diff options
Diffstat (limited to 'debian')
78 files changed, 18386 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 000000000..e94bb6284 --- /dev/null +++ b/debian/NEWS @@ -0,0 +1,89 @@ +strongswan (5.1.2-1) unstable; urgency=medium + + Starting 5.1.2, strongSwan natively support a configuration directory (in + /etc/strongswan.d/). This replaces the /etc/strongswan.conf.d/ configuration + directly which was added in 5.1.1-1. + . + More information can be found on the strongswan.d configuration mechanism on + the upstream commit [1] and user documentation [2]. + . + In Debian, these configurations directories are especially use to easily + toggle the loading of the various plugins shipped with the Debian packages. + Upstream defaults to load the plugins, and this can be overridden by + changing the files in /etc/strongswan.d. As those latter files are tracked + as configuration files, modifications won't be reverted when the package is + upgraded. Default settings for the plugins can be found in the templates dir + in the /usr/share/strongswan/templates/config folder. + . + [1]: http://wiki.strongswan.org/projects/strongswan/repository/revisions/55015036183c47692c2e2349a4c59bf00c107986 + [2]: http://wiki.strongswan.org/projects/strongswan/wiki/StrongswanDirectory + + -- Yves-Alexis Perez <corsac@debian.org> Wed, 12 Mar 2014 10:31:44 +0100 + +strongswan (5.1.1-2+splitplugins) experimental; urgency=medium + + In 5.1.1-2 package, few plugins have been split from the main libstrongswan + package. The plugins are now in following packages: + - libstrongswan: main/default plugins, as defined by the strongSwan + project + - libstrongswan-standard-plugins: non default but useful plugins (agent, + gcm and openssl) + - libstrongswan-extra-plugins: more scarcely used plugins + - libcharon-extra-plugins: more scarecely used plugins for the charon + daemon + + WARNING: this is an experimental release of the packaging, use at your own + risk. + + -- Yves-Alexis Perez <corsac@debian.org> Sun, 02 Feb 2014 20:05:15 +0100 + +strongswan (5.1.0-1) unstable; urgency=low + + Starting with strongSwan 5, the IKEv1 daemon (pluto) is gone, and the charon + daemon is now able to handle both IKEv1 and IKEv2 protocols. + + There should be no issue for previous charon users, but for pluto users that + means they need to re-configure strongSwan in order to use charon. Some + migration help can be found on the strongSwan website at + http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1 and in + some IKEv1 configuration examples at + http://wiki.strongswan.org/projects/strongswan/wiki/IKEv1Examples. + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 30 Sep 2013 20:43:03 +0200 + +strongswan (4.5.0-1) unstable; urgency=low + + Starting with strongswan 4.5.0 upstream, the IKEv2 protocol is now the + default. This can easily be changed using the keyexchange=ikev1 config + option (either in the respective "conn" section or by putting it in the + "default" section and therefore applying it to all existing connections). + + The IKEv2 protocol has less overhead, more features (e.g. NAT-Traversal by + default, MOBIKE, Mobile IPv6), and provides better error messages in case + the connection can not be established. It is therefore highly recommended + to use it when the other side also supports it. + + Addtionally, strongswan 4.5.0-1 now enables support for NAT Traversal in + combination with IPsec transport mode (the support for this has existed + for a long time, but was disabled due to security concerns). This is + required e.g. to let mobile phone clients (notably Android, iPhone) + connect to an L2TP/IPsec gateway using strongswan. The security + implications as described in the original README.NAT-Traversal file from + the openswan distribution are: + + * Transport Mode can't be used without NAT in the IPSec layer. Otherwise, + all packets for the NAT device (including all hosts behind it) would be + sent to the NAT-T Client. This would create a sort of blackhole between + the peer which is not behind NAT and the NAT device. + + * In Tunnel Mode with roadwarriors, we CAN'T accept any IP address, + otherwise, an evil roadwarrior could redirect all trafic for one host + (including a host on the private network) to himself. That's why, you have + to specify the private IP in the configuration file, use virtual IP + management, or DHCP-over-IPSec. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 28 Nov 2010 13:16:00 +0200 + +Local variables: +mode: debian-changelog +End: diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 000000000..2dc3a5831 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,124 @@ +strongswan for Debian +---------------------- + +1) General Remarks + +This package has been created from the openswan package, which was again +created from the freeswan package, which was created from scratch with some +ideas from the freeswan 1.3 package by Tommi Virtanen and the freeswan 1.5 +package by Aaron Johnson merged in. + +The differences between the strongSwan and the Openswan packages are +documented at http://www.strongswan.org/ . + +2) Kernel Support + +Note: This package can make use of the in-kernel IPSec stack, which is +available in the stock Debian kernel images (>=2.4.24 and 2.6.x). + +If you want to use the strongswan utilities, you will need the appropriate +kernel modules. The Debian default kernel native IPSec stack (which is +included in Linux 2.6 kernels and has been backported to Debian's 2.4 kernels) +can be used out-of-the-box with strongswan pluto, the key management daemon. +This native Linux IPSec stack is of high quality, has all of the features of +the latest Debian freeswan and openswan packages (i.e. support for other +ciphers like AES and NAT Traversal support) and is well integrated into the +kernel networking subsystem (which is not true for the freeswan kernel +modules). This is the recommended kernel support for strongswan. + +If you do not want to use the in-kernel IPSec stack of newer 2.6 kernels or +are building a custom 2.4 kernel, then the KLIPS kernel part can be used. +strongswan no longer ships this part, but is instead focussing on the newer +native IPSec stack. However, strongswan is interoperable with the KLIPS part +shipped with openswan, both for 2.4 and 2.6 series kernels. Please install +either the linux-patch-openswan or the openswan-modules-source packages and +follow their respective README.Debian files when you want to use KLIPS. + +3) Getting Started + +For connecting two Debian boxes using this strongswan package, the +simplest connection block on each side would look something like this: + +On host A, use + +conn to_hostb + left=%defaultroute + right=hostb.example.com + leftcert=hosta.pem + rightcert=hostb.pem + keyexchange=ikev2 + type=transport + auto=add + +On host B, use +conn to_hosta + left=%defaultroute + right=hosta.example.com + leftcert=hostb.pem + rightcert=hosta.pem + keyexchange=ikev2 + type=transport + auto=add + +This assumes that the respective hostnames hosta.example.com and +hostb.example.com can be resolved and that the internal hostnames are hosta +and hostb (and thus installing the strongswan package created the certificates +hosta.pem and hostb.pem, respectively). +Then the certificates (and not the private keys!) need to be exchanged between +the hosts, e.g. with + scp /etc/ipsec.d/certs/hosta.pem hostb.example.com:/etc/ipsec.d/certs/ + scp hostb.example.com:/etc/ipsec.d/certs/hostb.com /etc/ipsec.d/certs/ +from host A. The IPSec transport connection (that is, no subnets behind these +hosts that should be tunneled) can be started from either side using +"ipsec up to_hostb" (e.g. from host A). +Note that this example explicitly uses IKEv2 due to its nicer error messages. + +A more complicated example is to connect a "roadwarrior" (e.g. laptop) +to an internal network wbile it is behind another NAT. On the gateway +side, i.e. for the internal network the roadwarrior should connect to, +the configuration block could look something like this: + +conn roadwwarrior + left=%defaultroute + leftcert=gatewayCert.pem + rightcert=laptopCert.pem + rightrsasigkey=%cert + leftrsasigkey=%cert + auto=add + leftsubnet=10.0.0.0/24 + rightsubnetwithin=0.0.0.0/0 + right=%any + compress=yes + type=tunnel + dpddelay=30 + dpdtimeout=120 + dpdaction=clear + +On the laptop side, you could use something along the lines: + +conn %default + rightrsasigkey=%cert + leftrsasigkey=%cert + authby=rsasig + leftcert=laptopCert.pem + leftsendcert=always + leftsubnet= + dpddelay=30 + dpdtimeout=120 + dpdaction=clear + esp=aes128-sha1 + ike=aes128-sha1-modp2048 + +conn esys + left=%defaultroute + right=gateway.example.com + rightsubnet=10.0.0.0/24 + rightcert=gatewayCert.pem + auto=add + +Then load these new configuration blocks on both sides using "ipsec reload" +and, on the laptop, start the tunnel with "ipsec up mynetwork". +These configuration blocks assume host names "gateway" and "laptop" and an +inner subnet of 10.0.0.0/24. + +-- Rene Mayrhofer <rmayr@debian.org>, Sun, Jul 09 12:31:00 2006 diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 000000000..a7b39668f --- /dev/null +++ b/debian/changelog @@ -0,0 +1,1471 @@ +strongswan (5.6.0-3) UNRELEASED; urgency=medium + + * debian/control: + - remove strongswan-ike{,v1,v2} packages. closes: #878979 + + -- Yves-Alexis Perez <corsac@debian.org> Thu, 19 Oct 2017 16:45:36 +0200 + +strongswan (5.6.0-2) unstable; urgency=medium + + * debian/rules: + - only use dh_missing --fail-missing when doing an architecture dependent + packages. closes: #874152 + + -- Yves-Alexis Perez <corsac@debian.org> Sun, 03 Sep 2017 19:24:55 +0200 + +strongswan (5.6.0-1) unstable; urgency=medium + + * New upstream release. + - fix insufficient input validation in gmp plugin, which can cause a + denial of service vulnerability (CVE-2017-11185) closes: #872155 + * debian/rules: + - remove .la files before install + - don't call dh_install with --fail-missing + - override dh_missing with --fail-missing to catch uninstalled files + - apply patch from Gerald Turner to restrict permissions on swanctl folder + containing private material. + - replace DEB_BUILD_* by DEB_HOST_* when needed, fix FTCBFS, for example + when building for ppc64el on x86. Thanks Helmut Grohne. closes: #866669 + * debian/strongswan-swanctl.install: + - install the whole /etc/swanctl folder, including (empty) subfolders. + closes: #866324 + * debian/charon-systemd.install: + - install charon-systemd.conf files, thanks Gerald Turner. closes: #866325 + * Add AppArmor profiles for swanctl and charon-system, thanks Gerald Turner. + closes: #866327 + * debian/libcharon-extra-plugins.install: + - install pt-tls-client in /u/b and also install its manpage. + * debian/strongswan-swanctl.lintian-overrides: + - add lintian overrides for private keys directories using 700 + permissions. + + -- Yves-Alexis Perez <corsac@debian.org> Sun, 03 Sep 2017 14:38:09 +0200 + +strongswan (5.5.3-2) unstable; urgency=medium + + * debian/control: + - fix typo in libstrongswan-extra-plugins long description. + * move curve25519 plugin from libcharon-extra-plugins to + libstrongswan-extra-plugins + + -- Yves-Alexis Perez <corsac@debian.org> Wed, 28 Jun 2017 13:07:19 +0200 + +strongswan (5.5.3-1) unstable; urgency=medium + + * New upstream release. + * debian/control: + - update standards version to 4.0.0 + + -- Yves-Alexis Perez <corsac@debian.org> Fri, 23 Jun 2017 14:07:42 +0200 + +strongswan (5.5.2-1) experimental; urgency=medium + + * New upstream release. + * debian/patches/03_systemd-service refreshed. + * debian/libcharon-extra-plugins.install: + - include curve25519 plugin. + * debian/libstrongswan-extra-plugins.install: + - install libtpmtss library. + + -- Yves-Alexis Perez <corsac@debian.org> Fri, 19 May 2017 11:32:00 +0200 + +strongswan (5.5.1-3) unstable; urgency=medium + + [ Christian Ehrhardt ] + * d/rules: Reorganize to ease maintenance + - one enable option per line + - sort enable options + * Add and install strongswan apparmor profiles + - d/rules install AppArmor profiles + - d/control add dh-apparmor as build-dep + - d/usr.lib.ipsec.{charon, lookip, stroke} add latest AppArmor profiles + for charon, lookip and stroke + * Add basic DEP8 tests + - d/tests/* add DEP8 tests + - d/control enable autotestpkg + * Add updated logcheck rules to match recent strongswan output + - debian/libstrongswan.strongswan.logcheck.* Remove outdated logcheck files + - debian/{rules,strongswan.logcheck}: Add updated logcheck rules + - this does no more provide different logcheck levels, but marks all + common output to be acceptable + + [ Yves-Alexis Perez ] + * debian/rules: + - re-enable mediation (but not medcli/medsrv) closes: #851507 + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 16 Jan 2017 12:58:26 +0100 + +strongswan (5.5.1-2) unstable; urgency=medium + + * debian/control: + - make the systemd build-dep linux-only. + + -- Yves-Alexis Perez <corsac@debian.org> Wed, 07 Dec 2016 08:34:52 +0100 + +strongswan (5.5.1-1) unstable; urgency=medium + + * New upstream bugfix release. + * debian/patches: + - 05_network-manager-strongswan-1.4 dropped, included upstream. + * debian/strongswan-starter.install: + - install the new,empty /etc/ipsec.secrets + * debian/strongswan-nm.install: + - install /etc/dbus-1/system.d/nm-strongswan-service.conf + * debian/control: + - add a Replaces on n-m-strongswan because it used to ship the Dbus service. + - add dependency on lsb-base to strongswan-starter because the init script + uses /lib/lsb/init-functions + + -- Yves-Alexis Perez <corsac@debian.org> Sat, 22 Oct 2016 21:33:46 +0200 + +strongswan (5.5.0-3) unstable; urgency=medium + + * debian/control: + - add build-dep on tzdata, fix FTBFS when absent. closes: #839459 + + -- Yves-Alexis Perez <corsac@debian.org> Sun, 02 Oct 2016 15:22:54 +0200 + +strongswan (5.5.0-2) unstable; urgency=medium + + * debian/rules: + - add patch from RaphaĆ«l Geissert to use /etc/ssl/certs instead of + /usr/share/ca-certificates for strongswan-nm. closes: #835095 + - update argument name for dh_strip dbgsym migration + * debian/control: + - update debhelper dependency to a version which supports dbgsym + migration. + * debian/patches: + - 05_network-manager-strongswan-1.4 added, backport two upstream patches + to support network-manager-strongswan 1.4 in charon-nm. closes: #838194 + + -- Yves-Alexis Perez <corsac@debian.org> Sun, 18 Sep 2016 13:47:41 +0200 + +strongswan (5.5.0-1) unstable; urgency=medium + + * New upstream release. + * debian/control: + - add build-dep on systemd. closes: #828945 + * debian/patches: + - 05_port-openssl-1.1.0 dropped, included upstream. + + -- Yves-Alexis Perez <corsac@debian.org> Sat, 16 Jul 2016 15:32:04 +0200 + +strongswan (5.4.0-3) unstable; urgency=medium + + * debian/patches: + - 05_port-openssl-1.1.0 added, port to OpenSSL 1.1.0. closes: #828561 + * debian/control: + - update standards version to 3.9.8. + * debian/NEWS: fix spelling error. + + -- Yves-Alexis Perez <corsac@debian.org> Thu, 07 Jul 2016 10:23:59 +0200 + +strongswan (5.4.0-2) unstable; urgency=medium + + * debian/rules: + - stop building web interface for now since clearsilver is not building + right now. + - enable connmark only on Linux + - install connmark plugins files only on Linux + * debian/control: + - drop build-dep on clearsilver-dev and libfcgi-dev + - make iptables-dev build-dep Linux-only. + * debian/libcharon-extra-plugins: + - stop shipping medsrv and medcli plugin. + * debian/libstrongswan-standard-plugins.install: + - stop installing connmark plugins files inconditionnaly. + + -- Yves-Alexis Perez <corsac@debian.org> Sun, 29 May 2016 21:02:06 +0200 + +strongswan (5.4.0-1) unstable; urgency=medium + + * New upstream release. + * debian/patches + - 0001-configure-Support-systemd-209 dropped, included upstream. + - 0001-charon-systemd-Inherit-all-settings-from-the-charon- dropped as + well, a different version was included upstream. + * debian/libstrongswan.install: + - drop libhydra lines, it's been removed. + * debian/copyright: remove hydra lines as well. + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 04 Apr 2016 11:35:16 +0200 + +strongswan (5.3.5-2) unstable; urgency=medium + + * debian/rules: + - migrate debug package to ddeb. + - enable systemd and swanctl. closes: #813788 + - enable aesni plugin on i386 and amd64. + * debian/control: + - drop strongswan-dbg package. + - add strongswan-swanctl and charon-systemd packages. + - replace sytemd build-dep by libsystemd-dev. + - create new strongswan-pki and strongswan-scepclient packages + - drop old Conflicts/Breaks/Replaces against versions older than stable. + - update standards version to 3.9.7. + * debian/strongswan-swanctl.install: + - install vici plugin and swanctl files + * debian/charon-systemd.install: + - install charon-systemd binary and strongswan-swanctl service file. + * debian/strongswan-pki.install: + - install pki files + * debian/strongswan-scepclient.install: + - install scepclient files + * move strongswan.conf manpage to libstrongswan package + * debian/patches + - 0001-charon-systemd-Inherit-all-settings-from-the-charon added, inherit + charon configuration settings for charon-systemd. + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 14 Mar 2016 23:53:34 +0100 + +strongswan (5.3.5-1) unstable; urgency=medium + + * New upstream bugfix release. + + -- Yves-Alexis Perez <corsac@debian.org> Thu, 26 Nov 2015 15:27:01 +0100 + +strongswan (5.3.4-1) unstable; urgency=medium + + * New upstream release. + * debian/patches: + - 03_systemd-service refreshed for new upstream release. + - 0001-socket-default-Refactor-setting-source-address-when-, + 0001-socket-dynamic-Refactor-setting-source-address-when- and + CVE-2015-8023_eap_mschapv2_state dropped, included upstream. + + -- Yves-Alexis Perez <corsac@debian.org> Thu, 19 Nov 2015 22:17:43 +0100 + +strongswan (5.3.3-3) unstable; urgency=high + + * Set urgency=high for security fix. + * debian/patches: + - CVE-2015-8023_eap_mschapv2_state added, fix authentication bypass when + using EAP MSCHAPv2. + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 16 Nov 2015 12:35:28 +0100 + +strongswan (5.3.3-2) unstable; urgency=medium + + * debian/rules: + - make the dh_install override arch-dependent only since it only acts on + arch:any packages, fix FTBFS on arch:all. + + -- Yves-Alexis Perez <corsac@debian.org> Wed, 04 Nov 2015 13:52:02 +0100 + +strongswan (5.3.3-1) unstable; urgency=medium + + * debian/rules: + - enable the connmark plugin. + * debian/control: + - add build-dep on iptables-dev. + * debian/libstrongswan-standard-plugins: + - add connmark plugin to the standard-plugins package. + * New upstream release. closes: #803772 + * debian/strongswan-starter.install: + - install new pki --dn manpage to ipsec-starter package. + * debian/patches: + - 0001-socket-default-Refactor-setting-source-address-when- and + 0001-socket-dynamic-Refactor-setting-source-address-when- added (taken + from c761db and 9e8b4a in the 1171-socket-default-scope branch), fix + source address selection with IPv6 (upstream #1171) + + -- Yves-Alexis Perez <corsac@debian.org> Tue, 03 Nov 2015 21:56:23 +0100 + +strongswan (5.3.2-1) unstable; urgency=medium + + * New upstream release. + * debian/patches: + - 05_ivgen-allow-reusing-same-message-id-twice dropped, included upstream. + - CVE-2015-4171_enforce_remote_auth dropped as well. + + -- Yves-Alexis Perez <corsac@debian.org> Thu, 11 Jun 2015 21:36:33 +0200 + +strongswan (5.3.1-1) unstable; urgency=high + + * New upstream release. + * debian/patches: + - strongswan-5.2.2-5.3.0_unknown_payload dropped, included upstream. + - 05_ivgen-allow-reusing-same-message-id-twice added, allow reusing the + same message ID twice in sequential IV gen. strongSwan issue #980. + - CVE-2015-4171_enforce_remote_auth added, fix potential leak of + authentication credential to rogue server when using PSK or EAP. This is + CVE-2015-4171. + + -- Yves-Alexis Perez <corsac@debian.org> Thu, 04 Jun 2015 19:18:07 +0200 + +strongswan (5.3.0-2) unstable; urgency=medium + + * debian/patches: + - strongswan-5.2.2-5.3.0_unknown_payload added, fixes a DoS and potential + remote code execution vulnerability (CVE-2015-3991). + * debian/strongswan-starter.lintian-overrides: add override for + command-with-path-in-maintainer-script since it's there to check for file + existence. + * Upload to unstable. + + -- Yves-Alexis Perez <corsac@debian.org> Sat, 23 May 2015 15:06:11 +0200 + +strongswan (5.3.0-1) experimental; urgency=medium + + * New upstream release. + * debian/patches: + - 01_fix-manpages refreshed for new upstream release. + - 02_chunk-endianness dropped, included upstream. + - CVE-2014-9221_modp_custom dropped, included upstream. + * debian/strongswan-starter.install + - don't install the _updown and _updown_espmark manpages anymore, they're + gone. + - also remove the _updown_espmark script, gone too. + * debian/copyright updated. + + -- Yves-Alexis Perez <corsac@debian.org> Wed, 15 Apr 2015 20:59:54 +0200 + +strongswan (5.2.1-6) unstable; urgency=medium + + * Ship /lib/systemd/system/ipsec.service as a symlink to + strongswan.service in strongswan-starter instead of using Alias= in + the service file. This makes the ipsec name available to invoke-rc.d + before the service gets actually enabled, which avoids some confusion + (closes: #781209). + + -- Romain Francoise <rfrancoise@debian.org> Sat, 04 Apr 2015 17:55:38 +0200 + +strongswan (5.2.1-5) unstable; urgency=high + + * debian/patches: + - debian/patches/CVE-2014-9221_modp_custom added, fix unauthenticated + denial of service in IKEv2 when using custom MODP value. + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 05 Jan 2015 13:11:51 +0100 + +strongswan (5.2.1-4) unstable; urgency=medium + + * Give up on trying to run the test suite on !amd64, it now times out on + both i386 and s390x, our chosen "fast" archs. + + -- Romain Francoise <rfrancoise@debian.org> Fri, 24 Oct 2014 21:08:17 +0200 + +strongswan (5.2.1-3) unstable; urgency=medium + + * Disable libtls tests again, they are still too intensive for the buildd + network... + + -- Romain Francoise <rfrancoise@debian.org> Thu, 23 Oct 2014 18:09:27 +0200 + +strongswan (5.2.1-2) unstable; urgency=medium + + * Cherry-pick commits 701d6ed and 1c70c6e from upstream to fix checksum + computation and FTBFS on big-endian hosts. + * Run the test suite only on amd64, i386, and s390x. It requires lots of + entropy and CPU time, which are typically hard to come by on slower + archs. + * Re-enable normal keylengths in test suite. + * Re-enable libtls tests. + * Update Dutch translation, thanks to Frans Spiesschaert (closes: #763798). + * Bump Standards-Version to 3.9.6. + + -- Romain Francoise <rfrancoise@debian.org> Wed, 22 Oct 2014 21:21:37 +0200 + +strongswan (5.2.1-1) unstable; urgency=medium + + * New upstream release. + * Stop shipping /etc/strongswan.conf.d in libstrongswan. + + -- Romain Francoise <rfrancoise@debian.org> Tue, 21 Oct 2014 19:38:25 +0200 + +strongswan (5.2.0-2) unstable; urgency=medium + + * Add systemd integration: + + Install upstream systemd service file in strongswan-starter. + + Alias strongswan.service to ipsec.service to match the sysv init script. + + Drop After=syslog.target (as syslog is socket-activated nowadays), but + add After=network.target to ensure that charon gets the chance to send + deletes on exit. + + Add ExecReload for reload action, since the starter script has one. + + On linux-any, add build-dep on systemd to ensure that the pkg-config + metadata file can be found. + + Add build-dep on dh-systemd, and use systemd dh addon. + * Remove debian/patches/03_include-stdint.patch. + + -- Romain Francoise <rfrancoise@debian.org> Wed, 30 Jul 2014 21:37:53 +0200 + +strongswan (5.2.0-1) unstable; urgency=medium + + * New upstream release. + [ Romain Francoise ] + * Amend build-dep on libgcrypt to 'libgcrypt20-dev | libgcrypt11-dev'. + * Drop hardening-wrapper from build-depends (unused since 5.0.4-1). + + [ Yves-Alexis Perez ] + * debian/po: + - pt_BR.po updated, thanks Adriano Rafael Gomes. closes: #752721 + * debian/patches: + 03_pfkey-Always-include-stdint.h dropped, included upstream. + * debian/strongswan-starter.install: + - replace tools.conf by pki.conf and scepclient.conf. + + -- Yves-Alexis Perez <corsac@debian.org> Fri, 11 Jul 2014 21:57:59 +0200 + +strongswan (5.1.3-4) unstable; urgency=medium + + * debian/control: + - add build-dep on pkg-config. + * debian/patches: + - 03_pfkey-Always-include-stdint.h added, cherry-picked from upstream git: + always include of stdint.h. Fix FTBFS on kFreeBSD. + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 19 May 2014 15:06:32 +0200 + +strongswan (5.1.3-3) unstable; urgency=medium + + * debian/watch: + - add pgpsigurlmangle to get PGP signature + * debian/upstream/signing-key.asc: + - bootstrap keyring by adding Andreas Steffen key (0xDF42C170B34DBA77) + * debian/control: + - add build-dep on libgcrypt20-dev, fix FTBFS. closes: #747796 + + -- Yves-Alexis Perez <corsac@debian.org> Tue, 13 May 2014 22:05:16 +0200 + +strongswan (5.1.3-2) unstable; urgency=low + + * Disable the new libtls test suite for now--it appears to be a + little too intensive for slower archs. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 19 Apr 2014 17:45:51 +0200 + +strongswan (5.1.3-1) unstable; urgency=low + + * New upstream release. + * debian/control: make strongswan-charon depend on iproute2 | iproute, + thanks to Ryo IGARASHI <rigarash@gmail.com> (closes: #744832). + + -- Romain Francoise <rfrancoise@debian.org> Tue, 15 Apr 2014 19:42:27 +0200 + +strongswan (5.1.2-4) unstable; urgency=high + + * debian/patches/04_cve-2014-2338.patch: added to fix CVE-2014-2338 + (authentication bypass vulnerability in IKEv2 code). + * debian/control: add myself to Uploaders. + + -- Romain Francoise <rfrancoise@debian.org> Tue, 08 Apr 2014 20:14:54 +0200 + +strongswan (5.1.2-3) unstable; urgency=medium + + * debian/patches/ + - 02_unit-tests-Fix-filtered-enumerator-tests-on-64-bit-b added, fix + testsuite failing on 64 bit big-endian platforms (s390x). + - 03_unit-tests-Fix-chunk-clear-armel added, fix testsuite failing on + armel. + + -- Yves-Alexis Perez <corsac@debian.org> Wed, 02 Apr 2014 21:20:33 +0200 + +strongswan (5.1.2-2) unstable; urgency=medium + + * debian/rules: + - use reduced keylengths in testsuite on various arches, hopefully fixing + FTBFS when the genrsa test runs. + + -- Yves-Alexis Perez <corsac@debian.org> Tue, 25 Mar 2014 12:09:49 +0100 + +strongswan (5.1.2-1) unstable; urgency=medium + + * New upstream release. + * debian/control: + - add conflicts against openSwan. closes: #740808 + * debian/strongswan-starter,postrm: + - remove /var/lib/strongswan on purge. + * debian/ipsec.secrets.proto: + - stop lying about ipsec showhostkey command. closes: #600382 + * debian/patches: + - 01_fix-manpages refreshed for new upstream. + - 02_include-strongswan.conf.d removed, strongswan.d is now supported + upstream. + * debian/rules, debian/*.install: + - install default configuration files for all plugins. + * debian/NEWS: + - fix spurious entry. + - add a NEWS entry to advertise about the new strongswan.d configuration + mechanism. + + -- Yves-Alexis Perez <corsac@debian.org> Wed, 12 Mar 2014 11:22:38 +0100 + +strongswan (5.1.1-3) unstable; urgency=low + + * Upload to unstable. + + -- Yves-Alexis Perez <corsac@debian.org> Tue, 04 Mar 2014 21:57:25 +0100 + +strongswan (5.1.1-2+splitplugins) experimental; urgency=medium + + * debian/control: + - drop dependency on host, inherited from openSwan. closes: #736661 + - split charon-cmd to a standalone package. + - add new plugins packages: libstrongswan-standard-plugins, + libstrongswan-extra-plugins and libcharon-extra-plugins. + - split strongswan-ike package to strongswan-libcharon (libcharon and + default libcharon plugins) and strongswan-charon (charon daemon), keep + strongswan-ike as transitional package for now. + * debian/po: + - sv.po updated, thanks Martin Bagge. closes: #725667 + * debian/charon-cmd.lintian-overrides: override lintian error about + charon-cmd rpath. + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 24 Feb 2014 10:42:49 +0100 + +strongswan (5.1.1-2) unstable; urgency=medium + + * debian/control: + - drop dependency on host, inherited from openSwan. closes: #736661 + * debian/po: + - sv.po updated, thanks Martin Bagge. closes: #725667 + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 24 Feb 2014 10:32:12 +0100 + +strongswan (5.1.1-1) unstable; urgency=low + + [ Yves-Alexis Perez ] + * New upstream bugfix release + * debian/rules: + - enable and install af-alg plugin on Linux. closes: #718292 + - enable certexpire plugin. closes: #718293 + - enable lookip plugin. closes: #718299 + - enable error-notify plugin. closes: #718304 + - enable unity plugin. closes: #718289 + * debian/strongswan-ike.install: + - install certexpire and unity plugins. + - install lookip binary and plugin. + - install error-notify binary and plugin. + * debian/strongswan-starter.install: + - pki tool is now in /usr/bin. + - add pt-tls-client for TCG Trusted Network Connect. + * debian/control: + - update long description, thanks to Justin B Rye. closes: #725085 + - make the pkg-swan-devel list the maintainer, and add RenĆ© to uploaders. + - update standards version to 3.9.5. + * debian/po: + - eu.po updated, thanks IƱaki LarraƱaga Murgoitio. closes: #726636 + - ja.po updated. closes: #726059 + - cs.po updated, thanks Miroslav Kure. closes: #728104 + - ru.po updated, thanks Yuri Kozlov. closes: #725709 + - da.po updated. closes: #725620 + - nb.po updated, thanks BjĆørn Steensrud. closes: #725497 + - fr.po updated, thanks Christian Perrier. closes: #725469 + - tr.po updated, thanks Atila KOĆ. closes: #728874 + - it.po updated, thanks Beatrice Torracca. closes: #729122 + - de.po updated, thanks Helge Kreutzmann. closes: #729170 + - pt.po updated, thanks AmĆ©rico Monteiro. closes: #729823 + - es.po updated, thanks Matias A. Bellone. closes: #733731 + * debian/patches: + - CVE-2013-6075 and CVE-2013-6076 dropped, included upstream. + - 01_fix-manpages updated, move pki --issue manpage to section 1. + * debian/strongswan-starter.ipsec.init: + - use daemon exe in start-stop-daemon test. closes: #730661 + + [ Romain Francoise ] + * debian/rules: + - disable built-in integrity tests; they've been broken for years, + don't provide security (by design) and we have better tools at the + package level anyway. closes: #598138 + - disable sql and attr-sql plugins, as per discussion in #718302 they + are useless without the database driver plugins. + * debian/libstrongswan.install: + - libchecksum.so is no longer built, remove. + - sql plugin is no longer built, remove. + * debian/strongswan-starter.install: + - 'ipsec pool' is no longer built, remove. + + [ Raphael Geissert ] + * Allow the configuration of strongswan.conf to be stored in snippets + in /etc/strongswan.conf.d/ + + -- Yves-Alexis Perez <corsac@debian.org> Fri, 24 Jan 2014 21:22:32 +0100 + +strongswan (5.1.0-3) unstable; urgency=high + + * urgency=high for the security fixes. + * debian/patches + - CVE-2013-6075 added, fix remote denial of service and authorization + bypass. + - CVE-2013-6076 added, fix remote denial of service in IKEv1 code. + + -- Yves-Alexis Perez <corsac@debian.org> Tue, 29 Oct 2013 21:07:04 +0100 + +strongswan (5.1.0-2) unstable; urgency=medium + + * urgency=medium since we already spent 16 days in unstable and the fix is + trivial + * debian/control: + - strongswan-ike: only depends on iproute on linux arches. + + -- Yves-Alexis Perez <corsac@debian.org> Thu, 17 Oct 2013 21:40:35 +0200 + +strongswan (5.1.0-1) unstable; urgency=low + + * New upstream release. + * debian/libstrongswan.install: + - install new rc2, pkcs12 and sshkey plugins. + * debian/control: + - update standards version to 3.9.4. + - add build-dep on dh-autoreconf. + * debian/rules: + - use autoreconf addon to refresh autotools helper files and gain support + for ARM64. + - enable charon-cmd command line tool. + * debian/source/options: ignore files regenerated by autoreconf addon. + * debian/strongswan-ike.install: + - install charon-cmd command and manpage. + * debian/NEWS: + - warn users about charon replacing pluto as IKEv1 daemon and provide some + migration pointers. + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 30 Sep 2013 20:59:04 +0200 + +strongswan (5.0.4-3) experimental; urgency=low + + * debian/rules, debian/libstrongswan.install: + - only install rdrand plugin on i386 and amd64. + + -- Yves-Alexis Perez <corsac@debian.org> Sat, 18 May 2013 09:26:22 +0200 + +strongswan (5.0.4-2) experimental; urgency=low + + * debian/rules: + - only enable RdRand on i386 and amd64. + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 06 May 2013 13:14:03 +0200 + +strongswan (5.0.4-1) experimental; urgency=low + + * New upstream release. + - Fix for ECDSA signature verification vulnerability (CVE-2013-2944). + * debian/patches: + - 01_fix-manpages refreshed. + - 02_add-LICENSE dropped, included upstream. + - 03_Pass-lo-as-faked-tundev-to-NM-as-it-now-needs-a-vali removed, + included upstream. + - 04-Fixed-IPv6-source-address-lookup dropped, included upstream. + * debian/rules: + - --enable-smartcard, --with-default-pkcs11 and --enable-nat-transport not + valid anymore for ./configure, remove them. + - add --enable-xauth-eap and --enable-xauth-pam. + - remove pluto handling since it's gone + - don't special-case XAuth on kFreeBSD anymore. + - add --enable-attr-sql and --enable-rdrand. + - build using all hardening flags. + - use -Wl,--as-needed -Wl,-O1 for LDFLAGS. + * debian/control: + - drop strongswan-ikev1 package + - rename strongswan-ikev2 package to strongswan-ike for now and makes it + replace strongswan-ikev1 and strongswan-ikev2. + - rephrase long description to remove references to pluto. + - provide transition -ikev{1,2} packages for upgrades. + * debian/strongswan-ikev1.install removed. + * debian/strongswan-ikev2.* renamed to strongswan-ike. + * debian/strongswan-nm.install: + - NetworkManager plugin is now a separate executable. + * debian/libstrongswan.install: + - install new pkcs7, xauth-eap, xauth-generic, xauth-pam and nonce plugins. + - install libpttls files (experimental implementation of PT-TLS, RFC 6876) + - install rdrand plugin. + * debian/strongswan.docs: CREDITS file is gone. + * debian/ipsec.secrets.proto: remove reference to pluto. + * debian/strongswan-starter.* remove references to pluto. + * debian/po: update potfiles for new phrasing. + + -- Yves-Alexis Perez <corsac@debian.org> Sun, 05 May 2013 11:06:20 +0200 + +strongswan (4.6.4-6) unstable; urgency=low + + * debian/rules: + - revert dropping privileges, it breaks too many setups for now and it's + not possible to disable it. reopens #529854 and closes: #680722 + * debian/control: + - add Breaks/Replaces strongswan-ikev2 on libstrongswan because of moved + plugins. closes: #681312 + + -- Yves-Alexis Perez <corsac@debian.org> Sat, 01 Dec 2012 14:24:49 +0100 + +strongswan (4.6.4-5) unstable; urgency=low + + [ Yves-Alexis Perez ] + * debian/control: + - and finally make libcap-dev linux-any too... + - make -ikev1 linux-any since pluto can't be build on FreeBSD. + * debian/rules: + - stop installing logcheck rules manually. closes: #679745 + - handle non kFreeBSD more carefully closes: #640928 + + don't enable NM and Linux capabilities drop; + + disable pluto (and xauth plugin); + + don't enable farp and dhcp, enable kernel-pf{key,route} plugins + * Handle logcheck files from dh_installlogcheck and thus name them correctly + so they are not installed in the wrong package. closes: #679745 + * debian/po + - add turkish translation, thanks Atila KOĆ. closes: #659879 + * debian/patches: + - 04-Fixed-IPv6-source-address-lookup added, backported from upstream. + Fix IPv6 tunnels, broken because of bad handling of source routing. + + [ Laurent Bigonville ] + * Do not use multi-arch paths, this makes no sense as only one instance of + the daemon can be run and all libraries are private. + * d/p/03_Pass-lo-as-faked-tundev-to-NM-as-it-now-needs-a-vali.patch: NM now + requires a tundev, pass the loopback interface to make it happy + (thanks to Martin Willi) + * debian/control: Fix Vcs-Browser URL + + -- Yves-Alexis Perez <corsac@debian.org> Sat, 07 Jul 2012 14:21:03 +0200 + +strongswan (4.6.4-4) unstable; urgency=low + + * debian/control: + - libnm-glib-vpn-dev also is linux-any, fix build-deps. + + -- Yves-Alexis Perez <corsac@debian.org> Sat, 30 Jun 2012 18:54:00 +0200 + +strongswan (4.6.4-3) unstable; urgency=low + + * debian/strongswan-starter.postrm + - remove strongswan user on purge. + * debian/rules: + - enable gcrypt plugin. closes: #600326 + * debian/libstrongswan.install: + - ship gcrypt plugin. + + -- Yves-Alexis Perez <corsac@debian.org> Sat, 30 Jun 2012 17:08:08 +0200 + +strongswan (4.6.4-2) unstable; urgency=low + + * Upload to unstable. + * debian/rules: + - use the strongswan user. closes: #529854 + * debian/control: + - fix libnm-glib-vpn-dev build-dep, it's linux-any. + + -- Yves-Alexis Perez <corsac@debian.org> Sat, 30 Jun 2012 15:37:58 +0200 + +strongswan (4.6.4-1) experimental; urgency=low + + * New upstream release. closes: #664190 + - stop including individual glib headers. closes: #665612 + * debian/patches: + - drop all patches, they're all included upstream now. + * debian/*.install: + - drop destination path + - libs are in ipsec folder now + - add libradius, libtls, libtnccs and libsimaka to libstrongswan. + - add tnc-tnccs, pkcs8 and cmac plugins to libstrongswan. + - use multiarch paths + - move ldap, curl, kernel-netlink and attr* plugins to libstrongswan, + since they are used by pluto too. closes: #611846 + * debian/control: + - add myself to uploaders, in hope that some others will join. + - update standards version to 3.9.3. + - add depend on adduser to strongswan-starter for use in maintainer + scripts. + - update debhelper build-dep to 9 and add dpkg-dev 1.16.2 build-dep for + hardening support. + - make strongswan-nm linux-any and adjust network-manager-dev build-dep to + only happen on linux arches. closes: #640928 + * debian/compat bumped to 9. + * debian/rules: + - enable hardening flags with PIE and bindnow. + - use multiarch paths. + - inconditionnally enable network-manager. + - switch to dh. + - ignore plugins in dh_makeshlibs. + - don't generate maintainer scripts snippets for init scripts, it's + already handled (atlhough we might want to change that later) + - stop bypassing dh_installdocs. + - disable DES and Blowfish plugin as they are under a 4 clauses BSD-like + license. + * debian/libstrongswan.lintian-overrides, + debian/libstrongswan-ikev2.lintian-overrides: + - override warning for hardening flags, we do use them. + * debian/patches: + - 01_fix-manpages added, fix space in NAME section. + - 02_add-LICENSE added, add the license file from upstream not yet present + in tarball. + * debian/copyright completely rewritten. + + -- Yves-Alexis Perez <corsac@debian.org> Fri, 29 Jun 2012 21:24:37 +0200 + +strongswan (4.5.2-1.5) unstable; urgency=low + + * Non-maintainer upload. + * Fix "package must not include /var/lock/subsys": + don't ship /var/lock/subsys but create it in the init script. + (Closes: #667764) + + -- gregor herrmann <gregoa@debian.org> Fri, 15 Jun 2012 16:21:27 +0200 + +strongswan (4.5.2-1.4) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * debian/patches: + - 0001-Fix-boolean-return-value-if-an-empty-RSA-signature-i added, + backported from upstream. Fix CVE-2012-2388 (when using gmp plugin, + zero length RSA signatures are considered valid). + - 0001-Added-support-for-the-resolvconf-framework-in-resolv added, + correctly handle resolvconf-managed /etc/resolv.conf. closes: #664873 + + -- Yves-Alexis Perez <corsac@debian.org> Thu, 24 May 2012 17:55:51 +0200 + +strongswan (4.5.2-1.3) unstable; urgency=low + + * Non-maintainer upload. + * Fix pending l10n issues. Debconf translations: + - Dutch; (Jeroen Schot). Closes: #631502 + - Norwegian BokmĆ„l, (BjĆørn Steensrud). Closes: #654411 + - Polish (MichaÅ KuÅach). Closes: #658125 + + -- Christian Perrier <bubulle@debian.org> Wed, 08 Feb 2012 07:22:07 +0100 + +strongswan (4.5.2-1.2) unstable; urgency=low + + * Non-maintainer upload. + * Drop libopensc2-dev from Build-Depends; that library is now private to + opensc and is not required at build time as it's loaded by dlopen() anyway. + (Closes: #635890) + + -- Laurent Bigonville <bigon@debian.org> Thu, 08 Sep 2011 16:50:11 +0200 + +strongswan (4.5.2-1.1) unstable; urgency=low + + * Non-maintainer upload. + * debian/strongswan-starter.ipsec.init: Init script should depends on + remote_fs instead of local_fs, also provide ipsec instead of vpn as + the other ipsec implementations (Closes: #629675) + * debian/patches/0001-fix-fprintf-format.patch: Fix FTBFS with gcc 4.6, + taken from upstream (Closes: #614486) + * debian/control: Tighten dependency version against libstrongswan + (Closes: #626170) + * debian/strongswan-starter.lintian-overrides, debian/rules: + Correctly set restricted permissions on /etc/ipsec.d/private/ + and /var/lib/strongswan (Closes: #598827) + + -- Laurent Bigonville <bigon@debian.org> Mon, 04 Jul 2011 10:58:59 +0200 + +strongswan (4.5.2-1) unstable; urgency=low + + * New upstream version 4.5.2. This removes a lot of old manpages that were + not properly updated since freeswan. + Closes: #616482: strongswan-ikev1: virtual ips not released if xauth name + does not match id + Closes: #626169: strongswan: ipsec tunnels fail because charon segfaults + Closes: #625228: strongswan-starter: left-/rightnexthop options are broken + Closes: #614105: strongswan-ikev2: charon continually respawns + * Fix typo in debian/rules that precluded --enable-nm from being passed to + configure (LP: #771778). + Closes: #627775: strongswan-nm package is missing nm module + * Make sure to install all newly added plugins (and generally files created + by make install) by calling dh_install with --fail-missing. Install some + newly enabled crypto plugins in the libstrongswan package. + Closes: #627783: Please disable modules that are not installed in package + at build time + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 19 May 2011 13:42:21 +0200 + +strongswan (4.5.1-1) unstable; urgency=low + + * New upstream version + + -- Rene Mayrhofer <rmayr@debian.org> Sat, 05 Mar 2011 09:27:49 +0100 + +strongswan (4.5.0-1) unstable; urgency=low + + * New upstream version 4.5.0 + * Enabled new configure options for additional libstrongswan plugins: + --enable-ctr --enable-ccm --enable-gcm --enable-addrblock --enable-led + --enable-pkcs11 --enable-eap-tls --enable-eap-ttls --enable-eap-tnc + * Enable NAT-Traversal with transport mode support so that strongswan + can be used for an L2TP/IPsec gateway (e.g. for Windows or mobile phone + clients). + * Special handling for strongswan-nm package during build time: only build + and install if headers are really available. This supports easier + backporting by simply ignoring build-deps and therefore to build all + packages except the strongswan-nm without any changes to the source + package. + * Install test-vectors and revocation plugins for libstrongswan. + Closes: #600996: strongswan-starter: plugin 'revocation' failed to load + * Acknowledge translations NMU. + Closes: #598925: Intent to NMU or help for an l10n upload of strongswan + to fix pending po-debconf l10n bugs + Closes: #598925 #599888 #600354 #600409 #602449 #603723 #603779 + * Update Brazilian Portugese debconf translation. + Closes: #607404: strongswan: [INTL:pt_BR] Brazilian Portuguese debconf + templates translation + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 28 Nov 2010 13:09:42 +0100 + +strongswan (4.4.1-5.1) unstable; urgency=low + + * Non-maintainer upload. + - Fix pending l10n issues. Debconf translations: + - Vietnamese (Clytie Siddall). Closes: #598925 + - Japanese (Hideki Yamane). Closes: #599888 + - Czech (Miroslav Kure). Closes: #600354 + - Spanish (Francisco Javier Cuadrado). Closes: #600409 + - Danish (Joe Hansen). Closes: #602449 + - Basque (IƱaki LarraƱaga Murgoitio). Closes: #603723 + - Italian (Vincenzo Campanella). Closes: #603779 + + -- Christian Perrier <bubulle@debian.org> Wed, 17 Nov 2010 20:21:21 +0100 + +strongswan (4.4.1-5) unstable; urgency=medium + + * Fixed init script for restart to work when either pluto or charon + are not installed. + Closes: #598074: init script doesn't re-start the service on restart + * Enable built-in crypto test vectors. + Closes: #598136: strongswan: Please enable --enable-test-vectors + configure option + * Install libchecksum.so into correct directory (/usr/lib/ipsec instead of + /usr/lib). It still doesn't fix #598138 because of the size mismatch. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 26 Sep 2010 13:48:00 +0200 + +strongswan (4.4.1-4) unstable; urgency=medium + + * dh_clean should not be called by the install target. This caused the + arch: all package strongswan to be built but not included in the changes + file. + Closes: #593768: strongswan: 4.4.1 unavailable in testing notwhistanding + a freeze-exception request + * Rewrote parts of the init.d script to make stop/restart more robust + when pluto or charon fail. + * Closes: #595885: strongswan: FTBFS in squeeze: No package 'libnm_glib_vpn' + found + This bug was actually closed in 4.4.0 with changed dependencies. + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 19 Sep 2010 13:08:36 +0200 + +strongswan (4.4.1-3) unstable; urgency=low + + * Change make clean to make distclean to make package building + idempotent. + Really closes: Bug#593313: strongswan: FTBFS because clean rule fails + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 22 Aug 2010 21:39:03 +0200 + +strongswan (4.4.1-2) unstable; urgency=low + + * Recompiled with dpkg-buildpackage instead of svn-buildpackage to + make the clean target work. I am still looking for the root cause of + this quilt 3.0 format and svn-buildpackage incompatibility. + Closes: Bug#593313: strongswan: FTBFS because clean rule fails + * Removed the --enable-socket-* configure options again. Having multiple + socket variants for charon would force to explicitly enable one (in case + of pluto co-existance the socket-raw) in strongswan.conf. Disabling the + other variants for now at build-time relieves us from changing the + default config file and might be more future-proof concerning future + upstream changes to configure options. + Really closes: #587583 + + -- Rene Mayrhofer <rmayr@debian.org> Sat, 21 Aug 2010 23:28:47 +0200 + +strongswan (4.4.1-1) unstable; urgency=low + + * New upstream release. + Closes: #587583: strongswan 4.4.0-2 does not work here: charon seems not + to ignore all incoming requests/answers + Closes: #506320: strongswan: include directives error and ikev2 + * Fix typo in debconf templates. + Closes: #587564: strongswan: Minor typos in Debconf template + * Updated debconf translations. + Closes: #587562: strongswan: [INTL:de] updated German debconf translation + Closes: #580954: [INTL:es] Spanish debconf template translation for + strongswan + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 09 Aug 2010 11:37:25 +0200 + +strongswan (4.4.0-3) unstable; urgency=low + + * Updated debconf translations. + Closes: #587562: strongswan: [INTL:de] updated German debconf translation + + -- Rene Mayrhofer <rmayr@debian.org> Wed, 30 Jun 2010 09:50:31 +0200 + +strongswan (4.4.0-2) unstable; urgency=low + + * Force enable-socket-raw configure option and enable list-missing option + for dh_install to make sure that all required plugins get built and + installed. + Closes: #587282: plugins missing + * Updated debconf translations. + Closes: #587052: strongswan: [INTL:fr] French debconf templates + translation update + Closes: #587159: strongswan: [INTL:ru] Russian debconf templates + translation update + Closes: #587255: strongswan: [INTL:pt] Updated Portuguese + translation for debconf messages + Closes: #587241: [INTL:sv] po-debconf file for strongswan + * Disabled cisco-quirks configure option, as it causes pluto to emit a + bogus Cicso vendor ID attribute. Some Cicso VPN clients might not work + without this, but it is less confusing for standards-compliant remote + gateways. + * Removed leftover attribute plugin source caused by incomplete svn-upgrade + call. + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 24 Jun 2010 22:32:18 +0200 + +strongswan (4.4.0-1) unstable; urgency=HIGH + + * New upstream release, now with a high-availability plugin. + * Added patch to fix snprintf bug. + * Enable building of ha, dhcp, and farp plugins. + * Enable capability dropping (now depends on libcap). Switching + user to new system user strongswan (with nogroup) after startup + is still disabled until the iptables updown script can be made + to work. + + -- Rene Mayrhofer <rmayr@debian.org> Tue, 25 May 2010 21:03:52 +0200 + +strongswan (4.3.6-1) unstable; urgency=low + + * UNRELEASED + + * New upstream release, now build-depends on gperf. + Closes: #577855: New upstream release 4.3.6 + Closes: #569553: strongswan: Certificates CNs containing email address + OIDs are not correctly parsed + Closes: #557635: strongswan charon does not rekey forever + Closes: #569299: Please update configure check to use new nm-glib + pkgconfig file name + * Switch to dpkg-source 3.0 (quilt) format + * Synchronize debconf handling with current openswan 2.6.25 package to keep + X509 certificate handling etc. similar. Thanks to Harald Jenny for + implementing these changes in openswan, which I just converted to + strongswan. + * Now also build a strongswan-dbg package to ship debugging symbols. + * Include attr plugin in strongswan-ikev2 package. Thanks to Christoph Lukas + for pointing out that this was missing. + Closes: #569550: strongswan: Please include attr plugin + + -- Rene Mayrhofer <rmayr@debian.org> Tue, 23 Feb 2010 10:39:21 +0000 + +strongswan (4.3.4-1) unstable; urgency=low + + * New upstream release. + * This release supports integrity checking of libraries, which is + now enabled at build-time and can be enabled at run-time using + libstrongswan { + integrity_test = yes + } + in /etc/strongswan.conf. + * Don't disable internal crypto libraries for pluto. They might be + required when working with older ipsec.conf files. + * charon now supports "include" directives in ipsec.secrets for + compatibility with how the maintainer script includes RSA private keys. + * Patched starter to also look at routing table "default" when table + "main" doesn't have a default entry. This makes dealing with + "%defaulroute" in ipsec.conf more flexible. + Update: It seems Astaro was quicker then me sending a patch with + exactly that aim to upstream. Now applied this one, which will be + part of future upstream releases and uses netlink to read routing + tables. + + -- Rene Mayrhofer <rmayr@debian.org> Wed, 21 Oct 2009 11:14:56 +0000 + +strongswan (4.3.2-1) unstable; urgency=HIGH + + Urgency high because of security issue and FTBFS. + * New upstream release, fixes security bug. + * Fix padlock handling for i386 in debian/rules. + Closes: #525652 (FTBFS on i386) + * Acknowledge NMUs by security team. + Closes: #533837, #531612 + * Add "Conflicts: strongswan (< 4.2.12-1)" to libstrongswan, + strongswan-starter, strongswan-ikev1, and strongswan-ikev2 to force + update of the strongswan package on installation and avoid conflicts + caused by package restructuring. + Closes: #526037: strongswan-ikev2 and strongswan: error when trying to + install together + Closes: #526486: strongswan and libstrongswan: error when trying to + install together + Closes: #526487: strongswan-ikev1 and strongswan: error when trying to + install together + Closes: #526488: strongswan-starter and strongswan: error when trying to + install together + * Debconf templates and debian/control reviewed by the debian-l10n- + english team as part of the Smith review project. Closes: #528073 + * Debconf translation updates: + Closes: #525234: [INTL:ja] Update po-debconf template translation (ja.po) + Closes: #528323: [INTL:sv] po-debconf file for strongswan + Closes: #528370: [INTL:vi] Vietnamese debconf templates translation update + Closes: #529027: [INTL:pt] Updated Portuguese translation for debconf messages + Closes: #529071: [INTL:fr] French debconf templates translation update + Closes: #529592: nb translation of debconf PO for strongSWAN + Closes: #529638: [INTL:ru] Russian debconf templates translation + Closes: #529661: Updated Czech translation of strongswan debconf messages + Closes: #529742: [INTL:eu] strongswan debconf basque translation + Closes: #530273: [INTL:fi] Finnish translation of the debconf templates + Closes: #529063: [INTL:gl] strongswan 4.2.14-2 debconf translation update + + -- Rene Mayrhofer <rmayr@debian.org> Sat, 18 Apr 2009 20:28:51 +0200 + +strongswan (4.2.14-1.2) unstable; urgency=high + + * Non-maintainer upload. + * Fix build on i386 + Closes: #525652: FTBFS on i386: + libstrongswan-padlock.so*': No such file or directory + * Fix Two Denial of Service Vulnerabilities + Closes: #533837: strongSwan Two Denial of Service Vulnerabilities + + -- Ruben Puettmann <ruben@puettmann.net> Sun, 21 Jun 2009 17:50:02 +0200 + +strongswan (4.2.14-1.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix two possible null pointer dereferences leading to denial + of service via crafted IKE_SA_INIT, CREATE_CHILD_SA or + IKE_AUTH request (CVE-2009-1957; CVE-2009-1958; Closes: #531612). + + -- Nico Golde <nion@debian.org> Mon, 15 Jun 2009 13:06:05 +0200 + +strongswan (4.2.14-1) unstable; urgency=low + + * New upstream release, which incorporates the fix. Removed dpatch for it. + Closes: #521950: CVE-2009-0790: DoS + * New support for EAP RADIUS authentication, enabled for this package. + + -- Rene Mayrhofer <rmayr@debian.org> Wed, 01 Apr 2009 22:17:52 +0200 + +strongswan (4.2.13-2) unstable; urgency=low + + * Fix DoS issue via malicious Dead Peer Detection packet. Thanks to the + security team for providing the patch. + Closes: #521950: CVE-2009-0790: DoS + Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone + to a denial of service attack via a malicious packet. + + -- Rene Mayrhofer <rmayr@debian.org> Tue, 31 Mar 2009 12:00:51 +0200 + +strongswan (4.2.13-1) unstable; urgency=low + + * New upstream release. This is now compatible with network-manager 0.7 + in Debian, so start building the strongswan-side support. The actual + plugin will need to be another source package. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 22 Mar 2009 10:59:31 +0100 + +strongswan (4.2.12-1) unstable; urgency=low + + * New upstream release. Starting with this version, the strongswan + packages is modularized and includes support for plugins like the + NetworkManager plugin. Many details were adopted from Martin Willi's + packages. + * Dropping support for raw RSA public/private keypairs, as charon does + not support it. + * Explicitly remove directories /etc/ipsec.d and /var/run/pluto on purge. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 01 Mar 2009 10:46:08 +0000 + +strongswan (4.2.9-1) unstable; urgency=low + + * New upstream release, fixes a MOBIKE issue. + Closes: #507542: strongswan: endless loop + * Explicitly enable compilation with libcurl for CRL fetching + Closes: #497756: strongswan: not compiled with curl support; crl + fetching not available + * Enable compilation with SSH agent support. + + -- Rene Mayrhofer <rmayr@debian.org> Fri, 05 Dec 2008 17:21:42 +0100 + +strongswan (4.2.4-5) unstable; urgency=high + + Reason for urgency high: this is potentially security relevant. + * Patch backported from 4.2.7 to fix a potential DoS issue. + Thanks to Thomas Kallenberg for the patch. + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 29 Sep 2008 10:35:30 +0200 + +strongswan (4.2.4-4) unstable; urgency=low + + * Tweaked configure options for lenny to remove somewhat experimental, + incomplete, or unnecessary features. Removed --enable-xml, + --enable-padlock, and --enable-manager and added --disable-aes, + --disable-des, --disable-fips-prf, --disable-gmp, --disable-md5, + --disable-sha1, and --disable-sha2 because openssl already + contains this code, we depend on it and thus don't need it twice. + Padlock support does not do much, because the bulk encryption uses + it anyway (being done internally in the kernel) and using padlock + for IKEv2 key agreement adds complexity for little gain. + Thanks to Thomas Kallenberg of strongswan upstream team for + suggesting these changes. The package is now noticable smaller. + * Also remove dbus dependency, which is no longer necessary. + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 01 Sep 2008 08:59:10 +0200 + +strongswan (4.2.4-3) unstable; urgency=low + + * Changed configure option to build peer-to-peer service again. + Closes: #494678: strongswan: configure option --enable-p2p changed to + --enable-mediation + + -- Rene Mayrhofer <rmayr@debian.org> Tue, 12 Aug 2008 20:08:26 +0200 + +strongswan (4.2.4-2) unstable; urgency=medium + + Urgency medium because this fixes an FTFBS bug on non-i386. + * Only compile padlock crypto acceleration support for i386. Thanks for + the patch! + Closes: #492455: strongswan: FTBFS: Uses i386 assembler on non-i386 + arches. + * Updated Swedish debconf translation. + Closes: #492902: [INTL:sv] po-debconf file for strongswan + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 07 Aug 2008 13:02:54 +0200 + +strongswan (4.2.4-1) unstable; urgency=medium + + Urgency medium because this new upstream versions no longer uses + dbus and thus fixed the grave bug from the last Debian package. This + version should transit to testing. + * New upstream release. Starting with version 4.2.0, crypto algorithms have + beeen modularized with existing code ported over. Among other improvments, + this version now supports AES-CCM (e.g. with esp=aes128ccm12) and AES-GCM + (e.g. with esp=aes256gcm16) starting with kernel 2.6.25 and enables dead + peer detection by default. + Note that charon (IKEv2) now uses the new /etc/strongswan.conf. + * Enabled building of VIA Padlock and openssl crypto plugins. + * Drop patch to rename AES_cbc_encrypt so as not to conflict with an + openssl method of the same name. This has been applied upstream. + * This new upstream version no longer uses dbus. + Closes: #475098: charon needs dbus but strongswan does not depend on dbus + Closes: #475099: charon does not work any more + * This new upstream version no longer prints error messages in its + init script. + Closes: #465718: strongswan: startup on booting returns error messages + * Apply patch to ipsec init script to fix bashism. + Closes: #473703: strongswan: bashism in /bin/sh script + * Updated Czech debconf translation. + Closes: #480928: [l10n] Updated Czech translation of strongswan debconf + messages + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 10 Jul 2008 14:40:43 +0200 + +strongswan (4.1.11-1) unstable; urgency=low + + * New upstream release. + * DBUS support now interacts with network-manager, so need to build-depend + on network-manager-dev. + * The web interface has been improved and now requires libfcgi-dev and + clearsilver-dev to compile, so build-depend on them. Also build-depend + on libxml2-dev, libdbus-1-dev, libtool, and libsqlite3-dev (which were + all build-deps before but were not listed explicitly so far - fix that). + * Add patch to rename internal AES_cbc_encrypt function and thus avoid + conflict with the openssl function. + Closes: #470721: pluto segfaults when using pkcs11 library linked with + OpenSSL + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 30 Mar 2008 10:35:16 +0200 + +strongswan (4.1.10-2) unstable; urgency=low + + * Enable new configure options: dbus, xml, nonblocking, thread, peer- + to-peer NAT-traversal and the manager interface support. + * Also set the default path to the opensc-pkcs11 engine explicitly. + + -- Rene Mayrhofer <rmayr@debian.org> Fri, 15 Feb 2008 10:25:49 +0100 + +strongswan (4.1.10-1) unstable; urgency=low + + * New upstream release. + Closes: #455711: New upstream version 4.1.9 + * Updated Japanese debconf translation. + Closes: #463321: strongswan: [INTL:ja] Update po-debconf template + translation (ja.po) + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 07 Feb 2008 15:15:14 +0100 + +strongswan (4.1.8-3) unstable; urgency=low + + * Force use of hardening-wrapper when building the package by setting + a Build-Dep to it and setting export DEB_BUILD_HARDENING=1 in + debian/rules. + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 07 Feb 2008 14:14:48 +0100 + +strongswan (4.1.8-2) unstable; urgency=medium + + * Ship our own init script, since upstream no longer does. This is still + installed as /etc/init.d/ipsec (and not /etc/init.d/strongswan) to be + backwards compatible. + Really closes: #442880: strongswan: postinst failure (missing + /etc/init.d/ipsec) + * Actually, need to be smarter with ipsec.conf and ipsec.secrets. Not + marking them as conffiles isn't the right thing either. Instead, now + use the includes feature to pull in config snippets that are + modified by debconf. It's not perfect, though, as the IKEv1/IKEv2 + protocols can't be enabled/disabled with includes. Therefore don't + support this option in debconf for the time being, but default to + enabled for both IKE versions. The files edited with debconf are kept + under /var/lib/strongswan. + * Cleanup debian/rules: no longer need to remove leftover files from + patching, as currently there are no Debian-specific patches (fortunately). + * More cleanup: drop debconf translations hack for woody compatibility, + depend on build-stamp instead of build in the install-strongswan target, + and remove the now unnecessary dh_clean -k call in install-strongswan so + that configure shouldn't run twice during building the package. + * Update French debconf translation. + Closes: #448327: strongswan: [INTL:fr] French debconf templates + translation update + + -- Rene Mayrhofer <rmayr@debian.org> Fri, 02 Nov 2007 21:55:29 +0100 + +strongswan (4.1.8-1) unstable; urgency=low + + The "I'm back from my long semi-vacation, and strongswan is now bug-free + again" release. + * New upstream release. + Closes: #442880: strongswan: postinst failure (missing /etc/init.d/ipsec) + Closes: #431874: strongswan - FTBFS: cannot create regular file + `/etc/ipsec.conf': Permission denied + * Explicitly use debhalper compatbility version 5m now using debian/compat + instead of DH_COMPAT. + * Since there's no configurability in dh_installdeb's mania to flag + everything below /etc as a conffile, now hack DEBIAN/conffiles directly + to remove ipsec.conf and ipsec.secrets. + Closes: #442929: strongswan: Maintainer script modifies conffiles + * Add/update debconf translations. + Closes: #432189: strongswan: [INTL:de] updated German debconf translation + Closes: #432212: [l10n] Updated Czech translation of strongswan debconf + messages + Closes: #432642: strongswan: [INTL:fr] French debconf templates + translation update + Closes: #444710: strongswan: [INTL:pt] Updated Portuguese translation for + debconf messages + + -- Rene Mayrhofer <rmayr@debian.org> Fri, 26 Oct 2007 16:16:51 +0200 + +strongswan (4.1.4-1) unstable; urgency=low + + * New upstream release. + * Fixed debconf descriptions. + Closes: #431157: strongswan: Minor errors in Debconf template + * Include Portugese and + Closes: #415178: strongswan: [INTL:pt] Portuguese translation for debconf + messages + Closes: #431154: strongswan: [INTL:de] initial German debconf translation + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 05 Jul 2007 00:53:01 +0100 + +strongswan (4.1.3-1) unreleased; urgency=low + + * New upstream release. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 03 Jun 2007 18:39:11 +0100 + +strongswan (4.1.1-1) unreleased; urgency=low + + Major new upstream release: + * IKEv2 support with the new "charon" daemon in addition to the old "pluto" + which is still used for IKEv1. + * Switches to auto* tools build system. + * The postinst script is still not quite as complete in updating the 2.8.x + config automatically to a new 4.x config, but I don't want to wait any + longer with the upload. It can be improved later on. + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 12 Apr 2007 21:33:56 +0100 + +strongswan (2.8.3-1) unstable; urgency=low + + * New upstream release with fixes for the SHA-512-HMAC function and + added SHA-384 and SHA-2 implementations. + + -- Rene Mayrhofer <rmayr@debian.org> Thu, 22 Feb 2007 20:19:45 +0000 + +strongswan (2.8.2-1) unstable; urgency=low + + * New upstream release with interoperability fixes for some VPN + clients. + + -- Rene Mayrhofer <rmayr@debian.org> Tue, 30 Jan 2007 12:21:20 +0000 + +strongswan (2.8.1+dfsg-1) unstable; urgency=low + + * New upstream release, now with XAUTH support. + * Explicitly enable smartcard and vendorid options as well as a + few more in debian/rules. + Closes: #407449: strongswan: smartcard support is disabled + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 28 Jan 2007 21:06:25 +0000 + +strongswan (2.8.1-1) UNRELEASED; urgency=low + + * New upstream release. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 28 Jan 2007 20:59:11 +0000 + +strongswan (2.8.0+dfsg-1) unstable; urgency=low + + * New upstream release. + * Update debconf templates. + Closes: #388672: strongswan: [INTL:fr] French debconf templates + translation update + Closes: #389253: [l10n] Updated Czech translation of strongswan + debconf messages + Closes: #391457: [INTL:nl] Updated dutch po-debconf translation + Closes: #396179: strongswan: [INTL:ja] Updated Japanese po-debconf + template translation (ja.po) + * Fix broken reference to a now non-existing config file. no_oe.conf + has been replaced by oe.conf, with the opposite meaning. Changed + postinst to deal with it correctly now, and also try to convert + older config file lines to newer (e.g. when updating from openswan + to strongswan). + Closes: #391565: fails to start : /etc/ipsec.conf:46: include + files found no matches + [/etc/ipsec.d/examples/no_oe.conf] + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 6 Nov 2006 19:01:58 +0000 + +strongswan (2.7.3+dfsg-1) unstable; urgency=low + + * New upstream release. Another try on getting it into unstable. + Closes: #372267: ITP: strongswan -- second fork of freeswan. + * Call debian-updatepo in the clean target, in line with the openswan + change for its version 2.4.6+dfsg-1. + * Remove man2html, htmldoc, and lynx from the Build-Deps because we no + longer rebuild the documentation tree. + * Starting shipping a lintian overrides file to finally silence the + warnings about non-standard-(file|dir)-perms (they are intentional). + * Clean up /usr/lib/ipsec somehow, again owing to lintian warnings. + * Add po-debconf to build dependencies. + + -- Rene Mayrhofer <rmayr@debian.org> Wed, 23 Aug 2006 21:23:36 +0100 + +strongswan (2.7.2+dfsg-1) unstable; urgency=low + + * First upload to the main Debian archive. This does no longer build + the linux-patch-strongswan and strongswan-modules-source packages, + as KLIPS will be removed from the strongswan upstream source anyway + for the next major release. However, the openswan KLIPS could should + be interoperable with strongswan user space. + Closes: #372267: ITP: strongswan -- second fork of freeswan. + * This upload removes the draft RFCs, as they are not considered free under + the DFSG. + + -- Rene Mayrhofer <rmayr@debian.org> Sun, 9 Jul 2006 12:40:34 +0100 + +strongswan (2.7.2-1) unstable; urgency=low + + * New upstream release. This release fixes a potential DoS problem. + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 26 Jun 2006 12:34:43 +0100 + +strongswan (2.7.0-1) unstable; urgency=low + + * Initial Debian packaging of strongswan. This is directly based on my + Debian package of openswan 2.4.5-3. + * Do not compile and ship fswcert right now, because it is not included + in strongswan upstream. If it turns out to be necessary for supporting + easy-to-use OE in the future (i.e. for generating the DNS format for the + public keys from generated X.509 certificates), I will re-add it to the + Debian package. + * Also disabled my patches to use /etc/default instead of /etc/sysconfig for + now. Something like that will be necessary in the future, but those parts + of strongswan differ significanty from openswan. + + -- Rene Mayrhofer <rmayr@debian.org> Mon, 22 May 2006 07:37:00 +0100 diff --git a/debian/charon-cmd.install b/debian/charon-cmd.install new file mode 100644 index 000000000..1db15271f --- /dev/null +++ b/debian/charon-cmd.install @@ -0,0 +1,2 @@ +usr/sbin/charon-cmd +usr/share/man/man8/charon-cmd.8 diff --git a/debian/charon-cmd.lintian-overrides b/debian/charon-cmd.lintian-overrides new file mode 100644 index 000000000..26be392ba --- /dev/null +++ b/debian/charon-cmd.lintian-overrides @@ -0,0 +1,3 @@ +# strongswan libraries are installed in /usr/lib/ipsec because they are private +# to the strongSwan project. We still want to split multiple binaries from the lib +charon-cmd: binary-or-shlib-defines-rpath usr/sbin/charon-cmd /usr/lib/ipsec diff --git a/debian/charon-systemd.install b/debian/charon-systemd.install new file mode 100644 index 000000000..a1424ab88 --- /dev/null +++ b/debian/charon-systemd.install @@ -0,0 +1,5 @@ +etc/strongswan.d/charon-systemd.conf +lib/systemd/system/strongswan-swanctl.service +usr/sbin/charon-systemd +usr/share/strongswan/templates/config/strongswan.d/charon-systemd.conf +debian/usr.sbin.charon-systemd /etc/apparmor.d/ diff --git a/debian/charon-systemd.lintian-overrides b/debian/charon-systemd.lintian-overrides new file mode 100644 index 000000000..e6d0b55a1 --- /dev/null +++ b/debian/charon-systemd.lintian-overrides @@ -0,0 +1,4 @@ +# strongswan libraries are installed in /usr/lib/ipsec because they are private +# to the strongSwan project. We still want to split multiple binaries from the +# lib +charon-systemd: binary-or-shlib-defines-rpath usr/sbin/charon-systemd /usr/lib/ipsec diff --git a/debian/compat b/debian/compat new file mode 100644 index 000000000..ec635144f --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +9 diff --git a/debian/control b/debian/control new file mode 100644 index 000000000..34ed03428 --- /dev/null +++ b/debian/control @@ -0,0 +1,319 @@ +Source: strongswan +Section: net +Priority: optional +Maintainer: strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org> +Uploaders: Rene Mayrhofer <rmayr@debian.org>, + Yves-Alexis Perez <corsac@debian.org>, + Romain Francoise <rfrancoise@debian.org> +Standards-Version: 4.0.0 +Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-swan/strongswan.git;a=summary +Vcs-Git: git://anonscm.debian.org/pkg-swan/strongswan.git +Build-Depends: bison, + bzip2, + debhelper (>= 9.20151219), + dh-apparmor, + dh-autoreconf, + dh-systemd (>= 1.5), + dpkg-dev (>= 1.16.2), + flex, + gperf, + iptables-dev [linux-any], + libcap-dev [linux-any], + libcurl4-openssl-dev | libcurl3-dev | libcurl2-dev, + libgcrypt20-dev | libgcrypt11-dev, + libgmp3-dev, + libkrb5-dev, + libldap2-dev, + libnm-glib-vpn-dev (>= 0.7) [linux-any], + libnm-util-dev (>= 0.7) [linux-any], + libpam0g-dev, + libsqlite3-dev, + libssl-dev (>= 0.9.8), + libsystemd-dev [linux-any], + libtool, + libxml2-dev, + network-manager-dev (>= 0.7) [linux-any], + pkg-config, + po-debconf, + systemd [linux-any], + tzdata +Homepage: http://www.strongswan.org +XS-Testsuite: autopkgtest + +Package: strongswan +Architecture: all +Depends: strongswan-charon, strongswan-starter, ${misc:Depends} +Description: IPsec VPN solution metapackage + The strongSwan VPN suite uses the native IPsec stack in the standard Linux + kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This metapackage installs the packages required to maintain IKEv1 and IKEv2 + connections via ipsec.conf or ipsec.secrets. + +Package: libstrongswan +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Breaks: strongswan-starter (<< 5.3.5-2) +Replaces: strongswan-starter (<< 5.3.5-2) +Recommends: libstrongswan-standard-plugins +Suggests: libstrongswan-extra-plugins +Description: strongSwan utility and crypto library + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This package provides the underlying libraries of charon and other strongSwan + components. It is built in a modular way and is extendable through various + plugins. + . + Some default (as specified by the strongSwan projet) plugins are included. + For libstrongswan (cryptographic backends, URI fetchers and database layers): + - aes (AES-128/192/256 cipher software implementation) + - constraints (X.509 certificate advanced constraint checking) + - dnskey (Parse RFC 4034 public keys) + - fips-prf (PRF specified by FIPS, used by EAP-SIM/AKA algorithms) + - gmp (RSA/DH crypto backend based on libgmp) + - hmac (HMAC wrapper using various hashers) + - md5 (MD5 hasher software implementation) + - nonce (Default nonce generation plugin) + - pem (PEM encoding/decoding routines) + - pgp (PGP encoding/decoding routines) + - pkcs1 (PKCS#1 encoding/decoding routines) + - pkcs8 (PKCS#8 decoding routines) + - pkcs12 (PKCS#12 decoding routines) + - pubkey (Wrapper to handle raw public keys as trusted certificates) + - random (RNG reading from /dev/[u]random) + - rc2 (RC2 cipher software implementation) + - revocation (X.509 CRL/OCSP revocation checking) + - sha1 (SHA1 hasher software implementation) + - sha2 (SHA256/SHA384/SHA512 hasher software implementation) + - sshkey (SSH key decoding routines) + - x509 (Advanced X.509 plugin for parsing/generating X.509 certificates/CRLs + and OCSP messages) + - xcbc (XCBC wrapper using various ciphers) + - attr (Provides IKE attributes configured in strongswan.conf) + - kernel-netlink [linux] (IPsec/Networking kernel interface using Linux + Netlink) + - kernel-pfkey [kfreebsd] (IPsec kernel interface using PF_KEY) + - kernel-pfroute [kfreebsd] (Networking kernel interface using PF_ROUTE) + - resolve (Writes name servers received via IKE to a resolv.conf file or + installs them via resolvconf(8)) + . + Also included is the libtpmtss library adding support for TPM plugin + (https://wiki.strongswan.org/projects/strongswan/wiki/TpmPlugin) + +Package: libstrongswan-standard-plugins +Architecture: any +Depends: libstrongswan (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Breaks: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1) +Replaces: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1) +Description: strongSwan utility and crypto library (standard plugins) + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This package provides some common plugins for the strongSwan utility and + cryptograhic library. + . + Included plugins are: + - agent (RSA/ECDSA private key backend connecting to SSH-Agent) + - gcm (GCM cipher mode wrapper) + - openssl (Crypto backend based on OpenSSL, provides + RSA/ECDSA/DH/ECDH/ciphers/hashers/HMAC/X.509/CRL/RNG) + +Package: libstrongswan-extra-plugins +Architecture: any +Depends: libstrongswan (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Breaks: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1), libcharon-extra-plugins (<= 5.5.3-1) +Replaces: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1), libcharon-extra-plugins (<= 5.5.3-1) +Description: strongSwan utility and crypto library (extra plugins) + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This package provides extra plugins for the strongSwan utility and + cryptographic library. + . + Included plugins are: + - af-alg [linux] (AF_ALG Linux crypto API interface, provides + ciphers/hashers/hmac/xcbc) + - ccm (CCM cipher mode wrapper) + - cmac (CMAC cipher mode wrapper) + - ctr (CTR cipher mode wrapper) + - curl (libcurl based HTTP/FTP fetcher) + - curve25519 (support for Diffie-Hellman group 31 using Curve25519 and + support for the Ed25519 digital signature algorithm for IKEv2) + - gcrypt (Crypto backend based on libgcrypt, provides + RSA/DH/ciphers/hashers/rng) + - ldap (LDAP fetching plugin based on libldap) + - padlock (VIA padlock crypto backend, provides AES128/SHA1) + - pkcs11 (PKCS#11 smartcard backend) + - rdrand (High quality / high performance random source using the Intel + rdrand instruction found on Ivy Bridge processors) + - test-vectors (Set of test vectors for various algorithms) + +Package: libcharon-extra-plugins +Architecture: any +Depends: libstrongswan (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Breaks: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1) +Replaces: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1) +Description: strongSwan charon library (extra plugins) + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This package provides extra plugins for the charon library: + - addrblock (Narrow traffic selectors to RFC 3779 address blocks in X.509 + certificates) + - certexpire (Export expiration dates of used certificates) + - eap-aka (Generic EAP-AKA protocol handler using different backends) + - eap-gtc (EAP-GTC protocol handler authenticating with XAuth backends) + - eap-identity (EAP-Identity identity exchange algorithm, to use with other + EAP protocols) + - eap-md5 (EAP-MD5 protocol handler using passwords) + - eap-mschapv2 (EAP-MSCHAPv2 protocol handler using passwords/NT hashes) + - eap-radius (EAP server proxy plugin forwarding EAP conversations to a + RADIUS server) + - eap-tls (EAP-TLS protocol handler, to authenticate with certificates in + EAP) + - eap-tnc (EAP-TNC protocol handler, Trusted Network Connect in a TLS tunnel) + - eap-ttls (EAP-TTLS protocol handler, wraps other EAP methods securely) + - error-notify (Notification about errors via UNIX socket) + - ha (High-Availability clustering) + - led (Let Linux LED subsystem LEDs blink on IKE activity) + - lookip (Virtual IP lookup facility using a UNIX socket) + - medcli (Web interface based mediation client interface) + - medsrv (Web interface based mediation server interface) + - tnc (Trusted Network Connect) + - unity (Cisco Unity extensions for IKEv1) + - xauth-eap (XAuth backend that uses EAP methods to verify passwords) + - xauth-generic (Generic XAuth backend that provides passwords from + ipsec.secrets and other credential sets) + - xauth-pam (XAuth backend that uses PAM modules to verify passwords) + +Package: strongswan-starter +Architecture: any +Depends: adduser, + libstrongswan (= ${binary:Version}), + lsb-base (>= 3.0-6), + ${misc:Depends}, + ${shlibs:Depends} +Recommends: strongswan-charon +Conflicts: openswan +Description: strongSwan daemon starter and configuration file parser + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + The starter and the associated "ipsec" script control the charon daemon from + the command line. It parses ipsec.conf and loads the configurations to the + daemon. + +Package: strongswan-libcharon +Architecture: any +Depends: libstrongswan (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Suggests: libcharon-extra-plugins +Description: strongSwan charon library + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This package contains the charon library, used by IKE client like + strongswan-charon, strongswan-charon-cmd or strongswan-nm + +Package: strongswan-charon +Architecture: any +Pre-Depends: debconf | debconf-2.0 +Depends: iproute2 [linux-any] | iproute [linux-any], + libstrongswan (= ${binary:Version}), + strongswan-starter, + ${misc:Depends}, + ${shlibs:Depends} +Provides: ike-server +Description: strongSwan Internet Key Exchange daemon + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + charon is an IPsec IKEv2 daemon which can act as an initiator or a responder. + It is written from scratch using a fully multi-threaded design and a modular + architecture. Various plugins can provide additional functionality. + +Package: strongswan-nm +Architecture: linux-any +Depends: ${misc:Depends}, ${shlibs:Depends} +Recommends: network-manager-strongswan +Replaces: network-manager-strongswan (<= 1.4.1-1~) +Description: strongSwan plugin to interact with NetworkManager + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This plugin provides an interface which allows NetworkManager to configure + and control the IKEv2 daemon directly through D-Bus. It is designed to work + in conjunction with the network-manager-strongswan package, providing + a simple graphical frontend to configure IPsec based VPNs. + +Package: charon-cmd +Architecture: any +Depends: libstrongswan (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Description: standalone IPsec client + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This package contains the charon-cmd command, which can be used as a client to + connect to a remote IKE daemon. + +Package: strongswan-pki +Architecture: any +Depends: libstrongswan (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Breaks: strongswan-starter (<< 5.3.5-2) +Replaces: strongswan-starter (<< 5.3.5-2) +Description: strongSwan IPsec client, pki command + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This package contains the pki tool which allows on to run a simple public key + infrastructure. + +Package: strongswan-scepclient +Architecture: any +Depends: libstrongswan (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Breaks: strongswan-starter (<< 5.3.5-2) +Replaces: strongswan-starter (<< 5.3.5-2) +Description: strongSwan IPsec client, SCEP client + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This package contains the SCEP client, an implementation of the Cisco System's + Simple Certificate Enrollment Protocol (SCEP). + +Package: strongswan-swanctl +Architecture: any +Depends: libstrongswan (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Description: strongSwan IPsec client, swanctl command + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This package contains the swanctl interface, used to configure a running + charon daemon + +Package: charon-systemd +Architecture: linux-any +Depends: libstrongswan (= ${binary:Version}), + strongswan-swanctl, + ${misc:Depends}, + ${shlibs:Depends} +Description: strongSwan IPsec client, systemd support + The strongSwan VPN suite uses the native IPsec stack in the standard + Linux kernel. It supports both the IKEv1 and IKEv2 protocols. + . + This package contains the charon-systemd files. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 000000000..a370574e7 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,2746 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: strongswan +Upstream-Contact: http://strongswan.org/ +Source: http://strongswan.org/ + +Files: * +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: conf/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: ltmain.sh +Copyright: 1996-2001, 2003-2005, 2006 +License: GPL-2+ + +Files: scripts/aes-test.c + scripts/settings-test.c +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: scripts/crypt_burn.c + scripts/fetch.c + scripts/hash_burn.c + scripts/oid2der.c + scripts/tls_test.c +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: scripts/dnssec.c +Copyright: 2011, 2012, Reto Guadagnini +License: GPL-2+ + +Files: scripts/keyid2sql.c + scripts/thread_analysis.c +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: scripts/malloc_speed.c +Copyright: 2013, revosec aG + 2013, Martin Willi +License: GPL-2+ + +Files: src/_copyright/* +Copyright: 2001, Henry Spencer + , reporter + , 1999-2013" +License: GPL-2+ + +Files: src/aikgen/* +Copyright: 2014, Andreas Steffen + 2008, Hal Finney +License: Expat + +Files: src/charon-cmd/* +Copyright: 2010-2014, revosec AG + 2009-2014, Tobias Brunner + 2007-2014, Martin Willi +License: GPL-2+ + +Files: src/charon-cmd/charon-cmd.c +Copyright: 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2013, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/charon-cmd/cmd/cmd_connection.h + src/charon-cmd/cmd/cmd_creds.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/charon-nm/charon-nm.c +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/charon-nm/nm/nm_backend.c + src/charon-nm/nm/nm_service.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/charon-nm/nm/nm_backend.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/charon-svc/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/charon-systemd/* +Copyright: 2010, 2014, revosec AG + 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2014, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/charon-tkm/* +Copyright: 2012-2014, Reto Buerki + 2012, 2013, Adrian-Ken Rueegsegger +License: GPL-2+ + +Files: src/charon-tkm/src/charon-tkm.c +Copyright: 2012, 2013, 2015, Tobias Brunner + 2012-2014, Reto Buerki + 2012, Adrian-Ken Rueegsegger +License: GPL-2+ + +Files: src/charon-tkm/src/tkm/tkm_keymat.c +Copyright: 2012, 2013, 2015, Tobias Brunner + 2012-2014, Reto Buerki + 2012, Adrian-Ken Rueegsegger +License: GPL-2+ + +Files: src/charon-tkm/tests/tests.c +Copyright: 2012, 2013, 2015, Tobias Brunner + 2012-2014, Reto Buerki + 2012, Adrian-Ken Rueegsegger +License: GPL-2+ + +Files: src/charon/* +Copyright: 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2013, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/conftest/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/conftest/hooks/reset_seq.c +Copyright: 2012, achelos GmbH + 2010, revosec AG + 2010, Martin Willi +License: Expat and GPL-2+ + +Files: src/dumm/* +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/dumm/bridge.c + src/dumm/bridge.h + src/dumm/iface.h + src/dumm/irdumm.c + src/dumm/main.c + src/dumm/mconsole.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/dumm/cowfs.c +Copyright: 2009, Tobias Brunner + 2007, Martin Willi + 2001-2007, Miklos Szeredi +License: GPL-2+ + +Files: src/dumm/ext/lib/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/dumm/iface.c +Copyright: 2008, Tobias Brunner + 2007, Martin Willi + 2002, Jeff Dike +License: GPL-2+ + +Files: src/dumm/mconsole.c +Copyright: 2007, Martin Willi + 2001-2004, Jeff Dike +License: GPL-2+ + +Files: src/include/* +Copyright: *No copyright* +License: GPL-2+ + +Files: src/include/linux/if_alg.h +Copyright: 2010, Herbert Xu <herbert@gondor.apana.org.au> +License: GPL-2+ + +Files: src/include/linux/udp.h +Copyright: Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> +License: GPL-2+ + +Files: src/include/sys/* +Copyright: 1991, 1993 +License: BSD-3-clause + +Files: src/libcharon/attributes/attributes.c + src/libcharon/attributes/attributes.h +Copyright: 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libcharon/attributes/mem_pool.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/attributes/mem_pool.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/bus/* +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/bus/listeners/logger.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/config/* +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/config/backend.h + src/libcharon/config/backend_manager.c + src/libcharon/config/backend_manager.h + src/libcharon/config/proposal.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/config/ike_cfg.c +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/config/proposal.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/control/controller.c +Copyright: 2010-2014, revosec AG + 2009-2014, Tobias Brunner + 2007-2014, Martin Willi +License: GPL-2+ + +Files: src/libcharon/daemon.c + src/libcharon/daemon.h +Copyright: 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2013, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/encoding/* +Copyright: 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libcharon/encoding/generator.c +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/encoding/generator.h + src/libcharon/encoding/parser.c +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/encoding/message.c +Copyright: 2010, 2014, revosec AG + 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2014, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/encoding/message.h +Copyright: 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2013, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/encoding/payloads/auth_payload.c + src/libcharon/encoding/payloads/certreq_payload.c + src/libcharon/encoding/payloads/configuration_attribute.c + src/libcharon/encoding/payloads/cp_payload.c + src/libcharon/encoding/payloads/ke_payload.c + src/libcharon/encoding/payloads/nonce_payload.c + src/libcharon/encoding/payloads/traffic_selector_substructure.c + src/libcharon/encoding/payloads/transform_attribute.c + src/libcharon/encoding/payloads/transform_substructure.c + src/libcharon/encoding/payloads/ts_payload.c + src/libcharon/encoding/payloads/vendor_id_payload.c +Copyright: 2010, revosec AG + 2005-2010, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/encoding/payloads/cert_payload.c + src/libcharon/encoding/payloads/id_payload.c +Copyright: 2010, 2011, revosec AG + 2007-2013, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/encoding/payloads/cert_payload.h + src/libcharon/encoding/payloads/eap_payload.c + src/libcharon/encoding/payloads/ike_header.h + src/libcharon/encoding/payloads/proposal_substructure.c + src/libcharon/encoding/payloads/sa_payload.c +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/encoding/payloads/configuration_attribute.h + src/libcharon/encoding/payloads/cp_payload.h + src/libcharon/encoding/payloads/vendor_id_payload.h +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/encoding/payloads/delete_payload.c + src/libcharon/encoding/payloads/encrypted_payload.c + src/libcharon/encoding/payloads/encrypted_payload.h +Copyright: 2011-2015, Tobias Brunner + 2010, revosec AG + 2005-2010, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/encoding/payloads/delete_payload.h + src/libcharon/encoding/payloads/eap_payload.h + src/libcharon/encoding/payloads/id_payload.h + src/libcharon/encoding/payloads/ike_header.c + src/libcharon/encoding/payloads/payload.c + src/libcharon/encoding/payloads/payload.h + src/libcharon/encoding/payloads/proposal_substructure.h +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libcharon/encoding/payloads/encrypted_fragment_payload.h + src/libcharon/encoding/payloads/endpoint_notify.c + src/libcharon/encoding/payloads/endpoint_notify.h + src/libcharon/encoding/payloads/fragment_payload.c + src/libcharon/encoding/payloads/fragment_payload.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/encoding/payloads/hash_payload.c + src/libcharon/encoding/payloads/hash_payload.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/encoding/payloads/notify_payload.c +Copyright: 2010, 2014, revosec AG + 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2014, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/encoding/payloads/notify_payload.h +Copyright: 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libcharon/kernel/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/network/* +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/network/receiver.c + src/libcharon/network/sender.c +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libcharon/network/receiver.h + src/libcharon/network/sender.h +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/network/socket.c +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/network/socket.h +Copyright: 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2013, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/plugins/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/addrblock/addrblock_narrow.c +Copyright: 2010, revosec AG + 2010, Martin Willi + 2009, Andreas Steffen +License: GPL-2+ + +Files: src/libcharon/plugins/addrblock/addrblock_validator.c +Copyright: 2010, Martin Willi, revosec AG + 2009, 2010, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil +License: GPL-2+ + +Files: src/libcharon/plugins/android_dns/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/plugins/android_dns/android_dns_handler.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/android_dns/android_dns_handler.h +Copyright: 2008-2010, Martin Willi + 2008-2012, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/plugins/android_log/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/plugins/attr/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/attr/attr_provider.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/attr_sql/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/attr_sql/attr_sql_plugin.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/dhcp/dhcp_plugin.c +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/dnscert/* +Copyright: 2013, Ruslan Marchenko +License: Expat + +Files: src/libcharon/plugins/dnscert/dnscert_cred.c + src/libcharon/plugins/dnscert/dnscert_plugin.c +Copyright: 2013, Tobias Brunner + 2013, Ruslan Marchenko + 2012, Reto Guadagnini +License: Expat and GPL-2+ + +Files: src/libcharon/plugins/eap_aka/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_aka_3gpp2/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_dynamic/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/plugins/eap_gtc/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_gtc/eap_gtc.c +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_identity/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_md5/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_mschapv2/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c +Copyright: 2008-2010, Martin Willi + 2008-2012, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/plugins/eap_peap/* +Copyright: 2010, 2011, HSR Hochschule fuer Technik Rapperswil + 2010, 2011, Andreas Steffen +License: GPL-2+ + +Files: src/libcharon/plugins/eap_peap/eap_peap.c +Copyright: 2010, Martin Willi, revosec AG + 2009, 2010, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil +License: GPL-2+ + +Files: src/libcharon/plugins/eap_radius/eap_radius.c + src/libcharon/plugins/eap_radius/eap_radius.h + src/libcharon/plugins/eap_radius/eap_radius_plugin.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_radius/eap_radius_plugin.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_sim/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_sim_file/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_sim_pcsc/* +Copyright: 2011, Duncan Salerno +License: GPL-2+ + +Files: src/libcharon/plugins/eap_simaka_pseudonym/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_simaka_reauth/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/eap_tnc/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libcharon/plugins/eap_ttls/* +Copyright: 2010, 2011, HSR Hochschule fuer Technik Rapperswil + 2010, 2011, Andreas Steffen +License: GPL-2+ + +Files: src/libcharon/plugins/eap_ttls/eap_ttls.c +Copyright: 2010, Martin Willi, revosec AG + 2009, 2010, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil +License: GPL-2+ + +Files: src/libcharon/plugins/eap_ttls/eap_ttls_server.c +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libcharon/plugins/ext_auth/* +Copyright: 2014, Vyronas Tsingaras (vtsingaras@it.auth.gr) +License: Expat + +Files: src/libcharon/plugins/ext_auth/ext_auth_listener.c + src/libcharon/plugins/ext_auth/ext_auth_plugin.c +Copyright: 2014, revosec AG + 2014, Vyronas Tsingaras (vtsingaras@it.auth.gr) + 2014, Martin Willi +License: Expat + +Files: src/libcharon/plugins/ha/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/ha/ha_attribute.c + src/libcharon/plugins/ha/ha_attribute.h + src/libcharon/plugins/ha/ha_cache.c + src/libcharon/plugins/ha/ha_cache.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/ipseckey/* +Copyright: 2011, 2012, Reto Guadagnini +License: GPL-2+ + +Files: src/libcharon/plugins/ipseckey/ipseckey_cred.c + src/libcharon/plugins/ipseckey/ipseckey_plugin.c +Copyright: 2013, Tobias Brunner + 2012, Reto Guadagnini +License: GPL-2+ + +Files: src/libcharon/plugins/kernel_libipsec/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/plugins/load_tester/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/load_tester/load_tester.c + src/libcharon/plugins/load_tester/load_tester_control.c + src/libcharon/plugins/load_tester/load_tester_control.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/maemo/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/plugins/medcli/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/medcli/medcli_plugin.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/medsrv/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/medsrv/medsrv_plugin.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/resolve/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/resolve/resolve_handler.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/smp/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/socket_default/socket_default_plugin.c +Copyright: 2010-2014, revosec AG + 2009-2014, Tobias Brunner + 2007-2014, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/socket_default/socket_default_socket.c +Copyright: 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2013, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c +Copyright: 2010-2014, revosec AG + 2009-2014, Tobias Brunner + 2007-2014, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c +Copyright: 2010, 2014, revosec AG + 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2014, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/plugins/sql/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/sql/sql_config.c +Copyright: 2009-2015, Andreas Steffen + 2005-2009, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/sql/sql_cred.c + src/libcharon/plugins/sql/sql_plugin.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/stroke/* +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/stroke/stroke_attribute.h + src/libcharon/plugins/stroke/stroke_control.h + src/libcharon/plugins/stroke/stroke_list.c + src/libcharon/plugins/stroke/stroke_list.h + src/libcharon/plugins/stroke/stroke_plugin.c + src/libcharon/plugins/stroke/stroke_plugin.h + src/libcharon/plugins/stroke/stroke_socket.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/stroke/stroke_counter.c + src/libcharon/plugins/stroke/stroke_counter.h + src/libcharon/plugins/stroke/stroke_handler.c + src/libcharon/plugins/stroke/stroke_handler.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/systime_fix/systime_fix_plugin.c +Copyright: 2010-2014, revosec AG + 2009-2014, Tobias Brunner + 2007-2014, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/tnc_ifmap/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libcharon/plugins/tnc_pdp/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libcharon/plugins/uci/* +Copyright: 2008, Thomas Kallenberg + 2008, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/uci/uci_config.c + src/libcharon/plugins/uci/uci_creds.c +Copyright: 2008, Tobias Brunner + 2008, Thomas Kallenberg + 2008, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/uci/uci_control.h + src/libcharon/plugins/uci/uci_plugin.c +Copyright: 2008, Thomas Kallenberg +License: GPL-2+ + +Files: src/libcharon/plugins/unity/unity_handler.c + src/libcharon/plugins/unity/unity_narrow.c + src/libcharon/plugins/unity/unity_provider.c +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/updown/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/updown/updown_handler.c + src/libcharon/plugins/updown/updown_handler.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/updown/updown_listener.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/vici/ruby/* +Copyright: 2014, revosec AG + 2014, Martin Willi +License: Expat + +Files: src/libcharon/plugins/vici/vici_attribute.c +Copyright: 2010-2014, revosec AG + 2009-2014, Tobias Brunner + 2007-2014, Martin Willi +License: GPL-2+ + +Files: src/libcharon/plugins/xauth_generic/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/plugins/xauth_noauth/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/plugins/xauth_pam/xauth_pam_listener.c + src/libcharon/plugins/xauth_pam/xauth_pam_listener.h +Copyright: 2013, Endian srl +License: Expat + +Files: src/libcharon/processing/jobs/adopt_children_job.c +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/processing/jobs/adopt_children_job.h + src/libcharon/processing/jobs/dpd_timeout_job.c + src/libcharon/processing/jobs/dpd_timeout_job.h + src/libcharon/processing/jobs/initiate_tasks_job.c + src/libcharon/processing/jobs/initiate_tasks_job.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/processing/jobs/delete_ike_sa_job.c + src/libcharon/processing/jobs/delete_ike_sa_job.h +Copyright: 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libcharon/processing/jobs/initiate_mediation_job.c + src/libcharon/processing/jobs/initiate_mediation_job.h + src/libcharon/processing/jobs/mediation_job.c + src/libcharon/processing/jobs/mediation_job.h + src/libcharon/processing/jobs/retry_initiate_job.c + src/libcharon/processing/jobs/retry_initiate_job.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/processing/jobs/migrate_job.c + src/libcharon/processing/jobs/migrate_job.h + src/libcharon/processing/jobs/start_action_job.c + src/libcharon/processing/jobs/start_action_job.h +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libcharon/processing/jobs/process_message_job.c + src/libcharon/processing/jobs/process_message_job.h + src/libcharon/processing/jobs/retransmit_job.c + src/libcharon/processing/jobs/retransmit_job.h +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/processing/jobs/send_dpd_job.c + src/libcharon/processing/jobs/send_dpd_job.h + src/libcharon/processing/jobs/send_keepalive_job.c + src/libcharon/processing/jobs/send_keepalive_job.h +Copyright: 2006, Tobias Brunner, Daniel Roethlisberger +License: GPL-2+ + +Files: src/libcharon/sa/* +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/authenticator.h + src/libcharon/sa/ike_sa_manager.h +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/sa/child_sa.c + src/libcharon/sa/ike_sa.h +Copyright: 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2013, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/sa/child_sa.h +Copyright: 2006-2008, Tobias Brunner + 2006-2008, Martin Willi + 2006, Daniel Roethlisberger +License: GPL-2+ + +Files: src/libcharon/sa/child_sa_manager.c + src/libcharon/sa/child_sa_manager.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/eap/eap_inner_method.h +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libcharon/sa/eap/eap_method.c + src/libcharon/sa/eap/eap_method.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ike_sa.c +Copyright: 2014, Volker RĆ¼melin + 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2009, Martin Willi + 2005, Jan Hutter +License: Expat and GPL-2+ + +Files: src/libcharon/sa/ike_sa_id.c + src/libcharon/sa/ike_sa_id.h +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ike_sa_manager.c +Copyright: 2010, 2011, revosec AG + 2007-2013, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/sa/ikev1/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev1/keymat_v1.c + src/libcharon/sa/ikev1/keymat_v1.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/sa/ikev1/phase1.c +Copyright: 2010-2014, revosec AG + 2009-2014, Tobias Brunner + 2007-2014, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev1/task_manager_v1.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev1/tasks/aggressive_mode.c +Copyright: 2010-2014, revosec AG + 2009-2014, Tobias Brunner + 2007-2014, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev1/tasks/isakmp_cert_pre.c +Copyright: 2013, Volker RĆ¼melin + 2011, revosec AG + 2011, Martin Willi +License: Expat and GPL-2+ + +Files: src/libcharon/sa/ikev1/tasks/isakmp_delete.c +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev1/tasks/isakmp_natd.c +Copyright: 2012, Volker RĆ¼melin + 2006-2011, Tobias Brunner + 2006, Daniel Roethlisberger + 2006, 2007, Martin Willi +License: Expat and GPL-2+ + +Files: src/libcharon/sa/ikev1/tasks/isakmp_natd.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/sa/ikev1/tasks/isakmp_vendor.c +Copyright: 2012-2014, Volker RĆ¼melin + 2012, 2013, Tobias Brunner + 2009, Martin Willi +License: Expat and GPL-2+ + +Files: src/libcharon/sa/ikev1/tasks/main_mode.c +Copyright: 2011, 2012, 2014, revosec AG + 2011, 2012, 2014, Martin Willi + 2008, 2011-2013, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/sa/ikev1/tasks/quick_delete.c +Copyright: 2013, Oliver Smith + 2011, revosec AG + 2011, Martin Willi +License: Expat and GPL-2+ + +Files: src/libcharon/sa/ikev1/tasks/quick_mode.c +Copyright: 2012, Volker RĆ¼melin + 2012, Tobias Brunner + 2011, revosec AG + 2011, Martin Willi +License: Expat and GPL-2+ + +Files: src/libcharon/sa/ikev2/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/authenticators/* +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/authenticators/eap_authenticator.h + src/libcharon/sa/ikev2/authenticators/psk_authenticator.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/authenticators/psk_authenticator.c +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/keymat_v2.c + src/libcharon/sa/ikev2/task_manager_v2.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/task_manager_v2.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/tasks/* +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/tasks/child_create.c + src/libcharon/sa/ikev2/tasks/ike_auth.c + src/libcharon/sa/ikev2/tasks/ike_init.c +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/tasks/child_rekey.c + src/libcharon/sa/ikev2/tasks/ike_rekey.c +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/tasks/ike_cert_post.c + src/libcharon/sa/ikev2/tasks/ike_cert_pre.c + src/libcharon/sa/ikev2/tasks/ike_mobike.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/tasks/ike_config.c +Copyright: 2007, Martin Willi + 2006, 2007, Fabian Hartmann, Noah Heusser +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/tasks/ike_me.c + src/libcharon/sa/ikev2/tasks/ike_me.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/tasks/ike_natd.c +Copyright: 2006, Tobias Brunner, Daniel Roethlisberger + 2006, 2007, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/ikev2/tasks/ike_reauth_complete.c + src/libcharon/sa/ikev2/tasks/ike_reauth_complete.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/keymat.c + src/libcharon/sa/task_manager.c +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libcharon/sa/keymat.h + src/libcharon/sa/task_manager.h + src/libcharon/sa/trap_manager.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/shunt_manager.c + src/libcharon/sa/shunt_manager.h +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libcharon/sa/xauth/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/sa/xauth/xauth_method.c + src/libcharon/sa/xauth/xauth_method.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libcharon/tests/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libcharon/tests/suites/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libfast/fast_smtp.c + src/libfast/fast_smtp.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libimcv/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libimcv/imcv.c + src/libimcv/imcv.h +Copyright: 2010, 2011, 2013, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil +License: GPL-2+ + +Files: src/libimcv/plugins/imc_attestation/* +Copyright: 2011-2014, Andreas Steffen + 2011, 2012, Sansar Choinyambuu +License: GPL-2+ + +Files: src/libimcv/plugins/imc_attestation/imc_attestation_process.c +Copyright: 2011, 2012, Sansar Choinyambuu, Andreas Steffen +License: GPL-2+ + +Files: src/libimcv/plugins/imc_attestation/imc_attestation_process.h + src/libimcv/plugins/imc_attestation/imc_attestation_state.h +Copyright: 2010, 2011, Sansar Choinyambuu +License: GPL-2+ + +Files: src/libimcv/plugins/imc_scanner/imc_scanner_state.h +Copyright: 2010, 2011, 2013, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil +License: GPL-2+ + +Files: src/libimcv/plugins/imc_swid/imc_swid_state.h +Copyright: 2010, 2011, 2013, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil +License: GPL-2+ + +Files: src/libimcv/plugins/imc_test/imc_test_state.h +Copyright: 2010, 2011, 2013, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil +License: GPL-2+ + +Files: src/libimcv/plugins/imv_attestation/imv_attestation_agent.c + src/libimcv/plugins/imv_attestation/imv_attestation_build.c + src/libimcv/plugins/imv_attestation/imv_attestation_process.c + src/libimcv/plugins/imv_attestation/imv_attestation_state.c +Copyright: 2011-2014, Andreas Steffen + 2011, 2012, Sansar Choinyambuu +License: GPL-2+ + +Files: src/libimcv/plugins/imv_attestation/imv_attestation_build.h + src/libimcv/plugins/imv_attestation/imv_attestation_process.h +Copyright: 2010, 2011, Sansar Choinyambuu +License: GPL-2+ + +Files: src/libimcv/plugins/imv_attestation/imv_attestation_state.h +Copyright: 2011, 2012, Sansar Choinyambuu, Andreas Steffen +License: GPL-2+ + +Files: src/libimcv/plugins/imv_test/imv_test_state.h +Copyright: 2010, 2011, 2013, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil +License: GPL-2+ + +Files: src/libimcv/pts/components/ita/ita_comp_func_name.h +Copyright: 2010, 2011, Sansar Choinyambuu +License: GPL-2+ + +Files: src/libimcv/pts/components/ita/ita_comp_tboot.h + src/libimcv/pts/components/ita/ita_comp_tgrub.h +Copyright: 2011, 2012, Sansar Choinyambuu, Andreas Steffen +License: GPL-2+ + +Files: src/libimcv/pts/components/pts_comp_evidence.c + src/libimcv/pts/components/pts_comp_evidence.h + src/libimcv/pts/components/pts_comp_func_name.h +Copyright: 2011, 2012, Sansar Choinyambuu, Andreas Steffen +License: GPL-2+ + +Files: src/libimcv/pts/components/tcg/tcg_comp_func_name.h +Copyright: 2010, 2011, Sansar Choinyambuu +License: GPL-2+ + +Files: src/libimcv/pts/pts.c + src/libimcv/pts/pts.h + src/libimcv/pts/pts_database.c + src/libimcv/pts/pts_file_meas.c + src/libimcv/pts/pts_file_meas.h + src/libimcv/pts/pts_meas_algo.h +Copyright: 2011-2014, Andreas Steffen + 2011, 2012, Sansar Choinyambuu +License: GPL-2+ + +Files: src/libimcv/pts/pts_dh_group.c + src/libimcv/pts/pts_dh_group.h + src/libimcv/pts/pts_error.c + src/libimcv/pts/pts_error.h + src/libimcv/pts/pts_file_meta.c + src/libimcv/pts/pts_file_meta.h + src/libimcv/pts/pts_file_type.h + src/libimcv/pts/pts_proto_caps.h + src/libimcv/pts/pts_req_func_comp_evid.h + src/libimcv/pts/pts_simple_evid_final.h +Copyright: 2010, 2011, Sansar Choinyambuu +License: GPL-2+ + +Files: src/libimcv/swid/swid_error.c +Copyright: 2010, 2011, Sansar Choinyambuu +License: GPL-2+ + +Files: src/libimcv/tcg/pts/* +Copyright: 2011-2014, Andreas Steffen + 2011, 2012, Sansar Choinyambuu +License: GPL-2+ + +Files: src/libipsec/* +Copyright: 2012, Tobias Brunner + 2012, Ralf Sager + 2012, Giuliano Grassi +License: GPL-2+ + +Files: src/libipsec/esp_context.c + src/libipsec/esp_context.h + src/libipsec/esp_packet.c +Copyright: 2012, Ralf Sager + 2012, Giuliano Grassi + 2012, 2013, Tobias Brunner +License: GPL-2+ + +Files: src/libipsec/ip_packet.c + src/libipsec/ip_packet.h + src/libipsec/ipsec_event_listener.h + src/libipsec/ipsec_processor.c + src/libipsec/ipsec_processor.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libipsec/ipsec_event_relay.h +Copyright: 2012, Ralf Sager + 2012, Giuliano Grassi +License: GPL-2+ + +Files: src/libpttls/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libradius/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libradius/radius_client.c + src/libradius/radius_client.h + src/libradius/radius_message.c + src/libradius/radius_message.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libradius/radius_mppe.h +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/AndroidConfigLocal.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/asn1/* +Copyright: 2006, Martin Will + 2000-2008, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/asn1/oid.c + src/libstrongswan/asn1/oid.h +Copyright: 2003-2008, Andreas Steffen, Hochschule fuer Technik Rapperswil +License: GPL-2+ +Comment: generated from oid.pl + +Files: src/libstrongswan/asn1/oid.pl +Copyright: 2003-2008, Andreas Steffen, Hochschule fuer Technik Rapperswil"; + 2003-2008, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/bio/* +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/collections/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/collections/array.c + src/libstrongswan/collections/array.h +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/collections/blocking_queue.c + src/libstrongswan/collections/blocking_queue.h +Copyright: 2012, Tobias Brunner + 2012, Ralf Sager + 2012, Giuliano Grassi +License: GPL-2+ + +Files: src/libstrongswan/collections/enumerator.c + src/libstrongswan/collections/enumerator.h +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/collections/linked_list.c +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/collections/linked_list.h +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/credentials/auth_cfg.c + src/libstrongswan/credentials/auth_cfg.h +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/credentials/cert_validator.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/credentials/certificates/ac.h + src/libstrongswan/credentials/certificates/pkcs10.h +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/credentials/certificates/crl.c + src/libstrongswan/credentials/certificates/crl.h +Copyright: 2008, 2009, Martin Willi + 2002-2009, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/credentials/containers/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/credentials/containers/container.h +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/credentials/containers/pkcs12.c + src/libstrongswan/credentials/containers/pkcs12.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/credentials/keys/public_key.c + src/libstrongswan/credentials/keys/public_key.h +Copyright: 2015, Tobias Brunner + 2014, Andreas Steffen + 2007, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/credentials/sets/auth_cfg_wrapper.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/credentials/sets/callback_cred.c + src/libstrongswan/credentials/sets/callback_cred.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/credentials/sets/mem_cred.c + src/libstrongswan/credentials/sets/mem_cred.h +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/crypto/* +Copyright: 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/crypto/aead.c + src/libstrongswan/crypto/aead.h +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/crypto/crypto_factory.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/crypto/crypto_factory.h + src/libstrongswan/crypto/crypto_tester.h + src/libstrongswan/crypto/transform.c + src/libstrongswan/crypto/transform.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/crypto/crypto_tester.c +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/crypto/diffie_hellman.c + src/libstrongswan/crypto/diffie_hellman.h + src/libstrongswan/crypto/mac.h +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/crypto/hashers/* +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/crypto/hashers/hash_algorithm_set.c + src/libstrongswan/crypto/hashers/hash_algorithm_set.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/crypto/iv/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/crypto/mgf1/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/crypto/nonce_gen.h +Copyright: 2012, Adrian-Ken Rueegsegger +License: GPL-2+ + +Files: src/libstrongswan/crypto/pkcs5.c + src/libstrongswan/crypto/pkcs5.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/crypto/prfs/mac_prf.c +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/crypto/prfs/mac_prf.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/crypto/proposal/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/crypto/proposal/proposal_keywords.c + src/libstrongswan/crypto/proposal/proposal_keywords.h +Copyright: 2012, Tobias Brunner + 2012, Nanoteq Pty Ltd +License: Expat and GPL-2+ + +Files: src/libstrongswan/crypto/rngs/* +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/crypto/signers/mac_signer.c +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/crypto/signers/mac_signer.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/crypto/signers/signer.h +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/database/database.c +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/database/database.h +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/eap/* +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/eap/eap.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/fetcher/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/fetcher/fetcher_manager.c + src/libstrongswan/fetcher/fetcher_manager.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/ipsec/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/library.c + src/libstrongswan/library.h +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/networking/* +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/networking/host.c +Copyright: 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/networking/host.h +Copyright: 2006-2014, Tobias Brunner + 2006, Daniel Roethlisberger + 2005-2013, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/networking/host_resolver.c + src/libstrongswan/networking/host_resolver.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/networking/streams/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/networking/tun_device.c +Copyright: 2012, Tobias Brunner + 2012, Ralf Sager + 2012, Martin Willi + 2012, Giuliano Grassi +License: GPL-2+ + +Files: src/libstrongswan/networking/tun_device.h +Copyright: 2012, Tobias Brunner + 2012, Ralf Sager + 2012, Giuliano Grassi +License: GPL-2+ + +Files: src/libstrongswan/pen/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/acert/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/aes/aes_crypter.c +Copyright: 2005, Jan Hutter + 2005, 2006, Martin Willi + 2001, Dr B. R. Gladman <brg@gladman.uk.net> +License: GPL-2+ + +Files: src/libstrongswan/plugins/aes/aes_crypter.h +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/plugins/af_alg/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/bliss/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/bliss/bliss_huffman.c +Copyright: 2012, 2014, Tobias Brunner + 2006, 2008, 2014, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/blowfish/* +Copyright: 1995-1998, Eric Young (eay@cryptsoft.com) +License: BSD-Young +Comment: not compiled since 4-clause BSD is incompatible with GPL + +Files: src/libstrongswan/plugins/blowfish/blowfish_crypter.h + src/libstrongswan/plugins/blowfish/blowfish_plugin.c + src/libstrongswan/plugins/blowfish/blowfish_plugin.h +Copyright: 2009-2015, Andreas Steffen + 2005-2009, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/ccm/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/cmac/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/plugins/constraints/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/ctr/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/curl/curl_fetcher.c +Copyright: 2008, 2009, Martin Willi + 2002-2009, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/des/des_crypter.c +Copyright: 2009, Tobias Brunner + 2006, Martin Willi + 1995-1997, Eric Young (eay@cryptsoft.com) +License: BSD-Young +Comment: not compiled since 4-clause BSD is incompatible with GPL + +Files: src/libstrongswan/plugins/dnskey/dnskey_encoder.c + src/libstrongswan/plugins/dnskey/dnskey_encoder.h +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/files/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/plugins/gcm/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/gcrypt/gcrypt_dh.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c +Copyright: 2010, Tobias Brunner + 2005-2008, Martin Willi + 2005, Jan Hutter + 1999-2001, Henry Spencer + 1998-2002, D. Hugh Redelmeier +License: GPL-2+ + +Files: src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h + src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c + src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +Copyright: 2012, Andreas Steffen + 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/plugins/hmac/hmac.c +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/hmac/hmac.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/plugins/keychain/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/ldap/ldap_fetcher.c +Copyright: 2008, 2009, Martin Willi + 2002-2009, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/md4/md4_hasher.c +Copyright: 2005, Jan Hutter + 2005, 2006, Martin Willi + 1990-1992, RSA Data Security, Inc. Created 1990 +License: GPL-2+ + +Files: src/libstrongswan/plugins/md4/md4_hasher.h +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/plugins/md5/md5_hasher.c +Copyright: 2005, Jan Hutter + 2005, 2006, Martin Willi + 1991, 1992, RSA Data Security, Inc. Created 1991 +License: GPL-2+ + +Files: src/libstrongswan/plugins/md5/md5_hasher.h +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/plugins/mysql/mysql_database.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/nonce/* +Copyright: 2012, Adrian-Ken Rueegsegger +License: GPL-2+ + +Files: src/libstrongswan/plugins/ntru/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/ntru/ntru_convert.c + src/libstrongswan/plugins/ntru/ntru_convert.h + src/libstrongswan/plugins/ntru/ntru_param_set.c + src/libstrongswan/plugins/ntru/ntru_param_set.h + src/libstrongswan/plugins/ntru/ntru_poly.c + src/libstrongswan/plugins/ntru/ntru_private_key.c + src/libstrongswan/plugins/ntru/ntru_public_key.c +Copyright: 2014, Andreas Steffen + 2009-2013, Security Innovation +License: GPL-2+ + +Files: src/libstrongswan/plugins/openssl/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/plugins/openssl/openssl_crl.c +Copyright: 2010, secunet Security Networks AG + 2010, revosec AG + 2010, Thomas Egerer + 2010, Martin Willi +License: Expat and GPL-2+ + +Files: src/libstrongswan/plugins/openssl/openssl_crl.h + src/libstrongswan/plugins/openssl/openssl_pkcs7.c + src/libstrongswan/plugins/openssl/openssl_pkcs7.h + src/libstrongswan/plugins/openssl/openssl_x509.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c + src/libstrongswan/plugins/openssl/openssl_plugin.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/openssl/openssl_ec_private_key.c + src/libstrongswan/plugins/openssl/openssl_ec_public_key.c + src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c + src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c + src/libstrongswan/plugins/openssl/openssl_util.c +Copyright: 2008-2010, Martin Willi + 2008-2012, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/plugins/openssl/openssl_hmac.c +Copyright: 2012, Tobias Brunner + 2012, Aleksandr Grinberg +License: Expat and GPL-2+ + +Files: src/libstrongswan/plugins/openssl/openssl_rng.c + src/libstrongswan/plugins/openssl/openssl_rng.h +Copyright: 2012, Aleksandr Grinberg +License: Expat + +Files: src/libstrongswan/plugins/openssl/openssl_sha1_prf.c + src/libstrongswan/plugins/openssl/openssl_sha1_prf.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/openssl/openssl_x509.c +Copyright: 2013, Technische UniversitƤt Ilmenau + 2013, Michael Rossberg + 2011, Tobias Brunner + 2010, secunet Security Networks AG + 2010, revosec AG + 2010, Thomas Egerer + 2010, Martin Willi +License: Expat and GPL-2+ + +Files: src/libstrongswan/plugins/padlock/* +Copyright: 2008, Thomas Kallenberg + 2008, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/padlock/padlock_plugin.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/padlock/padlock_plugin.h + src/libstrongswan/plugins/padlock/padlock_rng.c + src/libstrongswan/plugins/padlock/padlock_rng.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/pem/pem_builder.c +Copyright: 2008, 2013, Tobias Brunner + 2008, 2009, Martin Willi + 2000-2008, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/pem/pem_builder.h +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/pem/pem_encoder.c + src/libstrongswan/plugins/pem/pem_encoder.h +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/pgp/pgp_builder.c +Copyright: 2008, 2009, Martin Willi + 2002-2009, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/pkcs1/pkcs1_builder.c +Copyright: 2008, 2013, Tobias Brunner + 2008, 2009, Martin Willi + 2000-2008, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/pkcs11/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/pkcs11/pkcs11.h +Copyright: 2006, 2007 g10 Code GmbH / 2006, Andreas Jellinghaus +License: MIT + +Files: src/libstrongswan/plugins/pkcs11/pkcs11_dh.c + src/libstrongswan/plugins/pkcs11/pkcs11_dh.h + src/libstrongswan/plugins/pkcs11/pkcs11_rng.c + src/libstrongswan/plugins/pkcs11/pkcs11_rng.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/plugins/pkcs11/pkcs11_library.c + src/libstrongswan/plugins/pkcs11/pkcs11_library.h + src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c + src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c + src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h + src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/pkcs12/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/plugins/pkcs7/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c + src/libstrongswan/plugins/pkcs7/pkcs7_attributes.h +Copyright: 2012, 2014, Tobias Brunner + 2006, 2008, 2014, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/pkcs7/pkcs7_encrypted_data.c + src/libstrongswan/plugins/pkcs7/pkcs7_encrypted_data.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c + src/libstrongswan/plugins/pkcs7/pkcs7_generic.c +Copyright: 2012, revosec AG + 2012, Tobias Brunner + 2012, Martin Willi + 2005, Jan Hutter, Martin Willi + 2002-2008, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/pkcs8/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/plugins/plugin_feature.c + src/libstrongswan/plugins/plugin_feature.h +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/plugin_loader.c + src/libstrongswan/plugins/plugin_loader.h +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/random/random_rng.c +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/plugins/rc2/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/plugins/rdrand/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/revocation/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/revocation/revocation_validator.c +Copyright: 2010, revosec AG + 2010, Martin Willi + 2009, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/plugins/sha1/sha1_hasher.c +Copyright: 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/sha1/sha1_hasher.h +Copyright: 2005-2009, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/plugins/sha2/sha2_hasher.c +Copyright: 2006, Martin Willi + 2001, Jari Ruusu +License: GPL-2+ + +Files: src/libstrongswan/plugins/soup/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/sqlite/sqlite_database.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/sshkey/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/plugins/test_vectors/test_vectors/* +Copyright: 2009, Martin Willi +License: GPL + +Files: src/libstrongswan/plugins/test_vectors/test_vectors/3des_cbc.c + src/libstrongswan/plugins/test_vectors/test_vectors/camellia_cbc.c + src/libstrongswan/plugins/test_vectors/test_vectors/cast.c + src/libstrongswan/plugins/test_vectors/test_vectors/des.c + src/libstrongswan/plugins/test_vectors/test_vectors/idea.c + src/libstrongswan/plugins/test_vectors/test_vectors/md4.c + src/libstrongswan/plugins/test_vectors/test_vectors/null.c + src/libstrongswan/plugins/test_vectors/test_vectors/rc5.c + src/libstrongswan/plugins/test_vectors/test_vectors/serpent_cbc.c + src/libstrongswan/plugins/test_vectors/test_vectors/twofish_cbc.c +Copyright: 2009, Andreas Steffen +License: GPL + +Files: src/libstrongswan/plugins/test_vectors/test_vectors/aes_ccm.c + src/libstrongswan/plugins/test_vectors/test_vectors/aes_ctr.c + src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c + src/libstrongswan/plugins/test_vectors/test_vectors/camellia_ctr.c + src/libstrongswan/plugins/test_vectors/test_vectors/camellia_xcbc.c +Copyright: 2010, revosec AG + 2010, Martin Willi +License: GPL + +Files: src/libstrongswan/plugins/test_vectors/test_vectors/aes_cmac.c + src/libstrongswan/plugins/test_vectors/test_vectors/rc2.c +Copyright: 2012, 2013, Tobias Brunner +License: GPL + +Files: src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c +Copyright: 2009, Martin Willi + 2009, Andreas Steffen + , JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar> +License: GPL + +Files: src/libstrongswan/plugins/unbound/* +Copyright: 2011, 2012, Reto Guadagnini +License: GPL-2+ + +Files: src/libstrongswan/plugins/winhttp/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/x509/x509_ac.c + src/libstrongswan/plugins/x509/x509_ac.h +Copyright: 2009, Martin Willi + 2003, Martin Berner, Lukas Suter + 2002-2014, Andreas Steffen + 2002, Ueli Galizzi, Ariane Seiler +License: GPL-2+ + +Files: src/libstrongswan/plugins/x509/x509_cert.c +Copyright: 2008, Tobias Brunner + 2006-2009, Martin Willi + 2002, Mario Strasser + 2001, Marco Bertossa, Andreas Schleiss + 2000-2006, Andreas Steffen + 2000, Andreas Hess, Patric Lichtsteiner, Roger Wegmann +License: GPL-2+ + +Files: src/libstrongswan/plugins/x509/x509_ocsp_request.c + src/libstrongswan/plugins/x509/x509_ocsp_response.c +Copyright: 2008, 2009, Martin Willi + 2007-2014, Andreas Steffen + 2003, Christoph Gysin, Simon Zwahlen +License: GPL-2+ + +Files: src/libstrongswan/plugins/x509/x509_pkcs10.c +Copyright: 2009, Andreas Steffen + 2005, Jan Hutter, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/x509/x509_pkcs10.h +Copyright: 2009-2015, Andreas Steffen + 2005-2009, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/plugins/xcbc/xcbc.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/processing/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/processing/jobs/callback_job.c +Copyright: 2010-2014, revosec AG + 2009-2014, Tobias Brunner + 2007-2014, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/processing/jobs/callback_job.h +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/processing/jobs/job.h +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/processing/processor.c +Copyright: 2010, 2011, revosec AG + 2007-2013, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/processing/processor.h + src/libstrongswan/processing/scheduler.h +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/processing/scheduler.c +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/resolver/* +Copyright: 2011, 2012, Reto Guadagnini +License: GPL-2+ + +Files: src/libstrongswan/selectors/* +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/selectors/traffic_selector.c +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/settings/* +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/settings/settings_parser.c + src/libstrongswan/settings/settings_parser.h +Copyright: 1984, 1989, 1990, 2000-2013, Free Software Foundation, Inc +License: GPL-3+ + +Files: src/libstrongswan/settings/settings_types.c + src/libstrongswan/settings/settings_types.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/tests/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/tests/suites/test_array.c + src/libstrongswan/tests/suites/test_vectors.c +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/tests/suites/test_asn1.c + src/libstrongswan/tests/suites/test_asn1_parser.c + src/libstrongswan/tests/suites/test_crypter.c + src/libstrongswan/tests/suites/test_hasher.c + src/libstrongswan/tests/suites/test_mgf1.c + src/libstrongswan/tests/suites/test_ntru.c + src/libstrongswan/tests/suites/test_pen.c + src/libstrongswan/tests/suites/test_test_rng.c +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/tests/suites/test_bio_reader.c + src/libstrongswan/tests/suites/test_bio_writer.c + src/libstrongswan/tests/suites/test_crypto_factory.c + src/libstrongswan/tests/suites/test_enum.c + src/libstrongswan/tests/suites/test_hashtable.c + src/libstrongswan/tests/suites/test_host.c + src/libstrongswan/tests/suites/test_linked_list.c + src/libstrongswan/tests/suites/test_linked_list_enumerator.c + src/libstrongswan/tests/suites/test_settings.c + src/libstrongswan/tests/suites/test_utils.c +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/tests/suites/test_chunk.c + src/libstrongswan/tests/suites/test_enumerator.c + src/libstrongswan/tests/suites/test_identification.c + src/libstrongswan/tests/suites/test_threading.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/tests/test_runner.c + src/libstrongswan/tests/test_suite.h +Copyright: 2010-2014, revosec AG + 2009-2014, Tobias Brunner + 2007-2014, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/tests/tests.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/tests/utils/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/threading/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/threading/condvar.h + src/libstrongswan/threading/mutex.h + src/libstrongswan/threading/rwlock.h +Copyright: 2008-2010, Martin Willi + 2008-2012, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/threading/lock_profiler.h + src/libstrongswan/threading/mutex.c + src/libstrongswan/threading/rwlock.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/threading/windows/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/utils/backtrace.c + src/libstrongswan/utils/process.c + src/libstrongswan/utils/process.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/utils/capabilities.c +Copyright: 2011, 2012, 2014, revosec AG + 2011, 2012, 2014, Martin Willi + 2008, 2011-2013, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/utils/capabilities.h +Copyright: 2010-2015, Tobias Brunner + 2010-2013, revosec AG + 2007-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/utils/chunk.c +Copyright: 2007-2015, Tobias Brunner + 2005, Jan Hutter + 2005, 2006, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/utils/chunk.h + src/libstrongswan/utils/identification.c + src/libstrongswan/utils/identification.h +Copyright: 2007-2015, Tobias Brunner + 2005-2011, Martin Willi + 2005, Jan Hutter +License: GPL-2+ + +Files: src/libstrongswan/utils/compat/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/utils/enum.h + src/libstrongswan/utils/leak_detective.c + src/libstrongswan/utils/utils.c + src/libstrongswan/utils/utils.h +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/utils/lexparser.c + src/libstrongswan/utils/lexparser.h + src/libstrongswan/utils/optionsfrom.c + src/libstrongswan/utils/optionsfrom.h +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libstrongswan/utils/parser_helper.c + src/libstrongswan/utils/parser_helper.h + src/libstrongswan/utils/test.c + src/libstrongswan/utils/test.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libstrongswan/utils/printf_hook/* +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/utils/printf_hook/printf_hook_builtin.c +Copyright: 2013, revosec AG + 2013, Martin Willi + 2002-2006, H. Peter Anvin +License: Expat and GPL-2+ + +Files: src/libstrongswan/utils/printf_hook/printf_hook_builtin.h +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libstrongswan/utils/utils/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/libtls/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/libtls/tls_application.h +Copyright: 2010, 2011, HSR Hochschule fuer Technik Rapperswil + 2010, 2011, Andreas Steffen +License: GPL-2+ + +Files: src/libtnccs/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libtnccs/plugins/tnc_imc/tnc_imc_bind_function.c +Copyright: 2010, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + 2006, Mike McCauley +License: GPL-2+ + +Files: src/libtnccs/plugins/tnc_imc/tnc_imc_manager.c +Copyright: 2010, 2011, Andreas Steffen + 2006, Mike McCauley +License: GPL-2+ + +Files: src/libtnccs/plugins/tnc_imv/tnc_imv_bind_function.c +Copyright: 2010, 2011, Andreas Steffen + 2006, Mike McCauley +License: GPL-2+ + +Files: src/libtnccs/plugins/tnccs_11/batch/* +Copyright: 2010, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + 2006, Mike McCauley (mikem@open.com.au) +License: GPL-2+ + +Files: src/libtnccs/plugins/tnccs_11/batch/tnccs_batch.h +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libtnccs/plugins/tnccs_11/messages/imc_imv_msg.c + src/libtnccs/plugins/tnccs_11/messages/tnccs_error_msg.c + src/libtnccs/plugins/tnccs_11/messages/tnccs_msg.c + src/libtnccs/plugins/tnccs_11/messages/tnccs_preferred_language_msg.c + src/libtnccs/plugins/tnccs_11/messages/tnccs_reason_strings_msg.c + src/libtnccs/plugins/tnccs_11/messages/tnccs_recommendation_msg.c +Copyright: 2010, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil + 2006, Mike McCauley (mikem@open.com.au) +License: GPL-2+ + +Files: src/libtnccs/plugins/tnccs_11/messages/tnccs_tncs_contact_info_msg.c +Copyright: 2010, 2011, 2013, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil +License: GPL-2+ + +Files: src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c +Copyright: 2010-2015, Andreas Steffen + 2010, Sansar Choinyanbuu +License: GPL-2+ + +Files: src/libtnccs/plugins/tnccs_20/messages/ietf/* +Copyright: 2010, 2011, Sansar Choinyambuu +License: GPL-2+ + +Files: src/libtnccs/plugins/tnccs_20/messages/ietf/pb_experimental_msg.c + src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h + src/libtnccs/plugins/tnccs_20/messages/ietf/pb_remediation_parameters_msg.c + src/libtnccs/plugins/tnccs_20/messages/ietf/pb_remediation_parameters_msg.h +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c +Copyright: 2010, Sansar Choinyanbuu + 2010, Andreas Steffen +License: GPL-2+ + +Files: src/libtnccs/plugins/tnccs_20/tnccs_20.c +Copyright: 2010-2015, Andreas Steffen + 2010, Sansar Choinyanbuu +License: GPL-2+ + +Files: src/libtncif/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/libtncif/tncif.h + src/libtncif/tncifimc.h + src/libtncif/tncifimv.h +Copyright: 2005-2011, Trusted Computing Group, Inc. All rights +License: BSD-3-clause + +Files: src/libtncif/tncif_pa_subtypes.h +Copyright: 2010, 2011, 2013, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil +License: GPL-2+ + +Files: src/manager/templates/* +Copyright: *No copyright* +License: GPL-2+ + +Files: src/medsrv/* +Copyright: 2008, Philip Boetschi, Adrian Doerig + 2008, Martin Willi +License: GPL-2+ + +Files: src/medsrv/templates/* +Copyright: *No copyright* +License: GPL-2+ + +Files: src/medsrv/user.c + src/medsrv/user.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/pki/commands/* +Copyright: 2009-2015, Andreas Steffen + 2005-2009, Martin Willi +License: GPL-2+ + +Files: src/pki/commands/keyid.c + src/pki/commands/verify.c +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/pki/commands/pkcs12.c +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/pki/commands/pkcs7.c + src/pki/commands/print.c + src/pki/commands/signcrl.c +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/pki/pki.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/pool/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/pool/pool.c +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/pool/pool_usage.c + src/pool/pool_usage.h +Copyright: 2009-2015, Andreas Steffen + 2005-2009, Martin Willi +License: GPL-2+ + +Files: src/pt-tls-client/* +Copyright: 2013-2015, Andreas Steffen + 2010-2013, Martin Willi, revosec AG +License: GPL-2+ + +Files: src/scepclient/* +Copyright: 2012, Tobias Brunner + 2005, Jan Hutter, Martin Willi +License: GPL-2+ + +Files: src/starter/* +Copyright: 2001, 2002, Mathieu Lafon - Arkoon Network Security +License: GPL-2+ + +Files: src/starter/args.c +Copyright: 2012, 2014, Tobias Brunner + 2006, 2008, 2014, Andreas Steffen +License: GPL-2+ + +Files: src/starter/args.h + src/starter/keywords.c + src/starter/keywords.h +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/starter/confread.c +Copyright: 2014, Tobias Brunner + 2001, 2002, Mathieu Lafon - Arkoon Network Security +License: GPL-2+ + +Files: src/starter/confread.h +Copyright: 2001, 2002, Mathieu Lafon +License: GPL-2+ + +Files: src/starter/invokecharon.c + src/starter/invokecharon.h +Copyright: 2006, Martin Willi - Hochschule fuer Technik Rapperswil + 2001, 2002, Mathieu Lafon - Arkoon Network Security +License: GPL-2+ + +Files: src/starter/parser/* +Copyright: 1984, 1989, 1990, 2000-2013, Free Software Foundation, Inc +License: GPL-3+ + +Files: src/starter/parser/conf_parser.c + src/starter/parser/conf_parser.h +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/starter/starterstroke.c + src/starter/starterstroke.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/starter/tests/* +Copyright: 2007-2015, Tobias Brunner +License: GPL-2+ + +Files: src/stroke/* +Copyright: 2001-2015, Andreas Steffen +License: GPL-2+ + +Files: src/stroke/stroke.c +Copyright: 2007-2015, Tobias Brunner + 2005-2013, Martin Willi +License: GPL-2+ + +Files: src/stroke/stroke_msg.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: src/swanctl/* +Copyright: 2010-2015, revosec AG + 2006-2015, Martin Willi +License: GPL-2+ + +Files: src/swanctl/command.c + src/swanctl/command.h +Copyright: 2005-2011, Martin Willi +License: GPL-2+ + +Files: testing/* +Copyright: Hochschule fuer Technik Rapperswil +License: GPL-2+ + +License: BSD-3 + The BSD License + . + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + . + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + . + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + . + * Neither the name of foo nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: BSD-3-clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + o Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + o Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + o Neither the name of the Trusted Computing Group nor the names of + its contributors may be used to endorse or promote products + derived from this software without specific prior written + permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +License: BSD-Young + This library is free for commercial and non-commercial use as long as + the following conditions are aheared to. The following conditions + apply to all code found in this distribution, be it the RC4, RSA, + lhash, DES, etc., code; not just the SSL code. The SSL documentation + included with this distribution is covered by the same copyright terms + except that the holder is Tim Hudson (tjh@cryptsoft.com). + . + Copyright remains Eric Young's, and as such any Copyright notices in + the code are not to be removed. + If this package is used in a product, Eric Young should be given attribution + as the author of the parts of the library used. + This can be in the form of a textual message at program startup or + in documentation (online or textual) provided with the package. + . + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + "This product includes cryptographic software written by + Eric Young (eay@cryptsoft.com)" + The word 'cryptographic' can be left out if the rouines from the library + being used are not cryptographic related :-). + 4. If you include any Windows specific code (or a derivative thereof) from + the apps directory (application code) you must include an acknowledgement: + "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + . + THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + . + The licence and distribution terms for any publically available version or + derivative of this code cannot be changed. i.e. this code cannot simply be + copied and put under another distribution licence + [including the GNU Public Licence.] + +License: Expat + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. + +License: GPL + On Debian systems, the complete text of the GNU General + Public License can be found in + `/usr/share/common-licenses/GPL'. + +License: GPL-2+ + On Debian systems, the complete text of the GNU General + Public License version 2 can be found in + `/usr/share/common-licenses/GPL-2'. + +License: GPL-2+ with OpenSSL exception + This program is free software; you can redistribute it + and/or modify it under the terms of the GNU General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later + version. + . + In addition, as a special exception, the author of this + program gives permission to link the code of its + release with the OpenSSL project's "OpenSSL" library (or + with modified versions of it that use the same license as + the "OpenSSL" library), and distribute the linked + executables. You must obey the GNU General Public + License in all respects for all of the code used other + than "OpenSSL". If you modify this file, you may extend + this exception to your version of the file, but you are + not obligated to do so. If you do not wish to do so, + delete this exception statement from your version. + . + This program is distributed in the hope that it will be + useful, but WITHOUT ANY WARRANTY; without even the implied + warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. See the GNU General Public License for more + details. + . + You should have received a copy of the GNU General Public + License along with this package; if not, write to the Free + Software Foundation, Inc., 51 Franklin St, Fifth Floor, + Boston, MA 02110-1301 USA + . + On Debian systems, the full text of the GNU General Public + License version 2 can be found in the file + `/usr/share/common-licenses/GPL-2'. + +License: GPL-3+ + On Debian systems, the complete text of the GNU General + Public License version 3 can be found in + `/usr/share/common-licenses/GPL-3'. + +License: LGPL-2+ + On Debian systems, the complete text of the Lesser GNU + General Public License version 2 can be found in + `/usr/share/common-licenses/LGPL-2'. + +License: MIT + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + . + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even + the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. diff --git a/debian/ipsec.secrets.proto b/debian/ipsec.secrets.proto new file mode 100644 index 000000000..dfa6dde47 --- /dev/null +++ b/debian/ipsec.secrets.proto @@ -0,0 +1,8 @@ +# This file holds shared secrets or RSA private keys for authentication. + +# RSA private key for this host, authenticating it to any other host +# which knows the public part. + +# this file is managed with debconf and will contain the automatically created private key +include /var/lib/strongswan/ipsec.secrets.inc + diff --git a/debian/libcharon-extra-plugins.install b/debian/libcharon-extra-plugins.install new file mode 100644 index 000000000..1b0cbca96 --- /dev/null +++ b/debian/libcharon-extra-plugins.install @@ -0,0 +1,54 @@ +# libcharon plugins +usr/lib/ipsec/plugins/libstrongswan-addrblock.so +usr/lib/ipsec/plugins/libstrongswan-certexpire.so +usr/lib/ipsec/plugins/libstrongswan-eap*.so +usr/lib/ipsec/plugins/libstrongswan-error-notify.so +usr/lib/ipsec/plugins/libstrongswan-ha.so +usr/lib/ipsec/plugins/libstrongswan-led.so +usr/lib/ipsec/plugins/libstrongswan-lookip.so +#usr/lib/ipsec/plugins/libstrongswan-medsrv.so +#usr/lib/ipsec/plugins/libstrongswan-medcli.so +usr/lib/ipsec/plugins/libstrongswan-tnc-tnccs.so +usr/lib/ipsec/plugins/libstrongswan-unity.so +usr/lib/ipsec/plugins/libstrongswan-xauth-*.so +# standard configuration files +usr/share/strongswan/templates/config/plugins/addrblock.conf +usr/share/strongswan/templates/config/plugins/certexpire.conf +usr/share/strongswan/templates/config/plugins/eap-*.conf +usr/share/strongswan/templates/config/plugins/error-notify.conf +usr/share/strongswan/templates/config/plugins/ha.conf +usr/share/strongswan/templates/config/plugins/led.conf +usr/share/strongswan/templates/config/plugins/lookip.conf +#usr/share/strongswan/templates/config/plugins/medsrv.conf +#usr/share/strongswan/templates/config/plugins/medcli.conf +usr/share/strongswan/templates/config/plugins/tnc-tnccs.conf +usr/share/strongswan/templates/config/plugins/unity.conf +usr/share/strongswan/templates/config/plugins/xauth-*.conf +usr/share/strongswan/templates/config/strongswan.d/tnc.conf +etc/strongswan.d/tnc.conf +etc/strongswan.d/charon/addrblock.conf +etc/strongswan.d/charon/certexpire.conf +etc/strongswan.d/charon/eap-*.conf +etc/strongswan.d/charon/error-notify.conf +etc/strongswan.d/charon/ha.conf +etc/strongswan.d/charon/led.conf +etc/strongswan.d/charon/lookip.conf +#etc/strongswan.d/charon/medsrv.conf +#etc/strongswan.d/charon/medcli.conf +etc/strongswan.d/charon/tnc-tnccs.conf +etc/strongswan.d/charon/unity.conf +etc/strongswan.d/charon/xauth-*.conf +debian/usr.lib.ipsec.lookip /etc/apparmor.d/ +# support libs +#usr/lib/ipsec/libfast.so* +usr/lib/ipsec/libpttls.so* +usr/lib/ipsec/libradius.so* +usr/lib/ipsec/libsimaka.so* +usr/lib/ipsec/libtnccs.so* +usr/lib/ipsec/libtls.so* +# binaries +usr/bin/pt-tls-client +usr/lib/ipsec/error-notify +usr/lib/ipsec/lookip +# manpages +usr/share/man/man1/pt-tls-client.1 diff --git a/debian/libstrongswan-extra-plugins.install b/debian/libstrongswan-extra-plugins.install new file mode 100644 index 000000000..de2fdcfd4 --- /dev/null +++ b/debian/libstrongswan-extra-plugins.install @@ -0,0 +1,32 @@ +# libstrongswan plugins +usr/lib/ipsec/plugins/libstrongswan-ccm.so +usr/lib/ipsec/plugins/libstrongswan-cmac.so +usr/lib/ipsec/plugins/libstrongswan-ctr.so +usr/lib/ipsec/plugins/libstrongswan-curl.so +usr/lib/ipsec/plugins/libstrongswan-curve25519.so +usr/lib/ipsec/plugins/libstrongswan-gcrypt.so +usr/lib/ipsec/plugins/libstrongswan-ldap.so +usr/lib/ipsec/plugins/libstrongswan-pkcs11.so +usr/lib/ipsec/plugins/libstrongswan-test-vectors.so +# default configuration files +usr/share/strongswan/templates/config/plugins/ccm.conf +usr/share/strongswan/templates/config/plugins/cmac.conf +usr/share/strongswan/templates/config/plugins/ctr.conf +usr/share/strongswan/templates/config/plugins/curl.conf +usr/share/strongswan/templates/config/plugins/curve25519.conf +usr/share/strongswan/templates/config/plugins/gcrypt.conf +usr/share/strongswan/templates/config/plugins/ldap.conf +usr/share/strongswan/templates/config/plugins/pkcs11.conf +usr/share/strongswan/templates/config/plugins/test-vectors.conf +etc/strongswan.d/charon/ccm.conf +etc/strongswan.d/charon/cmac.conf +etc/strongswan.d/charon/ctr.conf +etc/strongswan.d/charon/curl.conf +etc/strongswan.d/charon/curve25519.conf +etc/strongswan.d/charon/gcrypt.conf +etc/strongswan.d/charon/ldap.conf +etc/strongswan.d/charon/pkcs11.conf +etc/strongswan.d/charon/test-vectors.conf +# TPM libs +usr/lib/ipsec/libtpmtss.so.* +usr/lib/ipsec/libtpmtss.so diff --git a/debian/libstrongswan-standard-plugins.install b/debian/libstrongswan-standard-plugins.install new file mode 100644 index 000000000..d97a36ae4 --- /dev/null +++ b/debian/libstrongswan-standard-plugins.install @@ -0,0 +1,11 @@ +# libstrongswan plugins +usr/lib/ipsec/plugins/libstrongswan-agent.so +usr/lib/ipsec/plugins/libstrongswan-gcm.so +usr/lib/ipsec/plugins/libstrongswan-openssl.so +# config file +usr/share/strongswan/templates/config/plugins/agent.conf +usr/share/strongswan/templates/config/plugins/gcm.conf +usr/share/strongswan/templates/config/plugins/openssl.conf +etc/strongswan.d/charon/agent.conf +etc/strongswan.d/charon/gcm.conf +etc/strongswan.d/charon/openssl.conf diff --git a/debian/libstrongswan.dirs b/debian/libstrongswan.dirs new file mode 100644 index 000000000..a7afdf5d6 --- /dev/null +++ b/debian/libstrongswan.dirs @@ -0,0 +1,6 @@ +/etc/logcheck/ignore.d.paranoid +/etc/logcheck/ignore.d.server +/etc/logcheck/ignore.d.workstation +/etc/logcheck/violations.ignore.d +/usr/lib/ipsec/plugins +/usr/share/lintian/overrides diff --git a/debian/libstrongswan.docs b/debian/libstrongswan.docs new file mode 100644 index 000000000..e845566c0 --- /dev/null +++ b/debian/libstrongswan.docs @@ -0,0 +1 @@ +README diff --git a/debian/libstrongswan.install b/debian/libstrongswan.install new file mode 100644 index 000000000..b3148670b --- /dev/null +++ b/debian/libstrongswan.install @@ -0,0 +1,82 @@ +# libstrongswan plugins +usr/lib/ipsec/libstrongswan.so* +usr/lib/ipsec/plugins/libstrongswan-aes.so +usr/lib/ipsec/plugins/libstrongswan-constraints.so +usr/lib/ipsec/plugins/libstrongswan-dnskey.so +usr/lib/ipsec/plugins/libstrongswan-fips-prf.so +usr/lib/ipsec/plugins/libstrongswan-gmp.so +usr/lib/ipsec/plugins/libstrongswan-hmac.so +usr/lib/ipsec/plugins/libstrongswan-md5.so +usr/lib/ipsec/plugins/libstrongswan-nonce.so +usr/lib/ipsec/plugins/libstrongswan-pgp.so +usr/lib/ipsec/plugins/libstrongswan-pem.so +usr/lib/ipsec/plugins/libstrongswan-pkcs1.so +usr/lib/ipsec/plugins/libstrongswan-pkcs7.so +usr/lib/ipsec/plugins/libstrongswan-pkcs8.so +usr/lib/ipsec/plugins/libstrongswan-pkcs12.so +usr/lib/ipsec/plugins/libstrongswan-pubkey.so +usr/lib/ipsec/plugins/libstrongswan-random.so +usr/lib/ipsec/plugins/libstrongswan-rc2.so +usr/lib/ipsec/plugins/libstrongswan-revocation.so +usr/lib/ipsec/plugins/libstrongswan-sha1.so +usr/lib/ipsec/plugins/libstrongswan-sha2.so +usr/lib/ipsec/plugins/libstrongswan-sshkey.so +usr/lib/ipsec/plugins/libstrongswan-x509.so +usr/lib/ipsec/plugins/libstrongswan-xcbc.so +# config files +usr/share/strongswan/templates/config/plugins/aes.conf +usr/share/strongswan/templates/config/plugins/constraints.conf +usr/share/strongswan/templates/config/plugins/dnskey.conf +usr/share/strongswan/templates/config/plugins/fips-prf.conf +usr/share/strongswan/templates/config/plugins/gmp.conf +usr/share/strongswan/templates/config/plugins/hmac.conf +usr/share/strongswan/templates/config/plugins/md5.conf +usr/share/strongswan/templates/config/plugins/nonce.conf +usr/share/strongswan/templates/config/plugins/pgp.conf +usr/share/strongswan/templates/config/plugins/pem.conf +usr/share/strongswan/templates/config/plugins/pkcs1.conf +usr/share/strongswan/templates/config/plugins/pkcs7.conf +usr/share/strongswan/templates/config/plugins/pkcs8.conf +usr/share/strongswan/templates/config/plugins/pkcs12.conf +usr/share/strongswan/templates/config/plugins/pubkey.conf +usr/share/strongswan/templates/config/plugins/random.conf +usr/share/strongswan/templates/config/plugins/rc2.conf +usr/share/strongswan/templates/config/plugins/revocation.conf +usr/share/strongswan/templates/config/plugins/sha1.conf +usr/share/strongswan/templates/config/plugins/sha2.conf +usr/share/strongswan/templates/config/plugins/sshkey.conf +usr/share/strongswan/templates/config/plugins/x509.conf +usr/share/strongswan/templates/config/plugins/xcbc.conf +etc/strongswan.d/charon/aes.conf +etc/strongswan.d/charon/constraints.conf +etc/strongswan.d/charon/dnskey.conf +etc/strongswan.d/charon/fips-prf.conf +etc/strongswan.d/charon/gmp.conf +etc/strongswan.d/charon/hmac.conf +etc/strongswan.d/charon/md5.conf +etc/strongswan.d/charon/nonce.conf +etc/strongswan.d/charon/pgp.conf +etc/strongswan.d/charon/pem.conf +etc/strongswan.d/charon/pkcs1.conf +etc/strongswan.d/charon/pkcs7.conf +etc/strongswan.d/charon/pkcs8.conf +etc/strongswan.d/charon/pkcs12.conf +etc/strongswan.d/charon/pubkey.conf +etc/strongswan.d/charon/random.conf +etc/strongswan.d/charon/rc2.conf +etc/strongswan.d/charon/revocation.conf +etc/strongswan.d/charon/sha1.conf +etc/strongswan.d/charon/sha2.conf +etc/strongswan.d/charon/sshkey.conf +etc/strongswan.d/charon/x509.conf +etc/strongswan.d/charon/xcbc.conf +usr/lib/ipsec/plugins/libstrongswan-attr.so +usr/lib/ipsec/plugins/libstrongswan-resolve.so +# config files +usr/share/strongswan/templates/config/strongswan.conf +usr/share/strongswan/templates/config/plugins/attr.conf +usr/share/strongswan/templates/config/plugins/resolve.conf +etc/strongswan.d/charon/attr.conf +etc/strongswan.d/charon/resolve.conf +etc/strongswan.conf +usr/share/man/man5/strongswan.conf.5 diff --git a/debian/libstrongswan.lintian-overrides b/debian/libstrongswan.lintian-overrides new file mode 100644 index 000000000..ea5e91468 --- /dev/null +++ b/debian/libstrongswan.lintian-overrides @@ -0,0 +1,17 @@ +libstrongswan: possible-gpl-code-linked-with-openssl + +# we do pass hardening flags +libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/libradius.so.0.0.0 +libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/libsimaka.so.0.0.0 +libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/libtls.so.0.0.0 +libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-ccm.so +libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-cmac.so +libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-ctr.so +libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-farp.so +libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-gcm.so +libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-gmp.so +libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-hmac.so +libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-random.so +libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-tnc-tnccs.so +libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-xcbc.so +libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-gcrypt.so diff --git a/debian/patches/01_fix-manpages.patch b/debian/patches/01_fix-manpages.patch new file mode 100644 index 000000000..f1de0a3ac --- /dev/null +++ b/debian/patches/01_fix-manpages.patch @@ -0,0 +1,11 @@ +--- a/src/scepclient/scepclient.8 ++++ b/src/scepclient/scepclient.8 +@@ -1,7 +1,7 @@ + .\" + .TH "IPSEC_SCEPCLIENT" "8" "2012-05-11" "strongSwan" "" + .SH "NAME" +-ipsec scepclient \- Client for the SCEP protocol ++ipsec_scepclient \- Client for the SCEP protocol + .SH "SYNOPSIS" + .B ipsec scepclient [argument ...] + .sp diff --git a/debian/patches/03_systemd-service.patch b/debian/patches/03_systemd-service.patch new file mode 100644 index 000000000..5eee9a9b8 --- /dev/null +++ b/debian/patches/03_systemd-service.patch @@ -0,0 +1,17 @@ +diff --git a/debian/patches/03_systemd-service.patch b/debian/patches/03_systemd-service.patch +diff --git a/init/systemd/strongswan.service.in b/init/systemd/strongswan.service.in +index 474284a19..8060d1ea2 100644 +--- a/init/systemd/strongswan.service.in ++++ b/init/systemd/strongswan.service.in +@@ -1,9 +1,10 @@ + [Unit] + Description=strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf +-After=syslog.target network-online.target ++After=network-online.target + + [Service] + ExecStart=@SBINDIR@/@IPSEC_SCRIPT@ start --nofork ++ExecReload=@SBINDIR@/@IPSEC_SCRIPT@ reload + StandardOutput=syslog + Restart=on-abnormal + diff --git a/debian/patches/04_disable-libtls-tests.patch b/debian/patches/04_disable-libtls-tests.patch new file mode 100644 index 000000000..a0b421596 --- /dev/null +++ b/debian/patches/04_disable-libtls-tests.patch @@ -0,0 +1,8 @@ +--- a/src/libtls/Makefile.am ++++ b/src/libtls/Makefile.am +@@ -26,4 +26,4 @@ + tls_server.h tls_handshake.h tls_application.h tls_aead.h tls.h + endif + +-SUBDIRS = . tests ++SUBDIRS = . diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 000000000..6d7cc1dfa --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,3 @@ +01_fix-manpages.patch +03_systemd-service.patch +04_disable-libtls-tests.patch diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in new file mode 100644 index 000000000..d98f2ea90 --- /dev/null +++ b/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] strongswan-starter.templates diff --git a/debian/po/cs.po b/debian/po/cs.po new file mode 100644 index 000000000..4e0250126 --- /dev/null +++ b/debian/po/cs.po @@ -0,0 +1,796 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# Developers do not need to manually edit POT or PO files. +# +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-10-28 14:42+0100\n" +"Last-Translator: Miroslav Kure <kurem@debian.cz>\n" +"Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n" +"Language: cs\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "StarĆ” sprĆ”va bÄhovĆ½ch ĆŗrovnĆ je pÅekonĆ”na." + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"DÅĆvÄjÅ”Ć verze balĆku strongSwan dĆ”valy na vĆ½bÄr mezi tÅemi rÅÆznĆ½mi Start/" +"Stop ĆŗrovnÄmi. DĆky zmÄnĆ”m ve zpÅÆsobu zavĆ”dÄnĆ systĆ©mu to již nenĆ nutnĆ© a " +"ani užiteÄnĆ©. NovĆ½m i stĆ”vajĆcĆm instalacĆm použĆvajĆcĆm nÄkterou ze tÅĆ " +"pÅedefinovanĆ½ch ĆŗrovnĆ budou nynĆ automaticky nastaveny rozumnĆ© vĆ½chozĆ " +"ĆŗrovnÄ. PÅechĆ”zĆte-li z dÅĆvÄjÅ”Ć verze strongSwanu, u kterĆ© jste si " +"upravovali startovacĆ parametry, podĆvejte se prosĆm do souboru NEWS.Debian, " +"kde naleznete pokyny, jak si pÅĆsluÅ”nÄ upravit nastavenĆ." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Restartovat nynĆ strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"RestartovĆ”nĆ strongSwan je dobrĆ½ nĆ”pad, protože v pÅĆpadÄ, že aktualizace " +"obsahuje bezpeÄnostnĆ zĆ”platu, nebude tato funkÄnĆ, dokud se dĆ©mon " +"nerestartuje. VÄtÅ”ina lidĆ s restartem daemona poÄĆtĆ”, nicmĆ©nÄ je možnĆ©, že " +"tĆm budou existujĆcĆ spojenĆ ukonÄena a nĆ”slednÄ znovu nahozena. Pokud tuto " +"aktualizaci provĆ”dĆte pÅes takovĆ½to strongSwan tunel, restart nedoporuÄujeme." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "Spustit strongSwan daemona charon?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Pro podporu protokolu Internet Key Exchange musĆ bÄžet daemon charon." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "PoužĆt pro tento poÄĆtaÄ certifikĆ”t X.509?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Pro tento poÄĆtaÄ mÅÆžete automaticky vytvoÅit nebo importovat certifikĆ”t " +"X.509. CertifikĆ”t mÅÆže bĆ½t využit k autentizaci IPsec spojenĆ na dalÅ”Ć " +"poÄĆtaÄe a je upÅednostÅovanĆ½m zpÅÆsobem pro sestavovĆ”nĆ bezpeÄnĆ½ch IPsec " +"spojenĆ. DalÅ”Ć možnostĆ autentizace je využitĆ sdĆlenĆ½ch tajemstvĆ (hesel, " +"kterĆ” jsou stejnĆ” na obou stranĆ”ch tunelu), ale pro vÄtÅ”Ć poÄet spojenĆ je " +"RSA autentizace snazÅ”Ć na sprĆ”vu a mnohem bezpeÄnÄjÅ”Ć." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"AlternativnÄ mÅÆžete tuto nabĆdku zamĆtnout a pozdÄji se k nĆ vrĆ”tit pÅĆkazem " +"ādpkg-reconfigure strongswanā." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "vytvoÅit" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "importovat" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "ZĆskĆ”nĆ certifikĆ”tu X.509 pro autentizaci tohoto poÄĆtaÄe:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Pro autentizaci IPsec spojenĆ mÅÆžete buÄ vytvoÅit novĆ½ certifikĆ”t X.509 na " +"zĆ”kladÄ zadanĆ½ch parametrÅÆ, nebo mÅÆžete naimportovat veÅejnĆ½/soukromĆ½ pĆ”r " +"klĆÄÅÆ uloženĆ½ v PEM souboru." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Rozhodnete-li se pro vytvoÅenĆ novĆ©ho certifikĆ”tu X.509, budete nejprve " +"dotĆ”zĆ”ni na Åadu otĆ”zek. Pokud chcete podepsat veÅejnĆ½ klĆÄ stĆ”vajĆcĆ " +"certifikaÄnĆ autoritou, nesmĆte zvolit certifikĆ”t podepsanĆ½ sĆ”m sebou a takĆ© " +"zadanĆ© odpovÄdi musĆ splÅovat požadavky danĆ© certifikaÄnĆ autority. " +"NesplnÄnĆ požadavkÅÆ mÅÆže vĆ©st k zamĆtnutĆ požadavku na certifikĆ”t." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"ZvolĆte-li import stĆ”vajĆcĆho veÅejnĆ©ho/soukromĆ©ho pĆ”ru klĆÄÅÆ, budete " +"dotĆ”zĆ”ni na nĆ”zvy souborÅÆ, ve kterĆ½ch se klĆÄe nachĆ”zĆ (mÅÆže se takĆ© jednat " +"o jedinĆ½ soubor, protože obÄ ÄĆ”sti mohou ležet v jednom souboru). VolitelnÄ " +"mÅÆžete takĆ© zadat jmĆ©no souboru s veÅejnĆ½m klĆÄem certifikaÄnĆ autority, ale " +"zde to již musĆ bĆ½t jinĆ½ soubor. MÄjte prosĆm na pamÄti, že certifikĆ”t X.509 " +"musĆ bĆ½t ve formĆ”tu PEM a že soukromĆ½ klĆÄ nesmĆ bĆ½t zaÅ”ifrovĆ”n, jinak " +"import selže." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "JmĆ©no souboru s certifikĆ”tem X.509 ve formĆ”tu PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Zadejte cestu k souboru obsahujĆcĆmu vĆ”Å” certifikĆ”t X.509 ve formĆ”tu PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "JmĆ©no souboru se soukromĆ½m klĆÄem X.509 ve formĆ”tu PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Zadejte cestu k souboru obsahujĆcĆmu soukromĆ½ RSA klĆÄ odpovĆdajĆcĆ vaÅ”emu " +"certifikĆ”tu X.509 ve formĆ”tu PEM. MÅÆže to bĆ½t stejnĆ½ soubor jako ten, ve " +"kterĆ©m se nachĆ”zĆ certifikĆ”t X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "JmĆ©no souboru s koÅenovou certifikaÄnĆ autoritou X.509 ve formĆ”tu PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"NynĆ mÅÆžete zadat cestu k souboru obsahujĆcĆmu certifikaÄnĆ autoritu X.509, " +"kterou použĆvĆ”te pro podpis svĆ½ch certifikĆ”tÅÆ ve formĆ”tu PEM. Pokud takovou " +"certifikaÄnĆ autoritu nemĆ”te, nebo ji nechcete použĆt, ponechte prĆ”zdnĆ©. " +"KoÅenovou certifikaÄnĆ autoritu nelze uchovĆ”vat ve stejnĆ©m souboru se " +"soukromĆ½m klĆÄem nebo certifikĆ”tem X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Zadejte dĆ©lku vytvĆ”ÅenĆ©ho RSA klĆÄe:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Zadejte dĆ©lku vytvĆ”ÅenĆ©ho RSA klĆÄe. KvÅÆli bezpeÄnosti by nemÄla bĆ½t menÅ”Ć " +"než 1024 bitÅÆ a pravdÄpodobnÄ nepotÅebujete vĆc než 4096 bitÅÆ, protože to " +"již jen zpomaluje proces autentizace." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "VytvoÅit certifikĆ”t X.509 podepsanĆ½ sĆ”m sebou?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Tento instalĆ”tor mÅÆže automaticky vytvoÅit pouze certifikĆ”t X509 podepsanĆ½ " +"sĆ”m sebou, jelikož v opaÄnĆ©m pÅĆpadÄ je k podpisu certifikĆ”tu potÅeba " +"certifikaÄnĆ autorita. Tento certifikĆ”t mÅÆžete ihned použĆt k pÅipojenĆ na " +"dalÅ”Ć poÄĆtaÄe s IPsec, kterĆ© podporujĆ autentizaci pomocĆ certifikĆ”tu X509. " +"NicmĆ©nÄ chcete-li využĆt PKI možnostĆ strongSwanu, budete k vytvoÅenĆ " +"dÅÆvÄryhodnĆ½ch cest potÅebovat podepsat vÅ”echny certifikĆ”ty X509 jedinou " +"certifikaÄnĆ autoritou." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Jestliže nechcete vytvoÅit certifikĆ”t podepsanĆ½ sebou samĆ½m, vytvoÅĆ se " +"pouze soukromĆ½ RSA klĆÄ a požadavek na certifikĆ”t. Vy potom musĆte podepsat " +"požadavek svou certifikaÄnĆ autoritou." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "KĆ³d stĆ”tu pro požadavek na certifikĆ”t X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Zadejte dvojpĆsmennĆ½ kĆ³d stĆ”tu, ve kterĆ©m se server nachĆ”zĆ (napÅĆklad āCZā " +"pro Äeskou republiku)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"NezadĆ”te-li platnĆ½ kĆ³d zemÄ dle ISO-3166, OpenSSL odmĆtne certifikĆ”t " +"vygenerovat. PrĆ”zdnĆ© pole je dovoleno ve vÅ”ech ostatnĆch polĆch certifikĆ”tu " +"X.509 kromÄ tohoto." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "JmĆ©no zemÄ nebo oblasti pro požadavek na certifikĆ”t X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Zadejte celĆ© jmĆ©no zemÄ nebo oblasti, ve kterĆ© se server nachĆ”zĆ (napÅĆklad " +"āMoravaā)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "JmĆ©no lokality pro požadavek na certifikĆ”t X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Zadejte jmĆ©no lokality, ve kterĆ© se server nachĆ”zĆ (Äasto mÄsto, napÅĆklad " +"āOlomoucā)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "NĆ”zev organizace pro požadavek na certifikĆ”t X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "Zadejte nĆ”zev organizace, kterĆ© server patÅĆ (napÅĆklad āDebianā)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "NĆ”zev organizaÄnĆ jednotky pro požadavek na certifikĆ”t X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Zadejte nĆ”zev organizaÄnĆ jednotky, kterĆ© server patÅĆ (napÅĆklad āoddÄlenĆ " +"pro odhalovĆ”nĆ daÅovĆ½ch ĆŗnikÅÆā)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "ObecnĆ© jmĆ©no pro požadavek na certifikĆ”t X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Zadejte obecnĆ© jmĆ©no (CN) tohoto poÄĆtaÄe (napÅĆklad ācloud.example.orgā)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "EmailovĆ” adresa pro požadavek na certifikĆ”t X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Zadejte emailovou adresu osoby nebo organizace zodpovÄdnĆ© za certifikĆ”t " +"X.509." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Povolit oportunistickĆ© Å”ifrovĆ”nĆ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Tato verze strongSwan podporuje oportunistickĆ© Å”ifrovĆ”nĆ (OE), kterĆ© " +"uchovĆ”vĆ” autentizaÄnĆ informace IPsecu (napÅ. veÅejnĆ© RSA klĆÄe) v DNS " +"zĆ”znamech. Dokud nebude tato schopnost vĆce rozÅ”ĆÅena, zpÅÆsobĆ jejĆ aktivace " +"vĆ½raznĆ© zpomalenĆ každĆ©ho novĆ©ho odchozĆho spojenĆ." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"OportunistickĆ© Å”ifrovĆ”nĆ byste mÄli povolit pouze v pÅĆpadÄ, že ho opravdu " +"chcete. PÅi startu daemona je možnĆ©, že se vaÅ”e probĆhajĆcĆ spojenĆ do " +"Internetu pÅeruÅ”Ć (pÅesnÄji pÅestane fungovat vĆ½chozĆ cesta)." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "Pro podporu 1. verze protokolu Internet Key Exchange musĆ bÄžet daemon " +#~ "pluto." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "Spustit strongSwan daemon IKEv2?" + +#~ msgid "Do you wish to restart strongSwan?" +#~ msgstr "PÅejete si restartovat strongSwan?" + +#~ msgid "Please enter the location of your X509 certificate in PEM format:" +#~ msgstr "" +#~ "Zadejte cestu k souboru obsahujĆcĆmu vĆ”Å” certifikĆ”t X.509 ve formĆ”tu PEM." + +#~ msgid "Please enter the location of your X509 private key in PEM format:" +#~ msgstr "" +#~ "Zadejte cestu k souboru obsahujĆcĆmu vĆ”Å” certifikĆ”t X.509 ve formĆ”tu PEM." + +#~ msgid "" +#~ "Please enter the 2 letter country code for your country. This code will " +#~ "be placed in the certificate request." +#~ msgstr "" +#~ "Zadejte dvoumĆstnĆ½ ISO3166 kĆ³d svĆ© zemÄ. Tento kĆ³d bude umĆstÄn do " +#~ "požadavku na certifikĆ”t." + +#~ msgid "Example: AT" +#~ msgstr "PÅĆklad: CZ" + +#~ msgid "Example: Upper Austria" +#~ msgstr "PÅĆklad: Morava" + +#~ msgid "" +#~ "Please enter the locality (e.g. city) where you live. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Zadejte prosĆm mĆsto (napÅ. mÄsto), kde žijete. Toto jmĆ©no " +#~ "bude umĆstÄno do požadavku na certifikĆ”t." + +#~ msgid "Example: Vienna" +#~ msgstr "PÅĆklad: Olomouc" + +#~ msgid "" +#~ "Please enter the organization (e.g. company) that the X509 certificate " +#~ "should be created for. This name will be placed in the certificate " +#~ "request." +#~ msgstr "" +#~ "Zadejte prosĆm organizaci pro kterou je certifikĆ”t vytvĆ”Åen. Toto jmĆ©no " +#~ "bude umĆstÄno do požadavku na certifikĆ”t." + +#~ msgid "Example: Debian" +#~ msgstr "PÅĆklad: Debian" + +#~ msgid "Example: security group" +#~ msgstr "PÅĆklad: bezpeÄnostnĆ oddÄlenĆ" + +#~ msgid "Example: gateway.debian.org" +#~ msgstr "PÅĆklad: gateway.debian.org" + +#~ msgid "earliest" +#~ msgstr "co nejdÅĆve" + +#~ msgid "after NFS" +#~ msgstr "po NFS" + +#~ msgid "after PCMCIA" +#~ msgstr "po PCMCIA" + +#~ msgid "When to start strongSwan:" +#~ msgstr "Kdy spustit strongSwan:" + +#~ msgid "" +#~ "StrongSwan starts during system startup so that it can protect " +#~ "filesystems that are automatically mounted." +#~ msgstr "" +#~ "strongSwan se spouÅ”tĆ pÅi zavĆ”dÄnĆ systĆ©mu, takže mÅÆže chrĆ”nit " +#~ "automaticky pÅipojovanĆ© souborovĆ© systĆ©my." + +#~ msgid "" +#~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" +#~ " PCMCIA network card, it is best to start strongSwan as soon as\n" +#~ " possible, so that NFS mounts can be secured by IPSec;\n" +#~ " * after NFS: recommended when /usr is mounted through NFS and no\n" +#~ " PCMCIA network card is used;\n" +#~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" +#~ " network card or if it needs keys to be fetched from a locally running " +#~ "DNS\n" +#~ " server with DNSSec support." +#~ msgstr "" +#~ " * co nejdÅĆve: pokud nenĆ /usr pÅipojeno pÅes NFS a nepoužĆvĆ”te\n" +#~ " sĆÅ„ovou kartu PCMCIA, je lepÅ”Ć spustit strongSwan co nejdÅĆve,\n" +#~ " aby bylo NFS chrĆ”nÄno pomocĆ IPSec;\n" +#~ " * po NFS: doporuÄeno, pokud je /usr pÅipojeno pÅes NFS a pokud\n" +#~ " nepoužĆvĆ”te sĆÅ„ovou kartu PCMCIA;\n" +#~ " * po PCMCIA: doporuÄeno pokud IPSec spojenĆ použĆvĆ” sĆÅ„ovou kartu\n" +#~ " PCMCIA, nebo pokud vyžaduje staženĆ klĆÄÅÆ z lokĆ”lnÄ bÄžĆcĆho DNS\n" +#~ " serveru s podporou DNSSec." + +#~ msgid "" +#~ "If you don't restart strongSwan now, you should do so manually at the " +#~ "first opportunity." +#~ msgstr "" +#~ "Pokud nerestartujete strongSwan nynĆ, mÄli byste to provĆ©st pÅi nejbliÅ¾Å”Ć " +#~ "pÅĆležitosti." + +#~ msgid "Create an RSA public/private keypair for this host?" +#~ msgstr "VytvoÅit veÅejnĆ½/soukromĆ½ pĆ”r RSA klĆÄÅÆ pro tento poÄĆtaÄ?" + +#~ msgid "" +#~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " +#~ "authenticate IPSec connections to other hosts. RSA authentication is " +#~ "generally considered more secure and is easier to administer. You can use " +#~ "PSK and RSA authentication simultaneously." +#~ msgstr "" +#~ "strongSwan mÅÆže pro autentizaci IPSec spojenĆ s jinĆ½mi poÄĆtaÄi použĆvat " +#~ "pÅedsdĆlenĆ½ klĆÄ (PSK), nebo veÅejnĆ½/soukromĆ½ pĆ”r RSA klĆÄÅÆ. RSA " +#~ "autentizace se považuje za bezpeÄnÄjÅ”Ć a jednoduÅ”Å”Ć na sprĆ”vu. " +#~ "Autentizace PSK a RSA mÅÆžete použĆvat souÄasnÄ." + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Jestliže si nepÅejete vytvoÅit novĆ½ pĆ”r klĆÄÅÆ pro tento poÄĆtaÄ, mÅÆžete " +#~ "si v pÅĆÅ”tĆm kroku zvolit existujĆcĆ klĆÄe." + +#~ msgid "" +#~ "The required information can automatically be extracted from an existing " +#~ "X.509 certificate with a matching RSA private key. Both parts can be in " +#~ "one file, if it is in PEM format. You should choose this option if you " +#~ "have such an existing certificate and key file and want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "PotÅebnĆ© informace lze zĆskat automaticky z existujĆcĆho certifikĆ”tu " +#~ "X.509 s odpovĆdajĆcĆm soukromĆ½m RSA klĆÄem. JednĆ”-li se o formĆ”t PEM, " +#~ "mohou bĆ½t obÄ ÄĆ”sti v jednom souboru. VlastnĆte-li takovĆ½ certifikĆ”t a " +#~ "soubor s klĆÄem a chcete-li je použĆt pro autentizaci IPSec spojenĆ, " +#~ "odpovÄzte kladnÄ." + +#~ msgid "RSA key length:" +#~ msgstr "DĆ©lka RSA klĆÄe:" + +#~ msgid "" +#~ "Please enter the length of RSA key you wish to generate. A value of less " +#~ "than 1024 bits is not considered secure. A value of more than 2048 bits " +#~ "will probably affect performance." +#~ msgstr "" +#~ "Zadejte prosĆm dĆ©lku vytvĆ”ÅenĆ©ho RSA klĆÄe. Z dÅÆvodu bezpeÄnosti by " +#~ "nemÄla bĆ½t menÅ”Ć než 1024 bitÅÆ. Hodnota vÄtÅ”Ć než 2048 bitÅÆ mÅÆže ovlivnit " +#~ "vĆ½kon." + +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a certificate authority is needed to sign the certificate " +#~ "request." +#~ msgstr "" +#~ "Automaticky lze vytvoÅit pouze certifikĆ”t podepsanĆ½ sĆ”m sebou, protože " +#~ "jinak je zapotÅebĆ certifikaÄnĆ autorita, kterĆ” by podepsala požadavek na " +#~ "certifikĆ”t." + +#~ msgid "" +#~ "If you accept this option, the certificate created can be used " +#~ "immediately to connect to other IPSec hosts that support authentication " +#~ "via an X.509 certificate. However, using strongSwan's PKI features " +#~ "requires a trust path to be created by having all X.509 certificates " +#~ "signed by a single authority." +#~ msgstr "" +#~ "OdpovĆte-li kladnÄ, mÅÆžete novĆ½ certifikĆ”t ihned použĆt k pÅipojenĆ na " +#~ "dalÅ”Ć poÄĆtaÄe s IPSec, kterĆ© podporujĆ autentizaci pomocĆ certifikĆ”tu " +#~ "X.509. NicmĆ©nÄ pro využitĆ PKI možnostĆ ve strongSwanu je nutnĆ©, aby byly " +#~ "vÅ”echny certifikĆ”ty v cestÄ dÅÆvÄry podepsĆ”ny stejnou autoritou." + +#~ msgid "" +#~ "This field is mandatory; otherwise a certificate cannot be generated." +#~ msgstr "Toto pole je povinnĆ©, bez nÄj nenĆ možnĆ© certifikĆ”t vytvoÅit." + +#~ msgid "" +#~ "Please enter the locality name (often a city) that should be used in the " +#~ "certificate request." +#~ msgstr "" +#~ "Zadejte jmĆ©no lokality (napÅ. mÄsta), kterĆ© se mĆ” použĆt v požadavku na " +#~ "certifikĆ”t." + +#~ msgid "" +#~ "Please enter the organization name (often a company) that should be used " +#~ "in the certificate request." +#~ msgstr "" +#~ "Zadejte nĆ”zev organizace (firmy), kterĆ½ se mĆ” použĆt v požadavku na " +#~ "certifikĆ”t." + +#~ msgid "" +#~ "Please enter the organizational unit name (often a department) that " +#~ "should be used in the certificate request." +#~ msgstr "" +#~ "Zadejte nĆ”zev organizaÄnĆ jednotky (napÅ. oddÄlenĆ), kterĆ½ se mĆ” použĆt v " +#~ "požadavku na certifikĆ”t." + +#~ msgid "" +#~ "Please enter the common name (such as the host name of this machine) that " +#~ "should be used in the certificate request." +#~ msgstr "" +#~ "Zadejte bÄžnĆ© jmĆ©no (napÅ. jmĆ©no poÄĆtaÄe), kterĆ© se mĆ” použĆt v " +#~ "požadavku na certifikĆ”t." + +#~ msgid "earliest, \"after NFS\", \"after PCMCIA\"" +#~ msgstr "\"co nejdÅĆve\", \"po NFS\", \"po PCMCIA\"" + +#~ msgid "" +#~ "There are three possibilities when strongSwan can start: before or after " +#~ "the NFS services and after the PCMCIA services. The correct answer " +#~ "depends on your specific setup." +#~ msgstr "" +#~ "ExistujĆ tÅi možnosti, kdy se dĆ” strongSwan spouÅ”tÄt: pÅed NFS službami, " +#~ "po NFS službĆ”ch nebo po PCMCIA službĆ”ch. SprĆ”vnĆ” odpovÄÄ zĆ”visĆ na vaÅ”em " +#~ "konkrĆ©tnĆm nastavenĆ." + +#~ msgid "" +#~ "If you do not have your /usr tree mounted via NFS (either you only mount " +#~ "other, less vital trees via NFS or don't use NFS mounted trees at all) " +#~ "and don't use a PCMCIA network card, then it's best to start strongSwan " +#~ "at the earliest possible time, thus allowing the NFS mounts to be secured " +#~ "by IPSec. In this case (or if you don't understand or care about this " +#~ "issue), answer \"earliest\" to this question (the default)." +#~ msgstr "" +#~ "Jestliže nemĆ”te svÅÆj strom /usr pÅipojen skrz NFS (buÄ pÅes NFS " +#~ "pÅipojujete jinĆ©, ne tak dÅÆležitĆ© stromy, nebo NFS vÅÆbec nepoužĆvĆ”te) a " +#~ "nepoužĆvĆ”te sĆÅ„ovou kartu PCMCIA, je nejlepÅ”Ć spouÅ”tÄt strongSwan co " +#~ "nejdÅĆve, ÄĆmž umožnĆte aby byly NFS svazky chrĆ”nÄny pomocĆ IPSec. V " +#~ "takovĆ©m pÅĆpadÄ (nebo pokud si nejste jisti, nebo pokud vĆ”m na tom " +#~ "nezĆ”ležĆ) na otĆ”zku odpovÄzte āco nejdÅĆveā (vĆ½chozĆ)." + +#~ msgid "" +#~ "If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +#~ "card, then you will need to start strongSwan after NFS so that all " +#~ "necessary files are available. In this case, answer \"after NFS\" to this " +#~ "question. Please note that the NFS mount of /usr can not be secured by " +#~ "IPSec in this case." +#~ msgstr "" +#~ "Jestliže mĆ”te strom /usr pÅipojen skrz NFS a nepoužĆvĆ”te sĆÅ„ovou kartu " +#~ "PCMCIA, musĆte spustit strongSwan po NFS, aby byly vÅ”echny potÅebnĆ© " +#~ "soubory dostupnĆ©. V tomto pÅĆpadÄ na otĆ”zku odpovÄzte āpo NFSā. UvÄdomte " +#~ "si prosĆm, že v tomto pÅĆpadÄ nemÅÆže bĆ½t NFS svazek /usr chrĆ”nÄn pomocĆ " +#~ "IPSec." + +#~ msgid "" +#~ "If you use a PCMCIA network card for your IPSec connections, then you " +#~ "only have to choose to start it after the PCMCIA services. Answer \"after " +#~ "PCMCIA\" in this case. This is also the correct answer if you want to " +#~ "fetch keys from a locally running DNS server with DNSSec support." +#~ msgstr "" +#~ "Jestliže použĆvĆ”te PCMCIA sĆÅ„ovou kartu pro vaÅ”e IPSec pÅipojenĆ, pak je " +#~ "jedinou možnostĆ jej spustit po PCMCIA službĆ”ch. V tom pÅĆpadÄ odpovÄzte " +#~ "āpo PCMCIAā. Toto je takĆ© sprĆ”vnĆ” odpovÄÄ, pokud chcete zĆskat klĆÄe z " +#~ "lokĆ”lnĆho DNS serveru s podporou DNSSec." + +#~ msgid "Do you wish to support IKEv1?" +#~ msgstr "PÅejete si podporu IKEv1?" + +#~ msgid "" +#~ "strongSwan supports both versions of the Internet Key Exchange protocol, " +#~ "IKEv1 and IKEv2. Do you want to start the \"pluto\" daemon for IKEv1 " +#~ "support when strongSwan is started?" +#~ msgstr "" +#~ "strongSwan podporuje protokol Internet Key Exchange ve verzĆch 1 a 2 " +#~ "(IKEv1, IKEv2). PÅejete si pÅi startu strongSwanu spustit daemona āplutoā " +#~ "podporujĆcĆho IKEv1?" + +#~ msgid "Do you wish to support IKEv2?" +#~ msgstr "PÅejete si podporu IKEv2?" + +#~ msgid "" +#~ "strongSwan supports both versions of the Internet Key Exchange protocol, " +#~ "IKEv1 and IKEv2. Do you want to start the \"charon\" daemon for IKEv2 " +#~ "support when strongSwan is started?" +#~ msgstr "" +#~ "strongSwan podporuje protokol Internet Key Exchange ve verzĆch 1 a 2 " +#~ "(IKEv1, IKEv2). PÅejete si pÅi startu strongSwanu spustit daemona " +#~ "ācharonā podporujĆcĆho IKEv2?" + +#~ msgid "" +#~ "strongSwan comes with support for opportunistic encryption (OE), which " +#~ "stores IPSec authentication information (i.e. RSA public keys) in " +#~ "(preferably secure) DNS records. Until this is widely deployed, " +#~ "activating it will cause a significant slow-down for every new, outgoing " +#~ "connection. Since version 2.0, strongSwan upstream comes with OE enabled " +#~ "by default and is thus likely to break your existing connection to the " +#~ "Internet (i.e. your default route) as soon as pluto (the strongSwan " +#~ "keying daemon) is started." +#~ msgstr "" +#~ "strongSwan pÅichĆ”zĆ s podporou pro oportunistickĆ© Å”ifrovĆ”nĆ (OE), kterĆ© " +#~ "uchovĆ”vĆ” autentizaÄnĆ informace IPSecu (napÅ. veÅejnĆ© RSA klĆÄe) v " +#~ "(nejlĆ©pe zabezpeÄenĆ½ch) DNS zĆ”znamech. Dokud nebude tato schopnost vĆce " +#~ "rozÅ”ĆÅena, zpÅÆsobĆ jejĆ aktivace vĆ½raznĆ© zpomalenĆ každĆ©ho novĆ©ho " +#~ "odchozĆho spojenĆ. Od verze 2.0 pÅichĆ”zĆ strongSwan s implicitnÄ zapnutou " +#~ "podporou OE ÄĆmž pravdÄpodobnÄ zruÅ”Ć vaÅ”e probĆhajĆcĆ spojenĆ do " +#~ "Internetu (tj. vaÅ”i vĆ½chozĆ cestu - default route) v okamžiku, kdy " +#~ "spustĆte pluto (strongSwan keying dĆ©mon)." + +#~ msgid "" +#~ "Please choose whether you want to enable support for OE. If unsure, do " +#~ "not enable it." +#~ msgstr "" +#~ "ProsĆm vyberte si zda chcete povolit podporu pro OE. Nejste-li si jisti, " +#~ "podporu nepovolujte." + +#~ msgid "x509, plain" +#~ msgstr "x509, prostĆ½" + +#~ msgid "The type of RSA keypair to create:" +#~ msgstr "Typ pĆ”ru RSA klĆÄÅÆ, kterĆ½ se vytvoÅĆ:" + +#~ msgid "" +#~ "It is possible to create a plain RSA public/private keypair for use with " +#~ "strongSwan or to create a X509 certificate file which contains the RSA " +#~ "public key and additionally stores the corresponding private key." +#~ msgstr "" +#~ "Je možnĆ© vytvoÅit prostĆ½ pĆ”r RSA klĆÄÅÆ pro použitĆ se strongSwanem, nebo " +#~ "vytvoÅit soubor s certifikĆ”tem X509, kterĆ½ obsahuje veÅejnĆ½ RSA klĆÄ a " +#~ "dodateÄnÄ uchovĆ”vĆ” odpovĆdajĆcĆ soukromĆ½ klĆÄ." + +#~ msgid "" +#~ "If you only want to build up IPSec connections to hosts also running " +#~ "strongSwan, it might be a bit easier using plain RSA keypairs. But if you " +#~ "want to connect to other IPSec implementations, you will need a X509 " +#~ "certificate. It is also possible to create a X509 certificate here and " +#~ "extract the RSA public key in plain format if the other side runs " +#~ "strongSwan without X509 certificate support." +#~ msgstr "" +#~ "Pokud chcete vytvoÅit IPSec spojenĆ jen k poÄĆtaÄÅÆm, na kterĆ½ch taktĆ©Å¾ " +#~ "bÄÅ¾Ć strongSwan, mÅÆže bĆ½t mnohem jednoduÅ”Å”Ć použĆt pĆ”r prostĆ½ch RSA " +#~ "klĆÄÅÆ. Pokud se ale chcete pÅipojit k jinĆ½m implementacĆm IPSec, budete " +#~ "potÅebovat certifikĆ”t X509. TakĆ© je možnĆ© zde vytvoÅit certifikĆ”t X509 a " +#~ "pozdÄji, pokud druhĆ” strana použĆvĆ” strongSwan bez podpory certifikĆ”tÅÆ " +#~ "X509, z nÄj zĆskat veÅejnĆ½ RSA klĆÄ v prostĆ©m formĆ”tu." + +#~ msgid "" +#~ "Therefore a X509 certificate is recommended since it is more flexible and " +#~ "this installer should be able to hide the complex creation of the X509 " +#~ "certificate and its use in strongSwan anyway." +#~ msgstr "" +#~ "CertifikĆ”t X509 je proto doporuÄovĆ”n zejmĆ©na dĆky svĆ© flexibilitÄ. Tento " +#~ "instalĆ”tor by v mÄl bĆ½t schopen skrĆ½t komplexnost vytvĆ”ÅenĆ a použĆvĆ”nĆ " +#~ "certifikĆ”tu ve strongSwanu." diff --git a/debian/po/da.po b/debian/po/da.po new file mode 100644 index 000000000..23763f1e2 --- /dev/null +++ b/debian/po/da.po @@ -0,0 +1,461 @@ +# Danish translation strongswan. +# Copyright (C) 2010 strongswan & nedenstĆ„ende oversƦttere. +# This file is distributed under the same license as the strongswan package. +# Joe Hansen (joedalton2@yahoo.dk), 2010, 2013. +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-10-06 12:42+0000\n" +"Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n" +"Language-Team: Danish <dansk@dansk-gruppen.dk>\n" +"Language: da\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Erstattede tidligere kĆørselsniveauhĆ„ndtering" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Tidligere versioner af pakken strongSwan havde et valg mellem tre " +"forskellige start-/stopniveauer. PĆ„ grund af Ʀndringer i den normale " +"procedure for systemopstart, er dette ikke lƦngere nĆødvendigt eller " +"brugbart. For alle nye installationer samt Ʀldre installationer der kĆører i " +"en af de prƦdefinerede tilstande, vil standardniveauer for sane ikke blive " +"angivet. Hvis du opgraderer fra en tidligere version og Ʀndrede dine " +"opstartsparametre i strongSwan, sĆ„ kig venligst i NEWS.Debian for " +"instruktioner om hvordan du Ʀndrer din opsƦtning, sĆ„ den passer." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Genstart strongSwan nu?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Genstart af strongSwan anbefales, da det er en sikkerhedsrettelse, rettelsen " +"vil ikke trƦde i kraft fĆør dƦmonen genstartes. De fleste forventer at " +"dƦmonen genstartes, sĆ„ dette er generelt en god ide. Det kan dog lƦgge " +"eksisterende forbindelser ned og sĆ„ fĆ„ dem op igen, sĆ„ hvis du bruger sĆ„dan " +"en strongSwan-tunneltil at forbinde for denne opdatering, anbefales en " +"genstart ikke." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "Start strongSwans charon-dƦmon?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"DƦmonen charon skal kĆøre for at understĆøtte Internet Key Exchange-" +"protokollen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Brug et X.509-certifikat for denne vƦrt?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Et X.509-certifikat for denne vƦrt kan oprettes automatisk eller importeres. " +"Det kan bruges til at godkende IPsec-forbindelser til andre vƦrter og er den " +"foretrukne mĆ„de at opbygge sikre IPsec-forbindelser. Den anden mulighed " +"ville vƦre at bruge delte hemmeligheder (adgangskoder der er de samme pĆ„ " +"begge sider af tunnelen) til godkendelse af en forbindelse, men for et " +"stĆørre antal forbindelser, er nĆøglebaseret godkendelse nemmere at " +"administrere og mere sikkert." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Alternativt kan du afvise denne indstilling og senere bruge kommandoen Ā»dpkg-" +"reconfigure strongswanĀ«." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "opret" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "importer" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"Metoder hvormed et X.509-certifikat kan bruges til at godkende denne vƦrt:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Det er muligt at oprette et nyt X.509-certifikat med brugerdefineret " +"opsƦtning eller at importere en eksisterende offentlig og privat nĆøgle gemt " +"i PEM-filer for godkendelse af IPsec-forbindelser." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Hvis du vƦlger at oprette et nyt X.509-certifikat, vil du fĆørst blive spurgt " +"om et antal spĆørgsmĆ„l, som skal besvares fĆør oprettelsen kan begynde. Husk " +"venligst at hvis du Ćønsker at den offentlige nĆøgle skal underskrives af et " +"eksisterende Certificate Authority, sĆ„ bĆør du ikke vƦlge at oprette et " +"certifikat underskrevet af dig selv og alle svarene skal svare prƦcis til " +"krƦvene i CA'en, ellers vil certifikatanmodningen blive afvist." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Hvis du Ćønsker at importere en eksisterende offentlig og privat nĆøgle, vil " +"du blive spurgt om deres filnavne (som kan vƦre identiske, hvis begge er " +"gemt sammen i en fil). Du kan valgfrit angive et filnavn hvor de offentlige " +"nĆøgler fra Certificate Authority opbevares, men denne fil kan ikke vƦre den " +"samme som den tidligere. VƦr venligst ogsĆ„ opmƦrksom pĆ„ at formatet for " +"X.509-certifikatet skal vƦre PEM, og at den private nĆøgle ikke mĆ„ vƦre " +"krypteret, ellers vil importproceduren fejle." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Filnavn pĆ„ dit PEM-formateret X.509-certifikat:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Indtast venligst placeringen pĆ„ filen der indeholder dit X.509-certifikat i " +"PEM-format." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Filnavn pĆ„ din private PEM-formateret X.509-nĆøgle:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Indtast venligst placeringen pĆ„ filen, der indeholder den private RSA-nĆøgle " +"der svarer til dit X.509-certifikat i PEM-format. Dette kan vƦre den samme " +"fil som indeholder X.509-certifikatet." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Filnavn pĆ„ dit PEM-formaterede X.509-RootCA:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Du kan nu valgfrit indtaste placeringen pĆ„ filen, der indeholder X.509 " +"Certificate Authority-root brugt til at underskrive dit certifikat i PEM-" +"format. Hvis du ikke har et eller ikke Ćønsker at bruge det sĆ„ efterlad dette " +"felt tomt. BemƦrk venligst at det ikke er muligt at gemme RootCA'en i den " +"samme fil som dit X.509-certifikat eller din private nĆøgle." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Indtast venligst hvilken lƦngde den oprettede RSA-nĆøgle skal have:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Indtast venligst lƦngden pĆ„ den oprettede RSA-nĆøgle. Den bĆør ike vƦre mindre " +"end 1024 bit, da dette er usikkert, og du vil sikkert ikke have brug for " +"mere end 4096 bit, da det kun slĆøver godkendelsesprocessen ned og behovet " +"ikke er der i Ćøjeblikket." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Opret et X.509-certifikat du selv har underskrevet?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Kun X.509-certifikater du selv har underskrevet kan oprettes automatisk, da " +"en Certifikat Authority ellers er nĆødvendig for at certifikatforespĆørgslen " +"biver underskrevet. Hvis du vƦlger at oprette et certifikat, du selv " +"underskriver, kan du umiddelbart bruge det efterfĆølgende til at forbinde til " +"andre IPsec-vƦrter som understĆøtter X.509-certifikater til godkendelse af " +"IPsec-forbindelser. Brug af strongSwans PKI-funktioner krƦver dog at alle " +"certifikater skal vƦre underskrevet af en Certificate Authority for at " +"oprette en trovƦrdighed." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Hvis du vƦlger ikke at oprette et certifikat, du selv har underskrevet, vil " +"kun den private RSA-nĆøgle og certifikatforespĆørgslen blive oprettet, og du " +"vil skulle underskrive certifikatforespĆørgslen med dit Certificate Authority." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "Landekode for X.509-certifikatforespĆørgslen:" + +# hvad er det for en tobogstavskode de henviser til her? DA eller DK. +# ISO 3166 som de nƦvner efterfĆølgende er trecifret (DNK), men underdelen af +# 3166 er tocifret og DK for Danmark, men det dƦkker omrĆ„derne i Danmark +# som Midtjylland DK-82 med flere. +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Indtast venligst koden, der bestĆ„r af to bogstaver, for landet hvor serveren " +"befinder sig (sĆ„som Ā»DKĀ« for Danmark)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL vil nƦgte at oprette et certifikat med mindre dette er en gyldig " +"ISO-3166 landekode. Et tomt felt er tilladt andre steder i X.509-" +"certifikatet men ikke her." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Stat eller provinsnavn for X.509-certifikatforespĆørgslen:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Indtast venligst det fulde navn pĆ„ staten eller provinsen som serveren " +"befinder sig i (sĆ„som Ā»NordjyllandĀ«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Lokalitetsnavn for X.509-certifikatforespĆørgslen:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Indtast venligst lokaliteten hvor serveren befinder sig (ofte en by, sĆ„som " +"Ā»Ć
rhusĀ«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Organisationsnavn for X.509-certifikatforespĆørglsen:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Indtast venligst organisationen som serveren tilhĆører (sĆ„som Ā»DebianĀ«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Organisationsgruppe for X.509-certifikatforespĆørgslen:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Indtast venligst organisationsgruppen som serveren tilhĆører (sĆ„som " +"Ā»sikkerhedsafdelingenĀ«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Betegnelsen for X.509-certifikatforespĆørgslen:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Indtast venligst betegnelsen (navnet) for denne vƦrt (sĆ„som Ā»gateway." +"eksempel.orgĀ«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "E-post-adresse for X.509-certifikatforespĆørgslen:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Indtast venligst e-post-adressen pĆ„ personen eller organisationen der er " +"ansvarlig for X.509-certifikatet." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Aktiver opportunistisk kryptering?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Denne version af strongSwan understĆøtter opportunistisk kryptering (OE), som " +"gemmer IPSec-godkendelsesinformation i DNS-punkter. Indtil dette er udbredt, " +"vil aktivering medfĆøre en vƦsentlig forsinkelse for hver ny udgĆ„ende " +"forbindelse." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Du skal kun aktivere opportunistisk kryptering, hvis du er sikker pĆ„, at du " +"Ćønsker det. Det kan fĆ„ internetforbindelsen til at gĆ„ ned (standardrute), " +"nĆ„r dƦmonen starter op." + + diff --git a/debian/po/de.po b/debian/po/de.po new file mode 100644 index 000000000..8cd707cbb --- /dev/null +++ b/debian/po/de.po @@ -0,0 +1,782 @@ +# German translation of strongswan templates +# Matthias Julius <mdeb@julius-net.net>, 2007. +# Martin Eberhard Schauer <Martin.E.Schauer@gmx.de>, 2010. +# Helge Kreutzmann <debian@helgefjell.de>, 2007, 2010, 2013. +# This file is distributed under the same license as the strongswan package. +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan 4.4.0-1\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-11-02 15:40+0100\n" +"Last-Translator: Helge Kreutzmann <debian@helgefjell.de>\n" +"Language-Team: German <debian-l10n-german@lists.debian.org>\n" +"Language: de\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +# (mes) andere Ćbersetzungen fĆ¼r supersede: etw.Akk. ersetzen, fĆ¼r etw.Akk. Ersatz sein, an die Stelle von etw. Dat. treten, etw.Akk. Ć¼berflĆ¼ssig machen, etw.Akk. verdrƤngen +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Alte Verwaltung der Runlevel abgelƶst" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"FrĆ¼here Versionen von strongSwan ermƶglichten eine Wahl zwischen drei " +"verschiedenen Start/Stop-Modi. Aufgrund von Ćnderungen des standardmƤĆigen " +"Systemstarts ist dies nicht mehr notwendig oder nĆ¼tzlich. Sowohl fĆ¼r alle " +"neuen als auch bestehende Installationen, die in einem der vordefinierten " +"Modi betrieben wurden, werden jetzt vernĆ¼nftige Standardwerte gesetzt. Wenn " +"Sie jetzt ein Upgrade von einer frĆ¼heren Version durchfĆ¼hren und Sie die " +"strongSwan-Startparameter angepasst haben, werfen Sie bitte einen Blick auf " +"NEWS.Debian. Die Datei enthƤlt Anweisungen, wie Sie Ihre Installation " +"entsprechend Ƥndern." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "StrongSwan jetzt starten?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Es wird empfohlen, strongSwan neuzustarten, da eine Sicherheitskorrektur " +"erst nach dem Neustart des Daemons greift. Die meisten Leute erwarten, dass " +"der Daemon neustartet, daher ist diese Wahl eine gute Idee. Er kann " +"allerdings existierende Verbindungen beenden und erneut aufbauen. Falls Sie " +"solch eine Verbindung fĆ¼r diese Aktualisierung verwenden, wird der Neustart " +"nicht empfohlen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "strongSwans Charon-Daemon starten?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Der Charon-Daemon muss laufen, um das Internet-Key-Exchange-" +"Protokoll zu unterstĆ¼tzen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "FĆ¼r diesen Rechner ein X.509-Zertifikat verwenden?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"FĆ¼r diesen Rechner kann ein X.509-Zertifikat automatisch erstellt oder " +"importiert werden, das zur Authentifizierung von IPSec-Verbindungen zu " +"anderen Rechnern verwendet werden kann. Dieses Vorgehen ist fĆ¼r den Aufbau " +"gesicherter IPSec-Verbindungen vorzuziehen. Die andere Mƶglichkeit ist die " +"Verwendung von gemeinsamen Geheimnissen (engl.: shared secrets, gleiche " +"Passwƶrter an beiden Enden des Tunnels) zur Authentifizierung einer " +"Verbindung. FĆ¼r eine grƶĆere Anzahl von Verbindungen ist aber die RSA-" +"Authentifizierung einfacher zu verwalten und sicherer." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Alternativ kƶnnen Sie diese Option ablehnen und spƤter den Befehl Ā»dpkg-" +"reconfigure strongswanĀ« zur RĆ¼ckkehr zu dieser Option verwenden." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "erstellen" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "importieren" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"Methoden fĆ¼r die Authentifizierung dieses Rechners mittels eines X.509-" +"Zertifikats:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Es ist mƶglich, mit benutzerdefinierten Einstellungen ein neues X.509-" +"Zertifikat zu erstellen oder einen vorhandenen, in PEM-Datei(en) " +"gespeicherten, ƶffentlichen und privaten SchlĆ¼ssel fĆ¼r die Authentifizierung " +"von IPSec-Verbindungen zu verwenden." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Wenn Sie sich fĆ¼r die Erstellung eines neuen X.509-Zertifikats entscheiden, " +"wird Ihnen zunƤchst eine Reihe von Fragen gestellt. Diese Fragen mĆ¼ssen " +"beantwortet werden, damit das Zertifikat erstellt werden kann. Bitte " +"beachten Sie: Wenn Sie den ƶffentliche SchlĆ¼ssel von einer bestehenden " +"Zertifizierungsstelle (Certificate Authority, CA) bestƤtigen lassen wollen, " +"sollten Sie nicht wƤhlen, ein selbstsigniertes Zertifikat zu erstellen. " +"AuĆerdem mĆ¼ssen dann alle gegebenen Antworten exakt den Anforderungen der CA " +"entsprechen, da sonst der Antrag auf Zertifizierung zurĆ¼ckgewiesen werden " +"kann." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Wenn Sie bestehende ƶffentliche und private SchlĆ¼ssel importieren wollen, " +"werden Sie nach deren Dateinamen gefragt. (Die Namen kƶnnen Ć¼bereinstimmen, " +"wenn beide Teile zusammen in einer Datei gespeichert werden.) Optional " +"kƶnnen Sie auch den Namen einer Datei angeben, die den/die ƶffentlichen " +"SchlĆ¼ssel Ihrer Zertifizierungsstelle enthƤlt. Dieser Name muss von den " +"Erstgenannten verschieden sein. Bitte beachten Sie auch, dass Sie fĆ¼r die " +"X.509-Zertifikate das Format PEM verwenden und dass der private SchlĆ¼ssel " +"nicht verschlĆ¼sselt sein darf, weil sonst der Import-Vorgang fehlschlagen " +"wird." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Dateiname Ihres X.509-Zertifikats im PEM-Format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Bitte geben Sie den Speicherort der Datei ein, die Ihr X.509-Zertifikat im " +"PEM-Format enthƤlt." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Dateiname des privaten X.509-SchlĆ¼ssels im PEM-Format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Bitte geben Sie den Speicherort der Datei ein, die den zu Ihrem X.509-" +"Zertifikat passenden privaten RSA-SchlĆ¼ssel im PEM-Format enthƤlt. Dies kann " +"dieselbe Datei sein, die das X.509-Zertifikat enthƤlt." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Dateinamen Ihrer PEM-Format-X.509-RootCA:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Optional kƶnnen Sie nun den Speicherort der Datei mit dem Ā»X.509 Certificate " +"Authority RootĀ« angeben, mit dem Ihr Zertifikat im PEM-Format unterzeichnet " +"wurde. Wenn Sie keine haben oder diese nicht verwenden wollen, lassen Sie " +"dieses Feld bitte leer. Bitte beachten Sie, dass es nicht mƶglich ist, die " +"RootCA in der gleichen Datei wie Ihr X.509-Zertifikat oder den privaten " +"SchlĆ¼ssel zu speichern." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "" +"Bitte geben Sie ein, welche LƤnge der erstellte RSA-SchlĆ¼ssels haben soll:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Bitte geben Sie die LƤnge des erstellten RSA-SchlĆ¼ssels an. Er sollte nicht " +"kĆ¼rzer als 1024 Bits sein, da dies als unsicher betrachtet werden kƶnnte und " +"Sie benƶtigen nicht mehr als 4096 Bits, da dies nur den Authentifizierungs-" +"Prozess verlangsamt und derzeit nicht benƶtigt wird." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Selbstsigniertes X.509-Zertifikat erstellen?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Nur selbstsignierte X.509-Zertifikate kƶnnen automatisch erstellt werden, da " +"andernfalls eine Zertifizierungsstelle zur Signatur der " +"Zertifikatsanfrage benƶtigt wird. Falls Sie sich entscheiden, ein " +"selbstsigniertes Zertifikat zu erstellen, kƶnnen Sie es sofort zur " +"Verbindung mit anderen IPSec-Rechnern verwenden, die X.509-Zertifikate zur " +"Authentifizierung von IPSec-Verbindungen unterstĆ¼tzen. Die Verwendung der PKI-" +"FunktionalitƤt von strongSwan verlangt allerdings, dass alle Zertifikate von " +"einer Zertifizierungsstelle signiert sind, um einen Vertrauenspfad zu " +"erstellen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Falls Sie kein selbstsigniertes Zertifikat erstellen mƶchten, wird nur der " +"private RSA-SchlĆ¼ssel und die Zertifikatsanforderung erstellt. Sie mĆ¼ssen " +"diese Zertifikatsanforderung von Ihrer Zertifizierungsstelle signieren " +"lassen." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "LƤndercode fĆ¼r die X.509-Zertifikatsanforderung:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Geben Sie den LƤndercode (zwei Zeichen) fĆ¼r das Land ein, in dem der Server " +"steht (z. B. Ā»ATĀ« fĆ¼r Ćsterreich)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"Ohne einen gĆ¼ltigen LƤndercode nach ISO-3166 wird es OpenSSL ablehnen, ein " +"Zertifikat zu generieren. Ein leeres Feld ist fĆ¼r andere Elemente des X.509-" +"Zertifikats zulƤssig, aber nicht fĆ¼r dieses." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Name des Landes oder der Provinz fĆ¼r diese X.509-Zertifikatsanfrage:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Bitte geben Sie den kompletten Namen des Landes oder der Provinz ein, in der " +"sich der Server befindet (wie Ā»OberƶsterreichĀ«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Ort fĆ¼r die X.509-Zertifikatsanforderung:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Geben Sie bitte den Ort an, an dem der Server steht (oft ist das eine Stadt " +"wie beispielsweise Ā»WienĀ«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Organisationsname fĆ¼r die X.509-Zertifikatsanforderung:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Bitte geben Sie die Organisation an, zu der der Server gehƶrt (wie z.B. " +"Ā»DebianĀ«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Organisationseinheit fĆ¼r die X.509-Zertifikatsanforderung:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Bitte geben Sie die Organisationseinheit fĆ¼r die X.509-" +"Zertifikatsanforderung ein (z.B. Ā»SicherheitsgruppeĀ«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Ā»Common NameĀ« fĆ¼r die X.509-Zertifikatsanforderung:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Bitte geben Sie den Ā»Common NameĀ« fĆ¼r diesen Rechner ein (wie z.B. Ā»gateway." +"example.orgĀ«)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "E-Mail-Adresse fĆ¼r die X.509-Zertifikatsanforderung:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Bitte geben Sie die E-Mail-Adresse der fĆ¼r das X.509-Zertifikat " +"verantwortlichen Person oder Organisation ein." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Opportunistische VerschlĆ¼sselung aktivieren?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Diese Version von strongSwan unterstĆ¼tzt opportunistische VerschlĆ¼sselung " +"(OE), die IPSec-Authentifizierungsinformationen in DNS-EintrƤgen speichert. " +"Bis dies weit verbreitet ist, fĆ¼hrt die Verwendung zu einer deutlichen " +"Verzƶgerung bei jeder ausgehenden Verbindung." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Sie sollten opportunistische VerschlĆ¼sselung nur verwenden, falls Sie sich " +"sicher sind, dass Sie sie verwenden mƶchten. Beim Starten des Daemons " +"kƶnnte die Internetverbindung (Default Route) unterbrochen werden." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "Der Pluto-Daemon muss laufen, um Version 1 des Internet Key Exchange-" +#~ "Protokolls zu unterstĆ¼tzen." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "strongSwans IKEv2-Daemon starten?" + +#~ msgid "" +#~ "Previous versions of the Openswan package gave a choice between three " +#~ "different Start/Stop-Levels. Due to changes in the standard system " +#~ "startup procedure, this is no longer necessary or useful. For all new " +#~ "installations as well as old ones running in any of the predefined modes, " +#~ "sane default levels will now be set. If you are upgrading from a previous " +#~ "version and changed your Openswan startup parameters, then please take a " +#~ "look at NEWS.Debian for instructions on how to modify your setup " +#~ "accordingly." +#~ msgstr "" +#~ "FrĆ¼here Versionen von Openswan ermƶglichten eine Wahl zwischen drei " +#~ "verschiedenen Start/Stop-Ebenen. Aufgrund von Ćnderungen des " +#~ "standardmƤĆigen Systemstarts ist dies nicht mehr notwendig oder nĆ¼tzlich. " +#~ "Sowohl fĆ¼r alle neuen als auch bestehende Installationen, die in einem " +#~ "der vordefinierten Modi betrieben wurden, werden jetzt vernĆ¼nftige " +#~ "Standardwerte gesetzt. Wenn Sie jetzt ein Upgrade von einer frĆ¼heren " +#~ "Version durchfĆ¼hren und Sie die Openswan-Startparameter angepasst haben, " +#~ "werfen Sie bitte einen Blick auf NEWS.Debian. Die Datei enthƤlt " +#~ "Anweisungen, wie Sie Ihren Setup entsprechend Ƥndern." + +#~ msgid "Restart Openswan now?" +#~ msgstr "Mƶchten Sie jetzt Openswan neustarten?" + +#~ msgid "" +#~ "Restarting Openswan is recommended, since if there is a security fix, it " +#~ "will not be applied until the daemon restarts. Most people expect the " +#~ "daemon to restart, so this is generally a good idea. However, this might " +#~ "take down existing connections and then bring them back up, so if you are " +#~ "using such an Openswan tunnel to connect for this update, restarting is " +#~ "not recommended." +#~ msgstr "" +#~ "Der Neustart von Openswan wird empfohlen. Wenn mit dieser Version ein " +#~ "Sicherheitsproblem beseitigt wurde, wird dies erst nach dem Neustart des " +#~ "Daemons wirksam. Da die meisten Anwender einen Neustart des Daemons " +#~ "erwarten, ist dies grundsƤtzlich eine gute Idee. Der Neustart kann aber " +#~ "bestehende Verbindungen schlieĆen und anschlieĆend wiederherstellen. Wenn " +#~ "Sie einen solchen Openswan-Tunnel fĆ¼r die Verbindung bei dieser " +#~ "Aktualisierung verwenden, wird von einem Neustart abgeraten." + +#~ msgid "" +#~ "Alternatively you can reject this option and later use the command \"dpkg-" +#~ "reconfigure openswan\" to come back." +#~ msgstr "" +#~ " Alternativ kƶnnen Sie diese Option ablehnen und spƤter mit dem Befehl " +#~ "Ā»dpkg-reconfigure openswanĀ« zurĆ¼ckzukommen." + +#~ msgid "Length of RSA key to be created:" +#~ msgstr "LƤnge des zu erstellenden RSA-SchlĆ¼ssels:" + +#~ msgid "" +#~ "Please enter the required RSA key-length. Anything under 1024 bits should " +#~ "be considered insecure; anything more than 4096 bits slows down the " +#~ "authentication process and is not useful at present." +#~ msgstr "" +#~ "Bitte geben Sie die LƤnge des zu erstellenden RSA-SchlĆ¼ssels ein. Sie " +#~ "sollte nicht weniger als 1024 Bit sein, da dies als unsicher betrachtet " +#~ "wird. Alles Ć¼ber 4098 Bit verlangsamt den Authentifizierungs-Prozess und " +#~ "ist zur Zeit nicht nĆ¼tzlich." + +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a Certificate Authority is needed to sign the certificate " +#~ "request. If you choose to create a self-signed certificate, you can use " +#~ "it immediately to connect to other IPsec hosts that support X.509 " +#~ "certificate for authentication of IPsec connections. However, using " +#~ "Openswan's PKI features requires all certificates to be signed by a " +#~ "single Certificate Authority to create a trust path." +#~ msgstr "" +#~ "Nur selbstsignierte X.509-Zertifikate kƶnnen automatisch erstellt werden, " +#~ "da anderenfalls fĆ¼r die Unterzeichnung der Zertifikatsanforderung eine " +#~ "Zertifizierungsstelle benƶtigt wird. Falls Sie ein selbstsigniertes " +#~ "Zertifikat erstellen, kƶnnen Sie dieses sofort verwenden, um sich mit " +#~ "anderen IPSec-Rechnern zu verbinden, die X.509-Zertifikate zur " +#~ "Authentifizierung von IPsec-Verbindungen benutzen. Falls Sie jedoch die " +#~ "PKI-Funktionen von Openswan verwenden mƶchten, mĆ¼ssen alle X.509-" +#~ "Zertifikate von einer einzigen Zertifizierungsstelle signiert sein, um " +#~ "einen Vertrauenspfad zu schaffen." + +#~ msgid "Modification of /etc/ipsec.conf" +#~ msgstr "VerƤnderung von /etc/ipsec.conf" + +#~ msgid "" +#~ "Due to a change in upstream Openswan, opportunistic encryption is no " +#~ "longer enabled by default. The no_oe.conf file that was shipped in " +#~ "earlier versions to explicitly disable it can therefore no longer be " +#~ "included by ipsec.conf. Any such include paragraph will now be " +#~ "automatically removed to ensure that Openswan can start correctly." +#~ msgstr "" +#~ "Aufgrund einer Ćnderung im Quelltext von Openswan ist opportunistische " +#~ "VerschlĆ¼sselung nicht mehr standardmƤĆig aktiviert. Ćltere Versionen von " +#~ "Openswan enthielten die Datei no_oe.conf, die zur expliziten " +#~ "Deaktivierung der opportunistischen VerschlĆ¼sselung diente. Diese kann " +#~ "jetzt nicht mehr mittels ipsec.conf aufgenommen werden. Jeder " +#~ "entsprechende Absatz wird jetzt automatisch entfernt, um einen korrekten " +#~ "Start von Openswan sicherzustellen." + +#~ msgid "Do you wish to restart strongSwan?" +#~ msgstr "Mƶchten Sie strongSwan neustarten?" + +#~ msgid "Please enter the location of your X509 certificate in PEM format:" +#~ msgstr "" +#~ "Bitte geben Sie den Ort der Datei an, der Ihr X509-Zertifikat im PEM-" +#~ "Format enthƤlt." + +#~ msgid "Please enter the location of your X509 private key in PEM format:" +#~ msgstr "" +#~ "Bitte geben Sie den Ort der Datei an, der Ihr X509-Zertifikat im PEM-" +#~ "Format enthƤlt." + +#~ msgid "" +#~ "Please enter the 2 letter country code for your country. This code will " +#~ "be placed in the certificate request." +#~ msgstr "" +#~ "Bitte geben Sie den zweibuchstabigen LƤndercode fĆ¼r Ihr Land ein. Dieser " +#~ "Code wird in der Zertifikatsanfrage verwendet." + +#~ msgid "Example: AT" +#~ msgstr "Beispiel: AT" + +#~ msgid "Example: Upper Austria" +#~ msgstr "Beispiel: Oberƶsterreich" + +#~ msgid "Example: Vienna" +#~ msgstr "Beispiel: Wien" + +#~ msgid "" +#~ "Please enter the organization (e.g. company) that the X509 certificate " +#~ "should be created for. This name will be placed in the certificate " +#~ "request." +#~ msgstr "" +#~ "Bitte geben Sie die Organisation (z.B. Firma) ein, fĆ¼r die das X509-" +#~ "Zertifikat erstellt werden soll. Dieser Name wird in der " +#~ "Zertifikatsanfrage verwandt." + +#~ msgid "Example: Debian" +#~ msgstr "Beispiel: Debian" + +#~ msgid "Example: security group" +#~ msgstr "Beispiel: Sicherheitsgruppe" + +#~ msgid "Example: gateway.debian.org" +#~ msgstr "Beispiel: gateway.debian.org" + +#~ msgid "When to start strongSwan:" +#~ msgstr "Wann soll strongSwan gestartet werden:" + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Falls Sie kein neues ƶffentliches/privates SchlĆ¼sselpaar erstellen " +#~ "wollen, kƶnnen Sie im nƤchsten Schritt ein existierendes auswƤhlen." + +#~ msgid "earliest, \"after NFS\", \"after PCMCIA\"" +#~ msgstr "frĆ¼hestmƶglich, Ā»nach NFSĀ«, Ā»nach PCMCIAĀ«" + +#~ msgid "" +#~ "There are three possibilities when strongSwan can start: before or after " +#~ "the NFS services and after the PCMCIA services. The correct answer " +#~ "depends on your specific setup." +#~ msgstr "" +#~ "Es gibt drei Mƶglichkeiten, wann strongSwan starten kann: vor oder nach " +#~ "den NFS-Diensten und nach den PCMCIA-Diensten. Die richtige Antwort hƤngt " +#~ "von Ihrer spezifischen Einrichtung ab." + +#~ msgid "" +#~ "If you do not have your /usr tree mounted via NFS (either you only mount " +#~ "other, less vital trees via NFS or don't use NFS mounted trees at all) " +#~ "and don't use a PCMCIA network card, then it's best to start strongSwan " +#~ "at the earliest possible time, thus allowing the NFS mounts to be secured " +#~ "by IPSec. In this case (or if you don't understand or care about this " +#~ "issue), answer \"earliest\" to this question (the default)." +#~ msgstr "" +#~ "Falls Sie Ihren /usr-Baum nicht Ć¼ber NFS eingehƤngt haben (entweder weil " +#~ "Sie nur andere, weniger lebenswichtige BƤume Ć¼ber NFS einhƤngen, oder " +#~ "falls Sie NFS Ć¼berhaupt nicht verwenden) und keine PCMCIA-Netzwerkkarte " +#~ "benutzen, ist es am besten, strongSwan so frĆ¼h wie mƶglich zu starten und " +#~ "damit durch IPSec gesicherte NFS-EinhƤngungen zu erlauben. In diesem Fall " +#~ "(oder falls Sie dieses Problem nicht verstehen oder es Ihnen egal ist), " +#~ "antworten Sie Ā»frĆ¼hestmƶglichĀ« (Standardwert) auf diese Frage." + +#~ msgid "" +#~ "If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +#~ "card, then you will need to start strongSwan after NFS so that all " +#~ "necessary files are available. In this case, answer \"after NFS\" to this " +#~ "question. Please note that the NFS mount of /usr can not be secured by " +#~ "IPSec in this case." +#~ msgstr "" +#~ "Falls Sie Ihren /usr-Baum Ć¼ber NFS eingehƤngt haben und keine PCMCIA-" +#~ "Netzwerkkarte benutzen, mĆ¼ssen Sie strongSwan nach NFS starten, so dass " +#~ "alle benƶtigten Dateien verfĆ¼gbar sind. In diesem Fall antworten Sie " +#~ "Ā»nach NFSĀ« auf diese Frage. Bitte beachten Sie, dass NFS-EinhƤngungen " +#~ "von /usr in diesem Fall nicht Ć¼ber IPSec gesichert werden kƶnnen." + +#~ msgid "" +#~ "If you use a PCMCIA network card for your IPSec connections, then you " +#~ "only have to choose to start it after the PCMCIA services. Answer \"after " +#~ "PCMCIA\" in this case. This is also the correct answer if you want to " +#~ "fetch keys from a locally running DNS server with DNSSec support." +#~ msgstr "" +#~ "Falls Sie eine PCMCIA-Netzwerkkarte fĆ¼r Ihre IPSec-Verbindungen benutzen, " +#~ "dann mĆ¼ssen Sie nur auswƤhlen, dass er nach den PCMCIA-Diensten startet. " +#~ "Antworten Sie in diesem Fall Ā»nach PCMCIAĀ«. Dies ist auch die richtige " +#~ "Antwort, falls Sie SchlĆ¼ssel von einem lokal laufenden DNS-Server mit " +#~ "DNSSec-UnterstĆ¼tzung abholen wollen." + +#~ msgid "Do you wish to support IKEv1?" +#~ msgstr "Mƶchten Sie IKEv1 unterstĆ¼tzen?" + +#~ msgid "" +#~ "strongSwan supports both versions of the Internet Key Exchange protocol, " +#~ "IKEv1 and IKEv2. Do you want to start the \"pluto\" daemon for IKEv1 " +#~ "support when strongSwan is started?" +#~ msgstr "" +#~ "strongSwan unterstĆ¼tzt beide Versionen des Ā»Internet Key ExchangeĀ«-" +#~ "Protokolls (SchlĆ¼sselaustausch Ć¼ber Internet), IKEv1 und IKEv2. Mƶchten " +#~ "Sie den Ā»plutoĀ«-Daemon fĆ¼r IKEv1-UnterstĆ¼tzung starten, wenn strongSwan " +#~ "gestartet wird." + +#~ msgid "Do you wish to support IKEv2?" +#~ msgstr "Mƶchten Sie IKEv2 unterstĆ¼tzen?" + +#~ msgid "" +#~ "strongSwan supports both versions of the Internet Key Exchange protocol, " +#~ "IKEv1 and IKEv2. Do you want to start the \"charon\" daemon for IKEv2 " +#~ "support when strongSwan is started?" +#~ msgstr "" +#~ "strongSwan unterstĆ¼tzt beide Versionen des Ā»Internet Key ExchangeĀ«-" +#~ "Protokolls (SchlĆ¼sselaustausch Ć¼ber Internet), IKEv1 und IKEv2. Mƶchten " +#~ "Sie den Ā»charonĀ«-Daemon fĆ¼r IKEv2-UnterstĆ¼tzung starten, wenn strongSwan " +#~ "gestartet wird." + +#~ msgid "" +#~ "strongSwan comes with support for opportunistic encryption (OE), which " +#~ "stores IPSec authentication information (i.e. RSA public keys) in " +#~ "(preferably secure) DNS records. Until this is widely deployed, " +#~ "activating it will cause a significant slow-down for every new, outgoing " +#~ "connection. Since version 2.0, strongSwan upstream comes with OE enabled " +#~ "by default and is thus likely to break your existing connection to the " +#~ "Internet (i.e. your default route) as soon as pluto (the strongSwan " +#~ "keying daemon) is started." +#~ msgstr "" +#~ "strongSwan enthƤlt UnterstĆ¼tzung fĆ¼r opportunistische VerschlĆ¼sselung " +#~ "(OV), die Authentifizierungsinformationen von IPSec (z.B. ƶffentliche RSA-" +#~ "SchlĆ¼ssel) in DNS-DatensƤtzen speichert. Solange dies nicht weit " +#~ "verbreitet ist, wird jede neue ausgehende Verbindung signifikant " +#~ "verlangsamt, falls diese Option aktiviert ist. Seit Version 2.0 wird " +#~ "strongSwan von den Autoren mit aktiviertem OV ausgeliefert und wird daher " +#~ "wahrscheinlich Ihre existierenden Verbindungen ins Internet (d.h. Ihre " +#~ "Standard-Route) stƶren, sobald Pluto (der strongSwan SchlĆ¼ssel-Daemon) " +#~ "gestartet wird." + +#~ msgid "" +#~ "Please choose whether you want to enable support for OE. If unsure, do " +#~ "not enable it." +#~ msgstr "" +#~ "Bitte wƤhlen Sie aus, ob Sie OV aktivieren mƶchten. Falls Sie unsicher " +#~ "sind, aktivieren Sie es nicht." + +#~ msgid "x509, plain" +#~ msgstr "x509, einfach" + +#~ msgid "The type of RSA keypair to create:" +#~ msgstr "Die Art des RSA-SchlĆ¼sselpaars, das erstellt werden soll:" + +#~ msgid "" +#~ "It is possible to create a plain RSA public/private keypair for use with " +#~ "strongSwan or to create a X509 certificate file which contains the RSA " +#~ "public key and additionally stores the corresponding private key." +#~ msgstr "" +#~ "Es besteht die Mƶglichkeit, ein einfaches ƶffentliches/privates " +#~ "SchlĆ¼sselpaar fĆ¼r den Einsatz mit strongSwan oder eine X509-" +#~ "Zertifikatsdatei zu erstellen, die den ƶffentlichen SchlĆ¼ssel und " +#~ "zusƤtzlich den zugehƶrigen privaten SchlĆ¼ssel enthƤlt." + +#~ msgid "" +#~ "If you only want to build up IPSec connections to hosts also running " +#~ "strongSwan, it might be a bit easier using plain RSA keypairs. But if you " +#~ "want to connect to other IPSec implementations, you will need a X509 " +#~ "certificate. It is also possible to create a X509 certificate here and " +#~ "extract the RSA public key in plain format if the other side runs " +#~ "strongSwan without X509 certificate support." +#~ msgstr "" +#~ "Falls Sie nur IPSec-Verbindungen zu Rechnern aufbauen wollen, auf denen " +#~ "auch strongSwan lƤuft, kƶnnte es etwas einfacher sein, einfache RSA-" +#~ "SchlĆ¼sselpaare zu verwenden. Falls Sie aber mit anderen IPSec-" +#~ "Implementierungen Verbindungen aufnehmen wollen, benƶtigen Sie ein X509-" +#~ "Zertifikat. Es besteht auch die Mƶglichkeit, hier ein X509-Zertifikat zu " +#~ "erstellen und den ƶffentlichen RSA-SchlĆ¼ssel im einfachen Format zu " +#~ "extrahieren, falls die andere Seite strongSwan ohne X509-" +#~ "ZertifikatsunterstĆ¼tzung betreibt." + +#~ msgid "" +#~ "Therefore a X509 certificate is recommended since it is more flexible and " +#~ "this installer should be able to hide the complex creation of the X509 " +#~ "certificate and its use in strongSwan anyway." +#~ msgstr "" +#~ "Daher wird ein X509-Zertifikat empfohlen, da es flexibler ist und dieses " +#~ "Installationsprogramm in der Lage sein sollte, die komplexe Erstellung " +#~ "des X509-Zertifikates und seinen Einsatz in strongSwan zu verstecken." diff --git a/debian/po/es.po b/debian/po/es.po new file mode 100644 index 000000000..2361c2368 --- /dev/null +++ b/debian/po/es.po @@ -0,0 +1,655 @@ +# strongswan po-debconf translation to Spanish +# Copyright (C) 2010 Software in the Public Interest +# This file is distributed under the same license as the strongswan package. +# +# Changes: +# - Initial translation +# Francisco Javier Cuadrado <fcocuadrado@gmail.com>, 2010 +# +# - Updates +# MatĆas Bellone <matiasbellone+debian@gmail.com>, 2013 +# +# Traductores, si no conocen el formato PO, merece la pena leer la +# documentaciĆ³n de gettext, especialmente las secciones dedicadas a este +# formato, por ejemplo ejecutando: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Equipo de traducciĆ³n al espaƱol, por favor lean antes de traducir +# los siguientes documentos: +# +# - El proyecto de traducciĆ³n de Debian al espaƱol +# http://www.debian.org/intl/spanish/ +# especialmente las notas y normas de traducciĆ³n en +# http://www.debian.org/intl/spanish/notas +# +# - La guĆa de traducciĆ³n de po's de debconf: +# /usr/share/doc/po-debconf/README-trans +# o http://www.debian.org/intl/l10n/po-debconf/README-trans +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan 4.4.1-5\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-12-17 17:19-0300\n" +"Last-Translator: MatĆas Bellone <matiasbellone+debian@gmail.com>\n" +"Language-Team: Debian l10n Spanish <debian-l10n-spanish@lists.debian.org>\n" +"Language: es\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Se ha sustituido la antigua gestiĆ³n del nivel de ejecuciĆ³n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Las versiones previas del paquete de strongSwan daban la opciĆ³n de elegir " +"entre tres niveles diferentes de inicio/parada. Debido a los cambios en el " +"procedimiento del sistema estĆ”ndar de arranque esto ya no es necesario ni " +"Ćŗtil. Para todas las instalaciones nuevas, asĆ como para las antiguas que " +"ejecuten cualquiera de los modos predefinidos, se configurarĆ”n unos niveles " +"predeterminados vĆ”lidos. Si estĆ” actualizando de una versiĆ³n antigua y ha " +"cambiado los parĆ”metros de arranque de strongSwan, revise el archivo Ā«NEWS." +"DebianĀ» para leer las instrucciones sobre cĆ³mo modificar su configuraciĆ³n " +"apropiadamente." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "ĀæDesea reiniciar strongSwan ahora mismo?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Se recomienda reiniciar strongSwan, porque si hay un parche de seguridad " +"Ć©ste no se aplicarĆ” hasta que reinicie el demonio. La mayorĆa de la gente " +"espera que el demonio se reinicie, asĆ que generalmente es una buena idea. " +"Sin embargo, esto puede cerrar las conexiones existentes y despuĆ©s volverlas " +"a abrir, de modo que si estĆ” utilizando un tĆŗnel de strongSwan en la " +"conexiĆ³n de esta actualizaciĆ³n, no es recomendable reiniciar." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "ĀæDesea iniciar el demonio charon de strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"El demonio charon debe estar en ejecuciĆ³n para utilizar el protocolo de " +"intercambio de claves por Internet (Ā«Internet Key ExchangeĀ»)." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "ĀæDesea utilizar un certificado X.509 para esta mĆ”quina?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Se puede crear automĆ”ticamente o importar un certificado X.509 para esta " +"mĆ”quina. Puede utilizarlo para autenticar conexiones IPsec de otras mĆ”quinas " +"y es la forma preferida para construir conexiones IPsec seguras. La otra " +"posibilidad serĆa utilizar secretos compartidos (contraseƱas que son la " +"misma en ambos lados del tĆŗnel) para autenticar una conexiĆ³n, pero para un " +"gran nĆŗmero de conexiones, la autenticaciĆ³n basada en claves es mĆ”s sencilla " +"de administrar y mĆ”s segura." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"TambiĆ©n puede rechazar esta opciĆ³n y utilizar mĆ”s tarde Ā«dpkg-reconfigure " +"strongswanĀ» para volver a configurar esta opciĆ³n." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "crear" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "importar" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"MĆ©todos para utilizar un certificado X.509 para autenticar esta mĆ”quina:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Puede crear un certificado X.509 nuevo con una configuraciĆ³n definida por el " +"usuario o importar una clave pĆŗblica/privada almacenada en archivo/s PEM " +"para autenticar las conexiones IPsec." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Si elige crear un certificado X.509 nuevo, primero se le realizarĆ”n unas " +"cuantas preguntas que deberĆ” contestar antes de que comience el proceso de " +"creaciĆ³n. Tenga en cuenta que si desea que una Autoridad de CertificaciĆ³n " +"(CA) firme la clave pĆŗblica no deberĆa elegir crear un certificado auto-" +"firmado y todas las respuestas deberĆ”n coincidir exactamente con los " +"requisitos de la CA, de otro modo puede que se rechace la peticiĆ³n del " +"certificado." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Si desea importar una clave pĆŗblica/privada, se le preguntarĆ” por los " +"nombres de los archivos (que pueden ser idĆ©nticos si ambas partes se " +"almacenan en un Ćŗnico archivo). Opcionalmente, puede indicar el nombre de un " +"archivo donde se encuentran las clave/s pĆŗblica/s de la Autoridad de " +"CertificaciĆ³n, pero este archivo no puede ser el mismo que los anteriores. " +"Tenga en cuenta que el formato para los certificados X.509 tiene que ser PEM " +"y que la clave privada no debe estar cifrada o el proceso de importaciĆ³n " +"fallarĆ”." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Nombre del archivo del certificado X.509 en formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Introduzca la ubicaciĆ³n completa del archivo que contiene el certificado " +"X.509 en formato PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "" +"Nombre del archivo de la clave privada del certificado X.509 en formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Introduzca la ubicaciĆ³n del archivo que contiene la clave privada RSA del " +"certificado X.509 en formato PEM. Puede ser el mismo archivo que contiene el " +"certificado X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "" +"Nombre del archivo del certificado X.509 de la raĆz de la Autoridad de " +"CertificaciĆ³n (CA) en formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Opcionalmente, ahora puede introducir la ubicaciĆ³n del archivo que contiene " +"el certificado X.509 de la raĆz de la Autoridad de CertificaciĆ³n (CA) " +"utilizado para firmar su certificado en formato PEM. Si no tiene uno o no " +"desea utilizarlo, deje este campo en blanco. Tenga en cuenta que no es " +"posible almacenar la raĆz de la CA en el mismo archivo que su certificado " +"X.509 o la clave privada." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Introduzca la longitud que deberĆa tener la clave RSA a crear:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Introduzca la longitud de la clave RSA a crear. No deberĆa ser menor de 1024 " +"bits porque se considera inseguro, ademĆ”s probablemente no necesite mĆ”s de " +"4096 bits porque sĆ³lo ralentiza el proceso de autenticaciĆ³n y no es " +"necesario en estos momentos." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "ĀæDesea crear un certificado X.509 auto-firmado?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"SĆ³lo se pueden crear automĆ”ticamente los certificados X.509 auto-firmados " +"porque en otros casos se necesita que la Autoridad de CertificaciĆ³n (CA) " +"firme la peticiĆ³n del certificado. Si elige crear un certificado auto-" +"firmado, puede utilizarlo inmediatamente para conectar a otras mĆ”quinas " +"IPsec que permitan la autenticaciĆ³n de conexiones IPsec con certificados " +"X.509. Sin embargo, si utiliza las funcionalidades PKI de strongSwan es " +"necesario que todos los certificados estĆ©n firmados por una Ćŗnica Autoridad " +"de CertificaciĆ³n para crear una ruta segura." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Si no elige crear un certificado auto-firmado, sĆ³lo se crearĆ”n la clave " +"privada y la peticiĆ³n del certificado, y tendrĆ” que firmar la peticiĆ³n del " +"certificado con su Autoridad de CertificaciĆ³n." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "CĆ³digo del paĆs para la peticiĆ³n del certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Introduzca el cĆ³digo de dos letras para el paĆs en el que el servidor estĆ” " +"ubicado (por ejemplo: Ā«ESĀ» para EspaƱa)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL se negarĆ” a generar un certificado a menos que este campo sea un " +"cĆ³digo de paĆs ISO-3166 vĆ”lido, ademĆ”s no se permite que este campo quede en " +"blanco." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Estado o provincia para la peticiĆ³n del certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Introduzca el nombre completo del estado o la provincia donde estĆ” ubicado " +"el servidor (por ejemplo: Ā«Comunidad de MadridĀ»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Nombre de la localidad para la peticiĆ³n del certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Introduzca la localidad donde estĆ” ubicado el servidor (normalmente una " +"ciudad, por ejemplo: Ā«MadridĀ»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Nombre de la organizaciĆ³n para la peticiĆ³n del certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Introduzca la organizaciĆ³n a la que perteneces el servidor (por ejemplo: " +"Ā«DebianĀ»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Nombre del departamento para la peticiĆ³n del certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Introduzca el nombre del departamento o unidad de la organizaciĆ³n " +"(Ā«organizational unitĀ», OU) al que pertenece el servidor (por ejemplo: " +"Ā«departamento de seguridadĀ»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Nombre ComĆŗn (CN) para la peticiĆ³n del certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Introduzca el Nombre ComĆŗn (CN) de esta mĆ”quina (por ejemplo: Ā«gateway." +"example.orgĀ»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "" +"DirecciĆ³n de correo electrĆ³nico para la peticiĆ³n del certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Introduzca la direcciĆ³n de correo electrĆ³nico de la persona u organizaciĆ³n " +"responsable del certificado X.509." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "ĀæDesea activar el cifrado oportunista?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Esta versiĆ³n de strongSwan permite utilizar cifrado oportunista " +"(Ā«Opportunistic EncryptionĀ», OE), que almacena la informaciĆ³n de la " +"autenticaciĆ³n de IPSec en registros DNS. Hasta que estos registros estĆ©n " +"ampliamente difundidos, activarlo puede causar un gran retraso para cada " +"conexiĆ³n saliente." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"SĆ³lo deberĆa activar el cifrado oportunista si estĆ” seguro que lo desea. " +"Esto puede romper la conexiĆ³n a internet (la ruta predeterminada) cuando " +"inicia el demonio pluto." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "El demonio pluto se debe ejecutar para poder utilizar la versiĆ³n 1 del " +#~ "protocolo de intercambio de claves por internet (Ā«Internet Key ExchangeĀ»)." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "ĀæDesea iniciar el demonio IKEv2 de StrongSwan?" + +#~ msgid "earliest" +#~ msgstr "lo mĆ”s pronto posible" + +#~ msgid "after NFS" +#~ msgstr "despuĆ©s de NFS" + +#~ msgid "after PCMCIA" +#~ msgstr "despuĆ©s de PCMCIA" + +#~ msgid "When to start strongSwan:" +#~ msgstr "Cuando se iniciarĆ” strongSwan:" + +#~ msgid "" +#~ "StrongSwan starts during system startup so that it can protect " +#~ "filesystems that are automatically mounted." +#~ msgstr "" +#~ "StrongSwan se inicia durante el arranque del sistema, de modo que pueda " +#~ "proteger los sistemas de archivos que se montan automĆ”ticamente." + +#~ msgid "" +#~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" +#~ " PCMCIA network card, it is best to start strongSwan as soon as\n" +#~ " possible, so that NFS mounts can be secured by IPSec;\n" +#~ " * after NFS: recommended when /usr is mounted through NFS and no\n" +#~ " PCMCIA network card is used;\n" +#~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" +#~ " network card or if it needs keys to be fetched from a locally running " +#~ "DNS\n" +#~ " server with DNSSec support." +#~ msgstr "" +#~ " * lo mĆ”s pronto posible: si Ā«/usrĀ» no estĆ” montado mediante NFS y no usa " +#~ "una\n" +#~ " tarjeta de red PCMCIA, es mejor iniciar strongSwan lo mĆ”s pronto " +#~ "posible,\n" +#~ " de modo que el montaje de NFS se pueda asegurar mediante IPSec.\n" +#~ " * despuĆ©s de NFS: se recomienda cuando Ā«/usrĀ» se monta mediante NFS y " +#~ "no\n" +#~ " se usa una tarjeta de red PCMCIA.\n" +#~ " * despuĆ©s de PCMCIA: se recomienda si la conexiĆ³n IPSec usa una tarjeta\n" +#~ " de red PCMCIA o si necesita obtener las claves desde un servidor de " +#~ "DNS local\n" +#~ " compatible con DNSSec." + +#~ msgid "" +#~ "If you don't restart strongSwan now, you should do so manually at the " +#~ "first opportunity." +#~ msgstr "" +#~ "Si no quiere reiniciar strongSwan ahora mismo, deberĆa realizarlo " +#~ "manualmente cuando considere oportuno." + +#~ msgid "Create an RSA public/private keypair for this host?" +#~ msgstr "" +#~ "ĀæDesea crear un par de claves (pĆŗblica/privada) RSA para este equipo?" + +#~ msgid "" +#~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " +#~ "authenticate IPSec connections to other hosts. RSA authentication is " +#~ "generally considered more secure and is easier to administer. You can use " +#~ "PSK and RSA authentication simultaneously." +#~ msgstr "" +#~ "StrongSwan puede utilizar una clave pre-compartida (Ā«Pre-Shared KeyĀ», " +#~ "PSK) o un par de claves RSA para autenticarse en las conexiones IPSec con " +#~ "otras mĆ”quinas. La autenticaciĆ³n con RSA se considera, generalmente, mĆ”s " +#~ "segura y mĆ”s fĆ”cil de administrar. Puede utilizar la autenticaciĆ³n con " +#~ "PSK y con RSA de forma simultĆ”nea." + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Si no quiere crear un nuevo par de claves, puede escoger utilizar un par " +#~ "existente en el siguiente paso." + +#~ msgid "" +#~ "The required information can automatically be extracted from an existing " +#~ "X.509 certificate with a matching RSA private key. Both parts can be in " +#~ "one file, if it is in PEM format. You should choose this option if you " +#~ "have such an existing certificate and key file and want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "La informaciĆ³n necesaria se puede extraer automĆ”ticamente desde un " +#~ "certificado X.509 con una clave privada RSA correspondiente. Ambas partes " +#~ "pueden estar en un Ćŗnico archivo, si estĆ” en el formato PEM. DeberĆa " +#~ "escoger esta opciĆ³n si tiene un certificado y un archivo de clave, y " +#~ "quiere utilizarlo para autenticar las conexiones IPSec." + +#~ msgid "RSA key length:" +#~ msgstr "Longitud de la clave RSA:" + +#~ msgid "" +#~ "Please enter the length of RSA key you wish to generate. A value of less " +#~ "than 1024 bits is not considered secure. A value of more than 2048 bits " +#~ "will probably affect performance." +#~ msgstr "" +#~ "Introduzca la longitud de la clave RSA que quiere generar. Un valor menor " +#~ "de 1024 bits no se considera seguro. Un valor de mĆ”s de 2048 bits puede " +#~ "afectar al rendimiento." + +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a certificate authority is needed to sign the certificate " +#~ "request." +#~ msgstr "" +#~ "SĆ³lo se pueden crear automĆ”ticamente certificados X.509 auto-firmados, " +#~ "porque de otro modo se necesitarĆa una autoridad de certificaciĆ³n para " +#~ "firmar la peticiĆ³n del certificado." + +#~ msgid "" +#~ "If you accept this option, the certificate created can be used " +#~ "immediately to connect to other IPSec hosts that support authentication " +#~ "via an X.509 certificate. However, using strongSwan's PKI features " +#~ "requires a trust path to be created by having all X.509 certificates " +#~ "signed by a single authority." +#~ msgstr "" +#~ "Si acepta esta opciĆ³n, el certificado creado se puede utilizar " +#~ "inmediatamente para conectar a otras mĆ”quinas de IPSec que permitan la " +#~ "autenticaciĆ³n mediante un certificado X.509. Sin embargo, si se utilizan " +#~ "las funcionalidades PKI de strongSwan se requiere crear una ruta de " +#~ "confianza para tener todos los certificados X.509 firmados por una Ćŗnica " +#~ "autoridad." + +#~ msgid "" +#~ "Please enter the two-letter ISO3166 country code that should be used in " +#~ "the certificate request." +#~ msgstr "" +#~ "Introduzca el cĆ³digo ISO3166 de dos letras del paĆs que se deberĆa " +#~ "utilizar en la peticiĆ³n del certificado." + +#~ msgid "" +#~ "This field is mandatory; otherwise a certificate cannot be generated." +#~ msgstr "" +#~ "Este campo es obligatorio, de otro modo no se podrĆa generar un " +#~ "certificado." + +#~ msgid "" +#~ "Please enter the locality name (often a city) that should be used in the " +#~ "certificate request." +#~ msgstr "" +#~ "Introduzca el nombre de la localidad (normalmente una ciudad) que se " +#~ "deberĆa usar en la peticiĆ³n del certificado." + +#~ msgid "" +#~ "Please enter the organization name (often a company) that should be used " +#~ "in the certificate request." +#~ msgstr "" +#~ "Introduzca el nombre de la organizaciĆ³n (normalmente una compaƱĆa) que se " +#~ "deberĆa usar en la peticiĆ³n del certificado." + +#~ msgid "" +#~ "Please enter the common name (such as the host name of this machine) that " +#~ "should be used in the certificate request." +#~ msgstr "" +#~ "Introduzca el nombre comĆŗn (como el nombre de la mĆ”quina) que se deberĆa " +#~ "usar en la peticiĆ³n del certificado." diff --git a/debian/po/eu.po b/debian/po/eu.po new file mode 100644 index 000000000..8a7f0ae61 --- /dev/null +++ b/debian/po/eu.po @@ -0,0 +1,463 @@ +# translation of strongswan_4.4.1-5.1_eu.po to Basque +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Piarres Beobide <pi@beobide.net>, 2009. +# IƱaki LarraƱaga Murgoitio <dooteo@zundan.com>, 2010, 2013. +msgid "" +msgstr "" +"Project-Id-Version: strongswan_4.4.1-5.1_eu\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-10-15 21:41+0200\n" +"Last-Translator: IƱaki LarraƱaga Murgoitio <dooteo@zundan.com>\n" +"Language-Team: Basque <librezale@librezale.org>\n" +"Language: eu\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Lokalize 1.4\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Exekuzio-mailaren kudeaketa zaharra ordeztuta" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"strongSwan paketearen aurreko bertsioak hiru Abiarazte-/Gelditzen-maila " +"desberdinen arteko aukera eskaintzen zuen. Sistemaren abioaren prozedura " +"arruntean aldaketak gertatu direnez, ez dira beharrezkoak edo erabilgarriak. " +"Instalazio berri guztientzako, aurredefinitutako moduetako batean " +"exekutatzen diren zaharretan ere, zentzuzko maila lehenetsiak ezarriko dira " +"orain. Aurreko bertsiotik eguneratzen ari bazara, eta strongSwan-en abioko " +"parametroak aldatu bazenituen, irakur ezazu NEWS.Debian fitxategia. " +"konfigurazioa modu egokian nola aldatzen den jakiteko." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Berrabiarazi StrongSwan orain?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"StrongSwan berrabiaraztea gomendatzen da segurtasunezko konponketa bat " +"badago ez baita ezarriko daemona berrabiarazi artea. Erabiltzaile gehienek " +"daemona berrabiaraztea espero dutenez, burutazio ona da hori. Hala ere, " +"honek martxan dauden konexioak itxi eta gero berriz abiaraziko ditu. Hori " +"dela eta, eguneraketa honetan strongSwan tunela erabiltzen ari bazara, ez da " +"gomendatzen berrabiaraztea." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "Abiarazi StrongSwan-ren 'charon' daemona abiarazi?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"'charon' daemona exekutatzen egon behar da Interneteko Gakoen Trukaketa " +"(IKE) protokoloa onartzeko." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "X.509 ziurtagiria erabili ostalari honentzako?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Ostalari honentzako X.509 ziurtagiri bat automatikoki sor edo inportatu " +"daiteke. Beste ostalariekin IPsec bidez konektatzean autentifikatzeko " +"erabili daiteke, eta hobetsitako bidea da IPsec konexio seguruak " +"eraikitzeko. Beste aukera bat ezkutukoak (tunelaren bi aldeetan berdinak " +"diren pasahitzak) partekatzea litzateke konexio bat autentifikatzeko, baina " +"konexio kopuru handi batentzako gakoetan oinarritutako autentifikazioa " +"errazagoa eta askoz ere seguruagoa da kudeatzeko." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Bestela, aukera hau ukatu dezakezu eta beranduago itzuli \"dpkg-reconfigure " +"strongswan\" komandoa erabiliz." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "sortu" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "inportatu" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "Metodoa ostalari hau X.509 ziurtagiria erabiliz autentifikatzeko:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"X.509 ziurtagiri berri bat sor daiteke erabiltzaileak definitutako " +"ezarpenekin edo PEM fitxategietan gordetako gako publiko eta pribatuak " +"inportatu daiteke IPsec konexioak autentifikatzeko." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"X.509 ziurtagiri berri bat sortzea hautatzen baduzu aurrenik, eta sortzeko " +"lanak hasi aurretik, erantzun beharreko galdera batzuk egingo zaizkizu. " +"Jakin ezazu gako publikoa existitzen den Ziurtagiri-emaile batek sinatzea " +"nahi baduzu, ez zenukeela sortu beharko auto-sinatutako sinatzen duen " +"ziurtagiririk, eta emandako erantzun guztiak zehatz-meatz ZEren " +"eskakizunekin bat etorri beharko dutela, bestela ziurtagiriaren eskaera " +"ukatu egingo baita." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Existitzen den gako publiko eta pribatua inportatzea nahi izanez gero, haien " +"fitxategi-izenak eskatuko zaizkizu (berdinak izango dira bi zatiak fitxategi " +"batean gordeta badaude). Aukeran ziurtagiri-emailearen gako publikoa duen " +"fitxategia ere zehaz dezakezu, baina fitxategi hau ezin da aurrekoen berdina " +"izan. Kontuz ibili, X.509 ziurtagirien formatua PEM izan behar duelako, eta " +"gako pribatua ezin delako enkriptatuta egon, bestela inportatzeko prozesuak " +"huts egingo bait luke." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Zure PEM formatuko X.509 ziurtagiriaren fitxategi-izena :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Idatzi zure PEM formatuko X.509 ziurtagiria duen fitxategiaren bide-izen " +"osoa." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "PEM formatuko X.509 gako pribatuaren fitxategi-izena :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Idatzi dagoen zure PEM formatuko X.509 ziurtagiriaren pareko RSA gako " +"pribatua duen fitxategiaren kokapen osoa. Hau X.509 ziurtagiriaren fitxategi " +"berdina izan daiteke." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "PEM formatuko X.509 ziurtagiriaren fitxategi-izena:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Aukeran X.509 Ziurtagiri-emailearen erroa duen fitxategiaren kokalekua idatz " +"dezakezu zure ziurtagiria PEM formatuan sinatzeko. Ez badaukazu do ez baduzu " +"hori erabiltzerik nahi, utzi eremu hau hutsik. Jakin ezazu ezin dela gorde " +"erroko ZE (RootCA) zure X.509 ziurtagiria edo gako pribatua duen fitxategi " +"berdinean." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Sartu sortutako RSA gakoak edukiko duen luzera:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Sartu sortutako RSA gakoaren luzera. Ez luke 1024 bit baino txikiagoa izan " +"behar ez-segurutzat jotzen delako, eta litekeena da 4096 bit baino luzeagoa " +"behar ez izatea, autentifikatzeko prozesua soilik moteltzen duelako eta " +"unean ez delako behar." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Sortu auto-sinatutako X.509 ziurtagiria?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Soilik auto-sinatutako X.509 ziurtagiriak sor daitezke automatikoki, bestela " +"Ziurtagiri-emailea behar delako ziurtagiriaren eskaera sinatzeko. Auto-" +"sinatutako ziurtagiria sortzea aukeratzen baduzu, ziurtagiri hori berehala " +"erabil dezakezu X.509 ziurtagiria onartzen duten beste IPsec ostalariekin " +"IPsec konexioak autentifikatzeko. Hala ere, strongSwan-en PKI eginbidea " +"erabiltzeak ziurtagiri guztiak Ziurtagiri-emaile batek sinatuta egotea " +"eskatzen du bide fidagarri bat sortzeko." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Ez baduzu auto-sinatutako ziurtagiri bat sortzea aukeratzen, soilik RSAren " +"gako pribatua eta ziurtagiriaren eskaera sortuko dira, eta ziurtagiriaren " +"eskaera zure Ziurtagiri-emailearekin sinatu beharko duzu." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "X.509 ziurtagiriaren eskaeraren herrialdearen kodea:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Sartu zerbitzaria kokatuta dagoen herrialdeari dagokion bi hizkiko kodea " +"(hala nola \"AT\" Austriarentzako)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL-ek ukatu egingo du ziurtagiri bat sortzea baldin eta herrialdearen " +"baliozko ISO-3166 kodea ez bada. X.509 ziurtagiriko beste edozer eremu " +"hutsik egon daiteke, baina ez eremu hau." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "X.509 ziurtagiri eskaeraren estatu edo probintziaren izena:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Idatzi zerbitzaria kokatuta dagoen estatu edo probintziaren izen osoa " +"(adibidez, \"Goiko Austria\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "X.509 ziurtagiri eskaeraren herriaren izena:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Idatzi zerbitzaria kokatuta dagoen kokalekua (normalean herria, adibidez, " +"\"Bilbo\"). " + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "X.509 ziurtagiri eskaeraren erakundearen izena:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "Idatzi zerbitzaria duen erakundea (adibidez, \"Debian\")" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "X.509 ziurtagiri eskaeraren saila:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "Idatzi zerbitzaria duen saila (adibidez, \"segurtasunaren taldea\")" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "X.509 ziurtagiri eskaeraren izen arrunta:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Idatzi ostalari honen izen arrunta (adibidez, \"atebidea.adibidea.org\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "X.509 ziurtagiri eskaeraren helbide elektronikoa:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Idatzi X.509 ziurtagiriaren ardura duen pertsona edo erakundearen helbide " +"elektronikoa." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Gaitu enkriptazio oportunista?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"StrongSwan bertsio honek aukerako enkriptazio oportunistaren (OE) euskarria " +"du, honek IPSec autentifikazio informazioa DNS erregistroetan gordetzen " +"ditu. Hau guztiz garatua ez dagoenez gaitzeak kanporako konexio berri " +"guztien atzerapen esanguratsu bat eragin dezake." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Enkriptazio oportunista behar duzula ziur bazaude bakarrik gaitu beharko " +"zenuke. Interneteko konexioak moztu ditzake (lehenetsitako atebidea) daemona " +"abiaraztean." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "'pluto' daemona exekutatzen egon behar da Interneteko Gakoen Trukaketa " +#~ "(IKE) protokoloaren lehen bertsioa onartzeko." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "StrongSwan-ren IKEv2 daemona abiarazi?" diff --git a/debian/po/fi.po b/debian/po/fi.po new file mode 100644 index 000000000..f74f40e59 --- /dev/null +++ b/debian/po/fi.po @@ -0,0 +1,667 @@ +# Copyright (C) 2009 +# This file is distributed under the same license as the strongswan package. +# +# Esko ArajƤrvi <edu@iki.fi>, 2009. +msgid "" +msgstr "" +"Project-Id-Version: strongswan\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2009-05-25 14:49+0100\n" +"Last-Translator: Esko ArajƤrvi <edu@iki.fi>\n" +"Language-Team: Finnish <debian-l10n-finnish@lists.debian.org>\n" +"Language: fi\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 0.3\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "KƤynnistetƤƤnkƶ strongSwan uudelleen nyt?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +#, fuzzy +#| msgid "" +#| "Restarting strongSwan is recommended, because if there is a security fix, " +#| "it will not be applied until the daemon restarts. However, this might " +#| "close existing connections and then bring them back up." +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"On suositeltavaa kƤynnistƤƤ strongSwan-taustaohjelma uudelleen, koska " +"mahdolliset tietoturvapƤivitykset eivƤt tule kƤyttƶƶn ennen tƤtƤ. TƤmƤ " +"saattaa kuitenkin katkaista olemassa olevat yhteydet ja avata ne sitten " +"uudelleen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +#, fuzzy +#| msgid "Start strongSwan's IKEv1 daemon?" +msgid "Start strongSwan's charon daemon?" +msgstr "KƤynnistetƤƤnkƶ strongSwanin IKEv1-taustaohjelma?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +#, fuzzy +#| msgid "" +#| "The charon daemon must be running to support version 2 of the Internet " +#| "Key Exchange protocol." +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Internet Key Exchange -protokollan version 2 tuki vaatii, ettƤ charon-" +"taustaohjelma on kƤynnissƤ." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +#, fuzzy +#| msgid "Use an existing X.509 certificate for strongSwan?" +msgid "Use an X.509 certificate for this host?" +msgstr "Tulisiko strongSwanin kƤyttƤƤ olemassa olevaa X.509-varmennetiedostoa?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +#, fuzzy +#| msgid "File name of your X.509 certificate in PEM format:" +msgid "File name of your PEM format X.509 certificate:" +msgstr "PEM-muodossa olevan X.509-varmennetiedoston nimi:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +#, fuzzy +#| msgid "" +#| "Please enter the full location of the file containing your X.509 " +#| "certificate in PEM format." +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Anna PEM-muodossa olevan, X.509-varmenteen sisƤltƤvƤn tiedoston tƤydellinen " +"polku." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +#, fuzzy +#| msgid "File name of your existing X.509 private key in PEM format:" +msgid "File name of your PEM format X.509 private key:" +msgstr "PEM-muotoisen, olemassa olevan, salaisen X.509-avaimen tiedostonimi:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +#, fuzzy +#| msgid "" +#| "Please enter the full location of the file containing the private RSA key " +#| "matching your X.509 certificate in PEM format. This can be the same file " +#| "as the X.509 certificate." +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Anna PEM-muodossa olevaan X.509-varmenteeseen tƤsmƤƤvƤn salaisen RSA-avaimen " +"tƤydellinen polku. TƤmƤ voi olla sama tiedosto kuin X.509-varmenteen " +"sisƤltƤvƤ." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +#, fuzzy +#| msgid "File name of your X.509 certificate in PEM format:" +msgid "File name of your PEM format X.509 RootCA:" +msgstr "PEM-muodossa olevan X.509-varmennetiedoston nimi:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +#, fuzzy +#| msgid "Create a self-signed X.509 certificate?" +msgid "Create a self-signed X.509 certificate?" +msgstr "Luodaanko itseallekirjoitettu X.509-varmenne?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +#, fuzzy +#| msgid "" +#| "If you do not accept this option, only the RSA private key will be " +#| "created, along with a certificate request which you will need to have " +#| "signed by a certificate authority." +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Jos et valitse tƤtƤ vaihtoehtoa, luodaan vain salainen RSA-avain ja " +"varmennepyyntƶ, joka pitƤƤ lƤhettƤƤ ulkoisen varmentajan " +"allekirjoitettavaksi." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +#, fuzzy +#| msgid "Country code for the X.509 certificate request:" +msgid "Country code for the X.509 certificate request:" +msgstr "X.509-varmennepyynnƶn maakoodi:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +#, fuzzy +#| msgid "State or province name for the X.509 certificate request:" +msgid "State or province name for the X.509 certificate request:" +msgstr "X.509-varmennepyynnƶn osavaltio, lƤƤni tai maakunta:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +#, fuzzy +#| msgid "" +#| "Please enter the full name of the state or province to include in the " +#| "certificate request." +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Anna varmennepyyntƶƶn sisƤllytettƤvƤ osavaltion, lƤƤnin tai maakunnan koko " +"nimi." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +#, fuzzy +#| msgid "Locality name for the X.509 certificate request:" +msgid "Locality name for the X.509 certificate request:" +msgstr "X.509-varmennepyynnƶn paikkakunta:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +#, fuzzy +#| msgid "Organization name for the X.509 certificate request:" +msgid "Organization name for the X.509 certificate request:" +msgstr "X.509-varmennepyynnƶn jƤrjestƶn nimi:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +#, fuzzy +#| msgid "Organizational unit for the X.509 certificate request:" +msgid "Organizational unit for the X.509 certificate request:" +msgstr "X.509-varmennepyynnƶn jƤrjestƶn yksikkƶ:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +#, fuzzy +#| msgid "Organizational unit for the X.509 certificate request:" +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "X.509-varmennepyynnƶn jƤrjestƶn yksikkƶ:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +#, fuzzy +#| msgid "Common name for the X.509 certificate request:" +msgid "Common Name for the X.509 certificate request:" +msgstr "X.509-varmennepyynnƶn yleinen nimi:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +#, fuzzy +#| msgid "Email address for the X.509 certificate request:" +msgid "Email address for the X.509 certificate request:" +msgstr "X.509-varmennepyynnƶn sƤhkƶpostiosoite:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +#, fuzzy +#| msgid "" +#| "Please enter the email address (for the individual or organization " +#| "responsible) that should be used in the certificate request." +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Anna varmennepyynnƶssƤ kƤytettƤvƤ sƤhkƶpostiosoite (yksityinen ja jƤrjestƶn)." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "KƤytetƤƤnkƶ opportunistista salausta?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"StrongSwanin tƤmƤ versio tukee opportunistista salausta (opportunistic " +"encryption, OE), joka tallentaa IPSec-varmennustietoja DNS-tietueisiin. " +"Ennen kuin tƤmƤ kƤytƤntƶ yleistyy laajalti, sen kƤyttƶ aiheuttaa merkittƤvƤn " +"viiveen jokaiseen uuteen ulospƤin otettavaan yhteyteen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +#, fuzzy +#| msgid "" +#| "You should only enable opportunistic encryption if you are sure you want " +#| "it. It may break the Internet connection (default route) as the pluto " +#| "daemon starts." +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Valitse opportunistinen salaus vain, jos olet varma, ettƤ haluat sen " +"kƤyttƶƶn. Se saattaa rikkoa Internet-yhteyden (oletusreitityksen), kun pluto-" +"taustaohjelma kƤynnistyy." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "Internet Key Exchange -protokollan version 1 tuki vaatii, ettƤ pluto-" +#~ "taustaohjelma on kƤynnissƤ." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "KƤynnistetƤƤnkƶ strongSwanin IKEv2-taustaohjelma?" + +#, fuzzy +#~| msgid "When to start strongSwan:" +#~ msgid "Do you wish to restart strongSwan?" +#~ msgstr "Koska strongSwan kƤynnistetƤƤn:" + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "Please enter the location of your X509 certificate in PEM format:" +#~ msgstr "" +#~ "Anna PEM-muodossa olevan, X.509-varmenteen sisƤltƤvƤn tiedoston " +#~ "tƤydellinen polku." + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "Please enter the location of your X509 private key in PEM format:" +#~ msgstr "" +#~ "Anna PEM-muodossa olevan, X.509-varmenteen sisƤltƤvƤn tiedoston " +#~ "tƤydellinen polku." + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "You may now enter the location of your X509 RootCA in PEM format:" +#~ msgstr "" +#~ "Anna PEM-muodossa olevan, X.509-varmenteen sisƤltƤvƤn tiedoston " +#~ "tƤydellinen polku." + +#, fuzzy +#~| msgid "" +#~| "Please enter the two-letter ISO3166 country code that should be used in " +#~| "the certificate request." +#~ msgid "" +#~ "Please enter the 2 letter country code for your country. This code will " +#~ "be placed in the certificate request." +#~ msgstr "" +#~ "Anna varmennepyynnƶssƤ kƤytettƤvƤ kaksikirjaiminen ISO-3166-maakoodi." + +#, fuzzy +#~| msgid "" +#~| "Please enter the locality name (often a city) that should be used in the " +#~| "certificate request." +#~ msgid "" +#~ "Please enter the locality (e.g. city) where you live. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Anna varmennepyynnƶssƤ kƤytettƤvƤ paikkakunnan nimi (usein kaupunki)." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization name (often a company) that should be used " +#~| "in the certificate request." +#~ msgid "" +#~ "Please enter the organization (e.g. company) that the X509 certificate " +#~ "should be created for. This name will be placed in the certificate " +#~ "request." +#~ msgstr "Anna varmennepyynnƶssƤ kƤytettƤvƤ jƤrjestƶn nimi (usein yritys)." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organizational unit name (often a department) that " +#~| "should be used in the certificate request." +#~ msgid "" +#~ "Please enter the organizational unit (e.g. section) that the X509 " +#~ "certificate should be created for. This name will be placed in the " +#~ "certificate request." +#~ msgstr "" +#~ "Valitse varmennepyynnƶssƤ kƤytettƤvƤ jƤrjestƶn yksikkƶ (usein osasto)." + +#, fuzzy +#~| msgid "" +#~| "Please enter the common name (such as the host name of this machine) " +#~| "that should be used in the certificate request." +#~ msgid "" +#~ "Please enter the common name (e.g. the host name of this machine) for " +#~ "which the X509 certificate should be created for. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Anna varmennepyynnƶssƤ kƤytettƤvƤ yleinen nimi (kuten tƤmƤn koneen " +#~ "verkkonimi)." + +#~ msgid "earliest" +#~ msgstr "mahdollisimman aikaisin" + +#~ msgid "after NFS" +#~ msgstr "NFS:n jƤlkeen" + +#~ msgid "after PCMCIA" +#~ msgstr "PCMCIA:n jƤlkeen" + +#~ msgid "" +#~ "StrongSwan starts during system startup so that it can protect " +#~ "filesystems that are automatically mounted." +#~ msgstr "" +#~ "StrongSwan kƤynnistetƤƤn jƤrjestelmƤn kƤynnistyessƤ, jotta se voi " +#~ "suojella automaattisesti liitettƤviƤ levyjƤrjestelmiƤ." + +#~ msgid "" +#~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" +#~ " PCMCIA network card, it is best to start strongSwan as soon as\n" +#~ " possible, so that NFS mounts can be secured by IPSec;\n" +#~ " * after NFS: recommended when /usr is mounted through NFS and no\n" +#~ " PCMCIA network card is used;\n" +#~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" +#~ " network card or if it needs keys to be fetched from a locally running " +#~ "DNS\n" +#~ " server with DNSSec support." +#~ msgstr "" +#~ "* mahdollisimman aikaisin: Jos hakemistoa /usr ei liitetƤ NFS:n avulla,\n" +#~ " eikƤ kƤytƶssƤ ole PCMCIA-verkkokortteja, strongSwan kannattaa\n" +#~ " kƤynnistƤƤ mahdollisimman aikaisin, jotta liitettƤvƤt NFS-jƤrjestelmƤt\n" +#~ " voidaan suojata IPSecillƤ.\n" +#~ "* NFS:n jƤlkeen: suositeltava, kun kƤytƶssƤ ei ole PCMCIA-verkkokortteja\n" +#~ " ja /usr liitetƤƤn NFS:n avulla.\n" +#~ "* PCMCIA:n jƤlkeen: suositeltava, jos IPSec-yhteys kƤyttƤƤ\n" +#~ " PCMCIA-verkkokorttia tai hakee avaimia paikalliselta DNS-palvelimelta\n" +#~ " DNSSec-tuen avulla." + +#~ msgid "" +#~ "If you don't restart strongSwan now, you should do so manually at the " +#~ "first opportunity." +#~ msgstr "" +#~ "Jos et kƤynnistƤ strongSwania nyt uudelleen, tee se kƤsin mahdollisimman " +#~ "pian." + +#~ msgid "Create an RSA public/private keypair for this host?" +#~ msgstr "" +#~ "Luodaanko tƤlle koneelle julkisesta ja salaisesta avaimesta koostuva RSA-" +#~ "avainpari?" + +#~ msgid "" +#~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " +#~ "authenticate IPSec connections to other hosts. RSA authentication is " +#~ "generally considered more secure and is easier to administer. You can use " +#~ "PSK and RSA authentication simultaneously." +#~ msgstr "" +#~ "StrongSwan voi kƤyttƤƤ ennalta vaihdettua avainta (Pre-Shared Key, PSK) " +#~ "tai RSA-avainparia varmentaessaan IPSec-yhteyksiƤ toisiin koneisiin. RSA-" +#~ "varmennusta pidetƤƤn yleisesti turvallisempana ja helpommin " +#~ "yllƤpidettƤvƤnƤ. PSK- ja RSA-varmennuksia voidaan kƤyttƤƤ yhtƤ aikaa." + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Jos et halua luoda uutta avainparia, voi valita olemassa olevan parin " +#~ "seuraavassa vaiheessa." + +#~ msgid "" +#~ "The required information can automatically be extracted from an existing " +#~ "X.509 certificate with a matching RSA private key. Both parts can be in " +#~ "one file, if it is in PEM format. You should choose this option if you " +#~ "have such an existing certificate and key file and want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "Vaadittavat tiedot voidaan automaattisesti erottaa olemassa olevasta " +#~ "X.509-varmennetiedostosta tƤsmƤƤvƤllƤ salaisella RSA-avaimella. Avaimen " +#~ "molemmat osat voivat olla samassa tiedostossa, jos se on PEM-muodossa. " +#~ "Valitse tƤmƤ vaihtoehto, jos tƤllaiset varmenne- ja avaintiedostot ovat " +#~ "olemassa ja haluat kƤyttƤƤ niitƤ IPSec-yhteyksien varmentamiseen." + +#~ msgid "RSA key length:" +#~ msgstr "RSA-avaimen pituus:" + +#~ msgid "" +#~ "Please enter the length of RSA key you wish to generate. A value of less " +#~ "than 1024 bits is not considered secure. A value of more than 2048 bits " +#~ "will probably affect performance." +#~ msgstr "" +#~ "Anna luotavan RSA-avaimen pituus. 1024 bittiƤ lyhyempiƤ avaimia ei pidetƤ " +#~ "turvallisina. 2048 bittiƤ pidemmƤt avaimet luultavasti heikentƤvƤt " +#~ "suorituskykyƤ." + +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a certificate authority is needed to sign the certificate " +#~ "request." +#~ msgstr "" +#~ "Vain itseallekirjoitettu X.509-varmenne voidaan luoda automaattisesti, " +#~ "koska muussa tapauksessa tarvitaan ulkoinen varmentaja allekirjoittamaan " +#~ "varmennepyyntƶ." + +#~ msgid "" +#~ "If you accept this option, the certificate created can be used " +#~ "immediately to connect to other IPSec hosts that support authentication " +#~ "via an X.509 certificate. However, using strongSwan's PKI features " +#~ "requires a trust path to be created by having all X.509 certificates " +#~ "signed by a single authority." +#~ msgstr "" +#~ "Jos valitset tƤmƤn vaihtoehdon, luotua varmennetta voidaan heti kƤyttƤƤ " +#~ "yhteyksien ottamiseen toisiin IPSEc-koneisiin, jotka tukevat " +#~ "varmentamista X.509-varmenteilla. StrongSwanin PKI-ominaisuuksien kƤyttƶ " +#~ "kuitenkin vaatii varmennuspolun, jossa sama varmentaja on " +#~ "allekirjoittanut kaikki X.509-varmenteet." + +#~ msgid "" +#~ "This field is mandatory; otherwise a certificate cannot be generated." +#~ msgstr "TƤmƤ kenttƤ on pakollinen. Ilman sitƤ varmennetta ei voida luoda." diff --git a/debian/po/fr.po b/debian/po/fr.po new file mode 100644 index 000000000..1440912e3 --- /dev/null +++ b/debian/po/fr.po @@ -0,0 +1,1032 @@ +# Translation of strongswan debconf templates to French +# Copyright (C) 2005-2007 Christian Perrier <bubulle@debian.org> +# This file is distributed under the same license as the strongswan package. +# +# Christian Perrier <bubulle@debian.org>, 2005-2007, 2009, 2010. +msgid "" +msgstr "" +"Project-Id-Version: strongswan\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2010-06-24 22:17+0200\n" +"Last-Translator: Christian Perrier <bubulle@debian.org>\n" +"Language-Team: French <debian-l10n-french@lists.debian.org>\n" +"Language: fr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.0\n" +"Plural-Forms: Plural-Forms: nplurals=2; plural=n>1;\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Abandon de l'ancien systĆØme de lancement" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Les versions prĆ©cĆ©dentes du paquet de stronSwan permettaient de choisir " +"entre trois sĆ©quences possibles de lancement au dĆ©marrage de la machine. " +"Comme l'organisation gĆ©nĆ©rale des scripts de lancement a Ć©tĆ© profondĆ©ment " +"modifiĆ©e dans le systĆØme, cela n'est dĆ©sormais plus utile. Pour toutes les " +"nouvelles installations, ainsi que pour les anciennes qui fonctionnaient " +"selon un des trois modes prĆ©dĆ©finis, une sĆ©quence de lancement sĆ»re va ĆŖtre " +"mise en place. Si vous effectuez une mise Ć jour et aviez modifiĆ© les " +"paramĆØtres de lancement de strongSwan, veuillez consulter le fichier NEWS." +"Debian pour trouver les informations qui vous permettront d'adapter vos " +"rĆ©glages." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Faut-il redĆ©marrer StrongSwan maintenantĀ ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"RedĆ©marrer strongSwan est prĆ©fĆ©rable car un Ć©ventuel correctif de sĆ©curitĆ© " +"ne prendra effet que si le dĆ©mon est redĆ©marrĆ©. La plupart des utilisateurs " +"s'attendent Ć ce que le dĆ©mon redĆ©marre et c'est donc le plus souvent le " +"meilleur choix. Cependant, cela pourrait interrompre provisoirement des " +"connexions en cours, y compris la connexion utilisĆ©e actuellement pour cette " +"mise Ć jour. En consĆ©quence, il est dĆ©conseillĆ© de redĆ©marrer si le tunnel " +"est utilisĆ© pour l'administration du systĆØme." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "Faut-il dĆ©marrer le dĆ©mon charon de StrongSwanĀ ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Le dĆ©mon Ā«Ā charonĀ Ā» doit fonctionner pour que le protocole IKE " +"(Internet Key Exchange) puisse ĆŖtre gĆ©rĆ©." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Faut-il utiliser un certificat X.509 existant avec cet hĆ“teĀ ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Un certificat X.509 peut ĆŖtre crĆ©Ć© automatiquement ou importĆ©, pour cet " +"hĆ“te. Il peut servir Ć authentifier des connexions IPSec vers d'autres " +"hĆ“tes, ce qui est la mĆ©thode conseillĆ©e pour l'Ć©tablissement de liaisons " +"IPSec sĆ»res. L'autre possibilitĆ© d'authentification Ć la connexion est " +"l'utilisation d'un secret partagĆ© (Ā«Ā pre-shared keyĀ Ā»Ā : des mots de passe " +"identiques aux deux extrĆ©mitĆ©s du tunnel). Toutefois, pour de nombreuses " +"connexions, l'authentification Ć base de clĆ©s est plus simple Ć administrer " +"et plus sĆ»re." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Vous pouvez ne pas choisir cette option et y revenir plus tard avec la " +"commande Ā«Ā dpkg-reconfigure strongswanĀ Ā»." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "CrĆ©er" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "Importer" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"MĆ©thode de mise en place d'un certificat X.509 pour l'authentification de " +"cet hĆ“teĀ :" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Pour l'authentification des connexions IPsec, il est possible de crĆ©er un " +"nouveau certificat X.509 avec des rĆ©glages personnalisĆ©s ou importer une " +"paire de clĆ©s publique et privĆ©e depuis un ou plusieurs fichiers PEM." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Si vous choisissez de crĆ©er un nouveau certificat X.509, vous devrez fournir " +"plusieurs informations avant la crĆ©ation. Veuillez noter que si vous " +"souhaitez utiliser un certificat signĆ© par une autoritĆ© de certification, " +"vous ne devez pas choisir de crĆ©er un certificat auto-signĆ© et devrez donner " +"exactement les rĆ©ponses souhaitĆ©es par l'autoritĆ© de certification sinon la " +"requĆŖte de certificat risquerait d'ĆŖtre rejetĆ©e." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Si vous souhaitez importer une paire de clĆ©s, vous devrez en fournir les " +"noms de fichiers (qui peuvent ĆŖtre identiques si les parties privĆ©e et " +"publique sont dans le mĆŖme fichier). Vous pourrez facultativement fournir le " +"nom d'un fichier contenant la ou les clĆ©s publiques de l'autoritĆ© de " +"certification. Ce fichier devra ĆŖtre diffĆ©rent des prĆ©cĆ©dents. Le format des " +"certificats X.509 doit ĆŖtre PEM et la clĆ© privĆ©e ne doit pas ĆŖtre chiffrĆ©e. " +"Dans le cas contraire, l'importation Ć©chouera." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Nom du fichier PEM contenant le certificat X.509Ā :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Veuillez indiquer l'emplacement du fichier contenant votre certificat X.509 " +"au format PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Nom du fichier PEM contenant la clĆ© privĆ©e X.509Ā :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Veuillez indiquer l'emplacement du fichier contenant la clĆ© privĆ©e RSA " +"correspondant au certificat X.509 au format PEM. Cela peut ĆŖtre le fichier " +"qui contient le certificat X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "" +"Nom du fichier PEM contenant le certificat X.509 de l'autoritĆ© de " +"certificationĀ :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Veuillez indiquer facultativement l'emplacement du fichier (au format PEM) " +"contenant le certificat X.509 de l'autoritĆ© de certification qui a signĆ© le " +"certificat que vous avez fourni. Si vous n'utilisez pas d'autoritĆ© de " +"certification, vous pouvez laisser ce champ vide. Veuillez noter que ce " +"fichier doit ĆŖtre diffĆ©rent du fichier de certificat X.509 et de la clĆ© " +"privĆ©e que vous utilisez." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Longueur de la clĆ© RSA Ć crĆ©erĀ :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Veuillez indiquer la longueur de la clĆ© RSA qui sera crĆ©Ć©e. Elle ne doit pas " +"ĆŖtre infĆ©rieure Ć 1024Ā bits car cela serait considĆ©rĆ© comme insuffisamment " +"sĆ»r. Un choix excĆ©dant 4096 bits est probablement inutile car cela ne fait " +"essentiellement que ralentir le processus d'authentification sans avoir " +"d'intĆ©rĆŖt actuellement." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Souhaitez-vous crĆ©er un certificat X.509 auto-signĆ©Ā ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Seuls des certificats X.509 auto-signĆ©s peuvent ĆŖtre crĆ©Ć©s automatiquement " +"puisqu'une autoritĆ© de certification est indispensable pour signer la " +"demande de certificat. Si vous choisissez de crĆ©er un certificat auto-signĆ©, " +"vous pourrez vous en servir immĆ©diatement pour vous connecter aux hĆ“tes qui " +"authentifient les connexions IPsec avec des certificats X.509. Cependant, si " +"vous souhaitez utiliser les nouvelles fonctionnalitĆ©s PKI de strongSwan, " +"vous aurez besoin que tous les certificats soient signĆ©s par la mĆŖme " +"autoritĆ© de certification afin de crĆ©er un chemin de confiance." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Si vous ne voulez pas crĆ©er de certificat auto-signĆ©, seules la clĆ© privĆ©e " +"RSA et la demande de certificat seront crĆ©Ć©es et vous devrez ensuite faire " +"signer la demande de certificat par votre autoritĆ© de certification." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "Code du pays pour la demande de certificat X.509Ā :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Veuillez indiquer le code Ć deux lettres du pays oĆ¹ est situĆ© le serveur " +"(p.Ā ex. Ā«Ā FRĀ Ā» pour la France)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"Il est impĆ©ratif de choisir ici un code de pays ISO-3166 valable sinon " +"OpenSSL refusera de crĆ©er les certificats. Tous les autres champs d'un " +"certificat X.509 peuvent ĆŖtre vides, sauf celui-ci." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Ćtat ou province pour la demande de certificat X.509Ā :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Veuillez indiquer le nom complet de l'Ć©tat ou de la province qui sera inclus " +"dans la demande de certificat (p.Ā ex. Ā«Ā QuĆ©becĀ Ā»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "LocalitĆ© pour la demande de certificat X.509Ā :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Veuillez indiquer la localitĆ© oĆ¹ est situĆ© le serveur (ce sera souvent une " +"ville, comme Ā«Ā MontcuqĀ Ā»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Organisme pour la demande de certificat X.509Ā :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Veuillez indiquer l'organisme propriĆ©taire du serveur (p.Ā ex. Ā«Ā DebianĀ Ā»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "UnitĆ© d'organisation pour la demande de certificat X.509Ā :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Veuillez indiquer l'unitĆ© d'organisation pour la demande de certificat X.509 " +"(p.Ā ex. Ā«Ā Ćquipe sĆ©curitĆ©Ā Ā»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Nom ordinaire pour la demande de certification X.509Ā :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Veuillez indiquer le nom ordinaire de ce serveur (ce sera souvent son nom " +"rĆ©seau)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "Adresse Ć©lectronique pour la demande de certificat X.509Ā :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Veuillez indiquer l'adresse Ć©lectronique de la personne ou de l'organisme " +"responsable du certificat X.509." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Faut-il activer le chiffrement opportunisteĀ ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Cette version de strongSwan gĆØre le chiffrement opportuniste (OE) qui " +"conserve les informations d'authentification IPSec dans des enregistrements " +"DNS. Tant que cette fonctionnalitĆ© n'est pas dĆ©ployĆ©e largement, l'activer " +"augmentera notablement la durĆ©e d'Ć©tablissement des connexions sortantes." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Vous ne devriez l'activer que s'il est indispensable de l'utiliser. Il est " +"possible que cela coupe la connexion Internet (la route par dĆ©faut) au " +"moment oĆ¹ le dĆ©mon dĆ©marre." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "Le dĆ©mon Ā«Ā plutoĀ Ā» doit fonctionner pour que la version 1 du protocole " +#~ "IKE (Internet Key Exchange) puisse ĆŖtre gĆ©rĆ©e." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "Faut-il dĆ©marrer le dĆ©mon IKEv2 de StrongSwanĀ ?" + +#, fuzzy +#~ msgid "Do you wish to restart strongSwan?" +#~ msgstr "Moment de dĆ©marrage de strongSwanĀ :" + +#~ msgid "Please enter the location of your X509 certificate in PEM format:" +#~ msgstr "Emplacement du certificat X509Ā :" + +#~ msgid "Please enter the location of your X509 private key in PEM format:" +#~ msgstr "Emplacement de la clĆ© privĆ©e X509Ā :" + +#~ msgid "You may now enter the location of your X509 RootCA in PEM format:" +#~ msgstr "Emplacement du certificat X509 de l'autoritĆ© de certificationĀ :" + +#~ msgid "" +#~ "Please enter the 2 letter country code for your country. This code will " +#~ "be placed in the certificate request." +#~ msgstr "" +#~ "Veuillez indiquer le code Ć deux lettres de votre pays. Ce code sera " +#~ "inclus dans la demande de certificat." + +#~ msgid "" +#~ "Please enter the locality (e.g. city) where you live. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Veuillez indiquer la localitĆ© (p.Ā ex. la ville) oĆ¹ vous rĆ©sidez. Ce nom " +#~ "sera inclus dans la demande de certificat." + +#~ msgid "" +#~ "Please enter the organization (e.g. company) that the X509 certificate " +#~ "should be created for. This name will be placed in the certificate " +#~ "request." +#~ msgstr "" +#~ "Veuillez indiquer l'organisme (p.Ā ex. l'entreprise) pour qui sera crĆ©Ć© le " +#~ "certificat X509. Ce nom sera inclus dans la demande de certificat." + +#~ msgid "" +#~ "Please enter the organizational unit (e.g. section) that the X509 " +#~ "certificate should be created for. This name will be placed in the " +#~ "certificate request." +#~ msgstr "" +#~ "Veuillez indiquer l'unitĆ© d'organisation (p.Ā ex. dĆ©partement, division, " +#~ "etc.) pour qui sera crĆ©Ć© le certificat X509. Ce nom sera inclus dans la " +#~ "demande de certificat." + +#~ msgid "" +#~ "Please enter the common name (e.g. the host name of this machine) for " +#~ "which the X509 certificate should be created for. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Veuillez indiquer le nom ordinaire (p.Ā ex. le nom rĆ©seau de cette " +#~ "machine) pour qui sera crĆ©Ć© le certificat X509. Ce nom sera inclus dans " +#~ "la demande de certificat." + +#~ msgid "earliest" +#~ msgstr "Le plus tĆ“t possible" + +#~ msgid "after NFS" +#~ msgstr "AprĆØs NFS" + +#~ msgid "after PCMCIA" +#~ msgstr "AprĆØs PCMCIA" + +#~ msgid "" +#~ "StrongSwan starts during system startup so that it can protect " +#~ "filesystems that are automatically mounted." +#~ msgstr "" +#~ "StrongSwan est lancĆ© au dĆ©marrage du systĆØme afin de pouvoir protĆ©ger les " +#~ "systĆØmes de fichiers qui sont montĆ©s automatiquement." + +#~ msgid "" +#~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" +#~ " PCMCIA network card, it is best to start strongSwan as soon as\n" +#~ " possible, so that NFS mounts can be secured by IPSec;\n" +#~ " * after NFS: recommended when /usr is mounted through NFS and no\n" +#~ " PCMCIA network card is used;\n" +#~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" +#~ " network card or if it needs keys to be fetched from a locally running " +#~ "DNS\n" +#~ " server with DNSSec support." +#~ msgstr "" +#~ " - Le plus tĆ“t possibleĀ :Ā conseillĆ© si /usr n'est pas montĆ© par NFS\n" +#~ " et que vous n'utilisez pas de carte rĆ©seau PCMCIAĀ ;\n" +#~ " - AprĆØs NFSĀ :Ā recommandĆ© si /usr est un montage NFS et qu'aucune\n" +#~ " carte rĆ©seau PCMCIA n'est utilisĆ©eĀ ;\n" +#~ " - aprĆØs PCMCIAĀ :Ā recommandĆ© si la connexion IPSec utilise une carte\n" +#~ " rĆ©seau PCMCIA ou s'il est nĆ©cessaire de rĆ©cupĆ©rer des clĆ©s\n" +#~ " depuis un serveur DNS qui gĆØre DNSSec." + +#~ msgid "" +#~ "If you don't restart strongSwan now, you should do so manually at the " +#~ "first opportunity." +#~ msgstr "" +#~ "Si vous ne redĆ©marrez pas StrongSwan maintenant, il est conseillĆ© de le " +#~ "faire manuellement dĆØs que possible." + +#~ msgid "Create an RSA public/private keypair for this host?" +#~ msgstr "" +#~ "Faut-il crĆ©er une paire de clĆ©s RSA publique et privĆ©e pour cet hĆ“teĀ ?" + +#~ msgid "" +#~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " +#~ "authenticate IPSec connections to other hosts. RSA authentication is " +#~ "generally considered more secure and is easier to administer. You can use " +#~ "PSK and RSA authentication simultaneously." +#~ msgstr "" +#~ "StrongSwan peut utiliser une clĆ© secrĆØte partagĆ©e (PSKĀ :Ā Ā«Ā Pre-Shared " +#~ "KeyĀ Ā») ou une paire de clĆ©s RSA pour gĆ©rer l'authentification des " +#~ "connexions IPSec vers d'autres hĆ“tes. L'authentification RSA est en " +#~ "gĆ©nĆ©ral considĆ©rĆ©e comme plus sĆ»re et plus simple Ć administrer. Les deux " +#~ "modes d'authentification peuvent ĆŖtre utilisĆ©s en mĆŖme temps." + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Si vous ne souhaitez pas crĆ©er une paire de clĆ©s publique et privĆ©e, vous " +#~ "pouvez choisir d'en utiliser une existante." + +#~ msgid "" +#~ "The required information can automatically be extracted from an existing " +#~ "X.509 certificate with a matching RSA private key. Both parts can be in " +#~ "one file, if it is in PEM format. You should choose this option if you " +#~ "have such an existing certificate and key file and want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "L'information nĆ©cessaire peut ĆŖtre rĆ©cupĆ©rĆ©e depuis un fichier de " +#~ "certificat X.509 existant, avec la clĆ© privĆ©e RSA correspondante. Les " +#~ "deux parties peuvent se trouver dans un seul fichier, s'il est en format " +#~ "PEM. Vous devriez choisir cette option si vous possĆ©dez un tel certificat " +#~ "ainsi que la clĆ© privĆ©e, et si vous souhaitez vous en servir pour " +#~ "l'authentification des connexions IPSec." + +#~ msgid "RSA key length:" +#~ msgstr "Taille de la clĆ© RSAĀ :" + +#~ msgid "" +#~ "Please enter the length of RSA key you wish to generate. A value of less " +#~ "than 1024 bits is not considered secure. A value of more than 2048 bits " +#~ "will probably affect performance." +#~ msgstr "" +#~ "Veuillez indiquer la taille de la clĆ© RSA que vous souhaitez crĆ©er. Une " +#~ "valeur infĆ©rieure Ć 1024 bits n'est pas considĆ©rĆ©e comme sĆ»re. Une valeur " +#~ "supĆ©rieure Ć 2048 bits risque d'altĆ©rer les performances." + +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a certificate authority is needed to sign the certificate " +#~ "request." +#~ msgstr "" +#~ "Seuls les certificats X.509 auto-signĆ©s peuvent ĆŖtre crĆ©Ć©s " +#~ "automatiquement car, pour les autres certificats, une autoritĆ© de " +#~ "certification est indispensable." + +#~ msgid "" +#~ "If you accept this option, the certificate created can be used " +#~ "immediately to connect to other IPSec hosts that support authentication " +#~ "via an X.509 certificate. However, using strongSwan's PKI features " +#~ "requires a trust path to be created by having all X.509 certificates " +#~ "signed by a single authority." +#~ msgstr "" +#~ "Si vous choisissez cette option, le certificat qui sera crĆ©Ć© pourra ĆŖtre " +#~ "utilisĆ© immĆ©diatement pour la connexion Ć d'autres hĆ“tes IPSec qui gĆØrent " +#~ "l'authentification par certificat X.509. Cependant l'utilisation des " +#~ "fonctionnalitĆ©s PKI (Ā«Ā Public Key InfrastructureĀ Ā»Ā :Ā infrastructure " +#~ "publique de clĆ©s) de strongSwan impose la crĆ©ation d'un chemin de " +#~ "confiance avec tous les certificats X.509 signĆ©s par la mĆŖme autoritĆ© de " +#~ "certification." + +#~ msgid "" +#~ "This field is mandatory; otherwise a certificate cannot be generated." +#~ msgstr "" +#~ "Ce champ est obligatoire, sinon le certificat ne pourra pas ĆŖtre crĆ©Ć©." + +#~| msgid "" +#~| "Previous versions of the Openswan package allowed the user to choose " +#~| "between three different Start/Stop-Levels. Due to changes in the " +#~| "standard system startup procedure, this is no longer necessary and " +#~| "useful. For all new installations as well as old ones running in any of " +#~| "the predefined modes, sane default levels set will now be set. If you " +#~| "are upgrading from a previous version and changed your Openswan startup " +#~| "parameters, then please take a look at NEWS.Debian for instructions on " +#~| "how to modify your setup accordingly." +#~ msgid "" +#~ "Previous versions of the Openswan package gave a choice between three " +#~ "different Start/Stop-Levels. Due to changes in the standard system " +#~ "startup procedure, this is no longer necessary or useful. For all new " +#~ "installations as well as old ones running in any of the predefined modes, " +#~ "sane default levels will now be set. If you are upgrading from a previous " +#~ "version and changed your Openswan startup parameters, then please take a " +#~ "look at NEWS.Debian for instructions on how to modify your setup " +#~ "accordingly." +#~ msgstr "" +#~ "Les versions prĆ©cĆ©dentes du paquet d'Openswan permettaient de choisir " +#~ "entre trois sĆ©quences possibles de lancement au dĆ©marrage de la machine. " +#~ "Comme l'organisation gĆ©nĆ©rale des scripts de lancement a Ć©tĆ© profondĆ©ment " +#~ "modifiĆ©e dans le systĆØme, cela n'est dĆ©sormais plus utile. Pour toutes " +#~ "les nouvelles installations, ainsi que pour les anciennes qui " +#~ "fonctionnaient selon un des trois modes prĆ©dĆ©finis, une sĆ©quence de " +#~ "lancement sĆ»re va ĆŖtre mise en place. Si vous effectuez une mise Ć jour " +#~ "et aviez modifiĆ© les paramĆØtres de lancement d'Openswan, veuillez " +#~ "consulter le fichier NEWS.Debian pour trouver les informations qui vous " +#~ "permettront d'adapter vos rĆ©glages." + +#~| msgid "Do you wish to restart Openswan?" +#~ msgid "Restart Openswan now?" +#~ msgstr "Souhaitez-vous redĆ©marrer OpenswanĀ ?" + +#~| msgid "" +#~| "Restarting Openswan is a good idea, since if there is a security fix, it " +#~| "will not be fixed until the daemon restarts. Most people expect the " +#~| "daemon to restart, so this is generally a good idea. However, this might " +#~| "take down existing connections and then bring them back up (including " +#~| "the connection currently used for this update, so it is recommended not " +#~| "to restart if you are using any of the tunnel for administration)." +#~ msgid "" +#~ "Restarting Openswan is recommended, since if there is a security fix, it " +#~ "will not be applied until the daemon restarts. Most people expect the " +#~ "daemon to restart, so this is generally a good idea. However, this might " +#~ "take down existing connections and then bring them back up, so if you are " +#~ "using such an Openswan tunnel to connect for this update, restarting is " +#~ "not recommended." +#~ msgstr "" +#~ "RedĆ©marrer Openswan est prĆ©fĆ©rable car un Ć©ventuel correctif de sĆ©curitĆ© " +#~ "ne sera actif que si le dĆ©mon est redĆ©marrĆ©. La plupart des utilisateurs " +#~ "s'attendent Ć ce que le dĆ©mon redĆ©marre et c'est donc le plus souvent le " +#~ "meilleur choix. Cependant, cela pourrait interrompre provisoirement des " +#~ "connexions en cours, y compris la connexion utilisĆ©e actuellement pour " +#~ "cette mise Ć jour. En consĆ©quence, il est dĆ©conseillĆ© de redĆ©marrer si le " +#~ "tunnel est utilisĆ© pour l'administration du systĆØme." + +#~| msgid "" +#~| "If you do not want to this now you can answer \"No\" and later use the " +#~| "command \"dpkg-reconfigure openswan\" to come back." +#~ msgid "" +#~ "Alternatively you can reject this option and later use the command \"dpkg-" +#~ "reconfigure openswan\" to come back." +#~ msgstr "" +#~ "Vous pouvez ne pas choisir cette option et y revenir plus tard avec la " +#~ "commande Ā«Ā dpkg-reconfigure openswanĀ Ā»." + +#~ msgid "Length of RSA key to be created:" +#~ msgstr "Longueur de la clĆ© RSA Ć crĆ©erĀ :" + +#~| msgid "" +#~| "Please enter the length of the created RSA key. It should not be less " +#~| "than 1024 bits because this should be considered unsecure and you will " +#~| "probably not need anything more than 4096 bits because it only slows the " +#~| "authentication process down and is not needed at the moment." +#~ msgid "" +#~ "Please enter the required RSA key-length. Anything under 1024 bits should " +#~ "be considered insecure; anything more than 4096 bits slows down the " +#~ "authentication process and is not useful at present." +#~ msgstr "" +#~ "Veuillez indiquer la longueur de la clĆ© RSA qui sera crĆ©Ć©e. Elle ne doit " +#~ "pas ĆŖtre infĆ©rieure Ć 1024Ā bits car cela serait considĆ©rĆ© comme " +#~ "insuffisamment sĆ»r. Un choix excĆ©dant 4096 bits est probablement inutile " +#~ "car cela ne fait essentiellement que ralentir le processus " +#~ "d'authentification sans avoir d'intĆ©rĆŖt actuellement." + +#~| msgid "" +#~| "This installer can only create self-signed X509 certificates " +#~| "automatically, because otherwise a certificate authority is needed to " +#~| "sign the certificate request. If you want to create a self-signed " +#~| "certificate, you can use it immediately to connect to other IPsec hosts " +#~| "that support X509 certificate for authentication of IPsec connections. " +#~| "However, if you want to use the new PKI features of Openswan >= 1.91, " +#~| "you will need to have all X509 certificates signed by a single " +#~| "certificate authority to create a trust path." +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a Certificate Authority is needed to sign the certificate " +#~ "request. If you choose to create a self-signed certificate, you can use " +#~ "it immediately to connect to other IPsec hosts that support X.509 " +#~ "certificate for authentication of IPsec connections. However, using " +#~ "Openswan's PKI features requires all certificates to be signed by a " +#~ "single Certificate Authority to create a trust path." +#~ msgstr "" +#~ "Seuls des certificats X.509 auto-signĆ©s peuvent ĆŖtre crĆ©Ć©s " +#~ "automatiquement puisqu'une autoritĆ© de certification est indispensable " +#~ "pour signer la demande de certificat. Si vous choisissez de crĆ©er un " +#~ "certificat auto-signĆ©, vous pourrez vous en servir immĆ©diatement pour " +#~ "vous connecter aux hĆ“tes qui authentifient les connexions IPsec avec des " +#~ "certificats X.509. Cependant, si vous souhaitez utiliser les nouvelles " +#~ "fonctionnalitĆ©s PKI d'Openswan, vous aurez besoin que tous les " +#~ "certificats soient signĆ©s par la mĆŖme autoritĆ© de certification afin de " +#~ "crĆ©er un chemin de confiance." + +#~ msgid "Modification of /etc/ipsec.conf" +#~ msgstr "Modification de /etc/ipsec.conf" + +#~| msgid "" +#~| "Due to a change in upstream Openswan, opportunistic encryption is no " +#~| "longer enabled by default. The no_oe.conf file that was shipped in " +#~| "earlier versions to explicitly disable it can therefore no longer be " +#~| "included by ipsec.conf. A respective include paragraph will now be " +#~| "automatically removed to ensure that Openswan can start correctly." +#~ msgid "" +#~ "Due to a change in upstream Openswan, opportunistic encryption is no " +#~ "longer enabled by default. The no_oe.conf file that was shipped in " +#~ "earlier versions to explicitly disable it can therefore no longer be " +#~ "included by ipsec.conf. Any such include paragraph will now be " +#~ "automatically removed to ensure that Openswan can start correctly." +#~ msgstr "" +#~ "En raison de modifications dans la version amont d'Openswan, le " +#~ "chiffrement opportuniste n'est plus activĆ© par dĆ©faut. Le fichier no_oe." +#~ "conf qui Ć©tait fourni avec les versions prĆ©cĆ©dentes pour le dĆ©sactiver " +#~ "explicitement ne peut donc plus ĆŖtre inclus dans ipsec.conf. Toute " +#~ "instruction d'inclusion de ce fichier sera automatiquement retirĆ©e afin " +#~ "qu'Openswan puisse dĆ©marrer correctement." + +#~ msgid "Example: AT" +#~ msgstr "ExempleĀ : FR" + +#~ msgid "" +#~ "Please enter the state or province name for the X509 certificate request:" +#~ msgstr "Ćtat, province ou rĆ©gionĀ :" + +#~ msgid "" +#~ "Please enter the full name of the state or province you live in. This " +#~ "name will be placed in the certificate request." +#~ msgstr "" +#~ "Veuillez indiquer le nom complet de l'Ć©tat, de la province ou de la " +#~ "rĆ©gion oĆ¹ vous rĆ©sidez. Ce nom sera inclus dans la demande de certificat." + +#~ msgid "Example: Upper Austria" +#~ msgstr "" +#~ "ExemplesĀ : RhĆ“ne-Alpes, Brabant Wallon, Bouches du RhĆ“ne, QuĆ©bec, Canton " +#~ "de Vaud" + +#~ msgid "Example: Vienna" +#~ msgstr "ExempleĀ : Saint-Ćtienne" + +#~ msgid "Example: Debian" +#~ msgstr "ExempleĀ : Debian" + +#~ msgid "Example: security group" +#~ msgstr "ExempleĀ : DĆ©partement RĆ©seaux et Informatique Scientifique" + +#~ msgid "Example: gateway.debian.org" +#~ msgstr "ExempleĀ : gateway.debian.org" + +#~ msgid "Do you want to create a RSA public/private keypair for this host?" +#~ msgstr "" +#~ "Souhaitez-vous crĆĀ©er une paire de clĆĀ©s RSA publique et privĆĀ©e pour cet " +#~ "hĆŽteĆĀ ?" + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one." +#~ msgstr "" +#~ "Si vous ne souhaitez pas crĆĀ©er une paire de clĆĀ©s publique et privĆĀ©e, " +#~ "vous pouvez choisir d'en utiliser une existante." + +#~ msgid "x509" +#~ msgstr "X509" + +#~ msgid "plain" +#~ msgstr "Simple paire" + +#~ msgid "" +#~ "It is possible to create a plain RSA public/private keypair for use with " +#~ "Openswan or to create a X509 certificate file which contains the RSA " +#~ "public key and additionally stores the corresponding private key." +#~ msgstr "" +#~ "Il est possible de crĆĀ©er une simple paire de clĆĀ©s destinĆĀ©e ĆĀ ĆĀŖtre " +#~ "utilisĆĀ©e avec Openswan ou de crĆĀ©er un fichier de certificat X509 qui " +#~ "contient la clĆĀ© publique RSA et de conserver la clĆĀ© privĆĀ©e " +#~ "correspondante par ailleurs." + +#, fuzzy +#~| msgid "" +#~| "If you only want to build up IPSec connections to hosts also running " +#~| "Openswan, it might be a bit easier using plain RSA keypairs. But if you " +#~| "want to connect to other IPSec implementations, you will need a X509 " +#~| "certificate. It is also possible to create a X509 certificate here and " +#~| "extract the RSA public key in plain format if the other side runs " +#~| "Openswan without X509 certificate support." +#~ msgid "" +#~ "If you only want to create IPsec connections to hosts also running " +#~ "Openswan, it might be a bit easier using plain RSA keypairs. But if you " +#~ "want to connect to other IPsec implementations, you will need a X509 " +#~ "certificate. It is also possible to create a X509 certificate here and " +#~ "extract the RSA public key in plain format if the other side runs " +#~ "Openswan without X509 certificate support." +#~ msgstr "" +#~ "Si vous ne prĆĀ©voyez d'ĆĀ©tablir des connexions IPSec qu'avec des hĆŽtes " +#~ "utilisant Openswan, il sera probablement plus facile d'utiliser des clĆĀ©s " +#~ "RSA simples. Mais si vous souhaitez vous connecter ĆĀ des hĆŽtes " +#~ "utilisant d'autres implĆĀ©mentations d'IPSec, vous aurez besoin d'un " +#~ "certificat X509. Il est ĆĀ©galement possible de crĆĀ©er un certificat X509 " +#~ "puis d'en extraire une simple clĆĀ© publique RSA, si l'autre extrĆĀ©mitĆĀ© " +#~ "de la connexion utilise Openswan sans la gestion des certificats X509." + +#, fuzzy +#~| msgid "" +#~| "Therefore a X509 certificate is recommended since it is more flexible " +#~| "and this installer should be able to hide the complex creation of the " +#~| "X509 certificate and its use in Openswan anyway." +#~ msgid "" +#~ "Therefore a X509 certificate is recommended since it is more flexible and " +#~ "this installer should be able to hide the complex creation of the X509 " +#~ "certificate and its use in Openswan." +#~ msgstr "" +#~ "Ainsi, il vous est conseillĆĀ© d'utiliser un certificat X509 car cette " +#~ "mĆĀ©thode est plus souple. Cet outil d'installation devrait vous " +#~ "simplifier la tĆĀ¢che de crĆĀ©ation et d'utilisation de ce certificat X509." + +#, fuzzy +#~| msgid "" +#~| "This installer can automatically extract the needed information from an " +#~| "existing X509 certificate with a matching RSA private key. Both parts " +#~| "can be in one file, if it is in PEM format. Do you have such an existing " +#~| "certificate and key file and want to use it for authenticating IPSec " +#~| "connections?" +#~ msgid "" +#~ "This installer can automatically extract the needed information from an " +#~ "existing X509 certificate with a matching RSA private key. Both parts can " +#~ "be in one file, if it is in PEM format. If you have such an existing " +#~ "certificate and key file please select if want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "Cet outil d'installation est capable d'extraire automatiquement " +#~ "l'information nĆĀ©cessaire d'un fichier de certificat X509 existant, avec " +#~ "la clĆĀ© privĆĀ©e RSA correspondante. Les deux parties peuvent se trouver " +#~ "dans un seul fichier, s'il est en format PEM. Indiquez si vous possĆĀ©dez " +#~ "un tel certificat ainsi que la clĆĀ© privĆĀ©e, et si vous souhaitez vous en " +#~ "servir pour l'authentification des connexions IPSec." + +#~ msgid "x509, plain" +#~ msgstr "X509, Simple paire" + +#, fuzzy +#~| msgid "earliest, \"after NFS\", \"after PCMCIA\"" +#~ msgid "earliest, after NFS, after PCMCIA" +#~ msgstr "Le plus tĆŽt possible, AprĆÅ”s NFS, AprĆÅ”s PCMCIA" + +#, fuzzy +#~| msgid "" +#~| "With the current Debian startup levels (nearly everything starting in " +#~| "level 20), it is impossible for Openswan to always start at the correct " +#~| "time. There are three possibilities when Openswan can start: before or " +#~| "after the NFS services and after the PCMCIA services. The correct answer " +#~| "depends on your specific setup." +#~ msgid "" +#~ "With the default system startup levels (nearly everything starting in " +#~ "level 20), it is impossible for Openswan to always start at the correct " +#~ "time. There are three possibilities when Openswan can start: before or " +#~ "after the NFS services and after the PCMCIA services. The correct answer " +#~ "depends on your specific setup." +#~ msgstr "" +#~ "Avec les niveaux de dĆĀ©marrage actuellement utilisĆĀ©s par Debian (presque " +#~ "tout dĆĀ©marre au niveau 20), il est impossible de faire en sorte " +#~ "qu'Openswan dĆĀ©marre toujours au moment appropriĆĀ©. Il existe trois " +#~ "moments oĆĀ¹ il est opportun de le dĆĀ©marrerĆĀ : avant ou aprĆÅ”s les " +#~ "services NFS, ou aprĆÅ”s les services PCMCIA. La rĆĀ©ponse appropriĆĀ©e " +#~ "dĆĀ©pend de vos rĆĀ©glages spĆĀ©cifiques." + +#, fuzzy +#~| msgid "" +#~| "If you do not have your /usr tree mounted via NFS (either you only mount " +#~| "other, less vital trees via NFS or don't use NFS mounted trees at all) " +#~| "and don't use a PCMCIA network card, then it's best to start Openswan at " +#~| "the earliest possible time, thus allowing the NFS mounts to be secured " +#~| "by IPSec. In this case (or if you don't understand or care about this " +#~| "issue), answer \"earliest\" to this question (the default)." +#~ msgid "" +#~ "If the /usr tree of this system is not mounted via NFS (either you only " +#~ "mount other, less vital trees via NFS or don't use NFS mounted trees at " +#~ "all) and no PCMCIA network card is used, then it's best to start Openswan " +#~ "at the earliest possible time, thus allowing the NFS mounts to be secured " +#~ "by IPSec. In this case (or if you don't understand or care about this " +#~ "issue), answer \"earliest\" to this question (the default)." +#~ msgstr "" +#~ "Si votre arborescence /usr n'est pas un montage NFS (soit parce que vos " +#~ "montages NFS sont ĆĀ d'autres endroits, moins critiques, soit parce que " +#~ "vous n'utilisez pas du tout de montage NFS) et si vous n'utilisez pas de " +#~ "carte rĆĀ©seau PCMCIA, il est prĆĀ©fĆĀ©rable de dĆĀ©marrer Openswan le plus " +#~ "tĆŽt possible, ce qui permettra de sĆĀ©curiser les montages NFS avec " +#~ "IPSec. Dans ce cas (ou bien si vous ne comprenez pas l'objet de la " +#~ "question ou qu'elle ne vous concerne pas), choisissez ĆĀ«ĆĀ le plus tĆŽt " +#~ "possibleĆĀ ĆĀ», qui est le choix par dĆĀ©faut." + +#, fuzzy +#~| msgid "" +#~| "If you have your /usr tree mounted via NFS and don't use a PCMCIA " +#~| "network card, then you will need to start Openswan after NFS so that all " +#~| "necessary files are available. In this case, answer \"after NFS\" to " +#~| "this question. Please note that the NFS mount of /usr can not be secured " +#~| "by IPSec in this case." +#~ msgid "" +#~ "If the /usr tree is mounted via NFS and no PCMCIA network card is used, " +#~ "then you will need to start Openswan after NFS so that all necessary " +#~ "files are available. In this case, answer \"after NFS\" to this question. " +#~ "Please note that the NFS mount of /usr can not be secured by IPSec in " +#~ "this case." +#~ msgstr "" +#~ "Si /usr est un montage NFS et que vous n'utilisez pas de carte rĆĀ©seau " +#~ "PCMCIA, vous devrez alors dĆĀ©marrer Openswan aprĆÅ”s les services NFS afin " +#~ "que tous les fichiers nĆĀ©cessaires soient disponibles. Dans ce cas, " +#~ "choisissez ĆĀ«ĆĀ AprĆÅ”s NFSĆĀ ĆĀ». Veuillez noter que le montage NFS de /usr " +#~ "n'est alors pas sĆĀ©curisĆĀ© par IPSec." + +#~ msgid "" +#~ "If you use a PCMCIA network card for your IPSec connections, then you " +#~ "only have to choose to start it after the PCMCIA services. Answer \"after " +#~ "PCMCIA\" in this case. This is also the correct answer if you want to " +#~ "fetch keys from a locally running DNS server with DNSSec support." +#~ msgstr "" +#~ "Si vous utilisez une carte PCMCIA pour vos connexions IPSec, votre seul " +#~ "choix possible est le dĆĀ©marrage aprĆÅ”s les services PCMCIA. Choisissez " +#~ "alors ĆĀ«ĆĀ AprĆÅ”s PCMCIAĆĀ ĆĀ». Faites ĆĀ©galement ce choix si vous souhaitez " +#~ "rĆĀ©cupĆĀ©rer les clĆĀ©s d'authentification sur un serveur DNS reconnaissant " +#~ "DNSSec." + +#, fuzzy +#~| msgid "At which level do you wish to start Openswan?" +#~ msgid "Please select the level at which you wish to start Openswan:" +#~ msgstr "ĆĀtape de lancement d'OpenswanĆĀ :" + +#, fuzzy +#~| msgid "Which type of RSA keypair do you want to create?" +#~ msgid "Please select which type of RSA keypair you want to create:" +#~ msgstr "Type de paire de clĆĀ©s RSA ĆĀ crĆĀ©erĆĀ :" + +#~ msgid "Do you wish to enable opportunistic encryption in Openswan?" +#~ msgstr "Souhaitez-vous activer le chiffrement opportuniste dans OpenswanĆĀ ?" + +#~ msgid "" +#~ "Openswan comes with support for opportunistic encryption (OE), which " +#~ "stores IPSec authentication information (i.e. RSA public keys) in " +#~ "(preferably secure) DNS records. Until this is widely deployed, " +#~ "activating it will cause a significant slow-down for every new, outgoing " +#~ "connection. Since version 2.0, Openswan upstream comes with OE enabled by " +#~ "default and is thus likely to break your existing connection to the " +#~ "Internet (i.e. your default route) as soon as pluto (the Openswan keying " +#~ "daemon) is started." +#~ msgstr "" +#~ "Openswan gĆÅ”re le chiffrement opportuniste (ĆĀ«ĆĀ opportunistic " +#~ "encryptionĆĀ ĆĀ»ĆĀ : OE) qui permet de conserver les informations " +#~ "d'authentification IPSec (c'est-ĆĀ -dire les clĆĀ©s publiques RSA) dans des " +#~ "enregistrements DNS, de prĆĀ©fĆĀ©rence sĆĀ©curisĆĀ©s. Tant que cette " +#~ "fonctionnalitĆĀ© ne sera pas dĆĀ©ployĆĀ©e largement, son activation " +#~ "provoquera un ralentissement significatif pour toute nouvelle connexion " +#~ "sortante. ĆĀ partir de la versionĆĀ 2.0, cette fonctionnalitĆĀ© est activĆĀ©e " +#~ "par dĆĀ©faut dans Openswan, ce qui peut interrompre le fonctionnement de " +#~ "votre connexion ĆĀ l'Internet (c'est-ĆĀ -dire votre route par dĆĀ©faut) " +#~ "dĆÅ”s le dĆĀ©marrage de pluto, le dĆĀ©mon de gestion de clĆĀ©s d'Openswan." + +#~ msgid "" +#~ "Please choose whether you want to enable support for OE. If unsure, do " +#~ "not enable it." +#~ msgstr "" +#~ "Veuillez choisir si vous souhaitez activer la gestion du chiffrement " +#~ "opportuniste. Ne l'activez pas si vous n'ĆĀŖtes pas certain d'en avoir " +#~ "besoin." diff --git a/debian/po/gl.po b/debian/po/gl.po new file mode 100644 index 000000000..11125f690 --- /dev/null +++ b/debian/po/gl.po @@ -0,0 +1,671 @@ +# Copyright (C) 2009 THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the strongswan package. +# +# marce villarino <mvillarino@users.sourceforge.net>, 2009. +msgid "" +msgstr "" +"Project-Id-Version: templates_[kI6655]\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2009-05-25 14:50+0100\n" +"Last-Translator: marce villarino <mvillarino@users.sourceforge.net>\n" +"Language-Team: Galician <proxecto@trasno.ent>\n" +"Language: gl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 0.2\n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Desexa reiniciar strongSwan agora?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +#, fuzzy +#| msgid "" +#| "Restarting strongSwan is recommended, because if there is a security fix, " +#| "it will not be applied until the daemon restarts. However, this might " +#| "close existing connections and then bring them back up." +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"RecomĆ©ndase reiniciar strongSwan porque se houbese algunha actualizaciĆ³n de " +"seguridade non se aplicarĆ” atĆ© que se reinicie o daemon. PorĆ©n, pode pechar " +"as conexiĆ³ns existentes e logo volver a recuperalas." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +#, fuzzy +#| msgid "Start strongSwan's IKEv1 daemon?" +msgid "Start strongSwan's charon daemon?" +msgstr "Desexa iniciar o daemon IKEv1 de strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +#, fuzzy +#| msgid "" +#| "The charon daemon must be running to support version 2 of the Internet " +#| "Key Exchange protocol." +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"O daemon charon debe estar en execuciĆ³n para soportar a versiĆ³n 2 do " +"protocolo Internet Key Exchange." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +#, fuzzy +#| msgid "Use an existing X.509 certificate for strongSwan?" +msgid "Use an X.509 certificate for this host?" +msgstr "Desexa empregar un certificado X.509 xa existente para strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +#, fuzzy +#| msgid "File name of your X.509 certificate in PEM format:" +msgid "File name of your PEM format X.509 certificate:" +msgstr "Nome do ficheiro do certificado X.509 en formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +#, fuzzy +#| msgid "" +#| "Please enter the full location of the file containing your X.509 " +#| "certificate in PEM format." +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Indique a rota completa ao ficheiro que contĆ©n o certificado X.509 en " +"formato PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +#, fuzzy +#| msgid "File name of your existing X.509 private key in PEM format:" +msgid "File name of your PEM format X.509 private key:" +msgstr "Nome do ficheiro coa chave privada X.509 en formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +#, fuzzy +#| msgid "" +#| "Please enter the full location of the file containing the private RSA key " +#| "matching your X.509 certificate in PEM format. This can be the same file " +#| "as the X.509 certificate." +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Indique a rota completa ao ficheiro que contĆ©n a chave privada RSA que se " +"corresponde do certificado X.509 en formato PEM. Este pode ser o mesmo " +"ficheiro que o do certificado X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +#, fuzzy +#| msgid "File name of your X.509 certificate in PEM format:" +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Nome do ficheiro do certificado X.509 en formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +#, fuzzy +#| msgid "Create a self-signed X.509 certificate?" +msgid "Create a self-signed X.509 certificate?" +msgstr "Desexa crear un certificado X.509 autoasinado?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +#, fuzzy +#| msgid "" +#| "If you do not accept this option, only the RSA private key will be " +#| "created, along with a certificate request which you will need to have " +#| "signed by a certificate authority." +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Se non acepta esta opciĆ³n sĆ³ se crearĆ” a chave privada RSA, xunto cun pedido " +"de certificado que precisarĆ” que lle asine unha autoridade de certificaciĆ³n." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +#, fuzzy +#| msgid "Country code for the X.509 certificate request:" +msgid "Country code for the X.509 certificate request:" +msgstr "CĆ³digo de paĆs para o pedido do certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +#, fuzzy +#| msgid "State or province name for the X.509 certificate request:" +msgid "State or province name for the X.509 certificate request:" +msgstr "Nome do estado ou provincia para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +#, fuzzy +#| msgid "" +#| "Please enter the full name of the state or province to include in the " +#| "certificate request." +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Indique o nome completo do estado ou provincia a incluĆr no pedido de " +"certificado." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +#, fuzzy +#| msgid "Locality name for the X.509 certificate request:" +msgid "Locality name for the X.509 certificate request:" +msgstr "Nome de localidade para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +#, fuzzy +#| msgid "Organization name for the X.509 certificate request:" +msgid "Organization name for the X.509 certificate request:" +msgstr "Nome da organizaciĆ³n para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +#, fuzzy +#| msgid "Organizational unit for the X.509 certificate request:" +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Unidade organizacional para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +#, fuzzy +#| msgid "Organizational unit for the X.509 certificate request:" +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "Unidade organizacional para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +#, fuzzy +#| msgid "Common name for the X.509 certificate request:" +msgid "Common Name for the X.509 certificate request:" +msgstr "Nome comĆŗn para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +#, fuzzy +#| msgid "Email address for the X.509 certificate request:" +msgid "Email address for the X.509 certificate request:" +msgstr "Enderezo de correo electrĆ³nico para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +#, fuzzy +#| msgid "" +#| "Please enter the email address (for the individual or organization " +#| "responsible) that should be used in the certificate request." +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Indique o enderezo de correo electrĆ³nico (do individuo ou do responsĆ”bel da " +"organizaciĆ³n) que se debe empregar no pedido de certificado." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Desexa activar a cifraxe oportunista?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Esta versiĆ³n de strongSwan soporta a cifraxe oportunista (OE) que garda a " +"informaciĆ³n de autenticaciĆ³n de IPSec en rexistros de DNS. AtĆ© que estea " +"amplamente utilizado activalo provocarĆ” un retardo significativo en cada " +"nova conexiĆ³n saĆnte." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +#, fuzzy +#| msgid "" +#| "You should only enable opportunistic encryption if you are sure you want " +#| "it. It may break the Internet connection (default route) as the pluto " +#| "daemon starts." +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"SĆ³ deberĆa activar a cifraxe oportunista se estĆ” certo de que a desexa. Pode " +"estragar a conexiĆ³n a Internet (a rota por omisiĆ³n) segundo se inicie o " +"daemon pluto." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "O daemon pluto debe estar en execuciĆ³n para soportar a versiĆ³n 1 do " +#~ "protocolo Internet Key Exchange." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "Desexa iniciar o IKEv2 de strongSwan?" + +#, fuzzy +#~| msgid "When to start strongSwan:" +#~ msgid "Do you wish to restart strongSwan?" +#~ msgstr "Cando iniciar strongSwan:" + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "Please enter the location of your X509 certificate in PEM format:" +#~ msgstr "" +#~ "Indique a rota completa ao ficheiro que contĆ©n o certificado X.509 en " +#~ "formato PEM." + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "Please enter the location of your X509 private key in PEM format:" +#~ msgstr "" +#~ "Indique a rota completa ao ficheiro que contĆ©n o certificado X.509 en " +#~ "formato PEM." + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "You may now enter the location of your X509 RootCA in PEM format:" +#~ msgstr "" +#~ "Indique a rota completa ao ficheiro que contĆ©n o certificado X.509 en " +#~ "formato PEM." + +#, fuzzy +#~| msgid "" +#~| "Please enter the two-letter ISO3166 country code that should be used in " +#~| "the certificate request." +#~ msgid "" +#~ "Please enter the 2 letter country code for your country. This code will " +#~ "be placed in the certificate request." +#~ msgstr "" +#~ "Indique o cĆ³digo de paĆs ISO3166 de dĆŗas letras que se debe empregar no " +#~ "pedido de certificado." + +#, fuzzy +#~| msgid "" +#~| "Please enter the locality name (often a city) that should be used in the " +#~| "certificate request." +#~ msgid "" +#~ "Please enter the locality (e.g. city) where you live. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Indique o nome da localidade (xeralmente unha cidade) que se debe " +#~ "empregar no pedido de certificado." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization name (often a company) that should be used " +#~| "in the certificate request." +#~ msgid "" +#~ "Please enter the organization (e.g. company) that the X509 certificate " +#~ "should be created for. This name will be placed in the certificate " +#~ "request." +#~ msgstr "" +#~ "Indique o nome da organizaciĆ³n (xeralmente unha empresa) que se debe " +#~ "empregar no pedido de certificado." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organizational unit name (often a department) that " +#~| "should be used in the certificate request." +#~ msgid "" +#~ "Please enter the organizational unit (e.g. section) that the X509 " +#~ "certificate should be created for. This name will be placed in the " +#~ "certificate request." +#~ msgstr "" +#~ "Indique o nome da unidade organizacional (xeralmente un departamento) que " +#~ "debe empregarse no pedido de certificado." + +#, fuzzy +#~| msgid "" +#~| "Please enter the common name (such as the host name of this machine) " +#~| "that should be used in the certificate request." +#~ msgid "" +#~ "Please enter the common name (e.g. the host name of this machine) for " +#~ "which the X509 certificate should be created for. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Indique o nome comĆŗn (como o nome desta mĆ”quina) que se debe empregar no " +#~ "pedido de certificado." + +#~ msgid "earliest" +#~ msgstr "o primeiro" + +#~ msgid "after NFS" +#~ msgstr "despois do NFS" + +#~ msgid "after PCMCIA" +#~ msgstr "despois do PCMCIA" + +#~ msgid "" +#~ "StrongSwan starts during system startup so that it can protect " +#~ "filesystems that are automatically mounted." +#~ msgstr "" +#~ "StrongSwan iniciase durante o arrinque do sistema de maneira que poda " +#~ "protexer sistemas de ficheiros que se monten automaticamente." + +#~ msgid "" +#~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" +#~ " PCMCIA network card, it is best to start strongSwan as soon as\n" +#~ " possible, so that NFS mounts can be secured by IPSec;\n" +#~ " * after NFS: recommended when /usr is mounted through NFS and no\n" +#~ " PCMCIA network card is used;\n" +#~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" +#~ " network card or if it needs keys to be fetched from a locally running " +#~ "DNS\n" +#~ " server with DNSSec support." +#~ msgstr "" +#~ " * o primeiro: se /usr non se monta mediante NFS e non se emprega unha\n" +#~ " tarxeta PCMCIA, Ć© mellor iniciar strongSwan tan axiƱa como se poda,\n" +#~ " para que as montaxes NFS podan asegurarse mediante IPSec,\n" +#~ " * despois do NFS: recomĆ©ndase cando /usr se monte mediante NFS e non\n" +#~ " se empregue ningunha tarxeta PCMCIA,\n" +#~ " * despois do PCMCIA: recomĆ©ndase se a conexiĆ³n IPSec emprega unha " +#~ "tarxeta\n" +#~ " de rede PCMCIA ou se fose preciso que as chaves se obteƱan desde un\n" +#~ " servidor DNS a executarse localmente con soporte para DNSSec." + +#~ msgid "" +#~ "If you don't restart strongSwan now, you should do so manually at the " +#~ "first opportunity." +#~ msgstr "" +#~ "Se non reinicia agora strongSwan deberĆa facelo manualmente en canto poda." + +#~ msgid "Create an RSA public/private keypair for this host?" +#~ msgstr "" +#~ "Desexa crear un par de chaves pĆŗblica/privada RSA para este servidor?" + +#~ msgid "" +#~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " +#~ "authenticate IPSec connections to other hosts. RSA authentication is " +#~ "generally considered more secure and is easier to administer. You can use " +#~ "PSK and RSA authentication simultaneously." +#~ msgstr "" +#~ "StrongSwan pode empregar unha chave precompartida (PSK) ou un par de " +#~ "chaves RSA para autenticar as conexiĆ³ns IPSec con outros servidores. A " +#~ "autenticaciĆ³n RSA xeralmente considĆ©rase mĆ”is segura e Ć© mĆ”is fĆ”cil de " +#~ "administrar. Pode empregar as autenticaciĆ³ns PSK e RSA Ć” vez." + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Se son quer crear un novo par de chaves pĆŗblica/privada, no seguinte paso " +#~ "pode escoller empregar unha xa existente." + +#~ msgid "" +#~ "The required information can automatically be extracted from an existing " +#~ "X.509 certificate with a matching RSA private key. Both parts can be in " +#~ "one file, if it is in PEM format. You should choose this option if you " +#~ "have such an existing certificate and key file and want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "A informaciĆ³n requirida pode extraerse automaticamente a partir dun " +#~ "certificado X.509 xa existente coa chave privada RSA que corresponda. " +#~ "Ambas as partes poden estar nun ficheiro se este estĆ” no formato PEM. " +#~ "Debe escoller esta opciĆ³n se ten tal certificado e chave e quere " +#~ "empregalo para autenticar conexiĆ³ns IPSec." + +#~ msgid "RSA key length:" +#~ msgstr "Lonxitude da chave RSA:" + +#~ msgid "" +#~ "Please enter the length of RSA key you wish to generate. A value of less " +#~ "than 1024 bits is not considered secure. A value of more than 2048 bits " +#~ "will probably affect performance." +#~ msgstr "" +#~ "Indique a lonxitude da chave RSA que desexe xerar. Os valores menores de " +#~ "1024 bits non se consideran seguros, mentres que os maiores de 2048 bits " +#~ "posibelmente afecten ao rendemento." + +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a certificate authority is needed to sign the certificate " +#~ "request." +#~ msgstr "" +#~ "SĆ³ se poden crear automaticamente certificados X.509 autoasinados, porque " +#~ "noutro caso Ć© precisa unha autoridade de certificaciĆ³n para asinar o " +#~ "pedido de certificado." + +#~ msgid "" +#~ "If you accept this option, the certificate created can be used " +#~ "immediately to connect to other IPSec hosts that support authentication " +#~ "via an X.509 certificate. However, using strongSwan's PKI features " +#~ "requires a trust path to be created by having all X.509 certificates " +#~ "signed by a single authority." +#~ msgstr "" +#~ "Se acepta esta opciĆ³n o certificado que se cree pode empregarse " +#~ "inmediatamente para conectarse con outros servidores IPSec que soporten a " +#~ "autenticaciĆ³n mediante un certificado X.509. PorĆ©n, par empregar as " +#~ "funcionalidades PKI de strongSwan requĆrese que se cree unha rota de " +#~ "confianza asinando todos os certificados X.509 por unha Ćŗnica autoridade." + +#~ msgid "" +#~ "This field is mandatory; otherwise a certificate cannot be generated." +#~ msgstr "" +#~ "Este campo Ć© obrigatorio, caso contrario non se poderĆ” xerar un " +#~ "certificado." diff --git a/debian/po/it.po b/debian/po/it.po new file mode 100644 index 000000000..3d3a5f1d8 --- /dev/null +++ b/debian/po/it.po @@ -0,0 +1,470 @@ +# Italian translation of strongswan's po-debconf file. +# Copyright (c) 2013, strongswan package copyright holder +# This file is distributed under the same license as the strongswan package. +# Vincenzo Campanella <vinz65@gmail.com>, 2010. +# Beatrice Torracca <beatricet@libero.it>, 2013. +msgid "" +msgstr "" +"Project-Id-Version: strongswan\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-11-09 13:41+0200\n" +"Last-Translator: Beatrice Torracca <beatricet@libero.it>\n" +"Language-Team: Italian <debian-l10n-italian@lists.debian.org>\n" +"Language: it\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Virtaal 0.7.1\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Vecchia gestione del runlevel sostituita" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Le versioni precedenti di strongSwan lasciavano la scelta fra tre diversi " +"livelli di avvio/arresto. A seguito dei cambiamenti nella procedura standard " +"di avvio, questo non ĆØ piĆ¹ necessario nĆ© utile. Per tutte le nuove " +"installazioni e per quelle giĆ esistenti che vengono eseguite in qualsiasi " +"modalitĆ predefinita vengono ora impostati dei livelli predefiniti " +"ragionevoli. Se si sta aggiornando da una versione precedente e si sono " +"modificati i parametri di avvio di strongSwan, consultare le NEWS.Debian su " +"come modificare le impostazioni." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Riavviare strongSwan adesso?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Ć raccomandato il riavvio di strongSwan, in quanto un'eventuale correzione " +"di sicurezza non verrĆ applicata fino al riavvio del demone. La maggior " +"parte degli utenti si attende che il demone si riavvii, per cui in genere ĆØ " +"una buona scelta. Il riavvio potrebbe perĆ² interrompere e riavviare le " +"connessioni esistenti, per cui se si sta utilizzando un tunnel strongSwan " +"per l'aggiornamento il riavvio non ĆØ raccomandabile." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "Avviare il demone charon di strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Per il supporto al protocollo Internet Key Exchange ĆØ necessario che il " +"demone charon sia in esecuzione." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Utilizzare un certificato X.509 per questo host?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Per questo host ĆØ possibile la creazione o l'importazione automatica di un " +"certificato X.509 per l'autenticazione di connessioni IPsec ad altri host; ĆØ " +"la modalitĆ preferita per la creazione di connessioni IPsec sicure. L'altra " +"possibilitĆ ĆØ l'utilizzo di password segrete condivise e identiche fra le " +"due estremitĆ del tunnel, ma il funzionamento tramite chiavi ĆØ piĆ¹ agevole " +"da amministrare per un elevato numero di connessioni e piĆ¹ sicuro." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"In alternativa ĆØ possibile rifiutare questa opzione e ritornare sulla scelta " +"in un secondo tempo, eseguendo Ā«dpkg-reconfigure strongswanĀ»." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "creare" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "importare" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"Metodi per l'utilizzo di un certificato X.509 per autenticare questo host:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Ć possibile creare un nuovo certificato X.509 con impostazioni definite " +"dall'utente, oppure importare una chiave esistente pubblica e privata " +"memorizzata in file PEM per l'autenticazione di connessioni IPsec." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Se si sceglie di creare un nuovo certificato X.509 verranno poste alcune " +"domande cui ĆØ necessario rispondere prima che la creazione venga avviata. Ć " +"da ricordare che, se si desidera che la chiave pubblica venga firmata da " +"un'autoritĆ di certificazione (CA) esistente, non si dovrebbe creare un " +"certificato auto-firmato e inoltre tutte le risposte fornite devono " +"soddisfare esattamente i requisiti della CA, in quanto altrimenti la " +"richiesta di certificato potrebbe essere rifiutata." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Se si desidera importare una chiave esistente pubblica e privata verrĆ " +"richiesto il loro nome file, che puĆ² essere identico se entrambe le parti " +"sono memorizzate insieme in un solo file. Opzionalmente si puĆ² specificare " +"un nome file in cui vengono mantenute le chiavi pubbliche dell'autoritĆ di " +"certificazione, ma in questo caso il file non puĆ² essere il medesimo dei " +"precedenti. Si presti attenzione anche al fatto che il formato dei " +"certificati X.509 deve essere PEM e che la chiave privata non deve essere " +"cifrata, altrimenti la procedura d'importazione fallirĆ ." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Nome file del proprio certificato X.509 in formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Inserire la posizione del file che contiene il proprio certificato X.509 in " +"formato PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Nome file della propria chiave privata X.509 in formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Inserire la posizione del file che contiene la chiave privata RSA " +"corrispondente al proprio certificato X.509 in formato PEM. PuĆ² essere il " +"medesimo file che contiene il certificato X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Nome file del proprio RootCA X.509 in formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Opzionalmente ĆØ possibile inserire la posizione del file che contiene " +"l'autoritĆ di certificazione root X.509 utilizzata per la firma del proprio " +"certificato in formato PEM. Se non se ne possiede uno o non si desidera " +"utilizzarlo lasciare il campo vuoto. Notare che non ĆØ possibile memorizzare " +"il RootCA nello stesso file del proprio certificato o chiave privata X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Inserire la lunghezza che la chiave RSA creata dovrĆ avere:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Inserire la lunghezza della chiave RSA creata. Non dovrebbe essere minore di " +"1024 bit, in quanto altrimenti potrebbe essere considerata insicura, nĆ© " +"superiore a 4096 bit, in quanto altrimenti rallenterebbe il processo di " +"autenticazione e al momento attuale non ĆØ una misura necessaria." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Creare un certificato X.509 auto-firmato?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Ć possibile creare automaticamente solo certificati X.509 auto-firmati, in " +"quanto altrimenti ĆØ necessario l'intervento di un'autoritĆ di certificazione " +"per firmare la richiesta di certificato. Se si sceglie di creare un " +"certificato auto-firmato ĆØ possibile utilizzarlo immediatamente per " +"collegarsi ad altri host IPsec che supportano il certificato X.509 per " +"l'autenticazione di connessioni IPsec. L'utilizzo delle funzionalitĆ PKI di " +"strongSwan richiede perĆ² che tutti i certificati vengano firmati da una " +"singola autoritĆ di certificazione per creare un percorso fidato." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Se non si sceglie di creare un certificato auto-firmato verranno create solo " +"la chiave privata RSA e la richiesta di certificato che andrĆ poi firmata " +"con l'autoritĆ di certificazione scelta." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "Codice paese per la richiesta di certificato X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Inserire il codice a due lettere corrispondente al paese in cui il server " +"risiede (per esempio, Ā«ITĀ» per l'Italia)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL rifiuterĆ di generare un certificato se il codice paese non ĆØ valido " +"e conforme a ISO-3166. Ć permesso un campo vuoto altrove nel certificato " +"X.509, ma non in questo campo." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "" +"Nome dello stato o della provincia per la richiesta di certificato X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Inserire il nome completo dello stato o della provincia in cui il server " +"risiede (per esempio, Ā«ItaliaĀ»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Nome della localitĆ per la richiesta di certificato X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Inserire il nome della localitĆ in cui il server risiede (spesso una cittĆ , " +"per esempio Ā«MilanoĀ»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Nome dell'organizzazione per la richiesta di certificato X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Inserire il nome dell'organizzazione cui il server appartiene (per esempio, " +"Ā«DebianĀ»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "UnitĆ organizzativa per la richiesta di certificato X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Inserire l'unitĆ organizzativa cui il server appartiene (per esempio, " +"Ā«gruppo sicurezzaĀ»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Nome comune host per la richiesta di certificato X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Inserire il nome comune di questo host (per esempio, Ā«gateway.example.orgĀ»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "Indirizzo e-mail per la richiesta di certificato X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Inserire l'indirizzo di posta elettronica della persona o " +"dell'organizzazione responsabile per il certificato X.509." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Abilitare la cifratura opportunistica?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Questa versione di strongSwan supporta la cifratura opportunistica (OE), la " +"quale memorizza le informazioni di autenticazione IPsec in record DNS. " +"FinchĆ© non sarĆ una soluzione largamente applicata, l'attivazione della " +"cifratura opportunistica causerĆ un ritardo significativo per ogni " +"connessione in uscita." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Si dovrebbe abilitare la cifratura opportunistica solo se lo si desidera " +"veramente. Potrebbe interrompere la connessione Internet (route predefinita) " +"durante l'avvio del demone." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "Per il supporto alla versione 1 del protocollo IKE (Internet Key " +#~ "Exchange) ĆØ necessario che il demone pluto sia in esecuzione." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "Avviare il demone di strongSwan IKEv2?" diff --git a/debian/po/ja.po b/debian/po/ja.po new file mode 100644 index 000000000..15131481a --- /dev/null +++ b/debian/po/ja.po @@ -0,0 +1,443 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan 4.4.1-4\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-02-07 21:28+0900\n" +"Last-Translator: Hideki Yamane <henrich@debian.org>\n" +"Language-Team: Japanese <debian-japanese@lists.debian.org>\n" +"Language: ja\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "仄åć®ć©ć³ć¬ćć«ē®”ēćÆäøč¦ć«ćŖćć¾ćć" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"strongSwan ććć±ć¼ćøć®ä»„åć®ćć¼ćøć§ć³ć§ćÆć3 ć¤ć®ē°ćŖć£ć Start/Stop ć¬ćć«" +"ććéøć¹ćććć«ćŖć£ć¦ćć¾ćććęØęŗć®ć·ć¹ćć čµ·åęé ćå¤ę“ćććććØć«ćć£" +"ć¦ććććÆććåæ
č¦ć§ćÆćŖććŖć£ććććććÆå½¹ē«ććŖććŖć£ćććć¦ćć¾ćććć" +"ć¾ć§äŗåå®ē¾©ććć¦ććć¢ć¼ćć§åä½ćć¦ććć®ćć®ćØåę§ć«ćę°č¦ć«ć¤ć³ć¹ćć¼ć«" +"ćććć®ćÆé©åćŖććć©ć«ćć®ć¬ćć«ćčØå®ćććććć«ćŖć£ć¦ćć¾ćć仄åć®ćć¼" +"ćøć§ć³ććć®ć¢ććć°ć¬ć¼ćć§ strongSwan ć®čµ·åćć©ć”ć¼ćæćå¤ę“ćć¦ććå “å" +"ćÆćć©ć®ććć«čØå®ćäæ®ę£ććććÆ NEWS.Debian ć®ęē¤ŗćåē
§ćć¦ćć ććć" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "strongSwan ćä»ććåčµ·åćć¾ćć?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"ć»ćć„ćŖćć£äæ®ę£ććć£ćå “åćŖć©ććć¼ć¢ć³ćåčµ·åćććć¾ć§ćÆäæ®ę£ćåę ćć" +"ćŖćć®ć§ćstrongSwan ć®åčµ·åććå§ććć¾ććå¤ćć®äŗŗćÆćć¼ć¢ć³ćåčµ·åććć®" +"ćäŗęćć¦ćć¾ćć®ć§ććććÆ大ęµć®å “ååé”ććć¾ććććććććć®ä½ę„ć§ćÆē¾" +"åØć®ę„ē¶ćäøę¦åęććć¦ććååŗ¦ē¹ććŖććććØć«ćŖćć®ć§ćä»åć®ć¢ćććć¼ć" +"ć« strongSwan ć®ćć³ćć«ćä½æć£ć¦ćććććŖå “åćÆćåčµ·åćÆćå§ććć¾ććć" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "strongSwan ć® charon ćć¼ć¢ć³ćčµ·åćć¾ćć?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Internet Key Exchange ćććć³ć«ććµćć¼ćććć«ćÆ charon ćć¼ć¢ć³ćå®č”ććć¦" +"ććåæ
č¦ćććć¾ćć" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "ćć®ćć¹ćć«åƾćć¦ X.509 čؼęęøćå©ēØćć¾ćć?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"ćć®ćć¹ćēØć« X.509 čؼęęøćčŖåēć«ēęććććÆć¤ć³ćć¼ćć§ćć¾ććä»ć®ćć¹" +"ććØć® IPSec éäæ”ć§ć®čŖčؼć«å©ēØåÆč½ć§ćć»ćć„ć¢ćŖ IPSec éäæ”ćē¢ŗē«ććę¹ę³ćØ" +"ćć¦å„½ć¾ćć¦ćć¾ććä»ć«å©ēØåÆč½ćŖę¹ę³ćØćć¦ćÆå
±ééµ (PSKććć³ćć«ć®åę¹ć§å" +"ććć¹ćÆć¼ććå©ēØćć) ćéäæ”ć®čŖčؼć«å©ēØćććØććć®ćććć¾ćććå¤ę°ć®ę„" +"ē¶ć«åƾćć¦ćÆ RSA čŖčؼć®ć»ććē®”ēćććē°”åć§ććć»ćć„ć¢ć§ćć" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"ć¾ććÆććć®éøęč¢ćéøć°ćŖćć§ććć¦ćå¾ć»ć©ćdpkg-reconfigure strongswanćć" +"å®č”ćć¦ååŗ¦å¼ć³åŗćććØćć§ćć¾ćć" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "ä½ęćć" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "ć¤ć³ćć¼ććć" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "ćć®ćć¹ććčŖčؼććć®ć«å©ēØćć X.509 čؼęęøćć©ćććć:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"ć¦ć¼ć¶ćå®ē¾©ććčØå®ć§ę°č¦ć« X.509 čؼęęøćä½ęććććØććIPsec ę„ē¶čŖčؼēØć®" +"ę¢åć® PEM ćć”ć¤ć«å½¢å¼ć§äæåććć¦ććå
¬ééµććć³ē§åÆéµćć¤ć³ćć¼ćććććØ" +"ćåÆč½ć§ćć" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"ę°č¦ć« X.509 čؼęęøćä½ćć®ćéøęććå “åćÆćä½ęćå§ććåć«ēććåæ
č¦ććć" +"č³Ŗåćć¾ć大éć«å°ćććć¾ććę¢åć®čŖčؼå±ć«ćć£ć¦ē½²åćććå
¬ééµćåæ
č¦ćŖå “" +"åćÆćčŖå·±ē½²åčŖčؼćä½ęććć®ćéøćć§ćÆćŖćććåēćÆćć¹ć¦čŖčØ¼å± (CA) ć®č¦" +"ę±é
ē®ć«å®å
Øć«äøč“ćć¦ććåæ
č¦ćććććØć«ēęćć¦ćć ćććććć§ćŖćå “å" +"ćÆćčؼęęøč¦ę±ćÆęå¦ćććććØć«ćŖćć§ćććć" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"ę¢åć®å
¬ééµććć³ē§åÆéµćć¤ć³ćć¼ććććå “åćÆććć”ć¤ć«åćå°ćććć¾ć " +"(äø”ę¹ćäøć¤ć®ćć”ć¤ć«ć«äæåććć¦ććå “åćÆå
Øćåćć«ćŖćććććć¾ćć)ćć©" +"ćć«čŖčؼå±ć®å
¬ééµćäæåććć¦ććććęå®ććććØćä»»ęć§åÆč½ć§ććććć®" +"ćć”ć¤ć«ćÆå
ć»ć©ć®ćć®ćØåćć«ćÆć§ćć¾ćććX.509 čؼęęøćÆ PEM å½¢å¼ć§ćććē§" +"åÆéµćÆęå·åććć¦ććŖćććØćåæ
č¦ćŖććØć«ćę³Øęćć ććććććŖćć°ć¤ć³ćć¼" +"ćä½ę„ćÆ失ęćć¾ćć" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "PEM å½¢å¼ć® X.509 čؼęęøć®ćć”ć¤ć«å:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "PEM å½¢å¼ć® X.509 čؼęęøćå«ćć§ćććć”ć¤ć«ć®å “ęćå
„åćć¦ćć ććć" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "PEM å½¢å¼ć® X.509 ē§åÆéµć®ćć”ć¤ć«å:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"PEM å½¢å¼ć® X.509 čؼęęøć«åƾåæćć RSA ē§åÆéµćå«ććć”ć¤ć«ć®å “ęćå
„åćć¦ć" +"ć ććććććÆ X.509 čؼęęøćå«ćć§ćććć”ć¤ć«ćØåćć§ę§ćć¾ććć" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "PEM å½¢å¼ć® X.509 ć«ć¼ć CA ć®ćć”ć¤ć«å:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"X.509 čŖčؼå±ć®ć«ć¼ććčؼęęøć«ē½²åććć®ć«ä½æć£ć PEM å½¢å¼ć®ćć”ć¤ć«ćå«ćć " +"ćć”ć¤ć«ć®å “ęćå
„åććććØćä»»ęć§åÆč½ć§ćććććęć£ć¦ććŖććććććÆå©" +"ēØććććŖććØććå “åć«ćÆćć®ę¬ćē©ŗć®ć¾ć¾ć«ćć¦ććć¦ćć ćććć«ć¼ć CA ć " +"X.509 čؼęęøćē§åÆéµćØåććć”ć¤ć«ć«äæåććć®ćÆć§ććŖćććØć«ćę³Øęćć ć" +"ćć" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "ä½ęćć RSA éµć®éµé·ćå
„åćć¦ćć ćć:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"ēęćć RSA éµć®é·ććå
„åćć¦ćć ćććå®å
Øć®ććć1024 ćććęŖęŗć«ćć¹ć" +"ć§ćÆććć¾ććć4096 ććććć大ććŖćć®ć«ććåæ
č¦ććŖćć§ććććčŖčؼććć»" +"ć¹ćé
ććŖćć¾ćććē¾ęē¹ć§ćÆććććåæ
č¦ććć¾ććć" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "čŖå·±ē½²å X.509 čؼęęøćēęćć¾ćć?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"čؼęęøč¦ę±ć«ē½²åććććć«ćÆčŖčؼå±ćåæ
č¦ćØćŖćć®ć§ćčŖåēć«č”ćć«ćÆčŖå·±ē½²å " +"X.509 čؼęęøć®ćæćēęćåÆč½ć§ććčŖå·±ē½²åčؼęęøć®ä½ęćéøćć å “åćÆćććć«" +"ćććå©ēØćć¦ćIPSec ę„ē¶ć®čŖčØ¼ć« X.509 čؼęęøćå©ēØćć¦ććä»ć® IPSec ćć¹" +"ććøć®ę„ē¶ćåÆč½ć«ćŖćć¾ććććććstrongSwan ć® PKI ę©č½ćä½æćććå “åćÆć" +"trust path ćēęććććć«åäøć®čŖčؼå±ć«ćć£ć¦ćć¹ć¦ć® X.509 čؼęęøć«ē½²åć" +"ć¦ćććåæ
č¦ćććć¾ćć" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"čŖå·±ē½²åčؼęęøćä½ęććććŖćå “åćRSA ē§åÆéµćØåƾåæććčؼęęøč¦ę±ć®ćæćä½ę" +"ćććć®ć§ćčŖčؼå±ć«åƾćć¦čؼęęøč¦ę±ć«ē½²åććć¦ćććåæ
č¦ćēćć¾ćć" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "X.509 čؼęęøč¦ę±ć«čØč¼ććå½ć³ć¼ć:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"ćµć¼ććååØććå “ęć®äŗęåć®å½ć³ć¼ć (ä¾ćć°ę„ę¬ć®å “åćÆćJPć) ćå
„åćć¦" +"ćć ććć" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL ćÆćę£č¦ć® ISO-3166 å½ć³ć¼ććē”ććØčؼęęøć®ēęćęå¦ćć¾ććX.509 " +"čؼęęøć«ććć¦ćä»ć®ćć£ć¼ć«ćć«ć¤ćć¦ćÆē©ŗć§ćę§ćć¾ććććććć«ć¤ćć¦ćÆčر" +"åÆććć¦ćć¾ććć" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "X.509 čؼęęøč¦ę±ć«čØč¼ććé½éåŗēå:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "ćµć¼ćęåØå°ć®é½éåŗēå (ä¾:ćTokyoć)ćå
„åćć¦ćć ććć" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "X.509 čؼęęøč¦ę±ć«čØč¼ććå°åå:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "ćµć¼ćęåØå° (大ęµćÆćShinjukućć®ćććŖåøåŗå)ćå
„åćć¦ćć ććć" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "X.509 čؼęęøč¦ę±ć«čØč¼ććēµē¹å:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "ćµć¼ććęå±ććēµē¹ (ćDebianććŖć©) ćå
„åćć¦ćć ććć" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "X.509 čؼęęøč¦ę±ć«čØč¼ććéØē½²å:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "ćµć¼ććęå±ććéØē½²å (ćsecurity groupććŖć©) ćå
„åćć¦ćć ććć" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "X.509 čؼęęøč¦ę±ć«čØč¼ććć³ć¢ć³ćć¼ć :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"ćć®ćć¹ćēØć® (ćgateway.example.orgćć®ćććŖ) ć³ć¢ć³ćć¼ć ćå
„åćć¦ćć ć" +"ćć" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "X.509 čؼęęøč¦ę±ć«čØč¼ććć”ć¼ć«ć¢ćć¬ć¹:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"X.509 čؼęęøć«ć¤ćć¦ć®åƾåæćč”ććåäŗŗććććÆå£ä½ć®ć”ć¼ć«ć¢ćć¬ć¹ćå
„åćć¦" +"ćć ććć" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "opportunistic encryption ćęå¹ć«ćć¾ćć?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"ćć®ćć¼ćøć§ć³ć® strongSwan ćÆ opportunistic encryption (OE) ććµćć¼ććć¦ć" +"ć¾ććOE ćÆ IPSec čŖčؼę
å ±ć DNS ć¬ć³ć¼ćć«å«ćććć®ć§ćććććåŗćé©ēØćć" +"ćććć«ćŖćć¾ć§ćÆććććęå¹ć«ćććØå
Øć¦ć®ę°č¦ć®å¤éØę„ē¶ć«čććé
延ćå¼ć" +"čµ·ććć¾ćć" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"opportunistic encryption ćęå¹ć«ććć®ćÆćę¬å½ć«å©ēØććććØčććęć®ćæć«ć" +"ć¹ćć§ćććć®čØå®ćÆććć¼ć¢ć³ć®čµ·åćŖć©ć¤ć³ćæć¼ćććę„ē¶ (ććć©ć«ćć«ć¼ć) " +"ćåęććåÆč½ę§ćććć¾ćć" diff --git a/debian/po/nb.po b/debian/po/nb.po new file mode 100644 index 000000000..674e317c5 --- /dev/null +++ b/debian/po/nb.po @@ -0,0 +1,659 @@ +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# BjĆørn Steensrud <bjornst@skogkatt.homelinux.org>, 2009, 2012, 2013. +msgid "" +msgstr "" +"Project-Id-Version: nb\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-10-06 17:37+0200\n" +"Last-Translator: BjĆørn Steensrud <bjornst@skogkatt.homelinux.org>\n" +"Language-Team: Norwegian BokmĆ„l <i18n-nb@lister.ping.uio.no>\n" +"Language: nb\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.5\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Gammel kjĆørenivĆ„styring erstattet" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Tidligere versjoner av strongSwan-pakka ga et valg mellom tre forskjellige " +"nivĆ„er for start/stopp. PĆ„ grunn av endringer i standard oppstartsprosedyre " +"for systemet er dette ikke lenger verken nĆødvendig eller nyttig. Det blir nĆ„ " +"satt opp fornuftige standardnivĆ„er bĆ„de for nye installasjoner og for gamle " +"som kjĆører pĆ„ en av de forhĆ„ndsinnstilte nivĆ„ene. Hvis du er i ferd med Ć„ " +"oppgradere fra en tidligere versjon og har endret oppstartsparametrene for " +"strongSwan, kan du lese NEWS.Debian for Ć„ finne ut hvordan du kan endre " +"oppsettet ditt tilsvarende." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr " Start strongSwan pĆ„ nytt nĆ„" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Det anbefales Ć„ starte strongSwan pĆ„ nytt nĆ„, for om det var en " +"sikkerhetsrettelse, sĆ„ fĆ„r den ikke effekt fĆør daemonen startes pĆ„ nytt. " +"Imidlertid kan dette lukke eksisterende forbindelser og deretter koble dem " +"opp igjen, sĆ„ hvis du bruker en slik strongSwan-tilkobling for denne " +"oppdateringen er det best Ć„ ikke starte pĆ„ nytt." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "Skal strongSwans charon-daemon startes?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Charon-daemonen mĆ„ kjĆøre for Ć„ kunne stĆøtte versjon 2 av Internet Key " +"Exchange-protokollen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Skal et X.509-sertifikat brukes for denne vertsmaskinen?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Et X.509-sertifikat for denne verten kan importeres eller lages automatisk. " +"Det kan brukes til Ć„ autentisere IPSec-tilkoblinger til andre verter og er " +"den foretrukne mĆ„ten Ć„ bygge opp sikre IPSec-tilkoblinger. Den andre " +"muligheten er Ć„ bruke felles hemmeligheter (passord som er de samme pĆ„ begge " +"sider av tunnelen) til Ć„ autentisere en tilkobling, men for stĆørre antall " +"tilkoblinger er det lettere Ć„ administrere nĆøkkel-basert autentisering, og " +"det er ogsĆ„ sikrere." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Du kan ogsĆ„ avvise dette valget og senere bruke kommandoen Ā«dpkg -" +"reconfigure strongswanĀ» for Ć„ komme tilbake hit." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "opprett" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "importer" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"Metoder for Ć„ bruke et X.509-sertifikat til Ć„ autentisere denne verten:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Det er mulig Ć„ opprette et nytt X.509-sertifikat med brukerdefinerte " +"innstillinger, eller Ć„ importere en eksisterende offentlig og privat nĆøkkel " +"lagret i PEM-fil(er) til Ć„ autentisere IPSec-tilkoblinger." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Hvis du velger Ć„ opprette et nytt X.509-sertifikat blir det fĆørst stilt noen " +"spĆørsmĆ„l som du mĆ„ svare pĆ„ fĆør det kan lages et sertifikat. Husk pĆ„ at hvis " +"du vil at en eksisterende sertifikatutsteder (CA) skal signere den " +"offentlige nĆøkkelen, sĆ„ mĆ„ du ikke lage et selvsignert sertifikat, og alle " +"svarene du gir mĆ„ stemme nĆøyaktig overens med CA-ens krav, ellers kan " +"sertifikatsĆøknaden bli avvist." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Hvis du vil importere en eksisterende offentlig og privat nĆøkkel blir du " +"spurt etter filnavnene, som kan vƦre samme navn hvis begge nĆøklene er lagret " +"i Ć©n fil. Du kan ogsĆ„ om du vil oppgi et filnavn der offentlig(e) nĆøkkel/" +"nĆøkler for sertifikatutstederen er lagret, men dette kan ikke vƦre samme fil " +"som de forrige. VƦr ogsĆ„ oppmerksom pĆ„ at formatet for X.509-sertifikatene " +"mĆ„ vƦre PEM og at den private nĆøkkelen ikke mĆ„ vƦre kryptert, ellers kan " +"nĆøklene ikke importeres." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Filnavn for ditt X.509-sertifikat i PEM-format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Skriv inn stien til fila som inneholder ditt X.509-sertifikat i PEM-format." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Filnavn for din eksisterende private X.509-nĆøkkel i PEM-format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Skriv inn sti til fila som inneholder den private nĆøkkelen som tilsvarer " +"ditt X.509-sertifikat i PEM-format. Dette kan vƦre den samme fila som X.509-" +"sertifikatet." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Filnavn for ditt rot-sertifikat i PEM-format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Om du vil kan du nĆ„ skrive inn stien til fila som inneholder rotsertifikatet " +"til den sertifikatutstederen som brukes til Ć„ signere ditt sertifikat, i PEM-" +"format. Hvis du ikke har ett eller ikke vil bruke det, sĆ„ la det vƦre tomt. " +"Merk at det ikke er mulig Ć„ lagre rot-sertifikatet (RootCA) i samme fil som " +"ditt X.509-sertifikat eller provate nĆøkkel." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Skriv inn hvilken lengde det skal vƦre pĆ„ den genererte RSA-nĆøkkelen:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Skriv inn lengden for den RSA-nĆøkkelen som blir laget. Den bĆør ikke vƦre " +"kortere enn 1024 bit fordi dette blir betraktet som usikkert, og du trenger " +"antakelig ikke mer enn 4096 bit fordi det bare forsinker " +"autentiseringsprosessen og ikke trengs nĆ„." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Skal det lages et selvsignert X.509-sertifikat?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Bare selvsignerte X.509-sertifikater kan opprettes automatisk, fordi ellers " +"mĆ„ en sertifikatutsteder (CA) signere sertifikatsĆøknaden. Hvis du velger Ć„ " +"lage et selvsignert sertifikat, kan du straks bruke det til Ć„ koble til " +"andre IPSec-verter som stĆøtter X.509-sertifikater for autentisering av IPSec-" +"tilkoblinger. Men bruk av strongSwans PKI-funksjoner krever at alle " +"sertifikater mĆ„ vƦre signert av en enkelt sertifikatutsteder for Ć„ lage en " +"tiltrodd kjede." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Hvis du velger Ć„ ikke lage et selvsignert sertifikat, sĆ„ blir bare en privat " +"RSA-nĆøkkel opprettet, sammen med en sertifikatsĆøknad som du mĆ„ signere med " +"din CA (Certificate Authority)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "Landskode for X.509-sertifikatsĆøknaden:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Skriv inn to-bokstavskoden for landet der tjeneren holder til (slik som Ā«NOĀ» " +"for Norge)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL vil ikke lage et sertifikat hvis dette ikke er en gyldig landskode i " +"fĆølge ISO-3166, tomme felter godtas andre steder i X.509-sertifikatet, men " +"ikke her." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Stat eller provinsnavn for X.509-sertifikatsĆøknaden:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Skriv inn fullt navn pĆ„ stat eller provins der tjeneren holder til (f.eks. " +"Ā«TromsĀ»)" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Stedsnavn for X.509-sertifikatsĆøknaden:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Skriv inn navnet pĆ„ stedet der tjeneren holder til (ofte en by, slik som " +"Ā«TromsĆøĀ»)" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Organisasjonsnavn for X.509-sertifikatsĆøknaden:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "Skriv inn organisasjonen som tjeneren tilhĆører (slik som Ā«DebianĀ»)" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Organisasjonsenhet for X.509-sertifikatsĆøknaden:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Skriv inn organisasjonsenhet som tjeneren tilhĆører (slik som " +"Ā«sikkerhetsgruppaĀ»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Entydig navn for X.509-sertifikatsĆøknaden:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Skriv inn entydig navn for denne verten (slik som Ā«gateway.example.orgĀ»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "E-postadresse for X.509-sertifikatsĆøknaden:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Oppgi e-postadressen til person eller organisasjon som er ansvarlig for " +"X.509-sertifikatet." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "SlĆ„ pĆ„ opportunistisk kryptering?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Denne versjonen av strongSwan stĆøtter opportunistisk kryptering (OE), som " +"lagrer autentiseringsinformasjon for IPSec i DNS-data. Inntil dette er tatt " +"i vanlig bruk vil det gi en betydelig forsinkelse for hver ny utgĆ„ende " +"tilkobling hvis dette er aktivert." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Du bĆør bare slĆ„ pĆ„ opportunistisk kryptering hvis du er sikker pĆ„ at du vil " +"ha det. Det kan koble ut Internett-forbindelsen (standardruten) nĆ„r daemonen " +"starter." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "Pluto-daemonen mĆ„ kjĆøre for Ć„ kunne stĆøtte versjon 1 av Internet Key " +#~ "Exchange-protokollen." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "Skal strongSwans IKEv2-daemon startes?" + +#, fuzzy +#~| msgid "When to start strongSwan:" +#~ msgid "Do you wish to restart strongSwan?" +#~ msgstr "NĆ„r strongSwan skal startes:" + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "Please enter the location of your X509 certificate in PEM format:" +#~ msgstr "" +#~ "Oppgi full sti til fila som inneholder ditt X.509-sertifikat i PEM-format." + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "Please enter the location of your X509 private key in PEM format:" +#~ msgstr "" +#~ "Oppgi full sti til fila som inneholder ditt X.509-sertifikat i PEM-format." + +#, fuzzy +#~| msgid "" +#~| "Please enter the full location of the file containing your X.509 " +#~| "certificate in PEM format." +#~ msgid "You may now enter the location of your X509 RootCA in PEM format:" +#~ msgstr "" +#~ "Oppgi full sti til fila som inneholder ditt X.509-sertifikat i PEM-format." + +#, fuzzy +#~| msgid "" +#~| "Please enter the two-letter ISO3166 country code that should be used in " +#~| "the certificate request." +#~ msgid "" +#~ "Please enter the 2 letter country code for your country. This code will " +#~ "be placed in the certificate request." +#~ msgstr "" +#~ "Oppgi tobokstavers ISO3166 landskode som skal brukes i sertifikatsĆøknaden." + +#, fuzzy +#~| msgid "" +#~| "Please enter the locality name (often a city) that should be used in the " +#~| "certificate request." +#~ msgid "" +#~ "Please enter the locality (e.g. city) where you live. This name will be " +#~ "placed in the certificate request." +#~ msgstr "Oppgi stedsnavn (ofte en by) som skal brukes i sertifikatsĆøknaden." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization name (often a company) that should be used " +#~| "in the certificate request." +#~ msgid "" +#~ "Please enter the organization (e.g. company) that the X509 certificate " +#~ "should be created for. This name will be placed in the certificate " +#~ "request." +#~ msgstr "" +#~ "Oppgi organisasjonsnavn (ofte et firma) som skal brukes i " +#~ "sertifikatsĆøknaden." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organizational unit name (often a department) that " +#~| "should be used in the certificate request." +#~ msgid "" +#~ "Please enter the organizational unit (e.g. section) that the X509 " +#~ "certificate should be created for. This name will be placed in the " +#~ "certificate request." +#~ msgstr "" +#~ "Oppgi organisasjonsenhet (ofte en avdeling som skal brukes i " +#~ "sertifikatsĆøknaden." + +#, fuzzy +#~| msgid "" +#~| "Please enter the common name (such as the host name of this machine) " +#~| "that should be used in the certificate request." +#~ msgid "" +#~ "Please enter the common name (e.g. the host name of this machine) for " +#~ "which the X509 certificate should be created for. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Oppgi vanlig navn (slik som vertsnavnet pĆ„ denne maskinen) som skal " +#~ "brukes i sertifikatsĆøknaden." + +#~ msgid "earliest" +#~ msgstr "tidligst" + +#~ msgid "after NFS" +#~ msgstr "etter NFS" + +#~ msgid "after PCMCIA" +#~ msgstr "etter PCMCIA" + +#~ msgid "" +#~ "StrongSwan starts during system startup so that it can protect " +#~ "filesystems that are automatically mounted." +#~ msgstr "" +#~ "StrongSwan starter under systemoppstart, slik at det kan beskytte " +#~ "filsystemer som monteres automatisk." + +#~ msgid "" +#~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" +#~ " PCMCIA network card, it is best to start strongSwan as soon as\n" +#~ " possible, so that NFS mounts can be secured by IPSec;\n" +#~ " * after NFS: recommended when /usr is mounted through NFS and no\n" +#~ " PCMCIA network card is used;\n" +#~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" +#~ " network card or if it needs keys to be fetched from a locally running " +#~ "DNS\n" +#~ " server with DNSSec support." +#~ msgstr "" +#~ " * tidligst: hvis /usr ikke monteres via NFS og du ikke bruker et\n" +#~ " PCMCIA nettverkskort, sĆ„ er det best Ć„ starte strongSwan\n" +#~ " snarest mulig, slik at NFS-montering kan sikres med IPSec;\n" +#~ " * etter NFS: anbefales nĆ„r /usr monteres via NFS og det ikke\n" +#~ " brukes noe PCMCIA nettverkskort.\n" +#~ " * etter PCMCIA: anbefales hvis IPSec-tilkoblingen bruker et PCMCIA\n" +#~ " nettverkskort eller om den trenger Ć„ hente nĆøkler fra en lokal\n" +#~ " DNS-tjener med DNSSec-stĆøtte. " + +#~ msgid "" +#~ "If you don't restart strongSwan now, you should do so manually at the " +#~ "first opportunity." +#~ msgstr "" +#~ "Hvis du ikke gjĆør en omstart pĆ„ strongSwan nĆ„, sĆ„ bĆør du gjĆøre det " +#~ "manuelt ved fĆørste anledning." + +#~ msgid "Create an RSA public/private keypair for this host?" +#~ msgstr "Skal det lages et offentlig/privat RSA-nĆøkkelpar for denne verten?" + +#~ msgid "" +#~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " +#~ "authenticate IPSec connections to other hosts. RSA authentication is " +#~ "generally considered more secure and is easier to administer. You can use " +#~ "PSK and RSA authentication simultaneously." +#~ msgstr "" +#~ "StrongSwan kan bruke en delt nĆøkkel (PSK) eller et RSA-nĆøkkelpar for Ć„ " +#~ "autentisere IPSec-forbindelser til andre verter. RSA-autentisering " +#~ "betraktes for det meste som sikrere og lettere Ć„ administrere. Du kan " +#~ "bruke PSK og RSA-autentisering samtidig." + +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "Hvis du ikke vil lage et nytt offentlig/privat nĆøkkelpar, sĆ„ kan du velge " +#~ "Ć„ bruke et eksisterende nĆøkkelpar i neste steg." + +#~ msgid "" +#~ "The required information can automatically be extracted from an existing " +#~ "X.509 certificate with a matching RSA private key. Both parts can be in " +#~ "one file, if it is in PEM format. You should choose this option if you " +#~ "have such an existing certificate and key file and want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "Den informasjonen som trengs kan hentes automatisk fra et eksisterende " +#~ "X.509-sertifikat med tilhĆørende privat RSA-nĆøkkel. Begge deler kan vƦre i " +#~ "Ć©n fil, hvis den er i PEM-format. Du bĆør velge dette hvis du har et slikt " +#~ "sertifikat og vil bruke det til Ć„ autentisere IPSec-forbindelser." + +#~ msgid "RSA key length:" +#~ msgstr "RSA nĆøkkellengde:" + +#~ msgid "" +#~ "Please enter the length of RSA key you wish to generate. A value of less " +#~ "than 1024 bits is not considered secure. A value of more than 2048 bits " +#~ "will probably affect performance." +#~ msgstr "" +#~ "Oppgi lengde for RSA-nĆøkkelen du vil opprette. Kortere nĆøkler enn 1024 " +#~ "bit betraktes ikke som sikre. En nĆøkkellengde pĆ„ mer enn 2048 bit vil " +#~ "antakelig gĆ„ ut over ytelsen." + +#~ msgid "" +#~ "Only self-signed X.509 certificates can be created automatically, because " +#~ "otherwise a certificate authority is needed to sign the certificate " +#~ "request." +#~ msgstr "" +#~ "Bare selvsignerte X.509-sertifikater kan lages automatisk, for ellers mĆ„ " +#~ "en sertifikatutsteder signere sertifikatsĆøknaden." + +#~ msgid "" +#~ "If you accept this option, the certificate created can be used " +#~ "immediately to connect to other IPSec hosts that support authentication " +#~ "via an X.509 certificate. However, using strongSwan's PKI features " +#~ "requires a trust path to be created by having all X.509 certificates " +#~ "signed by a single authority." +#~ msgstr "" +#~ "Hvis du godtar dette, sĆ„ kan det sertifikatet som lages bli brukt straks " +#~ "til Ć„ kople til andre IPSec-verter som stĆøtter autentisering via et X.509-" +#~ "sertifikat. Men om strongSwans PKI-del skal brukes, mĆ„ det lages en " +#~ "tillitskjede ved at alle X.509-sertifikatene signeres av en enkelt " +#~ "utsteder." + +#~ msgid "" +#~ "This field is mandatory; otherwise a certificate cannot be generated." +#~ msgstr "" +#~ "Dette feltet er obligatorisk, uten det kan det ikke lages et sertifikat." diff --git a/debian/po/nl.po b/debian/po/nl.po new file mode 100644 index 000000000..77adcc076 --- /dev/null +++ b/debian/po/nl.po @@ -0,0 +1,461 @@ +# Dutch translation of strongswan debconf templates. +# Copyright (C) 2005-2011 THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the strongswan package. +# Luk Claes <luk.claes@ugent.be>, 2005 +# Kurt De Bree <kdebree@telenet.be>, 2006. +# Jeroen Schot <schot@a-eskwadraat.nl>, 2011. +# Frans Spiesschaert <Frans.Spiesschaert@yucom.be>, 2014. +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan 4.5.0-1\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2014-09-24 18:39+0200\n" +"Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n" +"Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n" +"Language: nl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Het oude runlevel-beheer is vervangen" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Vorige versies van het strongSwan-pakket gaven de keuze tussen drie " +"verschillende Start/Stop-niveaus. Vanwege veranderingen aan de standaard " +"opstartprocedure van het systeem is dit niet langer nodig of nuttig. Er " +"worden nu logische standaardwaardes ingesteld voor zowel nieuwe installaties " +"als oude waarvoor Ć©Ć©n van de keuzes is gemaakt. Als u opwaardeert van een " +"vorige versie en uw strongSwan-opstartparameters heeft aangepast vindt u in " +"NEWS.Debian instructies over het aanpassen van uw opstelling." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "StrongSwan nu herstarten?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"U wordt aanbevolen om strongSwan te herstarten, want indien deze nieuwe " +"versie veiligheidsproblemen verhelpt worden deze pas echt opgelost bij een " +"herstart van de achtergronddienst. De meeste mensen verwachten dat de " +"achtergronddienst herstart, dus dit is meestal een goed idee. Hoewel, dit " +"kan bestaande verbindingen verbreken en ze dan opnieuw herstellen. Dus als u " +"een strongSwan-tunnel gebruikt voor deze verbinding kunt u beter niet " +"herstarten." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "Charon-achtergronddienst van strongSwan starten?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"De charon-achtergronddienst moet actief zijn om het Internet Key Exchange " +"protocol te ondersteunen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Moet er een X.509-certificaat voor deze computer gebruikt worden?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Een X.509-certificaat voor deze computer kan automatisch worden aangemaakt " +"of geĆÆmporteerd. Deze kan worden gebruikt voor het authenticeren van IPsec-" +"verbindingen naar andere computers en is de beste manier om veilige IPsec-" +"verbindingen op te bouwen. Een andere mogelijkheid is om het gebruik van " +"shared secrets (wachtwoorden die hetzelfde zijn aan beide kanten van de " +"tunnel) voor het authenticeren van een verbinding, maar voor een groter " +"aantal verbindingen is authenticatie gebaseerd op sleutels makkelijker om te " +"beheren en veiliger." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"U kunt deze optie ook weigeren en op een later moment hier terug komen met " +"het commando \"dpkg-reconfigure strongswan\"." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "aanmaken" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "importeren" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"Methodes bij het gebruik van een X.509-certificaat voor authenticatie van " +"deze computer:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"U kunt een nieuw X.509-certificaat aanmaken met eigen instellingen of een " +"bestaand sleutelpaar in PEM-indeling importeren voor de authenticatie van " +"IPsec-verbindingen." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Als u ervoor kiest om een nieuw X.509-certificaat te maken zal u antwoord " +"moeten geven op een aantal vragen voordat het aanmaken kan beginnen. Wanneer " +"u uw publieke sleutel door een bestaande certificaat-autoriteit (CA) wilt " +"laten ondertekenen moet u niet voor een door uzelf getekend certificaat " +"kiezen. Ook moet u er op letten dat al uw antwoorden voldoen aan de eisen " +"van deze CA om te voorkomen dat deze uw ondertekeningsaanvraag zal weigeren." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Als u een bestaand sleutelpaar wilt importeren zal u gevraagd worden naar " +"hun bestandsnamen (deze kunnen hetzelfde zijn als beide delen in Ć©Ć©n bestand " +"zijn opgeslagen). U krijgt daarna ook de mogelijkheid om de bestandsnaam van " +"de publieke sleutel(s) van de certificaat-autoriteit op te geven. Dit moet " +"wel een ander bestand zijn. Let er ook op dat de X.509-certificaten in PEM-" +"indeling moeten zijn en dat de geheime sleutel niet versleuteld mag zijn, " +"anders zal de import-procedure mislukken." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Bestandsnaam van uw X.509-certificaat in PEM-indeling:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Geef de volledige locatie van het bestand dat uw X.509-certificaat in PEM-" +"indeling bevat." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Bestandsnaam van uw geheime X.509-sleutel in PEM-indeling:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Geef de volledige locatie van het bestand dat uw geheime RSA-sleutel bevat " +"die behoort bij uw X.509-certificaat in PEM-indeling. Dit kan hetzelfde " +"bestand zijn als dat wat uw X.509-certificaat bevat." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Bestandsnaam van uw X.509-RootCA in PEM-indeling:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"U heeft nu de mogelijkheid om de locatie van het bestand (in PEM-indeling) " +"op te geven dat het X.509-certificaat van de certificaat-autoriteit bevat " +"waarmee uw certificaat wordt ondertekend. Als u deze niet heeft of als u " +"geen gebruik wilt maken van deze mogelijkheid dient u het veld leeg te " +"laten. Let op: Het is niet mogelijk om de RootCA in hetzelfde bestand te " +"bewaren als uw X.509-certificaat of geheime sleutel." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Geef de lengte voor de aan te maken RSA-sleutel:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Geef de lengte van de aan te maken RSA-sleutel. Die mag niet minder dan 1024 " +"bits zijn omdat dit als onveilig wordt beschouwd en u zult waarschijnlijk " +"niet meer dan 4096 bits nodig hebben omdat het enkel het authenticatieproces " +"vertraagt en op dit moment niet nodig is." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Wilt u een door uzelf getekend X.509-certificaat aanmaken?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Deze installatie kan enkel een door uzelf getekend X.509-certificaat " +"automatisch aanmaken omdat anders een certificaat-autoriteit nodig is om de " +"certificaataanvraag te tekenen. Als u een door uzelf getekend certificaat " +"wilt aanmaken, dan kunt u het onmiddellijk gebruiken om een verbinding te " +"leggen met andere IPsec-hosts die X.509-certificaten ondersteunen voor IPSec-" +"verbindingen. Als u echter strongSwan's PKI-mogelijkheden wilt gebruiken, " +"dan zult u alle X.509-certificaten moeten laten tekenen door Ć©Ć©n enkele " +"certificaat-autoriteit om een vertrouwenspad aan te maken." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Als u geen door uzelf getekend certificaat wilt aanmaken, dan zullen enkel " +"de geheime RSA-sleutel en de certificaataanvraag worden aangemaakt en zult u " +"de certificaataanvraag moeten laten tekenen door uw certificaat-autoriteit." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "Landcode van de X.509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Geef de tweeletterige code voor het land waarin de server staat (zoals \"NL" +"\" voor Nederland)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL zal geen certificaat genereren als dit niet een geldige landcode uit " +"ISO-3166 is. Voor andere velden van het X.509-certificaat is het toegestaan " +"om ze leeg te laten, maar niet voor dit veld." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Staat of provincie voor de X.509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Geef de volledige naam van de staat of provincie waarin de server staat " +"(zoals \"Noord-Holland\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Plaatsnaam voor de X.509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Geef de plaats waar de server staat (vaak een stad zoals \"Amsterdam\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Naam van de organisatie voor de X.509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Geef op van welke organisatie deze server deel uitmaakt (zoals \"Debian\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Organisatie-eenheid voor de X.509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Geef op van welke organisatie-eenheid deze server deel uitmaakt (zoals " +"\"Afdeling beveiliging\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Naam (Common Name) voor de X.509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Geef de naam (Common Name) voor deze computer op (zoals \"gateway.example.org" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "E-mailadres voor de X.509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Geef het e-mailadres van de persoon of organisatie die verantwoordelijk is " +"voor het X.509-certificaat." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Wilt u opportunistische encryptie inschakelen?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Deze versie van strongSwan ondersteunt opportunistische versleuteling (OE), " +"welke IPsec-authenticatie-informatie opslaat in DNS-velden. Totdat dit op " +"grote schaal wordt toegepast zal het inschakelen hiervan voor een " +"significante vertraging zorgen voor nieuwe verbindingen." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Schakel opportunistische versleuteling alleen in als u er zeker van bent dat " +"u dit wilt. Het kan er voor zorgen dat uw internetverbinding " +"(standaardroute) niet meer werkt zodra de achtergronddienst opstart." + diff --git a/debian/po/pl.po b/debian/po/pl.po new file mode 100644 index 000000000..7d3a3fd26 --- /dev/null +++ b/debian/po/pl.po @@ -0,0 +1,485 @@ +# Copyright (C) 2010 +# This file is distributed under the same license as the strongswan package. +# +# MichaÅ KuÅach <michal.kulach@gmail.com>, 2012. +msgid "" +msgstr "" +"Project-Id-Version: \n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2012-01-31 15:36+0100\n" +"Last-Translator: MichaÅ KuÅach <michal.kulach@gmail.com>\n" +"Language-Team: Polish <debian-l10n-polish@lists.debian.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.2\n" +"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " +"|| n%100>=20) ? 1 : 2);\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "ZastÄ
piono stare zarzÄ
dzanie poziomami uruchamiania" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Poprzednie wersje pakietu strongSwan umożliwiaÅy wybĆ³r pomiÄdzy trzema " +"rĆ³Å¼nymi Start/Stop-Level. Z powodu zmian w procedurze uruchamiania systemu " +"podstawowego nie jest to dÅużej ani potrzebne, ani użyteczne. W przypadku " +"zarĆ³wnowszystkich nowych instalacji, jak i starych z ktĆ³rymÅ z dziaÅajÄ
cych " +"trybĆ³w predefiniowanych, zostanÄ
przyjÄte domyÅlne, rozsÄ
dne poziomy. JeÅli " +"jest to aktualizacja z poprzedniej wersji i zmieniono parametry uruchamiania " +"strongSwan, proszÄ zapoznaÄ siÄ z plikiem NEWS.Debian, aby dowiedzieÄ siÄ " +"jak odpowiednio zmodyfikowaÄ swojÄ
konfiguracjÄ." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "ZrestartowaÄ strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Restart strongSwan jest zalecany, ponieważ jest to poprawka bezpieczeÅstwa, " +"ktĆ³ra nie zostanie uwzglÄdniona przed zrestartowaniem demona. WiÄkszoÅÄ " +"użytkownikĆ³w oczekuje restartu demona, wiÄc jest to z reguÅy dobry pomysÅ. Z " +"drugiej strony może spowodowaÄ zerwanie i ponowne nawiÄ
zanie istniejÄ
cych " +"poÅÄ
czeÅ, wiÄc jeÅli aktualizacja jest przeprowadzana przez tunel " +"strongSwan, restartowanie nie jest wskazane." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +#, fuzzy +#| msgid "Start strongSwan's IKEv1 daemon?" +msgid "Start strongSwan's charon daemon?" +msgstr "UruchomiÄ demona IKEv1 strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +#, fuzzy +#| msgid "" +#| "The charon daemon must be running to support version 2 of the Internet " +#| "Key Exchange protocol." +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Demon charon musi byÄ uruchomiony, aby obsÅużyÄ 2 wersjÄ protokoÅu Internet " +"Key Exchange." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "UżyÄ certyfikatu X.509 dla tego komputera?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Certyfikat X.509 dla tego komputera może byÄ automatycznie utworzony lub " +"zaimportowany. Może zostaÄ wykorzystany do uwierzytelnienia poÅÄ
czeÅ IPsec " +"do innych hostĆ³w i jest zalecanÄ
metodÄ
tworzenia bezpiecznych poÅÄ
czeÅ " +"IPsec. InnÄ
możliwoÅciÄ
jest użycie takich samych haseÅ znanych obu stronom " +"tunelu (ang. shared secret) do uwierzytelnienia poÅÄ
czenia, ale przy " +"wiÄkszej liczbie poÅÄ
czeÅ Åatwiej jest zarzÄ
dzaÄ uwierzytelnieniem za pomocÄ
" +"kluczy; jest to rĆ³wnież bezpieczniejsze." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Można rĆ³wnież wybraÄ \"nie\" i użyÄ pĆ³Åŗniej polecenia \"dpkg-reconfigure " +"strongswan\", aby powrĆ³ciÄ do niniejszego wyboru opcji." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "utwĆ³rz" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "zaimportuj" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "Metody używajÄ
ce certyfikatu X.509 do uwierzytelniania tego komputera:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Istnieje możliwoÅÄ stworzenia nowego certyfikatu X.509 z ustawieniami " +"użytkownika lub zaimportowania istniejÄ
cego klucza publicznego i prywatnego " +"z pliku/plikĆ³w PEM do uwierzytelniania poÅÄ
czeÅ IPsec." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"JeÅli zostanie wybrana opcja stworzenia nowego certyfikatu X.509, najpierw " +"zostanÄ
zadane pytania, na ktĆ³re bÄdzie trzeba odpowiedzieÄ przed " +"uruchomieniem procesu tworzenia certyfikatu. ProszÄ wziÄ
Ä pod uwagÄ, że aby " +"używaÄ klucza publicznego podpisanego przez istniejÄ
cy oÅrodek certyfikacji " +"(CA), nie powinno siÄ wybieraÄ opcji tworzenia podpisanego przez siebie " +"samego (ang. self-signed) certyfikatu, a wszystkie odpowiedzi muszÄ
idealnie " +"speÅniaÄ wymagania CA, w innym przypadku bowiem, certyfikat może zostaÄ " +"odrzucony." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"W przypadku importowania istniejÄ
cego klucza publicznego i prywatnego, " +"pojawiÄ
siÄ pytania o ich nazwy (mogÄ
byÄ identyczne, jeÅli obie czÄÅci sÄ
" +"przechowywane w jednym pliku). Opcjonalnie, można rĆ³wnież okreÅliÄ nazwÄ " +"pliku, gdzie bÄdzie przechowywany klucz (lub klucze) publiczny oÅrodka " +"certyfikacji (CA), nie może byÄ jednak taka sama jak dwie poprzednie. ProszÄ " +"zauważyÄ, że formatem certyfikatĆ³w X.509 musi byÄ PEM, a klucz prywatny nie " +"może byÄ zaszyfrowany - w przeciwnym wypadku procedura zakoÅczy siÄ " +"niepowodzeniem." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Nazwa pliku certyfikatu X.509 użytkownika, w formacie PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"ProszÄ okreÅliÄ poÅożenie pliku zawierajÄ
cego certyfikat X.509 w formacie " +"PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Nazwa pliku klucza prywatnego X.509 użytkownika, w formacie PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"ProszÄ okreÅliÄ poÅożenie pliku zawierajÄ
cego certyfikat klucza publicznego " +"RSA użytkownika, odpowiadajÄ
cego certyfikatowi X.509 użytkownika w formacie " +"PEM. Może byÄ to ten sam plik, ktĆ³ry zawiera certyfikat X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Nazwa pliku X.509 RootCA użytkownika, w formacie PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Opcjonalnie, można teraz podaÄ lokalizacjÄ pliku zawierajÄ
cego gÅĆ³wny urzÄ
d " +"certyfikacji użyty do podpisu certyfikatu użytkownika w formacie PEM. W " +"przypadku nieposiadania takowego, proszÄ pozostawiÄ pole puste. ProszÄ " +"zauważyÄ, że nie można przechowywaÄ RootCA w tym samym pliku co certyfikat " +"X.509 lub klucz publiczny." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "ProszÄ wprowadziÄ dÅugoÅÄ tworzonego klucza RSA:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"ProszÄ wprowadziÄ dÅugoÅÄ tworzonego klucza RSA. Nie powinna byÄ ona " +"mniejsza niż 1024 bity, ponieważ może byÄ wtedy niebezpieczna; nie ma " +"rĆ³wnież potrzeby aby byÅa wiÄksza niż 4096 bity, ponieważ bÄdzie wtedy tylko " +"spowalniaÄ proces uwierzytelnienia, a aktualnie nie ma potrzeby używania tak " +"dÅugich kluczy." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "UtworzyÄ podpisany przez samego siebie certyfikat X.509?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"WyÅÄ
cznie certyfikaty X.509 podpisane przez siebie mogÄ
byÄ tworzone " +"automatycznie, ponieważ w przeciwnym wypadku potrzebny jest urzÄ
d " +"certyfikacji, aby podpisaÄ Å¼Ä
dany certyfikat. W przypadku wybrania opcji " +"utworzenia podpisanego przez siebie samego certyfikatu, można użyÄ go od " +"razu do poÅÄ
czenia z innymi hostami IPsec, ktĆ³re obsÅugujÄ
certyfikat X.509 " +"do uwierzytelniania poÅÄ
czeÅ IPsec. Jednakże, używanie funkcji PKI " +"strongSwan wymaga, aby wszystkie certyfikaty byÅy podpisane przez pojedynczy " +"urzÄ
d certyfikacji, aby utworzyÄ zaufanÄ
ÅcieżkÄ." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"W przypadku niewybrania opcji tworzenia certyfikatu podpisanego przez siebie " +"samego, utworzone zostanÄ
tylko klucz prywatny RSA i żÄ
danie podpisania " +"certyfikatu, ktĆ³re bÄdzie musiaÅo zostaÄ podpisane przez odpowiedni urzÄ
d " +"certyfikacji, już za poÅrednictwem użytkownika." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "Kod kraju do żÄ
dania podpisania certyfikatu X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"ProszÄ wprowadziÄ dwuliterowy kod kraju, w ktĆ³rym poÅożony jest serwer (np. " +"\"PL\" dla Polski)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL odmĆ³wi utworzenia certyfikatu, jeÅli nie jest to wÅaÅciwy kod kraju " +"ISO-3166; pozostawienie pustego pola, przy certyfikacie X.509, jest " +"dozwolone we wszystkich innych przypadkach, poza tym." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Nazwa regionu lub prowincji do żÄ
dania podpisania certyfikatu X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"ProszÄ wprowadziÄ peÅnÄ
nazwÄ regionu lub prowincji w ktĆ³rej poÅożony jest " +"serwer (np. \"Malopolska\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Nazwa lokalizacji do żÄ
dania podpisania certyfikatu X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"ProszÄ wprowadziÄ nazwÄ lokalizacji serwera (z reguÅy miasto, np. \"Krakow" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Nazwa organizacji do żÄ
dania podpisania certyfikatu X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"ProszÄ wprowadziÄ nazwÄ organizacji, do ktĆ³rej należy serwer (np. \"Debian" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Jednostka organizacyjna do żÄ
dania podpisania certyfikatu X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"ProszÄ wprowadziÄ nazwÄ jednostki organizacyjnej do ktĆ³rej należy serwer " +"(np. \"grupa bezpieczeÅstwa\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "" +"Nazwa domeny (ang. Common Name) do żÄ
dania podpisania certyfikatu X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"ProszÄ wprowadziÄ nazwÄ domeny (ang. Common Name) dla tego komputera (np. " +"\"gateway.example.org\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "Adres poczty elektronicznej do żÄ
dania podpisania certyfikatu X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"ProszÄ wprowadziÄ adres poczty elektronicznej osoby lub organizacji " +"odpowiedzialnej za certyfikat X.509." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "WÅÄ
czyÄ szyfrowanie oportunistyczne?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Ta wersja stronSwan obsÅuguje tzw. szyfrowanie oportunistyczne (ang. " +"opportunistic encryption - OE), ktĆ³re przechowuje informacje o " +"uwierzytelnieniu IPSec w rekordach DNS. DopĆ³ki nie zostanie ono szeroko " +"wdrożone, aktywacja tej opcji spowoduje odczuwalne opĆ³Åŗnienie dla każdego " +"nowego poÅÄ
czenia wychodzÄ
cego." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +#, fuzzy +#| msgid "" +#| "You should only enable opportunistic encryption if you are sure you want " +#| "it. It may break the Internet connection (default route) as the pluto " +#| "daemon starts." +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Szyfrowanie oportunistyczne powinno byÄ wÅÄ
czone tylko przez osoby, ktĆ³re go " +"potrzebujÄ
. Może bowiem doprowadziÄ do przerwania poÅÄ
czenia internetowego " +"(domyÅlnej trasy), kiedy tylko uruchomi siÄ demon pluto." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "Demon pluto musi byÄ uruchomiony, aby obsÅużyÄ 1 wersjÄ protokoÅu " +#~ "Internet Key Exchange." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "UruchomiÄ demona IKEv2 strongSwan?" diff --git a/debian/po/pt.po b/debian/po/pt.po new file mode 100644 index 000000000..faf336e14 --- /dev/null +++ b/debian/po/pt.po @@ -0,0 +1,470 @@ +# translation of strongswan debconf to Portuguese +# Copyright (C) 2007 the strongswan's copyright holder +# This file is distributed under the same license as the strongswan package. +# +# LuĆsa LourenƧo <kikentai@gmail.com>, 2007. +# AmĆ©rico Monteiro <a_monteiro@gmx.com>, 2009, 2010, 2013. +msgid "" +msgstr "" +"Project-Id-Version: strongswan 5.1.0-3\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-11-18 00:33+0000\n" +"Last-Translator: AmĆ©rico Monteiro <a_monteiro@gmx.com>\n" +"Language-Team: Portuguese <traduz@debianpt.org>\n" +"Language: pt\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.4\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Antiga gestĆ£o de Runlevels substituĆda." + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"VersƵes anteriores do pacote strongSwan deram uma hipĆ³tese entre trĆŖs NĆveis-" +"Arranque/Paragem diferentes. Devido a alteraƧƵes no procedimento standard de " +"arranque do sistema, isto nĆ£o Ć© mais necessĆ”rio ou Ćŗtil. Para todas as novas " +"instalaĆ§Ć£o assim como para as antigas que correm em qualquer dos modos " +"predefinidos, serĆ£o agora definidos nĆveis sĆ£os predefinidos. Se vocĆŖ estĆ” a " +"actualizar uma versĆ£o anterior e alterou os seus parĆ¢metros de arranque do " +"strongSwan, entĆ£o por favor veja NEWS.Debian para instruƧƵes sobre como " +"modificar a sua configuraĆ§Ć£o apropriadamente." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Reiniciar agora o strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Ć recomendado reiniciar o strongSwan, porque se existir uma correcĆ§Ć£o de " +"seguranƧa, esta nĆ£o serĆ” aplicada atĆ© que o daemon seja reiniciado. A " +"maioria das pessoas espera que o daemon reinicie, portanto isto Ć© geralmente " +"uma boa ideia. No entanto isto poderĆ” fechar ligaƧƵes existentes e depois " +"ligĆ”-las de novo, portanto se vocĆŖ estĆ” a usar algo como um tĆŗnel do " +"strongSwan para ligar a esta actualizaĆ§Ć£o, o reiniciar nĆ£o Ć© recomendado." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "Iniciar o daemon charon do strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"O daemon charon precisa de estar a correr para suportar o protocolo Internet " +"Key Exchange." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Usar um certificado X.509 para esta mĆ”quina?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Pode ser criado automaticamente ou importado um certificado X.509 para esta " +"mĆ”quina. Pode ser usado para autenticar ligaƧƵes IPsec para outras mĆ”quinas " +"e Ć© a maneira preferida de construir ligaƧƵes IPsec seguras. A outra " +"possibilidade seria usar segredos partilhados (palavras-passe que sĆ£o iguais " +"em ambos os lados do tĆŗnel) para autenticar a ligaĆ§Ć£o, mas para um grande " +"nĆŗmero de ligaƧƵes, a autenticaĆ§Ć£o baseada em chaves Ć© mais fĆ”cil de " +"administrar e mais segura." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Alternativamente, vocĆŖ pode rejeitar esta opĆ§Ć£o e mais tarde usar o comando " +"\"dpkg-reconfigure strongswan\" para voltar aqui." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "criar" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "importar" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "MĆ©todos de usar um certificado X.509 para autenticar esta mĆ”quina:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Ć possĆvel criar um novo certificado X.509 com configuraƧƵes definidas pelo " +"utilizador ou importar uma chave pĆŗblica e privada existente em ficheiro(s) " +"PEM para autenticar ligaƧƵes IPsec." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Se escolher criar um novo certificado X.509 ser-lhe-Ć primeiro perguntado um " +"nĆŗmero de questƵes que tĆŖm de ser respondidas antes da criaĆ§Ć£o poder " +"iniciar. Por favor tenha em mente que se deseja que a chave pĆŗblica seja " +"assinada por uma Autoridade de Certificados existente, vocĆŖ nĆ£o deve " +"seleccionar a criaĆ§Ć£o de um certificado auto-assinado e todas as respostas " +"dadas devem corresponder exactamente aos requisitos da AC, caso contrĆ”rio o " +"pedido de certificado pode ser rejeitado." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Se deseja importar uma chave pĆŗblica e privada existente, ser-lhe-Ć pedido " +"os seus nomes de ficheiros (que podem ser idĆŖnticos se ambas as partes " +"estiverem armazenadas juntamente no mesmo ficheiro). Opcionalmente vocĆŖ " +"tambĆ©m pode especificar um nome de ficheiro onde as chave(s) pĆŗblica(s) da " +"Autoridade de Certificados sĆ£o mantidas, mas este ficheiro nĆ£o pode ser o " +"mesmo que os anteriores. Por favor tenha tambĆ©m em mente que o formato dos " +"certificados X.509 tem de ser PEM e que a chave privada nĆ£o pode estar " +"encriptada ou o procedimento de importaĆ§Ć£o irĆ” falhar." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Nome de ficheiro do seu certificado X.509 em formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Por favor insira a localizaĆ§Ć£o do ficheiro que contĆ©m o seu certificado " +"X.509 em formato PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Nome do ficheiro da sua chave privada X.509 em formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Por favor insira a localizaĆ§Ć£o do ficheiro que contĆ©m a chave privada RSA " +"que coincide com o seu certificado X.509 em formato PEM. Este pode ser o " +"mesmo ficheiro que contĆ©m o certificado X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Nome de ficheiro do seu RootCA X.509 em formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Opcionalmente vocĆŖ pode agora indicar a localizaĆ§Ć£o do ficheiro que contĆ©m a " +"raiz da Autoridade de Certificados X.509 usada para assinar o seu " +"certificado em formato PEM. Se vocĆŖ nĆ£o tem um ou nĆ£o o quer usar, por favor " +"deixe o campo vazio. Por favor note que nĆ£o Ć© possĆvel armazenar a RootCA no " +"mesmo ficheiro que o seu certificado X.509 ou chave privada." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Por favor indique o comprimento que a chave RSA criada deve ter:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Por favor indique o comprimento que a chave RSA criada. NĆ£o deve ser menos " +"que 1024 bits porque isto seria considerado inseguro e provavelmente vocĆŖ " +"nĆ£o vai precisar de nada maior que 4096 bits porque apenas atrasa o processo " +"de autenticaĆ§Ć£o e de momento nĆ£o Ć© necessĆ”rio." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Criar um certificado X.509 auto-assinado?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Apenas os certificados X.509 auto-assinados podem ser criados " +"automaticamente, porque caso contrĆ”rio Ć© necessĆ”rio uma Autoridade de " +"Certificados para assinar o pedido de certificado. Se escolher criar um " +"certificado auto-assinado, vocĆŖ pode usĆ”-lo imediatamente para ligar a " +"outras mĆ”quinas IPsec que suportam certificados X.509 para autenticaĆ§Ć£o de " +"ligaƧƵes IPsec. No entanto, usar as funcionalidades PKI do strongSwan requer " +"que todos os certificados seja assinados por uma Ćŗnica Autoridade de " +"Certificados para criar um caminho de confianƧa." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Se escolher nĆ£o criar um certificado auto-assinado, apenas a chave RSA " +"privada e o pedido de certificado serĆ£o criados, e vocĆŖ tem que assinar o " +"pedido de certificado com a sua Autoridade de Certificados." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "CĆ³digo de paĆs para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Por favor indique o cĆ³digo de duas letras para o paĆs onde o servidor reside " +"(algo como \"PT\" para Portugal)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"O OpenSSL irĆ” recusar gerar um certificado a menos que isto seja um cĆ³digo " +"ISO-3166 de paĆs vĆ”lido; um campo vazio Ć© permitido em qualquer parte do " +"certificado X.509, mas nĆ£o aqui." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Estado ou nome da provĆncia para o pedido do certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Por favor insira o nome completo do estado ou provĆncia onde o servidor " +"reside (algo como \"Estremadura Portugal\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Nome da localidade para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Por favor indique a localidade onde o servidor reside (geralmente uma " +"cidade, tal como \"Lisboa\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Nome da organizaĆ§Ć£o para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Por favor indique a organizaĆ§Ć£o a que o servidor pertence (algo como \"Debian" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Unidade organizativa para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Por favor indique a unidade organizacional a que o servidor pertence (algo " +"como \"Departamento de SeguranƧa\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Nome comum para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Por favor indique o Nome Comum para esta mĆ”quina (algo como \"gateway." +"exemplo.org\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "EndereƧo de email para o pedido de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Por favor insira o endereƧo de email da pessoa ou organizaĆ§Ć£o responsĆ”vel " +"pelo certificado X.509." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Activar encriptaĆ§Ć£o oportunista?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Esta versĆ£o do strongSwan suporta encriptaĆ§Ć£o oportunista (OE), a qual " +"guarda informaĆ§Ć£o de autenticaĆ§Ć£o IPSec em registos DNS. AtĆ© que isto esteja " +"amplamente instalado, a sua activaĆ§Ć£o irĆ” causar um atraso significativo em " +"cada nova ligaĆ§Ć£o de saĆda." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"VocĆŖ deverĆ” apenas activar a encriptaĆ§Ć£o oportunista se tiver a certeza que " +"a quer. Pode quebrar a ligaĆ§Ć£o Ć Internet (rota predefinida) assim que o " +"daemon arrancar." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "O daemon pluto precisa de estar a correr para suportar a versĆ£o 1 do " +#~ "protocolo Internet Key Exchange." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "Iniciar o daemon IKEv2 do strongSwan?" diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po new file mode 100644 index 000000000..3adf094a0 --- /dev/null +++ b/debian/po/pt_BR.po @@ -0,0 +1,811 @@ +# Debconf translations for strongswan. +# Copyright (C) 2010 THE strongswan'S COPYRIGHT HOLDER +# This file is distributed under the same license as the strongswan package. +# +# AndrĆ© LuĆs Lopes <andrelop@debian.org>, 2005. +# Adriano Rafael Gomes <adrianorg@arg.eti.br>, 2010, 2013-2014. +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan 5.1.3-4\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2014-06-25 18:13-0300\n" +"Last-Translator: Adriano Rafael Gomes <adrianorg@arg.eti.br>\n" +"Language-Team: Brazilian Portuguese <debian-l10n-portuguese@lists.debian." +"org>\n" +"Language: pt_BR\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Antigo gerenciamento de nĆvel de execuĆ§Ć£o (\"runlevel\") obsoleto" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"VersƵes anteriores do pacote strongSwan permitiam escolher entre trĆŖs " +"diferentes NĆveis de InĆcio/Parada (\"Start/Stop-Levels\"). Devido a " +"mudanƧas no procedimento padrĆ£o de inicializaĆ§Ć£o do sistema, isso nĆ£o Ć© mais " +"necessĆ”rio ou Ćŗtil. Para todas as novas instalaƧƵes, bem como para as " +"antigas instalaƧƵes executando em qualquer dos modos predefinidos, nĆveis " +"padrĆ£o adequados serĆ£o definidos agora. Se vocĆŖ estĆ” atualizando a partir de " +"uma versĆ£o anterior e alterou seus parĆ¢metros de inicializaĆ§Ć£o do " +"strongSwan, entĆ£o, por favor, veja o arquivo NEWS.Debian para instruƧƵes " +"sobre como modificar sua configuraĆ§Ć£o de acordo." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Reiniciar o strongSwan agora?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Reiniciar o strongSwan Ć© recomendado, uma vez que caso exista uma correĆ§Ć£o " +"para uma falha de seguranƧa, a mesma nĆ£o serĆ” aplicada atĆ© que o daemon seja " +"reiniciado. A maioria das pessoas espera que o daemon seja reiniciado, " +"portanto essa Ć© geralmente uma boa idĆ©ia. PorĆ©m, isso pode derrubar conexƵes " +"existentes, e entĆ£o posteriormente trazĆŖ-las de volta, assim se vocĆŖ estĆ” " +"usando um tĆŗnel strongSwan para se conectar para fazer esta atualizaĆ§Ć£o, nĆ£o " +"Ć© recomendado reiniciar." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "Iniciar o daemon \"charon\" do strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"O daemon \"charon\" deve estar em execuĆ§Ć£o para suportar o protocolo " +"Internet Key Exchange." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Usar um certificado X.509 para este host?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Um certificado X.509 para este host pode ser automaticamente criado ou " +"importado. Ele pode ser usado para autenticar conexƵes IPsec para outros " +"hosts e Ć© a maneira preferida para construir conexƵes IPsec seguras. A outra " +"possibilidade seria usar segredos compartilhados (senhas que sĆ£o iguais em " +"ambos os lados do tĆŗnel) para autenticar uma conexĆ£o, mas para um grande " +"nĆŗmero de conexƵes, a autenticaĆ§Ć£o baseada em chaves Ć© mais fĆ”cil de " +"administrar e mais segura." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Alternativamente, vocĆŖ pode rejeitar esta opĆ§Ć£o e mais tarde usar o comando " +"\"dpkg-reconfigure strongswan\" para voltar atrĆ”s." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "criar" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "importar" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "MĆ©todos para usar um certificado X.509 para autenticar este host:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Ć possĆvel criar um novo certificado X.509 com configuraƧƵes definidas pelo " +"usuĆ”rio ou importar um par de chaves pĆŗblica e privada existente armazenado " +"em arquivo(s) PEM para autenticar conexƵes IPsec." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Se vocĆŖ escolher criar um novo certificado X.509, vocĆŖ primeiro serĆ” " +"perguntado sobre uma sĆ©rie de questƵes que devem ser respondidas antes que a " +"criaĆ§Ć£o possa iniciar. Por favor, tenha em mente que se vocĆŖ quer que a " +"chave pĆŗblica seja assinada por uma Autoridade Certificadora existente, vocĆŖ " +"nĆ£o deve selecionar a criaĆ§Ć£o de um certificado auto-assinado, e todas as " +"respostas dadas devem atender exatamente os requisitos da CA, ou a " +"requisiĆ§Ć£o do certificado pode ser rejeitada." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Se vocĆŖ quiser importar um par de chaves pĆŗblica e privada existente, vocĆŖ " +"serĆ” perguntado pelos seus nomes de arquivo (que podem ser idĆŖnticos se " +"ambas as partes estĆ£o armazenadas juntas em um arquivo Ćŗnico). " +"Opcionalmente, vocĆŖ pode tambĆ©m especificar um nome de arquivo onde a(s) " +"chave(s) pĆŗblica(s) da Autoridade Certificadora Ć©(sĆ£o) mantida(s), mas este " +"arquivo nĆ£o pode ser o mesmo que os anteriores. Por favor, tambĆ©m esteja " +"ciente de que os certificados X.509 devem estar no formato PEM, e de que a " +"chave privada nĆ£o deve estar criptografada, ou o procedimento de importaĆ§Ć£o " +"falharĆ”." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Nome de arquivo do seu certificado X.509 no formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Por favor, informe a localizaĆ§Ć£o do arquivo contendo seu certificado X.509 " +"no formato PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Nome de arquivo da sua chave privada X.509 no formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Por favor, informe a localizaĆ§Ć£o do arquivo contendo a chave privada RSA que " +"casa com seu certificado X.509 no formato PEM. Este pode ser o mesmo arquivo " +"que contĆ©m o certificado X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Nome de arquivo da sua RootCA X.509 no formato PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Opcionalmente, vocĆŖ pode informar a localizaĆ§Ć£o do arquivo contendo a " +"Autoridade Certificadora X.509 raiz usada para assinar seu certificado no " +"formato PEM. Se vocĆŖ nĆ£o tem uma, ou nĆ£o quer usĆ”-la, por favor, deixe o " +"campo vazio. Por favor, note que nĆ£o Ć© possĆvel armazenar a RootCA no mesmo " +"arquivo do seu certificado X.509 ou chave privada." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Por favor, informe que tamanho a chave RSA a ser criada deve ter:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Por favor, informe o tamanho da chave RSA a ser criada. A mesma nĆ£o deve ser " +"menor que 1024 bits devido a uma chave de tamanho menor que esse ser " +"considerada insegura. VocĆŖ tambĆ©m nĆ£o precisarĆ” de nada maior que 4096 " +"porque isso somente deixaria o processo de autenticaĆ§Ć£o mais lento e nĆ£o " +"seria necessĆ”rio no momento." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Criar um certificado X.509 auto-assinado?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Somente certificados X.509 auto-assinados podem ser criados automaticamente, " +"devido a uma Autoridade Certificadora ser necessĆ”ria para assinar a " +"requisiĆ§Ć£o de certificado. Caso vocĆŖ queira criar um certificado auto-" +"assinado, vocĆŖ poderĆ” usĆ”-lo imediatamente para conectar a outros hosts " +"IPsec que suportem certificados X.509 para autenticaĆ§Ć£o de conexƵes IPsec. " +"PorĆ©m, usar os novos recursos PKI do strongSwan requer que todos seus " +"certificados sejam assinados por uma Ćŗnica Autoridade Certificadora para " +"criar um caminho de confianƧa." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Caso vocĆŖ nĆ£o queira criar um certificado auto-assinado, somente a chave " +"privada RSA e a requisiĆ§Ć£o de certificado serĆ£o criadas, e vocĆŖ terĆ” que " +"assinar a requisiĆ§Ć£o de certificado junto a sua Autoridade Certificadora." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "CĆ³digo de paĆs para a requisiĆ§Ć£o de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Por favor, informe o cĆ³digo de duas letras do paĆs onde o servidor reside " +"(como \"BR\" para Brasil)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"O OpenSSL se recusarĆ” a gerar um certificado a menos que este valor seja um " +"cĆ³digo de paĆs ISO-3166 vĆ”lido; um valor vazio Ć© permitido em qualquer outro " +"campo do certificado X.509, mas nĆ£o aqui." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Estado ou nome de provĆncia para a requisiĆ§Ć£o de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Por favor, informe o nome completo do estado ou provĆncia em que o servidor " +"reside (como \"SĆ£o Paulo\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Nome da localidade para a requisiĆ§Ć£o de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Por favor, informe a localidade em que o servidor reside (como \"SĆ£o Paulo" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Nome da organizaĆ§Ć£o para a requisiĆ§Ć£o de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Por favor, informe a organizaĆ§Ć£o Ć qual o servidor pertence (como \"Debian" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Unidade organizacional para a requisiĆ§Ć£o de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Por favor, informe a unidade organizacional Ć qual o servidor pertence (como " +"\"grupo de seguranƧa\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Nome Comum para a requisiĆ§Ć£o de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Por favor, informe o Nome Comum (\"Common Name\") para este host (como " +"\"gateway.example.org\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "EndereƧo de e-mail para a requisiĆ§Ć£o de certificado X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Por favor, informe o endereƧo de e-mail da pessoa ou organizaĆ§Ć£o responsĆ”vel " +"pelo certificado X.509." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Habilitar encriptaĆ§Ć£o oportunista?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Esta versĆ£o do strongSwan suporta encriptaĆ§Ć£o oportunista (OE), a qual " +"armazena informaĆ§Ć£o de autenticaĆ§Ć£o IPsec em registros DNS. AtĆ© que isso " +"seja amplamente difundido, ativĆ”-la causarĆ” uma demora significante para " +"cada nova conexĆ£o de saĆda." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"VocĆŖ deve habilitar a encriptaĆ§Ć£o oportunista somente se vocĆŖ tiver certeza " +"de querĆŖ-la. Ela pode quebrar a conexĆ£o Ć Internet (rota padrĆ£o) quando o " +"daemon iniciar." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "O daemon \"pluto\" deve estar em execuĆ§Ć£o para suportar a versĆ£o 1 do " +#~ "protocolo Internet Key Exchange." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "Iniciar o daemon IKEv2 do strongSwan?" + +#, fuzzy +#~ msgid "Do you wish to restart strongSwan?" +#~ msgstr "VocĆŖ deseja reiniciar o Openswan ?" + +#, fuzzy +#~ msgid "Please enter the location of your X509 certificate in PEM format:" +#~ msgstr "" +#~ "Por favor, informe a localizaĆ§Ć£o do arquivo contendo seu certificado X509 " +#~ "no formato PEM." + +#, fuzzy +#~ msgid "Please enter the location of your X509 private key in PEM format:" +#~ msgstr "" +#~ "Por favor, informe a localizaĆ§Ć£o do arquivo contendo seu certificado X509 " +#~ "no formato PEM." + +#, fuzzy +#~ msgid "You may now enter the location of your X509 RootCA in PEM format:" +#~ msgstr "" +#~ "Por favor, informe a localizaĆ§Ć£o do arquivo contendo seu certificado X509 " +#~ "no formato PEM." + +#, fuzzy +#~| msgid "" +#~| "Please enter the 2 letter country code for your country. This code will " +#~| "be placed in the certificate request." +#~ msgid "" +#~ "Please enter the 2 letter country code for your country. This code will " +#~ "be placed in the certificate request." +#~ msgstr "" +#~ "Por favor, informe o cĆ³difo de paĆs de duas letras para seu paĆs. Esse " +#~ "cĆ³digo serĆ” inserido na requisiĆ§Ć£o de certificado." + +#~ msgid "Example: AT" +#~ msgstr "Exemplo: BR" + +#~ msgid "Example: Upper Austria" +#~ msgstr "Exemplo : Sao Paulo" + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization (e.g. company) that the X509 certificate " +#~| "should be created for. This name will be placed in the certificate " +#~| "request." +#~ msgid "" +#~ "Please enter the locality (e.g. city) where you live. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Por favor, informe a organizaĆ§Ć£o (ou seja, a empresa) para a qual este " +#~ "certificado X509 deverĆ” ser criado. Esse nome serĆ” inserido na requisiĆ§Ć£o " +#~ "de certificado." + +#~ msgid "Example: Vienna" +#~ msgstr "Exemplo : Sao Paulo" + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization (e.g. company) that the X509 certificate " +#~| "should be created for. This name will be placed in the certificate " +#~| "request." +#~ msgid "" +#~ "Please enter the organization (e.g. company) that the X509 certificate " +#~ "should be created for. This name will be placed in the certificate " +#~ "request." +#~ msgstr "" +#~ "Por favor, informe a organizaĆ§Ć£o (ou seja, a empresa) para a qual este " +#~ "certificado X509 deverĆ” ser criado. Esse nome serĆ” inserido na requisiĆ§Ć£o " +#~ "de certificado." + +#~ msgid "Example: Debian" +#~ msgstr "Exemplo : Debian" + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization (e.g. company) that the X509 certificate " +#~| "should be created for. This name will be placed in the certificate " +#~| "request." +#~ msgid "" +#~ "Please enter the organizational unit (e.g. section) that the X509 " +#~ "certificate should be created for. This name will be placed in the " +#~ "certificate request." +#~ msgstr "" +#~ "Por favor, informe a organizaĆ§Ć£o (ou seja, a empresa) para a qual este " +#~ "certificado X509 deverĆ” ser criado. Esse nome serĆ” inserido na requisiĆ§Ć£o " +#~ "de certificado." + +#~ msgid "Example: security group" +#~ msgstr "Exemplo : Grupo de SeguranƧa" + +#, fuzzy +#~| msgid "" +#~| "Please enter the organization (e.g. company) that the X509 certificate " +#~| "should be created for. This name will be placed in the certificate " +#~| "request." +#~ msgid "" +#~ "Please enter the common name (e.g. the host name of this machine) for " +#~ "which the X509 certificate should be created for. This name will be " +#~ "placed in the certificate request." +#~ msgstr "" +#~ "Por favor, informe a organizaĆ§Ć£o (ou seja, a empresa) para a qual este " +#~ "certificado X509 deverĆ” ser criado. Esse nome serĆ” inserido na requisiĆ§Ć£o " +#~ "de certificado." + +#~ msgid "Example: gateway.debian.org" +#~ msgstr "Exemplo : gateway.debian.org" + +#, fuzzy +#~ msgid "When to start strongSwan:" +#~ msgstr "VocĆŖ deseja reiniciar o Openswan ?" + +#, fuzzy +#~ msgid "Create an RSA public/private keypair for this host?" +#~ msgstr "" +#~ "VocĆŖ deseja criar um par de chaves RSA pĆŗblica/privada para este host ?" + +#, fuzzy +#~ msgid "" +#~ "If you do not want to create a new public/private keypair, you can choose " +#~ "to use an existing one in the next step." +#~ msgstr "" +#~ "VocĆŖ deseja criar um par de chaves RSA pĆŗblica/privada para este host ?" + +#, fuzzy +#~ msgid "" +#~ "The required information can automatically be extracted from an existing " +#~ "X.509 certificate with a matching RSA private key. Both parts can be in " +#~ "one file, if it is in PEM format. You should choose this option if you " +#~ "have such an existing certificate and key file and want to use it for " +#~ "authenticating IPSec connections." +#~ msgstr "" +#~ "Este instalador pode extrair automaticamente a informaĆ§Ć£o necessĆ”ria de " +#~ "um certificado X509 existente com uma chave RSA privada adequada. Ambas " +#~ "as partes podem estar em um arquivo, caso estejam no formato PEM. VocĆŖ " +#~ "possui um certificado existente e um arquivo de chave e quer usĆ”-los para " +#~ "autenticar conexƵes IPSec ?" + +#, fuzzy +#~| msgid "" +#~| "Please enter the locality (e.g. city) where you live. This name will be " +#~| "placed in the certificate request." +#~ msgid "" +#~ "Please enter the locality name (often a city) that should be used in the " +#~ "certificate request." +#~ msgstr "" +#~ "Por favor, informe a localidade (ou seja, cidade) onde vocĆŖ mora. Esse " +#~ "nome serĆ” inserido na requisiĆ§Ć£o de certificado." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organizational unit (e.g. section) that the X509 " +#~| "certificate should be created for. This name will be placed in the " +#~| "certificate request." +#~ msgid "" +#~ "Please enter the organization name (often a company) that should be used " +#~ "in the certificate request." +#~ msgstr "" +#~ "Por favor, informe a unidade organizacional (ou seja, seĆ§Ć£o ou " +#~ "departamento) para a qual este certificado deverĆ” ser criado. Esse nome " +#~ "serĆ” inserido na requisiĆ§Ć£o de certificado." + +#, fuzzy +#~| msgid "" +#~| "Please enter the organizational unit (e.g. section) that the X509 " +#~| "certificate should be created for. This name will be placed in the " +#~| "certificate request." +#~ msgid "" +#~ "Please enter the organizational unit name (often a department) that " +#~ "should be used in the certificate request." +#~ msgstr "" +#~ "Por favor, informe a unidade organizacional (ou seja, seĆ§Ć£o ou " +#~ "departamento) para a qual este certificado deverĆ” ser criado. Esse nome " +#~ "serĆ” inserido na requisiĆ§Ć£o de certificado." + +#, fuzzy +#~| msgid "" +#~| "Please enter the common name (e.g. the host name of this machine) for " +#~| "which the X509 certificate should be created for. This name will be " +#~| "placed in the certificate request." +#~ msgid "" +#~ "Please enter the common name (such as the host name of this machine) that " +#~ "should be used in the certificate request." +#~ msgstr "" +#~ "Por favor, informe o nome comum (ou seja, o nome do host dessa mĆ”quina) " +#~ "para o qual o certificado X509 deverĆ” ser criado. Esse nome serĆ” inserido " +#~ "na requisiĆ§Ć£o de certificado." + +#~ msgid "earliest, \"after NFS\", \"after PCMCIA\"" +#~ msgstr "o quando antes, \"depois do NFS\", \"depois do PCMCIA\"" + +#, fuzzy +#~ msgid "" +#~ "There are three possibilities when strongSwan can start: before or after " +#~ "the NFS services and after the PCMCIA services. The correct answer " +#~ "depends on your specific setup." +#~ msgstr "" +#~ "Com os nĆveis de inicializaĆ§Ć£o atuais do Debian (quase todos os serviƧos " +#~ "iniciando no nĆvel 20) Ć© impossĆvel para o Openswan sempre iniciar no " +#~ "momento correto. Existem trĆŖs possibilidades para quando iniciar o " +#~ "Openswan : antes ou depois dos serviƧos NFS e depois dos serviƧos PCMCIA. " +#~ "A resposta correta depende se sua configuraĆ§Ć£o especĆfica." + +#, fuzzy +#~ msgid "" +#~ "If you do not have your /usr tree mounted via NFS (either you only mount " +#~ "other, less vital trees via NFS or don't use NFS mounted trees at all) " +#~ "and don't use a PCMCIA network card, then it's best to start strongSwan " +#~ "at the earliest possible time, thus allowing the NFS mounts to be secured " +#~ "by IPSec. In this case (or if you don't understand or care about this " +#~ "issue), answer \"earliest\" to this question (the default)." +#~ msgstr "" +#~ "Caso vocĆŖ nĆ£o possua sua Ć rvore /usr montada via NFS (vocĆŖ somente monta " +#~ "outras Ć rvores nĆ£o vitais via NFS ou nĆ£o usa Ć rvores montadas via NFS) e " +#~ "nĆ£o use um cartĆ£o de rede PCMCIA, a melhor opĆ§Ć£o Ć© iniciar o Openswan o " +#~ "quando antes, permitindo dessa forma que os pontos de montagem NFS " +#~ "estejam protegidos por IPSec. Nesse caso (ou caso vocĆŖ nĆ£o compreenda ou " +#~ "nĆ£o se importe com esse problema), responda \"o quando antes\" para esta " +#~ "pergunta (o que Ć© o padrĆ£o)." + +#, fuzzy +#~ msgid "" +#~ "If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +#~ "card, then you will need to start strongSwan after NFS so that all " +#~ "necessary files are available. In this case, answer \"after NFS\" to this " +#~ "question. Please note that the NFS mount of /usr can not be secured by " +#~ "IPSec in this case." +#~ msgstr "" +#~ "Caso vocĆŖ possua sua Ć rvore /usr montada via NFS e nĆ£o use um cartĆ£o de " +#~ "rede PCMCIA, vocĆŖ precisarĆ” iniciar o Openswan depois do NFS de modo que " +#~ "todos os arquivos necessĆ”rios estejam disponĆveis. Nesse caso, responda " +#~ "\"depois do NFS\" para esta pergunta. Por favor, note que a montagem NFS " +#~ "de /usr nĆ£o poderĆ” ser protegida pelo IPSec nesse caso." + +#~ msgid "" +#~ "If you use a PCMCIA network card for your IPSec connections, then you " +#~ "only have to choose to start it after the PCMCIA services. Answer \"after " +#~ "PCMCIA\" in this case. This is also the correct answer if you want to " +#~ "fetch keys from a locally running DNS server with DNSSec support." +#~ msgstr "" +#~ "Caso vocĆŖ use um cartĆ£o de rede PCMCIA para suas conexƵes IPSec vocĆŖ " +#~ "precisarĆ” somente optar por iniciar o Opensan depois dos serviƧos PCMCIA. " +#~ "Responda \"depois do PCMCIA\" nesse caso. Esta Ć© tambĆ©m a maneira correta " +#~ "de obter chaves de um servidor DNS sendo executado localmente e com " +#~ "suporte a DNSSec." + +#, fuzzy +#~ msgid "Do you wish to support IKEv1?" +#~ msgstr "VocĆŖ deseja reiniciar o Openswan ?" + +#, fuzzy +#~ msgid "Do you wish to support IKEv2?" +#~ msgstr "VocĆŖ deseja reiniciar o Openswan ?" + +#, fuzzy +#~ msgid "" +#~ "strongSwan comes with support for opportunistic encryption (OE), which " +#~ "stores IPSec authentication information (i.e. RSA public keys) in " +#~ "(preferably secure) DNS records. Until this is widely deployed, " +#~ "activating it will cause a significant slow-down for every new, outgoing " +#~ "connection. Since version 2.0, strongSwan upstream comes with OE enabled " +#~ "by default and is thus likely to break your existing connection to the " +#~ "Internet (i.e. your default route) as soon as pluto (the strongSwan " +#~ "keying daemon) is started." +#~ msgstr "" +#~ "O Openswan suporta encriptaĆ§Ć£o oportunĆstica (OE), a qual armazena " +#~ "informaƧƵes de autenticaĆ§Ć£o IPSec (por exemplo, chaves pĆŗblicas RSA) em " +#~ "registros DNS (preferivelmente seguros). AtĆ© que esse suporte esteja " +#~ "largamento sendo utilizado, ativĆ”-lo irĆ” causar uma signficante lentidĆ£o " +#~ "para cada nova conexĆ£o de saĆda. Iniciando a partir da versĆ£o 2.0, o " +#~ "Openswan, da forma como Ć© distribuĆdo pelos desenvolvedores oficiais, Ć© " +#~ "fornecido com o suporte a OE habilitado por padrĆ£o e, portanto, " +#~ "provavelmente irĆ” quebrar suas conexƵes existentes com a Internet (por " +#~ "exemplo, sua rota padrĆ£o) tĆ£o logo o pluto (o daemon de troca de chaves " +#~ "do Openswan) seja iniciado." + +#~ msgid "" +#~ "Please choose whether you want to enable support for OE. If unsure, do " +#~ "not enable it." +#~ msgstr "" +#~ "Por favor, informe se vocĆŖ deseja habilitar o suporte a OE. Em caso de " +#~ "dĆŗvidas, nĆ£o habilite esse suporte." + +#~ msgid "x509, plain" +#~ msgstr "x509, pura" + +#, fuzzy +#~ msgid "The type of RSA keypair to create:" +#~ msgstr "Qual tipo de par de chaves RSA vocĆŖ deseja criar ?" + +#, fuzzy +#~ msgid "" +#~ "It is possible to create a plain RSA public/private keypair for use with " +#~ "strongSwan or to create a X509 certificate file which contains the RSA " +#~ "public key and additionally stores the corresponding private key." +#~ msgstr "" +#~ "Ć possĆvel criar um par de chaves RSA pĆŗblica/privada pura (plain) para " +#~ "uso com o Openswan ou para criar um arquivo de certificado X509 que irĆ” " +#~ "conter a chave RSA pĆŗblica e adicionalmente armazenar a chave privada " +#~ "correspondente." + +#, fuzzy +#~ msgid "" +#~ "If you only want to build up IPSec connections to hosts also running " +#~ "strongSwan, it might be a bit easier using plain RSA keypairs. But if you " +#~ "want to connect to other IPSec implementations, you will need a X509 " +#~ "certificate. It is also possible to create a X509 certificate here and " +#~ "extract the RSA public key in plain format if the other side runs " +#~ "strongSwan without X509 certificate support." +#~ msgstr "" +#~ "Caso vocĆŖ queira somente construir conexƵes IPsec para hosts e tambĆ©m " +#~ "executar o Openswan, pode ser um pouco mais fĆ”cil usar pares de chaves " +#~ "RSA puros (plain). Mas caso vocĆŖ queira se conectar a outras " +#~ "implementaƧƵes IPSec, vocĆŖ precisarĆ” de um certificado X509. Ć tambĆ©m " +#~ "possĆvel criar um certificado X509 aqui e extrair a chave pĆŗblica em " +#~ "formato puro (plain) caso o outro lado execute o Openswan sem suporte a " +#~ "certificados X509." + +#, fuzzy +#~ msgid "" +#~ "Therefore a X509 certificate is recommended since it is more flexible and " +#~ "this installer should be able to hide the complex creation of the X509 " +#~ "certificate and its use in strongSwan anyway." +#~ msgstr "" +#~ "Um certificado X509 Ć© recomendado, uma vez que o mesmo Ć© mais flexĆvel e " +#~ "este instalador Ć© capaz de simplificar a complexa criaĆ§Ć£o do certificado " +#~ "X509 e seu uso com o Openswan." + +#, fuzzy +#~ msgid "Please choose the when to start strongSwan:" +#~ msgstr "VocĆŖ deseja reiniciar o Openswan ?" + +#, fuzzy +#~ msgid "At which level do you wish to start strongSwan ?" +#~ msgstr "Em que nĆvel vocĆŖ deseja iniciar o Openswan ?" + +#~ msgid "2048" +#~ msgstr "2048" diff --git a/debian/po/ru.po b/debian/po/ru.po new file mode 100644 index 000000000..a5eb51724 --- /dev/null +++ b/debian/po/ru.po @@ -0,0 +1,454 @@ +# translation of ru.po to Russian +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the strongswan package. +# +# Yuri Kozlov <yuray@komyakino.ru>, 2009, 2010. +msgid "" +msgstr "" +"Project-Id-Version: strongswan 5.1.0-1\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-10-07 19:08+0400\n" +"Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n" +"Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n" +"Language: ru\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" +"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "ŠŠ°Š¼ŠµŠ½ŠµŠ½Š° ŃŠøŃŃŠµŠ¼Š° ŃŠæŃŠ°Š²Š»ŠµŠ½ŠøŃ ŃŃŠ¾Š²Š½ŃŠ¼Šø Š²ŃŠæŠ¾Š»Š½ŠµŠ½ŠøŃ" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Š ŠæŃŠµŠ“ŃŠ“ŃŃŠøŃ
Š²ŠµŃŃŠøŃŃ
ŠæŠ°ŠŗŠµŃŠ° strongSwan ŠæŃŠµŠ“Š»Š°Š³Š°Š»ŃŃ Š²ŃŠ±Š¾Ń Š¼ŠµŠ¶Š“Ń ŃŃŠµŠ¼Ń " +"ŃŃŠ¾Š²Š½ŃŠ¼Šø Š·Š°ŠæŃŃŠŗŠ°/Š¾ŃŃŠ°Š½Š¾Š²Š°. ŠŠ·-Š·Š° ŠøŠ·Š¼ŠµŠ½ŠµŠ½ŠøŠ¹ ŃŃŠ°Š½Š“Š°ŃŃŠ½Š¾Š¹ ŠæŃŠ¾ŃŠµŠ“ŃŃŃ Š·Š°ŠæŃŃŠŗŠ° Š² " +"ŃŠøŃŃŠµŠ¼Šµ ŃŃŠ¾ Š±Š¾Š»ŃŃŠµ Š½Šµ ŃŃŠµŠ±ŃŠµŃŃŃ Šø Š½ŠµŠ½ŃŠ¶Š½Š¾. Š Š½Š¾Š²ŃŃ
ŃŃŃŠ°Š½Š¾Š²ŠŗŠ°Ń
, Š° ŃŠ°ŠŗŠ¶Šµ Š² " +"ŃŃŠ°ŃŃŃ
, ŃŠ°Š±Š¾ŃŠ°ŃŃŠøŃ
Š½Š° Š»ŃŠ±Š¾Š¼ ŃŃŠ¾Š²Š½Šµ, Š±ŃŠ“ŃŃ Š²ŃŠ±ŃŠ°Š½Ń ŃŠ°Š·ŃŠ¼Š½ŃŠµ ŃŃŠ¾Š²Š½Šø ŠæŠ¾ " +"ŃŠ¼Š¾Š»ŃŠ°Š½ŠøŃ. ŠŃŠ»Šø Š²ŃŠæŠ¾Š»Š½ŃŃŃŃ Š¾Š±Š½Š¾Š²Š»ŠµŠ½ŠøŠµ ŠæŃŠµŠ“ŃŠ“ŃŃŠµŠ¹ Š²ŠµŃŃŠøŠø Šø Š²Ń ŠøŠ·Š¼ŠµŠ½ŃŠ»Šø " +"ŠæŠ°ŃŠ°Š¼ŠµŃŃŃ Š·Š°ŠæŃŃŠŗŠ° strongSwan, ŠæŃŠ¾ŃŠøŃŠ°Š¹ŃŠµ ŠøŠ½ŃŃŃŃŠŗŃŠøŠø ŠøŠ· ŃŠ°Š¹Š»Š° NEWS.Debian Š¾ " +"ŃŠ¾Š¼, ŠŗŠ°Šŗ ŠøŠ·Š¼ŠµŠ½ŠøŃŃ ŃŠ¾Š¾ŃŠ²ŠµŃŃŃŠ²ŃŃŃŃŃ Š½Š°ŃŃŃŠ¾Š¹ŠŗŃ." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "ŠŠµŃŠµŠ·Š°ŠæŃŃŃŠøŃŃ strongSwan ŠæŃŃŠ¼Š¾ ŃŠµŠ¹ŃŠ°Ń?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Š ŠµŠŗŠ¾Š¼ŠµŠ½Š“ŃŠµŃŃŃ ŠæŠµŃŠµŠ·Š°ŠæŃŃŃŠøŃŃ strongSwan, ŃŠ°Šŗ ŠŗŠ°Šŗ ŠæŃŠø Š½Š°Š»ŠøŃŠøŠø ŠøŃŠæŃŠ°Š²Š»ŠµŠ½ŠøŠ¹ " +"Š±ŠµŠ·Š¾ŠæŠ°ŃŠ½Š¾ŃŃŠø Š¾Š½Šø Š½Šµ Š·Š°ŃŠ°Š±Š¾ŃŠ°ŃŃ, ŠæŠ¾ŠŗŠ° ŃŠ»ŃŠ¶Š±Š° Š½Šµ Š±ŃŠ“ŠµŃ ŠæŠµŃŠµŠ·Š°ŠæŃŃŠµŠ½Š°. " +"ŠŠ¾Š»ŃŃŠøŠ½ŃŃŠ²Š¾ Š»ŃŠ“ŠµŠ¹ Š²ŃŃ ŃŠ°Š²Š½Š¾ ŠæŠµŃŠµŠ·Š°ŠæŃŃŠŗŠ°ŃŃ ŃŠ»ŃŠ¶Š±Ń, ŠæŠ¾ŃŃŠ¾Š¼Ń Š¾Š±ŃŃŠ½Š¾ Š»ŃŃŃŠµ ŃŃŠ¾ " +"ŃŠ“ŠµŠ»Š°ŃŃ. ŠŠ“Š½Š°ŠŗŠ¾ ŃŃŠ¾ Š¼Š¾Š¶ŠµŃ ŠæŃŠøŠ²ŠµŃŃŠø Šŗ ŠŗŃŠ°ŃŠŗŠ¾Š²ŃŠµŠ¼ŠµŠ½Š½Š¾Š¼Ń ŃŠ°Š·ŃŃŠ²Ń ŃŃŃŠµŃŃŠ²ŃŃŃŠøŃ
" +"ŃŠ¾ŠµŠ“ŠøŠ½ŠµŠ½ŠøŠ¹, ŠæŠ¾ŃŃŠ¾Š¼Ń ŠµŃŠ»Šø Š²Ń ŃŠµŠ¹ŃŠ°Ń ŠøŃŠæŠ¾Š»ŃŠ·ŃŠµŃŠµ ŃŃŠ½Š½ŠµŠ»Ń strongSwan Š“Š»Ń " +"ŠæŠ¾Š“ŠŗŠ»ŃŃŠµŠ½ŠøŃ ŠæŠµŃŠµŠ·Š°ŠæŃŃŠŗ Š½Šµ ŃŠµŠŗŠ¾Š¼ŠµŠ½Š“ŃŠµŃŃŃ." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "ŠŠ°ŠæŃŃŃŠøŃŃ ŃŠ»ŃŠ¶Š±Ń strongSwan charon?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"ŠŠ»Ń ŠæŠ¾Š“Š“ŠµŃŠ¶ŠŗŠø ŠæŃŠ¾ŃŠ¾ŠŗŠ¾Š»Š° Š¾Š±Š¼ŠµŠ½Š° ŠŗŠ»ŃŃŠ°Š¼Šø ŠŠ½ŃŠµŃŠ½ŠµŃ Š“Š¾Š»Š¶Š½Š° Š±ŃŃŃ Š·Š°ŠæŃŃŠµŠ½Š° ŃŠ»ŃŠ¶Š±Š° " +"charon." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "ŠŃŠæŠ¾Š»ŃŠ·Š¾Š²Š°ŃŃ ŃŃŃŠµŃŃŠ²ŃŃŃŠøŠ¹ ŃŠµŃŃŠøŃŠøŠŗŠ°Ń X.509 Š“Š»Ń ŃŃŠ¾Š³Š¾ ŃŠ·Š»Š°?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Š”ŠµŃŃŠøŃŠøŠŗŠ°Ń X.509 Š“Š»Ń ŃŃŠ¾Š³Š¾ ŃŠ·Š»Š° Š¼Š¾Š¶ŠµŃ Š±ŃŃŃ Š°Š²ŃŠ¾Š¼Š°ŃŠøŃŠµŃŠŗŠø ŃŠ¾Š·Š“Š°Š½ ŠøŠ»Šø " +"ŠøŠ¼ŠæŠ¾ŃŃŠøŃŠ¾Š²Š°Š½. ŠŠ½ Š¼Š¾Š¶ŠµŃ ŠøŃŠæŠ¾Š»ŃŠ·Š¾Š²Š°ŃŃŃŃ Š“Š»Ń Š°ŃŃŠµŠ½ŃŠøŃŠøŠŗŠ°ŃŠøŠø IPSec ŃŠ¾ŠµŠ“ŠøŠ½ŠµŠ½ŠøŠ¹ Ń " +"Š“ŃŃŠ³ŠøŠ¼Šø ŃŠ·Š»Š°Š¼Šø, Šø ŃŃŠ¾ ŃŠ²Š»ŃŠµŃŃŃ ŠæŃŠµŠ“ŠæŠ¾ŃŃŠøŃŠµŠ»ŃŠ½ŃŠ¼ ŃŠæŠ¾ŃŠ¾Š±Š¾Š¼ ŃŠ¾Š·Š“Š°Š½ŠøŃ Š±ŠµŠ·Š¾ŠæŠ°ŃŠ½ŃŃ
" +"ŃŠ¾ŠµŠ“ŠøŠ½ŠµŠ½ŠøŠ¹ IPSec. Š¢Š°ŠŗŠ¶Šµ Š“Š»Ń Š°ŃŃŠµŠ½ŃŠøŃŠøŠŗŠ°ŃŠøŠø ŃŠ¾ŠµŠ“ŠøŠ½ŠµŠ½ŠøŃ Š¼Š¾Š¶Š½Š¾ ŠøŃŠæŠ¾Š»ŃŠ·Š¾Š²Š°ŃŃ " +"Š¾Š±ŃŠøŠµ ŃŠµŠŗŃŠµŃŃ (Š¾Š“ŠøŠ½Š°ŠŗŠ¾Š²ŃŠµ ŠæŠ°ŃŠ¾Š»Šø Š½Š° Š¾Š±Š¾ŠøŃ
ŠŗŠ¾Š½ŃŠ°Ń
ŃŃŠ½Š½ŠµŠ»Ń), Š½Š¾ ŠæŃŠø Š±Š¾Š»ŃŃŠ¾Š¼ " +"ŠŗŠ¾Š»ŠøŃŠµŃŃŠ²Šµ ŃŠ¾ŠµŠ“ŠøŠ½ŠµŠ½ŠøŠ¹ Š°ŃŃŠµŠ½ŃŠøŃŠøŠŗŠ°ŃŠøŃ ŠæŠ¾ ŠŗŠ»ŃŃŠ°Š¼ Š»ŠµŠ³ŃŠµ Š² Š°Š“Š¼ŠøŠ½ŠøŃŃŃŠøŃŠ¾Š²Š°Š½ŠøŠø Šø " +"Š¾Š½Š° Š±Š¾Š»ŠµŠµ Š±ŠµŠ·Š¾ŠæŠ°ŃŠ½Š°." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"ŠŠ»Šø Š¶Šµ Š²Ń Š¼Š¾Š¶ŠµŃŠµ Š¾ŃŠ²ŠµŃŠøŃŃ Š¾ŃŃŠøŃŠ°ŃŠµŠ»ŃŠ½Š¾ Šø ŠæŠ¾Š·Š¶Šµ Š²ŠµŃŠ½ŃŃŃŃŃ Šŗ ŃŃŠ¾Š¼Ń Š²Š¾ŠæŃŠ¾ŃŃ " +"Š·Š°ŠæŃŃŃŠøŠ² ŠŗŠ¾Š¼Š°Š½Š“Ń \"dpkg-reconfigure ostrongswan\"." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "ŃŠ¾Š·Š“Š°ŃŃ" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "ŠøŠ¼ŠæŠ¾ŃŃŠøŃŠ¾Š²Š°ŃŃ" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "ŠŠµŃŠ¾Š“Ń, ŠøŃŠæŠ¾Š»ŃŠ·ŃŃŃŠøŠµ ŃŠµŃŃŠøŃŠøŠŗŠ°Ń X.509 Š“Š»Ń Š°ŃŃŠµŠ½ŃŠøŃŠøŠŗŠ°ŃŠøŠø Š“Š°Š½Š½Š¾Š³Š¾ ŃŠ·Š»Š°:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"ŠŠ¾Š·Š¼Š¾Š¶Š½Š¾ ŃŠ¾Š·Š“Š°ŃŃ Š½Š¾Š²ŃŠ¹ ŃŠµŃŃŠøŃŠøŠŗŠ°Ń X.509, Š·Š°Š“Š°Š½Š½ŃŠ¹ ŠæŠ¾Š»ŃŠ·Š¾Š²Š°ŃŠµŠ»ŠµŠ¼, ŠøŠ»Šø " +"ŠøŠ¼ŠæŠ¾ŃŃŠøŃŠ¾Š²Š°ŃŃ ŃŃŃŠµŃŃŠ²ŃŃŃŠøŠ¹ Š¾ŃŠŗŃŃŃŃŠ¹ Šø Š·Š°ŠŗŃŃŃŃŠ¹ ŠŗŠ»ŃŃŠø ŠøŠ· ŃŠ°Š¹Š»Š°(Š¾Š²) PEM Š“Š»Ń " +"Š°ŃŃŠµŠ½ŃŠøŃŠøŠŗŠ°ŃŠøŠø ŃŠ¾ŠµŠ“ŠøŠ½ŠµŠ½ŠøŠ¹ IPsec." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"ŠŃŠ»Šø Š²Ń Š²ŃŠ±ŠµŃŠµŃŠµ ŃŠ¾Š·Š“Š°Š½ŠøŠµ Š½Š¾Š²Š¾Š³Š¾ ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ° X.509, ŃŠ¾ ŃŠ½Š°ŃŠ°Š»Š° Š²Š°Š¼ Š±ŃŠ“ŠµŃ " +"Š·Š°Š“Š°Š½Š¾ Š½ŠµŃŠŗŠ¾Š»ŃŠŗŠ¾ Š²Š¾ŠæŃŠ¾ŃŠ¾Š², Š½Š° ŠŗŠ¾ŃŠ¾ŃŃŠµ Š½ŃŠ¶Š½Š¾ Š¾ŃŠ²ŠµŃŠøŃŃ Š“Š¾ Š½Š°ŃŠ°Š»Š° ŃŠ¾Š·Š“Š°Š½ŠøŃ. " +"Š£ŃŃŠøŃŠµ, ŃŃŠ¾ ŠµŃŠ»Šø Š²Ń Ń
Š¾ŃŠøŃŠµ ŠæŠ¾Š“ŠæŠøŃŠ°ŃŃ Š¾ŃŠŗŃŃŃŃŠ¹ ŠŗŠ»ŃŃ Š² Š“ŠµŠ¹ŃŃŠ²ŃŃŃŠµŠ¼ ŃŠµŠ½ŃŃŠµ " +"ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠøŠø, ŃŠ¾ Š²Š°Š¼ Š½ŠµŠ½ŃŠ¶Š½Š¾ Š²ŃŠ±ŠøŃŠ°ŃŃ ŃŠ¾Š·Š“Š°Š½ŠøŠµ ŃŠ°Š¼Š¾ŠæŠ¾Š“ŠæŠøŃŠ°Š½Š½Š¾Š³Š¾ ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ°, " +"Šø Š²ŃŠµ Š¾ŃŠ²ŠµŃŃ Š“Š¾Š»Š¶Š½Ń ŃŠ¾ŃŠ½Š¾ ŃŠ“Š¾Š²Š»ŠµŃŠ²Š¾ŃŃŃŃ ŃŃŠµŠ±Š¾Š²Š°Š½ŠøŃŠ¼ Š¦Š”, ŠøŠ½Š°ŃŠµ Š·Š°ŠæŃŠ¾Ń " +"ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ° Š¼Š¾Š¶ŠµŃ Š±ŃŃŃ Š¾ŃŠŗŠ»Š¾Š½ŃŠ½." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"ŠŃŠ»Šø Š²Ń Ń
Š¾ŃŠøŃŠµ ŠøŠ¼ŠæŠ¾ŃŃŠøŃŠ¾Š²Š°ŃŃ ŃŃŃŠµŃŃŠ²ŃŃŃŠøŠ¹ Š¾ŃŠŗŃŃŃŃŠ¹ Šø Š·Š°ŠŗŃŃŃŃŠ¹ ŠŗŠ»ŃŃŠø, ŃŠ¾ Š²Š°Š¼ " +"Š±ŃŠ“ŠµŃ ŠæŃŠµŠ“Š»Š¾Š¶ŠµŠ½Š¾ ŃŠŗŠ°Š·Š°ŃŃ ŠøŠ¼ŠµŠ½Š° ŃŠ°Š¹Š»Š¾Š² Ń Š½ŠøŠ¼Šø (ŠŗŠ¾ŃŠ¾ŃŃŠµ Š¼Š¾Š³ŃŃ Š±ŃŃŃ Š¾Š“ŠøŠ½Š°ŠŗŠ¾Š²Ń, " +"ŠµŃŠ»Šø Š¾Š±Šµ ŃŠ°ŃŃŠø Ń
ŃŠ°Š½ŃŃŃŃ Š² Š¾Š“Š½Š¾Š¼ ŃŠ°Š¹Š»Šµ). Š¢Š°ŠŗŠ¶Šµ Š²Ń Š¼Š¾Š¶ŠµŃŠµ ŃŠŗŠ°Š·Š°ŃŃ ŠøŠ¼Ń ŃŠ°Š¹Š»Š°, " +"Š³Š“Šµ Ń
ŃŠ°Š½ŠøŃŃŃ Š¾ŃŠŗŃŃŃŃŠ¹ ŠŗŠ»ŃŃ(Šø) ŃŠµŠ½ŃŃŠ° ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠøŠø, Š½Š¾ ŃŃŠ¾Ń ŃŠ°Š¹Š» Š½Šµ Š¼Š¾Š¶ŠµŃ " +"ŃŠ¾Š²ŠæŠ°Š“Š°ŃŃ Ń ŠæŃŠµŠ“ŃŠ“ŃŃŠøŠ¼Šø. ŠŠ°Š¼ŠµŃŠøŠ¼, ŃŃŠ¾ ŃŠ¾ŃŠ¼Š°Ń ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ¾Š² X.509 Š“Š¾Š»Š¶ŠµŠ½ Š±ŃŃŃ " +"PEM Šø ŃŃŠ¾ Š·Š°ŠŗŃŃŃŃŠ¹ ŠŗŠ»ŃŃ Š½Šµ Š“Š¾Š»Š¶ŠµŠ½ Š±ŃŃŃ Š·Š°ŃŠøŃŃŠ¾Š²Š°Š½, ŠøŠ½Š°ŃŠµ ŠæŃŠ¾ŃŠµŠ“ŃŃŠ° ŠøŠ¼ŠæŠ¾ŃŃŠ° " +"Š·Š°Š²ŠµŃŃŠøŃŃŃ Š½ŠµŃŠ“Š°ŃŠ½Š¾." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "ŠŠ¼Ń ŃŠ°Š¹Š»Š° ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ° X.509 Š² ŃŠ¾ŃŠ¼Š°ŃŠµ PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"ŠŠ²ŠµŠ“ŠøŃŠµ ŠæŠ¾Š»Š½ŃŠ¹ ŠæŃŃŃ Šŗ ŃŠ°Š¹Š»Ń, ŃŠ¾Š“ŠµŃŠ¶Š°ŃŠµŠ¼Ń Š²Š°Ń ŃŠµŃŃŠøŃŠøŠŗŠ°Ń X.509 Š² ŃŠ¾ŃŠ¼Š°ŃŠµ PEM." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "ŠŠ¼Ń ŃŠ°Š¹Š»Š° ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ° X.509 Š² ŃŠ¾ŃŠ¼Š°ŃŠµ PEM Ń Š·Š°ŠŗŃŃŃŃŠ¼ ŠŗŠ»ŃŃŠ¾Š¼:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"ŠŠ²ŠµŠ“ŠøŃŠµ ŠæŃŃŃ Šŗ ŃŠ°Š¹Š»Ń, ŃŠ¾Š“ŠµŃŠ¶Š°ŃŠµŠ¼Ń Š·Š°ŠŗŃŃŃŃŠ¹ ŠŗŠ»ŃŃ RSA Š“Š»Ń Š²Š°ŃŠµŠ³Š¾ ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ° " +"X.509 Š² ŃŠ¾ŃŠ¼Š°ŃŠµ PEM. ŠŃŠ¾ Š¼Š¾Š¶ŠµŃ Š±ŃŃŃ ŃŠ¾Ń Š¶Šµ ŃŠ°Š¹Š», ŃŃŠ¾ Šø Š“Š»Ń ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ° X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "ŠŠ¼Ń ŃŠ°Š¹Š»Š° ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ° X.509 Š² ŃŠ¾ŃŠ¼Š°ŃŠµ PEM Š“Š»Ń RootCA:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Š¢Š°ŠŗŠ¶Šµ Š²Ń Š¼Š¾Š¶ŠµŃŠµ Š²Š²ŠµŃŃŠø ŃŠ°ŃŠæŠ¾Š»Š¾Š¶ŠµŠ½ŠøŠµ ŃŠ°Š¹Š»Š° Ń ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ¾Š¼ ŠŗŠ¾ŃŠ½ŠµŠ²Š¾Š³Š¾ ŃŠµŠ½ŃŃŠ° " +"ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠøŠø X.509, ŠøŃŠæŠ¾Š»ŃŠ·ŃŠµŠ¼Š¾Š³Š¾ Š“Š»Ń ŠæŠ¾Š“ŠæŠøŃŠø Š²Š°ŃŠµŠ³Š¾ ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ° Š² ŃŠ¾ŃŠ¼Š°ŃŠµ " +"PEM. ŠŃŠ»Šø Ń Š²Š°Ń ŠµŠ³Š¾ Š½ŠµŃ ŠøŠ»Šø Š²Ń Š½Šµ Ń
Š¾ŃŠøŃŠµ ŠµŠ³Š¾ ŠøŃŠæŠ¾Š»ŃŠ·Š¾Š²Š°ŃŃ, ŃŠ¾ Š¾ŃŃŠ°Š²ŃŃŠµ ŠæŠ¾Š»Šµ " +"ŠæŃŃŃŃŠ¼. ŠŠ°Š¼ŠµŃŠøŠ¼, ŃŃŠ¾ Š½ŠµŠ²Š¾Š·Š¼Š¾Š¶Š½Š¾ Ń
ŃŠ°Š½ŠøŃŃ RootCA Š² Š¾Š“Š½Š¾Š¼ ŃŠ°Š¹Š»Šµ Ń Š²Š°ŃŠøŠ¼ " +"Š¾ŃŠŗŃŃŃŃŠ¼ ŠøŠ»Šø Š·Š°ŠŗŃŃŃŃŠ¼ ŠŗŠ»ŃŃŠ¾Š¼ ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ° X.509." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "ŠŠ»ŠøŠ½Š° ŃŠ¾Š·Š“Š°Š²Š°ŠµŠ¼Š¾Š³Š¾ ŠŗŠ»ŃŃŠ° RSA:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"ŠŠ²ŠµŠ“ŠøŃŠµ Š“Š»ŠøŠ½Ń Š½ŠµŠ¾Š±Ń
Š¾Š“ŠøŠ¼ŃŃ Š“Š»ŠøŠ½Ń ŠŗŠ»ŃŃŠ° RSA. ŠŠ½Š° Š“Š¾Š»Š¶Š½Š° Š±ŃŃŃ Š½Šµ Š¼ŠµŠ½ŠµŠµ 1024 " +"Š±ŠøŃ, ŃŠ°Šŗ ŠŗŠ°Šŗ Š¼ŠµŠ½ŃŃŠ°Ń Š½Šµ ŃŃŠøŃŠ°ŠµŃŃŃ Š±ŠµŠ·Š¾ŠæŠ°ŃŠ½Š¾Š¹, Šø Š²Š°Š¼, Š²ŠµŃŠ¾ŃŃŠ½Š¾, Š½Šµ Š½ŃŠ¶Š½Š¾ " +"Š·Š°Š“Š°Š²Š°ŃŃ Š·Š½Š°ŃŠµŠ½ŠøŠµ Š±Š¾Š»ŠµŠµ 4096, ŃŠ°Šŗ ŠŗŠ°Šŗ ŃŃŠ¾ ŃŠ¾Š»ŃŠŗŠ¾ Š·Š°Š¼ŠµŠ“Š»ŠøŃ ŠæŃŠ¾ŃŠµŃŃ " +"Š°ŃŃŠµŠ½ŃŠøŃŠøŠŗŠ°ŃŠøŠø Šø, Š² Š½Š°ŃŃŠ¾ŃŃŠµŠµ Š²ŃŠµŠ¼Ń, Š½Šµ Š¾ŃŠµŠ½Ń ŃŠ°ŃŠøŠ¾Š½Š°Š»ŃŠ½Š¾." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Š”Š¾Š·Š“Š°ŃŃ ŃŠ°Š¼Š¾ŠæŠ¾Š“ŠæŠøŃŠ°Š½Š½ŃŠ¹ ŃŠµŃŃŠøŃŠøŠŗŠ°Ń X.509?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"ŠŃŠ¾ŃŠµŃŃ ŃŃŃŠ°Š½Š¾Š²ŠŗŠø ŃŠ¼ŠµŠµŃ ŃŠ¾Š·Š“Š°Š²Š°ŃŃ Š°Š²ŃŠ¾Š¼Š°ŃŠøŃŠµŃŠŗŠø ŃŠ¾Š»ŃŠŗŠ¾ ŃŠ°Š¼Š¾ŠæŠ¾Š“ŠæŠøŃŠ°Š½Š½ŃŠµ " +"ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŃ X.509, ŃŠ°Šŗ ŠŗŠ°Šŗ ŠøŠ½Š°ŃŠµ ŃŃŠµŠ±ŃŠµŃŃŃ ŃŠ°Š±Š¾ŃŠ° ŃŠµŠ½ŃŃŠ° ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠøŠø Š“Š»Ń " +"ŠæŠ¾Š“ŠæŠøŃŠø Š·Š°ŠæŃŠ¾ŃŠ° ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ°. Š”Š¾Š·Š“Š°Š½Š½ŃŠ¹ ŃŠ°Š¼Š¾ŠæŠ¾Š“ŠæŠøŃŠ°Š½Š½ŃŠ¹ ŃŠµŃŃŠøŃŠøŠŗŠ°Ń ŃŃŠ°Š·Ń " +"Š¼Š¾Š¶Š½Š¾ ŠøŃŠæŠ¾Š»ŃŠ·Š¾Š²Š°ŃŃ Š“Š»Ń ŠæŠ¾Š“ŠŗŠ»ŃŃŠµŠ½ŠøŃ Šŗ Š“ŃŃŠ³ŠøŠ¼ Š¼Š°ŃŠøŠ½Š°Š¼ Ń IPSec, ŠŗŠ¾ŃŠ¾ŃŃŠµ " +"ŠæŠ¾Š“Š“ŠµŃŠ¶ŠøŠ²Š°ŃŃ ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŃ X.509 Š“Š»Ń Š°ŃŃŠµŠ½ŃŠøŃŠøŠŗŠ°ŃŠøŠø ŃŠ¾ŠµŠ“ŠøŠ½ŠµŠ½ŠøŠ¹ IPSec. ŠŠ“Š½Š°ŠŗŠ¾, " +"ŠµŃŠ»Šø Š²Ń Ń
Š¾ŃŠøŃŠµ Š²Š¾ŃŠæŠ¾Š»ŃŠ·Š¾Š²Š°ŃŃŃŃ Š½Š¾Š²ŃŠ¼Šø Š²Š¾Š·Š¼Š¾Š¶Š½Š¾ŃŃŃŠ¼Šø PKI ŠøŠ· strongSwan, ŃŠ¾ " +"Š²ŃŠµ Š²Š°ŃŠø ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŃ X.509 Š“Š¾Š»Š¶Š½Ń Š±ŃŃŃ ŠæŠ¾Š“ŠæŠøŃŠ°Š½Ń ŠµŠ“ŠøŠ½ŃŠ¼ ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠøŠ¾Š½Š½ŃŠ¼ " +"ŃŠµŠ½ŃŃŠ¾Š¼ Š“Š»Ń ŃŠ¾Š·Š“Š°Š½ŠøŃ Š“Š¾Š²ŠµŃŠøŃŠµŠ»ŃŠ½Š¾Š³Š¾ ŠæŃŃŠø." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"ŠŃŠ»Šø Š²Ń Š¾ŃŠ²ŠµŃŠøŃŠµ Š¾ŃŃŠøŃŠ°ŃŠµŠ»ŃŠ½Š¾, ŃŠ¾ Š±ŃŠ“ŠµŃ ŃŠ¾Š·Š“Š°Š½ ŃŠ¾Š»ŃŠŗŠ¾ Š·Š°ŠŗŃŃŃŃŠ¹ ŠŗŠ»ŃŃ RSA, Š° " +"ŃŠ°ŠŗŠ¶Šµ Š·Š°ŠæŃŠ¾Ń Š“Š»Ń ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ°, ŠŗŠ¾ŃŠ¾ŃŃŠ¹ Š²Š°Š¼ Š½ŃŠ¶Š½Š¾ ŠæŠ¾Š“ŠæŠøŃŠ°ŃŃ Š² ŃŠµŠ½ŃŃŠµ " +"ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠøŠø." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "ŠŠ¾Š“ ŃŃŃŠ°Š½Ń Š“Š»Ń Š·Š°ŠæŃŠ¾ŃŠ° ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ° X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"ŠŠ²ŠµŠ“ŠøŃŠµ Š“Š²ŃŃ
Š±ŃŠŗŠ²ŠµŠ½Š½ŃŠ¹ ŠŗŠ¾Š“ ŃŃŃŠ°Š½Ń, Š³Š“Šµ ŃŠ°ŃŠæŠ¾Š»Š¾Š¶ŠµŠ½ ŃŠµŃŠ²ŠµŃ (Š½Š°ŠæŃŠøŠ¼ŠµŃ, \"RU\" Š² " +"Š Š¾ŃŃŠøŠø)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"ŠŠ“ŠµŃŃ Š½ŃŠ¶Š½Š¾ Š²Š²ŠµŃŃŠø ŠæŃŠ°Š²ŠøŠ»ŃŠ½ŃŠ¹ ŠŗŠ¾Š“ ŃŃŃŠ°Š½Ń ŃŠ¾Š³Š»Š°ŃŠ½Š¾ ISO-3166, ŃŠ°Šŗ ŠŗŠ°Šŗ OpenSSL " +"Š¾ŃŠŗŠ°Š¶ŠµŃŃŃ Š³ŠµŠ½ŠµŃŠøŃŠ¾Š²Š°ŃŃ ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŃ Š² ŠæŃŠ¾ŃŠøŠ²Š½Š¾Š¼ ŃŠ»ŃŃŠ°Šµ. ŠŃŃŃŠ¾Šµ Š·Š½Š°ŃŠµŠ½ŠøŠµ " +"ŃŠ°Š·ŃŠµŃŠµŠ½Š¾ Š“Š»Ń Š»ŃŠ±Š¾Š³Š¾ ŠæŠ¾Š»Ń ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ° X.509 ŠŗŃŠ¾Š¼Šµ ŃŃŠ¾Š³Š¾." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "ŠŠ°Š·Š²Š°Š½ŠøŠµ Š¾Š±Š»Š°ŃŃŠø ŠøŠ»Šø Š¾ŠŗŃŃŠ³Š° Š“Š»Ń Š·Š°ŠæŃŠ¾ŃŠ° ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ° X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Š£ŠŗŠ°Š¶ŠøŃŠµ ŠæŠ¾Š»Š½Š¾Šµ Š½Š°Š·Š²Š°Š½ŠøŠµ Š¾Š±Š»Š°ŃŃŠø ŠøŠ»Šø Š¾ŠŗŃŃŠ³Š°, Š² ŠŗŠ¾ŃŠ¾ŃŠ¾Š¼ Š½Š°Ń
Š¾Š“ŠøŃŃŃ ŃŠµŃŠ²ŠµŃ " +"(Š½Š°ŠæŃŠøŠ¼ŠµŃ, \"Moscow region\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "ŠŠ°Š·Š²Š°Š½ŠøŠµ Š¼ŠµŃŃŠ° Š“Š»Ń Š·Š°ŠæŃŠ¾ŃŠ° ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ° X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"Š£ŠŗŠ°Š¶ŠøŃŠµ Š½Š°Š·Š²Š°Š½ŠøŠµ Š¼ŠµŃŃŠ°, Š³Š“Šµ ŃŠ°ŃŠæŠ¾Š»Š°Š³Š°ŠµŃŃŃ ŃŠµŃŠ²ŠµŃ (Š½Š°ŠæŃŠøŠ¼ŠµŃ Š³Š¾ŃŠ¾Š“, \"Sergiev " +"Posad\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "ŠŠ°Š·Š²Š°Š½ŠøŠµ Š¾ŃŠ³Š°Š½ŠøŠ·Š°ŃŠøŠø Š“Š»Ń Š·Š°ŠæŃŠ¾ŃŠ° ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ° X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Š£ŠŗŠ°Š¶ŠøŃŠµ Š½Š°Š·Š²Š°Š½ŠøŠµ Š¾ŃŠ³Š°Š½ŠøŠ·Š°ŃŠøŠø, ŠŗŠ¾ŃŠ¾ŃŠ¾Š¹ ŠæŃŠøŠ½Š°Š“Š»ŠµŠ¶ŠøŃ ŃŠµŃŠ²ŠµŃ (Š½Š°ŠæŃŠøŠ¼ŠµŃ, \"Debian" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "" +"ŠŠ°Š·Š²Š°Š½ŠøŠµ ŃŃŃŃŠŗŃŃŃŠ½Š¾Š¹ ŠµŠ“ŠøŠ½ŠøŃŃ Š¾ŃŠ³Š°Š½ŠøŠ·Š°ŃŠøŠø Š“Š»Ń Š·Š°ŠæŃŠ¾ŃŠ° ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ° X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"ŠŠ°Š·Š²Š°Š½ŠøŠµ ŃŃŃŃŠŗŃŃŃŠ½Š¾Š¹ ŠµŠ“ŠøŠ½ŠøŃŃ Š¾ŃŠ³Š°Š½ŠøŠ·Š°ŃŠøŠø Š“Š»Ń Š·Š°ŠæŃŠ¾ŃŠ° ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ° X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "ŠŠ±ŃŠµŠøŠ·Š²ŠµŃŃŠ½Š¾Šµ Š½Š°Š·Š²Š°Š½ŠøŠµ Š“Š»Ń Š·Š°ŠæŃŠ¾ŃŠ° ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ° X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" +"Š£ŠŗŠ°Š¶ŠøŃŠµ Š¾Š±ŃŠµŠøŠ·Š²ŠµŃŃŠ½Š¾Šµ Š½Š°Š·Š²Š°Š½ŠøŠµ (Š½Š°ŠæŃŠøŠ¼ŠµŃ, ŠøŠ¼Ń Š“Š°Š½Š½Š¾Š³Š¾ ŠŗŠ¾Š¼ŠæŃŃŃŠµŃŠ°), Š½Š°ŠæŃŠøŠ¼ŠµŃ, " +"\"gateway.example.org\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "ŠŠ“ŃŠµŃ ŃŠ»ŠµŠŗŃŃŠ¾Š½Š½Š¾Š¹ ŠæŠ¾ŃŃŃ Š“Š»Ń Š·Š°ŠæŃŠ¾ŃŠ° ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ° X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Š£ŠŗŠ°Š¶ŠøŃŠµ Š°Š“ŃŠµŃ ŃŠ»ŠµŠŗŃŃŠ¾Š½Š½Š¾Š¹ ŠæŠ¾ŃŃŃ (ŃŠµŠ»Š¾Š²ŠµŠŗŠ° ŠøŠ»Šø Š¾ŃŠ³Š°Š½ŠøŠ·Š°ŃŠøŠø) Š“Š»Ń Š²ŠŗŠ»ŃŃŠµŠ½ŠøŃ Š² " +"Š·Š°ŠæŃŠ¾Ń ŃŠµŃŃŠøŃŠøŠŗŠ°ŃŠ°." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "ŠŠŗŠ»ŃŃŠøŃŃ ŠæŠ¾Š“Š“ŠµŃŠ¶ŠŗŃ Š³ŠøŠ±ŠŗŠ¾Š³Š¾ ŃŠøŃŃŠ¾Š²Š°Š½ŠøŃ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"ŠŃŠ° Š²ŠµŃŃŠøŃ strongSwan ŠæŠ¾Š“Š“ŠµŃŠ¶ŠøŠ²Š°ŠµŃ Š³ŠøŠ±ŠŗŠ¾Šµ ŃŠøŃŃŠ¾Š²Š°Š½ŠøŠµ (opportunistic " +"encryption, OE), ŠæŃŠø ŠŗŠ¾ŃŠ¾ŃŠ¾Š¼ ŠøŠ½ŃŠ¾ŃŠ¼Š°ŃŠøŃ Š¾Š± Š°ŃŃŠµŠ½ŃŠøŃŠøŠŗŠ°ŃŠøŠø IPSec Ń
ŃŠ°Š½ŠøŃŃŃ Š² " +"Š·Š°ŠæŠøŃŃŃ
DNS. ŠŠ¾ŠŗŠ° ŃŃŠ¾ ŃŠøŃŠ¾ŠŗŠ¾ Š½Šµ ŃŃŠ°Š½ŠµŃ ŃŠ°ŃŠæŃŠ¾ŃŃŃŠ°Š½ŠµŠ½Š¾, Š“Š°Š½Š½Š°Ń ŠæŠ¾Š“Š“ŠµŃŠ¶ŠŗŠ° " +"ŠæŃŠøŠ²ŠµŠ“ŃŃ Šŗ Š·Š½Š°ŃŠøŃŠµŠ»ŃŠ½Š¾Š¹ Š·Š°Š“ŠµŃŠ¶ŠŗŠµ ŠæŃŠø ŠŗŠ°Š¶Š“Š¾Š¼ Š½Š¾Š²Š¾Š¼ ŠøŃŃ
Š¾Š“ŃŃŠµŠ¼ ŃŠ¾ŠµŠ“ŠøŠ½ŠµŠ½ŠøŠø." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"ŠŠŗŠ»ŃŃŠ°Š¹ŃŠµ Š³ŠøŠ±ŠŗŠ¾Šµ ŃŠøŃŃŠ¾Š²Š°Š½ŠøŠµ, ŠµŃŠ»Šø Š²Š°Š¼ ŃŃŠ¾ Š“ŠµŠ¹ŃŃŠ²ŠøŃŠµŠ»ŃŠ½Š¾ Š½ŃŠ¶Š½Š¾. ŠŃŠ¾ Š¼Š¾Š¶ŠµŃ " +"ŠæŃŠµŃŠ²Š°ŃŃ ŃŠ¾ŠµŠ“ŠøŠ½ŠµŠ½ŠøŠµ Ń ŠøŠ½ŃŠµŃŠ½ŠµŃŠ¾Š¼ (Š¼Š°ŃŃŃŃŃ ŠæŠ¾ ŃŠ¼Š¾Š»ŃŠ°Š½ŠøŃ) ŠæŃŠø Š·Š°ŠæŃŃŠŗŠµ ŃŠ»ŃŠ¶Š±Ń." diff --git a/debian/po/sv.po b/debian/po/sv.po new file mode 100644 index 000000000..14ee84013 --- /dev/null +++ b/debian/po/sv.po @@ -0,0 +1,461 @@ +# Translation of strongswan debconf template to Swedish +# Copyright (C) 2013 Martin Bagge <brother@bsnet.se> +# This file is distributed under the same license as the strongswan package. +# +# Martin Ć
gren <martin.agren@gmail.com>, 2008, 2009, 2010. +# Martin Bagge <brother@bsnet.se>, 2013 +msgid "" +msgstr "" +"Project-Id-Version: strongswan_sv\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-10-07 09:05+0100\n" +"Last-Translator: Martin Bagge / brother <brother@bsnet.se>\n" +"Language-Team: Swedish <debian-l10n-swedish@lists.debian.org>\n" +"Language: Swedish\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 1.5.4\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Gammal kƶrnivĆ„hantering har ersatts" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"Tidigare versioner av paketet strongswan erbjƶd ett val mellan tre olika " +"start-/stoppnivĆ„er. PĆ„ grund av Ƥndringar i systemuppstartproceduren Ƥr " +"detta inte lƤngre nƶdvƤndigt eller anvƤndbart. Fƶr alla nya installationer, " +"sĆ„vƤl som gamla installationer som kƶr i nĆ„got av de fƶrdefinierade lƤgena, " +"kommer rimliga standardvƤrden nu sƤttas. Om du uppgraderar frĆ„n en tidigare " +"version och Ƥndrade dina uppstartsparametrar fƶr strongSwan, bƶr du ta en " +"titt pĆ„ NEWS.Debian fƶr instruktioner om hur du kan Ƥndra din installation " +"pĆ„ motsvarande sƤtt." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Starta om strongSwan nu?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Att starta om strongSwan rekommenderas eftersom en eventuell " +"sƤkerhetsrƤttning inte kommer anvƤndas fƶrrƤn demonen startas om. De flesta " +"fƶrvƤntar att servern startas om, sĆ„ detta Ƥr normalt en bra ide. Detta kan " +"dock stƤnga existerande anslutningar och sedan ta upp dem igen, sĆ„ om du " +"anvƤnder en strongSwan-tunnel fƶr att genomfƶra den hƤr uppdateringen Ƥr en " +"omstart inte rekommenderad." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "Starta strongSwans charon-demon?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Charon-demonen mĆ„ste kƶras fƶr att stƶdja Internet Key Exchange-protokollet." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Vill du anvƤnda ett X.509-certifikat fƶr den hƤr vƤrden?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Ett X.509-certifikat fƶr den hƤr vƤrden kan skapas eller importeras " +"automatiskt. Det kan anvƤndas fƶr att autentisera IPsec-anslutningar till " +"andra vƤrdar och Ƥr det rekommenderade sƤttet fƶr att bygga upp sƤkra IPsec-" +"anslutningar. Den andra mƶjligheten skulle vara att anvƤnda delade " +"sƤkerheter (lƶsenord som Ƥr samma pĆ„ bĆ„da sidor av tunneln) fƶr " +"autentisering av en anslutning, men fƶr ett stƶrre antal anslutningar Ƥr " +"nyckelbaserad autentisering lƤttare att administrera och sƤkrare." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Alternativt kan du avfƤrda det hƤr valet och anvƤnda kommandot \"dpkg-" +"reconfigure strongswan\" fƶr att komma tillbaka vid ett senare tillfƤlle." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "skapa" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "importera" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" +"Metoder fƶr anvƤndning av ett X.509-certifikat fƶr autentisering av den hƤr " +"vƤrden:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"Det Ƥr mƶjligt att skapa ett nytt X.509-certifikat med anvƤndar-definierade " +"instƤllningar eller att importera existerande publika och privata nycklar " +"lagrade i PEM-fil(er) fƶr autentisering av IPsec-anslutningar." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Om du vƤljer att skapa ett nytt X.509-certifikat kommer du fƶrst fĆ„ svara pĆ„ " +"nĆ„gra frĆ„gor innan genereringen kan startas. Kom ihĆ„g att du, om du vill att " +"den publika nyckeln ska signeras av existerande certifikatsutstƤllare (CA), " +"inte ska vƤlja att skapa ett sjƤlvsignerat certifikat och att alla svar " +"precis mĆ„ste motsvara de krav CA:n stƤller. Annars kan certifikatsfƶrfrĆ„gan " +"komma att avslĆ„s." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Om du vill importera existerande publika och privata nycklar kommer du " +"ombeds ange deras filnamn (som kan vara identiska om bĆ„da delarna sparas " +"tillsammans i en fil). Du kan Ƥven ange ett filnamn dƤr CA:n publika nyckel " +"finns, men denna fil kan inte vara samma som de tidigare. Notera ocksĆ„ att " +"formatet fƶr X.509-certifikaten mĆ„ste vara PEM och att den privata nyckeln " +"inte fĆ„r vara krypterad fƶr att den ska kunna importeras." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "Namn pĆ„ filen med ditt X.509-certifikat i PEM-format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"Ange platsen fƶr den fil som innehĆ„ller ditt X.509-certifikat i PEM-format." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "Namn pĆ„ filen med din privata X.509-nyckel i PEM-format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"Ange platsen fƶr den fil som innehĆ„ller den privata RSA-nyckel som matchar " +"ditt X.509-certifikat i PEM-format. Detta kan vara samma fil som innehĆ„ller " +"X.509-certifikatet." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "Namn pĆ„ filen med rot-CA:ns X.509-certifikat i PEM-format:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Du kan nu, om du vill, ange platsen fƶr den fil som innehĆ„ller ett X.509-" +"certifikat fƶr den rot-CA som anvƤnts fƶr att signera ditt certifikat i PEM-" +"format. LƤmna fƤltet tomt om du inte har nĆ„got sĆ„dant certifikat eller om du " +"inte vill anvƤnda det. Observera att det inte Ƥr mƶjligt att lagra rot-CA:n " +"i samma fil som ditt X.509-certifikat eller den privata nyckeln." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "Ange vilken lƤngd den skapade RSA-nyckeln ska ha:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Ange lƤngden pĆ„ den skapade RSA-nyckeln. Den bƶr inte vara kortare Ƥn 1024 " +"bitar eftersom det anses osƤkert. Du behƶver troligtvis inte mer Ƥn 4096 " +"bitar eftersom det gƶr autentiseringen lĆ„ngsammare och anses innebƤra en " +"onƶdigt stor sƤkerhetsmarginal fƶr tillfƤllet." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Vill du skapa ett sjƤlvsignerat X.509-certifikat?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Endast sjƤlvsignerade X.509-certifikat kan skapas automatiskt eftersom det " +"annars krƤvs en CA fƶr att signera certifikatsfƶrfrĆ„gan. Om du vƤljer att " +"skapa ett sjƤlvsignerat certifikat, kan du genast anvƤnda det fƶr att " +"ansluta till andra IPsec-vƤrdar som stƶdjer X.509-certifikat fƶr " +"autentisering av IPsec-anslutningar. AnvƤndning av strongSwans PKI-" +"funktioner krƤver dock att alla certifikat har signerats av en och samma CA " +"fƶr att skapa en tillitskedja." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Om du inte vƤljer att skapa ett sjƤlvsignerat certifikta, kommer endast den " +"privata RSA-nyckeln och certifikatsfƶrfrĆ„gan att skapas. Du mĆ„ste dĆ„fĆ„ " +"certifikatsfƶrfrĆ„n signerad av din certifikatsutstƤllare." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "Landskod fƶr X.509-certifikatsfƶrfrĆ„gan:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Ange den kod om tvĆ„ bokstƤver som identifierar landet som servern stĆ„r i " +"(exempelvis \"SE\" fƶr Sverige)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"OpenSSL kommer vƤgra generera ett certifikat sĆ„vida det hƤr vƤrdet inte Ƥr " +"en giltig landskod enligt ISO-3166; ett tomt fƤlt Ƥr giltigt pĆ„ andra " +"stƤllen i X.509-certifikat, men inte hƤr." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "Region eller lƤn fƶr X.509-certifikatsfƶrfrĆ„gan:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"Ange namnet pĆ„ den region eller den stat som servern stĆ„r i (exempelvis " +"\"SkĆ„ne lƤn\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "Lokaliteten fƶr X.509-certifikatsfƶrfrĆ„gan:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "Ange den lokalitet servern stĆ„r i (ofta en stad, sĆ„som \"Malmƶ\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "Organisationsnamn fƶr X.509-certifikatsfƶrfrĆ„gan:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"Ange namnet pĆ„ den organisation servern tillhƶr (exempelvis \"Debian\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "Organisationsenhet fƶr X.509-certifikatsfƶrfrĆ„gan:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Ange den organisationsenhet servern tillhƶr (exempelvis \"sƤkerhetsgruppen" +"\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "Namn pĆ„ X.509-certifikatsfƶrfrĆ„gan:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "Ange namnet pĆ„ den hƤr vƤrden (exempelvis \"gateway.example.org\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "E-postadress fƶr X.509-certifikatsfƶrfrĆ„gan:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"Ange e-postadressen till den person eller organisation som Ƥr ansvarig fƶr " +"X.509-certifikatet." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Vill du aktivera opportunistisk kryptering?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"Denna version av strongSwan stƶdjer opportunistisk kryptering (OE), som " +"lagrar IPSec-autentiseringsinformation i DNS-registret. Till dess detta " +"anvƤnds i stor utstrƤckning, kommer aktivering av det att orsaka betydande " +"fƶrdrƶjningar fƶr varje ny utgĆ„ende anslutning." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"Du ska bara aktivera opportunistisk kryptering om du Ƥr sƤker pĆ„ att du vill " +"ha det. Det kan bryta internetanslutningen (standardvƤgen) nƤr demonen " +"startas." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "Pluto-demonen mĆ„ste kƶras fƶr att stƶdja version 1 av Internet Key " +#~ "Exchange-protokollet." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "Starta strongSwans IKEv2-demon?" diff --git a/debian/po/templates.pot b/debian/po/templates.pot new file mode 100644 index 000000000..1a7f922ba --- /dev/null +++ b/debian/po/templates.pot @@ -0,0 +1,366 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: strongswan\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" diff --git a/debian/po/tr.po b/debian/po/tr.po new file mode 100644 index 000000000..b9a5b77b8 --- /dev/null +++ b/debian/po/tr.po @@ -0,0 +1,455 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# Atila KOĆ <koc@artielektronik.com.tr>, 2012, 2013. +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2013-10-24 11:17+0200\n" +"Last-Translator: Atila KOĆ <koc@artielektronik.com.tr>\n" +"Language-Team: TĆ¼rkƧe <debian-l10n-turkish@lists.debian.org>\n" +"Language: tr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 1.5.4\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Eski ƧalıÅma dĆ¼zeyi yƶnetimi yerine yenisi geƧti" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"strongSwan paketinin ƶnceki sĆ¼rĆ¼mleri Ć¼Ć§ farklı BaÅlama/Durma-Seviyesi " +"arasında seƧim Åansı tanırdı. Bu, olaÄan sistem baÅlatma yordamındaki " +"deÄiÅiklikler nedeni ile artık gerekli ya da faydalı deÄildir. Åimdi tĆ¼m " +"yeni kurulumlar ve herhangi bir ƶntanımlı kipte ƧalıÅan eskiler iƧin aynı " +"ƶntanımlı seviyeler ayarlanacaktır. EÄer eski bir sĆ¼rĆ¼mĆ¼ yĆ¼kseltiyorsanız ya " +"da strongSwan baÅlatma deÄiÅkenlerinizi deÄiÅtirdiyseniz, kurulumunuzu nasıl " +"uyumlandıracaÄınızı anlamak iƧin NEWS.Debian'a gƶz atınız." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "strongSwan Åimdi yeniden baÅlatılsın mı?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"Yapılan gĆ¼venlik iyileÅtirmesi artalan sĆ¼reci yeniden baÅlatılmadan " +"uygulanamayacaÄından, strongSwan'ı yeniden baÅlatmanız ƶnerilir. ĆoÄu kiÅi " +"artalan sĆ¼recinin tekrar baÅlayacaÄını dĆ¼ÅĆ¼nĆ¼r ve bu genellikle aldatıcıdır. " +"Oysa, yeniden baÅlatma, varolan baÄlantıları koparıp yeniden yapar ki, eÄer " +"bu gĆ¼ncellemeyi bir strongSwan tĆ¼neli baÄlantısını kullanarak yapıyorsanız " +"yeniden baÅlatma ƶnerilmez." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "Start strongSwan's charon daemon?" +msgstr "strongSwan'ın 'charon' artalan sĆ¼reci baÅlatılsın mı?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Internet Anahtar DeÄiÅimi (IKE) protokolĆ¼nĆ¼n desteklenmesi iƧin 'charon' " +"artalan sĆ¼reci ƧalıÅıyor olmalıdır." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "Bu makine iƧin bir X.509 sertifikası kullanılsın mı?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Bu makine iƧin bir X.509 sertifikası kendiliÄinden yaratılabilir ya da iƧe " +"aktarılabilir. Bu sertifika diÄer makinelerle IPsec baÄlantılarını " +"yetkilendirmek iƧin kullanılacaktır ve bu yƶntem gĆ¼venli IPsec baÄlantıları " +"iƧin yeÄlenen seƧenektir. BaÅka bir seƧenek de baÄlantıyı yetkilendirmek " +"iƧin paylaÅılan gizlerin (tĆ¼nelin her iki tarafında da aynı olan parolalar) " +"kullanılmasıdır, fakat ƧoÄu baÄlantılarda anahtar tabanlı yetkilendirme daha " +"kolay yƶnetilir ve daha gĆ¼venlidir." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Dilerseniz bu ƶneriyi geri Ƨevirir ve daha sonra \"dpkg-reconfigure " +"strongswan\" komutu ile yeniden deÄerlendirebilirisiniz." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "yarat" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "iƧe aktar" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "Bu makineyi yetkilendirmek iƧin X.509 sertifika kullanım yƶntemleri:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"IPsec baÄlantılarını yetkilendirmek iƧin kullanıcı tanımlı ayarlar ile yeni " +"bir X.509 sertifikası yaratmak ya da PEM dosyası iƧinde varolan bir anahtarı " +"iƧe aktarmak olasıdır." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"EÄer yeni bir X.509 sertifikası yaratma seƧeneÄini seƧerseniz, sertifika " +"yaratılmadan ƶnce bir takım soruları yanıtlamanız gerekecektir. Unutmayın, " +"eÄer ortak anahtarın varolan bir Sertifika Yetkilisi (CA) tarafından " +"imzalanmasını istiyorsanız, kendiliÄinden imzalı bir sertifika yaratmayı " +"seƧmemeli ve vereceÄiniz tĆ¼m yanıtların Sertifika Yetkilisinin koÅullarını " +"bĆ¼tĆ¼nĆ¼yle karÅıladıÄından emin olmalısınız, tersi durumda sertifika " +"isteÄiniz geri Ƨevirilebilir." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"EÄer varolan bir ƶzel ve genel anahtarı iƧe aktarmak istiyorsanız, onların " +"dosya adlarını girmeniz istenecektir (eÄer anahtarların ikisi de aynı " +"dosyada ise dosya adları da aynı olacaktır). Ä°steÄe baÄlı olarak, Sertifika " +"Yetkilisinin genel anahtarını barındıran dosya adını belirtebilirsiniz, " +"fakat bu dosya ƶncekilerle aynı olamaz. X.509 sertifikalarının biƧiminin PEM " +"ve ƶzel anahtarın ÅifrelenmemiÅ olması gerektiÄini unutmayın yoksa iƧe " +"aktarma sĆ¼reci baÅarısız olacaktır." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "PEM biƧimindeki X.509 sertifikanızın dosya adı:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "" +"PEM biƧimindeki X.509 sertifikanızı barındıran dosyanın yolunu giriniz." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "PEM biƧimindeki X.509 ƶzel anahtarınızın dosya adı:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"X.509 sertifikanıza karÅılık gelen ƶzel RSA anahtarınızı barındıran PEM " +"biƧimindeki dosyanın yolunu giriniz. Bu dosya, X.509 sertifikasını " +"barındıran dosya ile aynı olabilir." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "PEM biƧimindeki X.509 KƶkSY (RootCA) dosya adı:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Åimdi, isteÄe baÄlı olarak, sertifikanızı imzalamak iƧin kullanılan X.509 " +"Sertifika Yetkilisi kƶkĆ¼nĆ¼ barındıran dosyanın yolunu girebilirsiniz. EÄer " +"yoksa ya da kullanmak istemiyorsanız bu alanı boÅ bırakınız. Unutmayın, " +"KƶkSY (RootCA) ile X.509 sertifikanızı ya da ƶzel anahtarınızı aynı dosyada " +"tutamazsınız." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "" +"LĆ¼tfen yaratılacak RSA anahtarının sahip olması gereken uzunluÄu girin:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Yaratılacak RSA anahtar uzunluÄunu giriniz. Anahtar uzunluÄu, yeterince " +"gĆ¼venli olması iƧin, 1024 bit'ten kısa olmamalı; doÄrulama sĆ¼recini " +"yavaÅlatmaması iƧin de 4096 bit'ten fazla olmamalıdır ve zaten Åu anda daha " +"fazlasına da gerek yoktur." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Ćz imzalı bir sertifika yaratılsın mı?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Yalnızca ƶz imzalı X.509 sertifikaları kendiliÄinden yaratılabilir, Ć§Ć¼nkĆ¼ " +"ƶteki durumda sertifika isteÄini imzalaması iƧin bir Sertifika Yetkilisi " +"gereklidir. EÄer ƶz imzalı bir sertifika yaratmayı seƧerseniz, onu hemen " +"X.509 sertifikaları ile yetkilendirmeyi destekleyen diÄer IPsec makineleri " +"ile baÄlanmak iƧin kullanabilirsiniz. Ćte yandan, strongSwan'ın PKI " +"ƶzellikleri, gĆ¼ven yolu oluÅturmak iƧin tĆ¼m sertifikaların aynı Sertifika " +"Yetkilisi tarafından imzalanmıŠolmasını gerektirir." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"EÄer ƶz imzalı bir sertifika yaratmayı seƧmezseniz, yalnızca RSA ƶzel " +"anahtarı ve sertifika isteÄi yaratılacaktır ve sizin bu isteÄi Sertifika " +"Yetkilinize imzalatmanız gerekecektedir." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "X.509 sertifika isteÄi iƧin Ć¼lke kodu:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"Sunucunun bulunduÄu Ć¼lke iƧin iki harfli Ć¼lke kodunu giriniz (TĆ¼rkiye iƧin " +"\"TR\" gibi)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"Bu geƧerli bir ISO-3166 Ć¼lke kodu olmadıÄı sĆ¼rece OpenSSL sertifika Ć¼retmeyi " +"geri Ƨevirecektir; X.509 sertifikasının baÅka bir yerinde boÅ alan kabul " +"edilir ama burada deÄil." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "X.509 sertifika isteÄi iƧin Åehir adı:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "Sunucunun bulunduÄu Åehrin tam adını giriniz (ƶrneÄin \"Ankara\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "X.509 sertifika isteÄi iƧin ilƧe adı:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "Sunucunun bulunduÄu ilƧeyi girin (ƶrneÄin \"Yenimahalle\" gibi):" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "X.509 sertifika isteÄi iƧin ƶrgĆ¼t adı:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "Sunucunuzun baÄlı olduÄu ƶrgĆ¼tĆ¼ giriniz (ƶrneÄin \"Debian\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "X.509 sertifika isteÄi iƧin ƶrgĆ¼tsel birim:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"Sunucunuzun baÄlı olduÄu ƶrgĆ¼tsel birimi giriniz (ƶrneÄin \"Ćeviri Birimi\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "X.509 sertifika isteÄi iƧin Genel Ad:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "Bu makine iƧin Genel Ad giriniz (ƶrneÄin \"gumruk.example.org\")." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "X.509 sertifika isteÄi iƧin e-posta adresi:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"X.509 sertifikasından sorumlu kiÅinin ya da ƶrgĆ¼tĆ¼n e-posta adresini giriniz." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "FırsatƧı Åifrelemeye izin verilsin mi?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"strongSwan'ın bu sĆ¼rĆ¼mĆ¼ IPsec doÄrulama bilgisini DNS kayıtlarında tutan " +"fırsatƧı Åifrelemeyi (OE) desteklemektedir. Kullanımı yaygınlaÅmadan " +"etkinleÅtirilirse her yeni ƧıkıŠbaÄlantısında ciddi gecikmelere neden " +"olacaktır." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"FırsatƧı Åifrelemeyi onu kullanmak istediÄinizden eminseniz " +"etkinleÅtirmelisiniz. Bu, artalan sĆ¼reci baÅladıÄında, Internet baÄlantısını " +"(varsayılan rota) koparabilir." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "Internet Anahtar DeÄiÅimi (IKE) protokolĆ¼ 1. sĆ¼rĆ¼mĆ¼nĆ¼n desteklenmesi iƧin " +#~ "'pluto' artalan sĆ¼reci ƧalıÅıyor olmalıdır." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "strongSwan'ın IKEv2 artalan sĆ¼reci basĢ§latılsın mı?" diff --git a/debian/po/vi.po b/debian/po/vi.po new file mode 100644 index 000000000..41358dbd7 --- /dev/null +++ b/debian/po/vi.po @@ -0,0 +1,462 @@ +# Vietnamese translation for StrongSwan. +# Copyright Ā© 2010 Free Software Foundation, Inc. +# Clytie Siddall <clytie@riverland.net.au>, 2005-2010. +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan 4.4.0-1\n" +"Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" +"POT-Creation-Date: 2013-02-07 13:28+0100\n" +"PO-Revision-Date: 2010-10-03 19:22+1030\n" +"Last-Translator: Clytie Siddall <clytie@riverland.net.au>\n" +"Language-Team: Vietnamese <vi-VN@googlegroups.com>\n" +"Language: vi\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: LocFactoryEditor 1.8\n" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "Old runlevel management superseded" +msgstr "Quįŗ£n lĆ½ cįŗ„p chįŗ”y cÅ© ÄĆ£ ÄĘ°į»£c thay thįŗæ" + +#. Type: note +#. Description +#: ../strongswan-starter.templates:2001 +msgid "" +"Previous versions of the strongSwan package gave a choice between three " +"different Start/Stop-Levels. Due to changes in the standard system startup " +"procedure, this is no longer necessary or useful. For all new installations " +"as well as old ones running in any of the predefined modes, sane default " +"levels will now be set. If you are upgrading from a previous version and " +"changed your strongSwan startup parameters, then please take a look at NEWS." +"Debian for instructions on how to modify your setup accordingly." +msgstr "" +"CĆ”c phiĆŖn bįŗ£n trĘ°į»c cį»§a gĆ³i strongSwan ÄĆ£ cho phĆ©p chį»n trong ba cįŗ„p Chįŗ”y/" +"Dį»«ng. Do thay Äį»i trong thį»§ tį»„c khį»i chįŗ”y tiĆŖu chuįŗ©n, khĆ“ng cĆ²n cĆ³ thį» lĆ m " +"nhĘ° thįŗæ, nĆ³ cÅ©ng khĆ“ng cĆ²n cĆ³ Ćch. Cho mį»i bįŗ£n cĆ i Äįŗ·t mį»i, cÅ©ng nhĘ° bįŗ£n cĆ i " +"Äįŗ·t cÅ© nĆ o Äang chįŗ”y trong mį»t cį»§a nhį»Æng chįŗæ Äį» xĆ”c Äį»nh sįŗµn nĆ y, mį»t cįŗ„p " +"mįŗ·c Äį»nh thĆch hį»£p sįŗÆp ÄĘ°į»£c lįŗp. Nįŗæu bįŗ”n Äang nĆ¢ng cįŗ„p tį»« mį»t phiĆŖn bįŗ£n " +"trĘ°į»c vĆ ÄĆ£ sį»a Äį»i tham sį» khį»i chįŗ”y nĆ o cį»§a strongSwan, hĆ£y xem tįŗp tin " +"tin tį»©c Ā« NEWS.Debian Ā» Äį» tƬm hĘ°į»ng dįŗ«n vį» cĆ”ch sį»a Äį»i thiįŗæt lįŗp cho phĆ¹ " +"hį»£p." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "Restart strongSwan now?" +msgstr "Khį»i chįŗ”y lįŗ”i strongSwan ngay bĆ¢y giį» ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:3001 +msgid "" +"Restarting strongSwan is recommended, since if there is a security fix, it " +"will not be applied until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However, this might take down " +"existing connections and then bring them back up, so if you are using such a " +"strongSwan tunnel to connect for this update, restarting is not recommended." +msgstr "" +"KhuyĆŖn bįŗ”n khį»i chįŗ”y lįŗ”i strongSwan, vƬ sį»± sį»a chį»Æa bįŗ£o mįŗt nĆ o khĆ“ng phįŗ£i " +"ÄĘ°į»£c Ć”p dį»„ng Äįŗæn khi trƬnh nį»n khį»i chįŗ”y. Phįŗ§n lį»n cĆ”c ngĘ°į»i trĆ“ng Äį»£i trƬnh " +"nį»n khį»i chįŗ”y thƬ nĆ³i chung nĆ³ lĆ mį»t Ć½ kiįŗæn tį»t. Tuy nhiĆŖn nĆ³ cĆ³ thį» tįŗÆt " +"rį»i bįŗt lįŗ”i kįŗæt nį»i ÄĆ£ cĆ³, vƬ thįŗæ nįŗæu bįŗ”n Äang sį» dį»„ng (v.d.) mį»t ÄĘ°į»ng hįŗ§m " +"strongSwan Äį» kįŗæt nį»i Äįŗæn bįŗ£n cįŗp nhįŗt nĆ y, khĆ“ng nĆŖn khį»i chįŗ”y lįŗ”i vĆ o lĆŗc " +"nĆ y." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +#, fuzzy +#| msgid "Start strongSwan's IKEv1 daemon?" +msgid "Start strongSwan's charon daemon?" +msgstr "Khį»i chįŗ”y trƬnh nį»n IKEv1 cį»§a strongSwan ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:4001 +#, fuzzy +#| msgid "" +#| "The charon daemon must be running to support version 2 of the Internet " +#| "Key Exchange protocol." +msgid "" +"The charon daemon must be running to support the Internet Key Exchange " +"protocol." +msgstr "" +"Äį»ng thį»i cÅ©ng cįŗ§n phįŗ£i chįŗ”y trƬnh nį»n charon, Äį» hį» trį»£ phiĆŖn bįŗ£n 2 cį»§a " +"giao thį»©c Trao Äį»i KhoĆ” Internet (IKE)." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "Use an X.509 certificate for this host?" +msgstr "DĆ¹ng chį»©ng nhįŗn X.509 cho mĆ”y nĆ y ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"An X.509 certificate for this host can be automatically created or imported. " +"It can be used to authenticate IPsec connections to other hosts and is the " +"preferred way of building up secure IPsec connections. The other possibility " +"would be to use shared secrets (passwords that are the same on both sides of " +"the tunnel) for authenticating a connection, but for a larger number of " +"connections, key based authentication is easier to administer and more " +"secure." +msgstr "" +"Mį»t chį»©ng nhįŗn X.509 cĆ³ thį» ÄĘ°į»£c tį»± Äį»ng tįŗ”o hoįŗ·c nhįŗp cho mĆ”y nĆ y. Chį»©ng " +"nhįŗn nĆ y cĆ³ thį» ÄĘ°į»£c sį» dį»„ng Äį» xĆ”c thį»±c kįŗæt nį»i IPsec Äįŗæn mĆ”y khĆ”c: nĆ³ lĆ " +"phĘ°Ę”ng phĆ”p Ę°a thĆch Äį» xĆ¢y dį»±ng kįŗæt nį»i IPsec bįŗ£o mįŗt. Tuį»³ chį»n khĆ”c lĆ sį» " +"dį»„ng Äiį»u bĆ mįŗt chia sįŗ» (cĆ¹ng mį»t mįŗt khįŗ©u į» hai bĆŖn ÄĘ°į»ng hįŗ§m) Äį» xĆ”c thį»±c " +"kįŗæt nį»i, nhĘ°ng mĆ cho nhiį»u kįŗæt nį»i dį»
hĘ”n quįŗ£n lĆ½ sį»± xĆ”c thį»©c dį»±a vĆ o khoĆ”, " +"vĆ phĘ°Ę”ng phĆ”p nĆ y bįŗ£o mįŗt hĘ”n." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:5001 +msgid "" +"Alternatively you can reject this option and later use the command \"dpkg-" +"reconfigure strongswan\" to come back." +msgstr "" +"Hoįŗ·c bįŗ”n cĆ³ thį» tį»« chį»i tuį»³ chį»n nĆ y, vĆ chįŗ”y cĆ¢u lį»nh Ā« dpkg-reconfigure " +"strongswan Ā» vį» sau Äį» trį» vį» tiįŗæn trƬnh cįŗ„u hƬnh nĆ y." + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "create" +msgstr "tįŗ”o" + +#. Type: select +#. Choices +#: ../strongswan-starter.templates:6001 +msgid "import" +msgstr "nhįŗp" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "Methods for using a X.509 certificate to authenticate this host:" +msgstr "PhĘ°Ę”ng phĆ”p sį» dį»„ng chį»©ng nhįŗn X.509 Äį» xĆ”c thį»±c mĆ”y nĆ y:" + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"It is possible to create a new X.509 certificate with user-defined settings " +"or to import an existing public and private key stored in PEM file(s) for " +"authenticating IPsec connections." +msgstr "" +"CĆ³ thį» tįŗ”o mį»t chį»©ng nhįŗn X.509 mį»i vį»i thiįŗæt lįŗp ÄĘ°į»£c ngĘ°į»i dĆ¹ng xĆ”c Äį»nh, " +"hoįŗ·c cĆ³ thį» nhįŗp mį»t cįŗ·p khoĆ” (cĆ“ng vĆ riĆŖng) ÄĆ£ cĆ³ theo tįŗp tin PEM, Äį» xĆ”c " +"thį»±c kįŗæt nį»i IPsec." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you choose to create a new X.509 certificate you will first be asked a " +"number of questions which must be answered before the creation can start. " +"Please keep in mind that if you want the public key to get signed by an " +"existing Certificate Authority you should not select to create a self-signed " +"certificate and all the answers given must match exactly the requirements of " +"the CA, otherwise the certificate request may be rejected." +msgstr "" +"Nįŗæu bįŗ”n chį»n tįŗ”o mį»t chį»©ng nhįŗn X.509 mį»i thƬ Äįŗ§u tiĆŖn bįŗ”n ÄĘ°į»£c hį»i mį»t sį» " +"cĆ¢u bįŗÆt buį»c phįŗ£i trįŗ£ lį»i trĘ°į»c khi cĆ³ thį» bįŗÆt Äįŗ§u tįŗ”o chį»©ng nhįŗn. Ghi nhį» " +"rįŗ±ng nįŗæu bįŗ”n muį»n cĆ³ khoĆ” cĆ“ng ÄĘ°į»£c kĆ½ bį»i mį»t CA (nhĆ cįŗ§m quyį»n cįŗ„p chį»©ng " +"nhįŗn) ÄĆ£ tį»n tįŗ”i, bįŗ”n khĆ“ng nĆŖn chį»n tįŗ”o mį»t chį»©ng nhįŗn tį»± kĆ½, vĆ tįŗ„t cįŗ£ cĆ”c " +"ÄĆ”p į»©ng bįŗ”n lĆ m phįŗ£i tĘ°Ę”ng į»©ng chĆnh xĆ”c vį»i yĆŖu cįŗ§u cį»§a CA, khĆ“ng thƬ yĆŖu " +"cįŗ§u chį»©ng nhįŗn cĆ³ thį» bį» tį»« chį»i." + +#. Type: select +#. Description +#: ../strongswan-starter.templates:6002 +msgid "" +"If you want to import an existing public and private key you will be " +"prompted for their filenames (which may be identical if both parts are " +"stored together in one file). Optionally you may also specify a filename " +"where the public key(s) of the Certificate Authority are kept, but this file " +"cannot be the same as the former ones. Please also be aware that the format " +"for the X.509 certificates has to be PEM and that the private key must not " +"be encrypted or the import procedure will fail." +msgstr "" +"Nįŗæu bįŗ”n muį»n nhįŗp mį»t cįŗ·p khoĆ” cĆ“ng vĆ riĆŖng ÄĆ£ cĆ³, bįŗ”n sįŗ½ ÄĘ°į»£c nhįŗÆc nhįŗp " +"(cĆ”c) tĆŖn tįŗp tin (mĆ cĆ³ thį» lĆ trĆ¹ng nįŗæu cįŗ£ hai khoĆ” ÄĘ°į»£c giį»Æ trong cĆ¹ng " +"mį»t tįŗp tin). Tuį»³ chį»n bįŗ”n cÅ©ng cĆ³ thį» ghi rƵ mį»t tĆŖn tįŗp tin chį»©a (cĆ”c) " +"khoĆ” cĆ“ng cį»§a CA, nhĘ°ng mĆ tįŗp tin nĆ y phįŗ£i khĆ”c vį»i tįŗp tin nhįŗp trĘ°į»c. " +"CÅ©ng ghi nhį» rįŗ±ng Äį»nh dįŗ”ng cį»§a chį»©ng nhįŗn X.509 phįŗ£i lĆ PEM, vĆ khoĆ” riĆŖng " +"khĆ“ng thį» ÄĘ°į»£c mįŗt mĆ£, khĆ“ng thƬ tiįŗæn trƬnh nhįŗp khĆ“ng thĆ nh cĆ“ng." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "File name of your PEM format X.509 certificate:" +msgstr "TĆŖn tįŗp tin cį»§a chį»©ng nhįŗn X.509 dįŗ”ng PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:7001 +msgid "" +"Please enter the location of the file containing your X.509 certificate in " +"PEM format." +msgstr "HĆ£y nhįŗp vį» trĆ cį»§a tįŗp tin chį»©a chį»©ng nhįŗn X.509 dįŗ”ng PEM cį»§a bįŗ”n." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "File name of your PEM format X.509 private key:" +msgstr "TĆŖn tįŗp tin cį»³a khoĆ” riĆŖng X.509 dįŗ”ng PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:8001 +msgid "" +"Please enter the location of the file containing the private RSA key " +"matching your X.509 certificate in PEM format. This can be the same file " +"that contains the X.509 certificate." +msgstr "" +"HĆ£y nhįŗp vį» trĆ cį»§a tįŗp tin chį»©a khoĆ” RSA riĆŖng tĘ°Ę”ng į»©ng vį»i chį»©ng nhįŗn " +"X.509, cįŗ£ hai theo Äį»nh dįŗ”ng PEM. (ÄĆ¢y cĆ³ thį» lĆ cĆ¹ng mį»t tįŗp tin vį»i tįŗp " +"tin chį»©a chį»©ng nhįŗn X.509.)" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "File name of your PEM format X.509 RootCA:" +msgstr "TĆŖn tįŗp tin cį»§a RootCA X.509 dįŗ”ng PEM:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:9001 +msgid "" +"Optionally you can now enter the location of the file containing the X.509 " +"Certificate Authority root used to sign your certificate in PEM format. If " +"you do not have one or do not want to use it please leave the field empty. " +"Please note that it's not possible to store the RootCA in the same file as " +"your X.509 certificate or private key." +msgstr "" +"Tuį»³ chį»n bįŗ”n bĆ¢y giį» cĆ³ thį» nhįŗp vį» trĆ cį»§a tįŗp tin chį»©a gį»c nhĆ cįŗ§m quyį»n " +"cįŗ„p chį»©ng nhįŗn X.509 ÄĘ°į»£c dĆ¹ng Äį» kĆ½ chį»©ng nhįŗn theo Äį»nh dįŗ”ng PEM cį»§a bįŗ”n. " +"KhĆ“ng cĆ³ hoįŗ·c khĆ“ng muį»n sį» dį»„ng nĆ³ thƬ bį» trį»ng trĘ°į»ng nĆ y. Ghi chĆŗ rįŗ±ng " +"khĆ“ng thį» giį»Æ RootCA trong cĆ¹ng mį»t tįŗp tin vį»i chį»©ng nhįŗn X.509 hoįŗ·c khoĆ” " +"riĆŖng cį»§a bįŗ”n." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "Please enter which length the created RSA key should have:" +msgstr "GƵ chiį»u dĆ i dį»± Äį»nh cį»§a khoĆ” RSA cįŗ§n tįŗ”o :" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 4096 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"HĆ£y nhįŗp chiį»u dĆ i cį»§a khoĆ” RSA cįŗ§n tįŗ”o. Ćt hĘ”n 1024 bit ÄĘ°į»£c thįŗ„y lĆ khĆ“ng " +"an toĆ n, vĆ lį»n hĘ”n 4096 bit chį» lĆ m chįŗm tiįŗæn trƬnh xĆ”c thį»±c vĆ chĘ°a cįŗ§n " +"thiįŗæt." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "Create a self-signed X.509 certificate?" +msgstr "Tįŗ”o mį»t chį»©ng nhįŗn X.509 tį»± kĆ½ ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"Only self-signed X.509 certificates can be created automatically, because " +"otherwise a Certificate Authority is needed to sign the certificate request. " +"If you choose to create a self-signed certificate, you can use it " +"immediately to connect to other IPsec hosts that support X.509 certificate " +"for authentication of IPsec connections. However, using strongSwan's PKI " +"features requires all certificates to be signed by a single Certificate " +"Authority to create a trust path." +msgstr "" +"Chį» chį»©ng nhįŗn X.509 tį»± kĆ½ cĆ³ thį» ÄĘ°į»£c tį»± Äį»ng tįŗ”o, vƬ bįŗ±ng cĆ”ch khĆ”c mį»t CA " +"cįŗ§n thiįŗæt Äį» kĆ½ yĆŖu cįŗ§u chį»©ng nhįŗn. Nįŗæu bįŗ”n chį»n tįŗ”o mį»t chį»©ng nhįŗn tį»± kĆ½, " +"bįŗ”n cĆ³ thį» sį» dį»„ng nĆ³ ngay lįŗp tį»©c Äį» kįŗæt nį»i tį»i mĆ”y IPsec khĆ”c cĆ³ hį» trį»£ " +"chį»©ng nhįŗn X.509 Äį» xĆ”c thį»±c kįŗæt nį»i IPsec. Tuy nhiĆŖn, tĆnh nÄng PKI cį»§a " +"strongSwan yĆŖu cįŗ§u tįŗ„t cįŗ£ cĆ”c chį»©ng nhįŗn ÄĘ°į»£c kĆ½ bį»i cĆ¹ng mį»t CA, Äį» tįŗ”o mį»t " +"ÄĘ°į»ng dįŗ«n tin cįŗy." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:11001 +msgid "" +"If you do not choose to create a self-signed certificate, only the RSA " +"private key and the certificate request will be created, and you will have " +"to sign the certificate request with your Certificate Authority." +msgstr "" +"Nįŗæu bįŗ”n khĆ“ng chį»n tįŗ”o mį»t chį»©ng nhįŗn tį»± kĆ½ thƬ chį» khoĆ” riĆŖng RSA vĆ yĆŖu " +"cįŗ§u chį»©ng nhįŗn sįŗ½ ÄĘ°į»£c tįŗ”o, vĆ bįŗ”n cįŗ§n phįŗ£i kĆ½ yĆŖu cįŗ§u chį»©ng nhįŗn bįŗ±ng CA." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "Country code for the X.509 certificate request:" +msgstr "MĆ£ quį»c gia cho yĆŖu cįŗ§u chį»©ng nhįŗn X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"Please enter the two-letter code for the country the server resides in (such " +"as \"AT\" for Austria)." +msgstr "" +"HĆ£y nhįŗp mĆ£ hai chį»Æ cho quį»c gia chį»©a mĆ”y phį»„c vį»„ (v.d. Ā« VI Ā» cho Viį»t Nam)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:12001 +msgid "" +"OpenSSL will refuse to generate a certificate unless this is a valid " +"ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " +"certificate, but not here." +msgstr "" +"KhĆ“ng cĆ³ mĆ£ quį»c gia ISO-3166 ÄĆŗng thƬ OpenSSL tį»« chį»i tįŗ”o chį»©ng nhįŗn. CĆ³ " +"thį» bį» trį»ng trĘ°į»ng į» mį»t sį» nĘ”i khĆ”c trong chį»©ng nhįŗn X.509 mĆ khĆ“ng phįŗ£i į» " +"ÄĆ¢y." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "State or province name for the X.509 certificate request:" +msgstr "TĆŖn cį»§a bįŗ£ng hay tį»nh cho yĆŖu cįŗ§u chį»©ng nhįŗn X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:13001 +msgid "" +"Please enter the full name of the state or province the server resides in " +"(such as \"Upper Austria\")." +msgstr "" +"HĆ£y nhįŗp tĆŖn Äįŗ§y Äį»§ cį»§a bang hay tį»nh chį»©a mĆ”y phį»„c vį»„ (v.d. Ā« Nghį» An Ā»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "Locality name for the X.509 certificate request:" +msgstr "TĆŖn vĆ¹ng cho yĆŖu cįŗ§u chį»©ng nhįŗn X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:14001 +msgid "" +"Please enter the locality the server resides in (often a city, such as " +"\"Vienna\")." +msgstr "" +"HĆ£y nhįŗp vĆ¹ng chį»©a mĆ”y phį»„c vį»„ (thĘ°į»ng lĆ mį»t thĆ nh phį», v.d. Ā« NhĆ TrįŗÆng Ā»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "Organization name for the X.509 certificate request:" +msgstr "TĆŖn tį» chį»©c cho yĆŖu cįŗ§u chį»©ng nhįŗn X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:15001 +msgid "" +"Please enter the organization the server belongs to (such as \"Debian\")." +msgstr "" +"HĆ£y nhįŗp tį» chį»©c sį» hį»Æu mĆ”y phį»„c vį»„ (v.d. Ā« Debian Ā» hoįŗ·c Ā« Dį»± Ć”n MOST Ā»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "Organizational unit for the X.509 certificate request:" +msgstr "TĆŖn ÄĘ”n vį» tį» chį»©c cho yĆŖu cįŗ§u chį»©ng nhįŗn X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:16001 +msgid "" +"Please enter the organizational unit the server belongs to (such as " +"\"security group\")." +msgstr "" +"HĆ£y nhįŗp tĆŖn ÄĘ”n vį» cį»§a tį» chį»©c sį» hį»Æu mĆ”y phį»„c vį»„ (v.d. Ā« nhĆ³m Äį»a phĘ°Ę”ng " +"hoĆ” Ā»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "Common Name for the X.509 certificate request:" +msgstr "TĆŖn chung cho yĆŖu cįŗ§u chį»©ng nhįŗn X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:17001 +msgid "" +"Please enter the Common Name for this host (such as \"gateway.example.org\")." +msgstr "HĆ£y nhįŗp TĆŖn Chung cho mĆ”y nĆ y (v.d. Ā« cį»ng_ra.vį»_dį»„.org Ā»)." + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "Email address for the X.509 certificate request:" +msgstr "Äį»a chį» thĘ° cho yĆŖu cįŗ§u chį»©ng nhįŗn X.509:" + +#. Type: string +#. Description +#: ../strongswan-starter.templates:18001 +msgid "" +"Please enter the email address of the person or organization responsible for " +"the X.509 certificate." +msgstr "" +"HĆ£y nhįŗp Äį»a chį» thĘ° Äiį»n tį» cį»§a ngĘ°į»i hoįŗ·c tį» chį»©c chį»u trĆ”ch nhiį»m vį» yĆŖu " +"cįŗ§u chį»©ng nhįŗn nĆ y." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "Enable opportunistic encryption?" +msgstr "Bįŗt mįŗt mĆ£ cĘ” hį»i chį»§ nghÄ©a ?" + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +msgid "" +"This version of strongSwan supports opportunistic encryption (OE), which " +"stores IPSec authentication information in DNS records. Until this is widely " +"deployed, activating it will cause a significant delay for every new " +"outgoing connection." +msgstr "" +"PhiĆŖn bįŗ£n strongSwan nĆ y hį» trį»£ mįŗt mĆ£ cĘ” hį»i chį»§ nghÄ©a (OE) mĆ cįŗ„t giį»Æ " +"thĆ“ng tin xĆ”c thį»±c IPSec trong mį»„c ghi DNS. Chį»©c nÄng nĆ y chĘ°a phį» biįŗæn thƬ " +"vįŗ«n cĆ²n lĆ m trį»
mį»i kįŗæt nį»i mį»i gį»i Äi." + +#. Type: boolean +#. Description +#: ../strongswan-starter.templates:19001 +#, fuzzy +#| msgid "" +#| "You should only enable opportunistic encryption if you are sure you want " +#| "it. It may break the Internet connection (default route) as the pluto " +#| "daemon starts." +msgid "" +"You should only enable opportunistic encryption if you are sure you want it. " +"It may break the Internet connection (default route) as the daemon starts." +msgstr "" +"ChĘ°a chįŗÆc thƬ khĆ“ng nĆŖn hiį»u lį»±c chį»©c nÄng mįŗt mĆ£ cĘ” hį»i chį»§ nghÄ©a. NĆ³ cÅ©ng " +"cĆ³ thį» ÄĆ³ng kįŗæt nį»i Internet (ÄĘ°į»ng dįŗ«n mįŗ·c Äį»nh) do trƬnh nį»n pluto khį»i " +"chįŗ”y." + +#~ msgid "" +#~ "The pluto daemon must be running to support version 1 of the Internet Key " +#~ "Exchange protocol." +#~ msgstr "" +#~ "Äį»ng thį»i cÅ©ng cįŗ§n phįŗ£i chįŗ”y trƬnh nį»n pluto, Äį» hį» trį»£ phiĆŖn bįŗ£n 1 cį»§a " +#~ "giao thį»©c Trao Äį»i KhoĆ” Internet (IKE)." + +#~ msgid "Start strongSwan's IKEv2 daemon?" +#~ msgstr "Khį»i chįŗ”y trƬnh nį»n IKEv2 cį»§a strongSwan ?" diff --git a/debian/rules b/debian/rules new file mode 100755 index 000000000..1104a0bf5 --- /dev/null +++ b/debian/rules @@ -0,0 +1,257 @@ +#!/usr/bin/make -f +export DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed -Wl,-O1 +#export DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed -Wl,-O1 -Wl,-z,defs +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \ + --enable-addrblock \ + --enable-agent \ + --enable-ccm \ + --enable-certexpire \ + --enable-cmd \ + --enable-ctr \ + --enable-curl \ + --enable-eap-aka \ + --enable-eap-gtc \ + --enable-eap-identity \ + --enable-eap-md5 \ + --enable-eap-mschapv2 \ + --enable-eap-radius \ + --enable-eap-tls \ + --enable-eap-tnc \ + --enable-eap-ttls \ + --enable-error-notify \ + --enable-gcm \ + --enable-gcrypt \ + --enable-ha \ + --enable-ldap \ + --enable-led \ + --enable-lookip \ + --enable-mediation \ + --enable-openssl \ + --enable-pkcs11 \ + --enable-test-vectors \ + --enable-unity \ + --enable-xauth-eap \ + --enable-xauth-pam \ + --disable-blowfish \ + --disable-des # BSD-Young license + #--with-user=strongswan --with-group=nogroup + # --enable-kernel-pfkey --enable-kernel-klips \ + # And for --enable-eap-sim we would need the library, which we don't + # have right now. + # Don't --enable-cisco-quirks, because some other IPsec implementations + # (most notably the Phion one) have problems connecting when pluto + # sends these Cisco options. + # don't enable medsrv/medcli right now (20160523) since clearsilver FTBFS + #--enable-medsrv --enable-medcli \ + +# get the various DEB_BUILD/DEB_HOST variables +include /usr/share/dpkg/architecture.mk + +# the padlock plugin only makes sense on i386 +# AESNI and RdRand only make sense on i386 and amd64 +ifeq ($(DEB_HOST_ARCH_CPU),i386) + CONFIGUREARGS += --enable-padlock --enable-rdrand --enable-aesni +endif + +ifeq ($(DEB_HOST_ARCH_CPU),amd64) + CONFIGUREARGS += --enable-rdrand --enable-aesni +endif + +ifeq ($(DEB_HOST_ARCH_OS),linux) + # only enable network-manager and capabilities dropping on linux hosts + # some plugins are linux-only too + CONFIGUREARGS += --enable-nm \ + --with-nm-ca-dir=/etc/ssl/certs \ + --with-capabilities=libcap \ + --enable-farp \ + --enable-dhcp \ + --enable-af-alg \ + --enable-connmark \ + --enable-systemd --enable-swanctl +endif + +ifeq ($(DEB_HOST_ARCH_OS),kfreebsd) + # recommended configure line for FreeBSD + # http://wiki.strongswan.org/projects/strongswan/wiki/FreeBSD + CONFIGUREARGS += --disable-kernel-netlink \ + --enable-kernel-pfkey --enable-kernel-pfroute \ + --with-group=wheel +endif + +override_dh_auto_configure: + dh_auto_configure -- $(CONFIGUREARGS) + +override_dh_auto_clean: + dh_auto_clean + # after a make clean, no binaries _should_ be left, but .... + -find $(CURDIR) -name "*.o" | xargs --no-run-if-empty rm + + # Really clean (#356716) + # This is a hack: should be better implemented + rm -f lib/libstrongswan/libstrongswan.a || true + rm -f lib/libstrongswan/liboswlog.a || true + + # just in case something went wrong + rm -f $(CURDIR)/debian/ipsec.secrets + + # and make sure that template are up-to-date + debconf-updatepo + + +override_dh_install-arch: + # remove all .la files + find debian/tmp/usr/lib -name '*.la' -delete + + # first special cases +ifeq ($(DEB_HOST_ARCH_OS),linux) + # handle Linux-only plugins + dh_install -p libstrongswan-standard-plugins usr/lib/ipsec/plugins/libstrongswan-connmark.so + dh_install -p libstrongswan-standard-plugins usr/share/strongswan/templates/config/plugins/connmark.conf + dh_install -p libstrongswan-standard-plugins etc/strongswan.d/charon/connmark.conf + dh_install -p libcharon-extra-plugins usr/lib/ipsec/plugins/libstrongswan-dhcp.so + dh_install -p libcharon-extra-plugins usr/share/strongswan/templates/config/plugins/dhcp.conf + dh_install -p libcharon-extra-plugins etc/strongswan.d/charon/dhcp.conf + + dh_install -p libcharon-extra-plugins usr/lib/ipsec/plugins/libstrongswan-farp.so + dh_install -p libcharon-extra-plugins usr/share/strongswan/templates/config/plugins/farp.conf + dh_install -p libcharon-extra-plugins etc/strongswan.d/charon/farp.conf + + dh_install -p libstrongswan usr/lib/ipsec/plugins/libstrongswan-kernel-netlink.so + dh_install -p libstrongswan usr/share/strongswan/templates/config/plugins/kernel-netlink.conf + dh_install -p libstrongswan etc/strongswan.d/charon/kernel-netlink.conf + + dh_install -p libstrongswan-extra-plugins usr/lib/ipsec/plugins/libstrongswan-af-alg.so + dh_install -p libstrongswan-extra-plugins usr/share/strongswan/templates/config/plugins/af-alg.conf + dh_install -p libstrongswan-extra-plugins etc/strongswan.d/charon/af-alg.conf + # the systemd service file only gets generated on Linux + dh_install -p strongswan-starter lib/systemd/system/strongswan.service +endif + +ifeq ($(DEB_HOST_ARCH_OS),kfreebsd) + # handle FreeBSD-only plugins + dh_install -p libstrongswan usr/lib/ipsec/plugins/libstrongswan-kernel-pfkey.so + dh_install -p libstrongswan usr/share/strongswan/templates/config/plugins/kernel-pfkey.conf + dh_install -p libstrongswan etc/strongswan.d/charon/kernel-pfkey.conf + + dh_install -p libstrongswan usr/lib/ipsec/plugins/libstrongswan-kernel-pfroute.so + dh_install -p libstrongswan usr/share/strongswan/templates/config/plugins/kernel-pfroute.conf + dh_install -p libstrongswan etc/strongswan.d/charon/kernel-pfroute.conf +endif + +ifeq ($(DEB_HOST_ARCH_CPU),i386) + # special handling for padlock, as it is only built on i386 + dh_install -p libstrongswan-extra-plugins usr/lib/ipsec/plugins/libstrongswan-padlock.so + dh_install -p libstrongswan-extra-plugins usr/share/strongswan/templates/config/plugins/padlock.conf + dh_install -p libstrongswan-extra-plugins etc/strongswan.d/charon/padlock.conf + + dh_install -p libstrongswan-extra-plugins usr/lib/ipsec/plugins/libstrongswan-rdrand.so + dh_install -p libstrongswan-extra-plugins usr/share/strongswan/templates/config/plugins/rdrand.conf + dh_install -p libstrongswan-extra-plugins etc/strongswan.d/charon/rdrand.conf + + dh_install -p libstrongswan-standard-plugins usr/lib/ipsec/plugins/libstrongswan-aesni.so + dh_install -p libstrongswan-standard-plugins usr/share/strongswan/templates/config/plugins/aesni.conf + dh_install -p libstrongswan-standard-plugins etc/strongswan.d/charon/aesni.conf +endif + +ifeq ($(DEB_HOST_ARCH_CPU), amd64) + dh_install -p libstrongswan-extra-plugins usr/lib/ipsec/plugins/libstrongswan-rdrand.so + dh_install -p libstrongswan-extra-plugins usr/share/strongswan/templates/config/plugins/rdrand.conf + dh_install -p libstrongswan-extra-plugins etc/strongswan.d/charon/rdrand.conf + + dh_install -p libstrongswan-standard-plugins usr/lib/ipsec/plugins/libstrongswan-aesni.so + dh_install -p libstrongswan-standard-plugins usr/share/strongswan/templates/config/plugins/aesni.conf + dh_install -p libstrongswan-standard-plugins etc/strongswan.d/charon/aesni.conf +endif + + # then install the rest, ignoring the above + dh_install \ + -X\.la -X\.a \ + -Xmedsrv -Xman3 \ + -Xlibstrongswan-connmark.so -X connmark.conf \ + -Xlibstrongswan-kernel- -X kernel- \ + -Xlibstrongswan-dhcp.so -X dhcp.conf \ + -Xlibstrongswan-farp.so -X farp.conf \ + -Xlibstrongswan-padlock.so -X padlock.conf \ + -Xlibstrongswan-rdrand.so -X rdrand.conf \ + -Xlibstrongswan-aesni.so -X aesni.conf \ + -Xlibstrongswan-af-alg.so -X af-alg.conf \ + -Xstrongswan.service + + # AppArmor. + dh_apparmor --profile-name=usr.lib.ipsec.charon -p strongswan-charon + dh_apparmor --profile-name=usr.lib.ipsec.lookip -p libcharon-extra-plugins + dh_apparmor --profile-name=usr.lib.ipsec.stroke -p strongswan-starter + dh_apparmor --profile-name=usr.sbin.swanctl -p strongswan-swanctl + dh_apparmor --profile-name=usr.sbin.charon-systemd -p charon-systemd + + # add additional files not covered by upstream makefile... + install --mode=0600 $(CURDIR)/debian/ipsec.secrets.proto $(CURDIR)/debian/strongswan-starter/etc/ipsec.secrets + # also "patch" ipsec.conf to include the debconf-managed file + echo >> $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf + echo "include /var/lib/strongswan/ipsec.conf.inc" >> $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf + # and to enable both IKEv1 and IKEv2 by default + sed -r 's/^[ \t]+# *charonstart=(yes|no) */\tcharonstart=yes/' < $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf > $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf.tmp + mv $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf.tmp $(CURDIR)/debian/strongswan-starter/etc/ipsec.conf + + # set permissions on ipsec.secrets and private key directories + chmod 600 $(CURDIR)/debian/strongswan-starter/etc/ipsec.secrets + chmod 700 -R $(CURDIR)/debian/strongswan-starter/etc/ipsec.d/private/ + chmod 700 -R $(CURDIR)/debian/strongswan-starter/var/lib/strongswan/ + chmod 700 -R $(CURDIR)/debian/strongswan-swanctl/etc/swanctl/bliss/ + chmod 700 -R $(CURDIR)/debian/strongswan-swanctl/etc/swanctl/ecdsa/ + chmod 700 -R $(CURDIR)/debian/strongswan-swanctl/etc/swanctl/pkcs8/ + chmod 700 -R $(CURDIR)/debian/strongswan-swanctl/etc/swanctl/private/ + chmod 700 -R $(CURDIR)/debian/strongswan-swanctl/etc/swanctl/rsa/ + + # this is handled by update-rc.d + rm -rf $(CURDIR)/debian/strongswan-starter/etc/rc?.d + + # delete var/lock/subsys and var/run to satisfy lintian + rm -rf $(CURDIR)/debian/openswan/var/lock + rm -rf $(CURDIR)/debian/openswan/var/run + + # more lintian cleanups + find $(CURDIR)/debian/*strongswan*/ -name ".cvsignore" | xargs --no-run-if-empty rm -f + find $(CURDIR)/debian/*strongswan*/ -name "/.svn/" | xargs --no-run-if-empty rm -rf + +override_dh_installinit: + dh_installinit -n --name=ipsec + +override_dh_installchangelogs: + dh_installchangelogs NEWS + +override_dh_strip: + dh_strip --dbgsym-migration='strongswan-dbg (<< 5.3.5-2~)' + +override_dh_fixperms: + dh_fixperms \ + -X etc/ipsec.d \ + -X etc/ipsec.secrets \ + -X etc/swanctl/bliss \ + -X etc/swanctl/ecdsa \ + -X etc/swanctl/pkcs8 \ + -X etc/swanctl/private \ + -X etc/swanctl/rsa \ + -X var/lib/strongswan + +override_dh_makeshlibs: + dh_makeshlibs -n -X usr/lib/ipsec/plugins + +override_dh_installlogcheck: + dh_installlogcheck --name strongswan + +override_dh_auto_test: +ifeq ($(DEB_BUILD_ARCH),amd64) + dh_auto_test +endif + +override_dh_missing-arch: + dh_missing --fail-missing + +override_dh_missing-indep: + dh_missing --list-missing + +%: + dh $@ --parallel --with autoreconf,systemd diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 000000000..163aaf8d8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/source/options b/debian/source/options new file mode 100644 index 000000000..9942c61f1 --- /dev/null +++ b/debian/source/options @@ -0,0 +1 @@ +extend-diff-ignore = "(^|/)(config\.sub|config\.guess|Makefile)$" diff --git a/debian/strongswan-charon.install b/debian/strongswan-charon.install new file mode 100644 index 000000000..cd4ca6cac --- /dev/null +++ b/debian/strongswan-charon.install @@ -0,0 +1,6 @@ +usr/lib/ipsec/charon +usr/share/strongswan/templates/config/strongswan.d/charon.conf +usr/share/strongswan/templates/config/strongswan.d/charon-logging.conf +etc/strongswan.d/charon-logging.conf +etc/strongswan.d/charon.conf +debian/usr.lib.ipsec.charon /etc/apparmor.d/ diff --git a/debian/strongswan-libcharon.install b/debian/strongswan-libcharon.install new file mode 100644 index 000000000..15d63eddc --- /dev/null +++ b/debian/strongswan-libcharon.install @@ -0,0 +1,4 @@ +usr/lib/ipsec/libcharon* +usr/lib/ipsec/plugins/libstrongswan-socket-default.so +usr/share/strongswan/templates/config/plugins/socket-default.conf +etc/strongswan.d/charon/socket-default.conf diff --git a/debian/strongswan-nm.install b/debian/strongswan-nm.install new file mode 100644 index 000000000..12665af1f --- /dev/null +++ b/debian/strongswan-nm.install @@ -0,0 +1,2 @@ +usr/lib/ipsec/charon-nm +etc/dbus-1/system.d/nm-strongswan-service.conf diff --git a/debian/strongswan-pki.install b/debian/strongswan-pki.install new file mode 100644 index 000000000..7cccf5241 --- /dev/null +++ b/debian/strongswan-pki.install @@ -0,0 +1,16 @@ +usr/bin/pki +usr/share/man/man1/pki---acert.1 +usr/share/man/man1/pki---dn.1 +usr/share/man/man1/pki---gen.1 +usr/share/man/man1/pki---issue.1 +usr/share/man/man1/pki---keyid.1 +usr/share/man/man1/pki---pkcs7.1 +usr/share/man/man1/pki---print.1 +usr/share/man/man1/pki---pub.1 +usr/share/man/man1/pki---req.1 +usr/share/man/man1/pki---self.1 +usr/share/man/man1/pki---signcrl.1 +usr/share/man/man1/pki---verify.1 +usr/share/man/man1/pki.1 +usr/share/strongswan/templates/config/strongswan.d/pki.conf +etc/strongswan.d/pki.conf diff --git a/debian/strongswan-pki.lintian-overrides b/debian/strongswan-pki.lintian-overrides new file mode 100644 index 000000000..444d88b26 --- /dev/null +++ b/debian/strongswan-pki.lintian-overrides @@ -0,0 +1,4 @@ +# strongswan libraries are installed in /usr/lib/ipsec because they are private +# to the strongSwan project. We still want to split multiple binaries from the +# lib +strongswan-pki: binary-or-shlib-defines-rpath usr/bin/pki /usr/lib/ipsec diff --git a/debian/strongswan-scepclient.install b/debian/strongswan-scepclient.install new file mode 100644 index 000000000..e04bc65d0 --- /dev/null +++ b/debian/strongswan-scepclient.install @@ -0,0 +1,4 @@ +usr/lib/ipsec/scepclient +usr/share/man/man8/scepclient.8 +usr/share/strongswan/templates/config/strongswan.d/scepclient.conf +etc/strongswan.d/scepclient.conf diff --git a/debian/strongswan-starter.config b/debian/strongswan-starter.config new file mode 100644 index 000000000..cb9de0964 --- /dev/null +++ b/debian/strongswan-starter.config @@ -0,0 +1,46 @@ +#!/bin/sh -e + +. /usr/share/debconf/confmodule + +# disable for now, until we can deal with the don't-edit-conffiles situation +#db_input high strongswan/ikev1 || true +#db_input high strongswan/ikev2 || true + +db_input medium strongswan/restart || true + +db_input high strongswan/enable-oe || true + +db_get strongswan/install_x509_certificate +if [ "$RET" = "true" ]; then + db_input high strongswan/how_to_get_x509_certificate || true + db_go || true + + db_get strongswan/how_to_get_x509_certificate + if [ "$RET" = "create" ]; then + # create a new certificate + db_input medium strongswan/rsa_key_length || true + db_input high strongswan/x509_self_signed || true + # we can't allow the country code to be empty - openssl will + # refuse to create a certificate this way + countrycode="" + while [ -z "$countrycode" ]; do + db_input medium strongswan/x509_country_code || true + db_go || true + db_get strongswan/x509_country_code + countrycode="$RET" + done + db_input medium strongswan/x509_state_name || true + db_input medium strongswan/x509_locality_name || true + db_input medium strongswan/x509_organization_name || true + db_input medium strongswan/x509_organizational_unit || true + db_input medium strongswan/x509_common_name || true + db_input medium strongswan/x509_email_address || true + db_go || true + elif [ "$RET" = "import" ]; then + # existing certificate - use it + db_input critical strongswan/existing_x509_certificate_filename || true + db_input critical strongswan/existing_x509_key_filename || true + db_input critical strongswan/existing_x509_rootca_filename || true + db_go || true + fi +fi diff --git a/debian/strongswan-starter.dirs b/debian/strongswan-starter.dirs new file mode 100644 index 000000000..ae7ee9ea8 --- /dev/null +++ b/debian/strongswan-starter.dirs @@ -0,0 +1,9 @@ +/etc +/etc/init.d +/etc/ipsec.d +/etc/ipsec.d/cacerts +/etc/ipsec.d/crls +/etc/ipsec.d/ocspcerts +/etc/ipsec.d/policies +/etc/ipsec.d/private +/var/lib/strongswan diff --git a/debian/strongswan-starter.install b/debian/strongswan-starter.install new file mode 100644 index 000000000..7b02b0a8e --- /dev/null +++ b/debian/strongswan-starter.install @@ -0,0 +1,23 @@ +#starter +usr/lib/ipsec/starter +usr/share/strongswan/templates/config/strongswan.d/starter.conf +etc/strongswan.d/starter.conf +usr/lib/ipsec/_copyright +usr/sbin/ipsec +etc/ipsec.d +etc/ipsec.conf +etc/ipsec.secrets +usr/share/man/man8/ipsec.8 +usr/share/man/man5/ipsec.conf.5 +usr/share/man/man5/ipsec.secrets.5 +#updown +usr/lib/ipsec/plugins/libstrongswan-updown.so +usr/share/strongswan/templates/config/plugins/updown.conf +etc/strongswan.d/charon/updown.conf +usr/lib/ipsec/_updown +#stroke +usr/lib/ipsec/stroke +usr/lib/ipsec/plugins/libstrongswan-stroke.so +usr/share/strongswan/templates/config/plugins/stroke.conf +etc/strongswan.d/charon/stroke.conf +debian/usr.lib.ipsec.stroke /etc/apparmor.d/ diff --git a/debian/strongswan-starter.ipsec.init b/debian/strongswan-starter.ipsec.init new file mode 100644 index 000000000..e90f0e731 --- /dev/null +++ b/debian/strongswan-starter.ipsec.init @@ -0,0 +1,151 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: ipsec +# Required-Start: $network $remote_fs +# Required-Stop: $network $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Strongswan IPsec services +### END INIT INFO + +# Author: Rene Mayrhofer <rene@mayrhofer.eu.org> + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="strongswan IPsec services" +NAME=ipsec +STARTER=/usr/sbin/$NAME +PIDFILE=/var/run/charon.pid +CHARON=/usr/lib/ipsec/charon +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$STARTER" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# Create lock dir +mkdir -p /var/lock/subsys + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + + # test if charon is currently running + if [ -e $CHARON ]; then + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $CHARON --test > /dev/null \ + || return 1 + fi + + $STARTER start || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + # give the proper signal to stop + $STARTER stop || return 2 + + RETVAL=0 + # but kill if that didn't work + if [ -e $PIDFILE ]; then + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + fi + + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + if [ -e $CHARON ]; then + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $CHARON + [ "$?" = 2 ] && return 2 + fi + + # strongswan is known to leave PID files behind when something goes wrong, cleanup here + rm -f $PIDFILE + # and just to make sure they are really really dead at this point... + killall -9 $CHARON 2>/dev/null + + return "$RETVAL" +} + +do_reload() { + $STARTER reload + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + $STARTER status || exit $? + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/debian/strongswan-starter.links b/debian/strongswan-starter.links new file mode 100644 index 000000000..cf397abbe --- /dev/null +++ b/debian/strongswan-starter.links @@ -0,0 +1 @@ +lib/systemd/system/strongswan.service lib/systemd/system/ipsec.service diff --git a/debian/strongswan-starter.lintian-overrides b/debian/strongswan-starter.lintian-overrides new file mode 100644 index 000000000..7c1f5ea8b --- /dev/null +++ b/debian/strongswan-starter.lintian-overrides @@ -0,0 +1,6 @@ +# as here private data is stored we need tighter perms here +strongswan-starter: non-standard-dir-perm etc/ipsec.d/private/ 0700 != 0755 +strongswan-starter: non-standard-file-perm etc/ipsec.secrets 0600 != 0644 +strongswan-starter: non-standard-dir-perm var/lib/strongswan/ 0700 != 0755 +# the full path is used to check the command presence +strongswan-starter: command-with-path-in-maintainer-script postrm:36 /usr/sbin/deluser diff --git a/debian/strongswan-starter.postinst b/debian/strongswan-starter.postinst new file mode 100644 index 000000000..9e4d7b10e --- /dev/null +++ b/debian/strongswan-starter.postinst @@ -0,0 +1,326 @@ +#! /bin/bash +# postinst script for strongswan +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postinst> `configure' <most-recently-configured-version> +# * <old-postinst> `abort-upgrade' <new version> +# * <conflictor's-postinst> `abort-remove' `in-favour' <package> +# <new-version> +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' +# <failed-install-package> <version> `removing' +# <conflicting-package> <version> +# for details, see /usr/share/doc/packaging-manual/ +# +# quoting from the policy: +# Any necessary prompting should almost always be confined to the +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' +# <failed-install-package> <version> `removing' +# <conflicting-package> <version> +# for details, see /usr/share/doc/packaging-manual/ +# +# quoting from the policy: +# Any necessary prompting should almost always be confined to the +# post-installation script, and should be protected with a conditional +# so that unnecessary prompting doesn't happen if a package's +# installation fails and the `postinst' is called with `abort-upgrade', +# `abort-remove' or `abort-deconfigure'. + +CONF_FILE=/var/lib/strongswan/ipsec.conf.inc +SECRETS_FILE=/var/lib/strongswan/ipsec.secrets.inc + +Warn () +{ + echo "$*" >&2 +} + +Error () +{ + Warn "Error: $*" +} + +insert_private_key_filename() { + if ! ( [ -e $SECRETS_INC_FILE ] && egrep -q ": RSA $1" $SECRETS_INC_FILE ); then + echo ": RSA $1" >> $SECRETS_INC_FILE + fi +} + +make_x509_cert() { + if [ $# -ne 12 ]; then + echo "Error in creating X.509 certificate" + exit 1 + fi + + case $5 in + false) + certreq=$4.req + selfsigned="" + ;; + true) + certreq=$4 + selfsigned="-x509" + ;; + *) + echo "Error in creating X.509 certificate" + exit 1 + ;; + esac + + echo -e "$6\n$7\n$8\n$9\n${10}\n${11}\n${12}\n\n\n" | \ + /usr/bin/openssl req -new -outform PEM -out $certreq \ + -newkey rsa:$1 -nodes -keyout $3 -keyform PEM \ + -days $2 $selfsigned >/dev/null +} + +enable_daemon_start() { + daemon=$1 + protocol=$2 + + echo -n "Enabling ${protocol} support by ${daemon}... " + if [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=yes\w*$" $CONF_FILE; then + echo "already enabled" + elif [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE; then + sed "s/${daemon}start=no/${daemon}start=yes/" < $CONF_FILE > $CONF_FILE.tmp + cp $CONF_FILE.tmp $CONF_FILE + rm $CONF_FILE.tmp + echo "done" + elif [ -e $CONF_FILE ] && egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" $CONF_FILE; then + sed "s/^\w+#\w*${daemon}start=(yes|no)\w*$/\t${daemon}start=yes/" < $CONF_FILE > $CONF_FILE.tmp + cp $CONF_FILE.tmp $CONF_FILE + rm $CONF_FILE.tmp + echo "done" + elif [ ! -e $CONF_FILE ]; then + echo -e "\t${daemon}start=yes" > $CONF_FILE + else + echo "ERROR: unknown or nonexistant ${daemon}start= directive, please fix manually!" + fi +} + +disable_daemon_start() { + daemon=$1 + protocol=$2 + + echo -n "Disabling ${protocol} support by ${daemon}... " + if [ -e $CONF_FILE ] && ( egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE || + egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" $CONF_FILE ); then + echo "already disabled" + elif [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=yes\w*$" $CONF_FILE; then + sed "s/${daemon}start=yes/${daemon}start=no/" < $CONF_FILE > $CONF_FILE.tmp + cp $CONF_FILE.tmp $CONF_FILE + rm $CONF_FILE.tmp + echo "done" + elif [ ! -e $CONF_FILE ]; then + echo -e "\t${daemon}start=yes" > $CONF_FILE + else + echo "ERROR: unknown or nonexistant ${daemon}start= directive, please fix manually!" + fi +} + +setup_strongswan_user() { + if ! getent passwd strongswan >/dev/null; then + adduser --quiet --system --no-create-home --home /var/lib/strongswan --shell /usr/sbin/nologin strongswan + fi +} + +. /usr/share/debconf/confmodule + +case "$1" in + configure) + db_get strongswan/install_x509_certificate + if [ "$RET" = "true" ]; then + db_get strongswan/how_to_get_x509_certificate + if [ "$RET" = "create" ]; then + # extract the key from a (newly created) x509 certificate + host=`hostname` + newkeyfile="/etc/ipsec.d/private/${host}Key.pem" + newcertfile="/etc/ipsec.d/certs/${host}Cert.pem" + if [ -e $newcertfile -o -e $newkeyfile ]; then + Error "$newcertfile or $newkeyfile already exists." + Error "Please remove them first an then re-run dpkg-reconfigure to create a new keypair." + else + # create a new certificate + db_get strongswan/rsa_key_length + keylength=$RET + db_get strongswan/x509_self_signed + selfsigned=$RET + db_get strongswan/x509_country_code + countrycode=$RET + if [ -z "$countrycode" ]; then countrycode="."; fi + db_get strongswan/x509_state_name + statename=$RET + if [ -z "$statename" ]; then statename="."; fi + db_get strongswan/x509_locality_name + localityname=$RET + if [ -z "$localityname" ]; then localityname="."; fi + db_get strongswan/x509_organization_name + orgname=$RET + if [ -z "$orgname" ]; then orgname="."; fi + db_get strongswan/x509_organizational_unit + orgunit=$RET + if [ -z "$orgunit" ]; then orgunit="."; fi + db_get strongswan/x509_common_name + commonname=$RET + if [ -z "$commonname" ]; then commonname="."; fi + db_get strongswan/x509_email_address + email=$RET + if [ -z "$email" ]; then email="."; fi + make_x509_cert $keylength 1500 "$newkeyfile" "$newcertfile" "$selfsigned" "$countrycode" "$statename" "$localityname" "$orgname" "$orgunit" "$commonname" "$email" + chmod 0600 "$newkeyfile" + umask 077 + insert_private_key_filename "$newkeyfile" + echo "Successfully created x509 certificate." + fi + elif [ "$RET" = "import" ]; then + # existing certificate - use it + db_get strongswan/existing_x509_certificate_filename + certfile=$RET + db_get strongswan/existing_x509_key_filename + keyfile=$RET + db_get strongswan/existing_x509_rootca_filename + cafile=$RET + + if [ ! "$certfile" ] || [ ! "$keyfile" ]; then + Error "Either the certificate or the key filename is not specified." + elif ! ( ( [ -f "$certfile" ] || [ -L "$certfile" ] ) && ( [ -f "$keyfile" ] || [ -L "$keyfile" ] ) && ( [ "$cafile" = "" ] || ( [ -f "$cafile" ] || [ -L "$cafile" ] ) ) ); then + Error "Either the certificate or the key"${cafile:+ or the rootca}" file is not a regular file or symbolic link." + elif [ ! "`grep 'BEGIN CERTIFICATE' $certfile`" ] || [ ! "`grep 'BEGIN RSA PRIVATE KEY' $keyfile`" ] || ( [ "$cafile" != "" ] && [ ! "`grep 'BEGIN CERTIFICATE' $cafile`" ] ); then + Error "Either the certificate or the key"${cafile:+ or the rootca}" file is not a valid PEM type file." + elif [ "$cafile" ] && ( [ "$certfile" = "$cafile" ] || [ "$keyfile" = "$cafile" ]); then + Error "The certificate or the key file contains the rootca - unable to import automatically." + elif [ "`grep 'BEGIN CERTIFICATE' $certfile | wc -l`" -gt 1 ]; then + Error "The certificate file contains more than one certificate - unable to import automatically." + elif [ "`grep 'ENCRYPTED' $keyfile`" ]; then + Error "The key file contains an encrypted key - unable to import automatically." + else + newcertfile="/etc/ipsec.d/certs/$(basename "$certfile")" + newkeyfile="/etc/ipsec.d/private/$(basename "$keyfile")" + if [ "$cafile" ]; then + newcafile="/etc/ipsec.d/private/$(basename "$cafile")" + else + newcafile="" + fi + + if [ -e "$newcertfile" ] || [ -e "$newkeyfile" ] || ( [ "$newcafile" != "" ] && [ -e "$newcafile" ] ); then + Error "$newcertfile or $newkeyfile"${newcafile:+ or $newcafile}" already exists." + Error "Please remove them first and then re-run dpkg-reconfigure to extract an existing keypair"${newcafile:+ and a rootca}"." + else + openssl x509 -in $certfile -out $newcertfile 2>/dev/null + umask 077 + openssl rsa -passin pass:"" -in $keyfile -out $newkeyfile 2>/dev/null + chmod 0600 "$newkeyfile" + insert_private_key_filename "$newkeyfile" + cp "$cafile" /etc/ipsec.d/cacerts + echo "Successfully integrated existing x509 certificate." + fi + fi + fi + db_set strongswan/install_x509_certificate false + fi + + # lets see if we are already using dependency based booting or the correct runlevel parameters + if ! ( [ "`find /etc/init.d/ -name '.depend.*'`" ] || [ "$runlevels" = "0K841K842S163S164S165S166K84" ] ); then + db_fset strongswan/runlevel_changes seen false + db_input high strongswan/runlevel_changes || true + db_go + + # if the admin did not change the runlevels which got installed by older packages we can modify them + if [ "$runlevels" = "0K346K34SS41" ] || [ "$runlevels" = "0K301K302S153S154S155S156K30" ] || [ "$runlevels" = "0K191K192S213S214S215S216K19" ]; then + update-rc.d -f ipsec remove + fi + + update-rc.d ipsec defaults 16 84 > /dev/null + fi + + db_get strongswan/enable-oe + if [ "$RET" != "true" ]; then + echo -n "Disabling opportunistic encryption (OE) in config file ... " + if [ -e $CONF_FILE ] && egrep -q "include /etc/ipsec.d/examples/no_oe.conf$" $CONF_FILE; then + # also update to new-style config + sed 's/.*include \/etc\/ipsec.d\/examples\/no_oe.conf/#include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp + mv $CONF_FILE.tmp $CONF_FILE + echo -n "converted old config line to new format" + fi + if [ -e $CONF_FILE ] && egrep -q "^include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then + sed 's/include \/etc\/ipsec.d\/examples\/oe.conf/#include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp + mv $CONF_FILE.tmp $CONF_FILE + echo "done" + elif [ ! -e $CONF_FILE ]; then + echo "#include /etc/ipsec.d/examples/oe.conf" > $CONF_FILE + else + echo "already disabled" + fi + else + echo -n "Enabling opportunistic encryption (OE) in config file ... " + if [ -e $CONF_FILE ] && egrep -q "include /etc/ipsec.d/examples/no_oe.conf$" $CONF_FILE; then + # also update to new-style config + sed 's/.*include \/etc\/ipsec.d\/examples\/no_oe.conf/include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp + mv $CONF_FILE.tmp $CONF_FILE + echo -n "converted old config line to new format" + fi + if [ -e $CONF_FILE ] && egrep -q "^include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then + echo "already enabled" + elif [ -e $CONF_FILE ] && egrep -q "^#.*include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then + sed 's/#.*include \/etc\/ipsec.d\/examples\/oe.conf/include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp + mv $CONF_FILE.tmp $CONF_FILE + echo "done" + elif [ ! -e $CONF_FILE ]; then + echo "include /etc/ipsec.d/examples/oe.conf" > $CONF_FILE + else + cat <<EOF >> $CONF_FILE +#Enable Opportunistic Encryption +include /etc/ipsec.d/examples/oe.conf +EOF + echo "done" + fi + fi + + # disabled for now, until we can solve the don't-edit-conffiles issue + #db_get strongswan/ikev1 + #if [ "$RET" != "true" ]; then + # enable_daemon_start "pluto" "IKEv1" + #else + # disable_daemon_start "pluto" "IKEv1" + #fi + #db_get strongswan/ikev2 + #if [ "$RET" != "true" ]; then + # enable_daemon_start "charon" "IKEv2" + #else + # disable_daemon_start "charon" "IKEv2" + #fi + + # create user for strongswan to change its uid into + setup_strongswan_user + + if [ -z "$2" ]; then + # no old configured version - start strongswan now + invoke-rc.d ipsec start || true + else + # does the user wish strongswan to restart? + db_get strongswan/restart + if [ "$RET" = "true" ]; then + invoke-rc.d ipsec restart || true # sure, we'll restart it for you + fi + fi + + db_stop + + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + ;; + + *) + echo "postinst called with unknown argument '$1'" >&2 + exit 0 + ;; +esac + +# dh_installdeb will replace this with shell code automatically + +#DEBHELPER# + +exit 0 diff --git a/debian/strongswan-starter.postrm b/debian/strongswan-starter.postrm new file mode 100644 index 000000000..ec4e6165e --- /dev/null +++ b/debian/strongswan-starter.postrm @@ -0,0 +1,51 @@ +#! /bin/sh +# postrm script for strongswan +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postrm> `remove' +# * <postrm> `purge' +# * <old-postrm> `upgrade' <new-version> +# * <new-postrm> `failed-upgrade' <old-version> +# * <new-postrm> `abort-install' +# * <new-postrm> `abort-install' <old-version> +# * <new-postrm> `abort-upgrade' <old-version> +# * <disappearer's-postrm> `disappear' <r>overwrit>r> <new-version> +# for details, see /usr/share/doc/packaging-manual/ + +case "$1" in + purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + + # update the menu system +# if [ -x /usr/bin/update-menus ]; then update-menus; fi + + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 0 + +esac + +if [ "$1" = "purge" ] ; then + update-rc.d ipsec remove >/dev/null + if getent passwd strongswan>/dev/null; then + if [ -x /usr/sbin/deluser ]; then + deluser --system strongswan + fi + fi + + rm -rf /etc/ipsec.d/ + rm -rf /var/run/pluto/ + rm -rf /var/lib/strongswan/ +fi + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + + diff --git a/debian/strongswan-starter.prerm b/debian/strongswan-starter.prerm new file mode 100644 index 000000000..c1ba063d6 --- /dev/null +++ b/debian/strongswan-starter.prerm @@ -0,0 +1,40 @@ +#! /bin/sh +# prerm script for strongswan +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <prerm> `remove' +# * <old-prerm> `upgrade' <new-version> +# * <new-prerm> `failed-upgrade' <old-version> +# * <conflictor's-prerm> `remove' `in-favour' <package> <new-version> +# * <deconfigured's-prerm> `deconfigure' `in-favour' +# <package-being-installed> <version> `removing' +# <conflicting-package> <version> +# for details, see /usr/share/doc/packaging-manual/ + +case "$1" in + upgrade) + ;; + remove|deconfigure) + invoke-rc.d ipsec stop || true +# install-info --quiet --remove /usr/info/strongswan.info.gz + ;; + failed-upgrade) + ;; + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + diff --git a/debian/strongswan-starter.templates b/debian/strongswan-starter.templates new file mode 100644 index 000000000..a54581e8a --- /dev/null +++ b/debian/strongswan-starter.templates @@ -0,0 +1,186 @@ +# These templates have been reviewed by the debian-l10n-english +# team +# +# If modifications/additions/rewording are needed, please ask +# debian-l10n-english@lists.debian.org for advice. +# +# Even minor modifications require translation updates and such +# changes should be coordinated with translators and reviewers. + +Template: strongswan/runlevel_changes +Type: note +_Description: Old runlevel management superseded + Previous versions of the strongSwan package gave a choice between + three different Start/Stop-Levels. Due to changes in the standard system + startup procedure, this is no longer necessary or useful. For all new + installations as well as old ones running in any of the predefined modes, + sane default levels will now be set. If you are upgrading from a previous + version and changed your strongSwan startup parameters, then please take a + look at NEWS.Debian for instructions on how to modify your setup accordingly. + +Template: strongswan/restart +Type: boolean +Default: true +_Description: Restart strongSwan now? + Restarting strongSwan is recommended, since if there is a security fix, it + will not be applied until the daemon restarts. Most people expect the daemon + to restart, so this is generally a good idea. However, this might take down + existing connections and then bring them back up, so if you are using such + a strongSwan tunnel to connect for this update, restarting is not recommended. + +Template: strongswan/charon +Type: boolean +Default: true +_Description: Start strongSwan's charon daemon? + The charon daemon must be running to support the Internet Key + Exchange protocol. + +Template: strongswan/install_x509_certificate +Type: boolean +Default: false +_Description: Use an X.509 certificate for this host? + An X.509 certificate for this host can be automatically created or imported. + It can be used to authenticate IPsec connections to other hosts + and is the preferred way of building up secure IPsec connections. The other + possibility would be to use shared secrets (passwords that are the same on + both sides of the tunnel) for authenticating a connection, but for a larger + number of connections, key based authentication is easier to administer and + more secure. + . + Alternatively you can reject this option and later use the command + "dpkg-reconfigure strongswan" to come back. + +Template: strongswan/how_to_get_x509_certificate +Type: select +__Choices: create, import +Default: create +_Description: Methods for using a X.509 certificate to authenticate this host: + It is possible to create a new X.509 certificate with user-defined settings + or to import an existing public and private key stored in PEM file(s) for + authenticating IPsec connections. + . + If you choose to create a new X.509 certificate you will first be asked + a number of questions which must be answered before the creation can start. + Please keep in mind that if you want the public key to get signed by + an existing Certificate Authority you should not select to create a + self-signed certificate and all the answers given must match exactly the + requirements of the CA, otherwise the certificate request may be rejected. + . + If you want to import an existing public and private key you will be + prompted for their filenames (which may be identical if both parts are stored + together in one file). Optionally you may also specify a filename where the + public key(s) of the Certificate Authority are kept, but this file cannot + be the same as the former ones. Please also be aware that the format for the + X.509 certificates has to be PEM and that the private key must not be encrypted + or the import procedure will fail. + +Template: strongswan/existing_x509_certificate_filename +Type: string +_Description: File name of your PEM format X.509 certificate: + Please enter the location of the file containing your X.509 certificate in + PEM format. + +Template: strongswan/existing_x509_key_filename +Type: string +_Description: File name of your PEM format X.509 private key: + Please enter the location of the file containing the private RSA key + matching your X.509 certificate in PEM format. This can be the same file + that contains the X.509 certificate. + +Template: strongswan/existing_x509_rootca_filename +Type: string +_Description: File name of your PEM format X.509 RootCA: + Optionally you can now enter the location of the file containing the X.509 + Certificate Authority root used to sign your certificate in PEM format. If you + do not have one or do not want to use it please leave the field empty. Please + note that it's not possible to store the RootCA in the same file as your X.509 + certificate or private key. + +Template: strongswan/rsa_key_length +Type: string +Default: 2048 +_Description: Please enter which length the created RSA key should have: + Please enter the length of the created RSA key. It should not be less than + 1024 bits because this should be considered unsecure and you will probably + not need anything more than 4096 bits because it only slows the + authentication process down and is not needed at the moment. + +Template: strongswan/x509_self_signed +Type: boolean +Default: true +_Description: Create a self-signed X.509 certificate? + Only self-signed X.509 certificates can be created + automatically, because otherwise a Certificate Authority is needed to sign + the certificate request. If you choose to create a self-signed certificate, + you can use it immediately to connect to other IPsec hosts that support + X.509 certificate for authentication of IPsec connections. However, using + strongSwan's PKI features requires all certificates to be signed by a single + Certificate Authority to create a trust path. + . + If you do not choose to create a self-signed certificate, only the RSA + private key and the certificate request will be created, and you will + have to sign the certificate request with your Certificate Authority. + +Template: strongswan/x509_country_code +Type: string +Default: AT +_Description: Country code for the X.509 certificate request: + Please enter the two-letter code for the country the server resides in + (such as "AT" for Austria). + . + OpenSSL will refuse to generate a certificate unless this is a valid + ISO-3166 country code; an empty field is allowed elsewhere in the X.509 + certificate, but not here. + +Template: strongswan/x509_state_name +Type: string +Default: +_Description: State or province name for the X.509 certificate request: + Please enter the full name of the state or province the server resides in + (such as "Upper Austria"). + +Template: strongswan/x509_locality_name +Type: string +Default: +_Description: Locality name for the X.509 certificate request: + Please enter the locality the server resides in (often a city, such + as "Vienna"). + +Template: strongswan/x509_organization_name +Type: string +Default: +_Description: Organization name for the X.509 certificate request: + Please enter the organization the server belongs to (such as "Debian"). + +Template: strongswan/x509_organizational_unit +Type: string +Default: +_Description: Organizational unit for the X.509 certificate request: + Please enter the organizational unit the server belongs to (such as + "security group"). + +Template: strongswan/x509_common_name +Type: string +Default: +_Description: Common Name for the X.509 certificate request: + Please enter the Common Name for this host (such as + "gateway.example.org"). + +Template: strongswan/x509_email_address +Type: string +Default: +_Description: Email address for the X.509 certificate request: + Please enter the email address of the person or organization + responsible for the X.509 certificate. + +Template: strongswan/enable-oe +Type: boolean +Default: false +_Description: Enable opportunistic encryption? + This version of strongSwan supports opportunistic encryption (OE), which stores + IPSec authentication information in + DNS records. Until this is widely deployed, activating it will + cause a significant delay for every new outgoing connection. + . + You should only enable opportunistic encryption if you are sure you want it. + It may break the Internet connection (default route) as the daemon starts. diff --git a/debian/strongswan-swanctl.install b/debian/strongswan-swanctl.install new file mode 100644 index 000000000..184ae88da --- /dev/null +++ b/debian/strongswan-swanctl.install @@ -0,0 +1,11 @@ +etc/strongswan.d/swanctl.conf +etc/strongswan.d/charon/vici.conf +etc/swanctl +usr/share/strongswan/templates/config/plugins/vici.conf +usr/share/strongswan/templates/config/strongswan.d/swanctl.conf +usr/share/man/man5/swanctl.conf.5 +usr/share/man/man8/swanctl.8 +usr/sbin/swanctl +usr/lib/ipsec/libvici.so* +usr/lib/ipsec/plugins/libstrongswan-vici.so +debian/usr.sbin.swanctl /etc/apparmor.d/ diff --git a/debian/strongswan-swanctl.lintian-overrides b/debian/strongswan-swanctl.lintian-overrides new file mode 100644 index 000000000..1af6f10d2 --- /dev/null +++ b/debian/strongswan-swanctl.lintian-overrides @@ -0,0 +1,6 @@ +# directories for private keys so tighten the permissions +strongswan-swanctl: non-standard-dir-perm etc/swanctl/bliss/ 0700 != 0755 +strongswan-swanctl: non-standard-dir-perm etc/swanctl/ecdsa/ 0700 != 0755 +strongswan-swanctl: non-standard-dir-perm etc/swanctl/pkcs8/ 0700 != 0755 +strongswan-swanctl: non-standard-dir-perm etc/swanctl/private/ 0700 != 0755 +strongswan-swanctl: non-standard-dir-perm etc/swanctl/rsa/ 0700 != 0755 diff --git a/debian/strongswan.docs b/debian/strongswan.docs new file mode 100644 index 000000000..e845566c0 --- /dev/null +++ b/debian/strongswan.docs @@ -0,0 +1 @@ +README diff --git a/debian/strongswan.logcheck b/debian/strongswan.logcheck new file mode 100644 index 000000000..e0ec04b3b --- /dev/null +++ b/debian/strongswan.logcheck @@ -0,0 +1,83 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] added child to existing configuration '[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] added configuration '[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] adding virtual IP address pool [.:[:xdigit:]]+/[0-9]{1,3}$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] assigning new lease to '[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] certificate status is not available$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] checking certificate status of "[^"]+"$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] deleted connection '[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] id '%any' not confirmed by certificate, defaulting to '[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] lease [.:[:xdigit:]]+ by '[^']+' went offline$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] left nor right host is our side, assuming left=local$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] loaded (ca )?certificate "[^"]+" from '[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] loaded (ECDSA|RSA) private key from '[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] loaded (IKE|EAP) secret for .+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] loading (aa|attribute|ca|ocsp signer) certificates from '[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] loading (crls|secrets) from '/[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] looking for (XAuthInitPSK )?peer configs matching [.:[:xdigit:]]+(\[[^\[]+\])?\.\.\.[.:[:xdigit:]]+\[[^\[]+\]$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] reached self-signed root ca with a path length of 0$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] reassigning offline lease to '[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] received stroke: add connection '[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] received stroke: ((add|delete) connection|initiate|terminate) '[^']+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] selected peer config .+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] sending UNITY_SPLIT_INCLUDE: [.:[:xdigit:]]+/[0-9]{1,3}$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[CFG\] using trusted (ca )?certificate "[^"]+"$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[DMN\] signal of type SIGINT received\. Shutting down$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[DMN\] Starting IKE charon daemon \(strongSwan [^)]+\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[ENC\] (generating|parsed) (CREATE_CHILD_SA|INFORMATIONAL(|_V1)|ID_PROT|IKE_(AUTH|SA_INIT)|QUICK_MODE|TRANSACTION) re(sponse|quest) [0-9]+ \[ [^]]*\]$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[ENC\] received unknown vendor ID: [:[:xdigit:]]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[ENC\] unknown attribute type \(28683\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] assigning virtual IP [.:[:xdigit:]]+ to peer '.+'$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] authentication of '[^']+' (\(myself\) )?with .+ (signature )?successful$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] CHILD_SA [^{]+\{[0-9]+\} established with SPIs [[:xdigit:]]+_i [[:xdigit:]]+_o and TS [.:[:xdigit:]]+/[0-9]{1,3}(\[[^]]+\])? === [.:[:xdigit:]]+/[0-9]{1,3}(\[[^]]+\])?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] CHILD_SA closed$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] CHILD_SA not found, ignored$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] closing CHILD_SA [^{]+\{[0-9]+\} with SPIs [[:xdigit:]]+_i \([0-9]+ bytes\) [[:xdigit:]]+_o \([0-9]+ bytes\) and TS [.:[:xdigit:]]+/[0-9]{1,3}(\[[^]]+\])? === [.:[:xdigit:]]+/[0-9]{1,3}(\[[^]]+\])?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] closing expired CHILD_SA [^{]+\{[0-9]+\} with SPIs [[:xdigit:]]+_i [[:xdigit:]]+_o and TS [.:[:xdigit:]]+/[0-9]{1,3}(\[[^]]+\])? === [.:[:xdigit:]]+/[0-9]{1,3}(\[[^]]+\])?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] deleting IKE_SA [^\[]+\[[0-9]+\] between [.:[:xdigit:]]+\[[^]]+\]\.\.\.[.:[:xdigit:]]+\[[^]]+\]$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] destroying IKE_SA in state CONNECTING without notification$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] (establish|restart)ing CHILD_SA .+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] faking NAT situation to enforce UDP encapsulation$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] giving up after [0-9]+ retransmits$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] IKE_SA [^\[]+\[[0-9]+\] established between [.:[:xdigit:]]+\[[^]]+\]\.\.\.[.:[:xdigit:]]+\[[^]]+\]$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] IKE_SA deleted$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] initiating (Main Mode )?IKE_SA [^\[]+\[[0-9]+\] to [.:[:xdigit:]]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] local host is behind NAT, sending keep alives$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] looking for a route to [.:[:xdigit:]]+ \.\.\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] maximum IKE_SA lifetime [0-9]+s$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] no route found to reach [.:[:xdigit:]]+, MOBIKE update deferred$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] old path is not available anymore, try to find another$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] peer not responding, trying again \([0-9]+/[0-9]+\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] peer requested virtual IP (%any|[.:[:xdigit:]]+)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] reauthenticating IKE_SA .+(\[[0-9]+\])$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] reauthenticating IKE_SA due to address change$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] received AUTH_LIFETIME of [0-9]+s, scheduling reauthentication in [0-9]+s$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] received retransmit of response with ID [0-9]+, but next request already sent$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] (received|sending) (cert request|end entity cert) for "[^"]+"$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] (received|sending) DELETE for ESP CHILD_SA with SPI [[:xdigit:]]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] (received|sending) DELETE for IKE_SA .+\[[0-9]+\]$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] received .+ vendor ID$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] remote host is behind NAT$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] retransmit [0-9]+ of request with message ID [0-9]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] scheduling reauthentication in [0-9]+s$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] sending DPD request$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] sending keep alive to [.:[:xdigit:]]+\[[0-9]+\]$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] sending retransmit [0-9]+ of request message ID [0-9]+, seq [0-9]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] XAuth authentication of '[^']+' successful$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[IKE\] [.:[:xdigit:]]+ is initiating an IKE_SA$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[JOB\] deleting CHILD_SA after [0-9]+ seconds of inactivity$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[JOB\] DPD check timed out, enforcing DPD action$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[JOB\] spawning [0-9]+ worker threads$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[KNL\] creating (delete|rekey) job for CHILD_SA ESP/0x[[:xdigit:]]+/[.:[:xdigit:]]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[KNL\] creating (delete|rekey) job for ESP CHILD_SA with SPI [[:xdigit:]]+ and reqid \{[0-9]+\}$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[KNL\] interface .+ ((de)?activated|deleted)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[KNL\] [.:[:xdigit:]]+ (dis)?appeared (from|on) .+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[LIB\] dropped capabilities, running as uid [0-9]+, gid [0-9]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[LIB\] loaded plugins: .+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[LIB\] unable to load [0-9]+ plugin features \([0-9]+ due to unmet dependencies\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[NET\] error writing to socket: Network is unreachable$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ charon: [0-9]+\[NET\] (received|sending) packet: from [.:[:xdigit:]]+\[[0-9]+\] to [.:[:xdigit:]]+\[[0-9]+\]( \([0-9]+ bytes\))?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ipsec\[[0-9]+\]: Stopping strongSwan IPsec\.\.\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ipsec_starter\[[0-9]+\]: charon \([0-9]+\) started after [0-9]+ ms$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ipsec_starter\[[0-9]+\]: charon stopped after [0-9]+ ms$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ipsec_starter\[[0-9]+\]: ipsec starter stopped$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ipsec(_starter)?\[[0-9]+\]: Starting strongSwan [0-9.]+ IPsec \[starter\]\.\.\.$ diff --git a/debian/tests/admin-strongswan-charon b/debian/tests/admin-strongswan-charon new file mode 100755 index 000000000..e9b57bd57 --- /dev/null +++ b/debian/tests/admin-strongswan-charon @@ -0,0 +1,17 @@ +#!/bin/sh +#-------------------------- +# Testing strongswan-charon +#-------------------------- +CMDS=" +/usr/lib/ipsec/charon +" + +for cmd in $CMDS; do + $cmd --help > /dev/null 2>&1 + RET=$? + + if [ $RET -ne 0 ]; then + echo "ERROR, failed to run ${cmd}" >&2 + exit $RET + fi +done diff --git a/debian/tests/admin-strongswan-starter b/debian/tests/admin-strongswan-starter new file mode 100755 index 000000000..7b32e00fd --- /dev/null +++ b/debian/tests/admin-strongswan-starter @@ -0,0 +1,21 @@ +#!/bin/sh +#--------------------------- +# Testing strongswan-starter +#--------------------------- +CMDS=" +/usr/bin/pki +/usr/lib/ipsec/_copyright +/usr/lib/ipsec/scepclient +/usr/lib/ipsec/stroke +/usr/sbin/ipsec +" + +for cmd in $CMDS; do + $cmd --help > /dev/null 2>&1 + RET=$? + + if [ $RET -ne 0 ]; then + echo "ERROR, failed to run ${cmd}" >&2 + exit $RET + fi +done diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 000000000..eb9e20463 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,3 @@ +Tests: daemon admin-strongswan-charon admin-strongswan-starter plugins +Depends: strongswan, libstrongswan-standard-plugins, libstrongswan-extra-plugins, libcharon-extra-plugins, strongswan-pki, strongswan-scepclient +Restrictions: needs-root isolation-container allow-stderr diff --git a/debian/tests/daemon b/debian/tests/daemon new file mode 100755 index 000000000..2a8b5e688 --- /dev/null +++ b/debian/tests/daemon @@ -0,0 +1,14 @@ +#!/bin/sh +#------------------------ +# Testing starter, charon +#------------------------ +DAEMONS="starter charon" + +for daemon in $DAEMONS; do + if pidof -x $daemon > /dev/null; then + echo "$daemon OK" + else + echo "ERROR: ${daemon} IS NOT RUNNING" + exit 1 + fi +done diff --git a/debian/tests/plugins b/debian/tests/plugins new file mode 100644 index 000000000..24825c83d --- /dev/null +++ b/debian/tests/plugins @@ -0,0 +1,28 @@ +#!/bin/bash +# find the set of plugins from default installed libraries +# and compare that with what ipsec has loaded. + +# restart strongswan to get current list of loaded modules +invoke-rc.d strongswan restart +invoke-rc.d strongswan status + +STRONGSWAN_PKGS="$(dpkg --list | awk '/(strongswan|charon)/ {print $2}')" +PLUGIN_PATH="/usr/lib/ipsec/plugins/" +EXPECTED_MODULES="charon" +for pkg in $STRONGSWAN_PKGS; do + P=$(dpkg -L $pkg | grep "^${PLUGIN_PATH}" | + sed -e "s,${PLUGIN_PATH}libstrongswan-,,g" -e 's,.so$,,') + EXPECTED_MODULES="${EXPECTED_MODULES} ${P}" +done +# expected to not load; they require configuration +# NB: keep leading/trailing space for regex generation +NOLOAD=" attr-sql coupling eap-simaka-sql eap-sim-file kernel-libipsec load-tester medcli medsrv sql systime-fix " +# rdrand is dynamically detected +MAYBELOAD="rdrand " +NOLOADR="(`echo "${NOLOAD}${MAYBELOAD}" | sed 's, ,$|^,g'`)" +MAYBELOADR="(`echo " ${MAYBELOAD}" | sed 's, ,$|^,g'`)" +EXPECTED=( `echo $EXPECTED_MODULES | fmt -w1 | egrep -v "$NOLOADR"` ) +LOADED=( `ipsec listplugins | grep :$ | grep -v "Plugin" | egrep -v "$MAYBELOADR" | sed 's,:,,g'` ) + +diff <(printf "%s\n" "${EXPECTED[@]}"|sort) <(printf "%s\n" "${LOADED[@]}"|sort) +exit $? diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc new file mode 100644 index 000000000..43fb530c6 --- /dev/null +++ b/debian/upstream/signing-key.asc @@ -0,0 +1,292 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.22 (GNU/Linux) + +mQGNBEoycP0BDACzL8ymURD7gnaNbGx2VGieNQr/gNISWhqgHaeUxuSkrInxl89A +ClvN7DoF2cD7slEqIMQh/8t6xVzmh9teu5uyeV1eyG/CuFMUqawXqpn/sYa2SkgX +C/qHB2hIbFg2K4k5LJHxzqHb1OdtOcU6lHg9yrvYcoO+FTVR+rYaVgYbbbziTB/v +hAAzvdTdgwMgoQMSXA7FsJ0mALny4IeiCoi6S6qRVDm4zcu11UFT9g1VmhmeHqtU +SQso72bPKKhYvu7ZaQrLhkvY9inWr6m9dxV8Zgb1ivZGhzsNzrhGAsz9jmiB5POF +Mfph0hREMiS33ph/YMJducGQHYGEza9mKBdUaaAAEL3fCpde7vRa+c5Gc/Y5RUB7 +iUsb2KQY+7xTiSUnCHbsMwhndG0dJspVXcz6X+2S3Ty4GaiqkvxI9KLiwiECNl0I +oLX5s/FIW6KW+GnxJTp/3h6vvqm8i0+yIwk+ETM4XfhHMwuPkDyf6km1ag3nIUw6 +pSSfnQMPhj5rXIMAEQEAAbQwQW5kcmVhcyBTdGVmZmVuIDxhbmRyZWFzLnN0ZWZm +ZW5Ac3Ryb25nc3dhbi5vcmc+iEYEEBECAAYFAkpF88QACgkQF3q9fEkqhHAu/gCe +MK30wjslGbZNWhwDqIw9eP35/gUAmwQGDq3htgY+Janap6FB1iEG5hGViEYEEBEC +AAYFAkpHR54ACgkQrtMaUngdkk4avACfaY1gM5ZJ034lBf2DeFArc34SttkAn1cZ +qX+njDSiAOOU0MZmvYdT81F8iEYEEBECAAYFAkpHXHEACgkQSRB4xVHMaXQWCgCe +IkdHv7Ya4QQzkmY9X0w8fkQriBQAn1CLpqfZR6S5loW6ZQzYys63cZ7ZiEYEEBEC +AAYFAkpHlEgACgkQbJa6vxmEnbA2iQCdE6UIz6Fymm3SYTXyjFFufgHWTp4AnRuu +qBFHHCSfQMBk5usCUfYkMHJpiEYEEBECAAYFAkpHlFEACgkQ1jbYdc10LeSyqACg +iXy5VKGWmEzfZN/PZgizgVkQg6oAmQHw1lZhb2V3WYdVZsrSmZoVO0rhiEYEEBEC +AAYFAkpHwBYACgkQ7LZ5x4fpqr7hoACgkP2Yg4hx0OOaYQ/+Q5F/iy/dGToAoIrz +JZFlvr1xvxMwgCaY1v6tzGnsiEYEEBECAAYFAkpH2FEACgkQxIHfCcnL5ACRqwCg +tkAdtC4t8PuIzFPUqGRasGMtKmgAn0HGo8mJtoV5AK+uj3YBYyyJRcxviEYEEBEC +AAYFAkpIuAcACgkQO46kH4L2EkBRfgCeMhOEdYE/w8WRYq1S6bCYFzOldNUAnAgb +vQ/OWvxLk+u8bUxe+BbUqkE0iEYEEBECAAYFAkpJEUYACgkQ+bsc/f29F/IMJQCe +LtrPDs0Wo3AGvcbTHoZPtHzLaJQAnjGY5/j6SX+XIW/dSgdNY04zVZwriEYEEBEC +AAYFAkpJFGcACgkQVzc9bUjjZszelgCfYGkK5rcRY548yybHJ7DVeGpp3CkAn0zY +q1UGOhWKVfCxuFkLfyoNSZS3iEYEEBECAAYFAkpJIHoACgkQadKmHeJj/NRjygCg +l9TQykiqtpndMUR5OpZqVgSbNjIAn2KZ4kdlb8lUeITgJsIbpK0TNPimiEYEEBEC +AAYFAkpJKo0ACgkQjh6iDnpWUB0HvQCgtcEat8Ku0Zccm/k2jBv5SWWD6JgAnjDu +ujKedxSBSgohQAd1mXHmtraviEYEEBECAAYFAkpKf/UACgkQryDNjGqAEEE1rwCe +MbE9awFSsAEaj6XGJ8UaxbCHyJgAoK3xbaGBoFGr5Um4o1PqV2gtC3tniEYEEBEC +AAYFAkpKr94ACgkQR7UWzzhrTL9WVQCgtvTMa2R7cfx0onbtBQgGkr75gtIAoN08 +gdOYBnh8LGV0irHbfb9hS8WPiEYEEBECAAYFAkpLDLMACgkQzWRwz0BT686RugCd +Eloj9w9L9nTyR/BwQ7uNQ/Gr8OQAn3UsjIpEazjP2jjwmJQTngElLLEsiEYEEBEC +AAYFAkpLLa0ACgkQeQ6MlGH/2qsrKACeLmabelozki4nGHzvJQN1IRnGmBIAnj4Z +alB1OEEsgg6ttnzT/UQptSQsiEYEEBECAAYFAkpLLoQACgkQvl+ScPvxHiIPVQCg +mZxoWebrJgp8e0UFLnFrQapwXxoAn3uwfpLI0Q94TRQQ/WN1oClop3XtiEYEEBEC +AAYFAkpLRGQACgkQKzt+ucU7M5im5wCeIkCFuNa+Ij771y0ZhbwbXyhZ48AAnRTz +rXuClmAqNjG2pJjXGUwS4fwpiEYEEBECAAYFAkpLbsUACgkQowczOzpadH+cpwCd +GEbDhuqigR/xldG9A787gKQWuwEAn1vhGKiS48GokSVREMhD/6RzYMM6iEYEEBEC +AAYFAkpL894ACgkQecnFg9AIQHJX4wCfbZ24TRoj8jARaent8puW/7VwzjkAn1B6 +IygDxuiJyzaTjMc3qeEl4NKliEYEEBECAAYFAkpMErwACgkQiqNir+lyMs0TLwCg +nfpQZORxoKNdzF3rb0yM2oDA5hsAn2yW05EBb2w8rpot65E6iiuwg1JfiEYEEBEC +AAYFAkpMEsEACgkQp99YcnDUTCPHDwCZAfHNU/2nMW116z9cKiM5LtYiUvMAoIKy ++T0mJT11yFePg9y7rY/5WCkHiEYEEBECAAYFAkpMEsQACgkQ4gEcJ5SEGX4B7QCf +ZmDVDP+RfLV9B+rL/MV6/TMXFLoAoLjznB/JN10JfN/u5IZWCi+dqsJtiEYEEBEC +AAYFAkpMicIACgkQsta551Pt/1VIgwCgnUQFiZ9N4qbhqOiQzfPCnSB/hnsAoIhq +ukM9rO0RH1ikGd4VQz0cIgatiEYEEBECAAYFAkpMnwsACgkQN8SUWat0lhnoRwCg +p+qTCC79bMlilGKfLYV7Oa6t47MAoIfpyNnCXMNZdSIUdLRiZPE6Ck/NiEYEEBEC +AAYFAkpM6UgACgkQaT2DDHtihbfIPwCfbeX7jAuzbiKq5XtuDE1OjNh68cAAoLOh +3nXliAm79mFgbXl8OXOZinThiEYEEBECAAYFAkpPKEQACgkQdns1tqFIBbkNfACd +HzblbPJ2vDdm0ya2Ksccwn9u5GcAoJzzX8AULChnHmBqrc8kphR4oRB2iEYEEBEC +AAYFAkpRzYEACgkQ6aFpZ+X9qBIKbgCgiDp8DUKtkxOcwoC2z04seh2FwM0AnRmG +B/h118ajrYsRglYjT3nkjzTIiEYEEBECAAYFAkpSIt4ACgkQ1R6CjUnlJYMh8ACb +BA4fUWIRHZSAz4nAFrXAzKQCnJoAnRxWq3sHkP03qzpZyOIBkeNfKwzkiEYEEBEC +AAYFAkpSPaUACgkQPzXj4jNu7sQ4mgCfTwP/zE3chyiYXpuV73jrRRGhIKYAnRUF +jjxLvplfo5moUMR2QiK47ga8iEYEEBECAAYFAkpSW2sACgkQ9/DnDzB9Vu2jGQCe +MuugKHBTV07TW/+ChrTGk9lxOlgAn0KOdNP3CbTngoklhrCD6OVeO1YziEYEEBEC +AAYFAkpU/y8ACgkQ+hT4QImNDmpfGwCeP4wasOPdWp/ZYd+50YirQtogjDoAn04n +T+MiIMh9aiQ5naOvg/veZ8oyiEYEEBECAAYFAkpXHsYACgkQbj3LoLfDuD9cPACg +y2iM7gVr7z4gRJoEqqHIFl0g8y0AoOUC5MOQP43Apr2vO1iSrsOZgZ7UiEYEEBEC +AAYFAkpYhioACgkQEAHIxXV27I9v4ACfXnb16A79Hpg4+6Hb41CyRVl/xBEAniIU +npMD0UdFUpP+pxDWC+Kq+aJLiEYEEBECAAYFAkpZg+oACgkQOx7JtKW5uMsdmwCg +uQPIL1vZ8RVXYlBIA2pzfOOX1roAn240p5krhDUp79Xh0wEVbh2P8qB4iEYEEBEC +AAYFAkpdjx4ACgkQls7o9YEjUnrzjwCeLqBpBk4/1Jamy3LadIeGwPxOeEIAoNDI +tPbpm73wu6JmccRzeSOzHqUniEYEEBECAAYFAkpdzc8ACgkQVkEm8inxm9EIbQCf +RxHhOqSSLkpENJWRBy0waV91v/kAnR2lEeiMPOQ4NtkiQZ+0tar/HHO2iEYEEBEC +AAYFAkpjcCEACgkQbR36slPFltjkYwCeMhatLo23Qo2diWftXI8U+c400jgAn2Ym +TTJqGj7GLCYmBA/edCwu9T6WiEYEEBECAAYFAkpm9OMACgkQXjCu8kSU1W2K0ACa +A6cVaqZpOCdQk8cYUIO4NZYA2FcAn3m9tqEZ2BDMWPZg4uiIIsD4zK8tiEYEEBEC +AAYFAkpzavAACgkQEF0sD5X3mmquSgCg1zHjdAKxf1WbfV2TVfBgVDT2/XEAoOrE +KJrkjfzB7QuaDg7lfAWWva92iEYEEBECAAYFAkqDIqYACgkQ9D4zU/gevQPkagCg +wiYyNlH/F2+lNMVHlqb1hvon84wAn3Wc+QhEr/WcR10pSqIWw+Hin5vCiEYEExEC +AAYFAkpGjCgACgkQePhWFewOlUwncwCgmhwsGQ/+AqmIAPDmWv29NkMwvq0AnAy9 +wvRuZicC1AKliorx2MBVxgD4iEYEExECAAYFAkpHLxgACgkQO7/Pd72LBQ1xvQCe +P8yw0EU2sFi+uqb+Q5tnfXQjntEAoKdCMeKRmBKWUcB3FaW2XzYMPrRWiEYEExEC +AAYFAkpHaKYACgkQcVwuIf1YDMADCwCfbGeq2p2km6QULrgsRZCE3r/TKPwAnRui +4QT5LVCok1JfVxniy4ejpPS7iEYEExECAAYFAkpKkLQACgkQrpwLPnGbxnuU4wCg +jqJR1B+O5NrSYTgEJy3zT5mwnKEAn022uXzOocJyFfh3oOHuFuexM9/7iEYEExEC +AAYFAkpNCFkACgkQL5UVCKrmAi6I/wCfUP4cGY27+mP1AqLsGZnU4bVtEdQAoIit +ueT0lAg1skwv2h1vldV0cfyoiEYEExECAAYFAkpNUAQACgkQtfXMjywV26BLWQCg +r0yk6lOtO5fKGLbjxFCCVUG2bckAoLgO+0Nuzwb6vpyC1K1OEuhIEJTgiEYEExEC +AAYFAkp8YgoACgkQ26aJnILW8pa9LgCfTN/s9d8BH+mke5x0vEd0XTbIFgQAn0bJ +X7dfPPi/75gA09tlyH07U3WBiEYEExECAAYFAkqAZyMACgkQyoukcaP2scQE4QCe +OcULnUE4fftMmo79HAS0k7tsN3YAnA6tUWnIg9dBCfjbGSORVRRpa6vSiFYEExEK +AAYFAkpFO5sACgkQGOp6XeD8cQ1KWADfRbqErKPsEIVI4IiNTJ+FDQ4oStxUwMYV +KQQweADeKEegvlBzGL7eWlcK8ZgHx7QWV9giHsKSdQIZa4hWBBMRCwAGBQJKRy8y +AAoJEOasLSK2aDBATmwA3jh9KHEYVx0jvIzKAr18Y9ocCxlc3cN7ykEnLcYA33FH +VAkmGAWUbkvld/VWkgQbeEj/oJlFwT4Flm6IdAQSEQIANAUCSkeAXy0aaHR0cDov +L3d3dy5hMnguY2gvZGUva29udGFrdC9wZ3AtcG9saWN5Lmh0bWwACgkQVtUpPsl6 +BlTzFACgxDfPHvU2uKpo/Trfl3CcY0/kt90AoOtNtHOhcHwV+FiDz5Yr+97ia39y +iJwEEAECAAYFAkpI+XAACgkQO30BxOBIP8WV4QP9Gtb/JYUSpina9+fYFYt9DWmQ +2LQJgkouQwhYrZt8+B20xAKc26xBRB39NK5c7vEqvSyJsc67tNkIR4Plp+HSCB/h +PSY+h63CKZbl0W7u+4MxcIl98rHaMEnf6eRzXyNzYR6h855xHqClEXkwFVXXOiAj +aXTvLIkdvol308SIad+InAQQAQIABgUCSkoQygAKCRDWGw5zQJlTWQ17BAC7Cw5h +yA53oNiWjMJl42xyiLX4XLcR+g/FEtvzpctE4dS/JOkzIk2Y14Zydar6QGIBCVcX +I58fswKQewfRdZPQLIUNuZex13dY2qId0dOSruJhj2uM7R0f64kJW1u6AtFhcVky +uNQyH2jY5TJpS113Yd/cizN0k3Uawpg90I26nYkBCwQTEQIAywUCSkYcNFwUgAAA +AAAaADltaWNoYWVsamdydWJlckBmYXN0bWFpbC5mbWh0dHA6Ly9taWNoYWVsamdy +dWJlci5mYXN0bWFpbC5mbS9DOTIwQTEyNC1MVDA5Lm5vdGVzLmFzY2caaHR0cDov +L21pY2hhZWxqZ3J1YmVyLmZhc3RtYWlsLmZtLzYyODhiZjkyOTY0YmEyYWVkMDk5 +YTVhMjBkNmRhNzczMDcyNzAzMzg2MzBiZjIxZmRmYjI1MGVmYzhiZDgyNTYuYXNj +AAoJEKyCSx/JIKEkUPIAnjIyTwvNmZ1DmuTuxgzQPSrRvaAYAJ9Qn3DR07NGciAK +4mf/2Itux9jPDYkBDAQTEQIAzAUCSkYSsl0UgAAAAAAbADlncnViZXJAbWF0aC50 +dS1jbGF1c3RoYWwuZGVodHRwOi8vbWljaGFlbGpncnViZXIuZmFzdG1haWwuZm0v +N0Y3M0Q5Q0MtTFQwOS5ub3Rlcy5hc2NnGmh0dHA6Ly9taWNoYWVsamdydWJlci5m +YXN0bWFpbC5mbS80YTE3NjFhMTkxY2RhYzU2ZWM4MTYyNGE2MTg5ZDQ5YjhlOTgx +YTlmMWUzZjg1ZjI1OTM5ZWNhYThjMGVlNWVhLmFzYwAKCRCtG95Wf3PZzIS+AJ9R +L44Uig1ZdaeXRXl+nOgf4avrfwCcCyfw+nrw6iV4/Gt8RBzbX9lmjZKJARwEEAEC +AAYFAkpHoBoACgkQjBSFwK87aXS6tQgAizuHDOgoFLnRrFAatCQK4nF2J2/nxrwE +L1dyV4hFKmQaNiULhVD64LHsJC9K9WNWrdWe3jSzZzIbPwGqqvi5F3YcieTLDbvM ++5zyX1w9276u1PQIxIJ8hirlh5TXuJhspFOLdDd8pLUpHGwKA5HzuZT1K6tN82J1 +SQ4lbqC5nmrNlOMloKkyce39ehdWVxmG0NxoN9qjv8QSY4ZhIkk1a29AYtQ3Em3p +oHn92rFgueKYPQDX1c7YMyas87lnsN0r/anB3orHGdk2KfefriGCLn1f1aSkYWvX +bFe8eP5SeI9E6GQgouklLDPuSswj6akOOWmcyZ+UKxhrqayxJByKZYkBHAQQAQIA +BgUCSkfANwAKCRDhksSyWuqYqX8+B/9uOJFH52T0yEuCAeoNYUUyNkPmw9d8llaI +hjhlDM1OpruR4Q9x2wF5+HFgdV/FnGbhviWQfiXzOoukJK4FuJyEoGPrBQH6tDIb +ztfWwFLh3zstkzn3i9ycqdujTXn8C5F4WeLZfw6o/Rm8J2ZTqeHONf6sdwpaLTwS +9RNoKcs22T81ndmM4Li/NKqO2c9pUP1ezRhBHu6rq9D8DZhCIvOB0fK47ruSa0hu +9ngMPW+tLIPZaN+ZI6RD/KzgpwIestX9n8sWY+EV4ScoSB4AWO/+VkmbLr0su88l +1ZcpMRsnwWPSbOhWhB5kwjgX3YgmA0mg6iO1Utlo2mCZSeE5+s1SiQEcBBABAgAG +BQJKXupgAAoJEBAa7p7BMvTDwhQIAKAKiFO85sFurP6KliGSLA0s4savHfXGHk/q +vzzICONh4plIN/nCk9EA26fONaCMohBM/MeeFI9tTDE90NshSzGl3YwCxpK0OaGb +qmpD+99xQ6FdqKyY9f/X4QZczPPS8mrZCWXkzvbo+20Jav3FzEkkAW8/1qJ8rwOi +Rzs/1m/Bq/zZnApppGcwMD5Mu57VJZB7xngADOBurRwseE2fcRZlKX/81pquX0hL +oJKQcggcgmbX/aTgRthrv52NdIwtRj1KVvmtdoiYV+OjzUbHKfjuPrKiAMQ9xknn +BUq/BT42k//AuoT5umuQh+j43MtkSJKNcsRJoJxShZv4hYzWe/OJARwEEAECAAYF +AkqRpeIACgkQTejfprp/Jq6jFAf8CZhiNE6WMuJfrDDag98AwkhxHhIn1VScpQKd +9cS/zz1Be98GEeHkVgEDvk6ZI3+SHhzNH0HBPb9jGJq8oymWGjuldBWZ6jYfMJOs +H5h+DWRVq9JWC6PJZvdcA45LuPvMS4QULOJblB8HkMOQ2Q4wX2Y54Lpxkjo9vLEY +340Ptq04/kMuq+1NQB5KUB5WgXnDMerj1VQr2crdfJPrIGgdS5YN2TWqNjVJMTFQ +IVnK0w/xEGGSGsCLw7qJhRL4y/A89NQ938oJV7Y2oEOaisd9i0ypz2dLMXRn6DDs +lmCvTcgaXWkyxxPxXxPrX4vFKuYLRtauKGR1nYrH3I4d592bnIkBPwQSAQIAKQUC +SkoDUSIaaHR0cDovL2RhdmlkLmJhZWhyZW5zLm5ldC9vcGVucGdwAAoJEIJVX55T +hvr4sf8H/1GfCCWxB7W8S9rTEPDi7VAuAyoG1uOmFeo0nQBF0ayXmiyF3u55DvWs +3bhA4xxuXsLt1HNigKMd5A0UpOUkXx/EjOFIO74wu6cQJjpynAwpVpRauam198lm +NcFYxe6FG81VIeLF+pGbi9g1FF2HpobpGhYJK9gArOIgJ1UipI1sCW+/psGCfh6c +3Q5tFoc1PfqQVmusM4QZEFGxhef6fE7h4oJPa11ePOIct0fvYNWEmFSx7GD1jeO9 +DDKE771zPeg7fyJkqgMCDDugtbAuP6jtmshWsqv3Fxu/mY7U9BDFTT/E8bgRbf+L +BMpQ7OQM2h6D62mlvo334aCT7c/+6CuJAbcEEwECACEFAkoycP0CGwMHCwkIBwMC +AQQVAggDBBYCAwECHgECF4AACgkQ30LBcLNNune3kAv+OteecYgcufwz2ubKh417 +slBQTkAZJXdQVpkeAeaNu8gcD51G+HUw+Ue5ZtpmQdU+1EW8W0SCSxz3jj5dwqg2 +gTEoYqvAtBxQTFSJDQjI3AfvS7t/W4U1xtjzk657kBLOb7ACe2eYiU2w34wd7BFY +Lp/qBifVofCy+HT1/PQDfi/3B22KbZ6T9WjF7cAgMjDYxM2bAXrWlcSysfTCpica +FgtntBu2GcOcdBpR3cg9Jrq4CA46IKgJsoK8/i7+JWbSuZc327Oab+LhjRwTcOik +ayqtHkN9ZgmOA/goEKWfQuBa1gjylxhyYDkT6X5+KM1wyJ23NYcxbYyPShlmw77C +VFRgsaH+NEBKCrute7FX6gYpwGfhGpIeVnn8FiW+jBTGc0ULi0suWd4eJ1LxO6uN +pwzd/BEw/k0yZxLl32xUsbW7GX7+DZxEy2mEeLOLP7v2MNz61LGpE7mWGrIi0APo +sLYbEHeILlp+czHj35hbOFRN4v8p+SsP3Df+fs7TSQu0iQIcBBABAgAGBQJKRRsb +AAoJEI6IlUTZhQANZ4UP/1z1R1UkXHBiT/SAO8hUK7zAQFbWoV6e5foS0muNAtgv +1NWlYgzTZw7UkVeUCxOuqS3hIbG6WuR0bcUqJvOwSfRy89Gcaes+7rGwnjrzb0so +pL2FejjW1uC5XhnwIJGM7iaDzlrDMhUFyyKP9R/ZBLoz0lVTC4DBn2mx/2NNancX +APhLTMiAKyBqarXvhe6lVtIQdobxwf8SfE/gWcUobC603/LGda4IBWJiPEpfN6dr +o0AI628AtjhrdRNgVAZpLPbVSHoBUwaemNk1rgNDVW2f3WMdfDUUCQd10Rq990ry +F/Na+0bxQgm37BXMRfexU7pd9b/vV9BA3eZN/kP5JGqz+16BrK7iDapvNB2bPttx +GvF/GgQa9Oz4gR8deAoaYiHnT27trc/G6S+HwiBRnX+w7JLU+VptiHY33AWd9zJH +aMMXFmSol34Bywe1HIBb+tv1dwnuCkXVY6lqSVAfQd3waBqn2KQ6S+2qca7sT7pC +DN8ZAcM0ugPxCP2G87hq98dXNtEWkvD3RN5iEypwPYLzVLetDtUgrOnYdMkPNOzh +Hz4Dc4Q6bSyKWxm23ykczcwj5iyvIF11r5Uow0CkriqsmUWUKyxz1hnKdeBw54qO +EsjGAhWkDzPIeo1hTofK1XQUsHLMD7TMGWSh9y7bPF/8VdrA/KtDzlpOVjFJgPrT +iQIcBBABAgAGBQJKR+aXAAoJEKc+AFVVj7jdI2kP/A0g9ef142XmMPNZ9NyBJXKO +g56L2+/g3o4HAmGkW16Ftini4VURnaPzqZRraDvBBq2ztqqYdYP+pkY6zLSq1jWv +v63dd6hIHa9kTWUXM3HvN2xW+V8DQdJXCVnT0d7PxN7BfdCk+ITts7ZdcB1PVblT +IH2ZC3yTReWMbwF+/rZAA9Q3z8h0cIdwXNxiPCqeF4JyZmH0IZiZ/Kq+YR29hvQR +TdaeZyvTW+QgL/rkWh/WnJjoc4w8djTKQDXc7bzVzCxH2cJLDK5E7Ge3CO4pILNf +1nZ9X29XR5wFYXHGcjEpjFq1Bn0phR8LIdxZskdhl+Vk5cHQP3rcIFFpBLv7FKfz +b72YWFUmycnNg8YvaS2PwQf1VDshlhip1Eyhjzlm0Fh6Ead0gReRLydBVUX60Ph1 +GpvEBmHcCW9LFptb+D9tSG2c0yk5mGjId33p2Sd8VHar6L1S4g9xO5bznYn3HItS +W/yv4VbBxVQ2Idg7PLfywSVRmG1FR3/IczYRFGtyhYVXEAr56oHwQ9/XPv/ruDjT +wmMqJWeGwCPO8LNPj7cw2viHs1/eoR8lUNTLAmkJFh9ID5Z4vYYAt/2/Red8G4OH +qzYF3jQATsyKPvb1nqBmxPvQaKgUwyEYxJLYtpjGV7I3/W9gVGCucLgi+k7QHR8d +IwwDDB6bv9/swM6L6owniQIcBBABAgAGBQJKSQ6LAAoJEMamgupjyC8cAzUP/0pf +AfL9aamv2MMA1+b39K5AgtMMKT0owTrY39X8a+g1Gi6w97Ac68cr3Bu3jP4gXkAV +s6jhMC4fSwX15jkEeywtKhKqdzUrCkHgy5VQEiNJepzRH55q/UNlerYK0uL3Xc/x +impeShraeJ+YHKb55jRYr+ukZKkkt/jXJmQg+VcIauCiIw9s6JY11XI5FU3d82W4 +XRYF838MSHW/q40g72Xb+u1cMRYJ6zxqJOEFJLwtKgG6BwoiN6kGQ2lyeMVDqJ2Q +jvVfpZE4yiUlfSn6tx/7FG0OgTdqzvS93FkhJkw29dvZ5SEUFv5tqeg3PX0zSDNu +zTQ7i4LSxmhoTuf/mUWbgd5SXABWA7yW5ZKfch9JN0sW0UYDlqmIjbvmeWBGUzbE +sxZT6x5g5DsTKRi0UJSSzZZOhTEyAFgxtZpvaKMJga9IUCFf3nlkmb8b0Y8+kgay +iIKm/HxGnYjjNs3bX7f1QqPTizsPx8K4YW588HpgR+f4dja9nkb8SSBw5P5oaadf +yYBDoP1IE7FOQ75nXOxjYuqyOQz6zVT0jfcDw5VhGK0BW9+M0Fsv4ad5kvjeJb5V +NoY/uQdaeuSJkX+TAvQ5l9sAIvJSz6/ytDFt09loVyDpRQK/Wx6qGe0aqhJLb3Av +Pz2TL5YbsgC4gZrx3u2PoeaoEKQ+Z60Km0MJKpNuiQIcBBABAgAGBQJKTJK1AAoJ +EOc596WBW0pqWo8P/iezz8v39iD35EhsTAE0RB4DbULvvXU/EW+iIZo7mS3Gretz +269tBZWJeNw4wvH+U+E7JGg9dxq+D68f6K5AFMytZpbeWc5jiFwe7n2PF64kuV/9 +qw1mV6bt0MPbIYn98DRMvEphC2BvVE4z7omw2UapOUvKrOB/56p8G0zm84Nr/axl +B5TznxzP6Xs5lBmT4MqXVx0wPEkhMEJTAhqKYt94faoknhRcnL4Oj+weTeyOSwHI +2aC7xj6wAdb+PXWih6qzCFDFiC5Jn+V0qo3D3XPGZ5jOQM0fsr8FDH6qEfWQiH6e +4iknnNYH1LNarfTsi742mcucRbwWGKa9ZUiIGvnMr0E9pn2pZrvpAe+NfNUG7kNP +l5A1I9rE8Da9MH6XqFhymB4xxAC0XIb/bKQJ/MnOAxWQPD553WJH71bqdetrR4Uw +1M2BErrgi7w+RDK+l3z9bErCRHMtXhGY382F2jtooxGps3SXQAwycIdFQSXKmtN5 +qZ1P73DNnHdozPwbvxHbldiYufIVHqzLhPKMRISQVtZM3czfKmPeGNb4Q8r8yBOw ++2wcy2EJAbACcyXPWboowtVvqdb37AiTciyi6Ua/Q0kPBGD/bewucXXWxuD5H2Ax +l/a3pxUm72BINNP0ptlinWwHu0e0c3zlNdsipoNTVN7tj9iISwWmyqUOY6kQiQIc +BBABAgAGBQJKUc2OAAoJEGacjiM+Hv8PN/0P/RACW24ojji9K2kUqvRCeBzA2SgW +fX3KasRWOZB2Z29pgbOZ5+ZVcyqf5P3tEojOvR9oYx7OllK4Yp90jzx0TyHa5iQQ +9NNJm464duYkMD9cemAh0HgLNxoZzmFGTPaOCoq19vdoq1lkilWvGappXjXXYtiR +3Frmpm9G0TR0Knmi1Ah+66G/nIzeoNeIjaHZKKStu1Y3Gy/XuZDG/CsribuX6L2T +2/dBtnCEIyrX7XV2BXosuua6h4KgAKfespv06gzATHxotXN6wAHzq8fkwJNY4Y7U +qYtKwG2TX31I0DsCV76ymp2hQ7iCgbZ0LggRwp1fSq2Nh/+4UBh06TV1TmVEWoEd +plAnG8ynfOwJBjaGUodgseLzoM1srnR7H3cTFlUNi65UiHevZGxAMe2zKUUsV88k +PR4vzaP3hxfuv1xTFuxioxisJSoFwpsVVkffYFyKhqXjYzlCjWg7WAufDsSyXpS3 +slWD5hICcJRtpuW/mBObrNLHKqL6hK3x1GlV7QqUEvmwZU2drjlaEDOp2E55NBYJ +LedXbbmGemDbXejbjHsXG33/ffVfzFIjJ9qdFkoGLVRGIQaZv+zRlkzmQH5mFZV4 +KUxOAYmoAsR1xngXj4Rk1J3NTiAksxC9IWtL9rmBGHObp7nqx2U6MVPFfjis+wYW +TRsbHI8M0lABCYLSiQIcBBABCAAGBQJKbLe8AAoJEE5uQpnq57CtVpQP/3xuYUpU +dw4CLyxStlO1mBqfXyInpADS14QSAEs9ZaZedyNswJ5g6LLFiahmPfffD1CZbRlF +ZqyfwnSnUHdOdPg+o/nVTBrFYfgwBqg+B5gdnNzG1WZejCDc1K365YDJIbfrIFm9 +cNW33OgAq0AADpXw10hd49PCOHj5b+HF0NX17eVWDnu3yITybgnfllHqkn8lAM4p +vgIeFwGV79TaelagBKuxa74PBPjTA7xjzDI4wYy1EUijNkDpQTOk/5ofHsmomcI1 +H4K74JJHuh8vJgjYrg+FD7yI7YhcxLEkDqKMVURf2q7pE7Y7MCv3qVRe3QlLl+rx +vTNaxOcC2GSs1XXiWabwa8Bhl/R01QRg5Ph536ihxd9qhhisrW+C5ODq1Cd7n9wB +xIZhJgt2CIX5gpeWc23i5riMbKF7kdzyzA/bdHgD7lOFMVBZ7A+TrYclCbeY1F+Q +c1Ybp7W4qeasaQcDrhk0Lmd2n7e/FJvxF4oIeETPFN5+0jYWuIwQvxnh2fHRoI8x +DZ5Zf29tAfy2mCABa9edAGv/ZqL1TpmdyDDxffkj7gwc8Y34kNK4L4j/TF2Q7rSc +pfbHpFe9eIpJJVLaK6td0p4Gme3AHydhLwPWGEe3SZWrLZqEQuDuC7zbD3mb3/zY +Jrx85bmBxV93eSac38iKaiTG7c9Ccce5jP4/iQIcBBABCAAGBQJKiSdzAAoJEMBk +12wn2FYBlVoQAJ5RmoS3YB4kzOp2GWXwMB6WBUQM3fBuGen8TLwSgIijV2ml4rp2 +hG7KWA429jTN5vlvbXZBXHlSbzzXf6HVNFtiFUNif6uBRNPV94XMcSYT0YnypT4d +3/9Q8vauCeTs7dEIWQLNKsw2DflarPLVW7FWCzq3oH9KCTi7gF9149zPHzLfXkdE +AYAVLZqLL7ZrMLz4xZqhaAVJAnC7ATH8qPiF94XnxLWA+MfrPTdLaAMhZvT3sxOt +pU/ovwI13xJtaWOzmP4tcUyqU84Ju3MvtQjQsjTFLrqHU2sfWt6w3BE6Et/hz6wu +7FIFqi4rr5PUZdtKBoUmn7hYHior28UTtzZ1Vlx1IlIxHXiQjRAM79cdsnrNykdW +4Nxppoiv+2Ds6piRLRA6bsHeORKKHgAALhhuQLNKW3hwZ7crLsAbV99tT3CpqIZQ +ltfoIE8TYJWvpVVyBI3suR+qJvqeQBffNJYhZzHLNYdQzmrfRM5iaY3eltkx4F5d +5Iak/H87NBr4nBNl04hZJKunIO41ODun+qPMn6TfmLfagHLTzRSD95WUs6XGBME3 +v+L21o336sCVV86eGo44bmuR2GLlH7UWN3suikU2HRMKaGdLTMomGmUztJQWZUAP +3ZthSbLTa9gVLpJe4BzO9f2mveFBGCAV0Xls+EsUrSmT2TXhL6WHa1ihiQIcBBIB +CgAGBQJKT2MTAAoJEPU2qnARHVcWLNcP/2JAi3Tvnc+lLGAcGCdzRVf/w9WYeplC +kyD78s/tTedG7BVFi8lUOmAz9oTQaDQh4felYXXTHSetavfcnY02w8VqtNcpTNGa +m3R+K5CYH7UTRFvM1q8aUQ29eD7Pgr12I7IQq6d9Qe3bVbe6at/DuK+39+HcbQ3b +dAGkc4kuAPuSrxVbvwY/XUuiMhjqG5goohaFp3ug1gl5XWEDJes+nf+MRil5JYSg +MxdQsiPiAOqUREOf9RaJ+vLFaNiFZ00h6H+qtD5DM0wY1uT+OLaG7wo7z1cgkrti +k5RxehrgbGo5u9FUtVlb3wg6MzLA0LmD/v0H6q8qxbw5VGjXLypuN+JYMRGpLfnU +GqshkgeV1rKxsaacXQpSpqEFaK6PGPA1gv2VFks0vRqYy9qs9TWGbQ7SUCD6ECEm +3Ud3Fl1f5bCFeN9glKKMunqbh+uYdq1dR8kI11eKlp3nsmo7WvtrpeHdQlgLBfCY +Or6FU0czD1kNFgT3LS2ADITgRGph3InuP2xkLMFquVBEhikX4J3oqumCsO/G8ggg +CG3FQaEKoUaO+dErKmK9WSL7FWPAQeMHtvwerraESgZE5KHNEGmG6BeZMAzHHiom +LbYX4GaZfMnEMTGc8qzZ6kgqxMgLI9onk0h98Eo8xOAISkGsuAnj9skupdEhvQvN +9lp7u+VgCiWMiQIcBBMBCAAGBQJKUlPwAAoJEKwwh5qrVbMSo48QAIb58aQB0y2s +zEn05GgENs1ojmffiXYJFHhgLO4PVwXtTAho85TmkN2aX2nyUKO9659+lgzRKNYI +b/GnonUnu3c27ccKt5RLpxdQXD7WgD6MnvahtQoz+dEJvvG1LF9b3HAK9d0KSdLN +oHxsX7FWSGJ0GMsjo6Bc4Z87I0LekUnKKa89xu6aDViZDhgzowlu2bqSNmqduyme +oTZKaC3wt0EJEzdHKzEi5NXLwc7ucxGou8TypZzV6O4J3QRLgJauZFGL040MnQwf +Isv3NBiCv1+k//nEUvQCFFEtCDTAyp62jT7MZ9SpKuZ3IgLxhIB61QCxjvcdOsLM +WEIMtizW867clb6KFaxJjSoU06jgr6x2Rp8r/Gk7zmtHOtOOCDg7S153MLGdoHKL +ZeGewQZlwL9QesdCkWMXJIz1yyWbVm6LBQAOIHj8SsxrX27XoVmG1onBtohLfZU0 +uXipjq7PNjrewnXhbtkLzjFHJOXCuSmDyzP77yh9KdsfJQVJwAe0MqxMGwpZT35F +hq0E6YHTU2KQoBJ7dToooQebKryMtwVbYNYWfOgYr+SGRxilBdMgFEn7F1hNDBxg +cc1ZOeH6lrFFN3s298dzjsPfuaq38udby+yniVPaWDw4cP9ZeVF7MN04C6ERCiEZ +bfCmuqBOg2nk2oyBhLuaqpKWgzmR/ytniEYEEBECAAYFAkpe7I8ACgkQR2BKbzEc +4IXowwCfaFz/ArLz4JlmVFIsOEseWH0sNAYAn0OU+bj11gvVjsROncfcJmWHMR8t +iQIcBBMBCAAGBQJTWmj7AAoJEHZf4mxrRnWE84sP/icjT5xJ2iVQOuWi5UK5y9s7 +sXcF7eUM5J7KWj3035f3CAweVgBSH6LPa8pPb+/Rmur5S8/NbcU0g2HB9on1i9qa +7Linh0rcBpase7w4zZ+4RFgIhHO6pC6sylWwpZXgQRc9FsVwHAHJYKUuxur1jmVL +PyiNuC5aubtZQlgJEYwFczesb3v8ziwBBewRNA4gUmY+hubSfd8w1b/ImPQx1s5K +s01jDL1xzY3NNYm01HzWBL9ZNli1SRgKVBkRzam35LfGTc78OvNrlk6Ov1Eny7Up +S9XkAbgvbm5cGRllL+hXJebXXXM9/RM4Kg3l00dnQtdCa5PPtwNHNIpJJhI9GQk1 +iEm2hPXriVdLFFX5fjYuimxrVr5igmgzNgNVYWMxLCKK04pKuELIlRrCuUkYSdKs +SGwX7mFIJhxfWG4sQRzB7LHLeabS27merpavB9OxCkNXXVq4r/SzXYFnxbVwVOKj +cxrakrPo/lgNpDHFeD0AXDeRhnKnrh78/72Oj/Ov11oXvzNIjmuEohuHO6Y05OHw +FSRYBnk5P6XwJYAwj4c1cP0r8wz2PmyETbfE+IeHANzGW0K2u/USBDQVcpsA1hSr +LmgORXv2p9ap3z9IsRfGIicndzCruE+rNqXUV8iHs7PAJhnBEuxoNdGz+vO/6M2V +UY5jqhWWQ0TLW0YENpgUuQMNBEqM4cMQDADF2HxbuP9CETcpk2Ykawr9C0nvbNlE +ZFx1Q8foYb/8ZoAbmFIKMzyr7QxH8b7fW6TfZFvNEiPWwdDx9jTOfE+Zp4PXCjDS +EJsNOr4Sncryi5qqiqOU/it34j3g63E19eCaWV/sEM5nqUjBRjxtrxwUI9iy/xm9 +FejzZd/AVh69D2RMuqQlPnaYzI9kvBjHgM3C6oW1BAQEsqAhVdWCkrpITvYwU/y/ +IWx2svQ5GDGhYjo8gduchFjUqJZTM5KuqKtlQcf0w+7MW4FHT6MQBqN4qjHJyfQg +sszk8EAQVcWAF2000K2yF7V9Hlo+xdwZmxlGNzuZsActGpqlWGTuhffVasaoYeRI +z8YCd/doDOycKQ7n5ON7aLK6gbk6FBsey8wE6129CvCeiuXnoSC7O4rWYYOxzM2y +4BhFwqJqwJamyOjK0Mf50YRCYpfJ0P2vTpzE/H6ZaZYoujjD6TiYwLSUVFgqLzdz +BOloykc55bj7d3W0l+QJDL6+NTPhpkn9ZJcAAwUMAKqZ5cACXtayweSNVn+/BB8c +sc0xmwYQS5y9Xso2owXgV7qdFtsToYk67Pq1p4WQkimkGpXGFI06x/myg5d8anQi +BigLfsY8joABvhScbkZVxoAxABdRhzB8MYa5X8Q7mk+sTI+PL74a+OHFwpXceZS4 +B9yDKFMaEM5U/FTbxGjPf7wSKDTzm/6XKoCyAV24Gt/5lX6UeMg5JdJaZOJPwRVI +Dd+k3Xj+qGW252F0Yhn+kJbfTcf0F31zhRz07NiFGvVWk7qWlh9MU17LwpAvjP0q +O3RE+xzPaFgM4nVxMVaz/hn72YEk4PCuciI5EuWBXY2U/kRljgxxxUV30rsT849B +23dS/r7oGNhGe1jvCxfrXtPlGaPyfoCFumeCZaDYPrBF+btPIjRa3PmJwKgkgQdD +AH/cSEHNCXu0FzRwKXAJibudNhG35Iva1/KVbL0t5qKX5rIzrPAxbSSVXjYTi7wM +LL9omvCYSJXC7AZtcvrPjoz0RmC6h/fwxMSYuweWz4kBnwQYAQIACQUCSozhwwIb +DAAKCRDfQsFws026d98GC/9v+/d5ChlNaA4HkydeEiuD8qKRhNhucQb3BYztchJP +xuk/t/9QrIPjgIJUkftJVMYBd7KOCWe5hfLgXBpN0WabpqVbSwKniueYAOLkEsvN +CUJRrknSJn6gBmcAfrQF7NQz4JjP9AFbc0mY/ffbc94zgfgxnS8u/fCBouQWVor9 +4BIGgLsq5lYCe+w050tDb0vgFiBbYnCTX4/GzONPfr0OwxRjeJjqAz2szvUCN3zH +3yF3Wvbosgsae0AQRfGz7XcqRrsngYKp/z8n1lHTV0OnxAz4z0QcUue2GkDJS5Je +blCWCVq+d/u1ToADRIW4DSk/kJdUsbUMtPV8m806qN3M+x+7/jwAzYunGPSAq3XI +NBzz3QbHCc4vWJnr5cyH3+6NbLtDt0jgzaa2HBgVeV1as9IKYxOhZ+XrYHE91jkU +gQJd5HBMg72wjQtBVzZ4AbyUOyB7TmrWckXGj1Yqvt7AB0Vv98wivtczCgyPZJBL +L+1lUIGcNdHkbDkdLFGcgBI= +=oXqN +-----END PGP PUBLIC KEY BLOCK----- diff --git a/debian/usr.lib.ipsec.charon b/debian/usr.lib.ipsec.charon new file mode 100644 index 000000000..9e24c744d --- /dev/null +++ b/debian/usr.lib.ipsec.charon @@ -0,0 +1,76 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2016 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# Author: Jonathan Davies <jonathan.davies@canonical.com> +# Ryan Harper <ryan.harper@canonical.com> +# +# ------------------------------------------------------------------ + +#include <tunables/global> + +/usr/lib/ipsec/charon flags=(attach_disconnected) { + #include <abstractions/base> + #include <abstractions/nameservice> + #include <abstractions/authentication> + #include <abstractions/openssl> + #include <abstractions/p11-kit> + + capability ipc_lock, + capability net_admin, + capability net_raw, + + # allow priv dropping (LP: #1333655) + capability chown, + capability setgid, + capability setuid, + + # libcharon-extra-plugins: xauth-pam + capability audit_write, + + # libstrongswan-standard-plugins: agent + capability dac_override, + + capability net_admin, + capability net_raw, + + network, + network raw, + + /bin/dash rmPUx, + + # libchron-extra-plugins: kernel-libipsec + /dev/net/tun rw, + + /etc/ipsec.conf r, + /etc/ipsec.secrets r, + /etc/ipsec.*.secrets r, + /etc/ipsec.d/ r, + /etc/ipsec.d/** r, + /etc/ipsec.d/crls/* rw, + /etc/opensc/opensc.conf r, + /etc/strongswan.conf r, + /etc/strongswan.d/ r, + /etc/strongswan.d/** r, + /etc/tnc_config r, + + /proc/sys/net/core/xfrm_acq_expires w, + + /run/charon.* rw, + /run/pcscd/pcscd.comm rw, + + /usr/lib/ipsec/charon rmix, + /usr/lib/ipsec/imcvs/ r, + /usr/lib/ipsec/imcvs/** rm, + + /usr/lib/*/opensc-pkcs11.so rm, + + /var/lib/strongswan/* r, + + # Site-specific additions and overrides. See local/README for details. + #include <local/usr.lib.ipsec.charon> +} diff --git a/debian/usr.lib.ipsec.lookip b/debian/usr.lib.ipsec.lookip new file mode 100644 index 000000000..de104331c --- /dev/null +++ b/debian/usr.lib.ipsec.lookip @@ -0,0 +1,22 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2014 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# Author: Jonathan Davies <jonathan.davies@canonical.com> +# +# ------------------------------------------------------------------ + +#include <tunables/global> + +/usr/lib/ipsec/lookip { + #include <abstractions/base> + + /run/charon.lkp rw, + + # Site-specific additions and overrides. See local/README for details. + #include <local/usr.lib.ipsec.lookip> +} diff --git a/debian/usr.lib.ipsec.stroke b/debian/usr.lib.ipsec.stroke new file mode 100644 index 000000000..9d20ee7c9 --- /dev/null +++ b/debian/usr.lib.ipsec.stroke @@ -0,0 +1,28 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2014 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# Author: Jonathan Davies <jonathan.davies@canonical.com> +# +# ------------------------------------------------------------------ + +#include <tunables/global> + +/usr/lib/ipsec/stroke flags=(attach_disconnected) { + #include <abstractions/base> + + capability dac_override, + + /etc/strongswan.conf r, + /etc/strongswan.d/ r, + /etc/strongswan.d/** r, + + /run/charon.ctl rw, + + # Site-specific additions and overrides. See local/README for details. + #include <local/usr.lib.ipsec.stroke> +} diff --git a/debian/usr.sbin.charon-systemd b/debian/usr.sbin.charon-systemd new file mode 100644 index 000000000..e1769f29f --- /dev/null +++ b/debian/usr.sbin.charon-systemd @@ -0,0 +1,76 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2016 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# Author: Jonathan Davies <jonathan.davies@canonical.com> +# Ryan Harper <ryan.harper@canonical.com> +# +# ------------------------------------------------------------------ + +#include <tunables/global> + +/usr/sbin/charon-systemd flags=(complain,attach_disconnected) { + #include <abstractions/base> + #include <abstractions/nameservice> + #include <abstractions/authentication> + #include <abstractions/openssl> + #include <abstractions/p11-kit> + + capability ipc_lock, + capability net_admin, + capability net_raw, + + # allow priv dropping (LP: #1333655) + capability chown, + capability setgid, + capability setuid, + + # libcharon-extra-plugins: xauth-pam + capability audit_write, + + # libstrongswan-standard-plugins: agent + capability dac_override, + + capability net_admin, + capability net_raw, + + network, + network raw, + + /bin/dash rmPUx, + + # libchron-extra-plugins: kernel-libipsec + /dev/net/tun rw, + + /etc/ipsec.conf r, + /etc/ipsec.secrets r, + /etc/ipsec.*.secrets r, + /etc/ipsec.d/ r, + /etc/ipsec.d/** r, + /etc/ipsec.d/crls/* rw, + /etc/opensc/opensc.conf r, + /etc/strongswan.conf r, + /etc/strongswan.d/ r, + /etc/strongswan.d/** r, + /etc/tnc_config r, + + /proc/sys/net/core/xfrm_acq_expires w, + + /run/charon.* rw, + /run/pcscd/pcscd.comm rw, + + /usr/lib/ipsec/charon rmix, + /usr/lib/ipsec/imcvs/ r, + /usr/lib/ipsec/imcvs/** rm, + + /usr/lib/*/opensc-pkcs11.so rm, + + /var/lib/strongswan/* r, + + # Site-specific additions and overrides. See local/README for details. + #include <local/usr.sbin.charon-systemd> +} diff --git a/debian/usr.sbin.swanctl b/debian/usr.sbin.swanctl new file mode 100644 index 000000000..627f5c0b3 --- /dev/null +++ b/debian/usr.sbin.swanctl @@ -0,0 +1,32 @@ +#include <tunables/global> + +/usr/sbin/swanctl { + #include <abstractions/base> + + # Allow /etc/swanctl/x509ca/ files to symlink to system-wide ca-certificates + #include <abstractions/ssl_certs> + + # CAP_DAC_OVERRIDE is needed for optional charon.user/charon.group + # configuration + capability dac_override, + + # Allow reading strongswan.conf configuration files + /etc/strongswan.conf r, + /etc/strongswan.d/ r, + /etc/strongswan.d/** r, + + # All reading configuration, certificate, and key files beneath /etc/swanctl/ + /etc/swanctl/** r, + + # Allow communication with VICI plugin UNIX domain socket + /run/charon.vici rw, + + # As of 5.5.2, swanctl unnecessarily loads plugins by default, even though no + # plugins are actually used by swanctl. The following can be removed if + # plugin loading is disabled. + #include <abstractions/nameservice> + #include <abstractions/openssl> + + # Site-specific additions and overrides. See local/README for details. + #include <local/usr.sbin.swanctl> +} diff --git a/debian/watch b/debian/watch new file mode 100644 index 000000000..65947ff35 --- /dev/null +++ b/debian/watch @@ -0,0 +1,3 @@ +version=3 +opts=pgpsigurlmangle=s/$/.sig/ \ +http://download.strongswan.org/strongswan-([\d.]+)\.tar\.bz2 |