fonctionnalité n'est pas déployée largement, l'activer " +"augmentera notablement la durée d'établissement des connexions sortantes." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the pluto daemon " +"starts." +msgstr "" +"Vous ne devriez l'activer que s'il est indispensable de l'utiliser. Il est " +"possible que cela coupe la connexion Internet (la route par défaut) au " +"moment où le démon « pluto » démarre." + +#, fuzzy +#~ msgid "Do you wish to restart strongSwan?" +#~ msgstr "Moment de démarrage de strongSwan :" + +#~ msgid "Please enter the location of your X509 certificate in PEM format:" +#~ msgstr "Emplacement du certificat X509 :" + +#~ msgid "Please enter the location of your X509 private key in PEM format:" +#~ msgstr "Emplacement de la clé privée X509 :" + +#~ msgid "You may now enter the location of your X509 RootCA in PEM format:" +#~ msgstr "Emplacement du certificat X509 de l'autorité de certification :" + +#~ msgid "" +#~ "Please enter the 2 letter country code for your country. This code will " +#~ "be placed in the certificate request." +#~ msgstr "" +#~ "Veuillez indiquer le code à deux lettres de votre pays. Ce code sera " +#~ "inclus dans la demande de certificat." + +#~ msgid "" +#~ "Please enter the locality (e.g. city) where you live. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Veuillez indiquer la localité (p. ex. la ville) où vous résidez. Ce nom " +#~ "sera inclus dans la demande de certificat." + +#~ msgid "" +#~ "Please enter the organization (e.g. company) that the X509 certificate " +#~ "should be created for. This name will be placed in the certificate " +#~ "request." +#~ msgstr "" +#~ "Veuillez indiquer l'organisme (p. ex. l'entreprise) pour qui sera créé le " +#~ "certificat X509. Ce nom sera inclus dans la demande de certificat." + +#~ msgid "" +#~ "Please enter the organizational unit (e.g. section) that the X509 " +#~ "certificate should be created for. This name will be placed in the " +#~ "certificate request." +#~ msgstr "" +#~ "Veuillez indiquer l'unité d'organisation (p. ex. département, division, " +#~ "etc.) pour qui sera créé le certificat X509. Ce nom sera inclus dans la " +#~ "demande de certificat." + +#~ msgid "" +#~ "Please enter the common name (e.g. the host name of this machine) for " +#~ "which the X509 certificate should be created for. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Veuillez indiquer le nom ordinaire (p. ex. le nom réseau de cette " +#~ "machine) pour qui sera créé le certificat X509. Ce nom sera inclus dans " +#~ "la demande de certificat." + +#~ msgid "earliest" +#~ msgstr "Le plus tôt possible" + +#~ msgid "after NFS" +#~ msgstr "Après NFS" + +#~ msgid "after PCMCIA" +#~ msgstr "Après PCMCIA" + +#~ msgid "" +#~ "StrongSwan starts during system startup so that it can protect " +#~ "filesystems that are automatically mounted." +#~ msgstr "" +#~ "StrongSwan est lancé au démarrage du système afin de pouvoir protéger les " +#~ "systèmes de fichiers qui sont montés automatiquement." + +#~ msgid "" +#~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" +#~ " PCMCIA network card, it is best to start strongSwan as soon as\n" +#~ " possible, so that NFS mounts can be secured by IPSec;\n" +#~ " * after NFS: recommended when /usr is mounted through NFS and no\n" +#~ " PCMCIA network card is used;\n" +#~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" +#~ " network card or if it needs keys to be fetched from a locally running " +#~ "DNS\n" +#~ " server with DNSSec support." +#~ msgstr "" +#~ " - Le plus tôt possible : conseillé si /usr n'est pas monté par NFS\n" +#~ " et que vous n'utilisez pas de carte réseau PCMCIA ;\n" +#~ " - Après NFS : recommandé si /usr est un montage NFS et qu'aucune\n" +#~ " carte réseau PCMCIA n'est utilisée ;\n" +#~ " - après PCMCIA : recommandé si la connexion IPSec utilise une carte\n" +#~ " réseau PCMCIA ou s'il est nécessaire de récupérer des clés\n" +#~ " depuis un serveur DNS qui gère DNSSec." + +#~ msgid "" +#~ "If you don't restart strongSwan now, you should do so manually at the " +#~ "first opportunity." +#~ msgstr "" +#~ "Si vous ne redémarrez pas StrongSwan maintenant, il est conseillé de le " +#~ "faire manuellement dès que possible." + +#~ msgid "Create an RSA public/private keypair for this host?" +#~ msgstr "" +#~ "Faut-il créer une paire de clés RSA publique et privée pour cet hôte ?" + +#~ msgid "" +#~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " +#~ "authenticate IPSec connections to other hosts. RSA authentication is " +#~ "generally considered more secure and is easier to administer. You can use " +#~ "PSK and RSA authentication simultaneously." +#~ msgstr "" +#~ "StrongSwan peut utiliser une clé secrète partagée (PSK : « Pre-Shared " +#~ "Key ») ou une paire de clés RSA pour gérer l'authentification des " +#~ "connexions IPSec vers d'autres hôtes. L'authentification RSA est en " +#~ "général considérée comme plus sûre et plus simple à administrer. Les deux " +#~ "modes d'authentification peuvent être utilisés en même temps." + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Si vous ne souhaitez pas créer une paire de clés publique et privée, vous " +#~ "pouvez choisir d'en utiliser une existante." + +#~ msgid "" +#~ "The required information can automatically be extracted from an existing " +#~ "X.509 certificate with a matching RSA private key. Both parts can be in " +#~ "one file, if it is in PEM format. You should choose this option if you " +#~ "have such an existing certificate and key file and want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "L'information nécessaire peut être récupérée depuis un fichier de " +#~ "certificat X.509 existant, avec la clé privée RSA correspondante. Les " +#~ "deux parties peuvent se trouver dans un seul fichier, s'il est en format " +#~ "PEM. Vous devriez choisir cette option si vous possédez un tel certificat " +#~ "ainsi que la clé privée, et si vous souhaitez vous en servir pour " +#~ "l'authentification des connexions IPSec." + +#~ msgid "RSA key length:" +#~ msgstr "Taille de la clé RSA :" + +#~ msgid "" +#~ "Please enter the length of RSA key you wish to generate. A value of less " +#~ "than 1024 bits is not considered secure. A value of more than 2048 bits " +#~ "will probably affect performance." +#~ msgstr "" +#~ "Veuillez indiquer la taille de la clé RSA que vous souhaitez créer. Une " +#~ "valeur inférieure à 1024 bits n'est pas considérée comme sûre. Une valeur " +#~ "supérieure à 2048 bits risque d'altérer les performances." + +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a certificate authority is needed to sign the certificate " +#~ "request." +#~ msgstr "" +#~ "Seuls les certificats X.509 auto-signés peuvent être créés " +#~ "automatiquement car, pour les autres certificats, une autorité de " +#~ "certification est indispensable." + +#~ msgid "" +#~ "If you accept this option, the certificate created can be used " +#~ "immediately to connect to other IPSec hosts that support authentication " +#~ "via an X.509 certificate. However, using strongSwan's PKI features " +#~ "requires a trust path to be created by having all X.509 certificates " +#~ "signed by a single authority." +#~ msgstr "" +#~ "Si vous choisissez cette option, le certificat qui sera créé pourra être " +#~ "utilisé immédiatement pour la connexion à d'autres hôtes IPSec qui gèrent " +#~ "l'authentification par certificat X.509. Cependant l'utilisation des " +#~ "fonctionnalités PKI (« Public Key Infrastructure » : infrastructure " +#~ "publique de clés) de strongSwan impose la création d'un chemin de " +#~ "confiance avec tous les certificats X.509 signés par la même autorité de " +#~ "certification." + +#~ msgid "" +#~ "This field is mandatory; otherwise a certificate cannot be generated." +#~ msgstr "" +#~ "Ce champ est obligatoire, sinon le certificat ne pourra pas être créé." + +#~| msgid "" +#~| "Previous versions of the Openswan package allowed the user to choose " +#~| "between three different Start/Stop-Levels. Due to changes in the " +#~| "standard system startup procedure, this is no longer necessary and " +#~| "useful. For all new installations as well as old ones running in any of " +#~| "the predefined modes, sane default levels set will now be set. If you " +#~| "are upgrading from a previous version and changed your Openswan startup " +#~| "parameters, then please take a look at NEWS.Debian for instructions on " +#~| "how to modify your setup accordingly." +#~ msgid "" +#~ "Previous versions of the Openswan package gave a choice between three " +#~ "different Start/Stop-Levels. Due to changes in the standard system " +#~ "startup procedure, this is no longer necessary or useful. For all new " +#~ "installations as well as old ones running in any of the predefined modes, " +#~ "sane default levels will now be set. If you are upgrading from a previous " +#~ "version and changed your Openswan startup parameters, then please take a " +#~ "look at NEWS.Debian for instructions on how to modify your setup " +#~ "accordingly." +#~ msgstr "" +#~ "Les versions précédentes du paquet d'Openswan permettaient de choisir " +#~ "entre trois séquences possibles de lancement au démarrage de la machine. " +#~ "Comme l'organisation générale des scripts de lancement a été profondément " +#~ "modifiée dans le système, cela n'est désormais plus utile. Pour toutes " +#~ "les nouvelles installations, ainsi que pour les anciennes qui " +#~ "fonctionnaient selon un des trois modes prédéfinis, une séquence de " +#~ "lancement sûre va être mise en place. Si vous effectuez une mise à jour " +#~ "et aviez modifié les paramètres de lancement d'Openswan, veuillez " +#~ "consulter le fichier NEWS.Debian pour trouver les informations qui vous " +#~ "permettront d'adapter vos réglages." + +#~| msgid "Do you wish to restart Openswan?" +#~ msgid "Restart Openswan now?" +#~ msgstr "Souhaitez-vous redémarrer Openswan ?" + +#~| msgid "" +#~| "Restarting Openswan is a good idea, since if there is a security fix, it " +#~| "will not be fixed until the daemon restarts. Most people expect the " +#~| "daemon to restart, so this is generally a good idea. However, this might " +#~| "take down existing connections and then bring them back up (including " +#~| "the connection currently used for this update, so it is recommended not " +#~| "to restart if you are using any of the tunnel for administration)." +#~ msgid "" +#~ "Restarting Openswan is recommended, since if there is a security fix, it " +#~ "will not be applied until the daemon restarts. Most people expect the " +#~ "daemon to restart, so this is generally a good idea. However, this might " +#~ "take down existing connections and then bring them back up, so if you are " +#~ "using such an Openswan tunnel to connect for this update, restarting is " +#~ "not recommended." +#~ msgstr "" +#~ "Redémarrer Openswan est préférable car un éventuel correctif de sécurité " +#~ "ne sera actif que si le démon est redémarré. La plupart des utilisateurs " +#~ "s'attendent à ce que le démon redémarre et c'est donc le plus souvent le " +#~ "meilleur choix. Cependant, cela pourrait interrompre provisoirement des " +#~ "connexions en cours, y compris la connexion utilisée actuellement pour " +#~ "cette mise à jour. En conséquence, il est déconseillé de redémarrer si le " +#~ "tunnel est utilisé pour l'administration du système." + +#~| msgid "" +#~| "If you do not want to this now you can answer \"No\" and later use the " +#~| "command \"dpkg-reconfigure openswan\" to come back." +#~ msgid "" +#~ "Alternatively you can reject this option and later use the command \"dpkg-" +#~ "reconfigure openswan\" to come back." +#~ msgstr "" +#~ "Vous pouvez ne pas choisir cette option et y revenir plus tard avec la " +#~ "commande « dpkg-reconfigure openswan »." + +#~ msgid "Length of RSA key to be created:" +#~ msgstr "Longueur de la clé RSA à créer :" + +#~| msgid "" +#~| "Please enter the length of the created RSA key. It should not be less " +#~| "than 1024 bits because this should be considered unsecure and you will " +#~| "probably not need anything more than 4096 bits because it only slows the " +#~| "authentication process down and is not needed at the moment." +#~ msgid "" +#~ "Please enter the required RSA key-length. Anything under 1024 bits should " +#~ "be considered insecure; anything more than 4096 bits slows down the " +#~ "authentication process and is not useful at present." +#~ msgstr "" +#~ "Veuillez indiquer la longueur de la clé RSA qui sera créée. Elle ne doit " +#~ "pas être inférieure à 1024 bits car cela serait considéré comme " +#~ "insuffisamment sûr. Un choix excédant 4096 bits est probablement inutile " +#~ "car cela ne fait essentiellement que ralentir le processus " +#~ "d'authentification sans avoir d'intérêt actuellement." + +#~| msgid "" +#~| "This installer can only create self-signed X509 certificates " +#~| "automatically, because otherwise a certificate authority is needed to " +#~| "sign the certificate request. If you want to create a self-signed " +#~| "certificate, you can use it immediately to connect to other IPsec hosts " +#~| "that support X509 certificate for authentication of IPsec connections. " +#~| "However, if you want to use the new PKI features of Openswan >= 1.91, " +#~| "you will need to have all X509 certificates signed by a single " +#~| "certificate authority to create a trust path." +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a Certificate Authority is needed to sign the certificate " +#~ "request. If you choose to create a self-signed certificate, you can use " +#~ "it immediately to connect to other IPsec hosts that support X.509 " +#~ "certificate for authentication of IPsec connections. However, using " +#~ "Openswan's PKI features requires all certificates to be signed by a " +#~ "single Certificate Authority to create a trust path." +#~ msgstr "" +#~ "Seuls des certificats X.509 auto-signés peuvent être créés " +#~ "automatiquement puisqu'une autorité de certification est indispensable " +#~ "pour signer la demande de certificat. Si vous choisissez de créer un " +#~ "certificat auto-signé, vous pourrez vous en servir immédiatement pour " +#~ "vous connecter aux hôtes qui authentifient les connexions IPsec avec des " +#~ "certificats X.509. Cependant, si vous souhaitez utiliser les nouvelles " +#~ "fonctionnalités PKI d'Openswan, vous aurez besoin que tous les " +#~ "certificats soient signés par la même autorité de certification afin de " +#~ "créer un chemin de confiance." + +#~ msgid "Modification of /etc/ipsec.conf" +#~ msgstr "Modification de /etc/ipsec.conf" + +#~| msgid "" +#~| "Due to a change in upstream Openswan, opportunistic encryption is no " +#~| "longer enabled by default. The no_oe.conf file that was shipped in " +#~| "earlier versions to explicitly disable it can therefore no longer be " +#~| "included by ipsec.conf. A respective include paragraph will now be " +#~| "automatically removed to ensure that Openswan can start correctly." +#~ msgid "" +#~ "Due to a change in upstream Openswan, opportunistic encryption is no " +#~ "longer enabled by default. The no_oe.conf file that was shipped in " +#~ "earlier versions to explicitly disable it can therefore no longer be " +#~ "included by ipsec.conf. Any such include paragraph will now be " +#~ "automatically removed to ensure that Openswan can start correctly." +#~ msgstr "" +#~ "En raison de modifications dans la version amont d'Openswan, le " +#~ "chiffrement opportuniste n'est plus activé par défaut. Le fichier no_oe." +#~ "conf qui était fourni avec les versions précédentes pour le désactiver " +#~ "explicitement ne peut donc plus être inclus dans ipsec.conf. Toute " +#~ "instruction d'inclusion de ce fichier sera automatiquement retirée afin " +#~ "qu'Openswan puisse démarrer correctement." + +#~ msgid "Example: AT" +#~ msgstr "Exemple : FR" + +#~ msgid "" +#~ "Please enter the state or province name for the X509 certificate request:" +#~ msgstr "État, province ou région :" + +#~ msgid "" +#~ "Please enter the full name of the state or province you live in. This " +#~ "name will be placed in the certificate request." +#~ msgstr "" +#~ "Veuillez indiquer le nom complet de l'état, de la province ou de la " +#~ "région où vous résidez. Ce nom sera inclus dans la demande de certificat." + +#~ msgid "Example: Upper Austria" +#~ msgstr "" +#~ "Exemples : Rhône-Alpes, Brabant Wallon, Bouches du Rhône, Québec, Canton " +#~ "de Vaud" + +#~ msgid "Example: Vienna" +#~ msgstr "Exemple : Saint-Étienne" + +#~ msgid "Example: Debian" +#~ msgstr "Exemple : Debian" + +#~ msgid "Example: security group" +#~ msgstr "Exemple : Département Réseaux et Informatique Scientifique" + +#~ msgid "Example: gateway.debian.org" +#~ msgstr "Exemple : gateway.debian.org" + +#~ msgid "Do you want to create a RSA public/private keypair for this host?" +#~ msgstr "" +#~ "Souhaitez-vous créer une paire de clés RSA publique et privée pour cet " +#~ "hÃŽte ?" + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one." +#~ msgstr "" +#~ "Si vous ne souhaitez pas créer une paire de clés publique et privée, " +#~ "vous pouvez choisir d'en utiliser une existante." + +#~ msgid "x509" +#~ msgstr "X509" + +#~ msgid "plain" +#~ msgstr "Simple paire" + +#~ msgid "" +#~ "It is possible to create a plain RSA public/private keypair for use with " +#~ "Openswan or to create a X509 certificate file which contains the RSA " +#~ "public key and additionally stores the corresponding private key." +#~ msgstr "" +#~ "Il est possible de créer une simple paire de clés destinée àêtre " +#~ "utilisée avec Openswan ou de créer un fichier de certificat X509 qui " +#~ "contient la clé publique RSA et de conserver la clé privée " +#~ "correspondante par ailleurs." + +#, fuzzy +#~| msgid "" +#~| "If you only want to build up IPSec connections to hosts also running " +#~| "Openswan, it might be a bit easier using plain RSA keypairs. But if you " +#~| "want to connect to other IPSec implementations, you will need a X509 " +#~| "certificate. It is also possible to create a X509 certificate here and " +#~| "extract the RSA public key in plain format if the other side runs " +#~| "Openswan without X509 certificate support." +#~ msgid "" +#~ "If you only want to create IPsec connections to hosts also running " +#~ "Openswan, it might be a bit easier using plain RSA keypairs. But if you " +#~ "want to connect to other IPsec implementations, you will need a X509 " +#~ "certificate. It is also possible to create a X509 certificate here and " +#~ "extract the RSA public key in plain format if the other side runs " +#~ "Openswan without X509 certificate support." +#~ msgstr "" +#~ "Si vous ne prévoyez d'établir des connexions IPSec qu'avec des hÃŽtes " +#~ "utilisant Openswan, il sera probablement plus facile d'utiliser des clés " +#~ "RSA simples. Mais si vous souhaitez vous connecter àdes hÃŽtes " +#~ "utilisant d'autres implémentations d'IPSec, vous aurez besoin d'un " +#~ "certificat X509. Il est également possible de créer un certificat X509 " +#~ "puis d'en extraire une simple clé publique RSA, si l'autre extrémité " +#~ "de la connexion utilise Openswan sans la gestion des certificats X509." + +#, fuzzy +#~| msgid "" +#~| "Therefore a X509 certificate is recommended since it is more flexible " +#~| "and this installer should be able to hide the complex creation of the " +#~| "X509 certificate and its use in Openswan anyway." +#~ msgid "" +#~ "Therefore a X509 certificate is recommended since it is more flexible and " +#~ "this installer should be able to hide the complex creation of the X509 " +#~ "certificate and its use in Openswan." +#~ msgstr "" +#~ "Ainsi, il vous est conseillé d'utiliser un certificat X509 car cette " +#~ "méthode est plus souple. Cet outil d'installation devrait vous " +#~ "simplifier la tâche de création et d'utilisation de ce certificat X509." + +#, fuzzy +#~| msgid "" +#~| "This installer can automatically extract the needed information from an " +#~| "existing X509 certificate with a matching RSA private key. Both parts " +#~| "can be in one file, if it is in PEM format. Do you have such an existing " +#~| "certificate and key file and want to use it for authenticating IPSec " +#~| "connections?" +#~ msgid "" +#~ "This installer can automatically extract the needed information from an " +#~ "existing X509 certificate with a matching RSA private key. Both parts can " +#~ "be in one file, if it is in PEM format. If you have such an existing " +#~ "certificate and key file please select if want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "Cet outil d'installation est capable d'extraire automatiquement " +#~ "l'information nécessaire d'un fichier de certificat X509 existant, avec " +#~ "la clé privée RSA correspondante. Les deux parties peuvent se trouver " +#~ "dans un seul fichier, s'il est en format PEM. Indiquez si vous possédez " +#~ "un tel certificat ainsi que la clé privée, et si vous souhaitez vous en " +#~ "servir pour l'authentification des connexions IPSec." + +#~ msgid "x509, plain" +#~ msgstr "X509, Simple paire" + +#, fuzzy +#~| msgid "earliest, \"after NFS\", \"after PCMCIA\"" +#~ msgid "earliest, after NFS, after PCMCIA" +#~ msgstr "Le plus tÃŽt possible, AprÚs NFS, AprÚs PCMCIA" + +#, fuzzy +#~| msgid "" +#~| "With the current Debian startup levels (nearly everything starting in " +#~| "level 20), it is impossible for Openswan to always start at the correct " +#~| "time. There are three possibilities when Openswan can start: before or " +#~| "after the NFS services and after the PCMCIA services. The correct answer " +#~| "depends on your specific setup." +#~ msgid "" +#~ "With the default system startup levels (nearly everything starting in " +#~ "level 20), it is impossible for Openswan to always start at the correct " +#~ "time. There are three possibilities when Openswan can start: before or " +#~ "after the NFS services and after the PCMCIA services. The correct answer " +#~ "depends on your specific setup." +#~ msgstr "" +#~ "Avec les niveaux de démarrage actuellement utilisés par Debian (presque " +#~ "tout démarre au niveau 20), il est impossible de faire en sorte " +#~ "qu'Openswan démarre toujours au moment approprié. Il existe trois " +#~ "moments où il est opportun de le démarrer : avant ou aprÚs les " +#~ "services NFS, ou aprÚs les services PCMCIA. La réponse appropriée " +#~ "dépend de vos réglages spécifiques." + +#, fuzzy +#~| msgid "" +#~| "If you do not have your /usr tree mounted via NFS (either you only mount " +#~| "other, less vital trees via NFS or don't use NFS mounted trees at all) " +#~| "and don't use a PCMCIA network card, then it's best to start Openswan at " +#~| "the earliest possible time, thus allowing the NFS mounts to be secured " +#~| "by IPSec. In this case (or if you don't understand or care about this " +#~| "issue), answer \"earliest\" to this question (the default)." +#~ msgid "" +#~ "If the /usr tree of this system is not mounted via NFS (either you only " +#~ "mount other, less vital trees via NFS or don't use NFS mounted trees at " +#~ "all) and no PCMCIA network card is used, then it's best to start Openswan " +#~ "at the earliest possible time, thus allowing the NFS mounts to be secured " +#~ "by IPSec. In this case (or if you don't understand or care about this " +#~ "issue), answer \"earliest\" to this question (the default)." +#~ msgstr "" +#~ "Si votre arborescence /usr n'est pas un montage NFS (soit parce que vos " +#~ "montages NFS sont àd'autres endroits, moins critiques, soit parce que " +#~ "vous n'utilisez pas du tout de montage NFS) et si vous n'utilisez pas de " +#~ "carte réseau PCMCIA, il est préférable de démarrer Openswan le plus " +#~ "tÃŽt possible, ce qui permettra de sécuriser les montages NFS avec " +#~ "IPSec. Dans ce cas (ou bien si vous ne comprenez pas l'objet de la " +#~ "question ou qu'elle ne vous concerne pas), choisissez « le plus tÃŽt " +#~ "possible », qui est le choix par défaut." + +#, fuzzy +#~| msgid "" +#~| "If you have your /usr tree mounted via NFS and don't use a PCMCIA " +#~| "network card, then you will need to start Openswan after NFS so that all " +#~| "necessary files are available. In this case, answer \"after NFS\" to " +#~| "this question. Please note that the NFS mount of /usr can not be secured " +#~| "by IPSec in this case." +#~ msgid "" +#~ "If the /usr tree is mounted via NFS and no PCMCIA network card is used, " +#~ "then you will need to start Openswan after NFS so that all necessary " +#~ "files are available. In this case, answer \"after NFS\" to this question. " +#~ "Please note that the NFS mount of /usr can not be secured by IPSec in " +#~ "this case." +#~ msgstr "" +#~ "Si /usr est un montage NFS et que vous n'utilisez pas de carte réseau " +#~ "PCMCIA, vous devrez alors démarrer Openswan aprÚs les services NFS afin " +#~ "que tous les fichiers nécessaires soient disponibles. Dans ce cas, " +#~ "choisissez « AprÚs NFS ». Veuillez noter que le montage NFS de /usr " +#~ "n'est alors pas sécurisé par IPSec." + +#~ msgid "" +#~ "If you use a PCMCIA network card for your IPSec connections, then you " +#~ "only have to choose to start it after the PCMCIA services. Answer \"after " +#~ "PCMCIA\" in this case. This is also the correct answer if you want to " +#~ "fetch keys from a locally running DNS server with DNSSec support." +#~ msgstr "" +#~ "Si vous utilisez une carte PCMCIA pour vos connexions IPSec, votre seul " +#~ "choix possible est le démarrage aprÚs les services PCMCIA. Choisissez " +#~ "alors « AprÚs PCMCIA ». Faites également ce choix si vous souhaitez " +#~ "récupérer les clés d'authentification sur un serveur DNS reconnaissant " +#~ "DNSSec." + +#, fuzzy +#~| msgid "At which level do you wish to start Openswan?" +#~ msgid "Please select the level at which you wish to start Openswan:" +#~ msgstr "Étape de lancement d'Openswan :" + +#, fuzzy +#~| msgid "Which type of RSA keypair do you want to create?" +#~ msgid "Please select which type of RSA keypair you want to create:" +#~ msgstr "Type de paire de clés RSA àcréer :" + +#~ msgid "Do you wish to enable opportunistic encryption in Openswan?" +#~ msgstr "Souhaitez-vous activer le chiffrement opportuniste dans Openswan ?" + +#~ msgid "" +#~ "Openswan comes with support for opportunistic encryption (OE), which " +#~ "stores IPSec authentication information (i.e. RSA public keys) in " +#~ "(preferably secure) DNS records. Until this is widely deployed, " +#~ "activating it will cause a significant slow-down for every new, outgoing " +#~ "connection. Since version 2.0, Openswan upstream comes with OE enabled by " +#~ "default and is thus likely to break your existing connection to the " +#~ "Internet (i.e. your default route) as soon as pluto (the Openswan keying " +#~ "daemon) is started." +#~ msgstr "" +#~ "Openswan gÚre le chiffrement opportuniste (« opportunistic " +#~ "encryption » : OE) qui permet de conserver les informations " +#~ "d'authentification IPSec (c'est-à-dire les clés publiques RSA) dans des " +#~ "enregistrements DNS, de préférence sécurisés. Tant que cette " +#~ "fonctionnalité ne sera pas déployée largement, son activation " +#~ "provoquera un ralentissement significatif pour toute nouvelle connexion " +#~ "sortante. À partir de la version 2.0, cette fonctionnalité est activée " +#~ "par défaut dans Openswan, ce qui peut interrompre le fonctionnement de " +#~ "votre connexion àl'Internet (c'est-à-dire votre route par défaut) " +#~ "dÚs le démarrage de pluto, le démon de gestion de clés d'Openswan." + +#~ msgid "" +#~ "Please choose whether you want to enable support for OE. If unsure, do " +#~ "not enable it." +#~ msgstr "" +#~ "Veuillez choisir si vous souhaitez activer la gestion du chiffrement " +#~ "opportuniste. Ne l'activez pas si vous n'êtes pas certain d'en avoir " +#~ "besoin." diff --git a/debian/po/gl.po b/debian/po/gl.po new file mode 100644 index 000000000..e92bbd1ea --- /dev/null +++ b/debian/po/gl.po @@ -0,0 +1,668 @@ +# Copyright (C) 2009 THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the strongswan package. +# +# marce villarino <mvillarino@users.sourceforge.net>, 2009. +msgid "" +msgstr "" +"Project-Id-Version: templates_[kI6655]\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2010-08-09 12:15+0200\n" +"PO-Revision-Date: 2009-05-25 14:50+0100\n" +"Last-Translator: marce villarino <mvillarino@users.sourceforge.net>\n" +"Language-Team: Galician <proxecto@trasno.ent>\n" +"Language: gl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 0.2\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Desexa reiniciar strongSwan agora?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +#, fuzzy +#| msgid "" +#| "Restarting strongSwan is recommended, because if there is a security fix, " +#| "it will not be applied until the daemon restarts. However, this might " +#| "close existing connections and then bring them back up." +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such " +"a strongSwan tunnel to connect for this update, restarting is not " +"recommended." +msgstr "" +"Recoméndase reiniciar strongSwan porque se houbese algunha actualización de " +"seguridade non se aplicará até que se reinicie o daemon. Porén, pode pechar " +"as conexións existentes e logo volver a recuperalas." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's IKEv1 daemon?" +msgstr "Desexa iniciar o daemon IKEv1 de strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The pluto daemon must be running to support version 1 of the Internet Key " +"Exchange protocol." +msgstr "" +"O daemon pluto debe estar en execución para soportar a versión 1 do " +"protocolo Internet Key Exchange." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Start strongSwan's IKEv2 daemon?" +msgstr "Desexa iniciar o IKEv2 de strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"The charon daemon must be running to support version 2 of the Internet Key " +"Exchange protocol." +msgstr "" +"O daemon charon debe estar en execución para soportar a versión 2 do " +"protocolo Internet Key Exchange." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +#, fuzzy +#| msgid "Use an existing X.509 certificate for strongSwan?" +msgid "Use an X.509 certificate for this host?" +msgstr "Desexa empregar un certificado X.509 xa existente para strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "create" +msgstr "" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "import" +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +#, fuzzy +#| msgid "File name of your X.509 certificate in PEM format:" +msgid "File name of your PEM format X.509 certificate:" +msgstr "Nome do ficheiro do certificado X.509 en formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +#, fuzzy +#| msgid "" +#| "Please enter the full location of the file containing your X.509 " +#| "certificate in PEM format." +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Indique a rota completa ao ficheiro que contén o certificado X.509 en " +"formato PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +#, fuzzy +#| msgid "File name of your existing X.509 private key in PEM format:" +msgid "File name of your PEM format X.509 private key:" +msgstr "Nome do ficheiro coa chave privada X.509 en formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +#, fuzzy +#| msgid "" +#| "Please enter the full location of the file containing the private RSA key " +#| "matching your X.509 certificate in PEM format. This can be the same file " +#| "as the X.509 certificate." +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Indique a rota completa ao ficheiro que contén a chave privada RSA que se " +"corresponde do certificado X.509 en formato PEM. Este pode ser o mesmo " +"ficheiro que o do certificado X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +#, fuzzy +#| msgid "File name of your X.509 certificate in PEM format:" +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Nome do ficheiro do certificado X.509 en formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Please enter which length the created RSA key should have:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +#, fuzzy +#| msgid "Create a self-signed X.509 certificate?" +msgid "Create a self-signed X.509 certificate?" +msgstr "Desexa crear un certificado X.509 autoasinado?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +#, fuzzy +#| msgid "" +#| "If you do not accept this option, only the RSA private key will be " +#| "created, along with a certificate request which you will need to have " +#| "signed by a certificate authority." +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Se non acepta esta opción só se creará a chave privada RSA, xunto cun pedido " +"de certificado que precisará que lle asine unha autoridade de certificación." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +#, fuzzy +#| msgid "Country code for the X.509 certificate request:" +msgid "Country code for the X.509 certificate request:" +msgstr "Código de paÃs para o pedido do certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +#, fuzzy +#| msgid "State or province name for the X.509 certificate request:" +msgid "State or province name for the X.509 certificate request:" +msgstr "Nome do estado ou provincia para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +#, fuzzy +#| msgid "" +#| "Please enter the full name of the state or province to include in the " +#| "certificate request." +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Indique o nome completo do estado ou provincia a incluÃr no pedido de " +"certificado." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +#, fuzzy +#| msgid "Locality name for the X.509 certificate request:" +msgid "Locality name for the X.509 certificate request:" +msgstr "Nome de localidade para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +#, fuzzy +#| msgid "Organization name for the X.509 certificate request:" +msgid "Organization name for the X.509 certificate request:" +msgstr "Nome da organización para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +#, fuzzy +#| msgid "Organizational unit for the X.509 certificate request:" +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Unidade organizacional para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +#, fuzzy +#| msgid "Organizational unit for the X.509 certificate request:" +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "Unidade organizacional para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +#, fuzzy +#| msgid "Common name for the X.509 certificate request:" +msgid "Common Name for the X.509 certificate request:" +msgstr "Nome común para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +#, fuzzy +#| msgid "Email address for the X.509 certificate request:" +msgid "Email address for the X.509 certificate request:" +msgstr "Enderezo de correo electrónico para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +#, fuzzy +#| msgid "" +#| "Please enter the email address (for the individual or organization " +#| "responsible) that should be used in the certificate request." +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Indique o enderezo de correo electrónico (do individuo ou do responsábel da " +"organización) que se debe empregar no pedido de certificado." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "Enable opportunistic encryption?" +msgstr "Desexa activar a cifraxe oportunista?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Esta versión de strongSwan soporta a cifraxe oportunista (OE) que garda a " +"información de autenticación de IPSec en rexistros de DNS. Até que estea " +"amplamente utilizado activalo provocará un retardo significativo en cada " +"nova conexión saÃnte." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the pluto daemon " +"starts." +msgstr "" +"Só deberÃa activar a cifraxe oportunista se está certo de que a desexa. Pode " +"estragar a conexión a Internet (a rota por omisión) segundo se inicie o " +"daemon pluto." + +#, fuzzy +#~| msgid "When to start strongSwan:" +#~ msgid "Do you wish to restart strongSwan?" +#~ msgstr "Cando iniciar strongSwan:" + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "Please enter the location of your X509 certificate in PEM format:" +#~ msgstr "" +#~ "Indique a rota completa ao ficheiro que contén o certificado X.509 en " +#~ "formato PEM." + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "Please enter the location of your X509 private key in PEM format:" +#~ msgstr "" +#~ "Indique a rota completa ao ficheiro que contén o certificado X.509 en " +#~ "formato PEM." + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "You may now enter the location of your X509 RootCA in PEM format:" +#~ msgstr "" +#~ "Indique a rota completa ao ficheiro que contén o certificado X.509 en " +#~ "formato PEM." + +#, fuzzy +#~| msgid "" +#~| "Please enter the two-letter ISO3166 country code that should be used in " +#~| "the certificate request." +#~ msgid "" +#~ "Please enter the 2 letter country code for your country. This code will " +#~ "be placed in the certificate request." +#~ msgstr "" +#~ "Indique o código de paÃs ISO3166 de dúas letras que se debe empregar no " +#~ "pedido de certificado." + +#, fuzzy +#~| msgid "" +#~| "Please enter the locality name (often a city) that should be used in the " +#~| "certificate request." +#~ msgid "" +#~ "Please enter the locality (e.g. city) where you live. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Indique o nome da localidade (xeralmente unha cidade) que se debe " +#~ "empregar no pedido de certificado." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization name (often a company) that should be used " +#~| "in the certificate request." +#~ msgid "" +#~ "Please enter the organization (e.g. company) that the X509 certificate " +#~ "should be created for. This name will be placed in the certificate " +#~ "request." +#~ msgstr "" +#~ "Indique o nome da organización (xeralmente unha empresa) que se debe " +#~ "empregar no pedido de certificado." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organizational unit name (often a department) that " +#~| "should be used in the certificate request." +#~ msgid "" +#~ "Please enter the organizational unit (e.g. section) that the X509 " +#~ "certificate should be created for. This name will be placed in the " +#~ "certificate request." +#~ msgstr "" +#~ "Indique o nome da unidade organizacional (xeralmente un departamento) que " +#~ "debe empregarse no pedido de certificado." + +#, fuzzy +#~| msgid "" +#~| "Please enter the common name (such as the host name of this machine) " +#~| "that should be used in the certificate request." +#~ msgid "" +#~ "Please enter the common name (e.g. the host name of this machine) for " +#~ "which the X509 certificate should be created for. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Indique o nome común (como o nome desta máquina) que se debe empregar no " +#~ "pedido de certificado." + +#~ msgid "earliest" +#~ msgstr "o primeiro" + +#~ msgid "after NFS" +#~ msgstr "despois do NFS" + +#~ msgid "after PCMCIA" +#~ msgstr "despois do PCMCIA" + +#~ msgid "" +#~ "StrongSwan starts during system startup so that it can protect " +#~ "filesystems that are automatically mounted." +#~ msgstr "" +#~ "StrongSwan iniciase durante o arrinque do sistema de maneira que poda " +#~ "protexer sistemas de ficheiros que se monten automaticamente." + +#~ msgid "" +#~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" +#~ " PCMCIA network card, it is best to start strongSwan as soon as\n" +#~ " possible, so that NFS mounts can be secured by IPSec;\n" +#~ " * after NFS: recommended when /usr is mounted through NFS and no\n" +#~ " PCMCIA network card is used;\n" +#~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" +#~ " network card or if it needs keys to be fetched from a locally running " +#~ "DNS\n" +#~ " server with DNSSec support." +#~ msgstr "" +#~ " * o primeiro: se /usr non se monta mediante NFS e non se emprega unha\n" +#~ " tarxeta PCMCIA, é mellor iniciar strongSwan tan axiña como se poda,\n" +#~ " para que as montaxes NFS podan asegurarse mediante IPSec,\n" +#~ " * despois do NFS: recoméndase cando /usr se monte mediante NFS e non\n" +#~ " se empregue ningunha tarxeta PCMCIA,\n" +#~ " * despois do PCMCIA: recoméndase se a conexión IPSec emprega unha " +#~ "tarxeta\n" +#~ " de rede PCMCIA ou se fose preciso que as chaves se obteñan desde un\n" +#~ " servidor DNS a executarse localmente con soporte para DNSSec." + +#~ msgid "" +#~ "If you don't restart strongSwan now, you should do so manually at the " +#~ "first opportunity." +#~ msgstr "" +#~ "Se non reinicia agora strongSwan deberÃa facelo manualmente en canto poda." + +#~ msgid "Create an RSA public/private keypair for this host?" +#~ msgstr "" +#~ "Desexa crear un par de chaves pública/privada RSA para este servidor?" + +#~ msgid "" +#~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " +#~ "authenticate IPSec connections to other hosts. RSA authentication is " +#~ "generally considered more secure and is easier to administer. You can use " +#~ "PSK and RSA authentication simultaneously." +#~ msgstr "" +#~ "StrongSwan pode empregar unha chave precompartida (PSK) ou un par de " +#~ "chaves RSA para autenticar as conexións IPSec con outros servidores. A " +#~ "autenticación RSA xeralmente considérase máis segura e é máis fácil de " +#~ "administrar. Pode empregar as autenticacións PSK e RSA á vez." + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Se son quer crear un novo par de chaves pública/privada, no seguinte paso " +#~ "pode escoller empregar unha xa existente." + +#~ msgid "" +#~ "The required information can automatically be extracted from an existing " +#~ "X.509 certificate with a matching RSA private key. Both parts can be in " +#~ "one file, if it is in PEM format. You should choose this option if you " +#~ "have such an existing certificate and key file and want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "A información requirida pode extraerse automaticamente a partir dun " +#~ "certificado X.509 xa existente coa chave privada RSA que corresponda. " +#~ "Ambas as partes poden estar nun ficheiro se este está no formato PEM. " +#~ "Debe escoller esta opción se ten tal certificado e chave e quere " +#~ "empregalo para autenticar conexións IPSec." + +#~ msgid "RSA key length:" +#~ msgstr "Lonxitude da chave RSA:" + +#~ msgid "" +#~ "Please enter the length of RSA key you wish to generate. A value of less " +#~ "than 1024 bits is not considered secure. A value of more than 2048 bits " +#~ "will probably affect performance." +#~ msgstr "" +#~ "Indique a lonxitude da chave RSA que desexe xerar. Os valores menores de " +#~ "1024 bits non se consideran seguros, mentres que os maiores de 2048 bits " +#~ "posibelmente afecten ao rendemento." + +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a certificate authority is needed to sign the certificate " +#~ "request." +#~ msgstr "" +#~ "Só se poden crear automaticamente certificados X.509 autoasinados, porque " +#~ "noutro caso é precisa unha autoridade de certificación para asinar o " +#~ "pedido de certificado." + +#~ msgid "" +#~ "If you accept this option, the certificate created can be used " +#~ "immediately to connect to other IPSec hosts that support authentication " +#~ "via an X.509 certificate. However, using strongSwan's PKI features " +#~ "requires a trust path to be created by having all X.509 certificates " +#~ "signed by a single authority." +#~ msgstr "" +#~ "Se acepta esta opción o certificado que se cree pode empregarse " +#~ "inmediatamente para conectarse con outros servidores IPSec que soporten a " +#~ "autenticación mediante un certificado X.509. Porén, par empregar as " +#~ "funcionalidades PKI de strongSwan requÃrese que se cree unha rota de " +#~ "confianza asinando todos os certificados X.509 por unha única autoridade." + +#~ msgid "" +#~ "This field is mandatory; otherwise a certificate cannot be generated." +#~ msgstr "" +#~ "Este campo é obrigatorio, caso contrario non se poderá xerar un " +#~ "certificado." diff --git a/debian/po/it.po b/debian/po/it.po new file mode 100644 index 000000000..e9f11d539 --- /dev/null +++ b/debian/po/it.po @@ -0,0 +1,476 @@ +# ITALIAN TRANSLATION OF STRONGSWAN'S PO-DEBCONF FILE. +# COPYRIGHT (C) YEAR THE STRONGSWAN'S COPYRIGHT HOLDER +# This file is distributed under the same license as the strongswan package. +# +# Vincenzo Campanella <vinz65@gmail.com>, 2010. +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2010-08-16 14:23+0200\n" +"PO-Revision-Date: 2010-11-13 16:03+0100\n" +"Last-Translator: Vincenzo Campanella <vinz65@gmail.com>\n" +"Language-Team: Italian <tp@lists.linux.it>\n" +"Language: it\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Vecchia gestione del runlevel sostituita" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Le versioni precedenti di strongSwan lasciavano la scelta fra tre diversi " +"livelli di avvio/arresto. A seguito dei cambiamenti nella procedura standard " +"di avvio, questo non è più necessario né utile. Per tutte le nuove " +"installazioni e per quelle già esistenti che vengono eseguite in qualsiasi " +"modalità predefinita vengono ora impostati dei livelli predefiniti " +"ragionevoli. Se si sta aggiornando da una versione precedente e si sono " +"modificati i parametri di strongSwan, consultare le NEWS.Debian su come " +"modificare le impostazioni." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Riavviare strongSwan adesso?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"È raccomandato il riavvio di strongSwan, in quanto un'eventuale correzione " +"di sicurezza non verrà applicata fino al riavvio del demone. La maggior " +"parte degli utenti si attende che il demone si riavvii, per cui in genere è " +"una buona scelta. Il riavvio potrebbe però interrompere e riavviare le " +"connessioni esistenti, per cui se si sta utilizzando un tunnel strongSwan " +"per l'aggiornamento il riavvio non è raccomandabile." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's IKEv1 daemon?" +msgstr "Avviare il demone di strongSwan IKEv1?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The pluto daemon must be running to support version 1 of the Internet Key " +"Exchange protocol." +msgstr "" +"Per il supporto alla versione 1 del protocollo IKE (Internet Key Exchange) è " +"necessario che il demone pluto sia in esecuzione." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Start strongSwan's IKEv2 daemon?" +msgstr "Avviare il demone di strongSwan IKEv2?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"The charon daemon must be running to support version 2 of the Internet Key " +"Exchange protocol." +msgstr "" +"Per il supporto alla versione 2 del protocollo IKE (Internet Key Exchange) è " +"necessario che il demone charon sia in esecuzione." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "Use an X.509 certificate for this host?" +msgstr "Utilizzare un certificato X.509 per questo host?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Per questo host è possibile la creazione o la creazione automatica di un " +"certificato X.509 per l'autenticazione di connessioni IPsec ad altri host; è " +"la modalità preferita per la creazione di connessioni IPsec sicure. L'altra " +"possibilità è l'utilizzo di password segrete condivise e identiche fra le " +"due estremità del tunnel, ma il funzionamento tramite chiavi è più agevole " +"da amministrare e più sicuro per un elevato numero di connessioni." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"In alternativa è possibile rifiutare questa opzione e ritornare sulla scelta " +"in un secondo tempo, eseguendo «dpkg-reconfigure strongswan»." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "create" +msgstr "creare" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "import" +msgstr "importare" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"Metodi per l'utilizzo di un certificato X.509 per autenticare questo host:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"È possibile creare un nuovo certificato X.509 con impostazioni definite " +"dall'utente, oppure importare una chiave esistente pubblica e privata " +"memorizzata in file PEM per l'autenticazione di connessioni IPsec." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Se si sceglie di creare un nuovo certificato X.509 verranno poste alcune " +"domande cui è necessario rispondere prima che la creazione venga avviata. È " +"da ricordare che, se si desidera che la chiave pubblica venga firmata da " +"un'autorità di certificazione (CA) esistente, non si dovrebbe creare un " +"certificato auto-firmato e inoltre tutte le risposte fornite devono " +"adempiere esattamente i requisiti della CA, in quanto altrimenti la " +"richiesta di certificato potrebbe essere rifiutata." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Se si desidera importare una chiave esistente pubblica e privata verrà " +"richiesto il loro nome file, che può essere identico se entrambe le parti " +"sono memorizzate insieme in un solo file. Opzionalmente si può specificare " +"un nome file in cui vengono mantenute le chiavi pubbliche dell'autorità di " +"certificazione, ma in questo caso il file non può essere il medesimo dei " +"precedenti. Si presti attenzione anche al fatto che il formato dei " +"certificati X.509 deve essere PEM e che la chiave privata non deve essere " +"cifrata, altrimenti la procedura d'importazione fallirà ." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Nome file del proprio certificato X.509 formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Inserire la posizione del file che contiene il proprio certificato X.509 in " +"formato PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Nome file della propria chiave privata X.509 formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Inserire la posizione del file che contiene la chiave privata RSA " +"corrispondente al proprio certificato X.509 in formato PEM. Può essere il " +"medesimo file che contiene il certificato X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Nome file del proprio RootCA X.509 formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Opzionalmente è possibile inserire la posizione del file che contiene " +"l'autorità di certificazione root (RootCA) utilizzata per la firma del " +"proprio certificato in formato PEM. Se non se ne possiede uno o non si " +"desidera utilizzarlo lasciare il campo vuoto. Notare che non è possibile " +"memorizzare il RootCA nello stesso file del proprio certificato o chiave " +"privata X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Inserire la lunghezza che la chiave RSA creata dovrà avere:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Inserire la lunghezza della chiave RSA creata. Non dovrebbe essere minore di " +"1024 bit, in quanto altrimenti potrebbe essere considerata insicura, né " +"superiore a 4096 bit, in quanto altrimenti rallenterebbe il processo di " +"autenticazione e al momento attuale non è una misura necessaria." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Creare un certificato X.509 auto-firmato?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"È possibile creare automaticamente solo certificati X.509 auto-firmati, in " +"quanto altrimenti è necessario l'intervento di un'autorità di certificazione " +"per firmare la richiesta di certificato. Se si sceglie di creare un " +"certificato auto-firmato è possibile utilizzarlo immediatamente per " +"collegarsi ad altri host IPsec che supportano il certificato X.509 per " +"l'autenticazione di connessioni IPsec. L'utilizzo delle funzionalità PKI di " +"strongSwan richiede però che tutti i certificati vengano firmati da una " +"singola autorità di certificazione per creare un percorso fidato." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Se non si sceglie di creare un certificato auto-firmato verranno creati solo " +"la chiave privata RSA e la richiesta di certificato che andrà poi firmata " +"con l'autorità di certificazione scelta." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "Country code for the X.509 certificate request:" +msgstr "Codice paese per la richiesta di certificato X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Inserire il codice a due lettere corrispondente al paese in cui il server " +"risiede (per esempio, «IT» per l'Italia)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL rifiuterà di generare un certificato se il codice paese non è valido " +"e conforme a ISO-3166. È permesso un campo vuoto altrove nel certificato " +"X.509, ma non in questo campo." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "State or province name for the X.509 certificate request:" +msgstr "" +"Nome dello stato o della provincia per la richiesta di certificato X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Inserire il nome completo dello stato o della provincia il in cui il server " +"risiede (per esempio, «Milano»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Nome della località per la richiesta di certificato X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Inserire il nome della località in cui il server risiede (spesso una città , " +"per esempio «Milano»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Nome dell'organizzazione per la richiesta di certificato X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Inserire il nome dell'organizzazione cui il server appartiene (per esempio, " +"«Debian»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Unità organizzativa per la richiesta di certificato X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Inserire l'unità organizzativa cui il server appartiene (per esempio, " +"«gruppo sicurezza»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Nome comune host per la richiesta di certificato X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Inserire il nome comune di questo host (per esempio, «gateway.esempio.it»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Email address for the X.509 certificate request:" +msgstr "Indirizzo e-mail per la richiesta di certificato X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Inserire l'indirizzo di posta elettronica della persona o " +"dell'organizzazione responsabile per il certificato X.509." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "Enable opportunistic encryption?" +msgstr "Abilitare la cifratura opportunistica?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Questa versione di strongSwan supporta la cifratura opportunistica (OE), la " +"quale memorizza le informazioni di autenticazione IPsec in record DNS. " +"Finché non sarà una soluzione largamente applicata, l'attivazione dell'OE " +"causerà un ritardo significativo per ogni connessione in uscita." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the pluto daemon " +"starts." +msgstr "" +"Si dovrebbe abilitare l'OE solo se lo si desidera veramente. Potrebbe " +"interrompere la connessione Internet (route predefinita) durante l'avvio del " +"demone pluto." diff --git a/debian/po/ja.po b/debian/po/ja.po new file mode 100644 index 000000000..979b31dcc --- /dev/null +++ b/debian/po/ja.po @@ -0,0 +1,621 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan 4.4.1-4\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2010-08-16 14:23+0200\n" +"PO-Revision-Date: 2010-09-27 20:52+0900\n" +"Last-Translator: Hideki Yamane <henrich@debian.org>\n" +"Language-Team: Japanese <debian-japanese@lists.debian.org>\n" +"Language: ja\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "以å‰ã®ãƒ©ãƒ³ãƒ¬ãƒ™ãƒ«ç®¡ç†ã¯ä¸è¦ã«ãªã‚Šã¾ã—ãŸ" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"strongSwan パッケージã®ä»¥å‰ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã§ã¯ã€3 ã¤ã®ç•°ãªã£ãŸ Start/Stop レベル" +"ã‹ã‚‰é¸ã¹ã‚‹ã‚ˆã†ã«ãªã£ã¦ã„ã¾ã—ãŸã€‚標準ã®ã‚·ã‚¹ãƒ†ãƒ èµ·å‹•æ‰‹é †ãŒå¤‰æ›´ã•ã‚ŒãŸã“ã¨ã«ã‚ˆã£" +"ã¦ã€ã“ã‚Œã¯ã‚‚ã†å¿…è¦ã§ã¯ãªããªã£ãŸã‚Šã‚ã‚‹ã„ã¯å½¹ç«‹ãŸãªããªã£ãŸã‚Šã—ã¦ã„ã¾ã™ã€‚ã“ã‚Œ" +"ã¾ã§äº‹å‰å®šç¾©ã•ã‚Œã¦ã„ãŸãƒ¢ãƒ¼ãƒ‰ã§å‹•ä½œã—ã¦ã„ãŸã®ã‚‚ã®ã¨åŒæ§˜ã«ã€æ–°è¦ã«ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«" +"ã—ãŸã‚‚ã®ã¯é©åˆ‡ãªãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã®ãƒ¬ãƒ™ãƒ«ãŒè¨å®šã•ã‚Œã‚‹ã‚ˆã†ã«ãªã£ã¦ã„ã¾ã™ã€‚以å‰ã®ãƒãƒ¼" +"ジョンã‹ã‚‰ã®ã‚¢ãƒƒãƒ—グレード㧠strongSwan ã®èµ·å‹•ãƒ‘ラメータを変更ã—ã¦ã„ãŸå ´åˆ" +"ã¯ã€ã©ã®ã‚ˆã†ã«è¨å®šã‚’ä¿®æ£ã™ã‚‹ã‹ã¯ NEWS.Debian ã®æŒ‡ç¤ºã‚’å‚ç…§ã—ã¦ãã ã•ã„。" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "strongSwan を今ã™ãå†èµ·å‹•ã—ã¾ã™ã‹?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"ã‚»ã‚ュリティ修æ£ãŒã‚ã£ãŸå ´åˆãªã©ã€ãƒ‡ãƒ¼ãƒ¢ãƒ³ãŒå†èµ·å‹•ã•ã‚Œã‚‹ã¾ã§ã¯ä¿®æ£ãŒåæ˜ ã•ã‚Œ" +"ãªã„ã®ã§ã€strongSwan ã®å†èµ·å‹•ã‚’ãŠå‹§ã‚ã—ã¾ã™ã€‚多ãã®äººã¯ãƒ‡ãƒ¼ãƒ¢ãƒ³ãŒå†èµ·å‹•ã™ã‚‹ã®" +"を予期ã—ã¦ã„ã¾ã™ã®ã§ã€ã“ã‚Œã¯å¤§æŠµã®å ´åˆå•é¡Œã‚ã‚Šã¾ã›ã‚“。ã—ã‹ã—ã€ã“ã®ä½œæ¥ã§ã¯ç¾" +"在ã®æŽ¥ç¶šãŒä¸€æ—¦åˆ‡æ–ã•ã‚Œã¦ã‹ã‚‰å†åº¦ç¹‹ãŽãªãŠã™ã“ã¨ã«ãªã‚‹ã®ã§ã€ä»Šå›žã®ã‚¢ãƒƒãƒ—デート" +"ã« strongSwan ã®ãƒˆãƒ³ãƒãƒ«ã‚’使ã£ã¦ã„るよã†ãªå ´åˆã¯ã€å†èµ·å‹•ã¯ãŠå‹§ã‚ã—ã¾ã›ã‚“。" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's IKEv1 daemon?" +msgstr "strongSwan ã® IKEv1 デーモンを起動ã—ã¾ã™ã‹?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The pluto daemon must be running to support version 1 of the Internet Key " +"Exchange protocol." +msgstr "" +"Internet Key Exchange プãƒãƒˆã‚³ãƒ«ãƒãƒ¼ã‚¸ãƒ§ãƒ³ 1 をサãƒãƒ¼ãƒˆã™ã‚‹ã«ã¯ pluto デーモ" +"ンãŒå®Ÿè¡Œã•ã‚Œã¦ã„ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Start strongSwan's IKEv2 daemon?" +msgstr "strongSwan ã® IKEv2 デーモンを起動ã—ã¾ã™ã‹?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"The charon daemon must be running to support version 2 of the Internet Key " +"Exchange protocol." +msgstr "" +"Internet Key Exchange プãƒãƒˆã‚³ãƒ«ãƒãƒ¼ã‚¸ãƒ§ãƒ³ 2 をサãƒãƒ¼ãƒˆã™ã‚‹ã«ã¯ charon デーモ" +"ンãŒå®Ÿè¡Œã•ã‚Œã¦ã„ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "Use an X.509 certificate for this host?" +msgstr "ã“ã®ãƒ›ã‚¹ãƒˆã«å¯¾ã—㦠X.509 証明書を利用ã—ã¾ã™ã‹?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"ã“ã®ãƒ›ã‚¹ãƒˆç”¨ã« X.509 証明書を自動的ã«ç”Ÿæˆã‚ã‚‹ã„ã¯ã‚¤ãƒ³ãƒãƒ¼ãƒˆã§ãã¾ã™ã€‚ä»–ã®ãƒ›ã‚¹" +"トã¨ã® IPSec 通信ã§ã®èªè¨¼ã«åˆ©ç”¨å¯èƒ½ã§ã€ã‚»ã‚ュア㪠IPSec 通信を確立ã™ã‚‹æ–¹æ³•ã¨" +"ã—ã¦å¥½ã¾ã‚Œã¦ã„ã¾ã™ã€‚ä»–ã«åˆ©ç”¨å¯èƒ½ãªæ–¹æ³•ã¨ã—ã¦ã¯å…±é€šéµ (PSKã€ãƒˆãƒ³ãƒãƒ«ã®åŒæ–¹ã§åŒ" +"ã˜ãƒ‘スワードを利用ã™ã‚‹) を通信ã®èªè¨¼ã«åˆ©ç”¨ã™ã‚‹ã¨ã„ã†ã®ãŒã‚ã‚Šã¾ã™ãŒã€å¤šæ•°ã®æŽ¥" +"続ã«å¯¾ã—ã¦ã¯ RSA èªè¨¼ã®ã»ã†ãŒç®¡ç†ãŒã‚ˆã‚Šç°¡å˜ã§ã‚ˆã‚Šã‚»ã‚ュアã§ã™ã€‚" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"ã¾ãŸã¯ã€ã“ã®é¸æŠžè‚¢ã‚’é¸ã°ãªã„ã§ãŠã„ã¦ã€å¾Œã»ã©ã€Œdpkg-reconfigure strongswanã€ã‚’" +"実行ã—ã¦å†åº¦å‘¼ã³å‡ºã™ã“ã¨ã‚‚ã§ãã¾ã™ã€‚" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "create" +msgstr "作æˆã™ã‚‹" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "import" +msgstr "インãƒãƒ¼ãƒˆã™ã‚‹" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "ã“ã®ãƒ›ã‚¹ãƒˆã‚’èªè¨¼ã™ã‚‹ã®ã«åˆ©ç”¨ã™ã‚‹ X.509 証明書をã©ã†ã™ã‚‹ã‹:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"ユーザãŒå®šç¾©ã—ãŸè¨å®šã§æ–°è¦ã« X.509 証明書を作æˆã™ã‚‹ã“ã¨ã‚‚ã€IPsec 接続èªè¨¼ç”¨ã®" +"æ—¢å˜ã® PEM ファイル形å¼ã§ä¿å˜ã•ã‚Œã¦ã„る公開éµãŠã‚ˆã³ç§˜å¯†éµã‚’インãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨" +"ã‚‚å¯èƒ½ã§ã™ã€‚" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"æ–°è¦ã« X.509 証明書を作るã®ã‚’é¸æŠžã—ãŸå ´åˆã¯ã€ä½œæˆã‚’始ã‚ã‚‹å‰ã«ç”ãˆã‚‹å¿…è¦ãŒã‚ã‚‹" +"質å•ã‚’ã¾ãšå¤§é‡ã«å°‹ãられã¾ã™ã€‚æ—¢å˜ã®èªè¨¼å±€ã«ã‚ˆã£ã¦ç½²åã•ã‚ŒãŸå…¬é–‹éµãŒå¿…è¦ãªå ´" +"åˆã¯ã€è‡ªå·±ç½²åèªè¨¼ã‚’作æˆã™ã‚‹ã®ã‚’é¸ã‚“ã§ã¯ãªã‚‰ãšã€å›žç”ã¯ã™ã¹ã¦èªè¨¼å±€ (CA) ã®è¦" +"æ±‚é …ç›®ã«å®Œå…¨ã«ä¸€è‡´ã—ã¦ã„ã‚‹å¿…è¦ãŒã‚ã‚‹ã“ã¨ã«ç•™æ„ã—ã¦ãã ã•ã„。ãã†ã§ãªã„å ´åˆ" +"ã¯ã€è¨¼æ˜Žæ›¸è¦æ±‚ã¯æ‹’å¦ã•ã‚Œã‚‹ã“ã¨ã«ãªã‚‹ã§ã—ょã†ã€‚" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"æ—¢å˜ã®å…¬é–‹éµãŠã‚ˆã³ç§˜å¯†éµã‚’インãƒãƒ¼ãƒˆã—ãŸã„å ´åˆã¯ã€ãƒ•ã‚¡ã‚¤ãƒ«åã‚’å°‹ãられã¾ã™ " +"(両方ãŒä¸€ã¤ã®ãƒ•ã‚¡ã‚¤ãƒ«ã«ä¿å˜ã•ã‚Œã¦ã„ã‚‹å ´åˆã¯å…¨ãåŒã˜ã«ãªã‚‹ã‹ã‚‚ã—ã‚Œã¾ã›ã‚“)。ã©" +"ã“ã«èªè¨¼å±€ã®å…¬é–‹éµãŒä¿å˜ã•ã‚Œã¦ã„ã‚‹ã‹ã‚’指定ã™ã‚‹ã“ã¨ã‚‚ä»»æ„ã§å¯èƒ½ã§ã™ãŒã€ã“ã®" +"ファイルã¯å…ˆã»ã©ã®ã‚‚ã®ã¨åŒã˜ã«ã¯ã§ãã¾ã›ã‚“。X.509 証明書㯠PEM å½¢å¼ã§ã‚ã‚Šã€ç§˜" +"密éµã¯æš—å·åŒ–ã•ã‚Œã¦ã„ãªã„ã“ã¨ãŒå¿…è¦ãªã“ã¨ã«ã‚‚注æ„ãã ã•ã„。ã•ã‚‚ãªãã°ã‚¤ãƒ³ãƒãƒ¼" +"ト作æ¥ã¯å¤±æ•—ã—ã¾ã™ã€‚" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "PEM å½¢å¼ã® X.509 証明書ã®ãƒ•ã‚¡ã‚¤ãƒ«å:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "PEM å½¢å¼ã® X.509 証明書をå«ã‚“ã§ã„るファイルã®å ´æ‰€ã‚’入力ã—ã¦ãã ã•ã„。" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 private key:" +msgstr "PEM å½¢å¼ã® X.509 秘密éµã®ãƒ•ã‚¡ã‚¤ãƒ«å:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"PEM å½¢å¼ã® X.509 証明書ã«å¯¾å¿œã™ã‚‹ RSA 秘密éµã‚’å«ã‚€ãƒ•ã‚¡ã‚¤ãƒ«ã®å ´æ‰€ã‚’入力ã—ã¦ã" +"ã ã•ã„。ã“れ㯠X.509 証明書をå«ã‚“ã§ã„るファイルã¨åŒã˜ã§æ§‹ã„ã¾ã›ã‚“。" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "PEM å½¢å¼ã® X.509 ルート CA ã®ãƒ•ã‚¡ã‚¤ãƒ«å:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"X.509 èªè¨¼å±€ã®ãƒ«ãƒ¼ãƒˆãŒè¨¼æ˜Žæ›¸ã«ç½²åã™ã‚‹ã®ã«ä½¿ã£ãŸ PEM å½¢å¼ã®ãƒ•ã‚¡ã‚¤ãƒ«ã‚’å«ã‚“ã " +"ファイルã®å ´æ‰€ã‚’入力ã™ã‚‹ã“ã¨ã‚‚ä»»æ„ã§å¯èƒ½ã§ã™ã€‚ã“れをæŒã£ã¦ã„ãªã„ã€ã‚ã‚‹ã„ã¯åˆ©" +"用ã—ãŸããªã„ã¨ã„ã†å ´åˆã«ã¯ã“ã®æ¬„を空ã®ã¾ã¾ã«ã—ã¦ãŠã„ã¦ãã ã•ã„。ルート CA ã‚’ " +"X.509 証明書や秘密éµã¨åŒã˜ãƒ•ã‚¡ã‚¤ãƒ«ã«ä¿å˜ã™ã‚‹ã®ã¯ã§ããªã„ã“ã¨ã«ã”注æ„ãã ã•" +"ã„。" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Please enter which length the created RSA key should have:" +msgstr "作æˆã™ã‚‹ RSA éµã®éµé•·ã‚’入力ã—ã¦ãã ã•ã„:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"生æˆã™ã‚‹ RSA éµã®é•·ã•ã‚’入力ã—ã¦ãã ã•ã„。安全ã®ãŸã‚ã€1024 ビット未満ã«ã™ã¹ã" +"ã§ã¯ã‚ã‚Šã¾ã›ã‚“。4096 ビットより大ããªã‚‚ã®ã«ã™ã‚‹å¿…è¦ã‚‚ãªã„ã§ã—ょã†ã€‚èªè¨¼ãƒ—ãƒã‚»" +"スãŒé…ããªã‚Šã¾ã™ã—ã€ç¾æ™‚点ã§ã¯ãŠãらãå¿…è¦ã‚ã‚Šã¾ã›ã‚“。" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Create a self-signed X.509 certificate?" +msgstr "自己署å X.509 証明書を生æˆã—ã¾ã™ã‹?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"証明書è¦æ±‚ã«ç½²åã™ã‚‹ãŸã‚ã«ã¯èªè¨¼å±€ãŒå¿…è¦ã¨ãªã‚‹ã®ã§ã€è‡ªå‹•çš„ã«è¡Œã†ã«ã¯è‡ªå·±ç½²å " +"X.509 証明書ã®ã¿ãŒç”ŸæˆãŒå¯èƒ½ã§ã™ã€‚自己署å証明書ã®ä½œæˆã‚’é¸ã‚“ã å ´åˆã¯ã€ã™ãã«" +"ã“れを利用ã—ã¦ã€IPSec 接続ã®èªè¨¼ã« X.509 証明書を利用ã—ã¦ã„ã‚‹ä»–ã® IPSec ホス" +"トã¸ã®æŽ¥ç¶šãŒå¯èƒ½ã«ãªã‚Šã¾ã™ã€‚ã—ã‹ã—ã€strongSwan ã® PKI 機能を使ã„ãŸã„å ´åˆã¯ã€" +"trust path を生æˆã™ã‚‹ãŸã‚ã«å˜ä¸€ã®èªè¨¼å±€ã«ã‚ˆã£ã¦ã™ã¹ã¦ã® X.509 証明書ã«ç½²åã—" +"ã¦ã‚‚らã†å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"自己署å証明書を作æˆã—ãŸããªã„å ´åˆã€RSA 秘密éµã¨å¯¾å¿œã™ã‚‹è¨¼æ˜Žæ›¸è¦æ±‚ã®ã¿ãŒä½œæˆ" +"ã•ã‚Œã‚‹ã®ã§ã€èªè¨¼å±€ã«å¯¾ã—ã¦è¨¼æ˜Žæ›¸è¦æ±‚ã«ç½²åã‚’ã—ã¦ã‚‚らã†å¿…è¦ãŒç”Ÿã˜ã¾ã™ã€‚" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "Country code for the X.509 certificate request:" +msgstr "X.509 証明書è¦æ±‚ã«è¨˜è¼‰ã™ã‚‹å›½ã‚³ãƒ¼ãƒ‰:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"サーãƒãŒå˜åœ¨ã™ã‚‹å ´æ‰€ã®äºŒæ–‡å—ã®å›½ã‚³ãƒ¼ãƒ‰ (例ãˆã°æ—¥æœ¬ã®å ´åˆã¯ã€ŒJPã€) を入力ã—ã¦" +"ãã ã•ã„。" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL ã¯ã€æ£è¦ã® ISO-3166 国コードãŒç„¡ã„ã¨è¨¼æ˜Žæ›¸ã®ç”Ÿæˆã‚’æ‹’å¦ã—ã¾ã™ã€‚X.509 " +"証明書ã«ãŠã„ã¦ã€ä»–ã®ãƒ•ã‚£ãƒ¼ãƒ«ãƒ‰ã«ã¤ã„ã¦ã¯ç©ºã§ã‚‚構ã„ã¾ã›ã‚“ãŒã€ã“ã‚Œã«ã¤ã„ã¦ã¯è¨±" +"å¯ã•ã‚Œã¦ã„ã¾ã›ã‚“。" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "State or province name for the X.509 certificate request:" +msgstr "X.509 証明書è¦æ±‚ã«è¨˜è¼‰ã™ã‚‹éƒ½é“府県å:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "サーãƒæ‰€åœ¨åœ°ã®éƒ½é“府県å (例:「Tokyoã€)を入力ã—ã¦ãã ã•ã„。" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Locality name for the X.509 certificate request:" +msgstr "X.509 証明書è¦æ±‚ã«è¨˜è¼‰ã™ã‚‹åœ°åŸŸå:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "サーãƒæ‰€åœ¨åœ° (大抵ã¯ã€ŒShinjukuã€ã®ã‚ˆã†ãªå¸‚区å)を入力ã—ã¦ãã ã•ã„。" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organization name for the X.509 certificate request:" +msgstr "X.509 証明書è¦æ±‚ã«è¨˜è¼‰ã™ã‚‹çµ„ç¹”å:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "サーãƒãŒæ‰€å±žã™ã‚‹çµ„ç¹” (「Debianã€ãªã©) を入力ã—ã¦ãã ã•ã„。" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "X.509 証明書è¦æ±‚ã«è¨˜è¼‰ã™ã‚‹éƒ¨ç½²å:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "サーãƒãŒæ‰€å±žã™ã‚‹éƒ¨ç½²å (「security groupã€ãªã©) を入力ã—ã¦ãã ã•ã„。" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Common Name for the X.509 certificate request:" +msgstr "X.509 証明書è¦æ±‚ã«è¨˜è¼‰ã™ã‚‹ã‚³ãƒ¢ãƒ³ãƒãƒ¼ãƒ :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"ã“ã®ãƒ›ã‚¹ãƒˆç”¨ã® (「gateway.example.orgã€ã®ã‚ˆã†ãª) コモンãƒãƒ¼ãƒ を入力ã—ã¦ãã ã•" +"ã„。" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Email address for the X.509 certificate request:" +msgstr "X.509 証明書è¦æ±‚ã«è¨˜è¼‰ã™ã‚‹ãƒ¡ãƒ¼ãƒ«ã‚¢ãƒ‰ãƒ¬ã‚¹:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"X.509 証明書ã«ã¤ã„ã¦ã®å¯¾å¿œã‚’è¡Œã†ã€å€‹äººã‚ã‚‹ã„ã¯å›£ä½“ã®ãƒ¡ãƒ¼ãƒ«ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’入力ã—ã¦" +"ãã ã•ã„。" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "Enable opportunistic encryption?" +msgstr "opportunistic encryption を有効ã«ã—ã¾ã™ã‹?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"ã“ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã® strongSwan 㯠opportunistic encryption (OE) をサãƒãƒ¼ãƒˆã—ã¦ã„" +"ã¾ã™ã€‚OE 㯠IPSec èªè¨¼æƒ…å ±ã‚’ DNS レコードã«å«ã‚ãŸã‚‚ã®ã§ã™ã€‚ã“ã‚ŒãŒåºƒãé©ç”¨ã•ã‚Œ" +"るよã†ã«ãªã‚‹ã¾ã§ã¯ã€ã“れを有効ã«ã™ã‚‹ã¨å…¨ã¦ã®æ–°è¦ã®å¤–部接続ã«è‘—ã—ã„é…延を引ã" +"èµ·ã“ã—ã¾ã™ã€‚" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the pluto daemon " +"starts." +msgstr "" +"opportunistic encryption を有効ã«ã™ã‚‹ã®ã¯ã€æœ¬å½“ã«åˆ©ç”¨ã—ãŸã„ã¨è€ƒãˆãŸæ™‚ã®ã¿ã«ã™" +"ã¹ãã§ã™ã€‚ã“ã®è¨å®šã¯ã€pluto デーモンã®èµ·å‹•ãªã©ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆæŽ¥ç¶š (デフォルト" +"ルート) を切æ–ã™ã‚‹å¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™ã€‚" + +#~ msgid "" +#~ "Please enter the 2 letter country code for your country. This code will " +#~ "be placed in the certificate request." +#~ msgstr "" +#~ "ã‚ãªãŸã®å›½ã®å›½ã‚³ãƒ¼ãƒ‰ã‚’2æ–‡å—ã§å…¥åŠ›ã—ã¦ãã ã•ã„。ã“ã®ã‚³ãƒ¼ãƒ‰ã¯è¨¼æ˜Žæ›¸è¦æ±‚ã«è¨˜" +#~ "載ã•ã‚Œã¾ã™ã€‚" + +#~ msgid "Example: AT" +#~ msgstr "例: JP" + +#~ msgid "Example: Upper Austria" +#~ msgstr "例: Tokyo" + +#~ msgid "" +#~ "Please enter the locality (e.g. city) where you live. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "ã‚ãªãŸã®åœ¨ä½ã—ã¦ã„る地域ã®åå‰ (例: 市町æ‘å) を入力ã—ã¦ãã ã•ã„。ã“ã‚Œã¯è¨¼" +#~ "明書è¦æ±‚ã«è¨˜è¼‰ã•ã‚Œã¾ã™ã€‚" + +#~ msgid "Example: Vienna" +#~ msgstr "例: Shinjuku-ku" + +#~ msgid "Example: Debian" +#~ msgstr "例: Debian" + +#~ msgid "Example: security group" +#~ msgstr "例: security group" + +#~ msgid "" +#~ "Please enter the common name (e.g. the host name of this machine) for " +#~ "which the X509 certificate should be created for. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "X.509 証明書ã®ç”Ÿæˆå¯¾è±¡ã¨ãªã‚‹ã¹ãコモンãƒãƒ¼ãƒ (例: ã“ã®ãƒžã‚·ãƒ³ã®ãƒ›ã‚¹ãƒˆå) ã‚’" +#~ "入力ã—ã¦ãã ã•ã„。ã“ã‚Œã¯è¨¼æ˜Žæ›¸è¦æ±‚ã«è¨˜è¼‰ã•ã‚Œã¾ã™ã€‚" + +#~ msgid "Example: gateway.debian.org" +#~ msgstr "例: gateway.debian.org" + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "æ–°ãŸãªå…¬é–‹éµãƒ»ç§˜å¯†éµã®ã‚ーペアを生æˆã—ãŸããªã„å ´åˆã¯ã€æ¬¡ã®æ®µéšŽã§æ—¢å˜ã®ã‚ー" +#~ "ペアã®åˆ©ç”¨ã‚’é¸æŠžã™ã‚‹ã“ã¨ã‚‚å¯èƒ½ã§ã™ã€‚" + +#~ msgid "" +#~ "The required information can automatically be extracted from an existing " +#~ "X.509 certificate with a matching RSA private key. Both parts can be in " +#~ "one file, if it is in PEM format. You should choose this option if you " +#~ "have such an existing certificate and key file and want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "è¦æ±‚æƒ…å ±ã¯ X.509 証明書ã‹ã‚‰ RSA 秘密éµã¨ç…§ã‚‰ã—åˆã‚ã›ã¦å¿…è¦ãªæƒ…å ±ã‚’è‡ªå‹•çš„ã«" +#~ "展開ã™ã‚‹äº‹ãŒå¯èƒ½ã§ã™ã€‚ PEM å½¢å¼ã®å ´åˆã€åŒæ–¹ã‚’一ã¤ã®ãƒ•ã‚¡ã‚¤ãƒ«ã«ã¾ã¨ã‚ã‚‹ã“ã¨" +#~ "ã‚‚å¯èƒ½ã§ã™ã€‚ãã®ã‚ˆã†ãªè¨¼æ˜Žæ›¸ã¨éµã®ãƒ•ã‚¡ã‚¤ãƒ«ãŒæ—¢ã«ã‚ã‚Šã€ã“れらを IPSec 通信" +#~ "ã§ã®èªè¨¼ã«ä½¿ç”¨ã—ãŸã„å ´åˆã¯ã“ã®ã‚ªãƒ—ションを有効ã«ã—ã¦ãã ã•ã„。" + +#~ msgid "earliest, \"after NFS\", \"after PCMCIA\"" +#~ msgstr "å¯èƒ½ãªé™ã‚Šæ—©ã, \"NFS 起動後\", \"PCMCIA 起動後\"" + +#~ msgid "" +#~ "There are three possibilities when strongSwan can start: before or after " +#~ "the NFS services and after the PCMCIA services. The correct answer " +#~ "depends on your specific setup." +#~ msgstr "" +#~ "strongSwan ã‚’èµ·å‹•ã•ã›ã‚‹ã‚¿ã‚¤ãƒŸãƒ³ã‚°ã®é¸æŠžè‚¢ã¨ã—ã¦ã¯3ã¤ãŒè€ƒãˆã‚‰ã‚Œã¾ã™: NFS " +#~ "サービスã®é–‹å§‹å‰ãƒ»é–‹å§‹å¾Œãƒ»PCMCIA サービスã®é–‹å§‹å¾Œã€ã§ã™ã€‚æ£è§£ã¯ã‚ãªãŸã®è¨" +#~ "定次第ã§ã™ã€‚" + +#~ msgid "" +#~ "If you do not have your /usr tree mounted via NFS (either you only mount " +#~ "other, less vital trees via NFS or don't use NFS mounted trees at all) " +#~ "and don't use a PCMCIA network card, then it's best to start strongSwan " +#~ "at the earliest possible time, thus allowing the NFS mounts to be secured " +#~ "by IPSec. In this case (or if you don't understand or care about this " +#~ "issue), answer \"earliest\" to this question (the default)." +#~ msgstr "" +#~ "NFS 経由㧠/usr をマウントã›ãš (ä»–ã®ãƒ‘ーティションやã‚ã¾ã‚Šé‡è¦ã§ã¯ãªã„パー" +#~ "ティションを NFS 経由ã§ãƒžã‚¦ãƒ³ãƒˆã™ã‚‹ã‹ã€ã¾ãŸã¯ NFS マウントを全ã使ã‚ãª" +#~ "ã„)ã€åŠ ãˆã¦ PCMCIA ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã‚«ãƒ¼ãƒ‰ã‚’利用ã—ã¦ã„ãªã„å ´åˆã€å¯èƒ½ãªé™ã‚Šæ—©ã„" +#~ "タイミング㧠strongSwan ã‚’èµ·å‹•ã™ã‚‹ã®ãŒãƒ™ã‚¹ãƒˆã§ã™ã€‚ã“ã®è¨å®šã«ã‚ˆã£ã¦ã€NFS ã§" +#~ "ã®ãƒžã‚¦ãƒ³ãƒˆã¯ IPSec ã§ä¿è·ã•ã‚Œã¾ã™ã€‚ã“ã®å ´åˆ (ã¾ãŸã¯ã“ã®å•é¡Œã‚’ç†è§£ã—ã¦ã„ãª" +#~ "ã„ã‹ç‰¹ã«æ°—ã«ã—ãªã„å ´åˆ) ã€\"å¯èƒ½ãªé™ã‚Šæ—©ã\"ã¨è³ªå•ã«ç”ãˆã¦ãã ã•ã„ (標準è¨" +#~ "定ã§ã™) 。" + +#~ msgid "" +#~ "If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +#~ "card, then you will need to start strongSwan after NFS so that all " +#~ "necessary files are available. In this case, answer \"after NFS\" to this " +#~ "question. Please note that the NFS mount of /usr can not be secured by " +#~ "IPSec in this case." +#~ msgstr "" +#~ "NFS 経由㧠/usr をマウントã—ã¦ã„㦠PCMCIA ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã‚«ãƒ¼ãƒ‰ã‚’使用ã—ã¦ã„ãª" +#~ "ã„å ´åˆã¯ã€å¿…è¦ãªãƒ•ã‚¡ã‚¤ãƒ«ã‚’利用å¯èƒ½ã«ã™ã‚‹ãŸã‚ã« strongSwan ã‚’ NFS ã®å¾Œã§èµ·" +#~ "å‹•ã—ãªã‘ã‚Œã°ãªã‚Šã¾ã›ã‚“。ã“ã®å ´åˆã€\"NFS 起動後\" ã¨ç”ãˆã¦ãã ã•ã„。ã“ã®æ™‚" +#~ "ã« NFS 経由ã§ãƒžã‚¦ãƒ³ãƒˆã•ã‚Œã‚‹ /usr ã¯ã€IPSec ã«ã‚ˆã‚‹ã‚»ã‚ュアãªçŠ¶æ…‹ã«ã¯ãªã‚‰ãª" +#~ "ã„ã¨ã„ã†ã“ã¨ã«æ³¨æ„ã—ã¦ãã ã•ã„。" + +#~ msgid "" +#~ "If you use a PCMCIA network card for your IPSec connections, then you " +#~ "only have to choose to start it after the PCMCIA services. Answer \"after " +#~ "PCMCIA\" in this case. This is also the correct answer if you want to " +#~ "fetch keys from a locally running DNS server with DNSSec support." +#~ msgstr "" +#~ "IPSec 接続㫠PCMCIA ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã‚«ãƒ¼ãƒ‰ã‚’利用ã—ã¦ã„ãŸå ´åˆã€PCMCIA サービス" +#~ "ã®èµ·å‹•å¾Œã« strongSwan ã‚’èµ·å‹•ã™ã‚‹ä»¥å¤–ã«é¸æŠžã¯ã‚ã‚Šã¾ã›ã‚“。ã“ã®å ´" +#~ "åˆã€\"PCMCIA 起動後\" ã¨ç”ãˆã¦ãã ã•ã„。ãƒãƒ¼ã‚«ãƒ«ã§å‹•ä½œã—ã¦ã„ã‚‹ DNSSec 機能" +#~ "を使用ã—ã¦ã„ã‚‹ DNS サーãƒã‹ã‚‰éµã‚’å–å¾—ã—ãŸã„å ´åˆã§ã‚‚ã€ã“ã®ç”ãˆã‚’ã—ã¦ãã ã•" +#~ "ã„。" + +#~ msgid "Do you wish to support IKEv1?" +#~ msgstr "IKEv1 をサãƒãƒ¼ãƒˆã—ã¾ã™ã‹?" + +#~ msgid "" +#~ "strongSwan supports both versions of the Internet Key Exchange protocol, " +#~ "IKEv1 and IKEv2. Do you want to start the \"pluto\" daemon for IKEv1 " +#~ "support when strongSwan is started?" +#~ msgstr "" +#~ "strongSwan 㯠IKEv1 㨠IKEv2 ã®ä¸¡æ–¹ã®ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆéµäº¤æ›ãƒ—ãƒãƒˆã‚³ãƒ«ã‚’サ" +#~ "ãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã™ã€‚strongSwan ãŒèµ·å‹•ã™ã‚‹éš›ã€IKEv1 サãƒãƒ¼ãƒˆã®ãŸã‚ \"pluto\" " +#~ "デーモンを起動ã—ã¾ã™ã‹?" + +#~ msgid "Do you wish to support IKEv2?" +#~ msgstr "IKEv2 をサãƒãƒ¼ãƒˆã—ã¾ã™ã‹?" + +#~ msgid "" +#~ "strongSwan supports both versions of the Internet Key Exchange protocol, " +#~ "IKEv1 and IKEv2. Do you want to start the \"charon\" daemon for IKEv2 " +#~ "support when strongSwan is started?" +#~ msgstr "" +#~ "strongSwan 㯠IKEv1 㨠IKEv2 ã®ä¸¡æ–¹ã®ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆéµäº¤æ›ãƒ—ãƒãƒˆã‚³ãƒ«ã‚’サ" +#~ "ãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã™ã€‚strongSwan ãŒèµ·å‹•ã™ã‚‹éš›ã€IKEv2 サãƒãƒ¼ãƒˆã®ãŸã‚ \"pluto\" " +#~ "デーモンを起動ã—ã¾ã™ã‹?" + +#~ msgid "" +#~ "strongSwan comes with support for opportunistic encryption (OE), which " +#~ "stores IPSec authentication information (i.e. RSA public keys) in " +#~ "(preferably secure) DNS records. Until this is widely deployed, " +#~ "activating it will cause a significant slow-down for every new, outgoing " +#~ "connection. Since version 2.0, strongSwan upstream comes with OE enabled " +#~ "by default and is thus likely to break your existing connection to the " +#~ "Internet (i.e. your default route) as soon as pluto (the strongSwan " +#~ "keying daemon) is started." +#~ msgstr "" +#~ "strongSwan ã¯ã€IPSec èªè¨¼æƒ…å ± (例: RSA 公開éµ) ã‚’ (願ã‚ãã¯ã‚»ã‚ュアãª) " +#~ "DNS レコード内ã«ä¿å˜ã™ã‚‹ opportunistic encryption (OE) をサãƒãƒ¼ãƒˆã—ã¦ã„ã¾" +#~ "ã™ã€‚ã“ã‚Œã¯åºƒã利用ã•ã‚Œã‚‹ã‚ˆã†ã«ãªã‚‹ã¾ã§ã€æœ‰åŠ¹ã«ã™ã‚‹ã¨å¤–部ã¸ã®æ–°è¦æŽ¥ç¶šã¯å…¨ã¦" +#~ "æ ¼æ®µã«é…ããªã‚Šã¾ã™ã€‚ãƒãƒ¼ã‚¸ãƒ§ãƒ³ 2.0 より strongSwan ã®é–‹ç™ºå…ƒã¯ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§ " +#~ "OE を有効ã«ã—ã¦ã„ã¾ã™ã€‚ãã®ãŸã‚ pluto (strongSwan éµç½²åデーモン) ãŒé–‹å§‹ã™" +#~ "ã‚‹ã¨ã™ãã€æ—¢å˜ã®ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆæŽ¥ç¶š (ã¤ã¾ã‚Šãƒ‡ãƒ•ã‚©ãƒ«ãƒˆãƒ«ãƒ¼ãƒˆ) ãŒä¸æ–ã•ã‚Œã‚‹ã‹" +#~ "ã‚‚ã—ã‚Œã¾ã›ã‚“。" + +#~ msgid "" +#~ "Please choose whether you want to enable support for OE. If unsure, do " +#~ "not enable it." +#~ msgstr "" +#~ "OE ã®ã‚µãƒãƒ¼ãƒˆã‚’有効ã«ã™ã‚‹ã‹ã©ã†ã‹ã‚’é¸ã‚“ã§ãã ã•ã„。よãã‚ã‹ã‚‰ãªã„å ´åˆã¯ã€" +#~ "有効ã«ã¯ã—ãªã„ã§ãã ã•ã„。" diff --git a/debian/po/nb.po b/debian/po/nb.po new file mode 100644 index 000000000..a7313eff5 --- /dev/null +++ b/debian/po/nb.po @@ -0,0 +1,666 @@ +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Bjørn Steensrud <bjornst@skogkatt.homelinux.org>, 2009, 2012. +msgid "" +msgstr "" +"Project-Id-Version: nb\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2010-08-16 14:23+0200\n" +"PO-Revision-Date: 2012-01-03 15:56+0100\n" +"Last-Translator: Bjørn Steensrud <bjornst@skogkatt.homelinux.org>\n" +"Language-Team: Norwegian BokmÃ¥l <i18n-nb@lister.ping.uio.no>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.2\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Gammel kjørenivÃ¥styring erstattet" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Tidligere versjoner av strongSwan-pakka ga et valg mellom tre forskjellige " +"nivÃ¥er for start/stopp. PÃ¥ grunn av endringer i standard oppstartsprosedyre " +"for systemet er dette ikke lenger verken nødvendig eller nyttig. Det blir nÃ¥ " +"satt opp fornuftige standardnivÃ¥er bÃ¥de for nye installasjoner og for gamle " +"som kjører pÃ¥ en av de forhÃ¥ndsinnstilte nivÃ¥ene. Hvis du er i ferd med Ã¥ " +"oppgradere fra en tidligere versjon og har endret oppstartsparametrene for " +"strongSwan, kan du lese NEWS.Debian for Ã¥ finne ut hvordan du kan endre " +"oppsettet ditt tilsvarende." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr " Start strongSwan pÃ¥ nytt nÃ¥" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Det anbefales Ã¥ starte strongSwan pÃ¥ nytt nÃ¥, for om det var en " +"sikkerhetsrettelse, sÃ¥ fÃ¥r den ikke effekt før daemonen startes pÃ¥ nytt. " +"Imidlertid kan dette lukke eksisterende forbindelser og deretter koble dem " +"opp igjen, sÃ¥ hvis du bruker en slik strongSwan-tilkobling for denne " +"oppdateringen er det best Ã¥ ikke starte pÃ¥ nytt." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's IKEv1 daemon?" +msgstr "Skal strongSwans IKEv1-daemon startes?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The pluto daemon must be running to support version 1 of the Internet Key " +"Exchange protocol." +msgstr "" +"Pluto-daemonen mÃ¥ kjøre for Ã¥ kunne støtte versjon 1 av Internet Key " +"Exchange-protokollen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Start strongSwan's IKEv2 daemon?" +msgstr "Skal strongSwans IKEv2-daemon startes?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"The charon daemon must be running to support version 2 of the Internet Key " +"Exchange protocol." +msgstr "" +"Charon-daemonen mÃ¥ kjøre for Ã¥ kunne støtte versjon 2 av Internet Key " +"Exchange-protokollen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "Use an X.509 certificate for this host?" +msgstr "Skal et X.509-sertifikat brukes for denne vertsmaskinen?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Et X.509-sertifikat for denne verten kan importeres eller lages automatisk. " +"Det kan brukes til Ã¥ autentisere IPSec-tilkoblinger til andre verter og er " +"den foretrukne mÃ¥ten Ã¥ bygge opp sikre IPSec-tilkoblinger. Den andre " +"muligheten er Ã¥ bruke felles hemmeligheter (passord som er de samme pÃ¥ begge " +"sider av tunnelen) til Ã¥ autentisere en tilkobling, men for større antall " +"tilkoblinger er det lettere Ã¥ administrere nøkkel-basert autentisering, og " +"det er ogsÃ¥ sikrere." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Du kan ogsÃ¥ avvise dette valget og senere bruke kommandoen «dpkg -" +"reconfigure strongswan» for Ã¥ komme tilbake hit." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "create" +msgstr "opprett" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "import" +msgstr "importer" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"Metoder for Ã¥ bruke et X.509-sertifikat til Ã¥ autentisere denne verten:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Det er mulig Ã¥ opprette et nytt X.509-sertifikat med brukerdefinerte " +"innstillinger, eller Ã¥ importere en eksisterende offentlig og privat nøkkel " +"lagret i PEM-fil(er) til Ã¥ autentisere IPSec-tilkoblinger." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Hvis du velger Ã¥ opprette et nytt X.509-sertifikat blir det først stilt noen " +"spørsmÃ¥l som du mÃ¥ svare pÃ¥ før det kan lages et sertifikat. Husk pÃ¥ at hvis " +"du vil at en eksisterende sertifikatutsteder (CA) skal signere den " +"offentlige nøkkelen, sÃ¥ mÃ¥ du ikke lage et selvsignert sertifikat, og alle " +"svarene du gir mÃ¥ stemme nøyaktig overens med CA-ens krav, ellers kan " +"sertifikatsøknaden bli avvist." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Hvis du vil importere en eksisterende offentlig og privat nøkkel blir du " +"spurt etter filnavnene, som kan være samme navn hvis begge nøklene er lagret " +"i én fil. Du kan ogsÃ¥ om du vil oppgi et filnavn der offentlig(e) nøkkel/" +"nøkler for sertifikatutstederen er lagret, men dette kan ikke være samme fil " +"som de forrige. Vær ogsÃ¥ oppmerksom pÃ¥ at formatet for X.509-sertifikatene " +"mÃ¥ være PEM og at den private nøkkelen ikke mÃ¥ være kryptert, ellers kan " +"nøklene ikke importeres." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Filnavn for ditt X.509-sertifikat i PEM-format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Skriv inn stien til fila som inneholder ditt X.509-sertifikat i PEM-format." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Filnavn for din eksisterende private X.509-nøkkel i PEM-format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Skriv inn sti til fila som inneholder den private nøkkelen som tilsvarer " +"ditt X.509-sertifikat i PEM-format. Dette kan være den samme fila som X.509-" +"sertifikatet." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Filnavn for ditt rot-sertifikat i PEM-format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Om du vil kan du nÃ¥ skrive inn stien til fila som inneholder rotsertifikatet " +"til den sertifikatutstederen som brukes til Ã¥ signere ditt sertifikat, i PEM-" +"format. Hvis du ikke har ett eller ikke vil bruke det, sÃ¥ la det være tomt. " +"Merk at det ikke er mulig Ã¥ lagre rot-sertifikatet (RootCA) i samme fil som " +"ditt X.509-sertifikat eller provate nøkkel." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Skriv inn hvilken lengde det skal være pÃ¥ den genererte RSA-nøkkelen:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Skriv inn lengden for den RSA-nøkkelen som blir laget. Den bør ikke være " +"kortere enn 1024 bit fordi dette blir betraktet som usikkert, og du trenger " +"antakelig ikke mer enn 4096 bit fordi det bare forsinker " +"autentiseringsprosessen og ikke trengs nÃ¥." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Skal det lages et selvsignert X.509-sertifikat?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Bare selvsignerte X.509-sertifikater kan opprettes automatisk, fordi ellers " +"mÃ¥ en sertifikatutsteder (CA) signere sertifikatsøknaden. Hvis du velger Ã¥ " +"lage et selvsignert sertifikat, kan du straks bruke det til Ã¥ koble til " +"andre IPSec-verter som støtter X.509-sertifikater for autentisering av IPSec-" +"tilkoblinger. Men bruk av strongSwans PKI-funksjoner krever at alle " +"sertifikater mÃ¥ være signert av en enkelt sertifikatutsteder for Ã¥ lage en " +"tiltrodd kjede." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Hvis du velger Ã¥ ikke lage et selvsignert sertifikat, sÃ¥ blir bare en privat " +"RSA-nøkkel opprettet, sammen med en sertifikatsøknad som du mÃ¥ signere med " +"din CA (Certificate Authority)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "Country code for the X.509 certificate request:" +msgstr "Landskode for X.509-sertifikatsøknaden:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Skriv inn to-bokstavskoden for landet der tjeneren holder til (slik som «NO» " +"for Norge)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL vil ikke lage et sertifikat hvis dette ikke er en gyldig landskode i " +"følge ISO-3166, tomme felter godtas andre steder i X.509-sertifikatet, men " +"ikke her." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Stat eller provinsnavn for X.509-sertifikatsøknaden:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Skriv inn fullt navn pÃ¥ stat eller provins der tjeneren holder til (f.eks. " +"«Troms»)" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Stedsnavn for X.509-sertifikatsøknaden:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Skriv inn navnet pÃ¥ stedet der tjeneren holder til (ofte en by, slik som " +"«Tromsø»)" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Organisasjonsnavn for X.509-sertifikatsøknaden:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "Skriv inn organisasjonen som tjeneren tilhører (slik som «Debian»)" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Organisasjonsenhet for X.509-sertifikatsøknaden:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Skriv inn organisasjonsenhet som tjeneren tilhører (slik som " +"«sikkerhetsgruppa»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Entydig navn for X.509-sertifikatsøknaden:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Skriv inn entydig navn for denne verten (slik som «gateway.example.org»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Email address for the X.509 certificate request:" +msgstr "E-postadresse for X.509-sertifikatsøknaden:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Oppgi e-postadressen til person eller organisasjon som er ansvarlig for " +"X.509-sertifikatet." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "Enable opportunistic encryption?" +msgstr "SlÃ¥ pÃ¥ opportunistisk kryptering?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Denne versjonen av strongSwan støtter opportunistisk kryptering (OE), som " +"lagrer autentiseringsinformasjon for IPSec i DNS-data. Inntil dette er tatt " +"i vanlig bruk vil det gi en betydelig forsinkelse for hver ny utgÃ¥ende " +"tilkobling hvis dette er aktivert." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the pluto daemon " +"starts." +msgstr "" +"Du bør bare slÃ¥ pÃ¥ opportunistisk kryptering hvis du er sikker pÃ¥ at du vil " +"ha det. Det kan koble ut Internett-forbindelsen (standardruten) nÃ¥r pluto- " +"daemonen starter." + +#, fuzzy +#~| msgid "When to start strongSwan:" +#~ msgid "Do you wish to restart strongSwan?" +#~ msgstr "NÃ¥r strongSwan skal startes:" + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "Please enter the location of your X509 certificate in PEM format:" +#~ msgstr "" +#~ "Oppgi full sti til fila som inneholder ditt X.509-sertifikat i PEM-format." + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "Please enter the location of your X509 private key in PEM format:" +#~ msgstr "" +#~ "Oppgi full sti til fila som inneholder ditt X.509-sertifikat i PEM-format." + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "You may now enter the location of your X509 RootCA in PEM format:" +#~ msgstr "" +#~ "Oppgi full sti til fila som inneholder ditt X.509-sertifikat i PEM-format." + +#, fuzzy +#~| msgid "" +#~| "Please enter the two-letter ISO3166 country code that should be used in " +#~| "the certificate request." +#~ msgid "" +#~ "Please enter the 2 letter country code for your country. This code will " +#~ "be placed in the certificate request." +#~ msgstr "" +#~ "Oppgi tobokstavers ISO3166 landskode som skal brukes i sertifikatsøknaden." + +#, fuzzy +#~| msgid "" +#~| "Please enter the locality name (often a city) that should be used in the " +#~| "certificate request." +#~ msgid "" +#~ "Please enter the locality (e.g. city) where you live. This name will be " +#~ "placed in the certificate request." +#~ msgstr "Oppgi stedsnavn (ofte en by) som skal brukes i sertifikatsøknaden." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization name (often a company) that should be used " +#~| "in the certificate request." +#~ msgid "" +#~ "Please enter the organization (e.g. company) that the X509 certificate " +#~ "should be created for. This name will be placed in the certificate " +#~ "request." +#~ msgstr "" +#~ "Oppgi organisasjonsnavn (ofte et firma) som skal brukes i " +#~ "sertifikatsøknaden." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organizational unit name (often a department) that " +#~| "should be used in the certificate request." +#~ msgid "" +#~ "Please enter the organizational unit (e.g. section) that the X509 " +#~ "certificate should be created for. This name will be placed in the " +#~ "certificate request." +#~ msgstr "" +#~ "Oppgi organisasjonsenhet (ofte en avdeling som skal brukes i " +#~ "sertifikatsøknaden." + +#, fuzzy +#~| msgid "" +#~| "Please enter the common name (such as the host name of this machine) " +#~| "that should be used in the certificate request." +#~ msgid "" +#~ "Please enter the common name (e.g. the host name of this machine) for " +#~ "which the X509 certificate should be created for. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Oppgi vanlig navn (slik som vertsnavnet pÃ¥ denne maskinen) som skal " +#~ "brukes i sertifikatsøknaden." + +#~ msgid "earliest" +#~ msgstr "tidligst" + +#~ msgid "after NFS" +#~ msgstr "etter NFS" + +#~ msgid "after PCMCIA" +#~ msgstr "etter PCMCIA" + +#~ msgid "" +#~ "StrongSwan starts during system startup so that it can protect " +#~ "filesystems that are automatically mounted." +#~ msgstr "" +#~ "StrongSwan starter under systemoppstart, slik at det kan beskytte " +#~ "filsystemer som monteres automatisk." + +#~ msgid "" +#~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" +#~ " PCMCIA network card, it is best to start strongSwan as soon as\n" +#~ " possible, so that NFS mounts can be secured by IPSec;\n" +#~ " * after NFS: recommended when /usr is mounted through NFS and no\n" +#~ " PCMCIA network card is used;\n" +#~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" +#~ " network card or if it needs keys to be fetched from a locally running " +#~ "DNS\n" +#~ " server with DNSSec support." +#~ msgstr "" +#~ " * tidligst: hvis /usr ikke monteres via NFS og du ikke bruker et\n" +#~ " PCMCIA nettverkskort, sÃ¥ er det best Ã¥ starte strongSwan\n" +#~ " snarest mulig, slik at NFS-montering kan sikres med IPSec;\n" +#~ " * etter NFS: anbefales nÃ¥r /usr monteres via NFS og det ikke\n" +#~ " brukes noe PCMCIA nettverkskort.\n" +#~ " * etter PCMCIA: anbefales hvis IPSec-tilkoblingen bruker et PCMCIA\n" +#~ " nettverkskort eller om den trenger Ã¥ hente nøkler fra en lokal\n" +#~ " DNS-tjener med DNSSec-støtte. " + +#~ msgid "" +#~ "If you don't restart strongSwan now, you should do so manually at the " +#~ "first opportunity." +#~ msgstr "" +#~ "Hvis du ikke gjør en omstart pÃ¥ strongSwan nÃ¥, sÃ¥ bør du gjøre det " +#~ "manuelt ved første anledning." + +#~ msgid "Create an RSA public/private keypair for this host?" +#~ msgstr "Skal det lages et offentlig/privat RSA-nøkkelpar for denne verten?" + +#~ msgid "" +#~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " +#~ "authenticate IPSec connections to other hosts. RSA authentication is " +#~ "generally considered more secure and is easier to administer. You can use " +#~ "PSK and RSA authentication simultaneously." +#~ msgstr "" +#~ "StrongSwan kan bruke en delt nøkkel (PSK) eller et RSA-nøkkelpar for Ã¥ " +#~ "autentisere IPSec-forbindelser til andre verter. RSA-autentisering " +#~ "betraktes for det meste som sikrere og lettere Ã¥ administrere. Du kan " +#~ "bruke PSK og RSA-autentisering samtidig." + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Hvis du ikke vil lage et nytt offentlig/privat nøkkelpar, sÃ¥ kan du velge " +#~ "Ã¥ bruke et eksisterende nøkkelpar i neste steg." + +#~ msgid "" +#~ "The required information can automatically be extracted from an existing " +#~ "X.509 certificate with a matching RSA private key. Both parts can be in " +#~ "one file, if it is in PEM format. You should choose this option if you " +#~ "have such an existing certificate and key file and want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "Den informasjonen som trengs kan hentes automatisk fra et eksisterende " +#~ "X.509-sertifikat med tilhørende privat RSA-nøkkel. Begge deler kan være i " +#~ "én fil, hvis den er i PEM-format. Du bør velge dette hvis du har et slikt " +#~ "sertifikat og vil bruke det til Ã¥ autentisere IPSec-forbindelser." + +#~ msgid "RSA key length:" +#~ msgstr "RSA nøkkellengde:" + +#~ msgid "" +#~ "Please enter the length of RSA key you wish to generate. A value of less " +#~ "than 1024 bits is not considered secure. A value of more than 2048 bits " +#~ "will probably affect performance." +#~ msgstr "" +#~ "Oppgi lengde for RSA-nøkkelen du vil opprette. Kortere nøkler enn 1024 " +#~ "bit betraktes ikke som sikre. En nøkkellengde pÃ¥ mer enn 2048 bit vil " +#~ "antakelig gÃ¥ ut over ytelsen." + +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a certificate authority is needed to sign the certificate " +#~ "request." +#~ msgstr "" +#~ "Bare selvsignerte X.509-sertifikater kan lages automatisk, for ellers mÃ¥ " +#~ "en sertifikatutsteder signere sertifikatsøknaden." + +#~ msgid "" +#~ "If you accept this option, the certificate created can be used " +#~ "immediately to connect to other IPSec hosts that support authentication " +#~ "via an X.509 certificate. However, using strongSwan's PKI features " +#~ "requires a trust path to be created by having all X.509 certificates " +#~ "signed by a single authority." +#~ msgstr "" +#~ "Hvis du godtar dette, sÃ¥ kan det sertifikatet som lages bli brukt straks " +#~ "til Ã¥ kople til andre IPSec-verter som støtter autentisering via et X.509-" +#~ "sertifikat. Men om strongSwans PKI-del skal brukes, mÃ¥ det lages en " +#~ "tillitskjede ved at alle X.509-sertifikatene signeres av en enkelt " +#~ "utsteder." + +#~ msgid "" +#~ "This field is mandatory; otherwise a certificate cannot be generated." +#~ msgstr "" +#~ "Dette feltet er obligatorisk, uten det kan det ikke lages et sertifikat." diff --git a/debian/po/nl.po b/debian/po/nl.po new file mode 100644 index 000000000..f99bcc965 --- /dev/null +++ b/debian/po/nl.po @@ -0,0 +1,476 @@ +# Dutch translation of strongswan debconf templates. +# Copyright (C) 2005-2011 THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the strongswan package. +# Luk Claes <luk.claes@ugent.be>, 2005 +# Kurt De Bree <kdebree@telenet.be>, 2006. +# Jeroen Schot <schot@a-eskwadraat.nl>, 2011. +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan 4.5.0-1\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2010-08-09 12:15+0200\n" +"PO-Revision-Date: 2011-06-17 12:00+0200\n" +"Last-Translator: Jeroen Schot <schot@a-eskwadraat.nl>\n" +"Language-Team: Debian l10n Dutch <debian-l10n-dutch@lists.debian.org>\n" +"Language: nl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Het oude runlevel-beheer is vervangen" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Vorige versies van het strongSwan-pakket gaven de keuze tussen drie " +"verschillende Start/Stop-niveaus. Vanwege veranderingen aan de standaard " +"opstartprocedure van het systeem is dit niet langer nodig of nuttig. Er " +"worden nu logische standaardwaardes ingesteld voor zowel nieuwe installaties " +"als oude waarvoor één van de keuzes is gemaakt. Als u opwaardeert van een " +"vorige versie en uw strongSwan-opstartparameters heeft aangepast vindt u in " +"NEWS.Debian instructies over het aanpassen van uw opstelling." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "StrongSwan nu herstarten?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"U wordt aanbevolen om strongSwan te herstarten, want indien deze nieuwe " +"versie veiligheidsproblemen verhelpt worden deze pas echt opgelost bij een " +"herstart van de achtergronddienst. De meeste mensen verwachten dat de " +"achtergronddienst herstart, dus dit is meestal een goed idee. Hoewel, dit " +"kan bestaande verbindingen verbreken en ze dan opnieuw herstellen. Dus als u " +"een strongSwan-tunnel gebruikt voor deze verbinding kunt u beter niet " +"herstarten." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's IKEv1 daemon?" +msgstr "IKEv1-achtergronddienst van strongSwan starten?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The pluto daemon must be running to support version 1 of the Internet Key " +"Exchange protocol." +msgstr "" +"De pluto-achtergronddienst moet actief zijn om versie 1 van het Internet Key " +"Exchange protocol te ondersteunen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Start strongSwan's IKEv2 daemon?" +msgstr "IKEv2-achtergronddienst van strongSwan starten?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"The charon daemon must be running to support version 2 of the Internet Key " +"Exchange protocol." +msgstr "" +"De charon-achtergronddienst moet actief zijn om versie 2 van het Internet " +"Key Exchange protocol te ondersteunen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "Use an X.509 certificate for this host?" +msgstr "Moet er een X.509-certificaat voor deze computer gebruikt worden?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Een X.509-certificaat voor deze computer kan automatisch worden aangemaakt " +"of geïmporteerd. Deze kan worden gebruikt voor het authenticeren van IPsec-" +"verbindingen naar andere computers en is de beste manier om veilige IPsec-" +"verbindingen op te bouwen. Een andere mogelijkheid is om het gebruik van " +"shared secrets (wachtwoorden die hetzelfde zijn aan beide kanten van de " +"tunnel) voor het authenticeren van een verbinding, maar voor een groter " +"aantal verbindingen is authenticatie gebaseerd op sleutels makkelijker om te " +"beheren en veiliger." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"U kunt deze optie ook weigeren en op een later moment hier terug komen met " +"het commando \"dpkg-reconfigure strongswan\"." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "create" +msgstr "aanmaken" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "import" +msgstr "importeren" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"Methodes bij het gebruik van een X.509-certificaat voor authenticatie van " +"deze computer:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"U kunt een nieuw X.509-certificaat aanmaken met eigen instellingen of een " +"bestaand sleutelpaar in PEM-indeling importeren voor de authenticatie van " +"IPsec-verbindingen." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Als u ervoor kiest om een nieuw X.509-certificaat te maken zal u antwoord " +"moeten geven op een aantal vragen voordat het aanmaken kan beginnen. Wanneer " +"u uw publieke sleutel door een bestaande certificaat-autoriteit wilt laten " +"ondertekenen moet u niet voor een door uzelf getekend certificaat kiezen. " +"Ook moet u er op letten dat al uw antwoorden voldoen aan de eisen van deze " +"CA om te voorkomen dat deze uw ondertekeningsaanvraag zal weigeren." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Als u een bestaand sleutelpaar wilt importeren zal u gevraagd worden naar " +"hun bestandsnamen (deze kunnen hetzelfde zijn als beide delen in één bestand " +"zijn opgeslagen). U krijgt daarna ook de mogelijkheid om de bestandsnaam van " +"de publieke sleutel(s) van de certificaat-autoriteit op te geven. Dit moet " +"wel een ander bestand zijn. Let er ook op dat de X.509-certificaten in PEM-" +"indeling moeten zijn en dat de geheime sleutel niet versleuteld mag zijn, " +"anders zal de import-procedure mislukken." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Bestandsnaam van uw X.509-certificaat in PEM-indeling:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Geef de volledige locatie van het bestand dat uw X.509-certificaat in PEM-" +"indeling bevat." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Bestandsnaam van uw geheime X.509-sleutel in PEM-indeling:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Geef de volledige locatie van het bestand dat uw geheime RSA-sleutel bevat " +"die behoort bij uw X.509-certificaat in PEM-indeling. Dit kan hetzelfde " +"bestand zijn als dat wat uw X.509-certificaat bevat." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Bestandsnaam van uw X.509-RootCA in PEM-indeling:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"U heeft nu de mogelijkheid om de locatie van het bestand (in PEM-indeling) " +"dat het X.509-certificaat van de certificaat-autoriteit op te geven waarmee " +"uw certificaat wordt ondertekend. Als u deze niet heeft of als u geen " +"gebruik wilt maken van deze mogelijkheid dient u het veld leeg te laten. Let " +"op: Het is niet mogelijk om de RootCA in hetzelfde bestand te bewaren als uw " +"X.509-certificaat of geheime sleutel." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Geef de lengte voor de aan te maken RSA-sleutel:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Geef de lengte van de aan te maken RSA-sleutel. Het mag niet minder dan 1024 " +"bits zijn omdat dit als onveilig wordt beschouwd en u zult waarschijnlijk " +"niet meer dan 4096 bits nodig hebben omdat het enkel het authenticatieproces " +"vertraagt en op dit moment niet nodig is." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Wilt u een door uzelf getekend X.509-certificaat aanmaken?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Deze installatie kan enkel een door uzelf getekend X.509-certificaat " +"automatisch aanmaken omdat anders een certificaat-autoriteit nodig is om de " +"certificaataanvraag te tekenen. Als u een door uzelf getekend certificaat " +"wilt aanmaken, dan kunt u het onmiddellijk gebruiken om een verbinding te " +"leggen met andere IPsec-hosts die X.509-certificaten ondersteunen voor IPSec-" +"verbindingen. Als u echter strongSwan's PKI-mogelijkheden wilt gebruiken, " +"dan zult u alle X.509-certificaten moeten laten tekenen door één enkele " +"certificaat-autoriteit om een vertrouwenspad aan te maken." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Als u geen door uzelf getekend certificaat wilt aanmaken, dan zullen enkel " +"de geheime RSA-sleutel en de certificaataanvraag worden aangemaakt en zult " +"ude certificaataanvraag moeten laten tekenen door uw certificaat-autoriteit." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "Country code for the X.509 certificate request:" +msgstr "Landcode van de X.509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Geef de tweeletterige code voor het land waarin de server staat (zoals \"NL" +"\" voor Nederland)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL zal geen certificaat genereren als dit niet een geldige landcode uit " +"ISO-3166 is. Voor andere velden van het X.509-certificaat is het toegestaan " +"om ze leeg te laten, maar niet voor dit veld." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Staat of provincie voor de X.509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Geef de volledige naam van de staat of provincie waarin de server staat " +"(zoals \"Noord-Holland\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Plaatsnaam voor de X.509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Geef de plaats waar de server staat (vaak een stad zoals \"Amsterdam\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Naam van de organisatie voor de X.509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Geef op van welke organisatie deze server deel uitmaakt (zoals \"Debian\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Organisatie-eenheid voor de X.509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Geef op van welke organisatie-eenheid deze server deel uitmaakt (zoals " +"\"Afdeling beveiliging\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Naam (Common Name) voor de X.509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Geef de naam (Common Name) voor deze computer op (zoals \"gateway.example.org" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Email address for the X.509 certificate request:" +msgstr "E-mailadres voor de X.509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Geef het e-mailadres van de persoon of organisatie die verantwoordelijk is " +"voor het X.509-certificaat." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "Enable opportunistic encryption?" +msgstr "Wilt u opportunistische encryptie inschakelen?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Deze versie van strongSwan ondersteunt opportunistische versleuteling (OE), " +"welke IPsec-authenticatie-informatie opslaat in DNS-velden. Totdat dit op " +"grote schaal wordt toegepast zal het inschakelen hiervan voor een " +"significante vertraging zorgen voor nieuwe verbindingen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the pluto daemon " +"starts." +msgstr "" +"Schakel opportunistische versleuteling alleen in als u er zeker van bent dat " +"u dit wilt. Het kan er voor zorgen dat uw internetverbinding " +"(standaardroute) niet meer werkt zodra de pluto-achtergronddienst opstart." diff --git a/debian/po/pl.po b/debian/po/pl.po new file mode 100644 index 000000000..ad457d5ed --- /dev/null +++ b/debian/po/pl.po @@ -0,0 +1,481 @@ +# Copyright (C) 2010 +# This file is distributed under the same license as the strongswan package. +# +# MichaÅ‚ KuÅ‚ach <michal.kulach@gmail.com>, 2012. +msgid "" +msgstr "" +"Project-Id-Version: \n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2010-08-16 14:23+0200\n" +"PO-Revision-Date: 2012-01-31 15:36+0100\n" +"Last-Translator: MichaÅ‚ KuÅ‚ach <michal.kulach@gmail.com>\n" +"Language-Team: Polish <debian-l10n-polish@lists.debian.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.2\n" +"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " +"|| n%100>=20) ? 1 : 2);\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "ZastÄ…piono stare zarzÄ…dzanie poziomami uruchamiania" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Poprzednie wersje pakietu strongSwan umożliwiaÅ‚y wybór pomiÄ™dzy trzema " +"różnymi Start/Stop-Level. Z powodu zmian w procedurze uruchamiania systemu " +"podstawowego nie jest to dÅ‚użej ani potrzebne, ani użyteczne. W przypadku " +"zarównowszystkich nowych instalacji, jak i starych z którymÅ› z dziaÅ‚ajÄ…cych " +"trybów predefiniowanych, zostanÄ… przyjÄ™te domyÅ›lne, rozsÄ…dne poziomy. JeÅ›li " +"jest to aktualizacja z poprzedniej wersji i zmieniono parametry uruchamiania " +"strongSwan, proszÄ™ zapoznać siÄ™ z plikiem NEWS.Debian, aby dowiedzieć siÄ™ " +"jak odpowiednio zmodyfikować swojÄ… konfiguracjÄ™." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Zrestartować strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Restart strongSwan jest zalecany, ponieważ jest to poprawka bezpieczeÅ„stwa, " +"która nie zostanie uwzglÄ™dniona przed zrestartowaniem demona. WiÄ™kszość " +"użytkowników oczekuje restartu demona, wiÄ™c jest to z reguÅ‚y dobry pomysÅ‚. Z " +"drugiej strony może spowodować zerwanie i ponowne nawiÄ…zanie istniejÄ…cych " +"poÅ‚Ä…czeÅ„, wiÄ™c jeÅ›li aktualizacja jest przeprowadzana przez tunel " +"strongSwan, restartowanie nie jest wskazane." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's IKEv1 daemon?" +msgstr "Uruchomić demona IKEv1 strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The pluto daemon must be running to support version 1 of the Internet Key " +"Exchange protocol." +msgstr "" +"Demon pluto musi być uruchomiony, aby obsÅ‚użyć 1 wersjÄ™ protokoÅ‚u Internet " +"Key Exchange." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Start strongSwan's IKEv2 daemon?" +msgstr "Uruchomić demona IKEv2 strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"The charon daemon must be running to support version 2 of the Internet Key " +"Exchange protocol." +msgstr "" +"Demon charon musi być uruchomiony, aby obsÅ‚użyć 2 wersjÄ™ protokoÅ‚u Internet " +"Key Exchange." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "Use an X.509 certificate for this host?" +msgstr "Użyć certyfikatu X.509 dla tego komputera?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Certyfikat X.509 dla tego komputera może być automatycznie utworzony lub " +"zaimportowany. Może zostać wykorzystany do uwierzytelnienia poÅ‚Ä…czeÅ„ IPsec " +"do innych hostów i jest zalecanÄ… metodÄ… tworzenia bezpiecznych poÅ‚Ä…czeÅ„ " +"IPsec. InnÄ… możliwoÅ›ciÄ… jest użycie takich samych haseÅ‚ znanych obu stronom " +"tunelu (ang. shared secret) do uwierzytelnienia poÅ‚Ä…czenia, ale przy " +"wiÄ™kszej liczbie poÅ‚Ä…czeÅ„ Å‚atwiej jest zarzÄ…dzać uwierzytelnieniem za pomocÄ… " +"kluczy; jest to również bezpieczniejsze." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Można również wybrać \"nie\" i użyć później polecenia \"dpkg-reconfigure " +"strongswan\", aby powrócić do niniejszego wyboru opcji." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "create" +msgstr "utwórz" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "import" +msgstr "zaimportuj" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "Metody używajÄ…ce certyfikatu X.509 do uwierzytelniania tego komputera:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Istnieje możliwość stworzenia nowego certyfikatu X.509 z ustawieniami " +"użytkownika lub zaimportowania istniejÄ…cego klucza publicznego i prywatnego " +"z pliku/plików PEM do uwierzytelniania poÅ‚Ä…czeÅ„ IPsec." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"JeÅ›li zostanie wybrana opcja stworzenia nowego certyfikatu X.509, najpierw " +"zostanÄ… zadane pytania, na które bÄ™dzie trzeba odpowiedzieć przed " +"uruchomieniem procesu tworzenia certyfikatu. ProszÄ™ wziąć pod uwagÄ™, że aby " +"używać klucza publicznego podpisanego przez istniejÄ…cy oÅ›rodek certyfikacji " +"(CA), nie powinno siÄ™ wybierać opcji tworzenia podpisanego przez siebie " +"samego (ang. self-signed) certyfikatu, a wszystkie odpowiedzi muszÄ… idealnie " +"speÅ‚niać wymagania CA, w innym przypadku bowiem, certyfikat może zostać " +"odrzucony." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"W przypadku importowania istniejÄ…cego klucza publicznego i prywatnego, " +"pojawiÄ… siÄ™ pytania o ich nazwy (mogÄ… być identyczne, jeÅ›li obie części sÄ… " +"przechowywane w jednym pliku). Opcjonalnie, można również okreÅ›lić nazwÄ™ " +"pliku, gdzie bÄ™dzie przechowywany klucz (lub klucze) publiczny oÅ›rodka " +"certyfikacji (CA), nie może być jednak taka sama jak dwie poprzednie. ProszÄ™ " +"zauważyć, że formatem certyfikatów X.509 musi być PEM, a klucz prywatny nie " +"może być zaszyfrowany - w przeciwnym wypadku procedura zakoÅ„czy siÄ™ " +"niepowodzeniem." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Nazwa pliku certyfikatu X.509 użytkownika, w formacie PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"ProszÄ™ okreÅ›lić poÅ‚ożenie pliku zawierajÄ…cego certyfikat X.509 w formacie " +"PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Nazwa pliku klucza prywatnego X.509 użytkownika, w formacie PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"ProszÄ™ okreÅ›lić poÅ‚ożenie pliku zawierajÄ…cego certyfikat klucza publicznego " +"RSA użytkownika, odpowiadajÄ…cego certyfikatowi X.509 użytkownika w formacie " +"PEM. Może być to ten sam plik, który zawiera certyfikat X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Nazwa pliku X.509 RootCA użytkownika, w formacie PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Opcjonalnie, można teraz podać lokalizacjÄ™ pliku zawierajÄ…cego główny urzÄ…d " +"certyfikacji użyty do podpisu certyfikatu użytkownika w formacie PEM. W " +"przypadku nieposiadania takowego, proszÄ™ pozostawić pole puste. ProszÄ™ " +"zauważyć, że nie można przechowywać RootCA w tym samym pliku co certyfikat " +"X.509 lub klucz publiczny." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Please enter which length the created RSA key should have:" +msgstr "ProszÄ™ wprowadzić dÅ‚ugość tworzonego klucza RSA:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"ProszÄ™ wprowadzić dÅ‚ugość tworzonego klucza RSA. Nie powinna być ona " +"mniejsza niż 1024 bity, ponieważ może być wtedy niebezpieczna; nie ma " +"również potrzeby aby byÅ‚a wiÄ™ksza niż 4096 bity, ponieważ bÄ™dzie wtedy tylko " +"spowalniać proces uwierzytelnienia, a aktualnie nie ma potrzeby używania tak " +"dÅ‚ugich kluczy." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Utworzyć podpisany przez samego siebie certyfikat X.509?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"WyÅ‚Ä…cznie certyfikaty X.509 podpisane przez siebie mogÄ… być tworzone " +"automatycznie, ponieważ w przeciwnym wypadku potrzebny jest urzÄ…d " +"certyfikacji, aby podpisać żądany certyfikat. W przypadku wybrania opcji " +"utworzenia podpisanego przez siebie samego certyfikatu, można użyć go od " +"razu do poÅ‚Ä…czenia z innymi hostami IPsec, które obsÅ‚ugujÄ… certyfikat X.509 " +"do uwierzytelniania poÅ‚Ä…czeÅ„ IPsec. Jednakże, używanie funkcji PKI " +"strongSwan wymaga, aby wszystkie certyfikaty byÅ‚y podpisane przez pojedynczy " +"urzÄ…d certyfikacji, aby utworzyć zaufanÄ… Å›cieżkÄ™." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"W przypadku niewybrania opcji tworzenia certyfikatu podpisanego przez siebie " +"samego, utworzone zostanÄ… tylko klucz prywatny RSA i żądanie podpisania " +"certyfikatu, które bÄ™dzie musiaÅ‚o zostać podpisane przez odpowiedni urzÄ…d " +"certyfikacji, już za poÅ›rednictwem użytkownika." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "Country code for the X.509 certificate request:" +msgstr "Kod kraju do żądania podpisania certyfikatu X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"ProszÄ™ wprowadzić dwuliterowy kod kraju, w którym poÅ‚ożony jest serwer (np. " +"\"PL\" dla Polski)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL odmówi utworzenia certyfikatu, jeÅ›li nie jest to wÅ‚aÅ›ciwy kod kraju " +"ISO-3166; pozostawienie pustego pola, przy certyfikacie X.509, jest " +"dozwolone we wszystkich innych przypadkach, poza tym." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Nazwa regionu lub prowincji do żądania podpisania certyfikatu X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"ProszÄ™ wprowadzić peÅ‚nÄ… nazwÄ™ regionu lub prowincji w której poÅ‚ożony jest " +"serwer (np. \"Malopolska\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Nazwa lokalizacji do żądania podpisania certyfikatu X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"ProszÄ™ wprowadzić nazwÄ™ lokalizacji serwera (z reguÅ‚y miasto, np. \"Krakow" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Nazwa organizacji do żądania podpisania certyfikatu X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"ProszÄ™ wprowadzić nazwÄ™ organizacji, do której należy serwer (np. \"Debian" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Jednostka organizacyjna do żądania podpisania certyfikatu X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"ProszÄ™ wprowadzić nazwÄ™ jednostki organizacyjnej do której należy serwer " +"(np. \"grupa bezpieczeÅ„stwa\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Common Name for the X.509 certificate request:" +msgstr "" +"Nazwa domeny (ang. Common Name) do żądania podpisania certyfikatu X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"ProszÄ™ wprowadzić nazwÄ™ domeny (ang. Common Name) dla tego komputera (np. " +"\"gateway.example.org\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Email address for the X.509 certificate request:" +msgstr "Adres poczty elektronicznej do żądania podpisania certyfikatu X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"ProszÄ™ wprowadzić adres poczty elektronicznej osoby lub organizacji " +"odpowiedzialnej za certyfikat X.509." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "Enable opportunistic encryption?" +msgstr "WÅ‚Ä…czyć szyfrowanie oportunistyczne?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Ta wersja stronSwan obsÅ‚uguje tzw. szyfrowanie oportunistyczne (ang. " +"opportunistic encryption - OE), które przechowuje informacje o " +"uwierzytelnieniu IPSec w rekordach DNS. Dopóki nie zostanie ono szeroko " +"wdrożone, aktywacja tej opcji spowoduje odczuwalne opóźnienie dla każdego " +"nowego poÅ‚Ä…czenia wychodzÄ…cego." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the pluto daemon " +"starts." +msgstr "" +"Szyfrowanie oportunistyczne powinno być wÅ‚Ä…czone tylko przez osoby, które go " +"potrzebujÄ…. Może bowiem doprowadzić do przerwania poÅ‚Ä…czenia internetowego " +"(domyÅ›lnej trasy), kiedy tylko uruchomi siÄ™ demon pluto." diff --git a/debian/po/pt.po b/debian/po/pt.po new file mode 100644 index 000000000..7fd40d15c --- /dev/null +++ b/debian/po/pt.po @@ -0,0 +1,478 @@ +# translation of strongswan debconf to Portuguese +# Copyright (C) 2007 the strongswan's copyright holder +# This file is distributed under the same license as the strongswan package. +# +# LuÃsa Lourenço <kikentai@gmail.com>, 2007. +# Américo Monteiro <a_monteiro@netcabo.pt>, 2009, 2010. +msgid "" +msgstr "" +"Project-Id-Version: strongswan 4.4.0-1\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2010-08-09 12:15+0200\n" +"PO-Revision-Date: 2010-06-26 18:47+0100\n" +"Last-Translator: Américo Monteiro <a_monteiro@netcabo.pt>\n" +"Language-Team: Portuguese <traduz@debianpt.org>\n" +"Language: pt\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.0\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Antiga gestão de Runlevels substituÃda." + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Versões anteriores do pacote strongSwan deram uma hipótese entre três NÃveis-" +"Arranque/Paragem diferentes. Devido a alterações no procedimento standard de " +"arranque do sistema, isto não é mais necessário ou útil. Para todas as novas " +"instalação assim como para as antigas que correm em qualquer dos modos " +"predefinidos, serão agora definidos nÃveis sãos predefinidos. Se você está a " +"actualizar uma versão anterior e alterou os seus parâmetros de arranque do " +"strongSwan, então por favor veja NEWS.Debian para instruções sobre como " +"modificar a sua configuração apropriadamente." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Reiniciar agora o strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such " +"a strongSwan tunnel to connect for this update, restarting is not " +"recommended." +msgstr "" +"É recomendado reiniciar o strongSwan, porque se existir uma correcção de " +"segurança, esta não será aplicada até que o daemon seja reiniciado. A " +"maioria das pessoas espera que o daemon reinicie, portanto isto é geralmente " +"uma boa ideia. No entanto isto poderá fechar ligações existentes e depois " +"ligá-las de novo, portanto se você está a usar algo como um túnel do " +"strongSwan para ligar a esta actualização, o reiniciar não é recomendado." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's IKEv1 daemon?" +msgstr "Iniciar o daemon IKEv1 do strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The pluto daemon must be running to support version 1 of the Internet Key " +"Exchange protocol." +msgstr "" +"O daemon pluto precisa de estar a correr para suportar a versão 1 do " +"protocolo Internet Key Exchange." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Start strongSwan's IKEv2 daemon?" +msgstr "Iniciar o daemon IKEv2 do strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"The charon daemon must be running to support version 2 of the Internet Key " +"Exchange protocol." +msgstr "" +"O daemon charon precisa de estar a correr para suportar a versão 2 do " +"protocolo Internet Key Exchange." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "Use an X.509 certificate for this host?" +msgstr "Usar um certificado X.509 para esta máquina?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Pode ser criado automaticamente ou importado um certificado X.509 para esta " +"máquina. Pode ser usado para autenticar ligações IPsec para outras máquinas " +"e é a maneira preferida de construir ligações IPsec seguras. A outra " +"possibilidade seria usar segredos partilhados (palavras-passe que são iguais " +"em ambos os lados do túnel) para autenticar a ligação, mas para um grande " +"número de ligações, a autenticação baseada em chaves é mais fácil de " +"administrar e mais segura." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Alternativamente, você pode rejeitar esta opção e mais tarde usar o comando " +"\"dpkg-reconfigure strongswan\" para voltar aqui." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "create" +msgstr "criar" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "import" +msgstr "importar" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "Métodos de usar um certificado X.509 para autenticar esta máquina:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"É possÃvel criar um novo certificado X.509 com configurações definidas pelo " +"utilizador ou importar uma chave pública e privada existente em ficheiro(s) " +"PEM para autenticar ligações IPsec." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Se escolher criar um novo certificado X.509 ser-lhe-à primeiro perguntado um " +"número de questões que têm de ser respondidas antes da criação poder " +"iniciar. Por favor tenha em mente que se deseja que a chave pública seja " +"assinada por uma Autoridade de Certificados existente, você não deve " +"seleccionar a criação de um certificado auto-assinado e todas as respostas " +"dadas devem corresponder exactamente aos requisitos da AC, caso contrário o " +"pedido de certificado pode ser rejeitado." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Se deseja importar uma chave pública e privada existente, ser-lhe-à pedido " +"os seus nomes de ficheiros (que podem ser idênticos se ambas as partes " +"estiverem armazenadas juntamente no mesmo ficheiro). Opcionalmente você " +"também pode especificar um nome de ficheiro onde as chave(s) pública(s) da " +"Autoridade de Certificados são mantidas, mas este ficheiro não pode ser o " +"mesmo que os anteriores. Por favor tenha também em mente que o formato dos " +"certificados X.509 tem de ser PEM e que a chave privada não pode estar " +"encriptada ou o procedimento de importação irá falhar." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Nome de ficheiro do seu certificado X.509 em formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Por favor insira a localização do ficheiro que contém o seu certificado " +"X.509 em formato PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Nome do ficheiro da sua chave privada X.509 em formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Por favor insira a localização do ficheiro que contém a chave privada RSA " +"que coincide com o seu certificado X.509 em formato PEM. Este pode ser o " +"mesmo ficheiro que contém o certificado X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Nome de ficheiro do seu RootCA X.509 em formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Opcionalmente você pode agora indicar a localização do ficheiro que contém a " +"raiz da Autoridade de Certificados X.509 usada para assinar o seu " +"certificado em formato PEM. Se você não tem um ou não o quer usar, por favor " +"deixe o campo vazio. Por favor note que não é possÃvel armazenar a RootCA no " +"mesmo ficheiro que o seu certificado X.509 ou chave privada." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Por favor indique o comprimento que a chave RSA criada deve ter:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Por favor indique o comprimento que a chave RSA criada. Não deve ser menos " +"que 1024 bits porque isto seria considerado inseguro e provavelmente você " +"não vai precisar de nada maior que 4096 bits porque apenas atrasa o processo " +"de autenticação e de momento não é necessário." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Criar um certificado X.509 auto-assinado?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Apenas os certificados X.509 auto-assinados podem ser criados " +"automaticamente, porque caso contrário é necessário uma Autoridade de " +"Certificados para assinar o pedido de certificado. Se escolher criar um " +"certificado auto-assinado, você pode usá-lo imediatamente para ligar a " +"outras máquinas IPsec que suportam certificados X.509 para autenticação de " +"ligações IPsec. No entanto, usar as funcionalidades PKI do strongSwan requer " +"que todos os certificados seja assinados por uma única Autoridade de " +"Certificados para criar um caminho de confiança." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Se escolher não criar um certificado auto-assinado, apenas a chave RSA " +"privada e o pedido de certificado serão criados, e você tem que assinar o " +"pedido de certificado com a sua Autoridade de Certificados." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "Country code for the X.509 certificate request:" +msgstr "Código de paÃs para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Por favor indique o código de duas letras para o paÃs onde o servidor reside " +"(algo como \"PT\" para Portugal)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"O OpenSSL irá recusar gerar um certificado a menos que isto seja um código " +"ISO-3166 de paÃs válido; um campo vazio é permitido em qualquer parte do " +"certificado X.509, mas não aqui." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Estado ou nome da provÃncia para o pedido do certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Por favor insira o nome completo do estado ou provÃncia onde o servidor " +"reside (algo como \"Estremadura Portugal\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Nome da localidade para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Por favor indique a localidade onde o servidor reside (geralmente uma " +"cidade, tal como \"Lisboa\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Nome da organização para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Por favor indique a organização a que o servidor pertence (algo como \"Debian" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Unidade organizativa para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Por favor indique a unidade organizacional a que o servidor pertence (algo " +"como \"Departamento de Segurança\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Nome comum para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Por favor indique o Nome Comum para esta máquina (algo como \"gateway." +"exemplo.org\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Email address for the X.509 certificate request:" +msgstr "Endereço de email para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Por favor insira o endereço de email da pessoa ou organização responsável " +"pelo certificado X.509." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "Enable opportunistic encryption?" +msgstr "Activar encriptação oportunista?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Esta versão do strongSwan suporta encriptação oportunista (OE), a qual " +"guarda informação de autenticação IPSec em registos DNS. Até que isto esteja " +"amplamente instalado, a sua activação irá causar um atraso significativo em " +"cada nova ligação de saÃda." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the pluto daemon " +"starts." +msgstr "" +"Você deverá apenas activar a encriptação oportunista se tiver a certeza que " +"a quer. Pode quebrar a ligação à Internet (rota predefinida) assim que o " +"daemon pluto arrancar." diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po new file mode 100644 index 000000000..e9c7b66d1 --- /dev/null +++ b/debian/po/pt_BR.po @@ -0,0 +1,819 @@ +# Debconf translations for strongswan. +# Copyright (C) 2010 THE strongswan'S COPYRIGHT HOLDER +# This file is distributed under the same license as the strongswan package. +# +# André LuÃs Lopes <andrelop@debian.org>, 2005. +# Adriano Rafael Gomes <adrianorg@gmail.com>, 2010. +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2010-08-16 14:23+0200\n" +"PO-Revision-Date: 2010-12-12 00:00-0200\n" +"Last-Translator: Adriano Rafael Gomes <adrianorg@gmail.com>\n" +"Language-Team: Brazilian Portuguese <debian-l10n-portuguese@lists.debian." +"org>\n" +"Language: pt_BR\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"pt_BR utf-8\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Antigo gerenciamento de nÃvel de execução (\"runlevel\") obsoleto" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Versões anteriores do pacote strongSwan permitiam escolher entre três " +"diferentes NÃveis de InÃcio/Parada (\"Start/Stop-Levels\"). Devido a " +"mudanças no procedimento padrão de inicialização do sistema, isso não é mais " +"necessário ou útil. Para todas as novas instalações, bem como para as " +"antigas instalações executando em qualquer dos modos predefinidos, nÃveis " +"padrão adequados serão definidos agora. Se você está atualizando a partir de " +"uma versão anterior e alterou seus parâmetros de inicialização do " +"strongSwan, então, por favor, veja o arquivo NEWS.Debian para instruções " +"sobre como modificar sua configuração de acordo." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Reiniciar o strongSwan agora?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Reiniciar o strongSwan é recomendado, uma vez que caso exista uma correção " +"para uma falha de segurança, a mesma não será aplicada até que o daemon seja " +"reiniciado. A maioria das pessoas espera que o daemon seja reiniciado, " +"portanto essa é geralmente uma boa idéia. Porém, isso pode derrubar conexões " +"existentes, e então posteriormente trazê-las de volta, assim se você está " +"usando um túnel strongSwan para se conectar para fazer esta atualização, não " +"é recomendado reiniciar." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's IKEv1 daemon?" +msgstr "Iniciar o daemon IKEv1 do strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The pluto daemon must be running to support version 1 of the Internet Key " +"Exchange protocol." +msgstr "" +"O daemon \"pluto\" deve estar em execução para suportar a versão 1 do " +"protocolo Internet Key Exchange." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Start strongSwan's IKEv2 daemon?" +msgstr "Iniciar o daemon IKEv2 do strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"The charon daemon must be running to support version 2 of the Internet Key " +"Exchange protocol." +msgstr "" +"O daemon \"charon\" deve estar em execução para suportar a versão 2 do " +"protocolo Internet Key Exchange." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "Use an X.509 certificate for this host?" +msgstr "Usar um certificado X.509 para este host?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Um certificado X.509 para este host pode ser automaticamente criado ou " +"importado. Ele pode ser usado para autenticar conexões IPsec para outros " +"hosts e é a maneira preferida para construir conexões IPsec seguras. A outra " +"possibilidade seria usar segredos compartilhados (senhas que são iguais em " +"ambos os lados do túnel) para autenticar uma conexão, mas para um grande " +"número de conexões, a autenticação baseada em chaves é mais fácil de " +"administrar e mais segura." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Alternativamente, você pode rejeitar esta opção e mais tarde usar o comando " +"\"dpkg-reconfigure strongswan\" para voltar atrás." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "create" +msgstr "criar" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "import" +msgstr "importar" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "Métodos para usar um certificado X.509 para autenticar este host:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"É possÃvel criar um novo certificado X.509 com configurações definidas pelo " +"usuário ou importar um par de chaves pública e privada existente armazenado " +"em arquivo(s) PEM para autenticar conexões IPsec." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Se você escolher criar um novo certificado X.509, você primeiro será " +"perguntado sobre uma série de questões que devem ser respondidas antes que a " +"criação possa iniciar. Por favor, tenha em mente que se você quer que a " +"chave pública seja assinada por uma Autoridade Certificadora existente, você " +"não deve selecionar a criação de um certificado auto-assinado, e todas as " +"respostas dadas devem atender exatamente os requisitos da CA, ou a " +"requisição do certificado pode ser rejeitada." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Se você quiser importar um par de chaves pública e privada existente, você " +"será perguntado pelos seus nomes de arquivo (que podem ser idênticos se " +"ambas as partes estão armazenadas juntas em um arquivo único). " +"Opcionalmente, você pode também especificar um nome de arquivo onde a(s) " +"chave(s) pública(s) da Autoridade Certificadora é(são) mantida(s), mas este " +"arquivo não pode ser o mesmo que os anteriores. Por favor, também esteja " +"ciente de que os certificados X.509 devem estar no formato PEM, e de que a " +"chave privada não deve estar criptografada, ou o procedimento de importação " +"falhará." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Nome de arquivo do seu certificado X.509 no formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Por favor, informe a localização do arquivo contendo seu certificado X.509 " +"no formato PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Nome de arquivo da sua chave privada X.509 no formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Por favor, informe a localização do arquivo contendo a chave privada RSA que " +"casa com seu certificado X.509 no formato PEM. Este pode ser o mesmo arquivo " +"que contém o certificado X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Nome de arquivo da sua RootCA X.509 no formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Opcionalmente, você pode informar a localização do arquivo contendo a " +"Autoridade Certificadora X.509 raiz usada para assinar seu certificado no " +"formato PEM. Se você não tem uma, ou não quer usá-la, por favor, deixe o " +"campo vazio. Por favor, note que não é possÃvel armazenar a RootCA no mesmo " +"arquivo do seu certificado X.509 ou chave privada." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Por favor, informe que tamanho a chave RSA a ser criada deve ter:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Por favor, informe o tamanho da chave RSA a ser criada. A mesma não deve ser " +"menor que 1024 bits devido a uma chave de tamanho menor que esse ser " +"considerada insegura. Você também não precisará de nada maior que 4096 " +"porque isso somente deixaria o processo de autenticação mais lento e não " +"seria necessário no momento." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Criar um certificado X.509 auto-assinado?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Somente certificados X.509 auto-assinados podem ser criados automaticamente, " +"devido a uma Autoridade Certificadora ser necessária para assinar a " +"requisição de certificado. Caso você queira criar um certificado auto-" +"assinado, você poderá usá-lo imediatamente para conectar a outros hosts " +"IPsec que suportem certificados X.509 para autenticação de conexões IPsec. " +"Porém, usar os novos recursos PKI do strongSwan requer que todos seus " +"certificados sejam assinados por uma única Autoridade Certificadora para " +"criar um caminho de confiança." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Caso você não queira criar um certificado auto-assinado, somente a chave " +"privada RSA e a requisição de certificado serão criadas, e você terá que " +"assinar a requisição de certificado junto a sua Autoridade Certificadora." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "Country code for the X.509 certificate request:" +msgstr "Código de paÃs para a requisição de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Por favor, informe o código de duas letras do paÃs onde o servidor reside " +"(como \"BR\" para Brasil)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"O OpenSSL se recusará a gerar um certificado a menos que este valor seja um " +"código de paÃs ISO-3166 válido; um valor vazio é permitido em qualquer outro " +"campo do certificado X.509, mas não aqui." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Estado ou nome de provÃncia para a requisição de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Por favor, informe o nome completo do estado ou provÃncia em que o servidor " +"reside (como \"São Paulo\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Nome da localidade para a requisição de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Por favor, informe a localidade em que o servidor reside (como \"São Paulo" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Nome da organização para a requisição de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Por favor, informe a organização à qual o servidor pertence (como \"Debian" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Unidade organizacional para a requisição de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Por favor, informe a unidade organizacional à qual o servidor pertence (como " +"\"grupo de segurança\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Nome Comum para a requisição de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Por favor, informe o Nome Comum (\"Common Name\") para este host (como " +"\"gateway.example.org\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Email address for the X.509 certificate request:" +msgstr "Endereço de e-mail para a requisição de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Por favor, informe o endereço de e-mail da pessoa ou organização responsável " +"pelo certificado X.509." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "Enable opportunistic encryption?" +msgstr "Habilitar encriptação oportunista?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Esta versão do strongSwan suporta encriptação oportunista (OE), a qual " +"armazena informação de autenticação IPsec em registros DNS. Até que isso " +"seja amplamente difundido, ativá-la causará uma demora significante para " +"cada nova conexão de saÃda." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the pluto daemon " +"starts." +msgstr "" +"Você deve habilitar a encriptação oportunista somente se você tiver certeza " +"de querê-la. Ela pode quebrar a conexão à Internet (rota padrão) quando o " +"daemon \"pluto\" iniciar." + +#, fuzzy +#~ msgid "Do you wish to restart strongSwan?" +#~ msgstr "Você deseja reiniciar o Openswan ?" + +#, fuzzy +#~ msgid "Please enter the location of your X509 certificate in PEM format:" +#~ msgstr "" +#~ "Por favor, informe a localização do arquivo contendo seu certificado X509 " +#~ "no formato PEM." + +#, fuzzy +#~ msgid "Please enter the location of your X509 private key in PEM format:" +#~ msgstr "" +#~ "Por favor, informe a localização do arquivo contendo seu certificado X509 " +#~ "no formato PEM." + +#, fuzzy +#~ msgid "You may now enter the location of your X509 RootCA in PEM format:" +#~ msgstr "" +#~ "Por favor, informe a localização do arquivo contendo seu certificado X509 " +#~ "no formato PEM." + +#, fuzzy +#~| msgid "" +#~| "Please enter the 2 letter country code for your country. This code will " +#~| "be placed in the certificate request." +#~ msgid "" +#~ "Please enter the 2 letter country code for your country. This code will " +#~ "be placed in the certificate request." +#~ msgstr "" +#~ "Por favor, informe o códifo de paÃs de duas letras para seu paÃs. Esse " +#~ "código será inserido na requisição de certificado." + +#~ msgid "Example: AT" +#~ msgstr "Exemplo: BR" + +#~ msgid "Example: Upper Austria" +#~ msgstr "Exemplo : Sao Paulo" + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization (e.g. company) that the X509 certificate " +#~| "should be created for. This name will be placed in the certificate " +#~| "request." +#~ msgid "" +#~ "Please enter the locality (e.g. city) where you live. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Por favor, informe a organização (ou seja, a empresa) para a qual este " +#~ "certificado X509 deverá ser criado. Esse nome será inserido na requisição " +#~ "de certificado." + +#~ msgid "Example: Vienna" +#~ msgstr "Exemplo : Sao Paulo" + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization (e.g. company) that the X509 certificate " +#~| "should be created for. This name will be placed in the certificate " +#~| "request." +#~ msgid "" +#~ "Please enter the organization (e.g. company) that the X509 certificate " +#~ "should be created for. This name will be placed in the certificate " +#~ "request." +#~ msgstr "" +#~ "Por favor, informe a organização (ou seja, a empresa) para a qual este " +#~ "certificado X509 deverá ser criado. Esse nome será inserido na requisição " +#~ "de certificado." + +#~ msgid "Example: Debian" +#~ msgstr "Exemplo : Debian" + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization (e.g. company) that the X509 certificate " +#~| "should be created for. This name will be placed in the certificate " +#~| "request." +#~ msgid "" +#~ "Please enter the organizational unit (e.g. section) that the X509 " +#~ "certificate should be created for. This name will be placed in the " +#~ "certificate request." +#~ msgstr "" +#~ "Por favor, informe a organização (ou seja, a empresa) para a qual este " +#~ "certificado X509 deverá ser criado. Esse nome será inserido na requisição " +#~ "de certificado." + +#~ msgid "Example: security group" +#~ msgstr "Exemplo : Grupo de Segurança" + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization (e.g. company) that the X509 certificate " +#~| "should be created for. This name will be placed in the certificate " +#~| "request." +#~ msgid "" +#~ "Please enter the common name (e.g. the host name of this machine) for " +#~ "which the X509 certificate should be created for. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Por favor, informe a organização (ou seja, a empresa) para a qual este " +#~ "certificado X509 deverá ser criado. Esse nome será inserido na requisição " +#~ "de certificado." + +#~ msgid "Example: gateway.debian.org" +#~ msgstr "Exemplo : gateway.debian.org" + +#, fuzzy +#~ msgid "When to start strongSwan:" +#~ msgstr "Você deseja reiniciar o Openswan ?" + +#, fuzzy +#~ msgid "Create an RSA public/private keypair for this host?" +#~ msgstr "" +#~ "Você deseja criar um par de chaves RSA pública/privada para este host ?" + +#, fuzzy +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Você deseja criar um par de chaves RSA pública/privada para este host ?" + +#, fuzzy +#~ msgid "" +#~ "The required information can automatically be extracted from an existing " +#~ "X.509 certificate with a matching RSA private key. Both parts can be in " +#~ "one file, if it is in PEM format. You should choose this option if you " +#~ "have such an existing certificate and key file and want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "Este instalador pode extrair automaticamente a informação necessária de " +#~ "um certificado X509 existente com uma chave RSA privada adequada. Ambas " +#~ "as partes podem estar em um arquivo, caso estejam no formato PEM. Você " +#~ "possui um certificado existente e um arquivo de chave e quer usá-los para " +#~ "autenticar conexões IPSec ?" + +#, fuzzy +#~| msgid "" +#~| "Please enter the locality (e.g. city) where you live. This name will be " +#~| "placed in the certificate request." +#~ msgid "" +#~ "Please enter the locality name (often a city) that should be used in the " +#~ "certificate request." +#~ msgstr "" +#~ "Por favor, informe a localidade (ou seja, cidade) onde você mora. Esse " +#~ "nome será inserido na requisição de certificado." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organizational unit (e.g. section) that the X509 " +#~| "certificate should be created for. This name will be placed in the " +#~| "certificate request." +#~ msgid "" +#~ "Please enter the organization name (often a company) that should be used " +#~ "in the certificate request." +#~ msgstr "" +#~ "Por favor, informe a unidade organizacional (ou seja, seção ou " +#~ "departamento) para a qual este certificado deverá ser criado. Esse nome " +#~ "será inserido na requisição de certificado." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organizational unit (e.g. section) that the X509 " +#~| "certificate should be created for. This name will be placed in the " +#~| "certificate request." +#~ msgid "" +#~ "Please enter the organizational unit name (often a department) that " +#~ "should be used in the certificate request." +#~ msgstr "" +#~ "Por favor, informe a unidade organizacional (ou seja, seção ou " +#~ "departamento) para a qual este certificado deverá ser criado. Esse nome " +#~ "será inserido na requisição de certificado." + +#, fuzzy +#~| msgid "" +#~| "Please enter the common name (e.g. the host name of this machine) for " +#~| "which the X509 certificate should be created for. This name will be " +#~| "placed in the certificate request." +#~ msgid "" +#~ "Please enter the common name (such as the host name of this machine) that " +#~ "should be used in the certificate request." +#~ msgstr "" +#~ "Por favor, informe o nome comum (ou seja, o nome do host dessa máquina) " +#~ "para o qual o certificado X509 deverá ser criado. Esse nome será inserido " +#~ "na requisição de certificado." + +#~ msgid "earliest, \"after NFS\", \"after PCMCIA\"" +#~ msgstr "o quando antes, \"depois do NFS\", \"depois do PCMCIA\"" + +#, fuzzy +#~ msgid "" +#~ "There are three possibilities when strongSwan can start: before or after " +#~ "the NFS services and after the PCMCIA services. The correct answer " +#~ "depends on your specific setup." +#~ msgstr "" +#~ "Com os nÃveis de inicialização atuais do Debian (quase todos os serviços " +#~ "iniciando no nÃvel 20) é impossÃvel para o Openswan sempre iniciar no " +#~ "momento correto. Existem três possibilidades para quando iniciar o " +#~ "Openswan : antes ou depois dos serviços NFS e depois dos serviços PCMCIA. " +#~ "A resposta correta depende se sua configuração especÃfica." + +#, fuzzy +#~ msgid "" +#~ "If you do not have your /usr tree mounted via NFS (either you only mount " +#~ "other, less vital trees via NFS or don't use NFS mounted trees at all) " +#~ "and don't use a PCMCIA network card, then it's best to start strongSwan " +#~ "at the earliest possible time, thus allowing the NFS mounts to be secured " +#~ "by IPSec. In this case (or if you don't understand or care about this " +#~ "issue), answer \"earliest\" to this question (the default)." +#~ msgstr "" +#~ "Caso você não possua sua à rvore /usr montada via NFS (você somente monta " +#~ "outras à rvores não vitais via NFS ou não usa à rvores montadas via NFS) e " +#~ "não use um cartão de rede PCMCIA, a melhor opção é iniciar o Openswan o " +#~ "quando antes, permitindo dessa forma que os pontos de montagem NFS " +#~ "estejam protegidos por IPSec. Nesse caso (ou caso você não compreenda ou " +#~ "não se importe com esse problema), responda \"o quando antes\" para esta " +#~ "pergunta (o que é o padrão)." + +#, fuzzy +#~ msgid "" +#~ "If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +#~ "card, then you will need to start strongSwan after NFS so that all " +#~ "necessary files are available. In this case, answer \"after NFS\" to this " +#~ "question. Please note that the NFS mount of /usr can not be secured by " +#~ "IPSec in this case." +#~ msgstr "" +#~ "Caso você possua sua à rvore /usr montada via NFS e não use um cartão de " +#~ "rede PCMCIA, você precisará iniciar o Openswan depois do NFS de modo que " +#~ "todos os arquivos necessários estejam disponÃveis. Nesse caso, responda " +#~ "\"depois do NFS\" para esta pergunta. Por favor, note que a montagem NFS " +#~ "de /usr não poderá ser protegida pelo IPSec nesse caso." + +#~ msgid "" +#~ "If you use a PCMCIA network card for your IPSec connections, then you " +#~ "only have to choose to start it after the PCMCIA services. Answer \"after " +#~ "PCMCIA\" in this case. This is also the correct answer if you want to " +#~ "fetch keys from a locally running DNS server with DNSSec support." +#~ msgstr "" +#~ "Caso você use um cartão de rede PCMCIA para suas conexões IPSec você " +#~ "precisará somente optar por iniciar o Opensan depois dos serviços PCMCIA. " +#~ "Responda \"depois do PCMCIA\" nesse caso. Esta é também a maneira correta " +#~ "de obter chaves de um servidor DNS sendo executado localmente e com " +#~ "suporte a DNSSec." + +#, fuzzy +#~ msgid "Do you wish to support IKEv1?" +#~ msgstr "Você deseja reiniciar o Openswan ?" + +#, fuzzy +#~ msgid "Do you wish to support IKEv2?" +#~ msgstr "Você deseja reiniciar o Openswan ?" + +#, fuzzy +#~ msgid "" +#~ "strongSwan comes with support for opportunistic encryption (OE), which " +#~ "stores IPSec authentication information (i.e. RSA public keys) in " +#~ "(preferably secure) DNS records. Until this is widely deployed, " +#~ "activating it will cause a significant slow-down for every new, outgoing " +#~ "connection. Since version 2.0, strongSwan upstream comes with OE enabled " +#~ "by default and is thus likely to break your existing connection to the " +#~ "Internet (i.e. your default route) as soon as pluto (the strongSwan " +#~ "keying daemon) is started." +#~ msgstr "" +#~ "O Openswan suporta encriptação oportunÃstica (OE), a qual armazena " +#~ "informações de autenticação IPSec (por exemplo, chaves públicas RSA) em " +#~ "registros DNS (preferivelmente seguros). Até que esse suporte esteja " +#~ "largamento sendo utilizado, ativá-lo irá causar uma signficante lentidão " +#~ "para cada nova conexão de saÃda. Iniciando a partir da versão 2.0, o " +#~ "Openswan, da forma como é distribuÃdo pelos desenvolvedores oficiais, é " +#~ "fornecido com o suporte a OE habilitado por padrão e, portanto, " +#~ "provavelmente irá quebrar suas conexões existentes com a Internet (por " +#~ "exemplo, sua rota padrão) tão logo o pluto (o daemon de troca de chaves " +#~ "do Openswan) seja iniciado." + +#~ msgid "" +#~ "Please choose whether you want to enable support for OE. If unsure, do " +#~ "not enable it." +#~ msgstr "" +#~ "Por favor, informe se você deseja habilitar o suporte a OE. Em caso de " +#~ "dúvidas, não habilite esse suporte." + +#~ msgid "x509, plain" +#~ msgstr "x509, pura" + +#, fuzzy +#~ msgid "The type of RSA keypair to create:" +#~ msgstr "Qual tipo de par de chaves RSA você deseja criar ?" + +#, fuzzy +#~ msgid "" +#~ "It is possible to create a plain RSA public/private keypair for use with " +#~ "strongSwan or to create a X509 certificate file which contains the RSA " +#~ "public key and additionally stores the corresponding private key." +#~ msgstr "" +#~ "É possÃvel criar um par de chaves RSA pública/privada pura (plain) para " +#~ "uso com o Openswan ou para criar um arquivo de certificado X509 que irá " +#~ "conter a chave RSA pública e adicionalmente armazenar a chave privada " +#~ "correspondente." + +#, fuzzy +#~ msgid "" +#~ "If you only want to build up IPSec connections to hosts also running " +#~ "strongSwan, it might be a bit easier using plain RSA keypairs. But if you " +#~ "want to connect to other IPSec implementations, you will need a X509 " +#~ "certificate. It is also possible to create a X509 certificate here and " +#~ "extract the RSA public key in plain format if the other side runs " +#~ "strongSwan without X509 certificate support." +#~ msgstr "" +#~ "Caso você queira somente construir conexões IPsec para hosts e também " +#~ "executar o Openswan, pode ser um pouco mais fácil usar pares de chaves " +#~ "RSA puros (plain). Mas caso você queira se conectar a outras " +#~ "implementações IPSec, você precisará de um certificado X509. É também " +#~ "possÃvel criar um certificado X509 aqui e extrair a chave pública em " +#~ "formato puro (plain) caso o outro lado execute o Openswan sem suporte a " +#~ "certificados X509." + +#, fuzzy +#~ msgid "" +#~ "Therefore a X509 certificate is recommended since it is more flexible and " +#~ "this installer should be able to hide the complex creation of the X509 " +#~ "certificate and its use in strongSwan anyway." +#~ msgstr "" +#~ "Um certificado X509 é recomendado, uma vez que o mesmo é mais flexÃvel e " +#~ "este instalador é capaz de simplificar a complexa criação do certificado " +#~ "X509 e seu uso com o Openswan." + +#, fuzzy +#~ msgid "Please choose the when to start strongSwan:" +#~ msgstr "Você deseja reiniciar o Openswan ?" + +#, fuzzy +#~ msgid "At which level do you wish to start strongSwan ?" +#~ msgstr "Em que nÃvel você deseja iniciar o Openswan ?" + +#~ msgid "2048" +#~ msgstr "2048" diff --git a/debian/po/ru.po b/debian/po/ru.po new file mode 100644 index 000000000..e3e3ffb09 --- /dev/null +++ b/debian/po/ru.po @@ -0,0 +1,473 @@ +# translation of ru.po to Russian +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the strongswan package. +# +# Yuri Kozlov <yuray@komyakino.ru>, 2009, 2010. +msgid "" +msgstr "" +"Project-Id-Version: strongswan 4.4.0-1\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2010-08-09 12:15+0200\n" +"PO-Revision-Date: 2010-06-25 19:08+0400\n" +"Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n" +"Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n" +"Language: ru\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" +"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Заменена ÑиÑтема ÑƒÐ¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð¸Ñ ÑƒÑ€Ð¾Ð²Ð½Ñми выполнениÑ" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Ð’ предыдущих верÑиÑÑ… пакета strongSwan предлагалÑÑ Ð²Ñ‹Ð±Ð¾Ñ€ между Ñ‚Ñ€ÐµÐ¼Ñ " +"уровнÑми запуÑка/оÑтанова. Из-за изменений Ñтандартной процедуры запуÑка в " +"ÑиÑтеме Ñто больше не требуетÑÑ Ð¸ ненужно. Ð’ новых уÑтановках, а также в " +"Ñтарых, работающих на любом уровне, будут выбраны разумные уровни по " +"умолчанию. ЕÑли выполнÑÑ‚ÑÑ Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ðµ предыдущей верÑии и вы изменÑли " +"параметры запуÑка strongSwan, прочитайте инÑтрукции из файла NEWS.Debian о " +"том, как изменить ÑоответÑтвующую наÑтройку." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "ПерезапуÑтить strongSwan прÑмо ÑейчаÑ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such " +"a strongSwan tunnel to connect for this update, restarting is not " +"recommended." +msgstr "" +"РекомендуетÑÑ Ð¿ÐµÑ€ÐµÐ·Ð°Ð¿ÑƒÑтить strongSwan, так как при наличии иÑправлений " +"безопаÑноÑти они не заработают, пока Ñлужба не будет перезапущена. " +"БольшинÑтво людей вÑÑ‘ равно перезапуÑкают Ñлужбу, поÑтому обычно лучше Ñто " +"Ñделать. Однако Ñто может привеÑти к кратковременному разрыву ÑущеÑтвующих " +"Ñоединений, поÑтому еÑли вы ÑÐµÐ¹Ñ‡Ð°Ñ Ð¸Ñпользуете туннель strongSwan Ð´Ð»Ñ " +"Ð¿Ð¾Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð¸Ñ Ð¿ÐµÑ€ÐµÐ·Ð°Ð¿ÑƒÑк не рекомендуетÑÑ." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's IKEv1 daemon?" +msgstr "ЗапуÑтить Ñлужбу strongSwan IKEv1?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The pluto daemon must be running to support version 1 of the Internet Key " +"Exchange protocol." +msgstr "" +"Ð”Ð»Ñ Ð¿Ð¾Ð´Ð´ÐµÑ€Ð¶ÐºÐ¸ 1-й верÑии протокола обмена ключами Интернет должна быть " +"запущена Ñлужба pluto." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Start strongSwan's IKEv2 daemon?" +msgstr "ЗапуÑтить Ñлужбу strongSwan IKEv2?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"The charon daemon must be running to support version 2 of the Internet Key " +"Exchange protocol." +msgstr "" +"Ð”Ð»Ñ Ð¿Ð¾Ð´Ð´ÐµÑ€Ð¶ÐºÐ¸ 2-й верÑии протокола обмена ключами Интернет должна быть " +"запущена Ñлужба charon." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "Use an X.509 certificate for this host?" +msgstr "ИÑпользовать ÑущеÑтвующий Ñертификат X.509 Ð´Ð»Ñ Ñтого узла?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Сертификат X.509 Ð´Ð»Ñ Ñтого узла может быть автоматичеÑки Ñоздан или " +"импортирован. Он может иÑпользоватьÑÑ Ð´Ð»Ñ Ð°ÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ð¸ IPSec Ñоединений Ñ " +"другими узлами, и Ñто ÑвлÑетÑÑ Ð¿Ñ€ÐµÐ´Ð¿Ð¾Ñ‡Ñ‚Ð¸Ñ‚ÐµÐ»ÑŒÐ½Ñ‹Ð¼ ÑпоÑобом ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ð±ÐµÐ·Ð¾Ð¿Ð°Ñных " +"Ñоединений IPSec. Также Ð´Ð»Ñ Ð°ÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ð¸ ÑÐ¾ÐµÐ´Ð¸Ð½ÐµÐ½Ð¸Ñ Ð¼Ð¾Ð¶Ð½Ð¾ иÑпользовать " +"общие Ñекреты (одинаковые пароли на обоих концах туннелÑ), но при большом " +"количеÑтве Ñоединений Ð°ÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ñ Ð¿Ð¾ ключам легче в админиÑтрировании и " +"она более безопаÑна." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Или же вы можете ответить отрицательно и позже вернутьÑÑ Ðº Ñтому вопроÑу " +"запуÑтив команду \"dpkg-reconfigure ostrongswan\"." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "create" +msgstr "Ñоздать" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "import" +msgstr "импортировать" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "Методы, иÑпользующие Ñертификат X.509 Ð´Ð»Ñ Ð°ÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ð¸ данного узла:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Возможно Ñоздать новый Ñертификат X.509, заданный пользователем, или " +"импортировать ÑущеÑтвующий открытый и закрытый ключи из файла(ов) PEM Ð´Ð»Ñ " +"аутентификации Ñоединений IPsec." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"ЕÑли вы выберете Ñоздание нового Ñертификата X.509, то Ñначала вам будет " +"задано неÑколько вопроÑов, на которые нужно ответить до начала ÑозданиÑ. " +"Учтите, что еÑли вы хотите подпиÑать открытый ключ в дейÑтвующем центре " +"Ñертификации, то вам ненужно выбирать Ñоздание ÑамоподпиÑанного Ñертификата, " +"и вÑе ответы должны точно удовлетворÑÑ‚ÑŒ требованиÑм ЦС, иначе Ð·Ð°Ð¿Ñ€Ð¾Ñ " +"Ñертификата может быть отклонён." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"ЕÑли вы хотите импортировать ÑущеÑтвующий открытый и закрытый ключи, то вам " +"будет предложено указать имена файлов Ñ Ð½Ð¸Ð¼Ð¸ (которые могут быть одинаковы, " +"еÑли обе чаÑти хранÑÑ‚ÑÑ Ð² одном файле). Также вы можете указать Ð¸Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð°, " +"где хранитÑÑ Ð¾Ñ‚ÐºÑ€Ñ‹Ñ‚Ñ‹Ð¹ ключ(и) центра Ñертификации, но Ñтот файл не может " +"Ñовпадать Ñ Ð¿Ñ€ÐµÐ´Ñ‹Ð´ÑƒÑ‰Ð¸Ð¼Ð¸. Заметим, что формат Ñертификатов X.509 должен быть " +"PEM и что закрытый ключ не должен быть зашифрован, иначе процедура импорта " +"завершитÑÑ Ð½ÐµÑƒÐ´Ð°Ñ‡Ð½Ð¾." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Ð˜Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð° Ñертификата X.509 в формате PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Введите полный путь к файлу, Ñодержащему ваш Ñертификат X.509 в формате PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Ð˜Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð° Ñертификата X.509 в формате PEM Ñ Ð·Ð°ÐºÑ€Ñ‹Ñ‚Ñ‹Ð¼ ключом:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Введите путь к файлу, Ñодержащему закрытый ключ RSA Ð´Ð»Ñ Ð²Ð°ÑˆÐµÐ³Ð¾ Ñертификата " +"X.509 в формате PEM. Ðто может быть тот же файл, что и Ð´Ð»Ñ Ñертификата X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Ð˜Ð¼Ñ Ñ„Ð°Ð¹Ð»Ð° Ñертификата X.509 в формате PEM Ð´Ð»Ñ RootCA:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Также вы можете ввеÑти раÑположение файла Ñ Ñертификатом корневого центра " +"Ñертификации X.509, иÑпользуемого Ð´Ð»Ñ Ð¿Ð¾Ð´Ð¿Ð¸Ñи вашего Ñертификата в формате " +"PEM. ЕÑли у Ð²Ð°Ñ ÐµÐ³Ð¾ нет или вы не хотите его иÑпользовать, то оÑтавьте поле " +"пуÑтым. Заметим, что невозможно хранить RootCA в одном файле Ñ Ð²Ð°ÑˆÐ¸Ð¼ " +"открытым или закрытым ключом Ñертификата X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Длина Ñоздаваемого ключа RSA:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Введите длину необходимую длину ключа RSA. Она должна быть не менее 1024 " +"бит, так как Ð¼ÐµÐ½ÑŒÑˆÐ°Ñ Ð½Ðµ ÑчитаетÑÑ Ð±ÐµÐ·Ð¾Ð¿Ð°Ñной, и вам, вероÑтно, не нужно " +"задавать значение более 4096, так как Ñто только замедлит процеÑÑ " +"аутентификации и, в наÑтоÑщее времÑ, не очень рационально." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Создать ÑамоподпиÑанный Ñертификат X.509?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"ПроцеÑÑ ÑƒÑтановки умеет Ñоздавать автоматичеÑки только ÑамоподпиÑанные " +"Ñертификаты X.509, так как иначе требуетÑÑ Ñ€Ð°Ð±Ð¾Ñ‚Ð° центра Ñертификации Ð´Ð»Ñ " +"подпиÑи запроÑа Ñертификата. Созданный ÑамоподпиÑанный Ñертификат Ñразу " +"можно иÑпользовать Ð´Ð»Ñ Ð¿Ð¾Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð¸Ñ Ðº другим машинам Ñ IPSec, которые " +"поддерживают Ñертификаты X.509 Ð´Ð»Ñ Ð°ÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ð¸ Ñоединений IPSec. Однако, " +"еÑли вы хотите воÑпользоватьÑÑ Ð½Ð¾Ð²Ñ‹Ð¼Ð¸ возможноÑÑ‚Ñми PKI из strongSwan, то " +"вÑе ваши Ñертификаты X.509 должны быть подпиÑаны единым Ñертификационным " +"центром Ð´Ð»Ñ ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ Ð´Ð¾Ð²ÐµÑ€Ð¸Ñ‚ÐµÐ»ÑŒÐ½Ð¾Ð³Ð¾ пути." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"ЕÑли вы ответите отрицательно, то будет Ñоздан только закрытый ключ RSA, а " +"также Ð·Ð°Ð¿Ñ€Ð¾Ñ Ð´Ð»Ñ Ñертификата, который вам нужно подпиÑать в центре " +"Ñертификации." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "Country code for the X.509 certificate request:" +msgstr "Код Ñтраны Ð´Ð»Ñ Ð·Ð°Ð¿Ñ€Ð¾Ñа Ñертификата X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Введите двухбуквенный код Ñтраны, где раÑположен Ñервер (например, \"RU\" в " +"РоÑÑии)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"ЗдеÑÑŒ нужно ввеÑти правильный код Ñтраны ÑоглаÑно ISO-3166, так как OpenSSL " +"откажетÑÑ Ð³ÐµÐ½ÐµÑ€Ð¸Ñ€Ð¾Ð²Ð°Ñ‚ÑŒ Ñертификаты в противном Ñлучае. ПуÑтое значение " +"разрешено Ð´Ð»Ñ Ð»ÑŽÐ±Ð¾Ð³Ð¾ Ð¿Ð¾Ð»Ñ Ñертификата X.509 кроме Ñтого." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Ðазвание облаÑти или округа Ð´Ð»Ñ Ð·Ð°Ð¿Ñ€Ð¾Ñа Ñертификата X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Укажите полное название облаÑти или округа, в котором находитÑÑ Ñервер " +"(например, \"Moscow region\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Ðазвание меÑта Ð´Ð»Ñ Ð·Ð°Ð¿Ñ€Ð¾Ñа Ñертификата X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Укажите название меÑта, где раÑполагаетÑÑ Ñервер (например город, \"Sergiev " +"Posad\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Ðазвание организации Ð´Ð»Ñ Ð·Ð°Ð¿Ñ€Ð¾Ñа Ñертификата X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Укажите название организации, которой принадлежит Ñервер (например, \"Debian" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "" +"Ðазвание Ñтруктурной единицы организации Ð´Ð»Ñ Ð·Ð°Ð¿Ñ€Ð¾Ñа Ñертификата X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Ðазвание Ñтруктурной единицы организации Ð´Ð»Ñ Ð·Ð°Ð¿Ñ€Ð¾Ñа Ñертификата X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Common Name for the X.509 certificate request:" +msgstr "ОбщеизвеÑтное название Ð´Ð»Ñ Ð·Ð°Ð¿Ñ€Ð¾Ñа Ñертификата X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Укажите общеизвеÑтное название (например, Ð¸Ð¼Ñ Ð´Ð°Ð½Ð½Ð¾Ð³Ð¾ компьютера), например, " +"\"gateway.example.org\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Email address for the X.509 certificate request:" +msgstr "ÐÐ´Ñ€ÐµÑ Ñлектронной почты Ð´Ð»Ñ Ð·Ð°Ð¿Ñ€Ð¾Ñа Ñертификата X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Укажите Ð°Ð´Ñ€ÐµÑ Ñлектронной почты (человека или организации) Ð´Ð»Ñ Ð²ÐºÐ»ÑŽÑ‡ÐµÐ½Ð¸Ñ Ð² " +"Ð·Ð°Ð¿Ñ€Ð¾Ñ Ñертификата." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "Enable opportunistic encryption?" +msgstr "Включить поддержку гибкого шифрованиÑ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Ðта верÑÐ¸Ñ strongSwan поддерживает гибкое шифрование (opportunistic " +"encryption, OE), при котором Ð¸Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ð¸Ñ Ð¾Ð± аутентификации IPSec хранитÑÑ Ð² " +"запиÑÑÑ… DNS. Пока Ñто широко не Ñтанет раÑпроÑтранено, Ð´Ð°Ð½Ð½Ð°Ñ Ð¿Ð¾Ð´Ð´ÐµÑ€Ð¶ÐºÐ° " +"приведёт к значительной задержке при каждом новом иÑходÑщем Ñоединении." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the pluto daemon " +"starts." +msgstr "" +"Включайте гибкое шифрование, еÑли вам Ñто дейÑтвительно нужно. Ðто может " +"прервать Ñоединение Ñ Ð¸Ð½Ñ‚ÐµÑ€Ð½ÐµÑ‚Ð¾Ð¼ (маршрут по умолчанию) при запуÑке Ñлужбы " +"pluto." diff --git a/debian/po/sv.po b/debian/po/sv.po new file mode 100644 index 000000000..c93658ffd --- /dev/null +++ b/debian/po/sv.po @@ -0,0 +1,481 @@ +# translation of strongswan_sv.po to Swedish +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +# Martin Ågren <martin.agren@gmail.com>, 2008, 2009, 2010. +msgid "" +msgstr "" +"Project-Id-Version: strongswan_sv\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2010-08-09 12:15+0200\n" +"PO-Revision-Date: 2010-06-26 16:51+0200\n" +"Last-Translator: Martin Ågren <martin.agren@gmail.com>\n" +"Language-Team: Swedish <debian-l10n-swedish@lists.debian.org>\n" +"Language: sv\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: swe\n" +"X-Poedit-Country: swe\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Gammal körnivåhantering har ersatts" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Tidigare versioner av paketet strongswan erbjöd ett val mellan tre olika " +"start-/stoppnivåer. På grund av ändringar i systemuppstartproceduren är " +"detta inte längre nödvändigt eller användbart. För alla nya installationer, " +"såväl som gamla installationer som kör i något av de fördefinierade lägena, " +"kommer rimliga standardvärden nu sättas. Om du uppgraderar från en tidigare " +"version och ändrade dina uppstartsparametrar för strongSwan, bör du ta en " +"titt på NEWS.Debian för instruktioner om hur du kan ändra din installation " +"på motsvarande sätt." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Starta om strongSwan nu?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such " +"a strongSwan tunnel to connect for this update, restarting is not " +"recommended." +msgstr "" +"Att starta om strongSwan rekommenderas eftersom en eventuell " +"säkerhetsrättning inte kommer användas förrän demonen startas om. De flesta " +"förväntar att servern startas om, så detta är normalt en bra ide. Detta kan " +"dock stänga existerande anslutningar och sedan ta upp dem igen, så om du " +"använder en strongSwan-tunnel för att genomföra den här uppdateringen är en " +"omstart inte rekommenderad." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's IKEv1 daemon?" +msgstr "Starta strongSwans IKEv1-demon?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The pluto daemon must be running to support version 1 of the Internet Key " +"Exchange protocol." +msgstr "" +"Pluto-demonen måste köras för att stödja version 1 av Internet Key Exchange-" +"protokollet." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Start strongSwan's IKEv2 daemon?" +msgstr "Starta strongSwans IKEv2-demon?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"The charon daemon must be running to support version 2 of the Internet Key " +"Exchange protocol." +msgstr "" +"Charon-demonen måste köras för att stödja version 2 av Internet Key Exchange-" +"protokollet." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "Use an X.509 certificate for this host?" +msgstr "Vill du använda ett X.509-certifikat för den här värden?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Ett X.509-certifikat för den här värden kan skapas eller importeras " +"automatiskt. Det kan användas för att autentisera IPsec-anslutningar till " +"andra värdar och är det rekommenderade sättet för att bygga upp säkra IPsec-" +"anslutningar. Den andra möjligheten skulle vara att använda delade " +"säkerheter (lösenord som är samma på båda sidor av tunneln) för " +"autentisering av en anslutning, men för ett större antal anslutningar är " +"nyckelbaserad autentisering lättare att administrera och säkrare." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Alternativt kan du avfärda det här valet och använda kommandot \"dpkg-" +"reconfigure strongswan\" för att komma tillbaka vid ett senare tillfälle." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "create" +msgstr "skapa" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "import" +msgstr "importera" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"Metoder för användning av ett X.509-certifikat för autentisering av den här " +"värden:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Det är möjligt att skapa ett nytt X.509-certifikat med användar-definierade " +"inställningar eller att importera existerande publika och privata nycklar " +"lagrade i PEM-fil(er) för autentisering av IPsec-anslutningar." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Om du väljer att skapa ett nytt X.509-certifikat kommer du först få svara på " +"några frågor innan genereringen kan startas. Kom ihåg att du, om du vill att " +"den publika nyckeln ska signeras av existerande certifikatsutställare (CA), " +"inte ska välja att skapa ett självsignerat certifikat och att alla svar " +"precis måste motsvara de krav CA:n ställer. Annars kan certifikatsförfrågan " +"komma att avslås." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Om du vill importera existerande publika och privata nycklar kommer du " +"ombeds ange deras filnamn (som kan vara identiska om båda delarna sparas " +"tillsammans i en fil). Du kan även ange ett filnamn där CA:n publika nyckel " +"finns, men denna fil kan inte vara samma som de tidigare. Notera också att " +"formatet för X.509-certifikaten måste vara PEM och att den privata nyckeln " +"inte får vara krypterad för att den ska kunna importeras." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Namn på filen med ditt X.509-certifikat i PEM-format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Ange platsen för den fil som innehåller ditt X.509-certifikat i PEM-format." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Namn på filen med din privata X.509-nyckel i PEM-format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Ange platsen för den fil som innehåller den privata RSA-nyckel som matchar " +"ditt X.509-certifikat i PEM-format. Detta kan vara samma fil som innehåller " +"X.509-certifikatet." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Namn på filen med rot-CA:ns X.509-certifikat i PEM-format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Du kan nu, om du vill, ange platsen för den fil som innehåller ett X.509-" +"certifikat för den rot-CA som använts för att signera ditt certifikat i PEM-" +"format. Lämna fältet tomt om du inte har något sådant certifikat eller om du " +"inte vill använda det. Observera att det inte är möjligt att lagra rot-CA:n " +"i samma fil som ditt X.509-certifikat eller den privata nyckeln." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Ange vilken längd den skapade RSA-nyckeln ska ha:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Ange längden på den skapade RSA-nyckeln. Den bör inte vara kortare än 1024 " +"bitar eftersom det anses osäkert. Du behöver troligtvis inte mer än 4096 " +"bitar eftersom det gör autentiseringen långsammare och anses innebära en " +"onödigt stor säkerhetsmarginal för tillfället." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Vill du skapa ett självsignerat X.509-certifikat?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Endast självsignerade X.509-certifikat kan skapas automatiskt eftersom det " +"annars krävs en CA för att signera certifikatsförfrågan. Om du väljer att " +"skapa ett självsignerat certifikat, kan du genast använda det för att " +"ansluta till andra IPsec-värdar som stödjer X.509-certifikat för " +"autentisering av IPsec-anslutningar. Användning av strongSwans PKI-" +"funktioner kräver dock att alla certifikat har signerats av en och samma CA " +"för att skapa en tillitskedja." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Om du inte väljer att skapa ett självsignerat certifikta, kommer endast den " +"privata RSA-nyckeln och certifikatsförfrågan att skapas. Du måste dåfå " +"certifikatsförfrån signerad av din certifikatsutställare." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "Country code for the X.509 certificate request:" +msgstr "Landskod för X.509-certifikatsförfrågan:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Ange den kod om två bokstäver som identifierar landet som servern står i " +"(exempelvis \"SE\" för Sverige)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL kommer vägra generera ett certifikat såvida det här värdet inte är " +"en giltig landskod enligt ISO-3166; ett tomt fält är giltigt på andra " +"ställen i X.509-certifikat, men inte här." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Region eller län för X.509-certifikatsförfrågan:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Ange namnet på den region eller den stat som servern står i (exempelvis " +"\"Skåne län\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Lokaliteten för X.509-certifikatsförfrågan:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "Ange den lokalitet servern står i (ofta en stad, såsom \"Malmö\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Organisationsnamn för X.509-certifikatsförfrågan:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Ange namnet på den organisation servern tillhör (exempelvis \"Debian\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Organisationsenhet för X.509-certifikatsförfrågan:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Ange den organisationsenhet servern tillhör (exempelvis \"säkerhetsgruppen" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Namn på X.509-certifikatsförfrågan:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "Ange namnet på den här värden (exempelvis \"gateway.example.org\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Email address for the X.509 certificate request:" +msgstr "E-postadress för X.509-certifikatsförfrågan:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Ange e-postadressen till den person eller organisation som är ansvarig för " +"X.509-certifikatet." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "Enable opportunistic encryption?" +msgstr "Vill du aktivera opportunistisk kryptering?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Denna version av strongSwan stödjer opportunistisk kryptering (OE), som " +"lagrar IPSec-autentiseringsinformation i DNS-registret. Till dess detta " +"används i stor utsträckning, kommer aktivering av det att orsaka betydande " +"fördröjningar för varje ny utgående anslutning." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the pluto daemon " +"starts." +msgstr "" +"Du ska bara aktivera opportunistisk kryptering om du är säker på att du vill " +"ha det. Det kan bryta internetanslutningen (standardvägen) när pluto-demonen " +"startas." diff --git a/debian/po/templates.pot b/debian/po/templates.pot new file mode 100644 index 000000000..59fbb9d6c --- /dev/null +++ b/debian/po/templates.pot @@ -0,0 +1,381 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2010-08-16 14:23+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's IKEv1 daemon?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The pluto daemon must be running to support version 1 of the Internet Key " +"Exchange protocol." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Start strongSwan's IKEv2 daemon?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"The charon daemon must be running to support version 2 of the Internet Key " +"Exchange protocol." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "Use an X.509 certificate for this host?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "create" +msgstr "" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "import" +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 private key:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Please enter which length the created RSA key should have:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Create a self-signed X.509 certificate?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "Country code for the X.509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "State or province name for the X.509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Locality name for the X.509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organization name for the X.509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Common Name for the X.509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Email address for the X.509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "Enable opportunistic encryption?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the pluto daemon " +"starts." +msgstr "" diff --git a/debian/po/vi.po b/debian/po/vi.po new file mode 100644 index 000000000..180377b5f --- /dev/null +++ b/debian/po/vi.po @@ -0,0 +1,458 @@ +# Vietnamese translation for StrongSwan. +# Copyright © 2010 Free Software Foundation, Inc. +# Clytie Siddall <clytie@riverland.net.au>, 2005-2010. +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan 4.4.0-1\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2010-08-16 14:23+0200\n" +"PO-Revision-Date: 2010-10-03 19:22+1030\n" +"Last-Translator: Clytie Siddall <clytie@riverland.net.au>\n" +"Language-Team: Vietnamese <vi-VN@googlegroups.com>\n" +"Language: vi\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: LocFactoryEditor 1.8\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Quản lý cấp chạy cÅ© đã được thay thế" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Các phiên bản trÆ°á»›c của gói strongSwan đã cho phép chá»n trong ba cấp Chạy/" +"Dừng. Do thay đổi trong thủ tục khởi chạy tiêu chuẩn, không còn có thể là m " +"nhÆ° thế, nó cÅ©ng không còn có Ãch. Cho má»i bản cà i đặt má»›i, cÅ©ng nhÆ° bản cà i " +"đặt cÅ© nà o Ä‘ang chạy trong má»™t của những chế Ä‘á»™ xác định sẵn nà y, má»™t cấp " +"mặc định thÃch hợp sắp được láºp. Nếu bạn Ä‘ang nâng cấp từ má»™t phiên bản " +"trÆ°á»›c và đã sá»a đổi tham số khởi chạy nà o của strongSwan, hãy xem táºp tin " +"tin tức « NEWS.Debian » để tìm hÆ°á»›ng dẫn vá» cách sá»a đổi thiết láºp cho phù " +"hợp." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Khởi chạy lại strongSwan ngay bây giá» ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Khuyên bạn khởi chạy lại strongSwan, vì sá»± sá»a chữa bảo máºt nà o không phải " +"được áp dụng đến khi trình ná»n khởi chạy. Phần lá»›n các ngÆ°á»i trông đợi trình " +"ná»n khởi chạy thì nói chung nó là má»™t ý kiến tốt. Tuy nhiên nó có thể tắt " +"rồi báºt lại kết nối đã có, vì thế nếu bạn Ä‘ang sá» dụng (v.d.) má»™t Ä‘Æ°á»ng hầm " +"strongSwan để kết nối đến bản cáºp nháºt nà y, không nên khởi chạy lại và o lúc " +"nà y." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's IKEv1 daemon?" +msgstr "Khởi chạy trình ná»n IKEv1 của strongSwan ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The pluto daemon must be running to support version 1 of the Internet Key " +"Exchange protocol." +msgstr "" +"Äồng thá»i cÅ©ng cần phải chạy trình ná»n pluto, để há»— trợ phiên bản 1 của giao " +"thức Trao Äổi Khoá Internet (IKE)." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Start strongSwan's IKEv2 daemon?" +msgstr "Khởi chạy trình ná»n IKEv2 của strongSwan ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"The charon daemon must be running to support version 2 of the Internet Key " +"Exchange protocol." +msgstr "" +"Äồng thá»i cÅ©ng cần phải chạy trình ná»n charon, để há»— trợ phiên bản 2 của " +"giao thức Trao Äổi Khoá Internet (IKE)." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "Use an X.509 certificate for this host?" +msgstr "Dùng chứng nháºn X.509 cho máy nà y ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Má»™t chứng nháºn X.509 có thể được tá»± Ä‘á»™ng tạo hoặc nháºp cho máy nà y. Chứng " +"nháºn nà y có thể được sá» dụng để xác thá»±c kết nối IPsec đến máy khác: nó là " +"phÆ°Æ¡ng pháp Æ°a thÃch để xây dá»±ng kết nối IPsec bảo máºt. Tuỳ chá»n khác là sá» " +"dụng Ä‘iá»u bà máºt chia sẻ (cùng má»™t máºt khẩu ở hai bên Ä‘Æ°á»ng hầm) để xác thá»±c " +"kết nối, nhÆ°ng mà cho nhiá»u kết nối dá»… hÆ¡n quản lý sá»± xác thức dá»±a và o khoá, " +"và phÆ°Æ¡ng pháp nà y bảo máºt hÆ¡n." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:6001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Hoặc bạn có thể từ chối tuỳ chá»n nà y, và chạy câu lệnh « dpkg-reconfigure " +"strongswan » vá» sau để trở vá» tiến trình cấu hình nà y." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "create" +msgstr "tạo" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:7001 +msgid "import" +msgstr "nháºp" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "PhÆ°Æ¡ng pháp sá» dụng chứng nháºn X.509 để xác thá»±c máy nà y:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Có thể tạo má»™t chứng nháºn X.509 má»›i vá»›i thiết láºp được ngÆ°á»i dùng xác định, " +"hoặc có thể nháºp má»™t cặp khoá (công và riêng) đã có theo táºp tin PEM, để xác " +"thá»±c kết nối IPsec." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Nếu bạn chá»n tạo má»™t chứng nháºn X.509 má»›i thì đầu tiên bạn được há»i má»™t số " +"câu bắt buá»™c phải trả lá»i trÆ°á»›c khi có thể bắt đầu tạo chứng nháºn. Ghi nhá»› " +"rằng nếu bạn muốn có khoá công được ký bởi má»™t CA (nhà cầm quyá»n cấp chứng " +"nháºn) đã tồn tại, bạn không nên chá»n tạo má»™t chứng nháºn tá»± ký, và tất cả các " +"đáp ứng bạn là m phải tÆ°Æ¡ng ứng chÃnh xác vá»›i yêu cầu của CA, không thì yêu " +"cầu chứng nháºn có thể bị từ chối." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:7002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Nếu bạn muốn nháºp má»™t cặp khoá công và riêng đã có, bạn sẽ được nhắc nháºp " +"(các) tên táºp tin (mà có thể là trùng nếu cả hai khoá được giữ trong cùng " +"má»™t táºp tin). Tuỳ chá»n bạn cÅ©ng có thể ghi rõ má»™t tên táºp tin chứa (các) " +"khoá công của CA, nhÆ°ng mà táºp tin nà y phải khác vá»›i táºp tin nháºp trÆ°á»›c. " +"CÅ©ng ghi nhá»› rằng định dạng của chứng nháºn X.509 phải là PEM, và khoá riêng " +"không thể được máºt mã, không thì tiến trình nháºp không thà nh công." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Tên táºp tin của chứng nháºn X.509 dạng PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "Hãy nháºp vị trà của táºp tin chứa chứng nháºn X.509 dạng PEM của bạn." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Tên táºp tin cỳa khoá riêng X.509 dạng PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Hãy nháºp vị trà của táºp tin chứa khoá RSA riêng tÆ°Æ¡ng ứng vá»›i chứng nháºn " +"X.509, cả hai theo định dạng PEM. (Äây có thể là cùng má»™t táºp tin vá»›i táºp " +"tin chứa chứng nháºn X.509.)" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Tên táºp tin của RootCA X.509 dạng PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Tuỳ chá»n bạn bây giá» có thể nháºp vị trà của táºp tin chứa gốc nhà cầm quyá»n " +"cấp chứng nháºn X.509 được dùng để ký chứng nháºn theo định dạng PEM của bạn. " +"Không có hoặc không muốn sá» dụng nó thì bá» trống trÆ°á»ng nà y. Ghi chú rằng " +"không thể giữ RootCA trong cùng má»™t táºp tin vá»›i chứng nháºn X.509 hoặc khoá " +"riêng của bạn." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Gõ chiá»u dà i dá»± định của khoá RSA cần tạo :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Hãy nháºp chiá»u dà i của khoá RSA cần tạo. Ãt hÆ¡n 1024 bit được thấy là không " +"an toà n, và lá»›n hÆ¡n 4096 bit chỉ là m cháºm tiến trình xác thá»±c và chÆ°a cần " +"thiết." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Tạo má»™t chứng nháºn X.509 tá»± ký ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Chỉ chứng nháºn X.509 tá»± ký có thể được tá»± Ä‘á»™ng tạo, vì bằng cách khác má»™t CA " +"cần thiết để ký yêu cầu chứng nháºn. Nếu bạn chá»n tạo má»™t chứng nháºn tá»± ký, " +"bạn có thể sá» dụng nó ngay láºp tức để kết nối tá»›i máy IPsec khác có há»— trợ " +"chứng nháºn X.509 để xác thá»±c kết nối IPsec. Tuy nhiên, tÃnh năng PKI của " +"strongSwan yêu cầu tất cả các chứng nháºn được ký bởi cùng má»™t CA, để tạo má»™t " +"Ä‘Æ°á»ng dẫn tin cáºy." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Nếu bạn không chá»n tạo má»™t chứng nháºn tá»± ký thì chỉ khoá riêng RSA và yêu " +"cầu chứng nháºn sẽ được tạo, và bạn cần phải ký yêu cầu chứng nháºn bằng CA." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "Country code for the X.509 certificate request:" +msgstr "Mã quốc gia cho yêu cầu chứng nháºn X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Hãy nháºp mã hai chữ cho quốc gia chứa máy phục vụ (v.d. « VI » cho Việt Nam)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"Không có mã quốc gia ISO-3166 đúng thì OpenSSL từ chối tạo chứng nháºn. Có " +"thể bá» trống trÆ°á»ng ở má»™t số nÆ¡i khác trong chứng nháºn X.509 mà không phải ở " +"đây." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Tên của bảng hay tỉnh cho yêu cầu chứng nháºn X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Hãy nháºp tên đầy đủ của bang hay tỉnh chứa máy phục vụ (v.d. « Nghệ An »)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Tên vùng cho yêu cầu chứng nháºn X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Hãy nháºp vùng chứa máy phục vụ (thÆ°á»ng là má»™t thà nh phố, v.d. « Nhà Trắng »)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Tên tổ chức cho yêu cầu chứng nháºn X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Hãy nháºp tổ chức sở hữu máy phục vụ (v.d. « Debian » hoặc « Dá»± án MOST »)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Tên Ä‘Æ¡n vị tổ chức cho yêu cầu chứng nháºn X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Hãy nháºp tên Ä‘Æ¡n vị của tổ chức sở hữu máy phục vụ (v.d. « nhóm địa phÆ°Æ¡ng " +"hoá »)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Tên chung cho yêu cầu chứng nháºn X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "Hãy nháºp Tên Chung cho máy nà y (v.d. « cổng_ra.vị_dụ.org »)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Email address for the X.509 certificate request:" +msgstr "Äịa chỉ thÆ° cho yêu cầu chứng nháºn X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Hãy nháºp địa chỉ thÆ° Ä‘iện tá» của ngÆ°á»i hoặc tổ chức chịu trách nhiệm vá» yêu " +"cầu chứng nháºn nà y." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "Enable opportunistic encryption?" +msgstr "Báºt máºt mã cÆ¡ há»™i chủ nghÄ©a ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Phiên bản strongSwan nà y há»— trợ máºt mã cÆ¡ há»™i chủ nghÄ©a (OE) mà cất giữ " +"thông tin xác thá»±c IPSec trong mục ghi DNS. Chức năng nà y chÆ°a phổ biến thì " +"vẫn còn là m trá»… má»—i kết nối má»›i gá»i Ä‘i." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:20001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the pluto daemon " +"starts." +msgstr "" +"ChÆ°a chắc thì không nên hiệu lá»±c chức năng máºt mã cÆ¡ há»™i chủ nghÄ©a. Nó cÅ©ng " +"có thể đóng kết nối Internet (Ä‘Æ°á»ng dẫn mặc định) do trình ná»n pluto khởi " +"chạy." diff --git a/debian/rules b/debian/rules new file mode 100755 index 000000000..72e28e0f8 --- /dev/null +++ b/debian/rules @@ -0,0 +1,183 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +export DH_OPTIONS + +# this is a security-critical package, set all the options we can +export DEB_BUILD_HARDENING=1 + +CONFIGUREARGS := --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ + --libexecdir=/usr/lib \ + --enable-ldap --enable-curl \ + --with-capabilities=libcap \ + --enable-smartcard --enable-pkcs11 \ + --with-default-pkcs11=/usr/lib/opensc-pkcs11.so \ + --enable-mediation --enable-medsrv --enable-medcli \ + --enable-openssl --enable-agent \ + --enable-ctr --enable-ccm --enable-gcm --enable-addrblock \ + --enable-eap-radius --enable-eap-identity --enable-eap-md5 \ + --enable-eap-gtc --enable-eap-aka --enable-eap-mschapv2 \ + --enable-eap-tls --enable-eap-ttls --enable-eap-tnc \ + --enable-sql --enable-integrity-test \ + --enable-ha --enable-dhcp --enable-farp \ + --enable-led \ + --enable-test-vectors --enable-nat-transport + # --with-user=strongswan --with-group=nogroup \ + # --enable-kernel-pfkey --enable-kernel-klips \ + # And for --enable-eap-sim we would need the library, which we don't + # have right now. + # Don't --enable-cisco-quirks, because some other IPsec implementations + # (most notably the Phion one) have problems connecting when pluto + # sends these Cisco options. + +DEB_BUILD_ARCH_CPU ?=$(shell dpkg-architecture -qDEB_BUILD_ARCH_CPU) + +ifeq (,$(filter noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O2 +endif +ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) + NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) + MAKEFLAGS += -j$(NUMJOBS) +endif +# the padlock plugin only makes sense on i386 +# but it actually doesn't do much, so maybe we don't need it +ifeq ($(DEB_BUILD_ARCH_CPU),i386) + CONFIGUREARGS += --enable-padlock +endif + +# And only enable network-manager building if the libraries are present +# (they will be when the build-deps are fulfilled, but this makes it easier +# to do backports where the network-manager libs can not be installed, and +# thus to just ignore build-deps). +ifeq ($(shell test -d /usr/include/libnm-glib/ && echo yes),yes) + CONFIGUREARGS += --enable-nm +endif + +build: build-stamp +build-stamp: + dh_testdir + ./configure $(CONFIGUREARGS) + $(MAKE) CC="$(CC)" CFLAGS="$(CFLAGS)" + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + + [ ! -f Makefile ] || $(MAKE) distclean + #-$(MAKE) -C programs/fswcert/ clean + # after a make clean, no binaries _should_ be left, but .... + -find $(CURDIR) -name "*.o" | xargs --no-run-if-empty rm + + # Really clean (#356716) + # This is a hack: should be better implemented + rm -f lib/libstrongswan/libstrongswan.a || true + rm -f lib/libstrongswan/liboswlog.a || true + + # just in case something went wrong + rm -f $(CURDIR)/debian/ipsec.secrets + + # and make sure that template are up-to-date + debconf-updatepo + + dh_clean + +install: build-stamp + dh_testdir + dh_testroot + dh_installdirs + $(MAKE) install DESTDIR=$(CURDIR)/debian/tmp + + # install files from debian/tmp into proper package dirs + dh_install --fail-missing -X\.la -X\.a -Xmedsrv -Xman3 -Xlibstrongswan-padlock.so -Xlibstrongswan-nm.so + + # special handling for padlock, as it is only built on i386 +ifeq ($(DEB_BUILD_ARCH_CPU),i386) + install $(CURDIR)/debian/tmp/usr/lib/ipsec/plugins/libstrongswan-padlock.so* $(CURDIR)/debian/libstrongswan/usr/lib/ipsec/plugins/ +endif + # and special handling for network-manager files - only install when built + install $(CURDIR)/debian/tmp/usr/lib/ipsec/plugins/libstrongswan-nm.so* $(CURDIR)/debian/strongswan-nm/usr/lib/ipsec/plugins/ + + # and additional files not covered by upstream makefile... + install --mode=0600 $(CURDIR)/debian/ipsec.secrets.proto $(CURDIR)/debian/strongswan-starter/etc/ipsec.secrets + # also "patch" ipsec.conf to include the debconf-managed file + echo >> $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf + echo "include /var/lib/strongswan/ipsec.conf.inc" >> $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf + # and to enable both IKEv1 and IKEv2 by default + sed -r 's/^[ \t]+# *plutostart=(yes|no) */\tplutostart=yes/;s/^[ \t]+# *charonstart=(yes|no) */\tcharonstart=yes/' < $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf > $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf.tmp + mv $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf.tmp $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf + # set permissions on ipsec.secrets + chmod 600 $(CURDIR)/debian/strongswan-starter/etc/ipsec.secrets + #chmod 644 $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf + chmod 700 -R $(CURDIR)/debian/strongswan-starter/etc/ipsec.d/private/ + chmod 700 -R $(CURDIR)/debian/strongswan-starter/var/lib/strongswan/ + # don't know why they come with +x set by default... + #chmod 644 $(CURDIR)/debian/strongswan-starter/etc/ipsec.d/policies/* + #chmod 644 $(CURDIR)/debian/strongswan-starter/etc/ipsec.d/examples/* + + # this is handled by update-rc.d + rm -rf $(CURDIR)/debian/strongswan-starter/etc/rc?.d + + # delete var/lock/subsys and var/run to satisfy lintian + rm -rf $(CURDIR)/debian/openswan/var/lock + rm -rf $(CURDIR)/debian/openswan/var/run + + dh_installdocs -pstrongswan -n + # change the paths in the installed doc files (but only in regular + # files, not in links to the outside of the build tree !) + # TODO: check if we still need this + ( cd $(CURDIR)/debian/strongswan/; \ + for f in `grep "/usr/local/" --recursive --files-with-match *`; \ + do \ + if [ -f $$f -a ! -L $$f ]; then \ + cp $$f $$f.old; \ + sed 's/\/usr\/local\//\/usr\//' $$f.old > $$f; \ + rm $$f.old; \ + fi; \ + done ) + + # the logcheck ignore files + install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.paranoid $(CURDIR)/debian/libstrongswan/etc/logcheck/ignore.d.paranoid/strongswan + install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.server $(CURDIR)/debian/libstrongswan/etc/logcheck/ignore.d.server/strongswan + install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.server $(CURDIR)/debian/libstrongswan/etc/logcheck/ignore.d.workstation/strongswan + install -D --mode=0600 $(CURDIR)/debian/logcheck.violations.ignore $(CURDIR)/debian/libstrongswan/etc/logcheck/violations.ignore.d/strongswan + + # more lintian cleanups + find $(CURDIR)/debian/*strongswan*/ -name ".cvsignore" | xargs --no-run-if-empty rm -f + find $(CURDIR)/debian/*strongswan*/ -name "/.svn/" | xargs --no-run-if-empty rm -rf + +binary-common: + dh_testdir + dh_testroot + dh_installinit --name=ipsec + dh_installdebconf + dh_installchangelogs NEWS + dh_installdocs README + dh_link + dh_strip --dbg-package=strongswan-dbg + dh_compress + dh_fixperms -X etc/ipsec.secrets -X etc/ipsec.d -X var/lib/strongswan + dh_lintian + dh_makeshlibs + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary-indep: + $(MAKE) -f debian/rules binary-common DH_OPTIONS=-i + +binary-arch: install + $(MAKE) -f debian/rules binary-common DH_OPTIONS=-a + +binary-%: build-stamp install + make -f debian/rules binary-common DH_OPTIONS=-p$* + +binary: binary-indep binary-arch +.PHONY: clean binary-indep binary-arch diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 000000000..163aaf8d8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/strongswan-ikev1.install b/debian/strongswan-ikev1.install new file mode 100644 index 000000000..8d4a824ca --- /dev/null +++ b/debian/strongswan-ikev1.install @@ -0,0 +1,4 @@ +usr/lib/ipsec/pluto usr/lib/ipsec/ +usr/lib/ipsec/_pluto_adns usr/lib/ipsec/ +usr/lib/ipsec/whack usr/lib/ipsec/ +usr/share/man/man8/pluto.8 usr/share/man/man8/ diff --git a/debian/strongswan-ikev2.install b/debian/strongswan-ikev2.install new file mode 100644 index 000000000..5bf3cdd1b --- /dev/null +++ b/debian/strongswan-ikev2.install @@ -0,0 +1,11 @@ +usr/lib/libcharon.so* usr/lib/ +usr/lib/ipsec/charon usr/lib/ipsec/ +usr/lib/ipsec/plugins/libstrongswan-kernel-netlink.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-socket*.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-eap*.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-agent.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-curl.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-ldap.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-medsrv.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-medcli.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/plugins/libstrongswan-attr*.so* usr/lib/ipsec/plugins/ diff --git a/debian/strongswan-nm.dirs b/debian/strongswan-nm.dirs new file mode 100644 index 000000000..d00915ff0 --- /dev/null +++ b/debian/strongswan-nm.dirs @@ -0,0 +1 @@ +/usr/lib/ipsec/plugins diff --git a/debian/strongswan-starter.config b/debian/strongswan-starter.config new file mode 100644 index 000000000..cb9de0964 --- /dev/null +++ b/debian/strongswan-starter.config @@ -0,0 +1,46 @@ +#!/bin/sh -e + +. /usr/share/debconf/confmodule + +# disable for now, until we can deal with the don't-edit-conffiles situation +#db_input high strongswan/ikev1 || true +#db_input high strongswan/ikev2 || true + +db_input medium strongswan/restart || true + +db_input high strongswan/enable-oe || true + +db_get strongswan/install_x509_certificate +if [ "$RET" = "true" ]; then + db_input high strongswan/how_to_get_x509_certificate || true + db_go || true + + db_get strongswan/how_to_get_x509_certificate + if [ "$RET" = "create" ]; then + # create a new certificate + db_input medium strongswan/rsa_key_length || true + db_input high strongswan/x509_self_signed || true + # we can't allow the country code to be empty - openssl will + # refuse to create a certificate this way + countrycode="" + while [ -z "$countrycode" ]; do + db_input medium strongswan/x509_country_code || true + db_go || true + db_get strongswan/x509_country_code + countrycode="$RET" + done + db_input medium strongswan/x509_state_name || true + db_input medium strongswan/x509_locality_name || true + db_input medium strongswan/x509_organization_name || true + db_input medium strongswan/x509_organizational_unit || true + db_input medium strongswan/x509_common_name || true + db_input medium strongswan/x509_email_address || true + db_go || true + elif [ "$RET" = "import" ]; then + # existing certificate - use it + db_input critical strongswan/existing_x509_certificate_filename || true + db_input critical strongswan/existing_x509_key_filename || true + db_input critical strongswan/existing_x509_rootca_filename || true + db_go || true + fi +fi diff --git a/debian/strongswan-starter.dirs b/debian/strongswan-starter.dirs new file mode 100644 index 000000000..544e26c84 --- /dev/null +++ b/debian/strongswan-starter.dirs @@ -0,0 +1,9 @@ +/etc +/etc/ipsec.d +/etc/ipsec.d/cacerts +/etc/ipsec.d/ocspcerts +/etc/ipsec.d/crls +/etc/ipsec.d/private +/etc/ipsec.d/policies +/etc/init.d +/var/lib/strongswan diff --git a/debian/strongswan-starter.install b/debian/strongswan-starter.install new file mode 100644 index 000000000..0bf97c02f --- /dev/null +++ b/debian/strongswan-starter.install @@ -0,0 +1,26 @@ +# starter +usr/lib/ipsec/starter usr/lib/ipsec/ +usr/lib/ipsec/_copyright usr/lib/ipsec/ +usr/sbin/ipsec usr/sbin/ +etc/ipsec.d etc/ +etc/ipsec.conf etc/ +usr/share/man/man8/ipsec.8 usr/share/man/man8/ +usr/share/man/man5/ipsec.conf.5 usr/share/man/man5/ +usr/share/man/man5/ipsec.secrets.5 usr/share/man/man5/ +usr/share/man/man5/strongswan.conf.5 usr/share/man/man5/ +# updown +usr/lib/ipsec/plugins/libstrongswan-updown.so* usr/lib/ipsec/plugins/ +usr/lib/ipsec/_updown usr/lib/ipsec/ +usr/lib/ipsec/_updown_espmark usr/lib/ipsec/ +usr/share/man/man8/_updown.8 usr/share/man/man8/ +usr/share/man/man8/_updown_espmark.8 usr/share/man/man8/ +# tools +usr/lib/ipsec/scepclient usr/lib/ipsec/ +usr/lib/ipsec/openac usr/lib/ipsec/ +usr/lib/ipsec/pki usr/lib/ipsec/ +usr/lib/ipsec/pool usr/lib/ipsec/ +usr/share/man/man8/scepclient.8 usr/share/man/man8/ +usr/share/man/man8/openac.8 usr/share/man/man8/ +# stroke +usr/lib/ipsec/stroke usr/lib/ipsec/ +usr/lib/ipsec/plugins/libstrongswan-stroke.so* usr/lib/ipsec/plugins/ diff --git a/debian/strongswan-starter.ipsec.init b/debian/strongswan-starter.ipsec.init new file mode 100644 index 000000000..cd10682cf --- /dev/null +++ b/debian/strongswan-starter.ipsec.init @@ -0,0 +1,167 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: ipsec +# Required-Start: $network $remote_fs +# Required-Stop: $network $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Strongswan IPsec services +### END INIT INFO + +# Author: Rene Mayrhofer <rene@mayrhofer.eu.org> + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="strongswan IPsec services" +NAME=ipsec +STARTER=/usr/sbin/$NAME +PIDFILE1=/var/run/pluto.pid +PIDFILE2=/var/run/charon.pid +PLUTO=/usr/lib/ipsec/pluto +CHARON=/usr/lib/ipsec/charon +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$STARTER" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# Create lock dir +mkdir -p /var/lock/subsys + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + + # test if either charon or pluto are currently running (PIDFILE1 or PIDFILE2) + if [ -e $PLUTO ]; then + start-stop-daemon --start --quiet --pidfile $PIDFILE1 --exec $STARTER --test > /dev/null \ + || return 1 + fi + if [ -e $CHARON ]; then + start-stop-daemon --start --quiet --pidfile $PIDFILE2 --exec $STARTER --test > /dev/null \ + || return 1 + fi + + $STARTER start || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + # give the proper signal to stop + $STARTER stop || return 2 + + RETVAL=0 + # but kill if that didn't work + if [ -e $PIDFILE1 ]; then + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE1 --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + fi + if [ -e $PIDFILE2 ]; then + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE2 --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + fi + + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + if [ -e $PLUTO ]; then + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $PLUTO + [ "$?" = 2 ] && return 2 + fi + if [ -e $CHARON ]; then + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $CHARON + [ "$?" = 2 ] && return 2 + fi + + # strongswan is known to leave PID files behind when something goes wrong, cleanup here + rm -f $PIDFILE1 $PIDFILE2 + # and just to make sure they are really really dead at this point... + killall -9 $PLUTO 2>/dev/null + killall -9 $CHARON 2>/dev/null + + return "$RETVAL" +} + +do_reload() { + $STARTER reload + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + $STARTER status || exit $? + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/debian/strongswan-starter.lintian-overrides b/debian/strongswan-starter.lintian-overrides new file mode 100644 index 000000000..7c2257195 --- /dev/null +++ b/debian/strongswan-starter.lintian-overrides @@ -0,0 +1,4 @@ +# as here private data is stored we need tighter perms here +strongswan-starter: non-standard-dir-perm etc/ipsec.d/private/ 0700 != 0755 +strongswan-starter: non-standard-file-perm etc/ipsec.secrets 0600 != 0644 +strongswan-starter: non-standard-dir-perm var/lib/strongswan/ 0700 != 0755 diff --git a/debian/strongswan-starter.postinst b/debian/strongswan-starter.postinst new file mode 100644 index 000000000..32bf86ffc --- /dev/null +++ b/debian/strongswan-starter.postinst @@ -0,0 +1,327 @@ +#! /bin/bash +# postinst script for strongswan +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postinst> `configure' <most-recently-configured-version> +# * <old-postinst> `abort-upgrade' <new version> +# * <conflictor's-postinst> `abort-remove' `in-favour' <package> +# <new-version> +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' +# <failed-install-package> <version> `removing' +# <conflicting-package> <version> +# for details, see /usr/share/doc/packaging-manual/ +# +# quoting from the policy: +# Any necessary prompting should almost always be confined to the +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' +# <failed-install-package> <version> `removing' +# <conflicting-package> <version> +# for details, see /usr/share/doc/packaging-manual/ +# +# quoting from the policy: +# Any necessary prompting should almost always be confined to the +# post-installation script, and should be protected with a conditional +# so that unnecessary prompting doesn't happen if a package's +# installation fails and the `postinst' is called with `abort-upgrade', +# `abort-remove' or `abort-deconfigure'. + +CONF_FILE=/var/lib/strongswan/ipsec.conf.inc +SECRETS_FILE=/var/lib/strongswan/ipsec.secrets.inc + +Warn () +{ + echo "$*" >&2 +} + +Error () +{ + Warn "Error: $*" +} + +insert_private_key_filename() { + if ! ( [ -e $SECRETS_INC_FILE ] && egrep -q ": RSA $1" $SECRETS_INC_FILE ); then + echo ": RSA $1" >> $SECRETS_INC_FILE + fi +} + +make_x509_cert() { + if [ $# -ne 12 ]; then + echo "Error in creating X.509 certificate" + exit 1 + fi + + case $5 in + false) + certreq=$4.req + selfsigned="" + ;; + true) + certreq=$4 + selfsigned="-x509" + ;; + *) + echo "Error in creating X.509 certificate" + exit 1 + ;; + esac + + echo -e "$6\n$7\n$8\n$9\n${10}\n${11}\n${12}\n\n\n" | \ + /usr/bin/openssl req -new -outform PEM -out $certreq \ + -newkey rsa:$1 -nodes -keyout $3 -keyform PEM \ + -days $2 $selfsigned >/dev/null +} + +enable_daemon_start() { + daemon=$1 + protocol=$2 + + echo -n "Enabling ${protocol} support by pluto ... " + if [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=yes\w*$" $CONF_FILE; then + echo "already enabled" + elif [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE; then + sed "s/${daemon}start=no/${daemon}start=yes/" < $CONF_FILE > $CONF_FILE.tmp + cp $CONF_FILE.tmp $CONF_FILE + rm $CONF_FILE.tmp + echo "done" + elif [ -e $CONF_FILE ] && egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" $CONF_FILE; then + sed "s/^\w+#\w*${daemon}start=(yes|no)\w*$/\t${daemon}start=yes/" < $CONF_FILE > $CONF_FILE.tmp + cp $CONF_FILE.tmp $CONF_FILE + rm $CONF_FILE.tmp + echo "done" + elif [ ! -e $CONF_FILE ]; then + echo -e "\t${daemon}start=yes" > $CONF_FILE + else + echo "ERROR: unknown or nonexistant ${daemon}start= directive, please fix manually!" + fi +} + +disable_daemon_start() { + daemon=$1 + protocol=$2 + + echo -n "Disabling ${protocol} support by pluto ... " + if [ -e $CONF_FILE ] && ( egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE || + egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" $CONF_FILE ); then + echo "already disabled" + elif [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=yes\w*$" $CONF_FILE; then + sed "s/${daemon}start=yes/${daemon}start=no/" < $CONF_FILE > $CONF_FILE.tmp + cp $CONF_FILE.tmp $CONF_FILE + rm $CONF_FILE.tmp + echo "done" + elif [ ! -e $CONF_FILE ]; then + echo -e "\t${daemon}start=yes" > $CONF_FILE + else + echo "ERROR: unknown or nonexistant ${daemon}start= directive, please fix manually!" + fi +} + +setup_strongswan_user() { + if ! getent passwd strongswan >/dev/null; then + adduser --quiet --system --no-create-home --home /var/lib/strongswan --shell /usr/sbin/nologin strongswan + fi +} + +. /usr/share/debconf/confmodule + +case "$1" in + configure) + db_get strongswan/install_x509_certificate + if [ "$RET" = "true" ]; then + db_get strongswan/how_to_get_x509_certificate + if [ "$RET" = "create" ]; then + # extract the key from a (newly created) x509 certificate + host=`hostname` + newkeyfile="/etc/ipsec.d/private/${host}Key.pem" + newcertfile="/etc/ipsec.d/certs/${host}Cert.pem" + if [ -e $newcertfile -o -e $newkeyfile ]; then + Error "$newcertfile or $newkeyfile already exists." + Error "Please remove them first an then re-run dpkg-reconfigure to create a new keypair." + else + # create a new certificate + db_get strongswan/rsa_key_length + keylength=$RET + db_get strongswan/x509_self_signed + selfsigned=$RET + db_get strongswan/x509_country_code + countrycode=$RET + if [ -z "$countrycode" ]; then countrycode="."; fi + db_get strongswan/x509_state_name + statename=$RET + if [ -z "$statename" ]; then statename="."; fi + db_get strongswan/x509_locality_name + localityname=$RET + if [ -z "$localityname" ]; then localityname="."; fi + db_get strongswan/x509_organization_name + orgname=$RET + if [ -z "$orgname" ]; then orgname="."; fi + db_get strongswan/x509_organizational_unit + orgunit=$RET + if [ -z "$orgunit" ]; then orgunit="."; fi + db_get strongswan/x509_common_name + commonname=$RET + if [ -z "$commonname" ]; then commonname="."; fi + db_get strongswan/x509_email_address + email=$RET + if [ -z "$email" ]; then email="."; fi + make_x509_cert $keylength 1500 "$newkeyfile" "$newcertfile" "$selfsigned" "$countrycode" "$statename" "$localityname" "$orgname" "$orgunit" "$commonname" "$email" + chmod 0600 "$newkeyfile" + umask 077 + insert_private_key_filename "$newkeyfile" + echo "Successfully created x509 certificate." + fi + elif [ "$RET" = "import" ]; then + # existing certificate - use it + db_get strongswan/existing_x509_certificate_filename + certfile=$RET + db_get strongswan/existing_x509_key_filename + keyfile=$RET + db_get strongswan/existing_x509_rootca_filename + cafile=$RET + + if [ ! "$certfile" ] || [ ! "$keyfile" ]; then + Error "Either the certificate or the key filename is not specified." + elif ! ( ( [ -f "$certfile" ] || [ -L "$certfile" ] ) && ( [ -f "$keyfile" ] || [ -L "$keyfile" ] ) && ( [ "$cafile" = "" ] || ( [ -f "$cafile" ] || [ -L "$cafile" ] ) ) ); then + Error "Either the certificate or the key"${cafile:+ or the rootca}" file is not a regular file or symbolic link." + elif [ ! "`grep 'BEGIN CERTIFICATE' $certfile`" ] || [ ! "`grep 'BEGIN RSA PRIVATE KEY' $keyfile`" ] || ( [ "$cafile" != "" ] && [ ! "`grep 'BEGIN CERTIFICATE' $cafile`" ] ); then + Error "Either the certificate or the key"${cafile:+ or the rootca}" file is not a valid PEM type file." + elif [ "$cafile" ] && ( [ "$certfile" = "$cafile" ] || [ "$keyfile" = "$cafile" ]); then + Error "The certificate or the key file contains the rootca - unable to import automatically." + elif [ "`grep 'BEGIN CERTIFICATE' $certfile | wc -l`" -gt 1 ]; then + Error "The certificate file contains more than one certificate - unable to import automatically." + elif [ "`grep 'ENCRYPTED' $keyfile`" ]; then + Error "The key file contains an encrypted key - unable to import automatically." + else + newcertfile="/etc/ipsec.d/certs/$(basename "$certfile")" + newkeyfile="/etc/ipsec.d/private/$(basename "$keyfile")" + if [ "$cafile" ]; then + newcafile="/etc/ipsec.d/private/$(basename "$cafile")" + else + newcafile="" + fi + + if [ -e "$newcertfile" ] || [ -e "$newkeyfile" ] || ( [ "$newcafile" != "" ] && [ -e "$newcafile" ] ); then + Error "$newcertfile or $newkeyfile"${newcafile:+ or $newcafile}" already exists." + Error "Please remove them first and then re-run dpkg-reconfigure to extract an existing keypair"${newcafile:+ and a rootca}"." + else + openssl x509 -in $certfile -out $newcertfile 2>/dev/null + umask 077 + openssl rsa -passin pass:"" -in $keyfile -out $newkeyfile 2>/dev/null + chmod 0600 "$newkeyfile" + insert_private_key_filename "$newkeyfile" + cp "$cafile" /etc/ipsec.d/cacerts + echo "Successfully integrated existing x509 certificate." + fi + fi + fi + db_set strongswan/install_x509_certificate false + fi + + # lets see if we are already using dependency based booting or the correct runlevel parameters + if ! ( [ "`find /etc/init.d/ -name '.depend.*'`" ] || [ "$runlevels" = "0K841K842S163S164S165S166K84" ] ); then + db_fset strongswan/runlevel_changes seen false + db_input high strongswan/runlevel_changes || true + db_go + + # if the admin did not change the runlevels which got installed by older packages we can modify them + if [ "$runlevels" = "0K346K34SS41" ] || [ "$runlevels" = "0K301K302S153S154S155S156K30" ] || [ "$runlevels" = "0K191K192S213S214S215S216K19" ]; then + update-rc.d -f ipsec remove + fi + + update-rc.d ipsec defaults 16 84 > /dev/null + fi + + db_get strongswan/enable-oe + if [ "$RET" != "true" ]; then + echo -n "Disabling opportunistic encryption (OE) in config file ... " + if [ -e $CONF_FILE ] && egrep -q "include /etc/ipsec.d/examples/no_oe.conf$" $CONF_FILE; then + # also update to new-style config + sed 's/.*include \/etc\/ipsec.d\/examples\/no_oe.conf/#include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp + mv $CONF_FILE.tmp $CONF_FILE + echo -n "converted old config line to new format" + fi + if [ -e $CONF_FILE ] && egrep -q "^include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then + sed 's/include \/etc\/ipsec.d\/examples\/oe.conf/#include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp + mv $CONF_FILE.tmp $CONF_FILE + echo "done" + elif [ ! -e $CONF_FILE ]; then + echo "#include /etc/ipsec.d/examples/oe.conf" > $CONF_FILE + else + echo "already disabled" + fi + else + echo -n "Enabling opportunistic encryption (OE) in config file ... " + if [ -e $CONF_FILE ] && egrep -q "include /etc/ipsec.d/examples/no_oe.conf$" $CONF_FILE; then + # also update to new-style config + sed 's/.*include \/etc\/ipsec.d\/examples\/no_oe.conf/include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp + mv $CONF_FILE.tmp $CONF_FILE + echo -n "converted old config line to new format" + fi + if [ -e $CONF_FILE ] && egrep -q "^include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then + echo "already enabled" + elif [ -e $CONF_FILE ] && egrep -q "^#.*include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then + sed 's/#.*include \/etc\/ipsec.d\/examples\/oe.conf/include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp + mv $CONF_FILE.tmp $CONF_FILE + echo "done" + elif [ ! -e $CONF_FILE ]; then + echo "include /etc/ipsec.d/examples/oe.conf" > $CONF_FILE + else + cat <<EOF >> $CONF_FILE +#Enable Opportunistic Encryption +include /etc/ipsec.d/examples/oe.conf +EOF + echo "done" + fi + fi + + # disabled for now, until we can solve the don't-edit-conffiles issue + #db_get strongswan/ikev1 + #if [ "$RET" != "true" ]; then + # enable_daemon_start "pluto" "IKEv1" + #else + # disable_daemon_start "pluto" "IKEv1" + #fi + #db_get strongswan/ikev2 + #if [ "$RET" != "true" ]; then + # enable_daemon_start "charon" "IKEv2" + #else + # disable_daemon_start "charon" "IKEv2" + #fi + + # create user for strongswan to change its uid into + # disabled until this can be kept in sync with build-time uid + #setup_strongswan_user + + if [ -z "$2" ]; then + # no old configured version - start strongswan now + invoke-rc.d ipsec start || true + else + # does the user wish strongswan to restart? + db_get strongswan/restart + if [ "$RET" = "true" ]; then + invoke-rc.d ipsec restart || true # sure, we'll restart it for you + fi + fi + + db_stop + + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + ;; + + *) + echo "postinst called with unknown argument '$1'" >&2 + exit 0 + ;; +esac + +# dh_installdeb will replace this with shell code automatically + +#DEBHELPER# + +exit 0 diff --git a/debian/strongswan-starter.postrm b/debian/strongswan-starter.postrm new file mode 100644 index 000000000..455687a3c --- /dev/null +++ b/debian/strongswan-starter.postrm @@ -0,0 +1,48 @@ +#! /bin/sh +# postrm script for strongswan +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postrm> `remove' +# * <postrm> `purge' +# * <old-postrm> `upgrade' <new-version> +# * <new-postrm> `failed-upgrade' <old-version> +# * <new-postrm> `abort-install' +# * <new-postrm> `abort-install' <old-version> +# * <new-postrm> `abort-upgrade' <old-version> +# * <disappearer's-postrm> `disappear' <r>overwrit>r> <new-version> +# for details, see /usr/share/doc/packaging-manual/ + +case "$1" in + purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + + # update the menu system +# if [ -x /usr/bin/update-menus ]; then update-menus; fi + + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 0 + +esac + +if [ "$1" = "purge" ] ; then + update-rc.d ipsec remove >/dev/null + #if which deluser >/dev/null 2>&1; then + # deluser --quiet strongswan > /dev/null || true + #fi + + rm -rf /etc/ipsec.d/ + rm -rf /var/run/pluto/ +fi + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + + diff --git a/debian/strongswan-starter.prerm b/debian/strongswan-starter.prerm new file mode 100644 index 000000000..c1ba063d6 --- /dev/null +++ b/debian/strongswan-starter.prerm @@ -0,0 +1,40 @@ +#! /bin/sh +# prerm script for strongswan +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <prerm> `remove' +# * <old-prerm> `upgrade' <new-version> +# * <new-prerm> `failed-upgrade' <old-version> +# * <conflictor's-prerm> `remove' `in-favour' <package> <new-version> +# * <deconfigured's-prerm> `deconfigure' `in-favour' +# <package-being-installed> <version> `removing' +# <conflicting-package> <version> +# for details, see /usr/share/doc/packaging-manual/ + +case "$1" in + upgrade) + ;; + remove|deconfigure) + invoke-rc.d ipsec stop || true +# install-info --quiet --remove /usr/info/strongswan.info.gz + ;; + failed-upgrade) + ;; + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + diff --git a/debian/strongswan-starter.templates b/debian/strongswan-starter.templates new file mode 100644 index 000000000..f36a76388 --- /dev/null +++ b/debian/strongswan-starter.templates @@ -0,0 +1,194 @@ +# These templates have been reviewed by the debian-l10n-english +# team +# +# If modifications/additions/rewording are needed, please ask +# debian-l10n-english@lists.debian.org for advice. +# +# Even minor modifications require translation updates and such +# changes should be coordinated with translators and reviewers. + +Template: strongswan/runlevel_changes +Type: note +_Description: Old runlevel management superseded + Previous versions of the strongSwan package gave a choice between + three different Start/Stop-Levels. Due to changes in the standard system + startup procedure, this is no longer necessary or useful. For all new + installations as well as old ones running in any of the predefined modes, + sane default levels will now be set. If you are upgrading from a previous + version and changed your strongSwan startup parameters, then please take a + look at NEWS.Debian for instructions on how to modify your setup accordingly. + +Template: strongswan/restart +Type: boolean +Default: true +_Description: Restart strongSwan now? + Restarting strongSwan is recommended, since if there is a security fix, it + will not be applied until the daemon restarts. Most people expect the daemon + to restart, so this is generally a good idea. However, this might take down + existing connections and then bring them back up, so if you are using such + a strongSwan tunnel to connect for this update, restarting is not recommended. + +Template: strongswan/ikev1 +Type: boolean +Default: true +_Description: Start strongSwan's IKEv1 daemon? + The pluto daemon must be running to support version 1 of the Internet Key + Exchange protocol. + +Template: strongswan/ikev2 +Type: boolean +Default: true +_Description: Start strongSwan's IKEv2 daemon? + The charon daemon must be running to support version 2 of the Internet Key + Exchange protocol. + +Template: strongswan/install_x509_certificate +Type: boolean +Default: false +_Description: Use an X.509 certificate for this host? + An X.509 certificate for this host can be automatically created or imported. + It can be used to authenticate IPsec connections to other hosts + and is the preferred way of building up secure IPsec connections. The other + possibility would be to use shared secrets (passwords that are the same on + both sides of the tunnel) for authenticating a connection, but for a larger + number of connections, key based authentication is easier to administer and + more secure. + . + Alternatively you can reject this option and later use the command + "dpkg-reconfigure strongswan" to come back. + +Template: strongswan/how_to_get_x509_certificate +Type: select +__Choices: create, import +Default: create +_Description: Methods for using a X.509 certificate to authenticate this host: + It is possible to create a new X.509 certificate with user-defined settings + or to import an existing public and private key stored in PEM file(s) for + authenticating IPsec connections. + . + If you choose to create a new X.509 certificate you will first be asked + a number of questions which must be answered before the creation can start. + Please keep in mind that if you want the public key to get signed by + an existing Certificate Authority you should not select to create a + self-signed certificate and all the answers given must match exactly the + requirements of the CA, otherwise the certificate request may be rejected. + . + If you want to import an existing public and private key you will be + prompted for their filenames (which may be identical if both parts are stored + together in one file). Optionally you may also specify a filename where the + public key(s) of the Certificate Authority are kept, but this file cannot + be the same as the former ones. Please also be aware that the format for the + X.509 certificates has to be PEM and that the private key must not be encrypted + or the import procedure will fail. + +Template: strongswan/existing_x509_certificate_filename +Type: string +_Description: File name of your PEM format X.509 certificate: + Please enter the location of the file containing your X.509 certificate in + PEM format. + +Template: strongswan/existing_x509_key_filename +Type: string +_Description: File name of your PEM format X.509 private key: + Please enter the location of the file containing the private RSA key + matching your X.509 certificate in PEM format. This can be the same file + that contains the X.509 certificate. + +Template: strongswan/existing_x509_rootca_filename +Type: string +_Description: File name of your PEM format X.509 RootCA: + Optionally you can now enter the location of the file containing the X.509 + Certificate Authority root used to sign your certificate in PEM format. If you + do not have one or do not want to use it please leave the field empty. Please + note that it's not possible to store the RootCA in the same file as your X.509 + certificate or private key. + +Template: strongswan/rsa_key_length +Type: string +Default: 2048 +_Description: Please enter which length the created RSA key should have: + Please enter the length of the created RSA key. It should not be less than + 1024 bits because this should be considered unsecure and you will probably + not need anything more than 4096 bits because it only slows the + authentication process down and is not needed at the moment. + +Template: strongswan/x509_self_signed +Type: boolean +Default: true +_Description: Create a self-signed X.509 certificate? + Only self-signed X.509 certificates can be created + automatically, because otherwise a Certificate Authority is needed to sign + the certificate request. If you choose to create a self-signed certificate, + you can use it immediately to connect to other IPsec hosts that support + X.509 certificate for authentication of IPsec connections. However, using + strongSwan's PKI features requires all certificates to be signed by a single + Certificate Authority to create a trust path. + . + If you do not choose to create a self-signed certificate, only the RSA + private key and the certificate request will be created, and you will + have to sign the certificate request with your Certificate Authority. + +Template: strongswan/x509_country_code +Type: string +Default: AT +_Description: Country code for the X.509 certificate request: + Please enter the two-letter code for the country the server resides in + (such as "AT" for Austria). + . + OpenSSL will refuse to generate a certificate unless this is a valid + ISO-3166 country code; an empty field is allowed elsewhere in the X.509 + certificate, but not here. + +Template: strongswan/x509_state_name +Type: string +Default: +_Description: State or province name for the X.509 certificate request: + Please enter the full name of the state or province the server resides in + (such as "Upper Austria"). + +Template: strongswan/x509_locality_name +Type: string +Default: +_Description: Locality name for the X.509 certificate request: + Please enter the locality the server resides in (often a city, such + as "Vienna"). + +Template: strongswan/x509_organization_name +Type: string +Default: +_Description: Organization name for the X.509 certificate request: + Please enter the organization the server belongs to (such as "Debian"). + +Template: strongswan/x509_organizational_unit +Type: string +Default: +_Description: Organizational unit for the X.509 certificate request: + Please enter the organizational unit the server belongs to (such as + "security group"). + +Template: strongswan/x509_common_name +Type: string +Default: +_Description: Common Name for the X.509 certificate request: + Please enter the Common Name for this host (such as + "gateway.example.org"). + +Template: strongswan/x509_email_address +Type: string +Default: +_Description: Email address for the X.509 certificate request: + Please enter the email address of the person or organization + responsible for the X.509 certificate. + +Template: strongswan/enable-oe +Type: boolean +Default: false +_Description: Enable opportunistic encryption? + This version of strongSwan supports opportunistic encryption (OE), which stores + IPSec authentication information in + DNS records. Until this is widely deployed, activating it will + cause a significant delay for every new outgoing connection. + . + You should only enable opportunistic encryption if you are sure you want it. + It may break the Internet connection (default route) as the pluto daemon + starts. diff --git a/debian/strongswan.docs b/debian/strongswan.docs new file mode 100644 index 000000000..297170db8 --- /dev/null +++ b/debian/strongswan.docs @@ -0,0 +1,2 @@ +README +CREDITS diff --git a/debian/svn-deblayout b/debian/svn-deblayout new file mode 100644 index 000000000..51fb3b726 --- /dev/null +++ b/debian/svn-deblayout @@ -0,0 +1,8 @@ +buildArea=/home/rene/amw/src/packages/build-area +origDir=/home/rene/amw/src/packages/tarballs +origUrl=svn+ssh://svn.gibraltar.at/srv/svn/debian-packages/trunk/debian/tarballs +tagsUrl=svn+ssh://svn.gibraltar.at/srv/svn/debian-packages/tags/strongswan +trunkDir=/home/rene/amw/src/packages/strongswan +trunkUrl=svn+ssh://svn.gibraltar.at/srv/svn/debian-packages/trunk/debian/strongswan +upsCurrentUrl=svn+ssh://svn.gibraltar.at/srv/svn/debian-packages/branches/source-dist/debian/strongswan +upsTagUrl=svn+ssh://svn.gibraltar.at/srv/svn/debian-packages/tags/strongswan diff --git a/debian/use-bash1.diff b/debian/use-bash1.diff new file mode 100644 index 000000000..6d0c922df --- /dev/null +++ b/debian/use-bash1.diff @@ -0,0 +1,4 @@ +1c1 +< #! /bin/sh +--- +> #!/bin/bash diff --git a/debian/use-bash2.diff b/debian/use-bash2.diff new file mode 100644 index 000000000..ccee7f27e --- /dev/null +++ b/debian/use-bash2.diff @@ -0,0 +1,4 @@ +1c1 +< #!/bin/sh +--- +> #!/bin/bash diff --git a/debian/watch b/debian/watch new file mode 100644 index 000000000..812049178 --- /dev/null +++ b/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://download.strongswan.org/strongswan-([\d.]+)\.tar\.bz2 diff --git a/src/_copyright/_copyright.8 b/src/_copyright/_copyright.8 new file mode 100644 index 000000000..99386254b --- /dev/null +++ b/src/_copyright/_copyright.8 @@ -0,0 +1,29 @@ +.TH _COPYRIGHT 8 "25 Apr 2002" +.SH NAME +ipsec _copyright \- prints FreeSWAN copyright +.SH DESCRIPTION +.I _copyright +outputs the FreeSWAN copyright, and version numbers for "ipsec --copyright" +.SH "SEE ALSO" +ipsec(8) +.SH HISTORY +Man page written for the Linux FreeS/WAN project +<http://www.freeswan.org/> +by Michael Richardson. Program written by Henry Spencer. +.\" +.\" $Log: _copyright.8,v $ +.\" Revision 1.1 2004/03/15 20:35:27 as +.\" added files from freeswan-2.04-x509-1.5.3 +.\" +.\" Revision 1.2 2002/04/29 22:39:31 mcr +.\" added basic man page for all internal commands. +.\" +.\" Revision 1.1 2002/04/26 01:21:43 mcr +.\" while tracking down a missing (not installed) /etc/ipsec.conf, +.\" MCR has decided that it is not okay for each program subdir to have +.\" some subset (determined with -f) of possible files. +.\" Each subdir that defines $PROGRAM, MUST have a PROGRAM.8 file as well as a PROGRAM file. +.\" Optional PROGRAM.5 files have been added to the makefiles. +.\" +.\" +.\" diff --git a/src/libcharon/plugins/maemo/org.strongswan.charon.service b/src/libcharon/plugins/maemo/org.strongswan.charon.service new file mode 100644 index 000000000..7dd31ed60 --- /dev/null +++ b/src/libcharon/plugins/maemo/org.strongswan.charon.service @@ -0,0 +1,4 @@ +[D-BUS Service] +Name=org.strongswan.charon +Exec=/usr/bin/run-standalone.sh /usr/libexec/ipsec/charon +User=root diff --git a/src/libcharon/plugins/stroke/stroke_shared_key.c b/src/libcharon/plugins/stroke/stroke_shared_key.c new file mode 100644 index 000000000..4f716e83a --- /dev/null +++ b/src/libcharon/plugins/stroke/stroke_shared_key.c @@ -0,0 +1,140 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "stroke_shared_key.h" + +#include <utils/linked_list.h> + +typedef struct private_stroke_shared_key_t private_stroke_shared_key_t; + +/** + * private data of shared_key + */ +struct private_stroke_shared_key_t { + + /** + * implements shared_key_t + */ + stroke_shared_key_t public; + + /** + * type of this key + */ + shared_key_type_t type; + + /** + * data of the key + */ + chunk_t key; + + /** + * list of key owners, as identification_t + */ + linked_list_t *owners; + + /** + * reference counter + */ + refcount_t ref; +}; + +/** + * Implementation of shared_key_t.get_type. + */ +static shared_key_type_t get_type(private_stroke_shared_key_t *this) +{ + return this->type; +} + +/** + * Implementation of shared_key_t.get_ref. + */ +static private_stroke_shared_key_t* get_ref(private_stroke_shared_key_t *this) +{ + ref_get(&this->ref); + return this; +} + +/** + * Implementation of shared_key_t.get_key. + */ +static chunk_t get_key(private_stroke_shared_key_t *this) +{ + return this->key; +} + +/** + * Implementation of stroke_shared_key_t.has_owner. + */ +static id_match_t has_owner(private_stroke_shared_key_t *this, identification_t *owner) +{ + enumerator_t *enumerator; + id_match_t match, best = ID_MATCH_NONE; + identification_t *current; + + enumerator = this->owners->create_enumerator(this->owners); + while (enumerator->enumerate(enumerator, ¤t)) + { + match = owner->matches(owner, current); + if (match > best) + { + best = match; + } + } + enumerator->destroy(enumerator); + return best; +} +/** + * Implementation of stroke_shared_key_t.add_owner. + */ +static void add_owner(private_stroke_shared_key_t *this, identification_t *owner) +{ + this->owners->insert_last(this->owners, owner); +} + +/** + * Implementation of stroke_shared_key_t.destroy + */ +static void destroy(private_stroke_shared_key_t *this) +{ + if (ref_put(&this->ref)) + { + this->owners->destroy_offset(this->owners, offsetof(identification_t, destroy)); + chunk_free(&this->key); + free(this); + } +} + +/** + * create a shared key + */ +stroke_shared_key_t *stroke_shared_key_create(shared_key_type_t type, chunk_t key) +{ + private_stroke_shared_key_t *this = malloc_thing(private_stroke_shared_key_t); + + this->public.shared.get_type = (shared_key_type_t(*)(shared_key_t*))get_type; + this->public.shared.get_key = (chunk_t(*)(shared_key_t*))get_key; + this->public.shared.get_ref = (shared_key_t*(*)(shared_key_t*))get_ref; + this->public.shared.destroy = (void(*)(shared_key_t*))destroy; + this->public.add_owner = (void(*)(stroke_shared_key_t*, identification_t *owner))add_owner; + this->public.has_owner = (id_match_t(*)(stroke_shared_key_t*, identification_t *owner))has_owner; + + this->owners = linked_list_create(); + this->type = type; + this->key = key; + this->ref = 1; + + return &this->public; +} diff --git a/src/libcharon/plugins/stroke/stroke_shared_key.h b/src/libcharon/plugins/stroke/stroke_shared_key.h new file mode 100644 index 000000000..05ad55083 --- /dev/null +++ b/src/libcharon/plugins/stroke/stroke_shared_key.h @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup stroke_shared_key stroke_shared_key + * @{ @ingroup stroke + */ + +#ifndef STROKE_SHARED_KEY_H_ +#define STROKE_SHARED_KEY_H_ + +#include <utils/identification.h> +#include <credentials/keys/shared_key.h> + +typedef struct stroke_shared_key_t stroke_shared_key_t; + +/** + * Shared key implementation for keys read from ipsec.secrets + */ +struct stroke_shared_key_t { + + /** + * Implements the shared_key_t interface. + */ + shared_key_t shared; + + /** + * Add an owner to the key. + * + * @param owner owner to add + */ + void (*add_owner)(stroke_shared_key_t *this, identification_t *owner); + + /** + * Check if a key has a specific owner. + * + * @param owner owner to check + * @return best match found + */ + id_match_t (*has_owner)(stroke_shared_key_t *this, identification_t *owner); +}; + +/** + * Create a stroke_shared_key instance. + */ +stroke_shared_key_t *stroke_shared_key_create(shared_key_type_t type, chunk_t key); + +#endif /** STROKE_SHARED_KEY_H_ @}*/ diff --git a/src/libcharon/tnccs/tnccs.c b/src/libcharon/tnccs/tnccs.c new file mode 100644 index 000000000..2facf02c8 --- /dev/null +++ b/src/libcharon/tnccs/tnccs.c @@ -0,0 +1,22 @@ +/* + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tnccs.h" + +ENUM(eap_type_names, TNCCS_1_1, TNCCS_2_0, + "TNCCS 1.1", + "TNCCS SOH", + "TNCCS 2.0", +); diff --git a/src/libcharon/tnccs/tnccs.h b/src/libcharon/tnccs/tnccs.h new file mode 100644 index 000000000..583512e82 --- /dev/null +++ b/src/libcharon/tnccs/tnccs.h @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tnccs tnccs + * @{ @ingroup libcharon + */ + +#ifndef TNCCS_H_ +#define TNCCS_H_ + +typedef enum tnccs_type_t tnccs_type_t; + +#include <library.h> + +/** + * Type of TNC Client/Server protocol + */ +enum tnccs_type_t { + TNCCS_1_1, + TNCCS_SOH, + TNCCS_2_0 +}; + +/** + * enum names for tnccs_type_t. + */ +extern enum_name_t *tnccs_type_names; + +typedef struct tnccs_t tnccs_t; + +/** + * Constructor definition for a pluggable TNCCS protocol implementation. + * + * @param is_server TRUE if TNC Server, FALSE if TNC Client + * @return implementation of the tnccs_t interface + */ +typedef tnccs_t* (*tnccs_constructor_t)(bool is_server); + +#endif /** TNC_H_ @}*/ diff --git a/src/libcharon/tnccs/tnccs_manager.c b/src/libcharon/tnccs/tnccs_manager.c new file mode 100644 index 000000000..0fd6737c0 --- /dev/null +++ b/src/libcharon/tnccs/tnccs_manager.c @@ -0,0 +1,148 @@ +/* + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tnccs_manager.h" + +#include <utils/linked_list.h> +#include <threading/rwlock.h> + +typedef struct private_tnccs_manager_t private_tnccs_manager_t; +typedef struct tnccs_entry_t tnccs_entry_t; + +/** + * TNCCS constructor entry + */ +struct tnccs_entry_t { + + /** + * TNCCS protocol type + */ + tnccs_type_t type; + + /** + * constructor function to create instance + */ + tnccs_constructor_t constructor; +}; + +/** + * private data of tnccs_manager + */ +struct private_tnccs_manager_t { + + /** + * public functions + */ + tnccs_manager_t public; + + /** + * list of tnccs_entry_t's + */ + linked_list_t *protocols; + + /** + * rwlock to lock methods + */ + rwlock_t *lock; +}; + +METHOD(tnccs_manager_t, add_method, void, + private_tnccs_manager_t *this, tnccs_type_t type, + tnccs_constructor_t constructor) +{ + tnccs_entry_t *entry = malloc_thing(tnccs_entry_t); + + entry->type = type; + entry->constructor = constructor; + + this->lock->write_lock(this->lock); + this->protocols->insert_last(this->protocols, entry); + this->lock->unlock(this->lock); +} + +METHOD(tnccs_manager_t, remove_method, void, + private_tnccs_manager_t *this, tnccs_constructor_t constructor) +{ + enumerator_t *enumerator; + tnccs_entry_t *entry; + + this->lock->write_lock(this->lock); + enumerator = this->protocols->create_enumerator(this->protocols); + while (enumerator->enumerate(enumerator, &entry)) + { + if (constructor == entry->constructor) + { + this->protocols->remove_at(this->protocols, enumerator); + free(entry); + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); +} + +METHOD(tnccs_manager_t, create_instance, tnccs_t*, + private_tnccs_manager_t *this, tnccs_type_t type, bool is_server) +{ + enumerator_t *enumerator; + tnccs_entry_t *entry; + tnccs_t *protocol = NULL; + + this->lock->read_lock(this->lock); + enumerator = this->protocols->create_enumerator(this->protocols); + while (enumerator->enumerate(enumerator, &entry)) + { + if (type == entry->type) + { + protocol = entry->constructor(is_server); + if (protocol) + { + break; + } + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + return protocol; +} + +METHOD(tnccs_manager_t, destroy, void, + private_tnccs_manager_t *this) +{ + this->protocols->destroy_function(this->protocols, free); + this->lock->destroy(this->lock); + free(this); +} + +/* + * See header + */ +tnccs_manager_t *tnccs_manager_create() +{ + private_tnccs_manager_t *this; + + INIT(this, + .public = { + .add_method = _add_method, + .remove_method = _remove_method, + .create_instance = _create_instance, + .destroy = _destroy, + }, + .protocols = linked_list_create(), + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), + ); + + return &this->public; +} + diff --git a/src/libcharon/tnccs/tnccs_manager.h b/src/libcharon/tnccs/tnccs_manager.h new file mode 100644 index 000000000..2f4a961a7 --- /dev/null +++ b/src/libcharon/tnccs/tnccs_manager.h @@ -0,0 +1,74 @@ +/* + * Copyright (C) 2010 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tnccs_manager tnccs_manager + * @{ @ingroup tnccs + */ + +#ifndef TNCCS_MANAGER_H_ +#define TNCCS_MANAGER_H_ + +#include "tnccs.h" + +typedef struct tnccs_manager_t tnccs_manager_t; + +/** + * The TNCCS manager manages all TNCCS implementations and creates instances. + * + * A plugin registers its implemented TNCCS protocol with the manager by + * providing type and a constructor function. The manager then creates + * TNCCS protocol instances via the provided constructor. + */ +struct tnccs_manager_t { + + /** + * Register a TNCCS protocol implementation. + * + * @param type TNCCS protocol type + * @param constructor constructor, returns a TNCCS protocol implementation + */ + void (*add_method)(tnccs_manager_t *this, tnccs_type_t type, + tnccs_constructor_t constructor); + + /** + * Unregister a TNCCS protocol implementation using it's constructor. + * + * @param constructor constructor function to remove, as added in add_method + */ + void (*remove_method)(tnccs_manager_t *this, tnccs_constructor_t constructor); + + /** + * Create a new TNCCS protocol instance. + * + * @param type type of the TNCCS protocol + * @param is_server TRUE if TNC Server, FALSE if TNC Client + * @return TNCCS protocol instance, NULL if no constructor found + */ + tnccs_t* (*create_instance)(tnccs_manager_t *this, tnccs_type_t type, + bool is_server); + + /** + * Destroy a tnccs_manager instance. + */ + void (*destroy)(tnccs_manager_t *this); +}; + +/** + * Create a tnccs_manager instance. + */ +tnccs_manager_t *tnccs_manager_create(); + +#endif /** TNCCS_MANAGER_H_ @}*/ diff --git a/src/libfreeswan/atosa.3 b/src/libfreeswan/atosa.3 new file mode 100644 index 000000000..f57fcf1e9 --- /dev/null +++ b/src/libfreeswan/atosa.3 @@ -0,0 +1,217 @@ +.TH IPSEC_ATOSA 3 "11 June 2001" +.SH NAME +ipsec atosa, satoa \- convert IPsec Security Association IDs to and from ASCII +.SH SYNOPSIS +.B "#include <freeswan.h> +.sp +.B "const char *atosa(const char *src, size_t srclen," +.ti +1c +.B "struct sa_id *sa); +.br +.B "size_t satoa(struct sa_id sa, int format," +.ti +1c +.B "char *dst, size_t dstlen);" +.sp +.B "struct sa_id {" +.ti +1c +.B "struct in_addr dst;" +.ti +1c +.B "ipsec_spi_t spi;" +.ti +1c +.B "int proto;" +.br +.B "};" +.SH DESCRIPTION +These functions are obsolete; see +.IR ipsec_ttosa (3) +for their replacements. +.PP +.I Atosa +converts an ASCII Security Association (SA) specifier into an +.B sa_id +structure (containing +a destination-host address +in network byte order, +an SPI number in network byte order, and +a protocol code). +.I Satoa +does the reverse conversion, back to an ASCII SA specifier. +.PP +An SA is specified in ASCII with a mail-like syntax, e.g. +.BR esp507@1.2.3.4 . +An SA specifier contains +a protocol prefix (currently +.BR ah , +.BR esp , +or +.BR tun ), +an unsigned integer SPI number, +and an IP address. +The SPI number can be decimal or hexadecimal +(with +.B 0x +prefix), as accepted by +.IR ipsec_atoul (3). +The IP address can be any form accepted by +.IR ipsec_atoaddr (3), +e.g. dotted-decimal address or DNS name. +.PP +As a special case, the SA specifier +.B %passthrough +signifies the special SA used to indicate that packets should be +passed through unaltered. +(At present, this is a synonym for +.BR tun0x0@0.0.0.0 , +but that is subject to change without notice.) +This form is known to both +.I atosa +and +.IR satoa , +so the internal form of +.B %passthrough +is never visible. +.PP +The +.B <freeswan.h> +header file supplies the +.B sa_id +structure, as well as a data type +.B ipsec_spi_t +which is an unsigned 32-bit integer. +(There is no consistency between kernel and user on what such a type +is called, hence the header hides the differences.) +.PP +The protocol code uses the same numbers that IP does. +For user convenience, given the difficulty in acquiring the exact set of +protocol names used by the kernel, +.B <freeswan.h> +defines the names +.BR SA_ESP , +.BR SA_AH , +and +.B SA_IPIP +to have the same values as the kernel names +.BR IPPROTO_ESP , +.BR IPPROTO_AH , +and +.BR IPPROTO_IPIP . +.PP +The +.I srclen +parameter of +.I atosa +specifies the length of the ASCII string pointed to by +.IR src ; +it is an error for there to be anything else +(e.g., a terminating NUL) within that length. +As a convenience for cases where an entire NUL-terminated string is +to be converted, +a +.I srclen +value of +.B 0 +is taken to mean +.BR strlen(src) . +.PP +The +.I dstlen +parameter of +.I satoa +specifies the size of the +.I dst +parameter; +under no circumstances are more than +.I dstlen +bytes written to +.IR dst . +A result which will not fit is truncated. +.I Dstlen +can be zero, in which case +.I dst +need not be valid and no result is written, +but the return value is unaffected; +in all other cases, the (possibly truncated) result is NUL-terminated. +The +.I freeswan.h +header file defines a constant, +.BR SATOA_BUF , +which is the size of a buffer just large enough for worst-case results. +.PP +The +.I format +parameter of +.I satoa +specifies what format is to be used for the conversion. +The value +.B 0 +(not the ASCII character +.BR '0' , +but a zero value) +specifies a reasonable default +(currently +lowercase protocol prefix, lowercase hexadecimal SPI, dotted-decimal address). +The value +.B d +causes the SPI to be generated in decimal instead. +.PP +.I Atosa +returns +.B NULL +for success and +a pointer to a string-literal error message for failure; +see DIAGNOSTICS. +.I Satoa +returns +.B 0 +for a failure, and otherwise +always returns the size of buffer which would +be needed to +accommodate the full conversion result, including terminating NUL; +it is the caller's responsibility to check this against the size of +the provided buffer to determine whether truncation has occurred. +.SH SEE ALSO +ipsec_atoul(3), ipsec_atoaddr(3), inet(3) +.SH DIAGNOSTICS +Fatal errors in +.I atosa +are: +empty input; +input too small to be a legal SA specifier; +no +.B @ +in input; +unknown protocol prefix; +conversion error in +.I atoul +or +.IR atoaddr . +.PP +Fatal errors in +.I satoa +are: +unknown format; unknown protocol code. +.SH HISTORY +Written for the FreeS/WAN project by Henry Spencer. +.SH BUGS +The +.B tun +protocol code is a FreeS/WANism which may eventually disappear. +.PP +The restriction of ASCII-to-binary error reports to literal strings +(so that callers don't need to worry about freeing them or copying them) +does limit the precision of error reporting. +.PP +The ASCII-to-binary error-reporting convention lends itself +to slightly obscure code, +because many readers will not think of NULL as signifying success. +A good way to make it clearer is to write something like: +.PP +.RS +.nf +.B "const char *error;" +.sp +.B "error = atoaddr( /* ... */ );" +.B "if (error != NULL) {" +.B " /* something went wrong */" +.fi +.RE diff --git a/src/libfreeswan/atosa.c b/src/libfreeswan/atosa.c new file mode 100644 index 000000000..7339b4c3e --- /dev/null +++ b/src/libfreeswan/atosa.c @@ -0,0 +1,198 @@ +/* + * convert from ASCII form of SA ID to binary + * Copyright (C) 1998, 1999 Henry Spencer. + * + * This library is free software; you can redistribute it and/or modify it + * under the terms of the GNU Library General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public + * License for more details. + */ +#include "internal.h" +#include "freeswan.h" + +static struct satype { + char *prefix; + size_t prelen; /* strlen(prefix) */ + int proto; +} satypes[] = { + { "ah", 2, SA_AH }, + { "esp", 3, SA_ESP }, + { "tun", 3, SA_IPIP }, + { "comp", 4, SA_COMP }, + { NULL, 0, 0, } +}; + +/* + - atosa - convert ASCII "ah507@10.0.0.1" to SA identifier + */ +const char * /* NULL for success, else string literal */ +atosa(src, srclen, sa) +const char *src; +size_t srclen; /* 0 means "apply strlen" */ +struct sa_id *sa; +{ + const char *at; + const char *addr; + const char *spi = NULL; + struct satype *sat; + unsigned long ul; + const char *oops; +# define MINLEN 5 /* ah0@0 is as short as it can get */ + static char ptname[] = PASSTHROUGHNAME; +# define PTNLEN (sizeof(ptname)-1) /* -1 for NUL */ + + if (srclen == 0) + srclen = strlen(src); + if (srclen == 0) + return "empty string"; + if (srclen < MINLEN) + return "string too short to be SA specifier"; + if (srclen == PTNLEN && memcmp(src, ptname, PTNLEN) == 0) { + src = PASSTHROUGHIS; + srclen = strlen(src); + } + + at = memchr(src, '@', srclen); + if (at == NULL) + return "no @ in SA specifier"; + + for (sat = satypes; sat->prefix != NULL; sat++) + if (sat->prelen < srclen && + strncmp(src, sat->prefix, sat->prelen) == 0) { + sa->proto = sat->proto; + spi = src + sat->prelen; + break; /* NOTE BREAK OUT */ + } + if (sat->prefix == NULL) + return "SA specifier lacks valid protocol prefix"; + + if (spi >= at) + return "no SPI in SA specifier"; + oops = atoul(spi, at - spi, 13, &ul); + if (oops != NULL) + return oops; + sa->spi = htonl(ul); + + addr = at + 1; + oops = atoaddr(addr, srclen - (addr - src), &sa->dst); + if (oops != NULL) + return oops; + + return NULL; +} + + + +#ifdef ATOSA_MAIN + +#include <stdio.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> + +void regress(void); + +int +main(int argc, char *argv[]) +{ + struct sa_id sa; + char buf[100]; + const char *oops; + size_t n; + + if (argc < 2) { + fprintf(stderr, "Usage: %s {ahnnn@aaa|-r}\n", argv[0]); + exit(2); + } + + if (strcmp(argv[1], "-r") == 0) { + regress(); + fprintf(stderr, "regress() returned?!?\n"); + exit(1); + } + + oops = atosa(argv[1], 0, &sa); + if (oops != NULL) { + fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops); + exit(1); + } + n = satoa(sa, 0, buf, sizeof(buf)); + if (n > sizeof(buf)) { + fprintf(stderr, "%s: reverse conv of `%d'", argv[0], sa.proto); + fprintf(stderr, "%lu@", (long unsigned int)sa.spi); + fprintf(stderr, "%s", inet_ntoa(sa.dst)); + fprintf(stderr, " failed: need %ld bytes, have only %ld\n", + (long)n, (long)sizeof(buf)); + exit(1); + } + printf("%s\n", buf); + + exit(0); +} + +struct rtab { + char *input; + char *output; /* NULL means error expected */ +} rtab[] = { + {"esp257@1.2.3.0", "esp257@1.2.3.0"}, + {"ah0x20@1.2.3.4", "ah32@1.2.3.4"}, + {"tun011@111.2.3.99", "tun11@111.2.3.99"}, + {"", NULL}, + {"_", NULL}, + {"ah2.2", NULL}, + {"goo2@1.2.3.4", NULL}, + {"esp9@1.2.3.4", "esp9@1.2.3.4"}, + {"espp9@1.2.3.4", NULL}, + {"es9@1.2.3.4", NULL}, + {"ah@1.2.3.4", NULL}, + {"esp7x7@1.2.3.4", NULL}, + {"esp77@1.0x2.3.4", NULL}, + {PASSTHROUGHNAME, PASSTHROUGHNAME}, + {NULL, NULL} +}; + +void +regress(void) +{ + struct rtab *r; + int status = 0; + struct sa_id sa; + char in[100]; + char buf[100]; + const char *oops; + size_t n; + + for (r = rtab; r->input != NULL; r++) { + strcpy(in, r->input); + oops = atosa(in, 0, &sa); + if (oops != NULL && r->output == NULL) + {} /* okay, error expected */ + else if (oops != NULL) { + printf("`%s' atosa failed: %s\n", r->input, oops); + status = 1; + } else if (r->output == NULL) { + printf("`%s' atosa succeeded unexpectedly\n", + r->input); + status = 1; + } else { + n = satoa(sa, 'd', buf, sizeof(buf)); + if (n > sizeof(buf)) { + printf("`%s' satoa failed: need %ld\n", + r->input, (long)n); + status = 1; + } else if (strcmp(r->output, buf) != 0) { + printf("`%s' gave `%s', expected `%s'\n", + r->input, buf, r->output); + status = 1; + } + } + } + exit(status); +} + +#endif /* ATOSA_MAIN */ diff --git a/src/libfreeswan/keyblobtoid.3 b/src/libfreeswan/keyblobtoid.3 new file mode 100644 index 000000000..8b5bfb0a2 --- /dev/null +++ b/src/libfreeswan/keyblobtoid.3 @@ -0,0 +1,102 @@ +.TH IPSEC_KEYBLOBTOID 3 "25 March 2002" +.SH NAME +ipsec keyblobtoid, splitkeytoid \- generate key IDs from RSA keys +.SH SYNOPSIS +.B "#include <freeswan.h> +.sp +.B "size_t keyblobtoid(const unsigned char *blob," +.ti +1c +.B "size_t bloblen, char *dst, size_t dstlen);" +.br +.B "size_t splitkeytoid(const unsigned char *e, size_t elen," +.ti +1c +.B "const unsigned char *m, size_t mlen, char *dst, +.ti +1c +.B "size_t dstlen);" +.SH DESCRIPTION +.I Keyblobtoid +and +.I splitkeytoid +generate +key IDs +from RSA keys, +for use in messages and reporting, +writing the result to +.IR dst . +A +.I key ID +is a short ASCII string identifying a key; +currently it is just the first nine characters of the base64 +encoding of the RFC 2537/3110 ``byte blob'' representation of the key. +(Beware that no finite key ID can be collision-proof: +there is always some small chance of two random keys having the +same ID.) +.PP +.I Keyblobtoid +generates a key ID from a key which is already in the form of an +RFC 2537/3110 binary key +.I blob +(encoded exponent length, exponent, modulus). +.PP +.I Splitkeytoid +generates a key ID from a key given in the form of a separate +(binary) exponent +.I e +and modulus +.IR m . +.PP +The +.I dstlen +parameter of either +specifies the size of the +.I dst +parameter; +under no circumstances are more than +.I dstlen +bytes written to +.IR dst . +A result which will not fit is truncated. +.I Dstlen +can be zero, in which case +.I dst +need not be valid and no result is written, +but the return value is unaffected; +in all other cases, the (possibly truncated) result is NUL-terminated. +The +.I freeswan.h +header file defines a constant +.B KEYID_BUF +which is the size of a buffer large enough for worst-case results. +.PP +Both functions return +.B 0 +for a failure, and otherwise +always return the size of buffer which would +be needed to +accommodate the full conversion result, including terminating NUL; +it is the caller's responsibility to check this against the size of +the provided buffer to determine whether truncation has occurred. +.P +With keys generated by +.IR ipsec_rsasigkey (3), +the first two base64 digits are always the same, +and the third carries only about one bit of information. +It's worse with keys using longer fixed exponents, +e.g. the 24-bit exponent that's common in X.509 certificates. +However, being able to relate key IDs to the full +base64 text form of keys by eye is sufficiently useful that this +waste of space seems justifiable. +The choice of nine digits is a compromise between bulk and +probability of collision. +.SH SEE ALSO +RFC 3110, +\fIRSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)\fR, +Eastlake, 2001 +(superseding the older but better-known RFC 2537). +.SH DIAGNOSTICS +Fatal errors are: +key too short to supply enough bits to construct a complete key ID +(almost certainly indicating a garbage key); +exponent too long for its length to be representable. +.SH HISTORY +Written for the FreeS/WAN project by Henry Spencer. diff --git a/src/libfreeswan/keyblobtoid.c b/src/libfreeswan/keyblobtoid.c new file mode 100644 index 000000000..89ab5fced --- /dev/null +++ b/src/libfreeswan/keyblobtoid.c @@ -0,0 +1,146 @@ +/* + * generate printable key IDs + * Copyright (C) 2002 Henry Spencer. + * + * This library is free software; you can redistribute it and/or modify it + * under the terms of the GNU Library General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public + * License for more details. + */ +#include "internal.h" +#include "freeswan.h" + +/* + - keyblobtoid - generate a printable key ID from an RFC 2537/3110 key blob + * Current algorithm is just to use first nine base64 digits. + */ +size_t +keyblobtoid(src, srclen, dst, dstlen) +const unsigned char *src; +size_t srclen; +char *dst; /* need not be valid if dstlen is 0 */ +size_t dstlen; +{ + char buf[KEYID_BUF]; + size_t ret; +# define NDIG 9 + + if (srclen < (NDIG*6 + 7)/8) { + strcpy(buf, "?len= ?"); + buf[5] = '0' + srclen; + ret = 0; + } else { + (void) datatot(src, srclen, 64, buf, NDIG+1); + ret = NDIG+1; + } + + if (dstlen > 0) { + if (strlen(buf)+1 > dstlen) + *(buf + dstlen - 1) = '\0'; + strcpy(dst, buf); + } + return ret; +} + +/* + - splitkeytoid - generate a printable key ID from exponent/modulus pair + * Just constructs the beginnings of a key blob and calls keyblobtoid(). + */ +size_t +splitkeytoid(e, elen, m, mlen, dst, dstlen) +const unsigned char *e; +size_t elen; +const unsigned char *m; +size_t mlen; +char *dst; /* need not be valid if dstlen is 0 */ +size_t dstlen; +{ + unsigned char buf[KEYID_BUF]; /* ample room */ + unsigned char *bufend = buf + sizeof(buf); + unsigned char *p; + size_t n; + + p = buf; + if (elen <= 255) + *p++ = elen; + else if ((elen &~ 0xffff) == 0) { + *p++ = 0; + *p++ = (elen>>8) & 0xff; + *p++ = elen & 0xff; + } else + return 0; /* unrepresentable exponent length */ + + n = bufend - p; + if (elen < n) + n = elen; + memcpy(p, e, n); + p += n; + + n = bufend - p; + if (n > 0) { + if (mlen < n) + n = mlen; + memcpy(p, m, n); + p += n; + } + + return keyblobtoid(buf, p - buf, dst, dstlen); +} + + + +#ifdef KEYBLOBTOID_MAIN + +#include <stdio.h> + +void regress(); + +int +main(argc, argv) +int argc; +char *argv[]; +{ + typedef unsigned char uc; + uc hexblob[] = "\x01\x03\x85\xf2\xd6\x76\x9b\x03\x59\xb6\x21\x52"; + uc hexe[] = "\x03"; + uc hexm[] = "\x85\xf2\xd6\x76\x9b\x03\x59\xb6\x21\x52\xef\x85"; + char b64nine[] = "AQOF8tZ2m"; + char b64six[] = "AQOF8t"; + char buf[100]; + size_t n; + char *b = b64nine; + size_t bl = strlen(b) + 1; + int st = 0; + + n = keyblobtoid(hexblob, strlen(hexblob), buf, sizeof(buf)); + if (n != bl) { + fprintf(stderr, "%s: keyblobtoid returned %d not %d\n", + argv[0], n, bl); + st = 1; + } + if (strcmp(buf, b) != 0) { + fprintf(stderr, "%s: keyblobtoid generated `%s' not `%s'\n", + argv[0], buf, b); + st = 1; + } + n = splitkeytoid(hexe, strlen(hexe), hexm, strlen(hexm), buf, + sizeof(buf)); + if (n != bl) { + fprintf(stderr, "%s: splitkeytoid returned %d not %d\n", + argv[0], n, bl); + st = 1; + } + if (strcmp(buf, b) != 0) { + fprintf(stderr, "%s: splitkeytoid generated `%s' not `%s'\n", + argv[0], buf, b); + st = 1; + } + exit(st); +} + +#endif /* KEYBLOBTOID_MAIN */ diff --git a/src/libfreeswan/prng.3 b/src/libfreeswan/prng.3 new file mode 100644 index 000000000..48c6ceed0 --- /dev/null +++ b/src/libfreeswan/prng.3 @@ -0,0 +1,120 @@ +.TH IPSEC_PRNG 3 "1 April 2002" +.SH NAME +ipsec prng_init \- initialize IPsec pseudorandom-number generator +.br +ipsec prng_bytes \- get bytes from IPsec pseudorandom-number generator +.br +ipsec prng_final \- close down IPsec pseudorandom-number generator +.SH SYNOPSIS +.B "#include <freeswan.h> +.sp +.B "void prng_init(struct prng *prng," +.ti +1c +.B "const unsigned char *key, size_t keylen);" +.br +.B "void prng_bytes(struct prng *prng, char *dst," +.ti +1c +.B "size_t dstlen);" +.br +.B "unsigned long prng_count(struct prng *prng);" +.br +.B "void prng_final(struct prng *prng);" +.SH DESCRIPTION +.I Prng_init +initializes a crypto-quality pseudo-random-number generator from a key; +.I prng_bytes +obtains pseudo-random bytes from it; +.I prng_count +reports the number of bytes extracted from it to date; +.I prng_final +closes it down. +It is the user's responsibility to initialize a PRNG before using it, +and not to use it again after it is closed down. +.PP +.I Prng_init +initializes, +or re-initializes, +the specified +.I prng +from the +.IR key , +whose length is given by +.IR keylen . +The user must allocate the +.B "struct prng" +pointed to by +.IR prng . +There is no particular constraint on the length of the key, +although a key longer than 256 bytes is unnecessary because +only the first 256 would be used. +Initialization requires on the order of 3000 integer operations, +independent of key length. +.PP +.I Prng_bytes +obtains +.I dstlen +pseudo-random bytes from the PRNG and puts them in +.IR buf . +This is quite fast, +on the order of 10 integer operations per byte. +.PP +.I Prng_count +reports the number of bytes obtained from the PRNG +since it was (last) initialized. +.PP +.I Prng_final +closes down a PRNG by +zeroing its internal memory, +obliterating all trace of the state used to generate its previous output. +This requires on the order of 250 integer operations. +.PP +The +.B <freeswan.h> +header file supplies the definition of the +.B prng +structure. +Examination of its innards is discouraged, as they may change. +.PP +The PRNG algorithm +used by these functions is currently identical to that of RC4(TM). +This algorithm is cryptographically strong, +sufficiently unpredictable that even a hostile observer will +have difficulty determining the next byte of output from past history, +provided it is initialized from a reasonably large key composed of +highly random bytes (see +.IR random (4)). +The usual run of software pseudo-random-number generators +(e.g. +.IR random (3)) +are +.I not +cryptographically strong. +.PP +The well-known attacks against RC4(TM), +e.g. as found in 802.11b's WEP encryption system, +apply only if multiple PRNGs are initialized with closely-related keys +(e.g., using a counter appended to a base key). +If such keys are used, the first few hundred pseudo-random bytes +from each PRNG should be discarded, +to give the PRNGs a chance to randomize their innards properly. +No useful attacks are known if the key is well randomized to begin with. +.SH SEE ALSO +random(3), random(4) +.br +Bruce Schneier, +\fIApplied Cryptography\fR, 2nd ed., 1996, ISBN 0-471-11709-9, +pp. 397-8. +.SH HISTORY +Written for the FreeS/WAN project by Henry Spencer. +.SH BUGS +If an attempt is made to obtain more than 4e9 bytes +between initializations, +the PRNG will continue to work but +.IR prng_count 's +output will stick at +.BR 4000000000 . +Fixing this would require a longer integer type and does +not seem worth the trouble, +since you should probably re-initialize before then anyway... +.PP +``RC4'' is a trademark of RSA Data Security, Inc. diff --git a/src/libfreeswan/prng.c b/src/libfreeswan/prng.c new file mode 100644 index 000000000..347f13f89 --- /dev/null +++ b/src/libfreeswan/prng.c @@ -0,0 +1,200 @@ +/* + * crypto-class pseudorandom number generator + * currently uses same algorithm as RC4(TM), from Schneier 2nd ed p397 + * Copyright (C) 2002 Henry Spencer. + * + * This library is free software; you can redistribute it and/or modify it + * under the terms of the GNU Library General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public + * License for more details. + */ +#include "internal.h" +#include "freeswan.h" + +/* + - prng_init - initialize PRNG from a key + */ +void +prng_init(prng, key, keylen) +struct prng *prng; +const unsigned char *key; +size_t keylen; +{ + unsigned char k[256]; + int i, j; + unsigned const char *p; + unsigned const char *keyend = key + keylen; + unsigned char t; + + for (i = 0; i <= 255; i++) + prng->sbox[i] = i; + p = key; + for (i = 0; i <= 255; i++) { + k[i] = *p++; + if (p >= keyend) + p = key; + } + j = 0; + for (i = 0; i <= 255; i++) { + j = (j + prng->sbox[i] + k[i]) & 0xff; + t = prng->sbox[i]; + prng->sbox[i] = prng->sbox[j]; + prng->sbox[j] = t; + k[i] = 0; /* clear out key memory */ + } + prng->i = 0; + prng->j = 0; + prng->count = 0; +} + +/* + - prng_bytes - get some pseudorandom bytes from PRNG + */ +void +prng_bytes(prng, dst, dstlen) +struct prng *prng; +unsigned char *dst; +size_t dstlen; +{ + int i, j, t; + unsigned char *p = dst; + size_t remain = dstlen; +# define MAX 4000000000ul + + while (remain > 0) { + i = (prng->i + 1) & 0xff; + prng->i = i; + j = (prng->j + prng->sbox[i]) & 0xff; + prng->j = j; + t = prng->sbox[i]; + prng->sbox[i] = prng->sbox[j]; + prng->sbox[j] = t; + t = (t + prng->sbox[i]) & 0xff; + *p++ = prng->sbox[t]; + remain--; + } + if (prng->count < MAX - dstlen) + prng->count += dstlen; + else + prng->count = MAX; +} + +/* + - prnt_count - how many bytes have been extracted from PRNG so far? + */ +unsigned long +prng_count(prng) +struct prng *prng; +{ + return prng->count; +} + +/* + - prng_final - clear out PRNG to ensure nothing left in memory + */ +void +prng_final(prng) +struct prng *prng; +{ + int i; + + for (i = 0; i <= 255; i++) + prng->sbox[i] = 0; + prng->i = 0; + prng->j = 0; + prng->count = 0; /* just for good measure */ +} + + + +#ifdef PRNG_MAIN + +#include <stdio.h> + +void regress(); + +int +main(argc, argv) +int argc; +char *argv[]; +{ + struct prng pr; + unsigned char buf[100]; + unsigned char *p; + size_t n; + + if (argc < 2) { + fprintf(stderr, "Usage: %s {key|-r}\n", argv[0]); + exit(2); + } + + if (strcmp(argv[1], "-r") == 0) { + regress(); + fprintf(stderr, "regress() returned?!?\n"); + exit(1); + } + + prng_init(&pr, argv[1], strlen(argv[1])); + prng_bytes(&pr, buf, 32); + printf("0x"); + for (p = buf, n = 32; n > 0; p++, n--) + printf("%02x", *p); + printf("\n%lu bytes\n", prng_count(&pr)); + prng_final(&pr); + exit(0); +} + +void +regress() +{ + struct prng pr; + unsigned char buf[100]; + unsigned char *p; + size_t n; + /* somewhat non-random sample key */ + unsigned char key[] = "here we go gathering nuts in May"; + /* first thirty bytes of output from that key */ + unsigned char good[] = "\x3f\x02\x8e\x4a\x2a\xea\x23\x18\x92\x7c" + "\x09\x52\x83\x61\xaa\x26\xce\xbb\x9d\x71" + "\x71\xe5\x10\x22\xaf\x60\x54\x8d\x5b\x28"; + int nzero, none; + int show = 0; + + prng_init(&pr, key, strlen(key)); + prng_bytes(&pr, buf, sizeof(buf)); + for (p = buf, n = sizeof(buf); n > 0; p++, n--) { + if (*p == 0) + nzero++; + if (*p == 255) + none++; + } + if (nzero > 3 || none > 3) { + fprintf(stderr, "suspiciously non-random output!\n"); + show = 1; + } + if (memcmp(buf, good, strlen(good)) != 0) { + fprintf(stderr, "incorrect output!\n"); + show = 1; + } + if (show) { + fprintf(stderr, "0x"); + for (p = buf, n = sizeof(buf); n > 0; p++, n--) + fprintf(stderr, "%02x", *p); + fprintf(stderr, "\n"); + exit(1); + } + if (prng_count(&pr) != sizeof(buf)) { + fprintf(stderr, "got %u bytes, but count is %lu\n", + sizeof(buf), prng_count(&pr)); + exit(1); + } + prng_final(&pr); + exit(0); +} + +#endif /* PRNG_MAIN */ diff --git a/src/libfreeswan/satoa.c b/src/libfreeswan/satoa.c new file mode 100644 index 000000000..09a152727 --- /dev/null +++ b/src/libfreeswan/satoa.c @@ -0,0 +1,100 @@ +/* + * convert from binary form of SA ID to ASCII + * Copyright (C) 1998, 1999, 2001 Henry Spencer. + * + * This library is free software; you can redistribute it and/or modify it + * under the terms of the GNU Library General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public + * License for more details. + */ +#include "internal.h" +#include "freeswan.h" + +static struct typename { + char type; + char *name; +} typenames[] = { + { SA_AH, "ah" }, + { SA_ESP, "esp" }, + { SA_IPIP, "tun" }, + { SA_COMP, "comp" }, + { SA_INT, "int" }, + { 0, NULL } +}; + +/* + - satoa - convert SA to ASCII "ah507@1.2.3.4" + */ +size_t /* space needed for full conversion */ +satoa(sa, format, dst, dstlen) +struct sa_id sa; +int format; /* character */ +char *dst; /* need not be valid if dstlen is 0 */ +size_t dstlen; +{ + size_t len = 0; /* 0 means not handled yet */ + int base; + struct typename *tn; + char buf[30+ADDRTOA_BUF]; + + switch (format) { + case 0: + base = 16; /* temporarily at least */ + break; + case 'd': + base = 10; + break; + default: + return 0; + break; + } + + for (tn = typenames; tn->name != NULL; tn++) + if (sa.proto == tn->type) + break; + if (tn->name == NULL) + return 0; + + if (strcmp(tn->name, PASSTHROUGHTYPE) == 0 && + sa.spi == PASSTHROUGHSPI && + sa.dst.s_addr == PASSTHROUGHDST) { + strcpy(buf, PASSTHROUGHNAME); + len = strlen(buf); + } else if (sa.proto == SA_INT && sa.dst.s_addr == 0) { + char *p; + + switch (ntohl(sa.spi)) { + case SPI_PASS: p = "%pass"; break; + case SPI_DROP: p = "%drop"; break; + case SPI_REJECT: p = "%reject"; break; + case SPI_HOLD: p = "%hold"; break; + case SPI_TRAP: p = "%trap"; break; + case SPI_TRAPSUBNET: p = "%trapsubnet"; break; + default: p = NULL; break; + } + if (p != NULL) { + strcpy(buf, p); + len = strlen(buf); + } + } + + if (len == 0) { + strcpy(buf, tn->name); + len = strlen(buf); + len += ultoa(ntohl(sa.spi), base, buf+len, sizeof(buf)-len); + *(buf+len-1) = '@'; + len += addrtoa(sa.dst, 0, buf+len, sizeof(buf)-len); + } + + if (dst != NULL) { + if (len > dstlen) + *(buf+dstlen-1) = '\0'; + strcpy(dst, buf); + } + return len; +} diff --git a/src/libstrongswan/credentials/certificates/x509.c b/src/libstrongswan/credentials/certificates/x509.c new file mode 100644 index 000000000..66dc192c1 --- /dev/null +++ b/src/libstrongswan/credentials/certificates/x509.c @@ -0,0 +1,28 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "x509.h" + +ENUM(x509_flag_names, X509_NONE, X509_IP_ADDR_BLOCKS, + "X509_NONE", + "X509_CA", + "X509_AA", + "X509_OCSP_SIGNER", + "X509_SERVER_AUTH", + "X509_CLIENT_AUTH", + "X509_SELF_SIGNED", + "X509_IP_ADDR_BLOCKS", +); + diff --git a/src/starter/starter.8 b/src/starter/starter.8 new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/src/starter/starter.8 diff --git a/testing/tests/ikev2/rw-eap-tnc-block/description.txt b/testing/tests/ikev2/rw-eap-tnc-block/description.txt new file mode 100644 index 000000000..51423177a --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-block/description.txt @@ -0,0 +1,8 @@ +The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b> +using EAP-TTLS authentication only with the gateway presenting a server certificate and +the clients doing EAP-MD5 password-based authentication. +In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the +health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 1.1</b> client-server interface. +<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements +<b>carol</b> is authenticated successfully and is granted access to the subnet behind +<b>moon</b> whereas <b>dave</b> fails the layered EAP authentication and is rejected. diff --git a/testing/tests/ikev2/rw-eap-tnc-block/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-block/evaltest.dat new file mode 100644 index 000000000..2304df23e --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-block/evaltest.dat @@ -0,0 +1,12 @@ +carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES +carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES +carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES +carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/16::YES +dave::cat /var/log/daemon.log::TNCCS-Recommendation.*none::YES +dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES +dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.0/16::NO +moon::cat /var/log/daemon.log::added group membership 'allow'::YES +moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon::cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO diff --git a/testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..c19192dae --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/ipsec.conf @@ -0,0 +1,23 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + charondebug="tls 2, tnc 3" + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn home + left=PH_IP_CAROL + leftid=carol@strongswan.org + leftauth=eap + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsendcert=never + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/ipsec.secrets new file mode 100644 index 000000000..74942afda --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +carol@strongswan.org : EAP "Ar3etTnp" diff --git a/testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..c12143cb1 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown + multiple_authentication=no +} diff --git a/testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/tnc/dummyimc.file new file mode 100644 index 000000000..f5da834c0 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/tnc/dummyimc.file @@ -0,0 +1 @@ +allow diff --git a/testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/tnc_config new file mode 100644 index 000000000..a5a9a68f3 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/tnc_config @@ -0,0 +1,3 @@ +#IMC configuration file for strongSwan client + +IMC "Dummy" /usr/local/lib/libdummyimc.so diff --git a/testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/ipsec.conf new file mode 100755 index 000000000..7d5ea8b83 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/ipsec.conf @@ -0,0 +1,23 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + charondebug="tls 2, tnc 3" + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn home + left=PH_IP_DAVE + leftid=dave@strongswan.org + leftauth=eap + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsendcert=never + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/ipsec.secrets new file mode 100644 index 000000000..5496df7ad --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +dave@strongswan.org : EAP "W7R0g3do" diff --git a/testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..c12143cb1 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown + multiple_authentication=no +} diff --git a/testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/tnc/dummyimc.file new file mode 100644 index 000000000..621e94f0e --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/tnc/dummyimc.file @@ -0,0 +1 @@ +none diff --git a/testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/tnc_config new file mode 100644 index 000000000..a5a9a68f3 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/tnc_config @@ -0,0 +1,3 @@ +#IMC configuration file for strongSwan client + +IMC "Dummy" /usr/local/lib/libdummyimc.so diff --git a/testing/tests/ikev2/rw-eap-tnc-block/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-block/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..6747b4a4a --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-block/hosts/moon/etc/ipsec.conf @@ -0,0 +1,26 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + plutostart=no + charondebug="tls 2, tnc 3" + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn rw-eap + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftauth=eap-ttls + leftfirewall=yes + rightauth=eap-ttls + rightid=*@strongswan.org + rightsendcert=never + right=%any + auto=add diff --git a/testing/tests/ikev2/rw-eap-tnc-block/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-block/hosts/moon/etc/ipsec.secrets new file mode 100644 index 000000000..2e277ccb0 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-block/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,6 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA moonKey.pem + +carol@strongswan.org : EAP "Ar3etTnp" +dave@strongswan.org : EAP "W7R0g3do" diff --git a/testing/tests/ikev2/rw-eap-tnc-block/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-block/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..f8700d3c5 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-block/hosts/moon/etc/strongswan.conf @@ -0,0 +1,13 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnccs-11 tnc-imv updown + multiple_authentication=no + plugins { + eap-ttls { + phase2_method = md5 + phase2_piggyback = yes + phase2_tnc = yes + } + } +} diff --git a/testing/tests/ikev2/rw-eap-tnc-block/hosts/moon/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-block/hosts/moon/etc/tnc_config new file mode 100644 index 000000000..ac436a344 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-block/hosts/moon/etc/tnc_config @@ -0,0 +1,3 @@ +#IMV configuration file for strongSwan server + +IMV "Dummy" /usr/local/lib/libdummyimv.so diff --git a/testing/tests/ikev2/rw-eap-tnc-block/posttest.dat b/testing/tests/ikev2/rw-eap-tnc-block/posttest.dat new file mode 100644 index 000000000..7cebd7f25 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-block/posttest.dat @@ -0,0 +1,6 @@ +moon::ipsec stop +carol::ipsec stop +dave::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null +dave::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-tnc-block/pretest.dat b/testing/tests/ikev2/rw-eap-tnc-block/pretest.dat new file mode 100644 index 000000000..ce897d181 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-block/pretest.dat @@ -0,0 +1,15 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +dave::/etc/init.d/iptables start 2> /dev/null +moon::cat /etc/tnc_config +carol::cat /etc/tnc_config +dave::cat /etc/tnc_config +carol::cat /etc/tnc/dummyimc.file +dave::cat /etc/tnc/dummyimc.file +moon::ipsec start +carol::ipsec start +dave::ipsec start +carol::sleep 1 +carol::ipsec up home +dave::ipsec up home +dave::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-tnc-block/test.conf b/testing/tests/ikev2/rw-eap-tnc-block/test.conf new file mode 100644 index 000000000..e28b8259b --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-block/test.conf @@ -0,0 +1,26 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice venus moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-v-m-c-w-d.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" + +# UML instances on which FreeRadius is started +# +RADIUSHOSTS= + diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/description.txt b/testing/tests/ikev2/rw-eap-tnc-radius-block/description.txt new file mode 100644 index 000000000..350aefc60 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/description.txt @@ -0,0 +1,11 @@ +The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>. +At the outset the gateway authenticates itself to the clients by sending an IKEv2 +<b>RSA signature</b> accompanied by a certificate. +<b>carol</b> and <b>dave</b> then set up an <b>EAP-TTLS</b> tunnel each via <b>moon</b> to +the FreeRADIUS server <b>alice</b> authenticated by an X.509 AAA certificate. +The strong EAP-TTLS tunnel protects the ensuing weak client authentication based on <b>EAP-MD5</b>. +In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the +health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 1.1</b> client-server interface. +<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements <b>carol</b> +is authenticated successfully and is granted access to the subnet behind <b>moon</b> whereas +<b>dave</b> fails the layered EAP authentication and is rejected. diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-radius-block/evaltest.dat new file mode 100644 index 000000000..517ea9ab2 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/evaltest.dat @@ -0,0 +1,14 @@ +carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES +carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES +carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES +carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/16::YES +dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES +dave::cat /var/log/daemon.log::TNCCS-Recommendation.*none::YES +dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES +dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.0/16::NO +moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon::cat /var/log/daemon.log::RADIUS authentication of 'dave@strongswan.org' failed::YES +moon::cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO + diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/clients.conf new file mode 100644 index 000000000..f4e179aa4 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/clients.conf @@ -0,0 +1,4 @@ +client PH_IP_MOON1 { + secret = gv6URkSs + shortname = moon +} diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/dictionary b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/dictionary new file mode 100644 index 000000000..1a27a02fc --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/dictionary @@ -0,0 +1,2 @@ +$INCLUDE /usr/share/freeradius/dictionary +$INCLUDE /etc/raddb/dictionary.tnc diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/dictionary.tnc b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/dictionary.tnc new file mode 100644 index 000000000..f295467a9 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/dictionary.tnc @@ -0,0 +1,5 @@ +ATTRIBUTE TNC-Status 3001 integer + +VALUE TNC-Status Access 0 +VALUE TNC-Status Isolate 1 +VALUE TNC-Status None 2 diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/eap.conf new file mode 100644 index 000000000..31556361e --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/eap.conf @@ -0,0 +1,25 @@ +eap { + md5 { + } + default_eap_type = ttls + tls { + private_key_file = /etc/raddb/certs/aaaKey.pem + certificate_file = /etc/raddb/certs/aaaCert.pem + CA_file = /etc/raddb/certs/strongswanCert.pem + cipher_list = "DEFAULT" + dh_file = /etc/raddb/certs/dh + random_file = /etc/raddb/certs/random + } + ttls { + default_eap_type = md5 + use_tunneled_reply = yes + virtual_server = "inner-tunnel" + tnc_virtual_server = "inner-tunnel-second" + } +} + +eap eap_tnc { + default_eap_type = tnc + tnc { + } +} diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/proxy.conf new file mode 100644 index 000000000..23cba8d11 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/proxy.conf @@ -0,0 +1,5 @@ +realm strongswan.org { + type = radius + authhost = LOCAL + accthost = LOCAL +} diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/radiusd.conf new file mode 100644 index 000000000..1143a0473 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/radiusd.conf @@ -0,0 +1,120 @@ +# radiusd.conf -- FreeRADIUS server configuration file. + +prefix = /usr +exec_prefix = ${prefix} +sysconfdir = /etc +localstatedir = /var +sbindir = ${exec_prefix}/sbin +logdir = ${localstatedir}/log/radius +raddbdir = ${sysconfdir}/raddb +radacctdir = ${logdir}/radacct + +# name of the running server. See also the "-n" command-line option. +name = radiusd + +# Location of config and logfiles. +confdir = ${raddbdir} +run_dir = ${localstatedir}/run/radiusd + +# Should likely be ${localstatedir}/lib/radiusd +db_dir = ${raddbdir} + +# libdir: Where to find the rlm_* modules. +libdir = ${exec_prefix}/lib + +# pidfile: Where to place the PID of the RADIUS server. +pidfile = ${run_dir}/${name}.pid + +# max_request_time: The maximum time (in seconds) to handle a request. +max_request_time = 30 + +# cleanup_delay: The time to wait (in seconds) before cleaning up +cleanup_delay = 5 + +# max_requests: The maximum number of requests which the server keeps +max_requests = 1024 + +# listen: Make the server listen on a particular IP address, and send +listen { + type = auth + ipaddr = PH_IP_ALICE + port = 0 +} + +# This second "listen" section is for listening on the accounting +# port, too. +# +listen { + type = acct + ipaddr = PH_IP_ALICE + port = 0 +} + +# hostname_lookups: Log the names of clients or just their IP addresses +hostname_lookups = no + +# Core dumps are a bad thing. This should only be set to 'yes' +allow_core_dumps = no + +# Regular expressions +regular_expressions = yes +extended_expressions = yes + +# Logging section. The various "log_*" configuration items +log { + destination = files + file = ${logdir}/radius.log + syslog_facility = daemon + stripped_names = no + auth = yes + auth_badpass = yes + auth_goodpass = yes +} + +# The program to execute to do concurrency checks. +checkrad = ${sbindir}/checkrad + +# Security considerations +security { + max_attributes = 200 + reject_delay = 1 + status_server = yes +} + +# PROXY CONFIGURATION +proxy_requests = yes +$INCLUDE proxy.conf + +# CLIENTS CONFIGURATION +$INCLUDE clients.conf + +# THREAD POOL CONFIGURATION +thread pool { + start_servers = 5 + max_servers = 32 + min_spare_servers = 3 + max_spare_servers = 10 + max_requests_per_server = 0 +} + +# MODULE CONFIGURATION +modules { + $INCLUDE ${confdir}/modules/ + $INCLUDE eap.conf + $INCLUDE sql.conf + $INCLUDE sql/mysql/counter.conf +} + +# Instantiation +instantiate { + exec + expr + expiration + logintime +} + +# Policies +$INCLUDE policy.conf + +# Include all enabled virtual hosts +$INCLUDE sites-enabled/ diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/sites-available/default new file mode 100644 index 000000000..802fcfd8d --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/sites-available/default @@ -0,0 +1,44 @@ +authorize { + suffix + eap { + ok = return + } + files +} + +authenticate { + eap +} + +preacct { + preprocess + acct_unique + suffix + files +} + +accounting { + detail + unix + radutmp + attr_filter.accounting_response +} + +session { + radutmp +} + +post-auth { + exec + Post-Auth-Type REJECT { + attr_filter.access_reject + } +} + +pre-proxy { +} + +post-proxy { + eap +} + diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel new file mode 100644 index 000000000..e088fae14 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel @@ -0,0 +1,32 @@ +server inner-tunnel { + +authorize { + suffix + eap { + ok = return + } + files +} + +authenticate { + eap +} + +session { + radutmp +} + +post-auth { + Post-Auth-Type REJECT { + attr_filter.access_reject + } +} + +pre-proxy { +} + +post-proxy { + eap +} + +} # inner-tunnel server block diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel-second b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel-second new file mode 100644 index 000000000..2d4961288 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/sites-available/inner-tunnel-second @@ -0,0 +1,23 @@ +server inner-tunnel-second { + +authorize { + eap_tnc { + ok = return + } +} + +authenticate { + eap_tnc +} + +session { + radutmp +} + +post-auth { + Post-Auth-Type REJECT { + attr_filter.access_reject + } +} + +} # inner-tunnel-second block diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/users new file mode 100644 index 000000000..50ccf3e76 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/raddb/users @@ -0,0 +1,2 @@ +carol Cleartext-Password := "Ar3etTnp" +dave Cleartext-Password := "W7R0g3do" diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/tnc_config new file mode 100644 index 000000000..a9509a716 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/alice/etc/tnc_config @@ -0,0 +1,3 @@ +#IMV configuration file for TNC@FHH-TNC-Server + +IMV "Dummy" /usr/local/lib/libdummyimv.so.0.7.0 diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..9cf2b43c4 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + charondebug="tls 2, tnc 3" + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn home + left=PH_IP_CAROL + leftid=carol@strongswan.org + leftauth=eap + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + rightauth=pubkey + aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org" + auto=add diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/ipsec.secrets new file mode 100644 index 000000000..74942afda --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +carol@strongswan.org : EAP "Ar3etTnp" diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..c12143cb1 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown + multiple_authentication=no +} diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/tnc/dummyimc.file new file mode 100644 index 000000000..f5da834c0 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/tnc/dummyimc.file @@ -0,0 +1 @@ +allow diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/tnc_config new file mode 100644 index 000000000..a5a9a68f3 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/carol/etc/tnc_config @@ -0,0 +1,3 @@ +#IMC configuration file for strongSwan client + +IMC "Dummy" /usr/local/lib/libdummyimc.so diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/ipsec.conf new file mode 100755 index 000000000..998e6c2e5 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + charondebug="tls 2, tnc 3" + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn home + left=PH_IP_DAVE + leftid=dave@strongswan.org + leftauth=eap + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + rightauth=pubkey + aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org" + auto=add diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/ipsec.secrets new file mode 100644 index 000000000..5496df7ad --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +dave@strongswan.org : EAP "W7R0g3do" diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..c12143cb1 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown + multiple_authentication=no +} diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/tnc/dummyimc.file new file mode 100644 index 000000000..621e94f0e --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/tnc/dummyimc.file @@ -0,0 +1 @@ +none diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/tnc_config new file mode 100644 index 000000000..a5a9a68f3 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/dave/etc/tnc_config @@ -0,0 +1,3 @@ +#IMC configuration file for strongSwan client + +IMC "Dummy" /usr/local/lib/libdummyimc.so diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/moon/etc/init.d/iptables new file mode 100755 index 000000000..56587b2e8 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/moon/etc/init.d/iptables @@ -0,0 +1,84 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + # allow esp + iptables -A INPUT -i eth0 -p 50 -j ACCEPT + iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MobIKE + iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # allow RADIUS protocol with alice + iptables -A INPUT -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT + iptables -A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..fc8f84638 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/moon/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn rw-eap + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftauth=pubkey + leftfirewall=yes + rightauth=eap-radius + rightid=*@strongswan.org + rightsendcert=never + right=%any + auto=add diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/moon/etc/ipsec.secrets new file mode 100644 index 000000000..e86d6aa5c --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA moonKey.pem diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..4d2d3058d --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/hosts/moon/etc/strongswan.conf @@ -0,0 +1,12 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-radius updown + multiple_authentication=no + plugins { + eap-radius { + secret = gv6URkSs + server = PH_IP_ALICE + } + } +} diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/posttest.dat b/testing/tests/ikev2/rw-eap-tnc-radius-block/posttest.dat new file mode 100644 index 000000000..132752119 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/posttest.dat @@ -0,0 +1,8 @@ +moon::ipsec stop +carol::ipsec stop +dave::ipsec stop +alice::/etc/init.d/radiusd stop +alice::rm /etc/raddb/sites-enabled/inner-tunnel-second +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null +dave::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/pretest.dat b/testing/tests/ikev2/rw-eap-tnc-radius-block/pretest.dat new file mode 100644 index 000000000..dc7d5934e --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/pretest.dat @@ -0,0 +1,15 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +dave::/etc/init.d/iptables start 2> /dev/null +alice::ln -s /etc/raddb/sites-available/inner-tunnel-second /etc/raddb/sites-enabled/inner-tunnel-second +alice::cat /etc/raddb/sites-enabled/inner-tunnel-second +alice::/etc/init.d/radiusd start +carol::cat /etc/tnc/dummyimc.file +dave::cat /etc/tnc/dummyimc.file +moon::ipsec start +carol::ipsec start +dave::ipsec start +carol::sleep 1 +carol::ipsec up home +dave::ipsec up home +dave::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-tnc-radius-block/test.conf b/testing/tests/ikev2/rw-eap-tnc-radius-block/test.conf new file mode 100644 index 000000000..bb6b68687 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius-block/test.conf @@ -0,0 +1,26 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" + +# UML instances on which FreeRadius is started +# +RADIUSHOSTS="alice" + diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/description.txt b/testing/tests/ikev2/rw-eap-tnc-radius/description.txt new file mode 100644 index 000000000..7eebd3d4d --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/description.txt @@ -0,0 +1,10 @@ +The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>. +At the outset the gateway authenticates itself to the clients by sending an IKEv2 +<b>RSA signature</b> accompanied by a certificate. +<b>carol</b> and <b>dave</b> then set up an <b>EAP-TTLS</b> tunnel each via <b>moon</b> to +the FreeRADIUS server <b>alice</b> authenticated by an X.509 AAA certificate. +The strong EAP-TTLS tunnel protects the ensuing weak client authentication based on <b>EAP-MD5</b>. +In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the +health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 1.1</b> client-server interface. +<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the +clients are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets, respectively. diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-radius/evaltest.dat new file mode 100644 index 000000000..d0ea22ba9 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/evaltest.dat @@ -0,0 +1,19 @@ +carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES +carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES +carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES +dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES +dave::cat /var/log/daemon.log::TNCCS-Recommendation.*isolate::YES +dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES +moon::cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'allow'::YES +moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon::cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'isolate'::YES +moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES +moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES +moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO +dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO + diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/clients.conf b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/clients.conf new file mode 100644 index 000000000..f4e179aa4 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/clients.conf @@ -0,0 +1,4 @@ +client PH_IP_MOON1 { + secret = gv6URkSs + shortname = moon +} diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/dictionary b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/dictionary new file mode 100644 index 000000000..1a27a02fc --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/dictionary @@ -0,0 +1,2 @@ +$INCLUDE /usr/share/freeradius/dictionary +$INCLUDE /etc/raddb/dictionary.tnc diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/dictionary.tnc b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/dictionary.tnc new file mode 100644 index 000000000..f295467a9 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/dictionary.tnc @@ -0,0 +1,5 @@ +ATTRIBUTE TNC-Status 3001 integer + +VALUE TNC-Status Access 0 +VALUE TNC-Status Isolate 1 +VALUE TNC-Status None 2 diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/eap.conf b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/eap.conf new file mode 100644 index 000000000..31556361e --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/eap.conf @@ -0,0 +1,25 @@ +eap { + md5 { + } + default_eap_type = ttls + tls { + private_key_file = /etc/raddb/certs/aaaKey.pem + certificate_file = /etc/raddb/certs/aaaCert.pem + CA_file = /etc/raddb/certs/strongswanCert.pem + cipher_list = "DEFAULT" + dh_file = /etc/raddb/certs/dh + random_file = /etc/raddb/certs/random + } + ttls { + default_eap_type = md5 + use_tunneled_reply = yes + virtual_server = "inner-tunnel" + tnc_virtual_server = "inner-tunnel-second" + } +} + +eap eap_tnc { + default_eap_type = tnc + tnc { + } +} diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/proxy.conf b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/proxy.conf new file mode 100644 index 000000000..23cba8d11 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/proxy.conf @@ -0,0 +1,5 @@ +realm strongswan.org { + type = radius + authhost = LOCAL + accthost = LOCAL +} diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/radiusd.conf b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/radiusd.conf new file mode 100644 index 000000000..1143a0473 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/radiusd.conf @@ -0,0 +1,120 @@ +# radiusd.conf -- FreeRADIUS server configuration file. + +prefix = /usr +exec_prefix = ${prefix} +sysconfdir = /etc +localstatedir = /var +sbindir = ${exec_prefix}/sbin +logdir = ${localstatedir}/log/radius +raddbdir = ${sysconfdir}/raddb +radacctdir = ${logdir}/radacct + +# name of the running server. See also the "-n" command-line option. +name = radiusd + +# Location of config and logfiles. +confdir = ${raddbdir} +run_dir = ${localstatedir}/run/radiusd + +# Should likely be ${localstatedir}/lib/radiusd +db_dir = ${raddbdir} + +# libdir: Where to find the rlm_* modules. +libdir = ${exec_prefix}/lib + +# pidfile: Where to place the PID of the RADIUS server. +pidfile = ${run_dir}/${name}.pid + +# max_request_time: The maximum time (in seconds) to handle a request. +max_request_time = 30 + +# cleanup_delay: The time to wait (in seconds) before cleaning up +cleanup_delay = 5 + +# max_requests: The maximum number of requests which the server keeps +max_requests = 1024 + +# listen: Make the server listen on a particular IP address, and send +listen { + type = auth + ipaddr = PH_IP_ALICE + port = 0 +} + +# This second "listen" section is for listening on the accounting +# port, too. +# +listen { + type = acct + ipaddr = PH_IP_ALICE + port = 0 +} + +# hostname_lookups: Log the names of clients or just their IP addresses +hostname_lookups = no + +# Core dumps are a bad thing. This should only be set to 'yes' +allow_core_dumps = no + +# Regular expressions +regular_expressions = yes +extended_expressions = yes + +# Logging section. The various "log_*" configuration items +log { + destination = files + file = ${logdir}/radius.log + syslog_facility = daemon + stripped_names = no + auth = yes + auth_badpass = yes + auth_goodpass = yes +} + +# The program to execute to do concurrency checks. +checkrad = ${sbindir}/checkrad + +# Security considerations +security { + max_attributes = 200 + reject_delay = 1 + status_server = yes +} + +# PROXY CONFIGURATION +proxy_requests = yes +$INCLUDE proxy.conf + +# CLIENTS CONFIGURATION +$INCLUDE clients.conf + +# THREAD POOL CONFIGURATION +thread pool { + start_servers = 5 + max_servers = 32 + min_spare_servers = 3 + max_spare_servers = 10 + max_requests_per_server = 0 +} + +# MODULE CONFIGURATION +modules { + $INCLUDE ${confdir}/modules/ + $INCLUDE eap.conf + $INCLUDE sql.conf + $INCLUDE sql/mysql/counter.conf +} + +# Instantiation +instantiate { + exec + expr + expiration + logintime +} + +# Policies +$INCLUDE policy.conf + +# Include all enabled virtual hosts +$INCLUDE sites-enabled/ diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/sites-available/default b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/sites-available/default new file mode 100644 index 000000000..802fcfd8d --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/sites-available/default @@ -0,0 +1,44 @@ +authorize { + suffix + eap { + ok = return + } + files +} + +authenticate { + eap +} + +preacct { + preprocess + acct_unique + suffix + files +} + +accounting { + detail + unix + radutmp + attr_filter.accounting_response +} + +session { + radutmp +} + +post-auth { + exec + Post-Auth-Type REJECT { + attr_filter.access_reject + } +} + +pre-proxy { +} + +post-proxy { + eap +} + diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel new file mode 100644 index 000000000..e088fae14 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel @@ -0,0 +1,32 @@ +server inner-tunnel { + +authorize { + suffix + eap { + ok = return + } + files +} + +authenticate { + eap +} + +session { + radutmp +} + +post-auth { + Post-Auth-Type REJECT { + attr_filter.access_reject + } +} + +pre-proxy { +} + +post-proxy { + eap +} + +} # inner-tunnel server block diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel-second b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel-second new file mode 100644 index 000000000..f91bccc72 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/sites-available/inner-tunnel-second @@ -0,0 +1,36 @@ +server inner-tunnel-second { + +authorize { + eap_tnc { + ok = return + } +} + +authenticate { + eap_tnc +} + +session { + radutmp +} + +post-auth { + if (control:TNC-Status == "Access") { + update reply { + Tunnel-Type := ESP + Filter-Id := "allow" + } + } + elsif (control:TNC-Status == "Isolate") { + update reply { + Tunnel-Type := ESP + Filter-Id := "isolate" + } + } + + Post-Auth-Type REJECT { + attr_filter.access_reject + } +} + +} # inner-tunnel-second block diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/users b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/users new file mode 100644 index 000000000..50ccf3e76 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/raddb/users @@ -0,0 +1,2 @@ +carol Cleartext-Password := "Ar3etTnp" +dave Cleartext-Password := "W7R0g3do" diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/tnc_config new file mode 100644 index 000000000..a9509a716 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/alice/etc/tnc_config @@ -0,0 +1,3 @@ +#IMV configuration file for TNC@FHH-TNC-Server + +IMV "Dummy" /usr/local/lib/libdummyimv.so.0.7.0 diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..9cf2b43c4 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + charondebug="tls 2, tnc 3" + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn home + left=PH_IP_CAROL + leftid=carol@strongswan.org + leftauth=eap + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + rightauth=pubkey + aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org" + auto=add diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/ipsec.secrets new file mode 100644 index 000000000..74942afda --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +carol@strongswan.org : EAP "Ar3etTnp" diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..c12143cb1 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown + multiple_authentication=no +} diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/tnc/dummyimc.file new file mode 100644 index 000000000..f5da834c0 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/tnc/dummyimc.file @@ -0,0 +1 @@ +allow diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/tnc_config new file mode 100644 index 000000000..a5a9a68f3 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/carol/etc/tnc_config @@ -0,0 +1,3 @@ +#IMC configuration file for strongSwan client + +IMC "Dummy" /usr/local/lib/libdummyimc.so diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/ipsec.conf new file mode 100755 index 000000000..998e6c2e5 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + charondebug="tls 2, tnc 3" + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn home + left=PH_IP_DAVE + leftid=dave@strongswan.org + leftauth=eap + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + rightauth=pubkey + aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org" + auto=add diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/ipsec.secrets new file mode 100644 index 000000000..5496df7ad --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +dave@strongswan.org : EAP "W7R0g3do" diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..c12143cb1 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown + multiple_authentication=no +} diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/tnc/dummyimc.file new file mode 100644 index 000000000..c20b5e57f --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/tnc/dummyimc.file @@ -0,0 +1 @@ +isolate
\ No newline at end of file diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/tnc_config new file mode 100644 index 000000000..a5a9a68f3 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/dave/etc/tnc_config @@ -0,0 +1,3 @@ +#IMC configuration file for strongSwan client + +IMC "Dummy" /usr/local/lib/libdummyimc.so diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/moon/etc/init.d/iptables new file mode 100755 index 000000000..56587b2e8 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/moon/etc/init.d/iptables @@ -0,0 +1,84 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + # allow esp + iptables -A INPUT -i eth0 -p 50 -j ACCEPT + iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MobIKE + iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # allow RADIUS protocol with alice + iptables -A INPUT -i eth1 -p udp --sport 1812 -s PH_IP_ALICE -j ACCEPT + iptables -A OUTPUT -o eth1 -p udp --dport 1812 -d PH_IP_ALICE -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..33dcdcfb0 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/moon/etc/ipsec.conf @@ -0,0 +1,35 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn rw-allow + rightgroups=allow + leftsubnet=10.1.0.0/28 + also=rw-eap + auto=add + +conn rw-isolate + rightgroups=isolate + leftsubnet=10.1.0.16/28 + also=rw-eap + auto=add + +conn rw-eap + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftauth=pubkey + leftfirewall=yes + rightauth=eap-radius + rightid=*@strongswan.org + rightsendcert=never + right=%any diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/moon/etc/ipsec.secrets new file mode 100644 index 000000000..e86d6aa5c --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA moonKey.pem diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..f4e456bbe --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/hosts/moon/etc/strongswan.conf @@ -0,0 +1,13 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-radius updown + multiple_authentication=no + plugins { + eap-radius { + secret = gv6URkSs + server = PH_IP_ALICE + filter_id = yes + } + } +} diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/posttest.dat b/testing/tests/ikev2/rw-eap-tnc-radius/posttest.dat new file mode 100644 index 000000000..132752119 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/posttest.dat @@ -0,0 +1,8 @@ +moon::ipsec stop +carol::ipsec stop +dave::ipsec stop +alice::/etc/init.d/radiusd stop +alice::rm /etc/raddb/sites-enabled/inner-tunnel-second +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null +dave::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/pretest.dat b/testing/tests/ikev2/rw-eap-tnc-radius/pretest.dat new file mode 100644 index 000000000..8dd865819 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/pretest.dat @@ -0,0 +1,18 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +dave::/etc/init.d/iptables start 2> /dev/null +alice::ln -s /etc/raddb/sites-available/inner-tunnel-second /etc/raddb/sites-enabled/inner-tunnel-second +alice::cat /etc/raddb/sites-enabled/inner-tunnel-second +alice::/etc/init.d/radiusd start +alice::cat /etc/tnc_config +carol::cat /etc/tnc_config +dave::cat /etc/tnc_config +carol::cat /etc/tnc/dummyimc.file +dave::cat /etc/tnc/dummyimc.file +moon::ipsec start +carol::ipsec start +dave::ipsec start +carol::sleep 1 +carol::ipsec up home +dave::ipsec up home +dave::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-tnc-radius/test.conf b/testing/tests/ikev2/rw-eap-tnc-radius/test.conf new file mode 100644 index 000000000..2a52df203 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-radius/test.conf @@ -0,0 +1,26 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice venus moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-v-m-c-w-d.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" + +# UML instances on which FreeRadius is started +# +RADIUSHOSTS="alice" + diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/description.txt b/testing/tests/ikev2/rw-eap-tnc-tls/description.txt new file mode 100644 index 000000000..762b839ee --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-tls/description.txt @@ -0,0 +1,7 @@ +The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>, +bothe ends doing certificate-based EAP-TLS authentication only. +In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the +health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 1.1</b> client-server interface. +<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the +clients are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets, +respectively. diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc-tls/evaltest.dat new file mode 100644 index 000000000..cebfff25f --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-tls/evaltest.dat @@ -0,0 +1,19 @@ +carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES +carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES +carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES +dave::cat /var/log/daemon.log::TNCCS-Recommendation.*isolate::YES +dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES +dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES +moon::cat /var/log/daemon.log::added group membership 'allow'::YES +moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon::cat /var/log/daemon.log::added group membership 'isolate'::YES +moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES +moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES +moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO +dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO + diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..1b6274215 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + charondebug="tls 2, tnc 3" + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn home + left=PH_IP_CAROL + leftcert=carolCert.pem + leftid=carol@strongswan.org + leftauth=eap + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsendcert=never + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..c12143cb1 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown + multiple_authentication=no +} diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/tnc/dummyimc.file new file mode 100644 index 000000000..f5da834c0 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/tnc/dummyimc.file @@ -0,0 +1 @@ +allow diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/tnc_config new file mode 100644 index 000000000..a5a9a68f3 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/carol/etc/tnc_config @@ -0,0 +1,3 @@ +#IMC configuration file for strongSwan client + +IMC "Dummy" /usr/local/lib/libdummyimc.so diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/ipsec.conf new file mode 100755 index 000000000..54c06b12e --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + charondebug="tls 2, tnc 3" + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn home + left=PH_IP_DAVE + leftcert=daveCert.pem + leftid=dave@strongswan.org + leftauth=eap + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsendcert=never + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..c12143cb1 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown + multiple_authentication=no +} diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/tnc/dummyimc.file new file mode 100644 index 000000000..c20b5e57f --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/tnc/dummyimc.file @@ -0,0 +1 @@ +isolate
\ No newline at end of file diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/tnc_config new file mode 100644 index 000000000..a5a9a68f3 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/dave/etc/tnc_config @@ -0,0 +1,3 @@ +#IMC configuration file for strongSwan client + +IMC "Dummy" /usr/local/lib/libdummyimc.so diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..50514c99f --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/ipsec.conf @@ -0,0 +1,36 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + plutostart=no + charondebug="tls 2, tnc 3" + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn rw-allow + rightgroups=allow + leftsubnet=10.1.0.0/28 + also=rw-eap + auto=add + +conn rw-isolate + rightgroups=isolate + leftsubnet=10.1.0.16/28 + also=rw-eap + auto=add + +conn rw-eap + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftauth=eap-ttls + leftfirewall=yes + rightauth=eap-ttls + rightid=*@strongswan.org + rightsendcert=never + right=%any diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/ipsec.secrets new file mode 100644 index 000000000..2e277ccb0 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,6 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA moonKey.pem + +carol@strongswan.org : EAP "Ar3etTnp" +dave@strongswan.org : EAP "W7R0g3do" diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..8898a63ba --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/strongswan.conf @@ -0,0 +1,13 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnccs-11 tnc-imv updown + multiple_authentication=no + plugins { + eap-ttls { + request_peer_auth = yes + phase2_piggyback = yes + phase2_tnc = yes + } + } +} diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/tnc_config new file mode 100644 index 000000000..ac436a344 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-tls/hosts/moon/etc/tnc_config @@ -0,0 +1,3 @@ +#IMV configuration file for strongSwan server + +IMV "Dummy" /usr/local/lib/libdummyimv.so diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/posttest.dat b/testing/tests/ikev2/rw-eap-tnc-tls/posttest.dat new file mode 100644 index 000000000..7cebd7f25 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-tls/posttest.dat @@ -0,0 +1,6 @@ +moon::ipsec stop +carol::ipsec stop +dave::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null +dave::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/pretest.dat b/testing/tests/ikev2/rw-eap-tnc-tls/pretest.dat new file mode 100644 index 000000000..ce897d181 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-tls/pretest.dat @@ -0,0 +1,15 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +dave::/etc/init.d/iptables start 2> /dev/null +moon::cat /etc/tnc_config +carol::cat /etc/tnc_config +dave::cat /etc/tnc_config +carol::cat /etc/tnc/dummyimc.file +dave::cat /etc/tnc/dummyimc.file +moon::ipsec start +carol::ipsec start +dave::ipsec start +carol::sleep 1 +carol::ipsec up home +dave::ipsec up home +dave::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-tnc-tls/test.conf b/testing/tests/ikev2/rw-eap-tnc-tls/test.conf new file mode 100644 index 000000000..e28b8259b --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc-tls/test.conf @@ -0,0 +1,26 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice venus moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-v-m-c-w-d.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" + +# UML instances on which FreeRadius is started +# +RADIUSHOSTS= + diff --git a/testing/tests/ikev2/rw-eap-tnc/description.txt b/testing/tests/ikev2/rw-eap-tnc/description.txt new file mode 100644 index 000000000..4b4808c94 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc/description.txt @@ -0,0 +1,9 @@ +The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b> +using EAP-TTLS authentication only with the gateway presenting a server certificate and +the clients doing EAP-MD5 password-based authentication. +In a next step the EAP-TNC protocol is used within the EAP-TTLS tunnel to determine the +health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 1.1</b> client-server interface. +<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the +clients are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets, +respectively. + diff --git a/testing/tests/ikev2/rw-eap-tnc/evaltest.dat b/testing/tests/ikev2/rw-eap-tnc/evaltest.dat new file mode 100644 index 000000000..a02755148 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc/evaltest.dat @@ -0,0 +1,19 @@ +carol::cat /var/log/daemon.log::TNCCS-Recommendation.*allow::YES +carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES +carol::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.100/32 === 10.1.0.0/28::YES +dave::cat /var/log/daemon.log::TNCCS-Recommendation.*isolate::YES +dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::YES +dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES +dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES +moon::cat /var/log/daemon.log::added group membership 'allow'::YES +moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES +moon::cat /var/log/daemon.log::added group membership 'isolate'::YES +moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES +moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES +moon::ipsec statusall::rw-isolate.*10.1.0.16/28 === 192.168.0.200/32::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +carol::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_ALICE: icmp_seq=1::NO +dave::ping -c 1 PH_IP_VENUS::64 bytes from PH_IP_VENUS: icmp_seq=1::YES +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO + diff --git a/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..c19192dae --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.conf @@ -0,0 +1,23 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + charondebug="tls 2, tnc 3" + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn home + left=PH_IP_CAROL + leftid=carol@strongswan.org + leftauth=eap + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsendcert=never + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.secrets new file mode 100644 index 000000000..74942afda --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +carol@strongswan.org : EAP "Ar3etTnp" diff --git a/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..c12143cb1 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown + multiple_authentication=no +} diff --git a/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/tnc/dummyimc.file new file mode 100644 index 000000000..f5da834c0 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/tnc/dummyimc.file @@ -0,0 +1 @@ +allow diff --git a/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/tnc_config new file mode 100644 index 000000000..a5a9a68f3 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/tnc_config @@ -0,0 +1,3 @@ +#IMC configuration file for strongSwan client + +IMC "Dummy" /usr/local/lib/libdummyimc.so diff --git a/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.conf new file mode 100755 index 000000000..7d5ea8b83 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.conf @@ -0,0 +1,23 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + plutostart=no + charondebug="tls 2, tnc 3" + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn home + left=PH_IP_DAVE + leftid=dave@strongswan.org + leftauth=eap + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsendcert=never + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.secrets new file mode 100644 index 000000000..5496df7ad --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +dave@strongswan.org : EAP "W7R0g3do" diff --git a/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..c12143cb1 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnccs-11 updown + multiple_authentication=no +} diff --git a/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/tnc/dummyimc.file b/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/tnc/dummyimc.file new file mode 100644 index 000000000..c20b5e57f --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/tnc/dummyimc.file @@ -0,0 +1 @@ +isolate
\ No newline at end of file diff --git a/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/tnc_config new file mode 100644 index 000000000..a5a9a68f3 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/tnc_config @@ -0,0 +1,3 @@ +#IMC configuration file for strongSwan client + +IMC "Dummy" /usr/local/lib/libdummyimc.so diff --git a/testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..50514c99f --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/ipsec.conf @@ -0,0 +1,36 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + strictcrlpolicy=no + plutostart=no + charondebug="tls 2, tnc 3" + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn rw-allow + rightgroups=allow + leftsubnet=10.1.0.0/28 + also=rw-eap + auto=add + +conn rw-isolate + rightgroups=isolate + leftsubnet=10.1.0.16/28 + also=rw-eap + auto=add + +conn rw-eap + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftauth=eap-ttls + leftfirewall=yes + rightauth=eap-ttls + rightid=*@strongswan.org + rightsendcert=never + right=%any diff --git a/testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/ipsec.secrets b/testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/ipsec.secrets new file mode 100644 index 000000000..2e277ccb0 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/ipsec.secrets @@ -0,0 +1,6 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +: RSA moonKey.pem + +carol@strongswan.org : EAP "Ar3etTnp" +dave@strongswan.org : EAP "W7R0g3do" diff --git a/testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..f8700d3c5 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/strongswan.conf @@ -0,0 +1,13 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnccs-11 tnc-imv updown + multiple_authentication=no + plugins { + eap-ttls { + phase2_method = md5 + phase2_piggyback = yes + phase2_tnc = yes + } + } +} diff --git a/testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/tnc_config b/testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/tnc_config new file mode 100644 index 000000000..ac436a344 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc/hosts/moon/etc/tnc_config @@ -0,0 +1,3 @@ +#IMV configuration file for strongSwan server + +IMV "Dummy" /usr/local/lib/libdummyimv.so diff --git a/testing/tests/ikev2/rw-eap-tnc/posttest.dat b/testing/tests/ikev2/rw-eap-tnc/posttest.dat new file mode 100644 index 000000000..7cebd7f25 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc/posttest.dat @@ -0,0 +1,6 @@ +moon::ipsec stop +carol::ipsec stop +dave::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null +dave::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/rw-eap-tnc/pretest.dat b/testing/tests/ikev2/rw-eap-tnc/pretest.dat new file mode 100644 index 000000000..ce897d181 --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc/pretest.dat @@ -0,0 +1,15 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +dave::/etc/init.d/iptables start 2> /dev/null +moon::cat /etc/tnc_config +carol::cat /etc/tnc_config +dave::cat /etc/tnc_config +carol::cat /etc/tnc/dummyimc.file +dave::cat /etc/tnc/dummyimc.file +moon::ipsec start +carol::ipsec start +dave::ipsec start +carol::sleep 1 +carol::ipsec up home +dave::ipsec up home +dave::sleep 1 diff --git a/testing/tests/ikev2/rw-eap-tnc/test.conf b/testing/tests/ikev2/rw-eap-tnc/test.conf new file mode 100644 index 000000000..e28b8259b --- /dev/null +++ b/testing/tests/ikev2/rw-eap-tnc/test.conf @@ -0,0 +1,26 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice venus moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-v-m-c-w-d.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" + +# UML instances on which FreeRadius is started +# +RADIUSHOSTS= + |