# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: rmayr@debian.org\n" "POT-Creation-Date: 2007-07-05 01:24+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" #. Type: select #. Choices #: ../strongswan.templates:1001 msgid "earliest, \"after NFS\", \"after PCMCIA\"" msgstr "" #. Type: select #. Description #: ../strongswan.templates:1002 msgid "When to start strongSwan:" msgstr "" #. Type: select #. Description #: ../strongswan.templates:1002 msgid "" "There are three possibilities when strongSwan can start: before or after the " "NFS services and after the PCMCIA services. The correct answer depends on " "your specific setup." msgstr "" #. Type: select #. Description #: ../strongswan.templates:1002 msgid "" "If you do not have your /usr tree mounted via NFS (either you only mount " "other, less vital trees via NFS or don't use NFS mounted trees at all) and " "don't use a PCMCIA network card, then it's best to start strongSwan at the " "earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " "In this case (or if you don't understand or care about this issue), answer " "\"earliest\" to this question (the default)." msgstr "" #. Type: select #. Description #: ../strongswan.templates:1002 msgid "" "If you have your /usr tree mounted via NFS and don't use a PCMCIA network " "card, then you will need to start strongSwan after NFS so that all necessary " "files are available. In this case, answer \"after NFS\" to this question. " "Please note that the NFS mount of /usr can not be secured by IPSec in this " "case." msgstr "" #. Type: select #. Description #: ../strongswan.templates:1002 msgid "" "If you use a PCMCIA network card for your IPSec connections, then you only " "have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" "\" in this case. This is also the correct answer if you want to fetch keys " "from a locally running DNS server with DNSSec support." msgstr "" #. Type: boolean #. Description #: ../strongswan.templates:2001 msgid "Do you wish to restart strongSwan?" msgstr "" #. Type: boolean #. Description #: ../strongswan.templates:2001 msgid "" "Restarting strongSwan is a good idea, since if there is a security fix, it " "will not be fixed until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However this might take down " "existing connections and then bring them back up." msgstr "" #. Type: boolean #. Description #: ../strongswan.templates:3001 msgid "Do you wish to support IKEv1?" msgstr "" #. Type: boolean #. Description #: ../strongswan.templates:3001 msgid "" "strongSwan supports both versions of the Internet Key Exchange protocol, " "IKEv1 and IKEv2. Do you want to start the \"pluto\" daemon for IKEv1 support " "when strongSwan is started?" msgstr "" #. Type: boolean #. Description #: ../strongswan.templates:4001 msgid "Do you wish to support IKEv2?" msgstr "" #. Type: boolean #. Description #: ../strongswan.templates:4001 msgid "" "strongSwan supports both versions of the Internet Key Exchange protocol, " "IKEv1 and IKEv2. Do you want to start the \"charon\" daemon for IKEv2 " "support when strongSwan is started?" msgstr "" #. Type: boolean #. Description #: ../strongswan.templates:5001 msgid "Do you want to create a RSA public/private keypair for this host?" msgstr "" #. Type: boolean #. Description #: ../strongswan.templates:5001 msgid "" "This installer can automatically create a RSA public/private keypair for " "this host. This keypair can be used to authenticate IPSec connections to " "other hosts and is the preferred way for building up secure IPSec " "connections. The other possibility would be to use shared secrets (passwords " "that are the same on both sides of the tunnel) for authenticating an " "connection, but for a larger number of connections RSA authentication is " "easier to administer and more secure." msgstr "" #. Type: boolean #. Description #: ../strongswan.templates:5001 msgid "" "If you do not want to create a new public/private keypair, you can choose to " "use an existing one." msgstr "" #. Type: select #. Choices #: ../strongswan.templates:6001 msgid "x509, plain" msgstr "" #. Type: select #. Description #: ../strongswan.templates:6002 msgid "The type of RSA keypair to create:" msgstr "" #. Type: select #. Description #: ../strongswan.templates:6002 msgid "" "It is possible to create a plain RSA public/private keypair for use with " "strongSwan or to create a X509 certificate file which contains the RSA " "public key and additionally stores the corresponding private key." msgstr "" #. Type: select #. Description #: ../strongswan.templates:6002 msgid "" "If you only want to build up IPSec connections to hosts also running " "strongSwan, it might be a bit easier using plain RSA keypairs. But if you " "want to connect to other IPSec implementations, you will need a X509 " "certificate. It is also possible to create a X509 certificate here and " "extract the RSA public key in plain format if the other side runs strongSwan " "without X509 certificate support." msgstr "" #. Type: select #. Description #: ../strongswan.templates:6002 msgid "" "Therefore a X509 certificate is recommended since it is more flexible and " "this installer should be able to hide the complex creation of the X509 " "certificate and its use in strongSwan anyway." msgstr "" #. Type: boolean #. Description #: ../strongswan.templates:7001 msgid "Do you have an existing X509 certificate file for strongSwan?" msgstr "" #. Type: boolean #. Description #: ../strongswan.templates:7001 msgid "" "This installer can automatically extract the needed information from an " "existing X509 certificate with a matching RSA private key. Both parts can be " "in one file, if it is in PEM format. If you have such an existing " "certificate and key file and want to use it for authenticating IPSec " "connections, then please answer yes." msgstr "" #. Type: string #. Description #: ../strongswan.templates:8001 msgid "File name of your X509 certificate in PEM format:" msgstr "" #. Type: string #. Description #: ../strongswan.templates:8001 msgid "" "Please enter the full location of the file containing your X509 certificate " "in PEM format." msgstr "" #. Type: string #. Description #: ../strongswan.templates:9001 msgid "File name of your X509 private key in PEM format:" msgstr "" #. Type: string #. Description #: ../strongswan.templates:9001 msgid "" "Please enter the full location of the file containing the private RSA key " "matching your X509 certificate in PEM format. This can be the same file that " "contains the X509 certificate." msgstr "" #. Type: string #. Description #: ../strongswan.templates:10001 msgid "The length of the created RSA key (in bits):" msgstr "" #. Type: string #. Description #: ../strongswan.templates:10001 msgid "" "Please enter the length of the created RSA key. It should not be less than " "1024 bits because this should be considered unsecure and you will probably " "not need anything more than 2048 bits because it only slows the " "authentication process down and is not needed at the moment." msgstr "" #. Type: boolean #. Description #: ../strongswan.templates:11001 msgid "Do you want to create a self-signed X509 certificate?" msgstr "" #. Type: boolean #. Description #: ../strongswan.templates:11001 msgid "" "This installer can only create self-signed X509 certificates automatically, " "because otherwise a certificate authority is needed to sign the certificate " "request. If you want to create a self-signed certificate, you can use it " "immediately to connect to other IPSec hosts that support X509 certificate " "for authentication of IPSec connections. However, if you want to use the new " "PKI features of strongSwan >= 1.91, you will need to have all X509 " "certificates signed by a single certificate authority to create a trust path." msgstr "" #. Type: boolean #. Description #: ../strongswan.templates:11001 msgid "" "If you do not want to create a self-signed certificate, then this installer " "will only create the RSA private key and the certificate request and you " "will have to get the certificate request signed by your certificate " "authority." msgstr "" #. Type: string #. Description #: ../strongswan.templates:12001 msgid "Country code for the X509 certificate request:" msgstr "" #. Type: string #. Description #: ../strongswan.templates:12001 msgid "" "Please enter the 2 letter country code for your country. This code will be " "placed in the certificate request." msgstr "" #. Type: string #. Description #: ../strongswan.templates:12001 msgid "" "You really need to enter a valid country code here, because openssl will " "refuse to generate certificates without one. An empty field is allowed for " "any other field of the X.509 certificate, but not for this one." msgstr "" #. Type: string #. Description #: ../strongswan.templates:12001 msgid "Example: AT" msgstr "" #. Type: string #. Description #: ../strongswan.templates:13001 msgid "State or province name for the X509 certificate request:" msgstr "" #. Type: string #. Description #: ../strongswan.templates:13001 msgid "" "Please enter the full name of the state or province you live in. This name " "will be placed in the certificate request." msgstr "" #. Type: string #. Description #: ../strongswan.templates:13001 msgid "Example: Upper Austria" msgstr "" #. Type: string #. Description #: ../strongswan.templates:14001 msgid "Locality name for the X509 certificate request:" msgstr "" #. Type: string #. Description #: ../strongswan.templates:14001 msgid "" "Please enter the locality (e.g. city) where you live. This name will be " "placed in the certificate request." msgstr "" #. Type: string #. Description #: ../strongswan.templates:14001 msgid "Example: Vienna" msgstr "" #. Type: string #. Description #: ../strongswan.templates:15001 msgid "Organization name for the X509 certificate request:" msgstr "" #. Type: string #. Description #: ../strongswan.templates:15001 msgid "" "Please enter the organization (e.g. company) that the X509 certificate " "should be created for. This name will be placed in the certificate request." msgstr "" #. Type: string #. Description #: ../strongswan.templates:15001 msgid "Example: Debian" msgstr "" #. Type: string #. Description #: ../strongswan.templates:16001 msgid "Organizational unit for the X509 certificate request:" msgstr "" #. Type: string #. Description #: ../strongswan.templates:16001 msgid "" "Please enter the organizational unit (e.g. section) that the X509 " "certificate should be created for. This name will be placed in the " "certificate request." msgstr "" #. Type: string #. Description #: ../strongswan.templates:16001 msgid "Example: security group" msgstr "" #. Type: string #. Description #: ../strongswan.templates:17001 msgid "Common name for the X509 certificate request:" msgstr "" #. Type: string #. Description #: ../strongswan.templates:17001 msgid "" "Please enter the common name (e.g. the host name of this machine) for which " "the X509 certificate should be created for. This name will be placed in the " "certificate request." msgstr "" #. Type: string #. Description #: ../strongswan.templates:17001 msgid "Example: gateway.debian.org" msgstr "" #. Type: string #. Description #: ../strongswan.templates:18001 msgid "Email address for the X509 certificate request:" msgstr "" #. Type: string #. Description #: ../strongswan.templates:18001 msgid "" "Please enter the email address of the person or organization who is " "responsible for the X509 certificate, This address will be placed in the " "certificate request." msgstr "" #. Type: boolean #. Description #: ../strongswan.templates:19001 msgid "Do you wish to enable opportunistic encryption in strongSwan?" msgstr "" #. Type: boolean #. Description #: ../strongswan.templates:19001 msgid "" "strongSwan comes with support for opportunistic encryption (OE), which " "stores IPSec authentication information (i.e. RSA public keys) in " "(preferably secure) DNS records. Until this is widely deployed, activating " "it will cause a significant slow-down for every new, outgoing connection. " "Since version 2.0, strongSwan upstream comes with OE enabled by default and " "is thus likely to break your existing connection to the Internet (i.e. your " "default route) as soon as pluto (the strongSwan keying daemon) is started." msgstr "" #. Type: boolean #. Description #: ../strongswan.templates:19001 msgid "" "Please choose whether you want to enable support for OE. If unsure, do not " "enable it." msgstr ""