--- openswan-2.6.22+dfsg.orig/programs/setup/setup.in
+++ openswan-2.6.22+dfsg/programs/setup/setup.in
@@ -136,7 +136,7 @@
start_stop() {
# remove for: @cygwin_START@
# portable way for checking for root
- if [ ! -w / ]
+ if test " `id -u`" != " 0"
then
echo "permission denied (must be superuser)" |
logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
--- openswan-2.6.22+dfsg.orig/programs/pluto/ipsec_pluto.8
+++ openswan-2.6.22+dfsg/programs/pluto/ipsec_pluto.8
@@ -1,25 +1,33 @@
+'\" t
.\" Title: IPSEC_PLUTO
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.2
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.75.1
.\" Date: 26 October 2006
-.\" Manual: 25 February 2008
-.\" Source: 25 February 2008
+.\" Manual: [FIXME: manual]
+.\" Source: [FIXME: source]
+.\" Language: English
.\"
-.TH "IPSEC_PLUTO" "8" "26 October 2006" "25 February 2008" "25 February 2008"
+.TH "IPSEC_PLUTO" "8" "26 October 2006" "[FIXME: source]" "[FIXME: manual]"
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
-ipsec pluto - ipsec whack : IPsec IKE keying daemon and control interface
+ipsec_pluto \- ipsec whack : IPsec IKE keying daemon and control interface
.SH "SYNOPSIS"
-.HP 6
+.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIpluto\fR [\-\-help] [\-\-version] [\-\-optionsfrom\ \fIfilename\fR] [\-\-nofork] [\-\-stderrlog] [\-\-use\-auto] [\-\-use\-klips] [\-\-use\-netkey] [\-\-use\-nostack] [\-\-uniqueids] [\-\-nat_traversal] [\-\-virtual_private\ \fInetwork_list\fR] [\-\-keep_alive\ \fIdelay_sec\fR] [\-\-force_keepalive] [\-\-force_busy] [\-\-disable_port_floating] [\-\-nocrsend] [\-\-strictcrlpolicy] [\-\-crlcheckinterval] [\-\-ocspuri] [\-\-interface\ \fIinterfacename\fR] [\-\-ikeport\ \fIportnumber\fR] [\-\-ctlbase\ \fIpath\fR] [\-\-secretsfile\ \fIsecrets\-file\fR] [\-\-adns\ \fIpathname\fR] [\-\-nhelpers\ \fInumber\fR] [\-\-lwdnsq\ \fIpathname\fR] [\-\-perpeerlog] [\-\-perpeerlogbase\ \fIdirname\fR] [\-\-ipsecdir\ \fIdirname\fR] [\-\-coredir\ \fIdirname\fR] [\-\-noretransmits]
-.HP 6
+.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIwhack\fR [\-\-help] [\-\-version]
-.HP 6
+.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIwhack\fR [\-\-debug\-none] [\-\-debug\-all] [\-\-debug\-raw] [\-\-debug\-crypt] [\-\-debug\-parsing] [\-\-debug\-emitting] [\-\-debug\-control] [\-\-debug\-lifecycle] [\-\-debug\-klips] [\-\-debug\-pfkey] [\-\-debug\-nat\-t] [\-\-debug\-dpd] [\-\-debug\-dns] [\-\-debug\-oppo] [\-\-debug\-oppoinfo] [\-\-debug\-whackwatch] [\-\-debug\-private]
-.HP 6
+.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIwhack\fR \-\-name\ \fIconnection\-name\fR [[\-\-ipv4] | [\-\-ipv6]] [[\-\-tunnelipv4] | [\-\-tunnelipv6]]
.br
@@ -37,467 +45,467 @@
.br
[\-\-tunnel] [\-\-psk] [\-\-rsasig] [\-\-encrypt] [\-\-authenticate] [\-\-compress] [\-\-pfs] [\-\-pfsgroup\ [modp1024]\ |\ [modp1536]\ |\ [modp2048]\ |\ [modp3072]\ |\ [modp4096]\ |\ [modp6144]\ |\ [modp8192]] [\-\-disablearrivalcheck] [\-\-ikelifetime\ \fIseconds\fR] [\-\-ipseclifetime\ \fIseconds\fR] [\-\-rekeymargin\ \fIseconds\fR] [\-\-rekeyfuzz\ \fIpercentage\fR] [\-\-keyingtries\ \fIcount\fR] [\-\-esp\ \fIesp\-algos\fR] [\-\-dontrekey] [\-\-aggrmode] [\-\-modecfgpull] [[\-\-dpddelay\ \fIseconds\fR] | [\-\-dpdtimeout\ \fIseconds\fR]] [\-\-dpdaction\ [clear]\ |\ [hold]\ |\ [restart]] [\-\-forceencaps] [[\-\-initiateontraffic]\ |\ [\-\-pass]\ |\ [\-\-drop]\ |\ [\-\-reject]] [[\-\-failnone]\ |\ [\-\-failpass]\ |\ [\-\-faildrop]\ |\ [\-\-failreject]] [\-\-ctlbase\ \fIpath\fR] [\-\-optionsfrom\ \fIfilename\fR] [\-\-label\ \fIstring\fR]
-.HP 6
+.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIwhack\fR \-\-keyid\ \fIid\fR [\-\-addkey] [\-\-pubkeyrsa\ \fIkey\fR] [\-\-ctlbase\ \fIpath\fR] [\-\-optionsfrom\ \fIfilename\fR] [\-\-label\ \fIstring\fR]
-.HP 6
+.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIwhack\fR \-\-myid\ \fIid\fR
-.HP 6
+.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIwhack\fR \-\-listen | \-\-unlisten [\-\-ctlbase\ \fIpath\fR] [\-\-optionsfrom\ \fIfilename\fR] [\-\-label\ \fIstring\fR]
-.HP 6
+.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIwhack\fR \-\-route | \-\-unroute \-\-name\ \fIconnection\-name\fR [\-\-ctlbase\ \fIpath\fR] [\-\-optionsfrom\ \fIfilename\fR] [\-\-label\ \fIstring\fR]
-.HP 6
+.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIwhack\fR \-\-initiate | \-\-terminate \-\-name\ \fIconnection\-name\fR [\-\-xauthuser\ \fIuser\fR] [\-\-xauthpass\ \fIpass\fR] [\-\-asynchronous] [\-\-ctlbase\ \fIpath\fR] [\-\-optionsfrom\ \fIfilename\fR] [\-\-label\ \fIstring\fR]
-.HP 6
+.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIwhack\fR [[\-\-tunnelipv4] | [\-\-tunnelipv6]] \-\-oppohere\ \fIip\-address\fR \-\-oppothere\ \fIip\-address\fR
-.HP 6
+.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIwhack\fR \-\-crash [ipaddress]
-.HP 6
+.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIwhack\fR \-\-whackrecord [filename]
-.HP 6
+.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIwhack\fR \-\-whackstoprecord
-.HP 6
+.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIwhack\fR \-\-name\ \fIconnection\-name\fR \-\-delete [\-\-ctlbase\ \fIpath\fR] [\-\-optionsfrom\ \fIfilename\fR] [\-\-label\ \fIstring\fR]
-.HP 6
+.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIwhack\fR \-\-deletestate\ \fIstate\-number\fR [\-\-ctlbase\ \fIpath\fR] [\-\-optionsfrom\ \fIfilename\fR] [\-\-label\ \fIstring\fR]
-.HP 6
+.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIwhack\fR [\-\-name\ \fIconnection\-name\fR] [\-\-debug\-none] [\-\-debug\-all] [\-\-debug\-raw] [\-\-debug\-crypt] [\-\-debug\-parsing] [\-\-debug\-emitting] [\-\-debug\-control] [\-\-debug\-controlmore] [\-\-debug\-lifecycle] [\-\-debug\-klips] [\-\-debug\-pfkey] [\-\-debug\-dns] [\-\-debug\-dpd] [\-\-debug\-natt] [\-\-debug\-oppo] [\-\-debug\-oppoinfo] [\-\-debug\-whackwatch] [\-\-debug\-private] [\-\-impair\-delay\-adns\-key\-answer] [\-\-impair\-delay\-adns\-txt\-answer] [\-\-impair\-bust\-mi2] [\-\-impair\-bust\-mr2] [\-\-impair\-sa\-fail] [\-\-impair\-die\-oninfo] [\-\-impair\-jacob\-two\-two]
-.HP 6
+.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIwhack\fR [\-\-utc] [\-\-listall] [\-\-listpubkeys] [\-\-listcerts] [\-\-listcacerts] [\-\-listacerts] [\-\-listaacerts] [\-\-listocspcerts] [\-\-listgroups] [\-\-listcrls] [\-\-listocsp] [\-\-listcards]
-.HP 6
+.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIwhack\fR [\-\-utc] [\-\-rereadsecrets] [\-\-rereadall] [\-\-rereadcacerts] [\-\-rereadacerts] [\-\-rereadaacerts] [\-\-rereadocspcerts] [\-\-rereadcrls]
-.HP 6
+.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIwhack\fR \-\-purgeocsp
-.HP 6
+.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIwhack\fR \-\-listevents
-.HP 6
+.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIwhack\fR \-\-status [\-\-ctlbase\ \fIpath\fR] [\-\-optionsfrom\ \fIfilename\fR] [\-\-label\ \fIstring\fR]
-.HP 6
+.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fIwhack\fR \-\-shutdown [\-\-ctlbase\ \fIpath\fR] [\-\-optionsfrom\ \fIfilename\fR] [\-\-label\ \fIstring\fR]
.SH "DESCRIPTION"
.PP
\fBpluto\fR
-is an IKE (\(lqIPsec Key Exchange\(rq) daemon\.
+is an IKE (\(lqIPsec Key Exchange\(rq) daemon\&.
\fBwhack\fR
is an auxiliary program to allow requests to be made to a running
-\fBpluto\fR\.
+\fBpluto\fR\&.
.PP
\fBpluto\fR
-is used to automatically build shared \(lqsecurity associations\(rq on a system that has IPsec, the secure IP protocol\. In other words,
+is used to automatically build shared \(lqsecurity associations\(rq on a system that has IPsec, the secure IP protocol\&. In other words,
\fBpluto\fR
-can eliminate much of the work of manual keying\. The actual secure transmission of packets is the responsibility of other parts of the system \- the kernel\. Pluto can talk to various kernel implementations, such as
+can eliminate much of the work of manual keying\&. The actual secure transmission of packets is the responsibility of other parts of the system \- the kernel\&. Pluto can talk to various kernel implementations, such as
\fBKLIPS\fR, such as
\fBNETKEY\fR, and such as
\fBKAME\fR
-IPsec stacks\.
+IPsec stacks\&.
\fBipsec_auto\fR(8)
provides a more convenient interface to
\fBpluto\fR
and
-\fBwhack\fR\.
+\fBwhack\fR\&.
.SS "IKE\'s Job"
.PP
A
\fISecurity Association\fR
-(\fISA\fR) is an agreement between two network nodes on how to process certain traffic between them\. This processing involves encapsulation, authentication, encryption, or compression\.
+(\fISA\fR) is an agreement between two network nodes on how to process certain traffic between them\&. This processing involves encapsulation, authentication, encryption, or compression\&.
.PP
-IKE can be deployed on a network node to negotiate Security Associations for that node\. These IKE implementations can only negotiate with other IKE implementations, so IKE must be on each node that is to be an endpoint of an IKE\-negotiated Security Association\. No other nodes need to be running IKE\.
+IKE can be deployed on a network node to negotiate Security Associations for that node\&. These IKE implementations can only negotiate with other IKE implementations, so IKE must be on each node that is to be an endpoint of an IKE\-negotiated Security Association\&. No other nodes need to be running IKE\&.
.PP
-An IKE instance (i\.e\. an IKE implementation on a particular network node) communicates with another IKE instance using UDP IP packets, so there must be a route between the nodes in each direction\.
+An IKE instance (i\&.e\&. an IKE implementation on a particular network node) communicates with another IKE instance using UDP IP packets, so there must be a route between the nodes in each direction\&.
.PP
-The negotiation of Security Associations requires a number of choices that involve tradeoffs between security, convenience, trust, and efficiency\. These are policy issues and are normally specified to the IKE instance by the system administrator\.
+The negotiation of Security Associations requires a number of choices that involve tradeoffs between security, convenience, trust, and efficiency\&. These are policy issues and are normally specified to the IKE instance by the system administrator\&.
.PP
-IKE deals with two kinds of Security Associations\. The first part of a negotiation between IKE instances is to build an ISAKMP SA\. An ISAKMP SA is used to protect communication between the two IKEs\. IPsec SAs can then be built by the IKEs \- these are used to carry protected IP traffic between the systems\.
+IKE deals with two kinds of Security Associations\&. The first part of a negotiation between IKE instances is to build an ISAKMP SA\&. An ISAKMP SA is used to protect communication between the two IKEs\&. IPsec SAs can then be built by the IKEs \- these are used to carry protected IP traffic between the systems\&.
.PP
-The negotiation of the ISAKMP SA is known as Phase 1\. In theory, Phase 1 can be accomplished by a couple of different exchange types\. Currently, Main Mode and Aggressive Mode are implemented\.
+The negotiation of the ISAKMP SA is known as Phase 1\&. In theory, Phase 1 can be accomplished by a couple of different exchange types\&. Currently, Main Mode and Aggressive Mode are implemented\&.
.PP
-Any negotiation under the protection of an ISAKMP SA, including the negotiation of IPsec SAs, is part of Phase 2\. The exchange type that we use to negotiate an IPsec SA is called Quick Mode\.
+Any negotiation under the protection of an ISAKMP SA, including the negotiation of IPsec SAs, is part of Phase 2\&. The exchange type that we use to negotiate an IPsec SA is called Quick Mode\&.
.PP
-IKE instances must be able to authenticate each other as part of their negotiation of an ISAKMP SA\. This can be done by several mechanisms described in the draft standards\.
+IKE instances must be able to authenticate each other as part of their negotiation of an ISAKMP SA\&. This can be done by several mechanisms described in the draft standards\&.
.PP
-IKE negotiation can be initiated by any instance with any other\. If both can find an agreeable set of characteristics for a Security Association, and both recognize each others authenticity, they can set up a Security Association\. The standards do not specify what causes an IKE instance to initiate a negotiation\.
+IKE negotiation can be initiated by any instance with any other\&. If both can find an agreeable set of characteristics for a Security Association, and both recognize each others authenticity, they can set up a Security Association\&. The standards do not specify what causes an IKE instance to initiate a negotiation\&.
.PP
-In summary, an IKE instance is prepared to automate the management of Security Associations in an IPsec environment, but a number of issues are considered policy and are left in the system administrator\'s hands\.
+In summary, an IKE instance is prepared to automate the management of Security Associations in an IPsec environment, but a number of issues are considered policy and are left in the system administrator\'s hands\&.
.SS "Pluto"
.PP
\fBpluto\fR
-is an implementation of IKE\. It runs as a daemon on a network node\. Currently, this network node must be a LINUX system running the
+is an implementation of IKE\&. It runs as a daemon on a network node\&. Currently, this network node must be a LINUX system running the
\fBKLIPS\fR
or
\fBNETKEY\fR
implementation of IPsec, or a FreeBSD/NetBSD/Mac OSX system running the
\fBKAME\fR
-implementation of IPsec\.
+implementation of IPsec\&.
.PP
\fBpluto\fR
-implements a large subset of IKE\. This is enough for it to interoperate with other instances of
-\fBpluto\fR, and many other IKE implementations\. It currently supports XAUTH, ModeConfig, X\.509, Dead Peer Detection, Opportunistic Encryption and all the NAT Traversal standards\.
+implements a large subset of IKE\&. This is enough for it to interoperate with other instances of
+\fBpluto\fR, and many other IKE implementations\&. It currently supports XAUTH, ModeConfig, X\&.509, Dead Peer Detection, Opportunistic Encryption and all the NAT Traversal standards\&.
.PP
The policy for acceptable characteristics for Security Associations is mostly hardwired into the code of
\fBpluto\fR
-(spdb\.c)\. Eventually this will be moved into a security policy database with reasonable expressive power and more convenience\.
+(spdb\&.c)\&. Eventually this will be moved into a security policy database with reasonable expressive power and more convenience\&.
.PP
\fBpluto\fR
-uses shared secrets or RSA signatures to authenticate peers with whom it is negotiating\. These RSA signatures can come from DNS(SEC), a configuration file, or from X\.509 and CA certificates\.
+uses shared secrets or RSA signatures to authenticate peers with whom it is negotiating\&. These RSA signatures can come from DNS(SEC), a configuration file, or from X\&.509 and CA certificates\&.
.PP
\fBpluto\fR
initiates negotiation of a Security Association when it is manually prodded: the program
\fBwhack\fR
-is run to trigger this\. It will also initiate a negotiation when
+is run to trigger this\&. It will also initiate a negotiation when
\fBKLIPS\fR
-traps an outbound packet for Opportunistic Encryption\.
+traps an outbound packet for Opportunistic Encryption\&.
.PP
\fBpluto\fR
-implements ISAKMP SAs itself\. After it has negotiated the characteristics of an IPsec SA, it directs the
+implements ISAKMP SAs itself\&. After it has negotiated the characteristics of an IPsec SA, it directs the
\fBkernel\fR
-to implement it\. If necessary, it also invokes a script to adjust any firewall and issue
+to implement it\&. If necessary, it also invokes a script to adjust any firewall and issue
\fBroute\fR(8)
-commands to direct IP packets\.
+commands to direct IP packets\&.
.PP
When
\fBpluto\fR
-shuts down, it closes all Security Associations\.
+shuts down, it closes all Security Associations\&.
.SS "Before Running Pluto"
.PP
\fBpluto\fR
-runs as a daemon with userid root\. Before running it, a few things must be set up\.
+runs as a daemon with userid root\&. Before running it, a few things must be set up\&.
.PP
\fBpluto\fR
-requires a working IPsec stack\.
+requires a working IPsec stack\&.
.PP
\fBpluto\fR
-supports multiple public networks (that is, networks that are considered insecure and thus need to have their traffic encrypted or authenticated)\. It discovers the public interfaces to use by looking at all interfaces that are configured (the
+supports multiple public networks (that is, networks that are considered insecure and thus need to have their traffic encrypted or authenticated)\&. It discovers the public interfaces to use by looking at all interfaces that are configured (the
\fB\-\-interface\fR
-option can be used to limit the interfaces considered)\. It does this only when
+option can be used to limit the interfaces considered)\&. It does this only when
\fBwhack\fR
-tells it to \-\-listen, so the interfaces must be configured by then\. Each interface with a name of the form
+tells it to \-\-listen, so the interfaces must be configured by then\&. Each interface with a name of the form
\fBipsec\fR[0\-9] is taken as a
\fBKLIPS\fR
-virtual public interface\. Another network interface with the same IP address (the first one found will be used) is taken as the corresponding real public interface\.
+virtual public interface\&. Another network interface with the same IP address (the first one found will be used) is taken as the corresponding real public interface\&.
\fBifconfig\fR(8)
or
\fBip\fR(8)
with the
\fB\-a\fR
-flag will show the name and status of each network interface\.
+flag will show the name and status of each network interface\&.
.PP
\fBpluto\fR
-requires a database of preshared secrets and RSA private keys\. This is described in the
-\fBipsec.secrets\fR(5)\.
+requires a database of preshared secrets and RSA private keys\&. This is described in the
+\fBipsec.secrets\fR(5)\&.
\fBpluto\fR
is told of RSA public keys via
\fBwhack\fR
-commands\. If the connection is Opportunistic, and no RSA public key is known,
+commands\&. If the connection is Opportunistic, and no RSA public key is known,
\fBpluto\fR
-will attempt to fetch RSA keys using the Domain Name System\.
+will attempt to fetch RSA keys using the Domain Name System\&.
.SS "Setting up KLIPS for pluto"
.PP
The most basic network topology that
\fBpluto\fR
-supports has two security gateways negotiating on behalf of client subnets\. The diagram of RGB\'s testbed is a good example (see
-\fIklips/doc/rgb_setup\.txt\fR)\.
+supports has two security gateways negotiating on behalf of client subnets\&. The diagram of RGB\'s testbed is a good example (see
+\fIklips/doc/rgb_setup\&.txt\fR)\&.
.PP
The file
-\fIINSTALL\fR
+INSTALL
in the base directory of this distribution explains how to start setting up the whole system, including
-\fBKLIPS\fR\.
+\fBKLIPS\fR\&.
.PP
-Make sure that the security gateways have routes to each other\. This is usually covered by the default route, but may require issuing
+Make sure that the security gateways have routes to each other\&. This is usually covered by the default route, but may require issuing
\fBroute\fR(8)
-commands\. The route must go through a particular IP interface (we will assume it is
-\fIeth0\fR, but it need not be)\. The interface that connects the security gateway to its client must be a different one\.
+commands\&. The route must go through a particular IP interface (we will assume it is
+\fIeth0\fR, but it need not be)\&. The interface that connects the security gateway to its client must be a different one\&.
.PP
It is necessary to issue a
\fBipsec_tncfg\fR(8)
-command on each gateway\. The required command is:
+command on each gateway\&. The required command is:
.PP
-\ \ \ ipsec tncfg \-\-attach\ \-\-virtual\ ipsec0 \-\-physical\ eth0
+\ \&\ \&\ \&ipsec tncfg \-\-attach\ \&\-\-virtual\ \&ipsec0 \-\-physical\ \ð0
.PP
-A command to set up the ipsec0 virtual interface will also need to be run\. It will have the same parameters as the command used to set up the physical interface to which it has just been connected using
-\fBipsec_tncfg\fR(8)\.
+A command to set up the ipsec0 virtual interface will also need to be run\&. It will have the same parameters as the command used to set up the physical interface to which it has just been connected using
+\fBipsec_tncfg\fR(8)\&.
.SS "Setting up NETKEY for pluto"
.PP
-No special requirements are necessary to use NETKEY \- it ships with all modern versions of Linux 2\.4 and 2\.6\. however, note that certain vendors or older distributions use old versions or backports of NETKEY which are broken\. If possible use a NETKEY version that is at least based on, or backported from Linux 2\.6\.11 or newer\.
-.SS "ipsec\.secrets file"
+No special requirements are necessary to use NETKEY \- it ships with all modern versions of Linux 2\&.4 and 2\&.6\&. however, note that certain vendors or older distributions use old versions or backports of NETKEY which are broken\&. If possible use a NETKEY version that is at least based on, or backported from Linux 2\&.6\&.11 or newer\&.
+.SS "ipsec\&.secrets file"
.PP
A
\fBpluto\fR
daemon and another IKE daemon (for example, another instance of
-\fBpluto\fR) must convince each other that they are who they are supposed to be before any negotiation can succeed\. This authentication is accomplished by using either secrets that have been shared beforehand (manually) or by using RSA signatures\. There are other techniques, but they have not been implemented in
-\fBpluto\fR\.
+\fBpluto\fR) must convince each other that they are who they are supposed to be before any negotiation can succeed\&. This authentication is accomplished by using either secrets that have been shared beforehand (manually) or by using RSA signatures\&. There are other techniques, but they have not been implemented in
+\fBpluto\fR\&.
.PP
The file
-\fI/etc/ipsec\.secrets\fR
-is used to keep preshared secret keys, RSA private keys, X\.509 encoded keyfiles and smartcard PIN\'s for authentication with other IKE daemons\. For debugging, there is an argument to the
+/etc/ipsec\&.secrets
+is used to keep preshared secret keys, RSA private keys, X\&.509 encoded keyfiles and smartcard PIN\'s for authentication with other IKE daemons\&. For debugging, there is an argument to the
\fBpluto\fR
-command to use a different file\. This file is described in
-\fBipsec.secrets\fR(5)\.
+command to use a different file\&. This file is described in
+\fBipsec.secrets\fR(5)\&.
.SS "Running Pluto"
.PP
To fire up the daemon, just type
\fBpluto\fR
-(be sure to be running as the superuser)\. The default IKE port number is 500, the UDP port assigned by IANA for IKE Daemons\.
+(be sure to be running as the superuser)\&. The default IKE port number is 500, the UDP port assigned by IANA for IKE Daemons\&.
\fBpluto\fR
-must be run by the superuser to be able to use the UDP 500 port\. If pluto is told to enable NAT\-Traversal, then UDP port 4500 is also taken by pluto to listen on\.
+must be run by the superuser to be able to use the UDP 500 port\&. If pluto is told to enable NAT\-Traversal, then UDP port 4500 is also taken by pluto to listen on\&.
.PP
-Pluto supports different IPstacks on different operating systems\. The option
-\fB\-\-use\-auto\fR, which is also the default, lets pluto find a stack automatically\. This behaviour can be changed by explicitely setting the stack using
+Pluto supports different IPstacks on different operating systems\&. The option
+\fB\-\-use\-auto\fR, which is also the default, lets pluto find a stack automatically\&. This behaviour can be changed by explicitely setting the stack using
\fB\-\-use\-klips\fR,
\fB\-\-use\-netkey\fR
or
-\fB\-\-use\-nostack\fR\. The latter is meant for testing only \- no actual IPsec connections will be loaded into the kernel\.
+\fB\-\-use\-nostack\fR\&. The latter is meant for testing only \- no actual IPsec connections will be loaded into the kernel\&.
.PP
Pluto supports the NAT\-Traversal drafts and the final standard, RFC 3947, if the
\fB\-\-nat_traversal\fR
-is specified\. The allowed range behind the NAT routers is submitted using the
+is specified\&. The allowed range behind the NAT routers is submitted using the
\fB\-\-virtual_private\fR
-option\. See
+option\&. See
\fBipsec.conf\fR(5)
-for the syntax\. The option
+for the syntax\&. The option
\fB\-\-force_keepalive\fR
forces the sending of the
-\fIkeep\-alive packets\fR, which are send to prevent the NAT router from closing its port when there is not enough traffic on the IPsec connection\. The
+\fIkeep\-alive packets\fR, which are send to prevent the NAT router from closing its port when there is not enough traffic on the IPsec connection\&. The
\fB\-\-keep_alive\fR
-sets the delay (in seconds) of these keep\-alive packets\. The newer NAT\-T standards support
-\fIport floating\fR, and Openswan enables this per default\. It can be disabled using the
+sets the delay (in seconds) of these keep\-alive packets\&. The newer NAT\-T standards support
+\fIport floating\fR, and Openswan enables this per default\&. It can be disabled using the
\fB\-\-disable_port_floating\fR
-option\.
+option\&.
.PP
-Pluto supports the use of X\.509 certificates and sends it certificate when needed\. This can confuse IKE implementations that do not implement this, such as the old FreeS/WAN implementation\. The
+Pluto supports the use of X\&.509 certificates and sends it certificate when needed\&. This can confuse IKE implementations that do not implement this, such as the old FreeS/WAN implementation\&. The
\fB\-\-nocrsend\fR
-prevents pluto from sending these\. At startup, pluto loads all the X\.509 related files from the directories
-\fI/etc/ipsec\.d/certs\fR,
-\fI/etc/ipsec\.d/cacerts\fR,
-\fI/etc/ipsec\.d/aacerts\fR,
-\fI/etc/ipsec\.d/ocspcerts\fR,
-\fI/etc/ipsec\.d/private\fR
+prevents pluto from sending these\&. At startup, pluto loads all the X\&.509 related files from the directories
+/etc/ipsec\&.d/certs,
+/etc/ipsec\&.d/cacerts,
+/etc/ipsec\&.d/aacerts,
+/etc/ipsec\&.d/ocspcerts,
+/etc/ipsec\&.d/private
and
-\fI/etc/ipsec\.d/crls\fR\. The
+/etc/ipsec\&.d/crls\&. The
\fICertificate Revocation Lists\fR
-can also be retrieved from an URL\. The option
+can also be retrieved from an URL\&. The option
\fB\-\-crlcheckinterval\fR
-sets the time between checking for CRL expiration and issuing new fetch commands\. The first attempt to update a CRL is started at
+sets the time between checking for CRL expiration and issuing new fetch commands\&. The first attempt to update a CRL is started at
\fI2*crlcheckinterval\fR
-before the next update time\. Pluto logs a warning if no valid CRL was loaded or obtained for a connection\. If
+before the next update time\&. Pluto logs a warning if no valid CRL was loaded or obtained for a connection\&. If
\fB\-\-strictcrlpolicy\fR
-is given, the connection will be rejected until a valid CRL has been loaded\. Pluto also has support for the
+is given, the connection will be rejected until a valid CRL has been loaded\&. Pluto also has support for the
\fIOnline Certificate Store Protocol\fR
-(OSCP) as defined in RFC 2560\. The URL to the OSCP store can be given to pluto via the
+(OSCP) as defined in RFC 2560\&. The URL to the OSCP store can be given to pluto via the
\fB\-\-ocspuri\fR
-option\.
+option\&.
.PP
Pluto can use the BIND9 secure resolver, which means it has support for DNSSEC, using the BIND9
\fIlwres {}\fR
interface, see
-\fBnamed.conf\fR(5)\. Pluto can also use the old
+\fBnamed.conf\fR(5)\&. Pluto can also use the old
\fIadns\fR
interface if there is no BIND9 running with
\fIlwres {}\fR
-on the host, but then pluto cannot do any DNSSEC processing\. Pluto forks and starts these DNS helpers in seperate children\. The options
+on the host, but then pluto cannot do any DNSSEC processing\&. Pluto forks and starts these DNS helpers in seperate children\&. The options
\fB\-\-lwdnsq\fR
and
\fB\-\-adns\fR
-invoke these resolvers\.
+invoke these resolvers\&.
.PP
-Pluto can also use helper children to off\-load cryptographic operations\. This behavior can be fine tuned using the
-\fB\-\-nhelpers\fR\. Pluto will start
+Pluto can also use helper children to off\-load cryptographic operations\&. This behavior can be fine tuned using the
+\fB\-\-nhelpers\fR\&. Pluto will start
\fI(n\-1)\fR
of them, where
\fIn\fR
-is the number of CPU\(cqs you have (including hypherthreaded CPU\(cqs)\. A value of
+is the number of CPU\(cqs you have (including hypherthreaded CPU\(cqs)\&. A value of
\fI0\fR
-forces pluto to do all operations in the main process\. A value of
+forces pluto to do all operations in the main process\&. A value of
\fI\-1\fR
-tells pluto to perform the above calculation\. Any other value forces the number to that amount\.
+tells pluto to perform the above calculation\&. Any other value forces the number to that amount\&.
.PP
\fBpluto\fR
attempts to create a lockfile with the name
-\fI/var/run/pluto/pluto\.pid\fR\. If the lockfile cannot be created,
+/var/run/pluto/pluto\&.pid\&. If the lockfile cannot be created,
\fBpluto\fR
exits \- this prevents multiple
\fBpluto\fRs from competing Any \(lqleftover\(rq lockfile must be removed before
\fBpluto\fR
-will run\.
+will run\&.
\fBpluto\fR
-writes its pid into this file so that scripts can find it\. This lock will not function properly if it is on an NFS volume (but sharing locks on multiple machines doesn\'t make sense anyway)\.
+writes its pid into this file so that scripts can find it\&. This lock will not function properly if it is on an NFS volume (but sharing locks on multiple machines doesn\'t make sense anyway)\&.
.PP
\fBpluto\fR
-then forks and the parent exits\. This is the conventional \(lqdaemon fork\(rq\. It can make debugging awkward, so there is an option to suppress this fork\. In certain configurations, pluto might also launch helper programs to assist with DNS queries or to offload cryptographic operations\.
+then forks and the parent exits\&. This is the conventional \(lqdaemon fork\(rq\&. It can make debugging awkward, so there is an option to suppress this fork\&. In certain configurations, pluto might also launch helper programs to assist with DNS queries or to offload cryptographic operations\&.
.PP
All logging, including diagnostics, is sent to
\fBsyslog\fR(3)
-with facility=authpriv; it decides where to put these messages (possibly in /var/log/secure)\. Since this too can make debugging awkward, the option
+with facility=authpriv; it decides where to put these messages (possibly in /var/log/secure)\&. Since this too can make debugging awkward, the option
\fB\-\-stderrlog\fR
-is used to steer logging to stderr\.
+is used to steer logging to stderr\&.
.PP
If the
\fB\-\-perpeerlog\fR
-option is given, then pluto will open a log file per connection\. By default, this is in /var/log/pluto/peer, in a subdirectory formed by turning all dot (\.) [IPv4} or colon (:) [IPv6] into slashes (/)\.
+option is given, then pluto will open a log file per connection\&. By default, this is in /var/log/pluto/peer, in a subdirectory formed by turning all dot (\&.) [IPv4} or colon (:) [IPv6] into slashes (/)\&.
.PP
The base directory can be changed with the
-\fB\-\-perpeerlogbase\fR\.
+\fB\-\-perpeerlogbase\fR\&.
.PP
Once
\fBpluto\fR
is started, it waits for requests from
-\fBwhack\fR\.
+\fBwhack\fR\&.
.SS "Pluto\'s Internal State"
.PP
To understand how to use
-\fBpluto\fR, it is helpful to understand a little about its internal state\. Furthermore, the terminology is needed to decipher some of the diagnostic messages\.
+\fBpluto\fR, it is helpful to understand a little about its internal state\&. Furthermore, the terminology is needed to decipher some of the diagnostic messages\&.
.PP
Pluto supports
-\fBfood groups\fR, and X\.509 certificates\. These are located in /etc/ipsec\.d, or another directory as specified by
-\fB\-\-ipsecdir\fR\.
+\fBfood groups\fR, and X\&.509 certificates\&. These are located in /etc/ipsec\&.d, or another directory as specified by
+\fB\-\-ipsecdir\fR\&.
.PP
-Pluto may core dump\. It will normally do so into the current working directory\. The standard scripts have an option dumpdir=, which can set the current directory to determine where the core dump will go\. In some cases, it may be more convenient to specify it on the command line using \-\-coredir\. A third method is to set the environment variable PLUTO_CORE_DIR\. The command line argument takes precedence over the environment variable\. The option plutorestartoncrash can be set to no to prevent multiple core files and a looping pluto process\. Normally, when pluto crashes, another pluto process is started\.
+Pluto may core dump\&. It will normally do so into the current working directory\&. The standard scripts have an option dumpdir=, which can set the current directory to determine where the core dump will go\&. In some cases, it may be more convenient to specify it on the command line using \-\-coredir\&. A third method is to set the environment variable PLUTO_CORE_DIR\&. The command line argument takes precedence over the environment variable\&. The option plutorestartoncrash can be set to no to prevent multiple core files and a looping pluto process\&. Normally, when pluto crashes, another pluto process is started\&.
.PP
At times it may be desireable to turn off all timed events in
\fBpluto\fR, this can be done with
-\fB\-\-noretransmits\fR\.
+\fB\-\-noretransmits\fR\&.
.PP
The
\fI(potential) connection\fR
-database describes attributes of a connection\. These include the IP addresses of the hosts and client subnets and the security characteristics desired\.
+database describes attributes of a connection\&. These include the IP addresses of the hosts and client subnets and the security characteristics desired\&.
\fBpluto\fR
-requires this information (simply called a connection) before it can respond to a request to build an SA\. Each connection is given a name when it is created, and all references are made using this name\.
+requires this information (simply called a connection) before it can respond to a request to build an SA\&. Each connection is given a name when it is created, and all references are made using this name\&.
.PP
During the IKE exchange to build an SA, the information about the negotiation is represented in a
-\fIstate object\fR\. Each state object reflects how far the negotiation has reached\. Once the negotiation is complete and the SA established, the state object remains to represent the SA\. When the SA is terminated, the state object is discarded\. Each State object is given a serial number and this is used to refer to the state objects in logged messages\.
+\fIstate object\fR\&. Each state object reflects how far the negotiation has reached\&. Once the negotiation is complete and the SA established, the state object remains to represent the SA\&. When the SA is terminated, the state object is discarded\&. Each State object is given a serial number and this is used to refer to the state objects in logged messages\&.
.PP
-Each state object corresponds to a connection and can be thought of as an instantiation of that connection\. At any particular time, there may be any number of state objects corresponding to a particular connection\. Often there is one representing an ISAKMP SA and another representing an IPsec SA\.
+Each state object corresponds to a connection and can be thought of as an instantiation of that connection\&. At any particular time, there may be any number of state objects corresponding to a particular connection\&. Often there is one representing an ISAKMP SA and another representing an IPsec SA\&.
.PP
\fBKLIPS\fR
-hooks into the routing code in a LINUX kernel\. Traffic to be processed by an IPsec SA must be directed through
+hooks into the routing code in a LINUX kernel\&. Traffic to be processed by an IPsec SA must be directed through
\fBKLIPS\fR
-by routing commands\. Furthermore, the processing to be done is specified by
+by routing commands\&. Furthermore, the processing to be done is specified by
\fIipsec eroute(8)\fR
-commands\.
+commands\&.
\fBpluto\fR
-takes the responsibility of managing both of these special kinds of routes\.
+takes the responsibility of managing both of these special kinds of routes\&.
.PP
\fBNETKEY\fR
-requires no special routing\.
+requires no special routing\&.
.PP
-Each connection may be routed, and must be while it has an IPsec SA\. The connection specifies the characteristics of the route: the interface on this machine, the \(lqgateway\(rq (the nexthop), and the peer\'s client subnet\. Two connections may not be simultaneously routed if they are for the same peer\'s client subnet but use different interfaces or gateways (\fBpluto\fR\'s logic does not reflect any advanced routing capabilities)\.
+Each connection may be routed, and must be while it has an IPsec SA\&. The connection specifies the characteristics of the route: the interface on this machine, the \(lqgateway\(rq (the nexthop), and the peer\'s client subnet\&. Two connections may not be simultaneously routed if they are for the same peer\'s client subnet but use different interfaces or gateways (\fBpluto\fR\'s logic does not reflect any advanced routing capabilities)\&.
.PP
-On KLIPS, each eroute is associated with the state object for an IPsec SA because it has the particular characteristics of the SA\. Two eroutes conflict if they specify the identical local and remote clients (unlike for routes, the local clients are taken into account)\.
+On KLIPS, each eroute is associated with the state object for an IPsec SA because it has the particular characteristics of the SA\&. Two eroutes conflict if they specify the identical local and remote clients (unlike for routes, the local clients are taken into account)\&.
.PP
When
\fBpluto\fR
-needs to install a route for a connection, it must make sure that no conflicting route is in use\. If another connection has a conflicting route, that route will be taken down, as long as there is no IPsec SA instantiating that connection\. If there is such an IPsec SA, the attempt to install a route will fail\.
+needs to install a route for a connection, it must make sure that no conflicting route is in use\&. If another connection has a conflicting route, that route will be taken down, as long as there is no IPsec SA instantiating that connection\&. If there is such an IPsec SA, the attempt to install a route will fail\&.
.PP
-There is an exception\. If
-\fBpluto\fR, as Responder, needs to install a route to a fixed client subnet for a connection, and there is already a conflicting route, then the SAs using the route are deleted to make room for the new SAs\. The rationale is that the new connection is probably more current\. The need for this usually is a product of Road Warrior connections (these are explained later; they cannot be used to initiate)\.
+There is an exception\&. If
+\fBpluto\fR, as Responder, needs to install a route to a fixed client subnet for a connection, and there is already a conflicting route, then the SAs using the route are deleted to make room for the new SAs\&. The rationale is that the new connection is probably more current\&. The need for this usually is a product of Road Warrior connections (these are explained later; they cannot be used to initiate)\&.
.PP
When
\fBpluto\fR
-needs to install an eroute for an IPsec SA (for a state object), first the state object\'s connection must be routed (if this cannot be done, the eroute and SA will not be installed)\. If a conflicting eroute is already in place for another connection, the eroute and SA will not be installed (but note that the routing exception mentioned above may have already deleted potentially conflicting SAs)\. If another IPsec SA for the same connection already has an eroute, all its outgoing traffic is taken over by the new eroute\. The incoming traffic will still be processed\. This characteristic is exploited during rekeying\.
+needs to install an eroute for an IPsec SA (for a state object), first the state object\'s connection must be routed (if this cannot be done, the eroute and SA will not be installed)\&. If a conflicting eroute is already in place for another connection, the eroute and SA will not be installed (but note that the routing exception mentioned above may have already deleted potentially conflicting SAs)\&. If another IPsec SA for the same connection already has an eroute, all its outgoing traffic is taken over by the new eroute\&. The incoming traffic will still be processed\&. This characteristic is exploited during rekeying\&.
.PP
All of these routing characteristics are expected change when
\fBKLIPS\fR
and
\fBNETKEY\fR
-merge into a single new stack\.
+merge into a single new stack\&.
.SS "Using Whack"
.PP
\fBwhack\fR
is used to command a running
-\fBpluto\fR\.
+\fBpluto\fR\&.
\fBwhack\fR
uses a UNIX domain socket to speak to
\fBpluto\fR
(by default,
-\fI/var/pluto\.ctl\fR)\.
+/var/pluto\&.ctl)\&.
.PP
\fBwhack\fR
-has an intricate argument syntax\. This syntax allows many different functions to be specified\. The help form shows the usage or version information\. The connection form gives
+has an intricate argument syntax\&. This syntax allows many different functions to be specified\&. The help form shows the usage or version information\&. The connection form gives
\fBpluto\fR
-a description of a potential connection\. The public key form informs
+a description of a potential connection\&. The public key form informs
\fBpluto\fR
-of the RSA public key for a potential peer\. The delete form deletes a connection description and all SAs corresponding to it\. The listen form tells
+of the RSA public key for a potential peer\&. The delete form deletes a connection description and all SAs corresponding to it\&. The listen form tells
\fBpluto\fR
-to start or stop listening on the public interfaces for IKE requests from peers\. The route form tells
+to start or stop listening on the public interfaces for IKE requests from peers\&. The route form tells
\fBpluto\fR
-to set up routing for a connection; the unroute form undoes this\. The initiate form tells
+to set up routing for a connection; the unroute form undoes this\&. The initiate form tells
\fBpluto\fR
-to negotiate an SA corresponding to a connection\. The terminate form tells
+to negotiate an SA corresponding to a connection\&. The terminate form tells
\fBpluto\fR
-to remove all SAs corresponding to a connection, including those being negotiated\. The status form displays the
-\fBpluto\fR\'s internal state\. The debug form tells
+to remove all SAs corresponding to a connection, including those being negotiated\&. The status form displays the
+\fBpluto\fR\'s internal state\&. The debug form tells
\fBpluto\fR
-to change the selection of debugging output \(lqon the fly\(rq\. The shutdown form tells
+to change the selection of debugging output \(lqon the fly\(rq\&. The shutdown form tells
\fBpluto\fR
-to shut down, deleting all SAs\.
+to shut down, deleting all SAs\&.
.PP
-The crash option asks pluto to consider a particularly target IP to have crashed, and to attempt to restart all connections with that IP address as a gateway\. In general, you should use Dead Peer Detection to detect this kind of situation automatically, but this is not always possible\.
+The crash option asks pluto to consider a particularly target IP to have crashed, and to attempt to restart all connections with that IP address as a gateway\&. In general, you should use Dead Peer Detection to detect this kind of situation automatically, but this is not always possible\&.
.PP
-Most options are specific to one of the forms, and will be described with that form\. There are three options that apply to all forms\.
+Most options are specific to one of the forms, and will be described with that form\&. There are three options that apply to all forms\&.
.PP
-\fB\-\-ctlbase\fR\ \fIpath\fR
+\fB\-\-ctlbase\fR\ \&\fIpath\fR
.RS 4
-\fIpath\fR\.ctl is used as the UNIX domain socket for talking to
-\fBpluto\fR\. This option facilitates debugging\.
+\fIpath\fR\&.ctl is used as the UNIX domain socket for talking to
+\fBpluto\fR\&. This option facilitates debugging\&.
.RE
.PP
-\fB\-\-optionsfrom\fR\ \fIfilename\fR
+\fB\-\-optionsfrom\fR\ \&\fIfilename\fR
.RS 4
-adds the contents of the file to the argument list\.
+adds the contents of the file to the argument list\&.
.RE
.PP
-\fB\-\-label\fR\ \fIstring\fR
+\fB\-\-label\fR\ \&\fIstring\fR
.RS 4
adds the string to all error messages generated by
-\fBwhack\fR\.
+\fBwhack\fR\&.
.RE
.PP
The help form of
\fBwhack\fR
-is self\-explanatory\.
+is self\-explanatory\&.
.PP
\fB\-\-help\fR
.RS 4
-display the usage message\.
+display the usage message\&.
.RE
.PP
\fB\-\-version\fR
.RS 4
display the version of
-\fBwhack\fR\.
+\fBwhack\fR\&.
.RE
.PP
The connection form describes a potential connection to
-\fBpluto\fR\.
+\fBpluto\fR\&.
\fBpluto\fR
-needs to know what connections can and should be negotiated\. When
+needs to know what connections can and should be negotiated\&. When
\fBpluto\fR
-is the initiator, it needs to know what to propose\. When
+is the initiator, it needs to know what to propose\&. When
\fBpluto\fR
-is the responder, it needs to know enough to decide whether is is willing to set up the proposed connection\.
+is the responder, it needs to know enough to decide whether is is willing to set up the proposed connection\&.
.PP
-The description of a potential connection can specify a large number of details\. Each connection has a unique name\. This name will appear in a updown shell command, so it should not contain punctuation that would make the command ill\-formed\.
+The description of a potential connection can specify a large number of details\&. Each connection has a unique name\&. This name will appear in a updown shell command, so it should not contain punctuation that would make the command ill\-formed\&.
.PP
-\fB\-\-name\fR\ \fIconnection\-name\fR
+\fB\-\-name\fR\ \&\fIconnection\-name\fR
.RS 4
sets the name of the connection
.RE
.PP
The topology of a connection is symmetric, so to save space here is half a picture:
.PP
-\ \ \ client_subnet<\-\->host:ikeport<\-\->nexthop<\-\-\-
+\ \&\ \&\ \&client_subnet<\-\->host:ikeport<\-\->nexthop<\-\-\-
.PP
-A similar trick is used in the flags\. The same flag names are used for both ends\. Those before the
+A similar trick is used in the flags\&. The same flag names are used for both ends\&. Those before the
\fB\-\-to\fR
-flag describe the left side and those afterwards describe the right side\. When
+flag describe the left side and those afterwards describe the right side\&. When
\fBpluto\fR
-attempts to use the connection, it decides whether it is the left side or the right side of the connection, based on the IP numbers of its interfaces\.
+attempts to use the connection, it decides whether it is the left side or the right side of the connection, based on the IP numbers of its interfaces\&.
.PP
-\fB\-\-id\fR\ \fIid\fR
+\fB\-\-id\fR\ \&\fIid\fR
.RS 4
-the identity of the end\. Currently, this can be an IP address (specified as dotted quad or as a Fully Qualified Domain Name, which will be resolved immediately) or as a Fully Qualified Domain Name itself (prefixed by \(lq@\(rq to signify that it should not be resolved), or as user@FQDN, or an X\.509 DN, or as the magic value
-\fB%myid\fR\.
+the identity of the end\&. Currently, this can be an IP address (specified as dotted quad or as a Fully Qualified Domain Name, which will be resolved immediately) or as a Fully Qualified Domain Name itself (prefixed by \(lq@\(rq to signify that it should not be resolved), or as user@FQDN, or an X\&.509 DN, or as the magic value
+\fB%myid\fR\&.
\fBPluto\fR
-only authenticates the identity, and does not use it for addressing, so, for example, an IP address need not be the one to which packets are to be sent\. If the option is absent, the identity defaults to the IP address specified by
-\fB\-\-host\fR\.
+only authenticates the identity, and does not use it for addressing, so, for example, an IP address need not be the one to which packets are to be sent\&. If the option is absent, the identity defaults to the IP address specified by
+\fB\-\-host\fR\&.
\fB%myid\fR
allows the identity to be separately specified (by the
\fBpluto\fR
@@ -509,48 +517,48 @@
\fBipsec.conf\fR(5)
\fBconfig setup\fR
parameter
-\fImyid\fR)\. Otherwise,
+\fImyid\fR)\&. Otherwise,
\fBpluto\fR
tries to guess what
\fB%myid\fR
should stand for: the IP address of
-\fB%defaultroute\fR, if it is supported by a suitable TXT record in the reverse domain for that IP address, or the system\'s hostname, if it is supported by a suitable TXT record in its forward domain\.
+\fB%defaultroute\fR, if it is supported by a suitable TXT record in the reverse domain for that IP address, or the system\'s hostname, if it is supported by a suitable TXT record in its forward domain\&.
.RE
.PP
-\fB\-\-host\fR\ \fIip\-address\fR, \fB\-\-host\fR\ \fB%any\fR, \fB\-\-host\fR\ \fB%opportunistic\fR
+\fB\-\-host\fR\ \&\fIip\-address\fR, \fB\-\-host\fR\ \&\fB%any\fR, \fB\-\-host\fR\ \&\fB%opportunistic\fR
.RS 4
-the IP address of the end (generally the public interface)\. If
+the IP address of the end (generally the public interface)\&. If
\fBpluto\fR
is to act as a responder for IKE negotiations initiated from unknown IP addresses (the \(lqRoad Warrior\(rq case), the IP address should be specified as
\fB%any\fR
(currently, the obsolete notation
-0\.0\.0\.0
-is also accepted for this)\. If
+0\&.0\&.0\&.0
+is also accepted for this)\&. If
\fBpluto\fR
is to opportunistically initiate the connection, use
\fB%opportunistic\fR
.RE
.PP
-\fB\-\-cert\fR\ \fIfilename\fR
+\fB\-\-cert\fR\ \&\fIfilename\fR
.RS 4
-The filename of the X\.509 certificate\. This must be the public key certificate only, and cannot be the PKCS#12 certificate file\. See
+The filename of the X\&.509 certificate\&. This must be the public key certificate only, and cannot be the PKCS#12 certificate file\&. See
\fBipsec.conf\fR(5)
-on how to extrac this from the PKCS#12 file\.
+on how to extrac this from the PKCS#12 file\&.
.RE
.PP
-\fB\-\-ca\fR\ \fIdistinguished name\fR
+\fB\-\-ca\fR\ \&\fIdistinguished name\fR
.RS 4
-the X\.509 Certificate Authority\'s Distinguished Name (DN) used as trust anchor for this connection\. This is the CA certificate that signed the host certificate, as well as the certificate of the incoming client\.
+the X\&.509 Certificate Authority\'s Distinguished Name (DN) used as trust anchor for this connection\&. This is the CA certificate that signed the host certificate, as well as the certificate of the incoming client\&.
.RE
.PP
-\fB\-\-groups\fR\ \fIaccess control groups\fR
+\fB\-\-groups\fR\ \&\fIaccess control groups\fR
.RS 4
-the access control groups used\.
+the access control groups used\&.
.RE
.PP
-\fB\-\-sendcert\fR\ \fIyes|forced|always|ifasked|no|never\fR
+\fB\-\-sendcert\fR\ \&\fIyes|forced|always|ifasked|no|never\fR
.RS 4
-Wether or not to send our X\.509 certificate credentials\. This could potentially give an attacker too much information about which identities are allowed to connect to this host\. The default is to use
+Wether or not to send our X\&.509 certificate credentials\&. This could potentially give an attacker too much information about which identities are allowed to connect to this host\&. The default is to use
\fBifasked\fR
when we are a Responder, and to use
\fByes\fR
@@ -558,77 +566,77 @@
\fBforced\fR
and
\fBalways\fR
-if we are an Initiator\. The values
+if we are an Initiator\&. The values
\fBno\fR
and
\fBnever\fR
-are equivalent\. NOTE: "forced" does not seem to be actually implemented \- do not use it\.
+are equivalent\&. NOTE: "forced" does not seem to be actually implemented \- do not use it\&.
.RE
.PP
-\fB\-\-certtype\fR\ \fInumber\fR
+\fB\-\-certtype\fR\ \&\fInumber\fR
.RS 4
-The X\.509 certificate type number\.
+The X\&.509 certificate type number\&.
.RE
.PP
-\fB\-\-ikeport\fR\ \fIport\-number\fR
+\fB\-\-ikeport\fR\ \&\fIport\-number\fR
.RS 4
-the UDP port that IKE listens to on that host\. The default is 500\. (\fBpluto\fR
+the UDP port that IKE listens to on that host\&. The default is 500\&. (\fBpluto\fR
on this machine uses the port specified by its own command line argument, so this only affects where
\fBpluto\fR
-sends messages\.)
+sends messages\&.)
.RE
.PP
-\fB\-\-nexthop\fR\ \fIip\-address\fR
+\fB\-\-nexthop\fR\ \&\fIip\-address\fR
.RS 4
-where to route packets for the peer\'s client (presumably for the peer too, but it will not be used for this)\. When
+where to route packets for the peer\'s client (presumably for the peer too, but it will not be used for this)\&. When
\fBpluto\fR
-installs an IPsec SA, it issues a route command\. It uses the nexthop as the gateway\. The default is the peer\'s IP address (this can be explicitly written as
+installs an IPsec SA, it issues a route command\&. It uses the nexthop as the gateway\&. The default is the peer\'s IP address (this can be explicitly written as
\fB%direct\fR; the obsolete notation
-0\.0\.0\.0
-is accepted)\. This option is necessary if
-\fBpluto\fR\'s host\'s interface used for sending packets to the peer is neither point\-to\-point nor directly connected to the peer\.
+0\&.0\&.0\&.0
+is accepted)\&. This option is necessary if
+\fBpluto\fR\'s host\'s interface used for sending packets to the peer is neither point\-to\-point nor directly connected to the peer\&.
.RE
.PP
-\fB\-\-client\fR\ \fIsubnet\fR
+\fB\-\-client\fR\ \&\fIsubnet\fR
.RS 4
-the subnet for which the IPsec traffic will be destined\. If not specified, the host will be the client\. The subnet can be specified in any of the forms supported by
-\fBipsec_atosubnet\fR(3)\. The general form is
-\fIaddress\fR/\fImask\fR\. The
+the subnet for which the IPsec traffic will be destined\&. If not specified, the host will be the client\&. The subnet can be specified in any of the forms supported by
+\fBipsec_atosubnet\fR(3)\&. The general form is
+\fIaddress\fR/\fImask\fR\&. The
\fIaddress\fR
-can be either a domain name or four decimal numbers (specifying octets) separated by dots\. The most convenient form of the
+can be either a domain name or four decimal numbers (specifying octets) separated by dots\&. The most convenient form of the
\fImask\fR
-is a decimal integer, specifying the number of leading one bits in the mask\. So, for example, 10\.0\.0\.0/8 would specify the class A network \(lqNet 10\(rq\.
+is a decimal integer, specifying the number of leading one bits in the mask\&. So, for example, 10\&.0\&.0\&.0/8 would specify the class A network \(lqNet 10\(rq\&.
.RE
.PP
-\fB\-\-clientwithin\fR\ \fIsubnet\fR
+\fB\-\-clientwithin\fR\ \&\fIsubnet\fR
.RS 4
-This option is obsolete and will be removed\. Do not use this option anymore\.
+This option is obsolete and will be removed\&. Do not use this option anymore\&.
.RE
.PP
-\fB\-\-clientprotoport\fR\ \fIprotocol/port\fR
+\fB\-\-clientprotoport\fR\ \&\fIprotocol/port\fR
.RS 4
-specify the Port Selectors (filters) to be used on this connection\. The general form is
-\fIprotocol\fR/\fIport\fR\. This is most commonly used to limit the connection to L2TP traffic only by specifying a value of
+specify the Port Selectors (filters) to be used on this connection\&. The general form is
+\fIprotocol\fR/\fIport\fR\&. This is most commonly used to limit the connection to L2TP traffic only by specifying a value of
\fI17/1701\fR
-for UDP (protocol 17) and port 1701\. The notation
+for UDP (protocol 17) and port 1701\&. The notation
\fI17/%any\fR
-can be used to allow all UDP traffic and is needed for L2TP connections with Windows XP machines before Service Pack 2\.
+can be used to allow all UDP traffic and is needed for L2TP connections with Windows XP machines before Service Pack 2\&.
.RE
.PP
-\fB\-\-srcip\fR\ \fIip\-address\fR
+\fB\-\-srcip\fR\ \&\fIip\-address\fR
.RS 4
-the IP address for this host to use when transmitting a packet to the remote IPsec gateway itself\. This option is used to make the gateway itself use its internal IP, which is part of the
-\fB\-\-client subnet\fR\. Otherwise it will use its nearest IP address, which is its public IP address, which is not part of the subnet\-subnet IPsec tunnel, and would therefor not get encrypted\.
+the IP address for this host to use when transmitting a packet to the remote IPsec gateway itself\&. This option is used to make the gateway itself use its internal IP, which is part of the
+\fB\-\-client subnet\fR\&. Otherwise it will use its nearest IP address, which is its public IP address, which is not part of the subnet\-subnet IPsec tunnel, and would therefor not get encrypted\&.
.RE
.PP
\fB\-\-xauthserver\fR
.RS 4
-this end is an xauthserver\. It will lookup the xauth user name and password and verify this before allowing the connection to get established\.
+this end is an xauthserver\&. It will lookup the xauth user name and password and verify this before allowing the connection to get established\&.
.RE
.PP
\fB\-\-xauthclient\fR
.RS 4
-this end is an xauthclient\. To bring this connection up with the
+this end is an xauthclient\&. To bring this connection up with the
\fB\-\-initiate\fR
also requires the client to specify
\fB\-\-xauthuser username\fR
@@ -638,7 +646,7 @@
.PP
\fB\-\-xauthuser\fR
.RS 4
-The username for the xauth authentication\.This option is normally passed along by
+The username for the xauth authentication\&.This option is normally passed along by
\fBipsec_auto\fR(8)
when an xauth connection is started using
\fIipsec auto \-\-up conn\fR
@@ -646,7 +654,7 @@
.PP
\fB\-\-xauthpass\fR
.RS 4
-The password for the xauth authentication\. This option is normally passed along by
+The password for the xauth authentication\&. This option is normally passed along by
\fBipsec_auto\fR(8)
when an xauth connection is started using
\fIipsec auto \-\-up conn\fR
@@ -684,99 +692,99 @@
.PP
\fB\-\-dnskeyondemand\fR
.RS 4
-specifies that when an RSA public key is needed to authenticate this host, and it isn\'t already known, fetch it from DNS\.
+specifies that when an RSA public key is needed to authenticate this host, and it isn\'t already known, fetch it from DNS\&.
.RE
.PP
-\fB\-\-updown\fR\ \fIupdown\fR
+\fB\-\-updown\fR\ \&\fIupdown\fR
.RS 4
specifies an external shell command to be run whenever
\fBpluto\fR
-brings up or down a connection\. The script is used to build a shell command, so it may contain positional parameters, but ought not to have punctuation that would cause the resulting command to be ill\-formed\. The default is
-\fIipsec _updown\fR\. Pluto passes a dozen environment variables to the script about the connection involved\.
+brings up or down a connection\&. The script is used to build a shell command, so it may contain positional parameters, but ought not to have punctuation that would cause the resulting command to be ill\-formed\&. The default is
+\fIipsec _updown\fR\&. Pluto passes a dozen environment variables to the script about the connection involved\&.
.RE
.PP
\fB\-\-to\fR
.RS 4
-separates the specification of the left and right ends of the connection\. Pluto tries to decide wether it is
+separates the specification of the left and right ends of the connection\&. Pluto tries to decide wether it is
\fIleft\fR
or
\fIright\fR
-based on the information provided on both sides of this option\.
+based on the information provided on both sides of this option\&.
.RE
.PP
-The potential connection description also specifies characteristics of rekeying and security\.
+The potential connection description also specifies characteristics of rekeying and security\&.
.PP
\fB\-\-psk\fR
.RS 4
-Propose and allow preshared secret authentication for IKE peers\. This authentication requires that each side use the same secret\. May be combined with
-\fB\-\-rsasig\fR; at least one must be specified\.
+Propose and allow preshared secret authentication for IKE peers\&. This authentication requires that each side use the same secret\&. May be combined with
+\fB\-\-rsasig\fR; at least one must be specified\&.
.RE
.PP
\fB\-\-rsasig\fR
.RS 4
-Propose and allow RSA signatures for authentication of IKE peers\. This authentication requires that each side have have a private key of its own and know the public key of its peer\. May be combined with
-\fB\-\-psk\fR; at least one must be specified\.
+Propose and allow RSA signatures for authentication of IKE peers\&. This authentication requires that each side have have a private key of its own and know the public key of its peer\&. May be combined with
+\fB\-\-psk\fR; at least one must be specified\&.
.RE
.PP
\fB\-\-encrypt\fR
.RS 4
-All proposed or accepted IPsec SAs will include non\-null ESP\. The actual choices of transforms are wired into
-\fBpluto\fR\.
+All proposed or accepted IPsec SAs will include non\-null ESP\&. The actual choices of transforms are wired into
+\fBpluto\fR\&.
.RE
.PP
\fB\-\-authenticate\fR
.RS 4
-All proposed IPsec SAs will include AH\. All accepted IPsec SAs will include AH or ESP with authentication\. The actual choices of transforms are wired into
-\fBpluto\fR\. Note that this has nothing to do with IKE authentication\.
+All proposed IPsec SAs will include AH\&. All accepted IPsec SAs will include AH or ESP with authentication\&. The actual choices of transforms are wired into
+\fBpluto\fR\&. Note that this has nothing to do with IKE authentication\&.
.RE
.PP
\fB\-\-compress\fR
.RS 4
-All proposed IPsec SAs will include IPCOMP (compression)\. This will be ignored if KLIPS is not configured with IPCOMP support\.
+All proposed IPsec SAs will include IPCOMP (compression)\&. This will be ignored if KLIPS is not configured with IPCOMP support\&.
.RE
.PP
\fB\-\-tunnel\fR
.RS 4
-the IPsec SA should use tunneling\. Implicit if the SA is for clients\. Must only be used with
+the IPsec SA should use tunneling\&. Implicit if the SA is for clients\&. Must only be used with
\fB\-\-authenticate\fR
or
-\fB\-\-encrypt\fR\.
+\fB\-\-encrypt\fR\&.
.RE
.PP
\fB\-\-ipv4\fR
.RS 4
-The host addresses will be interpreted as IPv4 addresses\. This is the default\. Note that for a connection, all host addresses must be of the same Address Family (IPv4 and IPv6 use different Address Families)\.
+The host addresses will be interpreted as IPv4 addresses\&. This is the default\&. Note that for a connection, all host addresses must be of the same Address Family (IPv4 and IPv6 use different Address Families)\&.
.RE
.PP
\fB\-\-ipv6\fR
.RS 4
-The host addresses (including nexthop) will be interpreted as IPv6 addresses\. Note that for a connection, all host addresses must be of the same Address Family (IPv4 and IPv6 use different Address Families)\.
+The host addresses (including nexthop) will be interpreted as IPv6 addresses\&. Note that for a connection, all host addresses must be of the same Address Family (IPv4 and IPv6 use different Address Families)\&.
.RE
.PP
\fB\-\-tunnelipv4\fR
.RS 4
-The client addresses will be interpreted as IPv4 addresses\. The default is to match what the host will be\. This does not imply
+The client addresses will be interpreted as IPv4 addresses\&. The default is to match what the host will be\&. This does not imply
\fB\-\-tunnel\fR
-so the flag can be safely used when no tunnel is actually specified\. Note that for a connection, all tunnel addresses must be of the same Address Family\.
+so the flag can be safely used when no tunnel is actually specified\&. Note that for a connection, all tunnel addresses must be of the same Address Family\&.
.RE
.PP
\fB\-\-tunnelipv6\fR
.RS 4
-The client addresses will be interpreted as IPv6 addresses\. The default is to match what the host will be\. This does not imply
+The client addresses will be interpreted as IPv6 addresses\&. The default is to match what the host will be\&. This does not imply
\fB\-\-tunnel\fR
-so the flag can be safely used when no tunnel is actually specified\. Note that for a connection, all tunnel addresses must be of the same Address Family\.
+so the flag can be safely used when no tunnel is actually specified\&. Note that for a connection, all tunnel addresses must be of the same Address Family\&.
.RE
.PP
\fB\-\-pfs\fR
.RS 4
-There should be Perfect Forward Secrecy \- new keying material will be generated for each IPsec SA rather than being derived from the ISAKMP SA keying material\. Since the group to be used cannot be negotiated (a dubious feature of the standard),
+There should be Perfect Forward Secrecy \- new keying material will be generated for each IPsec SA rather than being derived from the ISAKMP SA keying material\&. Since the group to be used cannot be negotiated (a dubious feature of the standard),
\fBpluto\fR
-will propose the same group that was used during Phase 1\. We don\'t implement a stronger form of PFS which would require that the ISAKMP SA be deleted after the IPSEC SA is negotiated\.
+will propose the same group that was used during Phase 1\&. We don\'t implement a stronger form of PFS which would require that the ISAKMP SA be deleted after the IPSEC SA is negotiated\&.
.RE
.PP
-\fB\-\-pfsgroup\fR\ \fImodp\-group\fR
+\fB\-\-pfsgroup\fR\ \&\fImodp\-group\fR
.RS 4
-Sets the Diffie\-Hellman group used\. Currently the following values are supported:
+Sets the Diffie\-Hellman group used\&. Currently the following values are supported:
\fBmodp1024\fR
(DHgroup 2),
\fBmodp1536\fR
@@ -790,60 +798,60 @@
\fBmodp6144\fR
(DHgroup 17), and
\fBmodp8192\fR
-(DHgroup 18)\. It is possible to support the weak and broken
+(DHgroup 18)\&. It is possible to support the weak and broken
\fBmodp768\fR
-(DHgroup 1), but this requires a manual recompile and is strongly discouraged\.
+(DHgroup 1), but this requires a manual recompile and is strongly discouraged\&.
.RE
.PP
\fB\-\-disablearrivalcheck\fR
.RS 4
-If the connection is a tunnel, allow packets arriving through the tunnel to have any source and destination addresses\.
+If the connection is a tunnel, allow packets arriving through the tunnel to have any source and destination addresses\&.
.RE
.PP
-\fB\-\-esp\fR\ \fIesp\-algos\fR
+\fB\-\-esp\fR\ \&\fIesp\-algos\fR
.RS 4
-ESP encryption/authentication algorithm to be used for the connection (phase2 aka IPsec SA)\. The options must be suitable as a value of
-\fBipsec_spi\fR(8)\. See
+ESP encryption/authentication algorithm to be used for the connection (phase2 aka IPsec SA)\&. The options must be suitable as a value of
+\fBipsec_spi\fR(8)\&. See
\fBipsec.conf\fR(5)
-for a detailed description of the algorithm format\.
+for a detailed description of the algorithm format\&.
.RE
.PP
\fB\-\-aggrmode\fR
.RS 4
-This tunnel is using aggressive mode ISAKMP negotiation\. The default is main mode\. Aggressive mode is less secure than main mode as it reveals your identity to an eavesdropper, but is needed to support road warriors using PSK keys or to interoperate with other buggy implementations insisting on using aggressive mode\.
+This tunnel is using aggressive mode ISAKMP negotiation\&. The default is main mode\&. Aggressive mode is less secure than main mode as it reveals your identity to an eavesdropper, but is needed to support road warriors using PSK keys or to interoperate with other buggy implementations insisting on using aggressive mode\&.
.RE
.PP
\fB\-\-modecfgpull\fR
.RS 4
-Pull the Mode Config network information from the peer\.
+Pull the Mode Config network information from the peer\&.
.RE
.PP
-\fB\-\-dpddelay\fR\ \fIseconds\fR
+\fB\-\-dpddelay\fR\ \&\fIseconds\fR
.RS 4
-Set the delay (in seconds) between Dead Peer Dectection (RFC 3706) keepalives (R_U_THERE, R_U_THERE_ACK) that are sent for this connection (default 30 seconds)\.
+Set the delay (in seconds) between Dead Peer Dectection (RFC 3706) keepalives (R_U_THERE, R_U_THERE_ACK) that are sent for this connection (default 30 seconds)\&.
.RE
.PP
-\fB\-\-timeout\fR\ \fIseconds\fR
+\fB\-\-timeout\fR\ \&\fIseconds\fR
.RS 4
-Set the length of time (in seconds) we will idle without hearing either an R_U_THERE poll from our peer, or an R_U_THERE_ACK reply\. After this period has elapsed with no response and no traffic, we will declare the peer dead, and remove the SA (default 120 seconds)\.
+Set the length of time (in seconds) we will idle without hearing either an R_U_THERE poll from our peer, or an R_U_THERE_ACK reply\&. After this period has elapsed with no response and no traffic, we will declare the peer dead, and remove the SA (default 120 seconds)\&.
.RE
.PP
-\fB\-\-dpdaction\fR\ \fIaction\fR
+\fB\-\-dpdaction\fR\ \&\fIaction\fR
.RS 4
-When a DPD enabled peer is declared dead, what action should be taken\.
+When a DPD enabled peer is declared dead, what action should be taken\&.
\fBhold\fR(default) means the eroute will be put into
\fI%hold\fR
status, while
-\fBclear\fRmeans the eroute and SA with both be cleared\. Clear is really only usefull on the server of a Road Warrior config\. The action
+\fBclear\fRmeans the eroute and SA with both be cleared\&. Clear is really only usefull on the server of a Road Warrior config\&. The action
\fBrestart\fR
-is used on tunnels that need to be permanently up, and have static IP addresses\.
+is used on tunnels that need to be permanently up, and have static IP addresses\&.
.RE
.PP
\fB\-\-forceencaps\fR
.RS 4
-In some cases, for example when ESP packets are filtered or when a broken IPsec peer does not properly recognise NAT, it can be useful to force RFC\-3948 encapsulation using this option\. It causes pluto lie and tell the remote peer that RFC\-3948 encapsulation (ESP in UDP port 4500 packets) is required\. For this option to have any effect, pluto must have been started with the
+In some cases, for example when ESP packets are filtered or when a broken IPsec peer does not properly recognise NAT, it can be useful to force RFC\-3948 encapsulation using this option\&. It causes pluto lie and tell the remote peer that RFC\-3948 encapsulation (ESP in UDP port 4500 packets) is required\&. For this option to have any effect, pluto must have been started with the
\fB\-\-nat_traversal\fR
-option\.
+option\&.
.RE
.PP
If none of the
@@ -851,7 +859,7 @@
\fB\-\-authenticate\fR,
\fB\-\-compress\fR, or
\fB\-\-pfs\fR
-flags is given, the initiating the connection will only build an ISAKMP SA\. For such a connection, client subnets have no meaning and must not be specified\.
+flags is given, the initiating the connection will only build an ISAKMP SA\&. For such a connection, client subnets have no meaning and must not be specified\&.
.PP
Apart from initiating directly using the
\fB\-\-initiate\fR
@@ -866,17 +874,17 @@
.RS 4
Allow
\fBunencrypted\fR
-traffic to flow until the tunnel is initiated\.
+traffic to flow until the tunnel is initiated\&.
.RE
.PP
\fB\-\-drop\fR
.RS 4
-Drop unencrypted traffic silently\.
+Drop unencrypted traffic silently\&.
.RE
.PP
\fB\-\-reject\fR
.RS 4
-Drop unencrypted traffic silently, but send an ICMP message notifying the other end\.
+Drop unencrypted traffic silently, but send an ICMP message notifying the other end\&.
.RE
.PP
These options need to be documented
@@ -902,36 +910,36 @@
.RE
.PP
\fBpluto\fR
-supports various X\.509 Certificate related options\.
+supports various X\&.509 Certificate related options\&.
.PP
\fB\-\-utc\fR
.RS 4
-display all times in UTC\.
+display all times in UTC\&.
.RE
.PP
\fB\-\-listall\fR
.RS 4
-lists all of the X\.509 information known to pluto\.
+lists all of the X\&.509 information known to pluto\&.
.RE
.PP
\fB\-\-listpubkeys\fR
.RS 4
-list all the public keys that have been successfully loaded\.
+list all the public keys that have been successfully loaded\&.
.RE
.PP
\fB\-\-listcerts\fR
.RS 4
-list all the X\.509 certificates that are currently loaded\.
+list all the X\&.509 certificates that are currently loaded\&.
.RE
.PP
\fB\-\-listcacerts\fR
.RS 4
-list all the X\.509 Certificate Agency (CA) certificates that are currently loaded\.
+list all the X\&.509 Certificate Agency (CA) certificates that are currently loaded\&.
.RE
.PP
\fB\-\-listacerts\fR
.RS 4
-list all the X\.509 Attribute certificates that are currently loaded
+list all the X\&.509 Attribute certificates that are currently loaded
.RE
.PP
\fB\-\-listaacerts\fR
@@ -940,7 +948,7 @@
.PP
\fB\-\-ocspcerts\fR
.RS 4
-list all of the X\.509 certificates obtained via the
+list all of the X\&.509 certificates obtained via the
\fIOnline Certificate Store Protocol\fR
(OCSP)
.RE
@@ -958,7 +966,7 @@
.PP
\fB\-\-listcards\fR
.RS 4
-list all the smartcard and USB token devices\.
+list all the smartcard and USB token devices\&.
.RE
.PP
The corresponding options
@@ -969,148 +977,148 @@
\fB\-\-rereadaacerts\fR,
\fB\-\-rereadocspcerts\fR
\fB\-\-rereadcrls\fR, and
-\fB\-\-purgeocsp\fR, options reread this information from their respective sources, and purge all the online obtained information\. The option
+\fB\-\-purgeocsp\fR, options reread this information from their respective sources, and purge all the online obtained information\&. The option
\fB\-\-listevents\fR
-lists all pending CRL fetch commands\.
+lists all pending CRL fetch commands\&.
.PP
-More work is needed to allow for flexible policies\. Currently policy is hardwired in the source file spdb\.c\. The ISAKMP SAs may use Oakley groups MODP1024 and MODP1536; AES or 3DES encryption; SHA1\-96 and MD5\-96 authentication\. The IPsec SAs may use AES or 3DES and MD5\-96 or SHA1\-96 for ESP, or just MD5\-96 or SHA1\-96 for AH\. IPCOMP Compression is always Deflate\.
+More work is needed to allow for flexible policies\&. Currently policy is hardwired in the source file spdb\&.c\&. The ISAKMP SAs may use Oakley groups MODP1024 and MODP1536; AES or 3DES encryption; SHA1\-96 and MD5\-96 authentication\&. The IPsec SAs may use AES or 3DES and MD5\-96 or SHA1\-96 for ESP, or just MD5\-96 or SHA1\-96 for AH\&. IPCOMP Compression is always Deflate\&.
.PP
-\fB\-\-ikelifetime\fR\ \fIseconds\fR
+\fB\-\-ikelifetime\fR\ \&\fIseconds\fR
.RS 4
how long
\fBpluto\fR
-will propose that an ISAKMP SA be allowed to live\. The default is 3600 (one hour) and the maximum is 86400 (1 day)\. This option will not affect what is accepted\.
+will propose that an ISAKMP SA be allowed to live\&. The default is 3600 (one hour) and the maximum is 86400 (1 day)\&. This option will not affect what is accepted\&.
\fBpluto\fR
-will reject proposals that exceed the maximum\.
+will reject proposals that exceed the maximum\&.
.RE
.PP
-\fB\-\-ipseclifetime\fR\ \fIseconds\fR
+\fB\-\-ipseclifetime\fR\ \&\fIseconds\fR
.RS 4
how long
\fBpluto\fR
-will propose that an IPsec SA be allowed to live\. The default is 28800 (eight hours) and the maximum is 86400 (one day)\. This option will not affect what is accepted\.
+will propose that an IPsec SA be allowed to live\&. The default is 28800 (eight hours) and the maximum is 86400 (one day)\&. This option will not affect what is accepted\&.
\fBpluto\fR
-will reject proposals that exceed the maximum\.
+will reject proposals that exceed the maximum\&.
.RE
.PP
-\fB\-\-rekeymargin\fR\ \fIseconds\fR
+\fB\-\-rekeymargin\fR\ \&\fIseconds\fR
.RS 4
how long before an SA\'s expiration should
\fBpluto\fR
-try to negotiate a replacement SA\. This will only happen if
+try to negotiate a replacement SA\&. This will only happen if
\fBpluto\fR
-was the initiator\. The default is 540 (nine minutes)\.
+was the initiator\&. The default is 540 (nine minutes)\&.
.RE
.PP
-\fB\-\-rekeyfuzz\fR\ \fIpercentage\fR
+\fB\-\-rekeyfuzz\fR\ \&\fIpercentage\fR
.RS 4
-maximum size of random component to add to rekeymargin, expressed as a percentage of rekeymargin\.
+maximum size of random component to add to rekeymargin, expressed as a percentage of rekeymargin\&.
\fBpluto\fR
-will select a delay uniformly distributed within this range\. By default, the percentage will be 100\. If greater determinism is desired, specify 0\. It may be appropriate for the percentage to be much larger than 100\.
+will select a delay uniformly distributed within this range\&. By default, the percentage will be 100\&. If greater determinism is desired, specify 0\&. It may be appropriate for the percentage to be much larger than 100\&.
.RE
.PP
-\fB\-\-keyingtries\fR\ \fIcount\fR
+\fB\-\-keyingtries\fR\ \&\fIcount\fR
.RS 4
how many times
\fBpluto\fR
-should try to negotiate an SA, either for the first time or for rekeying\. A value of 0 is interpreted as a very large number: never give up\. The default is three\.
+should try to negotiate an SA, either for the first time or for rekeying\&. A value of 0 is interpreted as a very large number: never give up\&. The default is three\&.
.RE
.PP
\fB\-\-dontrekey\fR
.RS 4
-A misnomer\. Only rekey a connection if we were the Initiator and there was recent traffic on the existing connection\. This applies to Phase 1 and Phase 2\. This is currently the only automatic way for a connection to terminate\. It may be useful with Road Warrior or Opportunistic connections\.
-Since SA lifetime negotiation is take\-it\-or\-leave it, a Responder normally uses the shorter of the negotiated or the configured lifetime\. This only works because if the lifetime is shorter than negotiated, the Responder will rekey in time so that everything works\. This interacts badly with
-\fB\-\-dontrekey\fR\. In this case, the Responder will end up rekeying to rectify a shortfall in an IPsec SA lifetime; for an ISAKMP SA, the Responder will accept the negotiated lifetime\.
+A misnomer\&. Only rekey a connection if we were the Initiator and there was recent traffic on the existing connection\&. This applies to Phase 1 and Phase 2\&. This is currently the only automatic way for a connection to terminate\&. It may be useful with Road Warrior or Opportunistic connections\&.
+Since SA lifetime negotiation is take\-it\-or\-leave it, a Responder normally uses the shorter of the negotiated or the configured lifetime\&. This only works because if the lifetime is shorter than negotiated, the Responder will rekey in time so that everything works\&. This interacts badly with
+\fB\-\-dontrekey\fR\&. In this case, the Responder will end up rekeying to rectify a shortfall in an IPsec SA lifetime; for an ISAKMP SA, the Responder will accept the negotiated lifetime\&.
.RE
.PP
\fB\-\-delete\fR
.RS 4
-when used in the connection form, it causes any previous connection with this name to be deleted before this one is added\. Unlike a normal delete, no diagnostic is produced if there was no previous connection to delete\. Any routing in place for the connection is undone\.
+when used in the connection form, it causes any previous connection with this name to be deleted before this one is added\&. Unlike a normal delete, no diagnostic is produced if there was no previous connection to delete\&. Any routing in place for the connection is undone\&.
.RE
.PP
-\fB\-\-delete\fR, \fB\-\-name\fR\ \fIconnection\-name\fR
+\fB\-\-delete\fR, \fB\-\-name\fR\ \&\fIconnection\-name\fR
.RS 4
-The delete form deletes a named connection description and any SAs established or negotiations initiated using this connection\. Any routing in place for the connection is undone\.
+The delete form deletes a named connection description and any SAs established or negotiations initiated using this connection\&. Any routing in place for the connection is undone\&.
.RE
.PP
-\fB\-\-deletestate\fR\ \fIstate\-number\fR
+\fB\-\-deletestate\fR\ \&\fIstate\-number\fR
.RS 4
-The deletestate form deletes the state object with the specified serial number\. This is useful for selectively deleting instances of connections\.
+The deletestate form deletes the state object with the specified serial number\&. This is useful for selectively deleting instances of connections\&.
.RE
.PP
The route form of the
\fBwhack\fR
command tells
\fBpluto\fR
-to set up routing for a connection\. Although like a traditional route, it uses an ipsec device as a virtual interface\. Once routing is set up, no packets will be sent \(lqin the clear\(rq to the peer\'s client specified in the connection\. A TRAP shunt eroute will be installed; if outbound traffic is caught, Pluto will initiate the connection\. An explicit
+to set up routing for a connection\&. Although like a traditional route, it uses an ipsec device as a virtual interface\&. Once routing is set up, no packets will be sent \(lqin the clear\(rq to the peer\'s client specified in the connection\&. A TRAP shunt eroute will be installed; if outbound traffic is caught, Pluto will initiate the connection\&. An explicit
\fBwhack\fR
-route is not always needed: if it hasn\'t been done when an IPsec SA is being installed, one will be automatically attempted\.
+route is not always needed: if it hasn\'t been done when an IPsec SA is being installed, one will be automatically attempted\&.
.PP
-\fB\-\-route\fR, \fB\-\-name\fR\ \fIconnection\-name\fR
+\fB\-\-route\fR, \fB\-\-name\fR\ \&\fIconnection\-name\fR
.RS 4
-When a routing is attempted for a connection, there must not already be a routing for a different connection with the same subnet but different interface or destination, or if there is, it must not be being used by an IPsec SA\. Otherwise the attempt will fail\.
+When a routing is attempted for a connection, there must not already be a routing for a different connection with the same subnet but different interface or destination, or if there is, it must not be being used by an IPsec SA\&. Otherwise the attempt will fail\&.
.RE
.PP
-\fB\-\-unroute\fR, \fB\-\-name\fR\ \fIconnection\-name\fR
+\fB\-\-unroute\fR, \fB\-\-name\fR\ \&\fIconnection\-name\fR
.RS 4
The unroute form of the
\fBwhack\fR
command tells
\fBpluto\fR
-to undo a routing\.
+to undo a routing\&.
\fBpluto\fR
-will refuse if an IPsec SA is using the connection\. If another connection is sharing the same routing, it will be left in place\. Without a routing, packets will be sent without encryption or authentication\.
+will refuse if an IPsec SA is using the connection\&. If another connection is sharing the same routing, it will be left in place\&. Without a routing, packets will be sent without encryption or authentication\&.
.RE
.PP
The initiate form tells
\fBpluto\fR
to initiate a negotiation with another
\fBpluto\fR
-(or other IKE daemon) according to the named connection\. Initiation requires a route that
+(or other IKE daemon) according to the named connection\&. Initiation requires a route that
\fB\-\-route\fR
would provide; if none is in place at the time an IPsec SA is being installed,
\fBpluto\fR
-attempts to set one up\.
+attempts to set one up\&.
.PP
-\fB\-\-initiate\fR, \fB\-\-name\fR\ \fIconnection\-name\fR, \fB\-\-asynchronous\fR
+\fB\-\-initiate\fR, \fB\-\-name\fR\ \&\fIconnection\-name\fR, \fB\-\-asynchronous\fR
.RS 4
The initiate form of the
\fBwhack\fR
command will relay back from
\fBpluto\fR
-status information via the UNIX domain socket (unless \-\-asynchronous is specified)\. The status information is meant to look a bit like that from
-\fBFTP\fR\. Currently
+status information via the UNIX domain socket (unless \-\-asynchronous is specified)\&. The status information is meant to look a bit like that from
+\fBFTP\fR\&. Currently
\fBwhack\fR
-simply copies this to stderr\. When the request is finished (eg\. the SAs are established or
+simply copies this to stderr\&. When the request is finished (eg\&. the SAs are established or
\fBpluto\fR
gives up),
\fBpluto\fR
closes the channel, causing
\fBwhack\fR
-to terminate\.
+to terminate\&.
.RE
.PP
-The opportunistic initiate form is mainly used for debugging\.
+The opportunistic initiate form is mainly used for debugging\&.
.PP
-\fB\-\-tunnelipv4\fR, \fB\-\-tunnelipv6\fR, \fB\-\-oppohere\fR\ \fIip\-address\fR, \fB\-\-oppothere\fR\ \fIip\-address\fR
+\fB\-\-tunnelipv4\fR, \fB\-\-tunnelipv6\fR, \fB\-\-oppohere\fR\ \&\fIip\-address\fR, \fB\-\-oppothere\fR\ \&\fIip\-address\fR
.RS 4
This will cause
\fBpluto\fR
-to attempt to opportunistically initiate a connection from here to the there, even if a previous attempt had been made\. The whack log will show the progress of this attempt\.
+to attempt to opportunistically initiate a connection from here to the there, even if a previous attempt had been made\&. The whack log will show the progress of this attempt\&.
.RE
.PP
Ending an connection
.PP
-\fB\-\-terminate\fR, \fB\-\-name\fR\ \fIconnection\-name\fR
+\fB\-\-terminate\fR, \fB\-\-name\fR\ \&\fIconnection\-name\fR
.RS 4
the terminate form tells
\fIpluto\fR
-to delete any sas that use the specified connection and to stop any negotiations in process\. it does not prevent new negotiations from starting (the delete form has this effect)\.
+to delete any sas that use the specified connection and to stop any negotiations in process\&. it does not prevent new negotiations from starting (the delete form has this effect)\&.
.RE
.PP
-\fB\-\-crash\fR\ \fIip\-address\fR
+\fB\-\-crash\fR\ \&\fIip\-address\fR
.RS 4
-If the remote peer has crashed, and therefor did not notify us, we keep sending encrypted traffic, and rejecting all plaintext (non\-IKE) traffic from that remote peer\. The
+If the remote peer has crashed, and therefor did not notify us, we keep sending encrypted traffic, and rejecting all plaintext (non\-IKE) traffic from that remote peer\&. The
\fB\-\-crash\fR
brings our end down as well for all the known connections to the specified
\fIip\-address\fR
@@ -1119,14 +1127,14 @@
\fB\-\-whackrecord\fR\fIfilename\fR, \fB\-\-whackstoprecord\fR
.RS 4
this causes
-\fIpluto\fRto open the given filename for write, and record each of the messages received from whack or addconn\. This continues until the whackstoprecord option is used\. This option may not be combined with any other command\. The start/stop commands are not recorded themselves\. These files are usually used to create input files for unit tests, particularly for complex setups where policies may in fact overlap\.
+\fIpluto\fRto open the given filename for write, and record each of the messages received from whack or addconn\&. This continues until the whackstoprecord option is used\&. This option may not be combined with any other command\&. The start/stop commands are not recorded themselves\&. These files are usually used to create input files for unit tests, particularly for complex setups where policies may in fact overlap\&.
.sp
-The format of the file consists of a line starting with #!pluto\-whack and the date that the file was started, as well as the hostname, and a linefeed\. What follows are binary format records consisting of a 32\-bit record length in bytes, (including the length record itself), a 64\-bit timestamp, and then the literal contents of the whack message that was received\. All integers are in host format\. In order to unambigously determine the host order, the first record is an empty record that contains only the current WHACK_MAGIC value\. This record is 16 bytes long\.
+The format of the file consists of a line starting with #!pluto\-whack and the date that the file was started, as well as the hostname, and a linefeed\&. What follows are binary format records consisting of a 32\-bit record length in bytes, (including the length record itself), a 64\-bit timestamp, and then the literal contents of the whack message that was received\&. All integers are in host format\&. In order to unambigously determine the host order, the first record is an empty record that contains only the current WHACK_MAGIC value\&. This record is 16 bytes long\&.
.RE
.PP
\fIip\-address\fR
.RS 4
-If the remote peer has crashed, and therefor did not notify us, we keep sending encrypted traffic, and rejecting all plaintext (non\-IKE) traffic from that remote peer\. The
+If the remote peer has crashed, and therefor did not notify us, we keep sending encrypted traffic, and rejecting all plaintext (non\-IKE) traffic from that remote peer\&. The
\fB\-\-crash\fR
brings our end down as well for all the known connections to the specified
\fIip\-address\fR
@@ -1134,64 +1142,64 @@
.PP
The public key for informs
\fBpluto\fR
-of the RSA public key for a potential peer\. Private keys must be kept secret, so they are kept in
-\fBipsec.secrets\fR(5)\.
+of the RSA public key for a potential peer\&. Private keys must be kept secret, so they are kept in
+\fBipsec.secrets\fR(5)\&.
.PP
-\fB\-\-keyid\ \fR\fIid\fR
+\fB\-\-keyid\ \&\fR\fIid\fR
.RS 4
-specififies the identity of the peer for which a public key should be used\. Its form is identical to the identity in the connection\. If no public key is specified,
+specififies the identity of the peer for which a public key should be used\&. Its form is identical to the identity in the connection\&. If no public key is specified,
\fBpluto\fR
-attempts to find KEY records from DNS for the id (if a FQDN) or through reverse lookup (if an IP address)\. Note that there several interesting ways in which this is not secure\.
+attempts to find KEY records from DNS for the id (if a FQDN) or through reverse lookup (if an IP address)\&. Note that there several interesting ways in which this is not secure\&.
.RE
.PP
\fB\-\-addkey\fR
.RS 4
-specifies that the new key is added to the collection; otherwise the new key replaces any old ones\.
+specifies that the new key is added to the collection; otherwise the new key replaces any old ones\&.
.RE
.PP
-\fB\-\-pubkeyrsa\ \fR\fIkey\fR
+\fB\-\-pubkeyrsa\ \&\fR\fIkey\fR
.RS 4
-specifies the value of the RSA public key\. It is a sequence of bytes as described in RFC 2537 \(lqRSA/MD5 KEYs and SIGs in the Domain Name System (DNS)\(rq\. It is denoted in a way suitable for
-\fBipsec_ttodata\fR(3)\. For example, a base 64 numeral starts with 0s\.
+specifies the value of the RSA public key\&. It is a sequence of bytes as described in RFC 2537 \(lqRSA/MD5 KEYs and SIGs in the Domain Name System (DNS)\(rq\&. It is denoted in a way suitable for
+\fBipsec_ttodata\fR(3)\&. For example, a base 64 numeral starts with 0s\&.
.RE
.PP
The listen form tells
\fBpluto\fR
-to start listening for IKE requests on its public interfaces\. To avoid race conditions, it is normal to load the appropriate connections into
+to start listening for IKE requests on its public interfaces\&. To avoid race conditions, it is normal to load the appropriate connections into
\fBpluto\fR
-before allowing it to listen\. If
+before allowing it to listen\&. If
\fBpluto\fR
-isn\'t listening, it is pointless to initiate negotiations, so it will refuse requests to do so\. Whenever the listen form is used,
+isn\'t listening, it is pointless to initiate negotiations, so it will refuse requests to do so\&. Whenever the listen form is used,
\fBpluto\fR
-looks for public interfaces and will notice when new ones have been added and when old ones have been removed\. This is also the trigger for
+looks for public interfaces and will notice when new ones have been added and when old ones have been removed\&. This is also the trigger for
\fBpluto\fR
to read the
-\fIipsec\.secrets\fR
-file\. So listen may useful more than once\.
+\fIipsec\&.secrets\fR
+file\&. So listen may useful more than once\&.
.PP
\fB\-\-listen\fR
.RS 4
-start listening for IKE traffic on public interfaces\.
+start listening for IKE traffic on public interfaces\&.
.RE
.PP
\fB\-\-unlisten\fR
.RS 4
-stop listening for IKE traffic on public interfaces\.
+stop listening for IKE traffic on public interfaces\&.
.RE
.PP
The status form will display information about the internal state of
\fBpluto\fR: information about each potential connection, about each state object, and about each shunt that
\fBpluto\fR
-is managing without an associated connection\.
+is managing without an associated connection\&.
.PP
\fB\-\-status\fR
.RS 4
.RE
.PP
The shutdown form is the proper way to shut down
-\fBpluto\fR\. It will tear down the SAs on this machine that
+\fBpluto\fR\&. It will tear down the SAs on this machine that
\fBpluto\fR
-has negotiated\. It does not inform its peers, so the SAs on their machines remain\.
+has negotiated\&. It does not inform its peers, so the SAs on their machines remain\&.
.PP
\fB\-\-shutdown\fR
.RS 4
@@ -1200,92 +1208,92 @@
.PP
It would be normal to start
\fBpluto\fR
-in one of the system initialization scripts\. It needs to be run by the superuser\. Generally, no arguments are needed\. To run in manually, the superuser can simply type
+in one of the system initialization scripts\&. It needs to be run by the superuser\&. Generally, no arguments are needed\&. To run in manually, the superuser can simply type
.PP
-\ \ \ ipsec pluto
+\ \&\ \&\ \&ipsec pluto
.PP
The command will immediately return, but a
\fBpluto\fR
process will be left running, waiting for requests from
\fBwhack\fR
-or a peer\.
+or a peer\&.
.PP
Using
\fBwhack\fR, several potential connections would be described:
.PP
-\ \ \ ipsec whack \-\-name\ silly \-\-host\ 127\.0\.0\.1 \-\-to \-\-host\ 127\.0\.0\.2 \-\-ikelifetime\ 900 \-\-ipseclifetime\ 800 \-\-keyingtries\ 3
+\ \&\ \&\ \&ipsec whack \-\-name\ \&silly \-\-host\ \&127\&.0\&.0\&.1 \-\-to \-\-host\ \&127\&.0\&.0\&.2 \-\-ikelifetime\ \&900 \-\-ipseclifetime\ \&800 \-\-keyingtries\ \&3
.PP
-Since this silly connection description specifies neither encryption, authentication, nor tunneling, it could only be used to establish an ISAKMP SA\.
+Since this silly connection description specifies neither encryption, authentication, nor tunneling, it could only be used to establish an ISAKMP SA\&.
.PP
-\ \ \ ipsec whack \-\-name\ secret \-\-host\ 10\.0\.0\.1 \-\-client\ 10\.0\.1\.0/24 \-\-to \-\-host\ 10\.0\.0\.2 \-\-client\ 10\.0\.2\.0/24 \-\-encrypt
+\ \&\ \&\ \&ipsec whack \-\-name\ \&secret \-\-host\ \&10\&.0\&.0\&.1 \-\-client\ \&10\&.0\&.1\&.0/24 \-\-to \-\-host\ \&10\&.0\&.0\&.2 \-\-client\ \&10\&.0\&.2\&.0/24 \-\-encrypt
.PP
-This is something that must be done on both sides\. If the other side is
+This is something that must be done on both sides\&. If the other side is
\fBpluto\fR, the same
\fBwhack\fR
-command could be used on it (the command syntax is designed to not distinguish which end is ours)\.
+command could be used on it (the command syntax is designed to not distinguish which end is ours)\&.
.PP
Now that the connections are specified,
\fBpluto\fR
-is ready to handle requests and replies via the public interfaces\. We must tell it to discover those interfaces and start accepting messages from peers:
+is ready to handle requests and replies via the public interfaces\&. We must tell it to discover those interfaces and start accepting messages from peers:
.PP
-\ \ \ ipsec whack \-\-listen
+\ \&\ \&\ \&ipsec whack \-\-listen
.PP
-If we don\'t immediately wish to bring up a secure connection between the two clients, we might wish to prevent insecure traffic\. The routing form asks
+If we don\'t immediately wish to bring up a secure connection between the two clients, we might wish to prevent insecure traffic\&. The routing form asks
\fBpluto\fR
to cause the packets sent from our client to the peer\'s client to be routed through the ipsec0 device; if there is no SA, they will be discarded:
.PP
-\ \ \ ipsec whack \-\-route secret
+\ \&\ \&\ \&ipsec whack \-\-route secret
.PP
Finally, we are ready to get
\fBpluto\fR
to initiate negotiation for an IPsec SA (and implicitly, an ISAKMP SA):
.PP
-\ \ \ ipsec whack \-\-initiate\ \-\-name\ secret
+\ \&\ \&\ \&ipsec whack \-\-initiate\ \&\-\-name\ \&secret
.PP
-A small log of interesting events will appear on standard output (other logging is sent to syslog)\.
+A small log of interesting events will appear on standard output (other logging is sent to syslog)\&.
.PP
\fBwhack\fR
can also be used to terminate
\fBpluto\fR
-cleanly, tearing down all SAs that it has negotiated\.
+cleanly, tearing down all SAs that it has negotiated\&.
.PP
-\ \ \ ipsec whack \-\-shutdown
+\ \&\ \&\ \&ipsec whack \-\-shutdown
.PP
-Notification of any IPSEC SA deletion, but not ISAKMP SA deletion is sent to the peer\. Unfortunately, such Notification is not reliable\. Furthermore,
+Notification of any IPSEC SA deletion, but not ISAKMP SA deletion is sent to the peer\&. Unfortunately, such Notification is not reliable\&. Furthermore,
\fBpluto\fR
-itself ignores Notifications\.
+itself ignores Notifications\&.
.SS "XAUTH"
.PP
If
\fBpluto\fR
needs additional authentication, such as defined by the XAUTH specifications, then it may ask
\fBwhack\fR
-to prompt the operator for username or passwords\. Typically, these will be entered interactively\. A GUI that wraps around
+to prompt the operator for username or passwords\&. Typically, these will be entered interactively\&. A GUI that wraps around
\fBwhack\fR
-may look for the 041 (username) or 040 (password) prompts, and display them to the user\.
+may look for the 041 (username) or 040 (password) prompts, and display them to the user\&.
.PP
For testing purposes, the options
-\fB\-\-xauthuser\ \fR\fIuser\fR
-\fB\-\-xauthpass\ \fR\fIpass\fR
+\fB\-\-xauthuser\ \&\fR\fIuser\fR
+\fB\-\-xauthpass\ \&\fR\fIpass\fR
may be be given prior to the
-\fB\-\-initiate\ \fR
-to provide responses to the username and password prompts\.
+\fB\-\-initiate\ \&\fR
+to provide responses to the username and password prompts\&.
.SS "The updown command"
.PP
Whenever
\fBpluto\fR
-brings a connection up or down, it invokes the updown command\. This command is specified using the
+brings a connection up or down, it invokes the updown command\&. This command is specified using the
\fB\-\-updown\fR
-option\. This allows for customized control over routing and firewall manipulation\.
+option\&. This allows for customized control over routing and firewall manipulation\&.
.PP
-The updown is invoked for five different operations\. Each of these operations can be for our client subnet or for our host itself\.
+The updown is invoked for five different operations\&. Each of these operations can be for our client subnet or for our host itself\&.
.PP
\fBprepare\-host\fR or \fBprepare\-client\fR
.RS 4
-is run before bringing up a new connection if no other connection with the same clients is up\. Generally, this is useful for deleting a route that might have been set up before
+is run before bringing up a new connection if no other connection with the same clients is up\&. Generally, this is useful for deleting a route that might have been set up before
\fBpluto\fR
was run or perhaps by some agent not known to
-\fBpluto\fR\.
+\fBpluto\fR\&.
.RE
.PP
\fBroute\-host\fR or \fBroute\-client\fR
@@ -1294,33 +1302,33 @@
\fBprepare\-host\fR
or
\fBprepare\-client\fR
-was run)\. The command should install a suitable route\. Routing decisions are based only on the destination (peer\'s client) subnet address, unlike eroutes which discriminate based on source too\.
+was run)\&. The command should install a suitable route\&. Routing decisions are based only on the destination (peer\'s client) subnet address, unlike eroutes which discriminate based on source too\&.
.RE
.PP
\fBunroute\-host\fR or \fBunroute\-client\fR
.RS 4
-is run when bringing down the last connection for a particular peer client subnet\. It should undo what the
+is run when bringing down the last connection for a particular peer client subnet\&. It should undo what the
\fBroute\-host\fR
or
\fBroute\-client\fR
-did\.
+did\&.
.RE
.PP
\fBup\-host\fR or \fBup\-client\fR
.RS 4
-is run when bringing up a tunnel eroute with a pair of client subnets that does not already have a tunnel eroute\. This command should install firewall rules as appropriate\. It is generally a good idea to allow IKE messages (UDP port 500) travel between the hosts\.
+is run when bringing up a tunnel eroute with a pair of client subnets that does not already have a tunnel eroute\&. This command should install firewall rules as appropriate\&. It is generally a good idea to allow IKE messages (UDP port 500) travel between the hosts\&.
.RE
.PP
\fBdown\-host\fR or \fBdown\-client\fR
.RS 4
-is run when bringing down the eroute for a pair of client subnets\. This command should delete firewall rules as appropriate\. Note that there may remain some inbound IPsec SAs with these client subnets\.
+is run when bringing down the eroute for a pair of client subnets\&. This command should delete firewall rules as appropriate\&. Note that there may remain some inbound IPsec SAs with these client subnets\&.
.RE
.PP
-The script is passed a large number of environment variables to specify what needs to be done\.
+The script is passed a large number of environment variables to specify what needs to be done\&.
.PP
\fBPLUTO_VERSION\fR
.RS 4
-indicates what version of this interface is being used\. This document describes version 1\.1\. This is upwardly compatible with version 1\.0\.
+indicates what version of this interface is being used\&. This document describes version 1\&.1\&. This is upwardly compatible with version 1\&.0\&.
.RE
.PP
\fBPLUTO_VERB\fR
@@ -1330,205 +1338,205 @@
\fBup\-host\fR,
\fBup\-client\fR,
\fBdown\-host\fR, or
-\fBdown\-client\fR)\. If the address family for security gateway to security gateway communications is IPv6, then a suffix of \-v6 is added to the verb\.
+\fBdown\-client\fR)\&. If the address family for security gateway to security gateway communications is IPv6, then a suffix of \-v6 is added to the verb\&.
.RE
.PP
\fBPLUTO_CONNECTION\fR
.RS 4
-is the name of the connection for which we are routing\.
+is the name of the connection for which we are routing\&.
.RE
.PP
\fBPLUTO_NEXT_HOP\fR
.RS 4
-is the next hop to which packets bound for the peer must be sent\.
+is the next hop to which packets bound for the peer must be sent\&.
.RE
.PP
\fBPLUTO_INTERFACE\fR
.RS 4
-is the name of the ipsec interface to be used\.
+is the name of the ipsec interface to be used\&.
.RE
.PP
\fBPLUTO_ME\fR
.RS 4
-is the IP address of our host\.
+is the IP address of our host\&.
.RE
.PP
\fBPLUTO_MY_CLIENT\fR
.RS 4
-is the IP address / count of our client subnet\. If the client is just the host, this will be the host\'s own IP address / max (where max is 32 for IPv4 and 128 for IPv6)\.
+is the IP address / count of our client subnet\&. If the client is just the host, this will be the host\'s own IP address / max (where max is 32 for IPv4 and 128 for IPv6)\&.
.RE
.PP
\fBPLUTO_MY_CLIENT_NET\fR
.RS 4
-is the IP address of our client net\. If the client is just the host, this will be the host\'s own IP address\.
+is the IP address of our client net\&. If the client is just the host, this will be the host\'s own IP address\&.
.RE
.PP
\fBPLUTO_MY_CLIENT_MASK\fR
.RS 4
-is the mask for our client net\. If the client is just the host, this will be 255\.255\.255\.255\.
+is the mask for our client net\&. If the client is just the host, this will be 255\&.255\&.255\&.255\&.
.RE
.PP
\fBPLUTO_PEER\fR
.RS 4
-is the IP address of our peer\.
+is the IP address of our peer\&.
.RE
.PP
\fBPLUTO_PEER_CLIENT\fR
.RS 4
-is the IP address / count of the peer\'s client subnet\. If the client is just the peer, this will be the peer\'s own IP address / max (where max is 32 for IPv4 and 128 for IPv6)\.
+is the IP address / count of the peer\'s client subnet\&. If the client is just the peer, this will be the peer\'s own IP address / max (where max is 32 for IPv4 and 128 for IPv6)\&.
.RE
.PP
\fBPLUTO_PEER_CLIENT_NET\fR
.RS 4
-is the IP address of the peer\'s client net\. If the client is just the peer, this will be the peer\'s own IP address\.
+is the IP address of the peer\'s client net\&. If the client is just the peer, this will be the peer\'s own IP address\&.
.RE
.PP
\fBPLUTO_PEER_CLIENT_MASK\fR
.RS 4
-is the mask for the peer\'s client net\. If the client is just the peer, this will be 255\.255\.255\.255\.
+is the mask for the peer\'s client net\&. If the client is just the peer, this will be 255\&.255\&.255\&.255\&.
.RE
.PP
\fBPLUTO_MY_PROTOCOL\fR
.RS 4
-lists the protocols allowed over this IPsec SA\.
+lists the protocols allowed over this IPsec SA\&.
.RE
.PP
\fBPLUTO_PEER_PROTOCOL\fR
.RS 4
-lists the protocols the peer allows over this IPsec SA\.
+lists the protocols the peer allows over this IPsec SA\&.
.RE
.PP
\fBPLUTO_MY_PORT\fR
.RS 4
-lists the ports allowed over this IPsec SA\.
+lists the ports allowed over this IPsec SA\&.
.RE
.PP
\fBPLUTO_PEER_PORT\fR
.RS 4
-lists the ports the peer allows over this IPsec SA\.
+lists the ports the peer allows over this IPsec SA\&.
.RE
.PP
\fBPLUTO_MY_ID\fR
.RS 4
-lists our id\.
+lists our id\&.
.RE
.PP
\fBPLUTO_PEER_ID\fR
.RS 4
-Dlists our peer\'s id\.
+Dlists our peer\'s id\&.
.RE
.PP
\fBPLUTO_PEER_CA\fR
.RS 4
-lists the peer\'s CA\.
+lists the peer\'s CA\&.
.RE
.PP
-All output sent by the script to stderr or stdout is logged\. The script should return an exit status of 0 if and only if it succeeds\.
+All output sent by the script to stderr or stdout is logged\&. The script should return an exit status of 0 if and only if it succeeds\&.
.PP
\fBPluto\fR
-waits for the script to finish and will not do any other processing while it is waiting\. The script may assume that
+waits for the script to finish and will not do any other processing while it is waiting\&. The script may assume that
\fBpluto\fR
-will not change anything while the script runs\. The script should avoid doing anything that takes much time and it should not issue any command that requires processing by
-\fBpluto\fR\. Either of these activities could be performed by a background subprocess of the script\.
+will not change anything while the script runs\&. The script should avoid doing anything that takes much time and it should not issue any command that requires processing by
+\fBpluto\fR\&. Either of these activities could be performed by a background subprocess of the script\&.
.SS "Rekeying"
.PP
When an SA that was initiated by
\fBpluto\fR
has only a bit of lifetime left,
\fBpluto\fR
-will initiate the creation of a new SA\. This applies to ISAKMP and IPsec SAs\. The rekeying will be initiated when the SA\'s remaining lifetime is less than the rekeymargin plus a random percentage, between 0 and rekeyfuzz, of the rekeymargin\.
+will initiate the creation of a new SA\&. This applies to ISAKMP and IPsec SAs\&. The rekeying will be initiated when the SA\'s remaining lifetime is less than the rekeymargin plus a random percentage, between 0 and rekeyfuzz, of the rekeymargin\&.
.PP
Similarly, when an SA that was initiated by the peer has only a bit of lifetime left,
\fBpluto\fR
-will try to initiate the creation of a replacement\. To give preference to the initiator, this rekeying will only be initiated when the SA\'s remaining lifetime is half of rekeymargin\. If rekeying is done by the responder, the roles will be reversed: the responder for the old SA will be the initiator for the replacement\. The former initiator might also initiate rekeying, so there may be redundant SAs created\. To avoid these complications, make sure that rekeymargin is generous\.
+will try to initiate the creation of a replacement\&. To give preference to the initiator, this rekeying will only be initiated when the SA\'s remaining lifetime is half of rekeymargin\&. If rekeying is done by the responder, the roles will be reversed: the responder for the old SA will be the initiator for the replacement\&. The former initiator might also initiate rekeying, so there may be redundant SAs created\&. To avoid these complications, make sure that rekeymargin is generous\&.
.PP
-One risk of having the former responder initiate is that perhaps none of its proposals is acceptable to the former initiator (they have not been used in a successful negotiation)\. To reduce the chances of this happening, and to prevent loss of security, the policy settings are taken from the old SA (this is the case even if the former initiator is initiating)\. These may be stricter than those of the connection\.
+One risk of having the former responder initiate is that perhaps none of its proposals is acceptable to the former initiator (they have not been used in a successful negotiation)\&. To reduce the chances of this happening, and to prevent loss of security, the policy settings are taken from the old SA (this is the case even if the former initiator is initiating)\&. These may be stricter than those of the connection\&.
.PP
\fBpluto\fR
-will not rekey an SA if that SA is not the most recent of its type (IPsec or ISAKMP) for its potential connection\. This avoids creating redundant SAs\.
+will not rekey an SA if that SA is not the most recent of its type (IPsec or ISAKMP) for its potential connection\&. This avoids creating redundant SAs\&.
.PP
-The random component in the rekeying time (rekeyfuzz) is intended to make certain pathological patterns of rekeying unstable\. If both sides decide to rekey at the same time, twice as many SAs as necessary are created\. This could become a stable pattern without the randomness\.
+The random component in the rekeying time (rekeyfuzz) is intended to make certain pathological patterns of rekeying unstable\&. If both sides decide to rekey at the same time, twice as many SAs as necessary are created\&. This could become a stable pattern without the randomness\&.
.PP
-Another more important case occurs when a security gateway has SAs with many other security gateways\. Each of these connections might need to be rekeyed at the same time\. This would cause a high peek requirement for resources (network bandwidth, CPU time, entropy for random numbers)\. The rekeyfuzz can be used to stagger the rekeying times\.
+Another more important case occurs when a security gateway has SAs with many other security gateways\&. Each of these connections might need to be rekeyed at the same time\&. This would cause a high peek requirement for resources (network bandwidth, CPU time, entropy for random numbers)\&. The rekeyfuzz can be used to stagger the rekeying times\&.
.PP
Once a new set of SAs has been negotiated,
\fBpluto\fR
-will never send traffic on a superseded one\. Traffic will be accepted on an old SA until it expires\.
+will never send traffic on a superseded one\&. Traffic will be accepted on an old SA until it expires\&.
.SS "Selecting a Connection When Responding: Road Warrior Support"
.PP
When
\fBpluto\fR
-receives an initial Main Mode message, it needs to decide which connection this message is for\. It picks based solely on the source and destination IP addresses of the message\. There might be several connections with suitable IP addresses, in which case one of them is arbitrarily chosen\. (The ISAKMP SA proposal contained in the message could be taken into account, but it is not\.)
+receives an initial Main Mode message, it needs to decide which connection this message is for\&. It picks based solely on the source and destination IP addresses of the message\&. There might be several connections with suitable IP addresses, in which case one of them is arbitrarily chosen\&. (The ISAKMP SA proposal contained in the message could be taken into account, but it is not\&.)
.PP
-The ISAKMP SA is negotiated before the parties pass further identifying information, so all ISAKMP SA characteristics specified in the connection description should be the same for every connection with the same two host IP addresses\. At the moment, the only characteristic that might differ is authentication method\.
+The ISAKMP SA is negotiated before the parties pass further identifying information, so all ISAKMP SA characteristics specified in the connection description should be the same for every connection with the same two host IP addresses\&. At the moment, the only characteristic that might differ is authentication method\&.
.PP
-Up to this point, all configuring has presumed that the IP addresses are known to all parties ahead of time\. This will not work when either end is mobile (or assigned a dynamic IP address for other reasons)\. We call this situation \(lqRoad Warrior\(rq\. It is fairly tricky and has some important limitations, most of which are features of the IKE protocol\.
+Up to this point, all configuring has presumed that the IP addresses are known to all parties ahead of time\&. This will not work when either end is mobile (or assigned a dynamic IP address for other reasons)\&. We call this situation \(lqRoad Warrior\(rq\&. It is fairly tricky and has some important limitations, most of which are features of the IKE protocol\&.
.PP
-Only the initiator may be mobile: the initiator may have an IP number unknown to the responder\. When the responder doesn\'t recognize the IP address on the first Main Mode packet, it looks for a connection with itself as one end and
+Only the initiator may be mobile: the initiator may have an IP number unknown to the responder\&. When the responder doesn\'t recognize the IP address on the first Main Mode packet, it looks for a connection with itself as one end and
\fB%any\fR
-as the other\. If it cannot find one, it refuses to negotiate\. If it does find one, it creates a temporary connection that is a duplicate except with the
+as the other\&. If it cannot find one, it refuses to negotiate\&. If it does find one, it creates a temporary connection that is a duplicate except with the
\fB%any\fR
-replaced by the source IP address from the packet; if there was no identity specified for the peer, the new IP address will be used\.
+replaced by the source IP address from the packet; if there was no identity specified for the peer, the new IP address will be used\&.
.PP
When
\fBpluto\fR
is using one of these temporary connections and needs to find the preshared secret or RSA private key in
-\fIipsec\.secrets\fR, and and the connection specified no identity for the peer,
+\fIipsec\&.secrets\fR, and and the connection specified no identity for the peer,
\fB%any\fR
-is used as its identity\. After all, the real IP address was apparently unknown to the configuration, so it is unreasonable to require that it be used in this table\.
+is used as its identity\&. After all, the real IP address was apparently unknown to the configuration, so it is unreasonable to require that it be used in this table\&.
.PP
Part way into the Phase 1 (Main Mode) negotiation using one of these temporary connection descriptions,
\fBpluto\fR
-will be receive an Identity Payload\. At this point,
+will be receive an Identity Payload\&. At this point,
\fBpluto\fR
-checks for a more appropriate connection, one with an identity for the peer that matches the payload but which would use the same keys so\-far used for authentication\. If it finds one, it will switch to using this better connection (or a temporary derived from this, if it has
+checks for a more appropriate connection, one with an identity for the peer that matches the payload but which would use the same keys so\-far used for authentication\&. If it finds one, it will switch to using this better connection (or a temporary derived from this, if it has
\fB%any\fR
-for the peer\'s IP address)\. It may even turn out that no connection matches the newly discovered identity, including the current connection; if so,
+for the peer\'s IP address)\&. It may even turn out that no connection matches the newly discovered identity, including the current connection; if so,
\fBpluto\fR
-terminates negotiation\.
+terminates negotiation\&.
.PP
-Unfortunately, if preshared secret authentication is being used, the Identity Payload is encrypted using this secret, so the secret must be selected by the responder without knowing this payload\. This limits there to being at most one preshared secret for all Road Warrior systems connecting to a host\. RSA Signature authentications does not require that the responder know how to select the initiator\'s public key until after the initiator\'s Identity Payload is decoded (using the responder\'s private key, so that must be preselected)\.
+Unfortunately, if preshared secret authentication is being used, the Identity Payload is encrypted using this secret, so the secret must be selected by the responder without knowing this payload\&. This limits there to being at most one preshared secret for all Road Warrior systems connecting to a host\&. RSA Signature authentications does not require that the responder know how to select the initiator\'s public key until after the initiator\'s Identity Payload is decoded (using the responder\'s private key, so that must be preselected)\&.
.PP
When
\fBpluto\fR
-is responding to a Quick Mode negotiation via one of these temporary connection descriptions, it may well find that the subnets specified by the initiator don\'t match those in the temporary connection description\. If so, it will look for a connection with matching subnets, its own host address, a peer address of
+is responding to a Quick Mode negotiation via one of these temporary connection descriptions, it may well find that the subnets specified by the initiator don\'t match those in the temporary connection description\&. If so, it will look for a connection with matching subnets, its own host address, a peer address of
\fB%any\fR
-and matching identities\. If it finds one, a new temporary connection is derived from this one and used for the Quick Mode negotiation of IPsec SAs\. If it does not find one,
+and matching identities\&. If it finds one, a new temporary connection is derived from this one and used for the Quick Mode negotiation of IPsec SAs\&. If it does not find one,
\fBpluto\fR
-terminates negotiation\.
+terminates negotiation\&.
.PP
Be sure to specify an appropriate nexthop for the responder to send a message to the initiator:
\fBpluto\fR
has no way of guessing it (if forwarding isn\'t required, use an explicit
\fB%direct\fR
as the nexthop and the IP address of the initiator will be filled in; the obsolete notation
-0\.0\.0\.0
-is still accepted)\.
+0\&.0\&.0\&.0
+is still accepted)\&.
.PP
\fBpluto\fR
-has no special provision for the initiator side\. The current (possibly dynamic) IP address and nexthop must be used in defining connections\. These must be properly configured each time the initiator\'s IP address changes\.
+has no special provision for the initiator side\&. The current (possibly dynamic) IP address and nexthop must be used in defining connections\&. These must be properly configured each time the initiator\'s IP address changes\&.
\fBpluto\fR
-has no mechanism to do this automatically\.
+has no mechanism to do this automatically\&.
.PP
-Although we call this Road Warrior Support, it could also be used to support encrypted connections with anonymous initiators\. The responder\'s organization could announce the preshared secret that would be used with unrecognized initiators and let anyone connect\. Of course the initiator\'s identity would not be authenticated\.
+Although we call this Road Warrior Support, it could also be used to support encrypted connections with anonymous initiators\&. The responder\'s organization could announce the preshared secret that would be used with unrecognized initiators and let anyone connect\&. Of course the initiator\'s identity would not be authenticated\&.
.PP
If any Road Warrior connections are supported,
\fBpluto\fR
-cannot reject an exchange initiated by an unknown host until it has determined that the secret is not shared or the signature is invalid\. This must await the third Main Mode message from the initiator\. If no Road Warrior connection is supported, the first message from an unknown source would be rejected\. This has implications for ease of debugging configurations and for denial of service attacks\.
+cannot reject an exchange initiated by an unknown host until it has determined that the secret is not shared or the signature is invalid\&. This must await the third Main Mode message from the initiator\&. If no Road Warrior connection is supported, the first message from an unknown source would be rejected\&. This has implications for ease of debugging configurations and for denial of service attacks\&.
.PP
-Although a Road Warrior connection must be initiated by the mobile side, the other side can and will rekey using the temporary connection it has created\. If the Road Warrior wishes to be able to disconnect, it is probably wise to set
+Although a Road Warrior connection must be initiated by the mobile side, the other side can and will rekey using the temporary connection it has created\&. If the Road Warrior wishes to be able to disconnect, it is probably wise to set
\fB\-\-keyingtries\fR
-to 1 in the connection on the non\-mobile side to prevent it trying to rekey the connection\. Unfortunately, there is no mechanism to unroute the connection automatically\.
+to 1 in the connection on the non\-mobile side to prevent it trying to rekey the connection\&. Unfortunately, there is no mechanism to unroute the connection automatically\&.
.SS "Debugging"
.PP
\fBpluto\fR
-accepts several optional arguments, useful mostly for debugging\. Except for
-\fB\-\-interface\fR, each should appear at most once\.
+accepts several optional arguments, useful mostly for debugging\&. Except for
+\fB\-\-interface\fR, each should appear at most once\&.
.PP
\fB\-\-interface\fR \fIinterfacename\fR
.RS 4
-specifies that the named real public network interface should be considered\. The interface name specified should not be
-\fBipsec\fR\fIN\fR\. If the option doesn\'t appear, all interfaces are considered\. To specify several interfaces, use the option once for each\. One use of this option is to specify which interface should be used when two or more share the same IP address\.
+specifies that the named real public network interface should be considered\&. The interface name specified should not be
+\fBipsec\fR\fIN\fR\&. If the option doesn\'t appear, all interfaces are considered\&. To specify several interfaces, use the option once for each\&. One use of this option is to specify which interface should be used when two or more share the same IP address\&.
.RE
.PP
\fB\-\-ikeport\fR \fIport\-number\fR
@@ -1540,53 +1548,53 @@
.PP
\fB\-\-ctlbase\fR \fIpath\fR
.RS 4
-basename for control files\.
-\fIpath\fR\.ctl is the socket through which
+basename for control files\&.
+\fIpath\fR\&.ctl is the socket through which
\fBwhack\fR
communicates with
-\fBpluto\fR\.
-\fIpath\fR\.pid is the lockfile to prevent multiple
+\fBpluto\fR\&.
+\fIpath\fR\&.pid is the lockfile to prevent multiple
\fBpluto\fR
-instances\. The default is
-\fI/var/run/pluto/pluto\fR)\.
+instances\&. The default is
+/var/run/pluto/pluto)\&.
.RE
.PP
\fB\-\-secretsfile\fR \fIfile\fR
.RS 4
specifies the file for authentication secrets (default:
-\fI/etc/ipsec\.secrets\fR)\. This name is subject to \(lqglobbing\(rq as in
-\fBsh\fR(1), so every file with a matching name is processed\. Quoting is generally needed to prevent the shell from doing the globbing\.
+/etc/ipsec\&.secrets)\&. This name is subject to \(lqglobbing\(rq as in
+\fBsh\fR(1), so every file with a matching name is processed\&. Quoting is generally needed to prevent the shell from doing the globbing\&.
.RE
.PP
\fB\-\-adns\fR \fIpath to adns\fR, \fB\-\-lwdnsq\fR \fIpath to lwdnsq\fR
.RS 4
specifies where to find
-\fBpluto\fR\'s helper program for asynchronous DNS lookup\.
+\fBpluto\fR\'s helper program for asynchronous DNS lookup\&.
\fBpluto\fR
can be built to use one of two helper programs:
\fB_pluto_adns\fR
or
-\fBlwdnsq\fR\. You must use the program for which it was built\. By default,
+\fBlwdnsq\fR\&. You must use the program for which it was built\&. By default,
\fBpluto\fR
will look for the program in
\fB$IPSEC_DIR\fR
(if that environment variable is defined) or, failing that, in the same directory as
-\fBpluto\fR\.
+\fBpluto\fR\&.
.RE
.PP
\fB\-\-nofork\fR
.RS 4
-disable \(lqdaemon fork\(rq (default is to fork)\. In addition, after the lock file and control socket are created, print the line \(lqPluto initialized\(rq to standard out\.
+disable \(lqdaemon fork\(rq (default is to fork)\&. In addition, after the lock file and control socket are created, print the line \(lqPluto initialized\(rq to standard out\&.
.RE
.PP
\fB\-\-uniqueids\fR
.RS 4
-if this option has been selected, whenever a new ISAKMP SA is established, any connection with the same Peer ID but a different Peer IP address is unoriented (causing all its SAs to be deleted)\. This helps clean up dangling SAs when a connection is lost and then regained at another IP address\.
+if this option has been selected, whenever a new ISAKMP SA is established, any connection with the same Peer ID but a different Peer IP address is unoriented (causing all its SAs to be deleted)\&. This helps clean up dangling SAs when a connection is lost and then regained at another IP address\&.
.RE
.PP
\fB\-\-force_busy\fR
.RS 4
-if this option has been selected, pluto will be forced to be "busy"\. In this state, which happens when there is a Denial of Service attack, will force pluto to use cookies before accepting new incoming IKE packets\. Cookies are send and required in ikev1 Aggressive Mode and in ikev2\. This option is mostly used for testing purposes, but can be selected by paranoid administrators as well\.
+if this option has been selected, pluto will be forced to be "busy"\&. In this state, which happens when there is a Denial of Service attack, will force pluto to use cookies before accepting new incoming IKE packets\&. Cookies are send and required in ikev1 Aggressive Mode and in ikev2\&. This option is mostly used for testing purposes, but can be selected by paranoid administrators as well\&.
.RE
.PP
\fB\-\-stderrlog\fR
@@ -1597,22 +1605,22 @@
.PP
For example
.PP
-pluto \-\-secretsfile\ ipsec\.secrets \-\-ctlbase\ pluto\.base \-\-ikeport\ 8500 \-\-nofork \-\-use\-nostack \-\-stderrlog
+pluto \-\-secretsfile\ \&ipsec\&.secrets \-\-ctlbase\ \&pluto\&.base \-\-ikeport\ \&8500 \-\-nofork \-\-use\-nostack \-\-stderrlog
.RS 4
.RE
.PP
lets one test
\fBpluto\fR
-without using the superuser account\.
+without using the superuser account\&.
.PP
\fBpluto\fR
-is willing to produce a prodigious amount of debugging information\. To do so, it must be compiled with \-DDEBUG\. There are several classes of debugging output, and
+is willing to produce a prodigious amount of debugging information\&. To do so, it must be compiled with \-DDEBUG\&. There are several classes of debugging output, and
\fBpluto\fR
-may be directed to produce a selection of them\. All lines of debugging output are prefixed with \(lq|\ \(rq to distinguish them from error messages\.
+may be directed to produce a selection of them\&. All lines of debugging output are prefixed with \(lq|\ \&\(rq to distinguish them from error messages\&.
.PP
When
\fBpluto\fR
-is invoked, it may be given arguments to specify which classes to output\. The current options are:
+is invoked, it may be given arguments to specify which classes to output\&. The current options are:
.PP
\fB\-\-debug\-none\fR
.RS 4
@@ -1709,25 +1717,25 @@
.PP
\fB\-\-debug\-oppoinfo\fR
.RS 4
-log when connections are initiated due to acquires from the kernel\. This is often useful to know, but can be extremely chatty on a busy system\.
+log when connections are initiated due to acquires from the kernel\&. This is often useful to know, but can be extremely chatty on a busy system\&.
.RE
.PP
\fB\-\-debug\-whackwatch\fR
.RS 4
-if set, causes pluto not to release the whack \-\-initiate channel until the SA is completely up\. This will cause the requestor to possibly wait forever while pluto unsuccessfully negotiates\. Used often in test cases\.
+if set, causes pluto not to release the whack \-\-initiate channel until the SA is completely up\&. This will cause the requestor to possibly wait forever while pluto unsuccessfully negotiates\&. Used often in test cases\&.
.RE
.PP
\fB\-\-debug\-private\fR
.RS 4
-allow debugging output with private keys\.
+allow debugging output with private keys\&.
.RE
.PP
The debug form of the
\fBwhack\fR
command will change the selection in a running
-\fBpluto\fR\. If a connection name is specified, the flags are added whenever
+\fBpluto\fR\&. If a connection name is specified, the flags are added whenever
\fBpluto\fR
-has identified that it is dealing with that connection\. Unfortunately, this is often part way into the operation being observed\.
+has identified that it is dealing with that connection\&. Unfortunately, this is often part way into the operation being observed\&.
.PP
For example, to start a
\fBpluto\fR
@@ -1743,107 +1751,107 @@
.PP
For testing, SSH\'s IKE test page is quite useful:
.PP
-\fI\fIhttp://isakmp\-test\.ssh\.fi/\fR\fR
+\fI\m[blue]\fBhttp://isakmp\-test\&.ssh\&.fi/\fR\m[]\fR
.PP
-Hint: ISAKMP SAs are often kept alive by IKEs even after the IPsec SA is established\. This allows future IPsec SA\'s to be negotiated directly\. If one of the IKEs is restarted, the other may try to use the ISAKMP SA but the new IKE won\'t know about it\. This can lead to much confusion\.
+Hint: ISAKMP SAs are often kept alive by IKEs even after the IPsec SA is established\&. This allows future IPsec SA\'s to be negotiated directly\&. If one of the IKEs is restarted, the other may try to use the ISAKMP SA but the new IKE won\'t know about it\&. This can lead to much confusion\&.
\fBpluto\fR
-is not yet smart enough to get out of such a mess\.
+is not yet smart enough to get out of such a mess\&.
.SS "Pluto\'s Behaviour When Things Go Wrong"
.PP
When
\fBpluto\fR
-doesn\'t understand or accept a message, it just ignores the message\. It is not yet capable of communicating the problem to the other IKE daemon (in the future it might use Notifications to accomplish this in many cases)\. It does log a diagnostic\.
+doesn\'t understand or accept a message, it just ignores the message\&. It is not yet capable of communicating the problem to the other IKE daemon (in the future it might use Notifications to accomplish this in many cases)\&. It does log a diagnostic\&.
.PP
When
\fBpluto\fR
-gets no response from a message, it resends the same message (a message will be sent at most three times)\. This is appropriate: UDP is unreliable\.
+gets no response from a message, it resends the same message (a message will be sent at most three times)\&. This is appropriate: UDP is unreliable\&.
.PP
-When pluto gets a message that it has already seen, there are many cases when it notices and discards it\. This too is appropriate for UDP\.
+When pluto gets a message that it has already seen, there are many cases when it notices and discards it\&. This too is appropriate for UDP\&.
.PP
-Combine these three rules, and you can explain many apparently mysterious behaviours\. In a
+Combine these three rules, and you can explain many apparently mysterious behaviours\&. In a
\fBpluto\fR
-log, retrying isn\'t usually the interesting event\. The critical thing is either earlier (\fBpluto\fR
+log, retrying isn\'t usually the interesting event\&. The critical thing is either earlier (\fBpluto\fR
got a message which it didn\'t like and so ignored, so it was still awaiting an acceptable message and got impatient) or on the other system (\fBpluto\fR
-didn\'t send a reply because it wasn\'t happy with the previous message)\.
+didn\'t send a reply because it wasn\'t happy with the previous message)\&.
.SS "Notes"
.PP
If
\fBpluto\fR
-is compiled without \-DKLIPS, it negotiates Security Associations but never ask the kernel to put them in place and never makes routing changes\. This allows
+is compiled without \-DKLIPS, it negotiates Security Associations but never ask the kernel to put them in place and never makes routing changes\&. This allows
\fBpluto\fR
to be tested on systems without
-\fBKLIPS\fR, but makes it rather useless\.
+\fBKLIPS\fR, but makes it rather useless\&.
.PP
-Each IPsec SA is assigned an SPI, a 32\-bit number used to refer to the SA\. The IKE protocol lets the destination of the SA choose the SPI\. The range 0 to 0xFF is reserved for IANA\.
+Each IPsec SA is assigned an SPI, a 32\-bit number used to refer to the SA\&. The IKE protocol lets the destination of the SA choose the SPI\&. The range 0 to 0xFF is reserved for IANA\&.
\fBPluto\fR
-also avoids choosing an SPI in the range 0x100 to 0xFFF, leaving these SPIs free for manual keying\. Remember that the peer, if not
-\fBpluto\fR, may well chose SPIs in this range\.
+also avoids choosing an SPI in the range 0x100 to 0xFFF, leaving these SPIs free for manual keying\&. Remember that the peer, if not
+\fBpluto\fR, may well chose SPIs in this range\&.
.SS "Policies"
.PP
This catalogue of policies may be of use when trying to configure
\fBPluto\fR
-and another IKE implementation to interoperate\.
+and another IKE implementation to interoperate\&.
.PP
-In Phase 1, only Main Mode is supported\. We are not sure that Aggressive Mode is secure\. For one thing, it does not support identity protection\. It may allow more severe Denial Of Service attacks\.
+In Phase 1, only Main Mode is supported\&. We are not sure that Aggressive Mode is secure\&. For one thing, it does not support identity protection\&. It may allow more severe Denial Of Service attacks\&.
.PP
-No Informational Exchanges are supported\. These are optional and since their delivery is not assured, they must not matter\. It is the case that some IKE implementations won\'t interoperate without Informational Exchanges, but we feel they are broken\.
+No Informational Exchanges are supported\&. These are optional and since their delivery is not assured, they must not matter\&. It is the case that some IKE implementations won\'t interoperate without Informational Exchanges, but we feel they are broken\&.
.PP
-No Informational Payloads are supported\. These are optional, but useful\. It is of concern that these payloads are not authenticated in Phase 1, nor in those Phase 2 messages authenticated with HASH(3)\.
+No Informational Payloads are supported\&. These are optional, but useful\&. It is of concern that these payloads are not authenticated in Phase 1, nor in those Phase 2 messages authenticated with HASH(3)\&.
.PP
\(bu
.RS 4
-Diffie Hellman Groups MODP 1024 and MODP 1536 (2 and 5) are supported\. Group MODP768 (1) is not supported because it is too weak\.
+Diffie Hellman Groups MODP 1024 and MODP 1536 (2 and 5) are supported\&. Group MODP768 (1) is not supported because it is too weak\&.
.RE
.PP
\(bu
.RS 4
-Host authetication can be done by RSA Signatures or Pre\-Shared Secrets\.
+Host authetication can be done by RSA Signatures or Pre\-Shared Secrets\&.
.RE
.PP
\(bu
.RS 4
-3DES CBC (Cypher Block Chaining mode) is the only encryption supported, both for ISAKMP SAs and IPSEC SAs\.
+3DES CBC (Cypher Block Chaining mode) is the only encryption supported, both for ISAKMP SAs and IPSEC SAs\&.
.RE
.PP
\(bu
.RS 4
-MD5 and SHA1 hashing are supported for packet authentication in both kinds of SAs\.
+MD5 and SHA1 hashing are supported for packet authentication in both kinds of SAs\&.
.RE
.PP
\(bu
.RS 4
-The ESP, AH, or AH plus ESP are supported\. If, and only if, AH and ESP are combined, the ESP need not have its own authentication component\. The selection is controlled by the \-\-encrypt and \-\-authenticate flags\.
+The ESP, AH, or AH plus ESP are supported\&. If, and only if, AH and ESP are combined, the ESP need not have its own authentication component\&. The selection is controlled by the \-\-encrypt and \-\-authenticate flags\&.
.RE
.PP
\(bu
.RS 4
-Each of these may be combined with IPCOMP Deflate compression, but only if the potential connection specifies compression and only if KLIPS is configured with IPCOMP support\.
+Each of these may be combined with IPCOMP Deflate compression, but only if the potential connection specifies compression and only if KLIPS is configured with IPCOMP support\&.
.RE
.PP
\(bu
.RS 4
-The IPSEC SAs may be tunnel or transport mode, where appropriate\. The \-\-tunnel flag controls this when
+The IPSEC SAs may be tunnel or transport mode, where appropriate\&. The \-\-tunnel flag controls this when
\fBpluto\fR
-is initiating\.
+is initiating\&.
.RE
.PP
\(bu
.RS 4
-When responding to an ISAKMP SA proposal, the maximum acceptable lifetime is eight hours\. The default is one hour\. There is no minimum\. The \-\-ikelifetime flag controls this when
+When responding to an ISAKMP SA proposal, the maximum acceptable lifetime is eight hours\&. The default is one hour\&. There is no minimum\&. The \-\-ikelifetime flag controls this when
\fBpluto\fR
-is initiating\.
+is initiating\&.
.RE
.PP
\(bu
.RS 4
-When responding to an IPSEC SA proposal, the maximum acceptable lifetime is one day\. The default is eight hours\. There is no minimum\. The \-\-ipseclifetime flag controls this when
+When responding to an IPSEC SA proposal, the maximum acceptable lifetime is one day\&. The default is eight hours\&. There is no minimum\&. The \-\-ipseclifetime flag controls this when
\fBpluto\fR
-is initiating\.
+is initiating\&.
.RE
.PP
\(bu
.RS 4
-PFS is acceptable, and will be proposed if the \-\-pfs flag was specified\. The DH group proposed will be the same as negotiated for Phase 1\.
+PFS is acceptable, and will be proposed if the \-\-pfs flag was specified\&. The DH group proposed will be the same as negotiated for Phase 1\&.
.RE
.SH "SIGNALS"
.PP
@@ -1851,48 +1859,48 @@
responds to
\fBSIGHUP\fR
by issuing a suggestion that ``\fBwhack\fR
-\-\-listen\'\' might have been intended\.
+\-\-listen\'\' might have been intended\&.
.PP
\fBPluto\fR
exits when it recieves
-\fBSIGTERM\fR\.
+\fBSIGTERM\fR\&.
.SH "EXIT STATUS"
.PP
\fBpluto\fR
-normally forks a daemon process, so the exit status is normally a very preliminary result\.
+normally forks a daemon process, so the exit status is normally a very preliminary result\&.
.PP
0
.RS 4
-means that all is OK so far\.
+means that all is OK so far\&.
.RE
.PP
1
.RS 4
-means that something was wrong\.
+means that something was wrong\&.
.RE
.PP
10
.RS 4
-means that the lock file already exists\.
+means that the lock file already exists\&.
.RE
.PP
If
\fBwhack\fR
-detects a problem, it will return an exit status of 1\. If it received progress messages from
-\fBpluto\fR, it returns as status the value of the numeric prefix from the last such message that was not a message sent to syslog or a comment (but the prefix for success is treated as 0)\. Otherwise, the exit status is 0\.
+detects a problem, it will return an exit status of 1\&. If it received progress messages from
+\fBpluto\fR, it returns as status the value of the numeric prefix from the last such message that was not a message sent to syslog or a comment (but the prefix for success is treated as 0)\&. Otherwise, the exit status is 0\&.
.SH "FILES"
.PP
-\fI/var/run/pluto/pluto\.pid\fR
+/var/run/pluto/pluto\&.pid
-\fI/var/run/pluto/pluto\.ctl\fR
+/var/run/pluto/pluto\&.ctl
-\fI/etc/ipsec\.secrets\fR
+/etc/ipsec\&.secrets
\fI$IPSEC_LIBDIR/_pluto_adns\fR
\fI$IPSEC_EXECDIR/lwdnsq\fR
-\fI/dev/urandom\fR
+/dev/urandom
.SH "ENVIRONMENT"
.PP
\fIIPSEC_LIBDIR\fR
@@ -1905,22 +1913,22 @@
.SH "SEE ALSO"
.PP
The rest of the Openswan distribution, in particular
-\fBipsec\fR(8)\.
+\fBipsec\fR(8)\&.
.PP
\fBipsec_auto\fR(8)
is designed to make using
\fBpluto\fR
-more pleasant\. Use it!
+more pleasant\&. Use it!
.PP
\fBipsec.secrets\fR(5)
-describes the format of the secrets file\.
+describes the format of the secrets file\&.
.PP
-\fBipsec_atoaddr\fR(3), part of the Openswan distribution, describes the forms that IP addresses may take\.
-\fBipsec_atosubnet\fR(3), part of the Openswan distribution, describes the forms that subnet specifications\.
+\fBipsec_atoaddr\fR(3), part of the Openswan distribution, describes the forms that IP addresses may take\&.
+\fBipsec_atosubnet\fR(3), part of the Openswan distribution, describes the forms that subnet specifications\&.
.PP
For more information on IPsec, the mailing list, and the relevant documents, see:
.PP
-\fI\fIhttp://www\.ietf\.cnri\.reston\.va\.us/html\.charters/ipsec\-charter\.html\fR\fR
+\fI\m[blue]\fBhttp://www\&.ietf\&.cnri\&.reston\&.va\&.us/html\&.charters/ipsec\-charter\&.html\fR\m[]\fR
.PP
At the time of writing, the most relevant IETF RFCs are:
.PP
@@ -1930,48 +1938,48 @@
.PP
RFC2407 The Internet IP Security Domain of Interpretation for ISAKMP
.PP
-The Openswan web site and the mailing lists described there\.
+The Openswan web site and the mailing lists described there\&.
.SH "HISTORY"
.PP
-This code is released under the GPL terms\. See the accompanying files COPYING and CREDITS for more details\. The GPL does NOT apply to those pieces of code written by others which are included in this distribution, except as noted by the individual authors\.
+This code is released under the GPL terms\&. See the accompanying files COPYING and CREDITS for more details\&. The GPL does NOT apply to those pieces of code written by others which are included in this distribution, except as noted by the individual authors\&.
.PP
-This software was originally written for the FreeS/WAN project <\fIhttp://www\.freeswan\.org\fR>, founded by John Gilmore and managed by Hugh Daniel\. It was written by Angelos D\. Keromytis (angelos@dsl\.cis\.upenn\.edu), in May/June 1997, in Athens, Greece\. Thanks go to John Ioannidis for his help\.
+This software was originally written for the FreeS/WAN project <\m[blue]\fBhttp://www\&.freeswan\&.org\fR\m[]>, founded by John Gilmore and managed by Hugh Daniel\&. It was written by Angelos D\&. Keromytis (angelos@dsl\&.cis\&.upenn\&.edu), in May/June 1997, in Athens, Greece\&. Thanks go to John Ioannidis for his help\&.
.PP
-It is currently maintained and extended by Xelerance Corporation, in Canada under the Openswan name\. See CHANGES for details\.
+It is currently maintained and extended by Xelerance Corporation, in Canada under the Openswan name\&. See CHANGES for details\&.
.PP
-FreeS/WAN was developed/maintained from 2000\-2004 by D\. Hugh Redelmeier (hugh@mimosa\.com), in Canada\. The regulations of Greece and Canada allow the code to be freely redistributable\.
+FreeS/WAN was developed/maintained from 2000\-2004 by D\&. Hugh Redelmeier (hugh@mimosa\&.com), in Canada\&. The regulations of Greece and Canada allow the code to be freely redistributable\&.
.PP
-Kai Martius (admin@imib\.med\.tu\-dresden\.de) contributed the initial version of the code supporting PFS\.
+Kai Martius (admin@imib\&.med\&.tu\-dresden\&.de) contributed the initial version of the code supporting PFS\&.
.PP
-Richard Guy Briggs and Peter Onion added the PFKEY2 support\.
+Richard Guy Briggs and Peter Onion added the PFKEY2 support\&.
.PP
We gratefully acknowledge that we use parts of Eric Young\'s
\fIlibdes\fR
package; see
-\fI\.\./libdes/COPYRIGHT\fR\.
+\fI\&.\&./libdes/COPYRIGHT\fR\&.
.SH "BUGS"
.PP
\fBpluto\fR
-is a work\-in\-progress\. It currently has many limitations\. For example, it ignores notification messages that it receives, and it generates only Delete Notifications and those only for IPSEC SAs\.
+is a work\-in\-progress\&. It currently has many limitations\&. For example, it ignores notification messages that it receives, and it generates only Delete Notifications and those only for IPSEC SAs\&.
.PP
\fBpluto\fR
-does not support the Commit Flag\. The Commit Flag is a bad feature of the IKE protocol\. It isn\'t protected \-\- neither encrypted nor authenticated\. A man in the middle could turn it on, leading to DoS\. We just ignore it, with a warning\. This should let us interoperate with implementations that insist on it, with minor damage\.
+does not support the Commit Flag\&. The Commit Flag is a bad feature of the IKE protocol\&. It isn\'t protected \-\- neither encrypted nor authenticated\&. A man in the middle could turn it on, leading to DoS\&. We just ignore it, with a warning\&. This should let us interoperate with implementations that insist on it, with minor damage\&.
.PP
\fBpluto\fR
-does not check that the SA returned by the Responder is actually one that was proposed\. It only checks that the SA is acceptable\. The difference is not large, but can show up in attributes such as SA lifetime\.
+does not check that the SA returned by the Responder is actually one that was proposed\&. It only checks that the SA is acceptable\&. The difference is not large, but can show up in attributes such as SA lifetime\&.
.PP
-There is no good way for a connection to be automatically terminated\. This is a problem for Road Warrior and Opportunistic connections\. The
+There is no good way for a connection to be automatically terminated\&. This is a problem for Road Warrior and Opportunistic connections\&. The
\fB\-\-dontrekey\fR
-option does prevent the SAs from being rekeyed on expiry\. Additonally, if a Road Warrior connection has a client subnet with a fixed IP address, a negotiation with that subnet will cause any other connection instantiations with that same subnet to be unoriented (deleted, in effect)\. See also the \-\-uniqueids option for an extension of this\.
+option does prevent the SAs from being rekeyed on expiry\&. Additonally, if a Road Warrior connection has a client subnet with a fixed IP address, a negotiation with that subnet will cause any other connection instantiations with that same subnet to be unoriented (deleted, in effect)\&. See also the \-\-uniqueids option for an extension of this\&.
.PP
When
\fBpluto\fR
sends a message to a peer that has disappeared,
\fBpluto\fR
-receives incomplete information from the kernel, so it logs the unsatisfactory message \(lqsome IKE message we sent has been rejected with ECONNREFUSED (kernel supplied no details)\(rq\. John Denker suggests that this command is useful for tracking down the source of these problems:
+receives incomplete information from the kernel, so it logs the unsatisfactory message \(lqsome IKE message we sent has been rejected with ECONNREFUSED (kernel supplied no details)\(rq\&. John Denker suggests that this command is useful for tracking down the source of these problems:
tcpdump \-i eth0 icmp[0] != 8 and icmp[0] != 0
-Substitute your public interface for eth0 if it is different\.
+Substitute your public interface for eth0 if it is different\&.
.PP
-The word \(lqauthenticate\(rq is used for two different features\. We must authenticate each IKE peer to the other\. This is an important task of Phase 1\. Each packet must be authenticated, both in IKE and in IPsec, and the method for IPsec is negotiated as an AH SA or part of an ESP SA\. Unfortunately, the protocol has no mechanism for authenticating the Phase 2 identities\.
+The word \(lqauthenticate\(rq is used for two different features\&. We must authenticate each IKE peer to the other\&. This is an important task of Phase 1\&. Each packet must be authenticated, both in IKE and in IPsec, and the method for IPsec is negotiated as an AH SA or part of an ESP SA\&. Unfortunately, the protocol has no mechanism for authenticating the Phase 2 identities\&.
.PP
-Bugs should be reported to the mailing list\.
+Bugs should be reported to the mailing list\&.
--- openswan-2.6.22+dfsg.orig/programs/pluto/ipsec.secrets.5
+++ openswan-2.6.22+dfsg/programs/pluto/ipsec.secrets.5
@@ -1,13 +1,13 @@
'\" t
.\" Title: IPSEC.SECRETS
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
-.\" Generator: DocBook XSL Stylesheets v1.74.3
-.\" Date: 06/22/2009
+.\" Generator: DocBook XSL Stylesheets v1.75.1
+.\" Date: 06/24/2009
.\" Manual: [FIXME: manual]
.\" Source: [FIXME: source]
.\" Language: English
.\"
-.TH "IPSEC\&.SECRETS" "5" "06/22/2009" "[FIXME: source]" "[FIXME: manual]"
+.TH "IPSEC\&.SECRETS" "5" "06/24/2009" "[FIXME: source]" "[FIXME: manual]"
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
--- openswan-2.6.22+dfsg.orig/debian/copyright
+++ openswan-2.6.22+dfsg/debian/copyright
@@ -30,6 +30,6 @@
------------------------------------------------------------------------------
On Debian GNU/Linux systems, the complete text of the GNU General
-Public License can be found in `/usr/share/common-licenses/GPL'.
+Public License can be found in `/usr/share/common-licenses/GPL-2'.
Rene Mayrhofer, 2005-09-27
--- openswan-2.6.22+dfsg.orig/debian/openswan.templates
+++ openswan-2.6.22+dfsg/debian/openswan.templates
@@ -2,13 +2,20 @@
Type: select
Choices: earliest, "after NFS", "after PCMCIA"
Choices-cs.UTF-8: nejdříve, "po NFS", "po PCMCIA"
+Choices-de.UTF-8: zum frühest möglichen Zeitpunkt, nach NFS, nach PCMCIA
+Choices-es.UTF-8: "lo antes posible", "después de NFS", "después de PCMCIA"
+Choices-fi.UTF-8: mahdollisimman aikaisin, NFS:n jälkeen, PCMCIA:n jälkeen
Choices-fr.UTF-8: Le plus tôt possible, Après NFS, Après PCMCIA
+Choices-gl.UTF-8: "o antes posible", "despois de NFS", "despois de PCMCIA"
Choices-ja.UTF-8: 可能な限り早く, "NFS 起動後", "PCMCIA 起動後"
Choices-nl.UTF-8: "zo vroeg mogelijk", "na NFS", "na PCMCIA"
+Choices-pt.UTF-8: "o mais cedo", "depois de NFS", "depois de PCMCIA"
Choices-pt_BR.UTF-8: o quando antes, "depois do NFS", "depois do PCMCIA"
+Choices-ru.UTF-8: "как можно раньше", "после NFS", "после PCMCIA"
+Choices-sv.UTF-8: tidigast, "efter NFS", "efter PCMCIA"
Choices-vi.UTF-8: sớm nhất, «sau NFS», «sau PCMCIA»
Default: earliest
-Description: At which level do you wish to start Openswan ?
+Description: At which level do you wish to start Openswan?
With the current Debian startup levels (nearly everything starting in
level 20), it is impossible for Openswan to always start at the correct
time. There are three possibilities when Openswan can start: before or
@@ -17,190 +24,77 @@
.
If you do not have your /usr tree mounted via NFS (either you only mount
other, less vital trees via NFS or don't use NFS mounted trees at all) and
- don't use a PCMCIA network card, then it is the best to start Openswan at
- the earliest possible time, thus allowing the NFS mounts to be secured by
- IPSec. In this case (or if you don't understand or care about this
+ don't use a PCMCIA network card, then it's best to start Openswan at
+ the earliest possible time, thus allowing the NFS mounts to be secured by
+ IPSec. In this case (or if you don't understand or care about this
issue), answer "earliest" to this question (the default).
.
If you have your /usr tree mounted via NFS and don't use a PCMCIA network
card, then you will need to start Openswan after NFS so that all
necessary files are available. In this case, answer "after NFS" to this
- question. Please note that the NFS mount of /usr can not be secured by
+ question. Please note that the NFS mount of /usr can not be secured by
IPSec in this case.
.
If you use a PCMCIA network card for your IPSec connections, then you only
- have to choice to start it after the PCMCIA services. Answer "after
+ have to choose to start it after the PCMCIA services. Answer "after
PCMCIA" in this case. This is also the correct answer if you want to fetch
keys from a locally running DNS server with DNSSec support.
-Description-cs.UTF-8: Na jaké úrovni chcete spouštět Openswan?
- Se současnými startovacími úrovněmi Debianu (téměř vše začíná
- na úrovni 20), je nemožné, aby Openswan vždy nastartoval ve správný
- čas. Jsou zde tři možnosti, kdyjej lze spouštět: před nebo po NFS
- službách a nebo po PCMCIA službách. Správná odpověď závisí na
- vašem konkrétním nastavení.
- .
- Jestliže nemáte váš /usr strom připojen skrz NFS (buď přes NFS
- připojujete jiné, ne tak důležité stromy nebo jej vůbec
- nepoužíváte) a zároveň nepoužíváte PCMCIA síťovou kartu, je
- nejlepší spouštět Openswan co nejdříve, čímž umožníte aby NFS
- svazky byly chráněny pomocí IPSec. V tomto případě (nebo pokud si
- nejste jisti, či vám na tom nezáleží) na otázku odpovězte
- "nejdříve" (výchozí).
- .
- Jestliže máte /usr strom připojen skrz NFS a nepoužíváte PCMCIA
- síťovou kartu, potřebujete spustit Openswan po NFS, aby byly všechny
- potřebné soubory dostupné. V tomto případě na otázku odpověztě
- "po NFS". Uvědomtě si prosím, že v tomto případě nemůže být NFS
- svazek /usr chráněn pomocí IPSec.
- .
- Jestliže používáte PCMCIA síťovou kartu pro vaše IPSec připojení,
- pak je jedinou možností jej spustit po PCMCIA službách. V tom
- případě odpovězte "po PCMCIA". Toto je také správná odpověď,
- pokud chcete získat klíče z lokálního DNS serveru s podporou DNSSec.
+Description-de.UTF-8: Zu welchem Zeitpunkt soll Openswan gestartet werden?
+ Bei der gegenwärtigen Debian-Startreihenfolge (fast alles startet an Position 20) ist es unmöglich für Openswan, immer zum richtigen Zeitpunkt zu starten. Es gibt drei Möglichkeiten, wann Openswan starten kann: vor oder nach den NFS-Diensten oder nach den PCMCIA-Diensten. Die richtige Antwort hängt von Ihrer spezifischen Installation ab.
+ .
+ Sofern Sie Ihr /usr-Verzeichnis nicht über NFS eingebunden haben (entweder Sie binden nur andere, weniger wichtige Verzeichnisse über NFS ein oder Sie verwenden überhaupt keine über NFS eingebundenen Verzeichnisse) und keine PCMCIA-Netzwerkkarte verwenden, ist es am Besten, Openswan zum frühest möglichen Zeitpunkt zu starten. Dies erlaubt es, die per NFS eingehängten Verzeichnisse durch IPSec abzusichern. In diesem Fall (oder falls Sie dieses Problem nicht verstehen oder es Sie nicht interessiert), antworten Sie »zum frühest möglichen Zeitpunkt« (Voreinstellung) auf diese Frage.
+ .
+ Falls Sie Ihr /usr-Verzeichnis über NFS eingebunden haben und keine PCMCIA-Netzwerkkarte verwenden, müssen Sie Openswan nach NFS starten, damit alle notwendigen Dateien verfügbar sind. In diesem Fall antworten Sie »nach NFS« auf diese Frage. Bitte beachten Sie, dass das Einhängen von /usr über NFS in diesem Fall nicht durch IPSec abgesichert werden kann.
+ .
+ Falls Sie eine PCMCIA-Netzwerkkarte für Ihre IPSec-Verbindungen verwenden, brauchen Sie nur zu wählen, dass es nach den PCMCIA-Diensten gestartet wird. Antworten Sie »nach PCMCIA« in diesem Fall. Dies ist auch die richtige Antwort, falls Sie Schlüssel von einem lokal laufenden DNS-Server mit DNSSec-Unterstützung abrufen möchten.
+Description-fi.UTF-8: Millä tasolla Openswan tulisi käynnistää?
+ Nykyisten Debianin käynnistystasojen kanssa (lähes kaikki käynnistyy tasolla 20) Openswanin on lähes mahdotonta käynnistyä aina oikeaan aikaan. Openswan voi käynnistyä kolmeen eri aikaan: ennen tai jälkeen NFS-palveluiden tai PCMCIA-palveluiden jälkeen. Oikea valinta riippuu koneen asetuksista.
+ .
+ Jos hakemistopuuta /usr ei liitetä NFS:n avulla (joko NFS:ää ei käytetä ollenkaan tai sillä liitetään vain vähemmän tärkeitä osia), eikä käytössä ole PCMCIA-verkkokortteja, on Openswan parasta käynnistää mahdollisimman aikaisin, jolloin NSF-liitokset voidaan turvata IPSecillä. Valitse tällöin (ja myös, jos et ymmärrä kysymystä tai välitä siitä) ”mahdollisimman aikaisin” (oletus).
+ .
+ Jos hakemistopuu /usr liitetään NFS:n avulla, eikä käytössä ole PCMCIA-verkkokorttia, tulee Openswan käynnistää NFS:n jälkeen, jotta kaikki tarvittavat tiedostot ovat saatavilla. Valitse tällöin ”NFS:n jälkeen”. Tällöin hakemistopuun /usr NFS-liitäntää ei voida turvata IPSecin avulla.
+ .
+ Jos IPSec-yhteyksiin käytetään PCMCIA-verkkokorttia, tulee ohjelma käynnistää PCMCIA-palveluiden jälkeen. Valitse tällöin ”PCMCIA:n jälkeen”. Tämä on oikea valinta myös, jos avaimia haetaan paikalliselta DNS-palvelimelta DNSSec-tuen kanssa.
Description-fr.UTF-8: Étape de lancement d'Openswan :
- Avec les niveaux de démarrage actuellement utilisés par Debian (presque
- tout démarre au niveau 20), il est impossible de faire en sorte
- qu'Openswan démarre toujours au moment approprié. Il existe trois
- moments où il est opportun de le démarrer : avant ou après les
- services NFS ou après les services PCMCIA. La réponse appropriée
- dépend de vos réglages spécifiques.
- .
- Si votre arborescence /usr n'est pas un montage NFS (soit parce que vos
- montages NFS sont à d'autres endroits, moins critiques, soit parce que
- vous n'utilisez pas du tout de montage NFS) et si vous n'utilisez pas de
- carte réseau PCMCIA, il est préférable de démarrer Openswan le plus
- tôt possible, ce qui permettra de sécuriser les montages NFS avec IPSec.
- Dans ce cas (ou bien si vous ne comprenez pas l'objet de la question ou
- qu'elle ne vous concerne pas), choisissez « le plus tôt possible »,
- qui est le choix par défaut.
- .
- Si /usr est un montage NFS et que vous n'utilisez pas de carte réseau
- PCMCIA, vous devrez alors démarrer Openswan après les services NFS afin
- que tous les fichiers nécessaires soient disponibles. Dans ce cas,
- choisissez « après NFS ». Veuillez noter que le montage NFS de /usr
- n'est alors pas sécurisé par IPSec.
- .
- Si vous utilisez une carte PCMCIA pour vos connexions IPSec, votre seul
- choix possible est le démarrage après les services PCMCIA. Choisissez
- alors « après PCMCIA ». Faites également ce choix si vous souhaitez
- récupérer les clés d'authentification sur un serveur DNS reconnaissant
- DNSSec.
+ Avec les niveaux de démarrage actuellement utilisés par Debian (presque tout démarre au niveau 20), il est impossible de faire en sorte qu'Openswan démarre toujours au moment approprié. Il existe trois moments où il est opportun de le démarrer : avant ou après les services NFS, ou après les services PCMCIA. La réponse appropriée dépend de vos réglages spécifiques.
+ .
+ Si votre arborescence /usr n'est pas un montage NFS (soit parce que vos montages NFS sont à d'autres endroits, moins critiques, soit parce que vous n'utilisez pas du tout de montage NFS) et si vous n'utilisez pas de carte réseau PCMCIA, il est préférable de démarrer Openswan le plus tôt possible, ce qui permettra de sécuriser les montages NFS avec IPSec. Dans ce cas (ou bien si vous ne comprenez pas l'objet de la question ou qu'elle ne vous concerne pas), choisissez « le plus tôt possible », qui est le choix par défaut.
+ .
+ Si /usr est un montage NFS et que vous n'utilisez pas de carte réseau PCMCIA, vous devrez alors démarrer Openswan après les services NFS afin que tous les fichiers nécessaires soient disponibles. Dans ce cas, choisissez « Après NFS ». Veuillez noter que le montage NFS de /usr n'est alors pas sécurisé par IPSec.
+ .
+ Si vous utilisez une carte PCMCIA pour vos connexions IPSec, votre seul choix possible est le démarrage après les services PCMCIA. Choisissez alors « Après PCMCIA ». Faites également ce choix si vous souhaitez récupérer les clés d'authentification sur un serveur DNS reconnaissant DNSSec.
+Description-gl.UTF-8: ¿En que nivel quere iniciar Openswan?
+ Cos niveis de inicio actuais de Debian (practicamente todo se inicia no nivel 20) é imposible que Openswan se inicie sempre no momento correcto. Hai tres posibilidades para o inicio de Openswan: antes ou despois dos servizos NFS ou despois dos servizos PCMCIA. A resposta correcta depende da súa configuración específica.
+ .
+ Se non monta a súa árbore /usr vía NFS (porque só monta outras árbores por NFS ou non monta nada por NFS) e non emprega unha tarxeta de rede PCMCIA, é mellor iniciar Openswan o antes posible para permitir que as montaxes por NFS se aseguren mediante IPSec. Neste caso (ou se non entende ou non lle importa o problema), resposte "o antes posible" a esta pregunta (a resposta por defecto).
+ .
+ Se monta a súa árbore /usr vía NFS e non emprega unha tarxeta de rede PCMCIA, ha ter que iniciar Openswan despois de NFS para que tódolos ficheiros necesarios estean dispoñibles. Neste caso, resposte "despois de NFS" a esta pregunta. Teña en conta que neste caso non se pode asegurar mediante IPSec a montaxe por NFS de /usr.
+ .
+ Se emprega unha tarxeta de rede PCMCIA para as conexións IPSec só ha ter que decidir inicialas despois dos servizos PCMCIA. Resposte "despois de PCMCIA" neste caso. Tamén é a resposta correcta se quere recibir claves dun servidor DNS que se executa localmente con soporte de DNSSec.
Description-ja.UTF-8: どの段階で Openswan を起動させますか?
- 現在の Debian での起動レベル (ほとんど全てがレベル20)
- のままでは、Openswan
- を常には適切なタイミングで起動できません。Openswan
- を起動させるタイミングの選択肢としては3つが考えられます:
- NFS サービスの開始前・開始後・PCMCIA
- サービスの開始後です。正解はあなたの設定次第です。
- .
- NFS 経由で /usr をマウントせず
- (他のパーティションやあまり重要ではないパーティションを
- NFS 経由でマウントするか、または NFS
- マウントを全く使わない)、加えて PCMCIA
- ネットワークカードを利用していない場合、可能な限り早い時間に
- Openswan
- を起動するのがベストです。この設定によって、NFS
- でのマウントは IPSec で保護されます。この場合
- (またはこの問題を理解していないか特に気にしない場合)
- 、"可能な限り早く"と質問に答えてください (標準) 。
- .
- NFS 経由で /usr をマウントしていて PCMCIA
- ネットワークカードを使用していない場合は、必要なファイルを利用可能にするために
- Openswan を NFS
- の後で起動しなければなりません。この場合、"NFS
- 起動後" と答えてください。この時に NFS
- 経由でマウントされる /usr は、IPSec
- によるセキュアな状態にはならないということに注意してください。
- .
- IPSec 接続に PCMCIA
- ネットワークカードを利用していた場合、PCMCIA
- サービスの起動後に Openswan
- を起動する以外に選択はありません。この場合、"PCMCIA
- 起動後" と答えてください。ローカルで動作している
- DNSSec 機能を使用している DNS
- サーバから鍵を取得したい場合でも、この答えをしてください。
-Description-nl.UTF-8: Op welk niveau wilt u Openswan starten?
- Met de huidige Debian-startniveaus (bijna alles start op niveau 20), is
- het onmogelijk voor Openswan om altijd op de correcte tijd te starten. Er
- zijn drie mogelijkheden waar Openswan kan starten: vóór of na de
- NFS-diensten en na de PCMCIA-diensten. Het correcte antwoord hangt af van
- uw specifieke configuratie.
- .
- Als u uw /usr-boom niet via NFS heeft aangekoppeld (u koppelt enkel
- andere, minder vitale bomen via NFS of u gebruikt NFS helemaal niet om
- bomen aan te koppelen) en u gebruikt geen PCMCIA-netwerkkaart, dan is het
- best om Openswan zo vroeg mogelijk te starten, dus toe te staan van de
- NFS-aankoppelingen te beveiligen door IPSec. In dit geval (of als u deze
- zaak niet verstaat of het u niet uitmaakt), antwoord dan "zo vroeg
- mogelijk" op deze vraag (de standaard).
- .
- Als u uw /usr-boom via NFS heeft aangekoppeld en u gebruikt geen
- PCMCIA-netwerkkaart, dan zult u Openswan moeten starten na NFS zodat alle
- nodige bestanden aanwezig zijn. In dit geval, antwoord "na NFS" op deze
- vraag. Merk op dat in dit geval de NFS-aankoppeling van /usr niet
- beveiligd kan worden door IPSec.
- .
- Als u een PCMCIA-netwerkkaart gebruikt voor uw IPSec-verbindingen, dan
- hebt u enkel de keuze om te starten na de PCMCIA-diensten. Antwoord in dit
- geval "na PCMCIA". Dit is ook het correcte antwoord als u sleutels wilt
- afhalen van een lokaal draaiende DNS-server met DNSSec-ondersteuning.
-Description-pt_BR.UTF-8: Em que nível você deseja iniciar o Openswan ?
- Com os níveis de inicialização atuais do Debian (quase todos os
- serviços iniciando no nível 20) é impossível para o Openswan sempre
- iniciar no momento correto. Existem três possibilidades para quando
- iniciar o Openswan : antes ou depois dos serviços NFS e depois dos
- serviços PCMCIA. A resposta correta depende se sua configuração
- específica.
- .
- Caso você não possua sua àrvore /usr montada via NFS (você somente
- monta outras àrvores não vitais via NFS ou não usa àrvores montadas
- via NFS) e não use um cartão de rede PCMCIA, a melhor opção é iniciar
- o Openswan o quando antes, permitindo dessa forma que os pontos de
- montagem NFS estejam protegidos por IPSec. Nesse caso (ou caso você não
- compreenda ou não se importe com esse problema), responda "o quando
- antes" para esta pergunta (o que é o padrão).
- .
- Caso você possua sua àrvore /usr montada via NFS e não use um cartão
- de rede PCMCIA, você precisará iniciar o Openswan depois do NFS de modo
- que todos os arquivos necessários estejam disponíveis. Nesse caso,
- responda "depois do NFS" para esta pergunta. Por favor, note que a
- montagem NFS de /usr não poderá ser protegida pelo IPSec nesse caso.
- .
- Caso você use um cartão de rede PCMCIA para suas conexões IPSec você
- precisará somente optar por iniciar o Opensan depois dos serviços
- PCMCIA. Responda "depois do PCMCIA" nesse caso. Esta é também a maneira
- correta de obter chaves de um servidor DNS sendo executado localmente e
- com suporte a DNSSec.
-Description-vi.UTF-8: Bạn có muốn khởi chạy trình Openswan tại cấp nào?
- Trong những cấp khởi chạy Debian hiện thời (gần mọi trình
- khởi chạy trên cấp 20), không thể đảm bảo trình Openswan
- sẽ khởi chạy vào điểm thời đúng. Có ba lúc có thể
- khởi chạy trình Openswan: lúc trước hay lúc sau dịch vụ NFS
- và lúc sau dịch vụ PCMCIA. Giá trị đúng phụ thuộc vào
- thiết lập riêng của bạn.
- .
- Nếu bạn không có cây «/usr» mình được gắn thông qua NFS
- (hoặc bạn chỉ gắn cây khác, ít quan trọng hơn, thông qua
- NFS, hoặc bạn không sử dụng cây do NFS gắn cách nào cả)
- và không sử dụng một thẻ mạng PCMCIA, thì tốt nhất là
- khởi chạy trình Openswan càng sớm càng có thể, mà cho phép
- IPSec bảo vệ những điểm gắn NFS. Trong trường hợp này
- (hoặc nếu bạn không hiểu được vấn đề này, hoặc không
- nghĩ nó là quan trọng) thì hãy trả lời «sớm nhất»
- (earliest: giá trị mặc định) cho câu hỏi này.
- .
- Nếu bạn có cây «/usr» mình được gắn thông qua NFS và
- không sử dụng một thẻ mạng PCMCIA, thì bạn sẽ cần phải
- khởi chạy Openswan sau NFS, để mọi tập tin cần thiết có
- sẵn sàng. Trong trường hợp này, hãy trả lời «sau NFS»
- (after NFS) cho câu hỏi này. Tuy nhiên, IPsec sẽ không thể bảo
- vệ điểm gắn của «/usr» trong trường hợp này.
- .
- Nếu bạn sử dụng thẻ PCMCIA để kết nối cách loại IPSec,
- thì chỉ hãy chọn khởi chạy FreeS/WAN sau những dịch vụ
- PCMCIA. Hãy trả lời «sau PCMCIA» trong trường hợp này. Trả
- lời này cũng đúng nếu bạn muốn gọi khóa từ một máy
- phục vụ DNS chạy địa phương có loại hỗ trợ DNSSec.
+ 現在の Debian での起動レベル (ほとんど全てがレベル20) のままでは、Openswan を常には適切なタイミングで起動できません。Openswan を起動させるタイミングの選択肢としては3つが考えられます: NFS サービスの開始前・開始後・PCMCIA サービスの開始後です。正解はあなたの設定次第です。
+ .
+ NFS 経由で /usr をマウントせず (他のパーティションやあまり重要ではないパーティションを NFS 経由でマウントするか、または NFS マウントを全く使わない)、加えて PCMCIA ネットワークカードを利用していない場合、可能な限り早い時間に Openswan を起動するのがベストです。この設定によって、NFS でのマウントは IPSec で保護されます。この場合 (またはこの問題を理解していないか特に気にしない場合) 、"可能な限り早く"と質問に答えてください (標準) 。
+ .
+ NFS 経由で /usr をマウントしていて PCMCIA ネットワークカードを使用していない場合は、必要なファイルを利用可能にするために Openswan を NFS の後で起動しなければなりません。この場合、"NFS 起動後" と答えてください。この時に NFS 経由でマウントされる /usr は、IPSec によるセキュアな状態にはならないということに注意してください。
+ .
+ IPSec 接続に PCMCIA ネットワークカードを利用していた場合、PCMCIA サービスの起動後に Openswan を起動する以外に選択はありません。この場合、"PCMCIA 起動後" と答えてください。ローカルで動作している DNSSec 機能を使用している DNS サーバから鍵を取得したい場合でも、この答えをしてください。
+Description-ru.UTF-8: С какого уровня нужно запускать Openswan?
+ С текущими уровнями запуска Debian (особенно, после 20 уровня) невозможно всегда запустить Openswan вовремя. Есть три промежутка, когда можно запускать Openswan: перед или после служб NFS и после служб PCMCIA. Правильный момент зависит от ваших специфических настроек.
+ .
+ Если у вас дерево /usr не монтируется через NFS (или вы монтируете только другие менее важные каталоги через NFS, или вообще не используете NFS для монтирования), и вы не используете сетевые карты PCMCIA, то лучше всего запускать Openswan как можно раньше, таким образом монтирования NFS будут выполняться через шифрованное соединение IPSec. В этом случае (или, если вы не понимаете о чём речь, или вас это не волнует), ответьте "как можно раньше" (по умолчанию).
+ .
+ Если дерево /usr монтируется по NFS и не используется сетевая карта PCMCIA, то вам нужно запускать Openswan после NFS для того, чтобы были доступны все необходимые файлы. В этом случае, ответьте "после NFS". Заметим, что в этом случае NFS монтирование /usr не будет зашифровано с помощью IPSec.
+ .
+ Если вы используете сетевую карту PCMCIA для соединений IPSec, то вам остаётся только выбрать запуск после служб PCMCIA. Ответьте "после PCMCIA" в этом случае. Этот ответ так же подойдёт, если вы хотите получать ключи от локально запущенного сервера DNS с поддержкой DNSSec.
+Description-sv.UTF-8: Vid vilken nivå vill du starta Openswan?
+ Med de nuvarande uppstartsnivåerna i Debian (nästan allt startar på nivån 20) är det omöjligt för Openswan att alltid starta vid rätt tid. Det finns tre möjligheter när Openswan kan startas: före eller efter NFS-tjänsterna och efter PCMCIA-tjänsterna. Det rätta svaret beror på din specifika konfiguration.
+ .
+ Om du inte har ditt /usr-träd monterat via NFS (antingen monterar du andra, mindre viktiga träd via NFS eller så använder du inte NFS-monterade träd alls) och inte använder ett PCMCIA-nätverkskort är det bäst att starta Openswan så tidigt som möjligt och därmed tillåter säkra NFS-monteringar via IPSec. I detta fall (eller om du inte förstår eller bryr dig om detta) svara "tidigast" på denna fråga (standard).
+ .
+ Om du inte har ditt /usr-träd monterat via NFS och inte använder ett PCMCIA-nätverkskort behöver du starta Openswan efter NFS så att alla nödvändiga filer finns tillgängliga. I detta fall, svara "efter NFS" på frågan. Notera dock att NFS-monteringen av /usr kan inte säkras upp via IPSec i detta fall.
+ .
+ Om du använder ett PCMCIA-nätverkskort för dina IPSec-anslutningar har du bara valet att starta den efter PCMCIA-tjänsterna. Svara "efter PCMCIA" i detta fall. Detta är också det rätta svaret om du vill hämta nycklar från en lokalt körande DNS-server med DNSSec-stöd.
Template: openswan/restart
Type: boolean
@@ -211,122 +105,96 @@
to restart, so this is generally a good idea. However this might take down
existing connections and then bring them back up.
Description-cs.UTF-8: Přejete si spustit Openswan?
- Restartování Openswan je dobrý nápad, protože v případě, že
- aktualizace obsahuje bezpečnostní záplatu, nebude opravena dokud se
- démon nerestartuje. Většina lidí předpokládá restartování
- démona, takže je to v každém případě správný postup. Nicméně
- existující spojení mohou být shozena a poté znovu nastavena.
+ Restartování Openswan je dobrý nápad, protože v případě, že aktualizace obsahuje bezpečnostní záplatu, nebude opravena dokud se démon nerestartuje. Většina lidí předpokládá restartování démona, takže je to v každém případě správný postup. Nicméně existující spojení mohou být shozena a poté znovu nastavena.
+Description-de.UTF-8: Möchten Sie Openswan neu starten?
+ Der Neustart von Openswan ist empfehlenswert. Denn falls ein Sicherheitsproblemm mit dieser Version beseitigt wurde, ist dies unwirksam, bis der Daemon neu gestartet wurde. Die meisten Anwender erwarten, dass sich der Daemon neu startet. Somit ist dies generell eine gute Idee. Jedoch kann der Neustart existierende Verbindungen schließen und hinterher wiederherstellen.
+Description-es.UTF-8: ¿Desea reiniciar Openswan?
+ Una buena idea es reiniciar Openswan, ya que si hay un error de seguridad corregido no se arreglará hasta que el demonio se reinicie. La mayoría de las personas espera que el demonio se reinicie, ya que esto es una buena idea. Sin embargo, esto puede interrumpir las conexiones existentes y luego tiene que recuperarlas.
+Description-fi.UTF-8: Tulisiko Openswan käynnistää uudelleen?
+ Openswanin käynnistäminen uudelleen on suositeltavaa, koska mahdolliset tietoturvapäivitykset eivät tule käyttöön ennen kuin taustaohjelma käynnistetään uudelleen. Useimmat ihmiset olettavat, että taustaohjelma käynnistetään uudelleen, joten se on hyvä ajatus. Tämä saattaa kuitenkin katkaista olemassa olevat yhteydet ja avata ne sitten uudelleen.
Description-fr.UTF-8: Souhaitez-vous redémarrer Openswan ?
- Redémarrer Openswan est préférable car un éventuel correctif de
- sécurité ne prendra place que si le démon est redémarré. La plupart
- des utilisateurs s'attendent à ce que le démon redémarre et c'est donc
- le plus souvent le meilleur choix. Cependant, cela pourrait interrompre
- provisoirement des connexions en cours.
+ Redémarrer Openswan est préférable car un éventuel correctif de sécurité ne prendra place que si le démon est redémarré. La plupart des utilisateurs s'attendent à ce que le démon redémarre et c'est donc le plus souvent le meilleur choix. Cependant, cela pourrait interrompre provisoirement des connexions en cours.
+Description-gl.UTF-8: ¿Quere reiniciar Openswan?
+ Reiniciar Openswan é unha boa idea, xa que se se arranxou un problema de seguridade, non se ha aplicar ata que se reinicie o servizo. A maior parte da xente espera que o servizo se reinicie, así que adoita ser unha boa idea. Nembargantes, isto podería cortar as conexións existentes e despois volvelas erguer.
Description-ja.UTF-8: Openswan を再起動しますか?
- セキュリティ修正があった場合にはデーモンが再起動されるまで修正が反映されません。そのため、Openswan
- を再起動するのは良い考えです。ほとんどの人はデーモンを再起動しようとしますが、これは大抵問題ありません。しかし、この作業で現在の接続は切断され、再度繋ぎなおすことになります。
+ セキュリティ修正があった場合にはデーモンが再起動されるまで修正が反映されません。そのため、Openswan を再起動するのは良い考えです。ほとんどの人はデーモンを再起動しようとしますが、これは大抵問題ありません。しかし、この作業で現在の接続は切断され、再度繋ぎなおすことになります。
Description-nl.UTF-8: Wilt u Openswan herstarten?
- Openswan herstarten is een goed idee omdat als er een
- veiligheidsherstelling is, het pas echt hersteld zal zijn vanaf dat de
- achtergronddienst is herstart. De meeste mensen verwachten dat de
- achtergronddienst herstart, dus dit is meestal een goed idee. Hoewel, dit
- kan bestaande verbindingen verbreken en ze dan opnieuw herstellen.
+ Openswan herstarten is een goed idee omdat als er een veiligheidsherstelling is, het pas echt hersteld zal zijn vanaf dat de achtergronddienst is herstart. De meeste mensen verwachten dat de achtergronddienst herstart, dus dit is meestal een goed idee. Hoewel, dit kan bestaande verbindingen verbreken en ze dan opnieuw herstellen.
+Description-pt.UTF-8: Quer re-iniciar o Openswan?
+ Re-iniciar o Openswan é uma boa ideia, uma vez que se houver uma correcção de segurança não será activada até que o daemon re-inicie. A maioria das pessoas espera que isto aconteça, portanto é normalmente uma boa ideia. No entanto isto pode interromper ligações activas e recuperá-las.
Description-pt_BR.UTF-8: Você deseja reiniciar o Openswan ?
- Reiniciar o Openswan é uma boa idéia, uma vez que caso exista um
- correção para uma falha de segurança, o mesmo não será corrigido até
- que o daemon seja reiniciado. A maioria das pessoas esperam que o daemon
- seja reiniciado, portanto essa é geralmente uma boa idéia. Porém,
- reiniciar o Openswan pode derrubar conexões existentes, mas
- posteriormente trazê-las de volta.
+ Reiniciar o Openswan é uma boa idéia, uma vez que caso exista um correção para uma falha de segurança, o mesmo não será corrigido até que o daemon seja reiniciado. A maioria das pessoas esperam que o daemon seja reiniciado, portanto essa é geralmente uma boa idéia. Porém, reiniciar o Openswan pode derrubar conexões existentes, mas posteriormente trazê-las de volta.
+Description-ru.UTF-8: Перезапустить Openswan?
+ Хорошо бы перезапустить Openswan, так при наличии исправлений безопасности они не заработают, пока служба не будет перезапущена. Большинство людей всё равно перезапускают службу, поэтому обычно лучше это сделать. Однако это может привести к кратковременному разрыву существующих соединений.
+Description-sv.UTF-8: Vill du starta om Openswan?
+ Starta om Openswan är en bra idé eftersom om det är en säkerhetsrättning kommer den inte rättas till förräns demonen är omstartad. De flesta personer förväntar sig att demonen startar om så detta är generellt sett en bra idé. Dock kan detta kanske ta ner existerande anslutningar och sedan ta dom upp igen.
Description-vi.UTF-8: Bạn có muốn khởi chạy lại trình Openswan không?
- Khởi chạy lại trình Openswan là một ý kiến tốt, vì nó
- hiệu lực việc sửa bảo mật mới nào. Phần lớn người
- ngờ trình nền (dæmon) sẽ khởi chạy lại, thì nói chung làm
- như thế là một ý kiến tốt. Tuy nhiên, việc khởi chạy
- lại có thể ngắt các sự kết nối hiện thời, rồi kết
- nối chúng lại.
+ Khởi chạy lại trình Openswan là một ý kiến tốt, vì nó hiệu lực việc sửa bảo mật mới nào. Phần lớn người ngờ trình nền (dæmon) sẽ khởi chạy lại, thì nói chung làm như thế là một ý kiến tốt. Tuy nhiên, việc khởi chạy lại có thể ngắt các sự kết nối hiện thời, rồi kết nối chúng lại.
Template: openswan/create_rsa_key
Type: boolean
Default: true
-Description: Do you want to create a RSA public/private keypair for this host ?
+Description: Do you want to create a RSA public/private keypair for this host?
This installer can automatically create a RSA public/private keypair for
this host. This keypair can be used to authenticate IPSec connections to
other hosts and is the preferred way for building up secure IPSec
connections. The other possibility would be to use shared secrets
(passwords that are the same on both sides of the tunnel) for
authenticating an connection, but for a larger number of connections RSA
- authentication is easier to administrate and more secure.
-Description-cs.UTF-8: Přejete si vytvořit RSA veřejný/soukromý pár klíčů pro tento počítač?
- Tento instalátor může automaticky vytvořit RSA soukromý/privátní
- pár klíčů pro tento počítač. Pár klíčů může být využit k
- autentifikaci IPSec spojení na další počítače a je
- upřednostňovanou cestou pro sestavování bezpečných IPSec spojení.
- Další možností autentifikace je využití sdílených tajemství
- (hesel, která jsou stejná na obou stranách tunelu), ale pro větší
- množství spojení je RSA autentifikace snažší pro správu a mnohem
- bezpečnější.
+ authentication is easier to administer and more secure.
+ .
+ If you do not want to create a new public/private keypair, you can choose to
+ use an existing one.
+Description-de.UTF-8: Möchten Sie ein öffentlich/privates RSA-Schlüsselpaar für diesen Rechner erzeugen?
+ Dieser Installer kann automatisch ein öffentlich/privates RSA-Schlüsselpaar für diesen Rechner erzeugen. Dieses Schlüsselpaar kann zur Authentifizierung von IPSec-Verbindungen zu anderen Rechnern verwendet werden. Dies ist die empfohlene Methode zum Aufbau gesicherter IPSec-Verbindungen. Die andere Möglichkeit ist die Verwendung von gemeinsamen Geheimnissen (engl.: shared secrets, gleiche Passwörter an beiden Enden des Tunnels) zur Authentifizierung einer Verbindung. Für eine größere Anzahl von Verbindungen ist die RSA-Authentifizierung einfacher zu verwalten und sicherer.
+ .
+ Falls Sie kein öffentlich/privates Schlüsselpaar erzeugen möchten, können Sie ein existierendes verwenden.
+Description-fi.UTF-8: Luodaanko tälle koneelle RSA-avainpari?
+ Tämä asennusohjelma voi automaattisesti luoda julkisen ja salaisen avaimen sisältävän RSA-avainparin tälle koneelle. Tätä avainparia voidaan käyttää toisille koneille otettavien IPSec-yhteyksien todentamiseen. Tämä on suositeltava tapa turvallisten IPSec-yhteyksien luomiseen. Toinen vaihtoehto on käyttää jaettuja salaisuuksia (salasanat ovat samat tunnelin molemmissa päissä) yhteyksien todentamiseen, mutta useiden yhteyksien kanssa RSA-todennus on turvallisempi ja helpompi ylläpitää.
+ .
+ Jos uutta julkisen ja salaisen avaimen paria ei luoda, voidaan käyttöön valita olemassa oleva pari.
Description-fr.UTF-8: Souhaitez-vous créer une paire de clés RSA publique et privée pour cet hôte ?
- Cet outil d'installation peut créer automatiquement une paire de clés
- RSA publique et privée pour cet hôte. Cette paire de clés peut servir
- à authentifier des connexions IPSec vers d'autres hôtes. Cette méthode
- est la méthode conseillée pour l'établissement de liaisons IPSec
- sûres. L'autre possibilité d'authentification à la connexion est
- l'utilisation d'un secret partagé (« pre-shared key » : des mots de
- passe identiques aux deux extrémités du tunnel). Toutefois, pour de
- nombreuses connexions, l'authentification RSA est plus simple à
- administrer et plus sûre.
+ Cet outil d'installation peut créer automatiquement une paire de clés RSA publique et privée pour cet hôte. Cette paire de clés peut servir à authentifier des connexions IPSec vers d'autres hôtes. Cette méthode est la méthode conseillée pour l'établissement de liaisons IPSec sûres. L'autre possibilité d'authentification à la connexion est l'utilisation d'un secret partagé (« pre-shared key » : des mots de passe identiques aux deux extrémités du tunnel). Toutefois, pour de nombreuses connexions, l'authentification RSA est plus simple à administrer et plus sûre.
+ .
+ Si vous ne souhaitez pas créer une paire de clés publique et privée, vous pouvez choisir d'en utiliser une existante.
+Description-gl.UTF-8: ¿Quere crear un par de claves pública/privada RSA para esta máquina?
+ Este instalador pode crear automaticamente un par de claves pública/privada RSA para esta máquina. Este par de claves pódese empregar para autenticar as conexións IPSec a outras máquinas e é a maneira preferida de construír conexións IPSec seguras. A outra posibilidade sería empregar segredos compartidos (o mesmo contrasinal en ámbolous dous lados do túnel) para autenticar unha conexión, pero para ter moitas conexións é moito máis segura e fácil de administrar a autenticación RSA.
+ .
+ Se non quere crear un novo par de claves pública/privada, pode empregar un xa existente.
Description-ja.UTF-8: このホストの RSA 公開鍵と秘密鍵のキーペアを生成しますか?
- このインストーラはこのホストの RSA
- 公開鍵と秘密鍵のキーペアを自動的に生成できます。このキーペアは他のホストとの
- IPSec 通信での認証に利用可能で、セキュアな IPSec
- 通信を確立する方法として好まれています。他に利用可能な方法としては共通鍵
- (トンネルの双方で同じパスワード)
- を通信の認証に利用するというのがありますが、多数の接続に対しては、RSA
- 認証のほうが管理がより簡単で、よりセキュアです。
-Description-nl.UTF-8: Wilt u een publiek/privaat RSA-sleutelpaar aanmaken voor deze host?
- Deze installatie kan automatisch een publiek/privaat RSA-sleutelpaar
- aanmaken voor deze host. Dit sleutelpaar kan gebruikt worden om
- IPSec-verbinden naar andere hosts te authenticeren en is de aanbevolen
- manier om veilige IPSec-verbindingen op te zetten. De andere mogelijkheid
- zou zij om gedeelde geheimen (wachtwoorden die aan beide kanten van de
- tunnel hetzelfde zijn) te gebruiken voor het authenticeren van een
- verbinding, maar voor een groter aantal verbindingen is RSA-authenticatie
- gemakkelijker te beheren en veiliger.
-Description-pt_BR.UTF-8: Você deseja criar um par de chaves RSA pública/privada para este host ?
- Este instalador pode automaticamente criar um par de chaves RSA
- pública/privada para este host. Esse par de chaves pode ser usado para
- autenticar conexões IPSec com outros hosts e é a maneira preferida de
- construir conexões IPSec seguras. A outra possibilidade seria usar
- segredos compartilhados (senhas que são iguais em ambos os lados do
- túnel) para autenticar uma conexão, mas para um grande número de
- conexões RSA a autenticação é mais fácil de administrar e mais
- segura.
-Description-vi.UTF-8: Bạn có muốn tạo một cặp khóa công/riêng RSA cho máy này không?
- Trình cài đặt này có thể tự động tạo một cặp khóa
- công/riêng RSA cho máy này. Có thể sử dụng cặp khóa này
- để xác thực cách kết nối IPSec tới máy khác, và nó là
- cách ưa thích để xây dụng cách kết nối IPSec bảo mật.
- Hoặc có thể sử dụng «bí mật dùng chung» (shared secrets),
- mà có cùng một mật khẩu tại cả hai đầu và cuối đều
- đường hầm, để xác thực mỗi sự kết nối. Tuy nhiên,
- với sự kết nối rất nhiều, dễ hơn để sử dụng cách
- xác thực RSA và nó bảo mật hơn.
+ このインストーラはこのホストの RSA 公開鍵と秘密鍵のキーペアを自動的に生成できます。このキーペアは他のホストとの IPSec 通信での認証に利用可能で、セキュアな IPSec 通信を確立する方法として好まれています。他に利用可能な方法としては共通鍵 (トンネルの双方で同じパスワード) を通信の認証に利用するというのがありますが、多数の接続に対しては、RSA 認証のほうが管理がより簡単で、よりセキュアです。
+ .
+ 新しい公開鍵と秘密鍵のキーペアを生成したくないという場合は、既存の鍵を使うのを選ぶこともできます。
+Description-ru.UTF-8: Создать открытый/секретный ключи RSA для этой машины?
+ Процедура установки может автоматически создать открытый/секретный RSA ключи для этой машины. Эта пара ключей может использоваться для аутентификации IPSec соединений с другими машинами, и это является предпочтительным способом создания безопасных соединений IPSec. Также для аутентификации соединения можно использовать общие секреты (одинаковые пароли на обоих концах туннеля), но при большом количестве соединений RSA аутентификацию легче администрировать и она более безопасна.
+ .
+ Если вы не хотите создавать новые открытый/секретный ключи, то можете выбрать использование существующих.
+Description-sv.UTF-8: Vill du skapa ett publikt/privat RSA-nyckelpar för denna värdmaskin?
+ Detta installerare kan automatiskt skapa ett publik/privat RSA-nyckelpar för denna värdmaskin. Detta nyckelpar kan användas för att autentisera IPSec-anslutningar till andra värdar och är det sätt som föredras för att bygga upp säkra IPSec-anslutningar. Den andra möjligheten skulle vara att använda delade hemligheter (lösenord som är samma på båda sidor av tunneln) för att autentisera en anslutning men för ett större antal anslutningar är RSA-autentiseringar det enklaste att administrera och mer säkert.
+ .
+ Om du inte vill skapa ett publikt/privat RSA-nyckelpar kan du använda ett som redan existerar.
Template: openswan/rsa_key_type
Type: select
Choices: x509, plain
Choices-cs.UTF-8: x509, prostý
-Choices-fr.UTF-8: X509, simple paire
+Choices-de.UTF-8: X509, Klartext
+Choices-es.UTF-8: x509, simple
+Choices-fi.UTF-8: x509, tavallinen
+Choices-fr.UTF-8: X509, Simple paire
+Choices-gl.UTF-8: x509, simple
Choices-ja.UTF-8: x509, 通常のタイプ
Choices-nl.UTF-8: x509, gewoon
+Choices-pt.UTF-8: x509, simples
Choices-pt_BR.UTF-8: x509, pura
+Choices-ru.UTF-8: x509, чистый формат
+Choices-sv.UTF-8: x509, enkel
Choices-vi.UTF-8: x509, giản dị
Default: x509
-Description: Which type of RSA keypair do you want to create ?
- It is possible to create a plain RSA public/private keypair for the use
+Description: Which type of RSA keypair do you want to create?
+ It is possible to create a plain RSA public/private keypair for use
with Openswan or to create a X509 certificate file which contains the RSA
- public key and additionally store the corresponding private key.
+ public key and additionally stores the corresponding private key.
.
If you only want to build up IPSec connections to hosts also running
Openswan, it might be a bit easier using plain RSA keypairs. But if you
@@ -338,159 +206,72 @@
Therefore a X509 certificate is recommended since it is more flexible and
this installer should be able to hide the complex creation of the X509
certificate and its use in Openswan anyway.
-Description-cs.UTF-8: Jaký typ RSA páru klíčů chcete vytvořit?
- Je možné vytvořit čisty pár RSA klíčů pro použití s Openswan
- nebo vytvořit soubor s certifikátem X509, který obsahuje veřejný RSA
- klíč a dodatečně uchovává odpovídající privátní klíč.
- .
- Pokud chcete vytvořit IPSec spojení jen k počítači, na kterém
- taktéž běží Openswan, může být mnohem jednodušší použít RSA
- pár klíčů. Pokud se ale chcete připojit k jiným implementacím
- IPSec, budete potřebovat certifikát X509. Můžete také vytvořit
- certifikát X509 zde a získat veřejný klíč RSA v čisté textové
- podobě pokud druhá strana používá Openswan bez podpory certifikátu
- X509.
- .
- Certifikát X509 je proto doporučován zejména díky své flexibilnosti.
- Tentoinstalátor by v každém případě měl být schopen skrýt
- komplexnost jeho vytváření a použití s Openswan.
+Description-de.UTF-8: Welchen Typ von RSA-Schlüssel möchten Sie erzeugen?
+ Es ist möglich, ein öffentlich/privates RSA-Schlüsselpaar im Klartext zur Verwendung mit Openswan zu erzeugen. Oder es wird eine X509-Zertifikats-Datei erstellt, die den öffentlichen RSA-Schlüssel enthält und zusätzlich den korrespondierenden privaten Schlüssel speichert.
+ .
+ Falls Sie ausschließlich IPSec-Verbindungen zu Rechnern aufbauen möchten, die auch mit Openswan arbeiten, könnte es etwas einfacher sein, RSA-Schlüsselpaare im Klartext zu verwenden. Aber falls Sie sich mit anderen IPSec-Implementationen verbinden möchten, werden Sie ein X509-Zertifikat benötigen. Es ist auch möglich, ein X509-Zertifikat hier zu erzeugen und den öffentlichen RSA-Schlüssel im Klartextformat zu extrahieren, falls die andere Seite Openswan ohne Unterstützung für X509-Zertifikate verwendet.
+ .
+ Deshalb wird ein X509-Zertifikat empfohlen, da es flexibler ist. Dieser Installer sollte die komplexe Erzeugung des X509-Zertifikats und dessen Verwendung in Openswan verstecken können.
+Description-fi.UTF-8: Minkä tyyppinen RSA-avainpari luodaan?
+ On mahdollista luoda tavallinen RSA-avainpari Openswanin käyttöön tai luoda X509-varmennetiedosto, joka sisältää julkisen RSA-avaimen ja lisäksi tallentaa vastaavan salaisen avaimen.
+ .
+ Jos halutaan vain luoda IPSec-yhteyksiä toiselle koneille, joilla myös ajetaan Openswania, on ehkä hieman helpompaa käyttää tavallisia RSA-avainpareja. Jos halutaan ottaa yhteyksiä muihin IPSec-toteutuksiin, tarvitaan X509-varmenne. On myös mahdollista luoda X509-varmenne nyt ja erottaa julkinen RSA-avain siitä tavalliseen muotoon, jos toisella puolella on Openswan, jossa ei ole X509-varmenteiden tukea.
+ .
+ Tästä syystä suositellaan joustavampaa X509-varmennetta. Tämä asennusohjelman pitäisi joka tapauksessa pystyä piilottamaan X509-varmenteen monimutkainen luontiprosessi ja käyttö Openswanissa.
Description-fr.UTF-8: Type de paire de clés RSA à créer :
- Il est possible de créer une simple paire de clés destinée à être
- utilisée avec Openswan ou de créer un fichier de certificat X509 qui
- contient la clé publique RSA et de conserver la clé privée
- correspondante par ailleurs.
- .
- Si vous ne prévoyez d'établir des connexions IPSec qu'avec des hôtes
- utilisant Openswan, il sera probablement plus facile d'utiliser des clés
- RSA simples. Mais si vous souhaitez vous connecter à des hôtes utilisant
- d'autres implémentations d'IPSec, vous aurez besoin d'un certificat X509.
- Il est également possible de créer un certificat X509 puis d'en extraire
- un simple clé publique RSA, si l'autre extrémité de la connexion
- utilise Openswan sans le support des certificats X509.
- .
- En conséquence, il vous est conseillé d'utiliser un certificat X509 car
- cette méthode est plus souple. Cet outil d'installation devrait vous
- simplifier la tâche de création et d'utilisation de ce certificat X509.
+ Il est possible de créer une simple paire de clés destinée à être utilisée avec Openswan ou de créer un fichier de certificat X509 qui contient la clé publique RSA et de conserver la clé privée correspondante par ailleurs.
+ .
+ Si vous ne prévoyez d'établir des connexions IPSec qu'avec des hôtes utilisant Openswan, il sera probablement plus facile d'utiliser des clés RSA simples. Mais si vous souhaitez vous connecter à des hôtes utilisant d'autres implémentations d'IPSec, vous aurez besoin d'un certificat X509. Il est également possible de créer un certificat X509 puis d'en extraire une simple clé publique RSA, si l'autre extrémité de la connexion utilise Openswan sans la gestion des certificats X509.
+ .
+ Ainsi, il vous est conseillé d'utiliser un certificat X509 car cette méthode est plus souple. Cet outil d'installation devrait vous simplifier la tâche de création et d'utilisation de ce certificat X509.
+Description-gl.UTF-8: ¿Que tipo de par de claves RSA quere crear?
+ Pode crear un par de claves pública/privada simple para empregalo con Openswan, ou pode crear un ficheiro de certificado X509 que contén a clave pública RSA e tamén garda a clave privada correspondente.
+ .
+ Se só quere realizar conexións IPSec a máquinas que tamén empregan Openswan pode ser un pouco máis doado empregar pares de claves simples. Nembargantes, se quere conectarse a outras implementacións de IPSec, ha ter que empregar un certificado X509. Tamén é posible crear aquí un certificado X509 e extraer a clave pública RSA en formato simple se o outro estremo executa Openswan sen soporte de certificados X509.
+ .
+ Polo tanto recoméndase empregar un certificado X509, xa que é máis flexible e este instalador debería poder ocultar a complexidade da creación do certificado X509 e do seu emprego en Openswan.
Description-ja.UTF-8: どちらのタイプの RSA キーペアを生成しますか?
- Openswan で利用する通常の RSA
- 公開鍵・秘密鍵のキーペアを作れます。あるいは RSA
- 公開鍵を (さらにはそれに対応する秘密鍵も) 含む X509
- 証明書ファイルも同様です。
- .
- 既に Openswan を動作させているホストと IPSec
- 通信を確立したいだけの場合は、通常の RSA
- キーペアを使用すると多少簡単になります。しかし、他の
- IPSec 実装との接続を行いたい場合は X509
- 証明書が必要になります。通信を行う対象のホストが
- Openswan を X509
- 証明書のサポート無しで運用していた場合、ここで X509
- 証明書を生成して、後ほど RSA
- 公開鍵を通常の形式に展開することも可能です。
- .
- したがって X509
- 証明書がお勧めです。こちらのほうが柔軟ですし、このインストーラを使えば、X509
- 証明書の生成や Openswan
- での利用に際しての面倒さを隠蔽してくれるはずです。
-Description-nl.UTF-8: Welk type RSA-sleutelpaar wilt u aanmaken?
- Het is mogelijk om een gewoon publiek/privaat RSA-sleutelpaar aan te maken
- om te gebruiken met Openswan of om een X509-certificaatbestand aan te
- maken die de publieke RSA-sleutel bevat en de corresponderende private
- sleutel te bewaren.
- .
- Als u enkel IPSec-verbindingen wilt opzetten naar hosts die ook Openswan
- draaien, dan is het misschien een beetje gemakkelijker om gewone
- RSA-sleutelparen te gebruiken. Maar als u verbindingen wilt leggen met
- andere IPSec-implementaties, dan zult u een X509-certificaat nodig hebben.
- Het is ook mogelijk om hier een X509-certificaat aan te maken en de
- publieke RSA-sleutel te extraheren in een gewoon formaat als de andere
- kant Openswan draait zonder X509-certificaatondersteuning.
- .
- Daarom wordt een X509-certificaat aanbevolen omdat het flexibeler is en
- deze installatie moet de complexe creatie van een X509-certificaat kunnen
- verbergen en het toch in Openswan kunnen gebruiken.
-Description-pt_BR.UTF-8: Qual tipo de par de chaves RSA você deseja criar ?
- É possível criar um par de chaves RSA pública/privada pura (plain) para
- uso com o Openswan ou para criar um arquivo de certificado X509 que irá
- conter a chave RSA pública e adicionalmente armazenar a chave privada
- correspondente.
- .
- Caso você queira somente construir conexões IPsec para hosts e também
- executar o Openswan, pode ser um pouco mais fácil usar pares de chaves
- RSA puros (plain). Mas caso você queira se conectar a outras
- implementações IPSec, você precisará de um certificado X509. É
- também possível criar um certificado X509 aqui e extrair a chave
- pública em formato puro (plain) caso o outro lado execute o Openswan sem
- suporte a certificados X509.
- .
- Um certificado X509 é recomendado, uma vez que o mesmo é mais flexível
- e este instalador é capaz de simplificar a complexa criação do
- certificado X509 e seu uso com o Openswan.
-Description-vi.UTF-8: Bạn có muốn tạo cặp khóa RSA loại nào?
- Có thể tạo một cặp khóa công/riêng RSA thô để sử dụng
- với trình Openswan, hoặc tạo một tập tin chứng nhận X509
- chứa khóa công RSA ấy và cũng cất giữ khóa riêng tương
- ứng.
- .
- Nếu bạn chỉ muốn xây dụng sự kết nối IPSec đến máy
- cũng chạy trình Openswan, có thể dễ dàng hơn khi sử dụng
- cặp khóa RSA thô. Còn nếu bạn muốn kết nối đến một
- sự thực hiện IPSec khác, thì bạn sẽ cần có một chứng
- nhận loại X509. Cũng có thể tạo một chứng nhận X509 tại
- đây, rồi rút khóa công RSA có dạng thô, nếu bên khác có
- chạy trình Openswan không có hỗ trợ chứng nhận X509.
- .
- Vì vậy khuyến khích một chứng nhận X509, vì nó dẻo hơn
- và trình cài đặt này nên có thể ẩn việc phức tạp tạo
- chứng nhận X509 và cách dùng nó trong trình Openswan.
+ Openswan で利用する通常の RSA 公開鍵・秘密鍵のキーペアを作れます。あるいは RSA 公開鍵を (さらにはそれに対応する秘密鍵も) 含む X509 証明書ファイルも同様です。
+ .
+ 既に Openswan を動作させているホストと IPSec 通信を確立したいだけの場合は、通常の RSA キーペアを使用すると多少簡単になります。しかし、他の IPSec 実装との接続を行いたい場合は X509 証明書が必要になります。通信を行う対象のホストが Openswan を X509 証明書のサポート無しで運用していた場合、ここで X509 証明書を生成して、後ほど RSA 公開鍵を通常の形式に展開することも可能です。
+ .
+ したがって X509 証明書がお勧めです。こちらのほうが柔軟ですし、このインストーラを使えば、X509 証明書の生成や Openswan での利用に際しての面倒さを隠蔽してくれるはずです。
+Description-ru.UTF-8: Тип создаваемых ключей RSA:
+ Возможно создание чистых (plain) открытого/секретного ключей RSA для использования в Openswan, или можно создать файл сертификат X509, который содержит открытый ключ RSA, а также дополнительно хранит соответствующий секретный ключ.
+ .
+ Если вы хотите построить IPSec соединения с только машинами, которые также используют Openswan, то использование чистых пар ключей RSA делает это чуть легче. Но если вы хотите соединяться с машинами, использующими другие реализации IPSec, то вам нужно использовать сертификат X509. Также здесь возможно создание сертификата X509 и извлечение открытого ключа RSA в чистый формат, если другая сторона работает на Openswan без поддержки сертификата X509.
+ .
+ Поэтому рекомендуется использовать сертификат X509, так как это более гибко, и данная процедура установки скроет сложность создания сертификата X509, и он всё равно используется в Openswan.
+Description-sv.UTF-8: Vilken typ av RSA-nyckelpar vill du skapa?
+ Det är möjligt att skapa ett enkelt publik/privat RSA-nyckelpar för att använda med Openswan eller att skapa en X509-certifikatfil som innehåller den publika RSA-nyckeln och dessutom lagra den motsvarande privata nyckeln.
+ .
+ Om du bara vill bygga upp IPSec-anslutningar till värdmaskin som också kör Openswan kan det vara lite enklare att använda enkla (plain) RSA-nyckelpar. Men om du vill ansluta till andra IPSec-implementationer behöver du ett X509-certifikat. Det är också möjligt att skapa ett X509-certifikat här och plocka ut den publika RSA-nyckeln i enkelt format om den andra sidan kör Openswan utan stöd för X509-certifikat.
+ .
+ Därför är ett X509-certifikat rekommenderat eftersom det är mer flexibelt och denna installerare bör kunna gömma den komplexa processen att skapa X509-certifikatet och dess användning i Openswan ändå.
Template: openswan/existing_x509_certificate
Type: boolean
Default: false
-Description: Do you have an existing X509 certificate file that you want to use for Openswan ?
+Description: Do you have an existing X509 certificate file that you want to use for Openswan?
This installer can automatically extract the needed information from an
existing X509 certificate with a matching RSA private key. Both parts can
be in one file, if it is in PEM format. Do you have such an existing
certificate and key file and want to use it for authenticating IPSec
- connections ?
-Description-cs.UTF-8: Vlastníte existující certifkát X509, který chcete použít pro Openswan?
- Instalátor může automaticky získat potřebné informace z
- existujícího certiifikátu X509 s odpovídajícím privátním RSA
- klíčem. Obě části mohou být v jednom souboru, jedná-li se o formát
- PEM. Vlastníte takový certifikát i soubor s klíčem a chcete jej
- použít pro autentifikaci spojení IPSec?
-Description-fr.UTF-8: Possédez-vous un fichier de certificat X509 existant àutiliser avec Openswan ?
- Cet outil d'installation est capable d'extraire automatiquement
- l'information nécessaire d'un fichier de certificat X509 existant, avec
- la clé privée RSA correspondante. Les deux parties peuvent se trouver
- dans un seul fichier, s'il est en format PEM. Possédez-vous un tel
- certificat ainsi que la clé privée, et souhaitez-vous vous en servir
- pour l'authentification des connexions IPSec ?
-Description-ja.UTF-8: 既に存在している X509 証明書ファイルを Openswan で利用しますか?
- このインストーラは既に存在している X509 証明書から
- RSA
- 秘密鍵と照らし合わせて必要な情報を自動的に展開する事が可能です。
- PEM
- 形式の場合、双方を一つのファイルにまとめることも可能です。そのような証明書と鍵のファイルがあり、これらを
- IPSec 通信での認証に使用したいですか?
-Description-nl.UTF-8: Hebt u een bestaand X509-certificaatbestand dat u voor Openswan wilt gebruiken?
- Deze installatie kan de benodigde informatie automatisch extraheren van
- een bestaand X509-certificaat met een bijhorende private RSA-sleutel.
- Beide delen kunnen in één bestand zijn, als het in PEM-formaat is. Hebt
- u zo'n bestaand certificaat en een sleutelbestand; en wilt u het voor de
- authenticatie van IPSec-verbindingen gebruiken?
-Description-pt_BR.UTF-8: Você possui um arquivo de certificado X509 existente que você gostaria de usar com o Openswan ?
- Este instalador pode extrair automaticamente a informação necessária de
- um certificado X509 existente com uma chave RSA privada adequada. Ambas as
- partes podem estar em um arquivo, caso estejam no formato PEM. Você
- possui um certificado existente e um arquivo de chave e quer usá-los para
- autenticar conexões IPSec ?
-Description-vi.UTF-8: Bạn có một tập tin chứng nhận X509 mà bạn muốn sử dụng với trình Openswan chưa?
- Trình cài đặt này có thể tự động giải mã thông tin cần
- thiết ra một chứng nhận X509 đã có, với khóa riêng RSA
- tương ứng. Cả hai điều có thể trong cùng một tập tin,
- nếu nó có dạng PEM. Bạn có chứng nhận đã có như vậy,
- và muốn sử dụng nó để xác thực cách kết nối IPSec
- không?
+ connections?
+Description-de.UTF-8: Haben Sie eine existierende X509-Zertifikats-Datei, die Sie mit Openswan verwenden möchten?
+ Dieser Installer kann automatisch die benötigten Informationen aus einer existierenden X509-Zertifikats-Datei mit einem passenden privaten RSA-Schlüssel extrahieren. Beide Teile können sich in einer Datei befinden, falls sie im PEM-Format vorliegt. Haben Sie eine solche existierende Zertifikat-und-Schlüssel-Datei und möchten Sie sie zur Authentifizierung von IPSec-Verbindungen verwenden?
+Description-fi.UTF-8: Onko olemassa X509-varmennetiedostoa, jota halutaan käyttää Openswanin kanssa?
+ Tämä asennusohjelma voi automaattisesti erottaa tarvittavat tiedot olemassa olevasta X509-varmenteesta ja sitä vastaavasta salaisesta RSA-avaimesta. Molemmat osat voivat olla yhdessä tiedostossa, jos se on PEM-muodossa.
+Description-fr.UTF-8: Possédez-vous un fichier de certificat X509 existant à utiliser avec Openswan ?
+ Cet outil d'installation est capable d'extraire automatiquement l'information nécessaire d'un fichier de certificat X509 existant, avec la clé privée RSA correspondante. Les deux parties peuvent se trouver dans un seul fichier, s'il est en format PEM. Indiquez si vous possédez un tel certificat ainsi que la clé privée, et si vous souhaitez vous en servir pour l'authentification des connexions IPSec.
+Description-gl.UTF-8: ¿Ten un certificado X509 existente que queira empregar en Openswan?
+ Este instalador pode extraer automaticamente a información necesaria dun certificado X509 existente cunha clave privada RSA correspondente. As dúas partes poden estar nun só ficheiro, se está en formato PEM. ¿Ten un certificado tal e un ficheiro coa clave privada, e quere empregalo para autenticar conexións IPSec?
+Description-ja.UTF-8: Openswan で利用したい X509 証明書ファイルがありますか?
+ このインストーラは既存の X509 証明書から RSA 秘密鍵と照らし合わせて必要な情報を自動的に展開する事が可能です。 PEM 形式の場合、双方を一つのファイルにまとめることも可能です。そのような証明書と鍵のファイルがあり、これらを IPSec 通信での認証に使用したいですか?
+Description-ru.UTF-8: У вас уже есть файл сертификата X509, который вы бы хотели использовать в Openswan?
+ Процедура установки может автоматически извлечь необходимую информацию из имеющегося файла сертификата X509 с помощью ответного секретного ключа RSA. Обе части могут быть в одном файле, если он имеет формат PEM. У вас есть такой сертификат и файл ключа, и вы хотите использовать его для аутентификации соединений IPSec?
+Description-sv.UTF-8: Har du en existerande X509-certifikatfil som du vill använda för Openswan?
+ Denna installerare kan automatiskt plocka ut den information som behövs från ett existerande X509-certifikat med en matchande privat RSA-nyckel. Båda delar kan vara i en fil om den är i PEM-format. Har du ett sådant existerande certifikat och nyckelfil och vill använda det för att autentisera IPSec-anslutningar ?
Template: openswan/existing_x509_certificate_filename
Type: string
@@ -499,21 +280,30 @@
PEM format.
Description-cs.UTF-8: Zadejte prosím umístění vašeho certifikátu X509 ve formátu PEM.
Zadejte prosím umístění vašeho certifikátu X509 ve formátu PEM.
+Description-de.UTF-8: Bitte geben Sie den Speicherort ihres X509-Zertifikats im PEM-Format ein.
+ Bitte geben Sie den Speicherort der Datei ein, die Ihr X509-Zertifikat im PEM-Format enthält.
+Description-es.UTF-8: Introduzca la localización del certificado X509 en formato PEM.
+ Ingrese la localización del fichero que contiene su certificado X509 en formato PEM.
+Description-fi.UTF-8: PEM-muodossa olevan X509-varmenteen sijainti:
+ Anna PEM-muodossa olevan, X509-varmenteen sisältävän tiedoston sijainti.
Description-fr.UTF-8: Emplacement de votre certificat X509 au format PEM :
- Veuillez indiquer l'emplacement du fichier contenant votre certificat X509
- au format PEM.
+ Veuillez indiquer l'emplacement du fichier contenant votre certificat X509 au format PEM.
+Description-gl.UTF-8: Introduza a ubicación do seu certificado X509 en formato PEM.
+ Introduza a ubicación do ficheiro que contén o seu certificado X509 en formato PEM.
Description-ja.UTF-8: PEM 形式の X509 証明書の場所を入力してください。
- PEM 形式の X509
- 証明書を含んでいるファイルの場所を入力してください。
+ PEM 形式の X509 証明書を含んでいるファイルの場所を入力してください。
Description-nl.UTF-8: Geef de locatie van uw X509-certificaat in PEM-formaat.
- Geef de locatie van het bestand dat uw X509-certificaat in PEM-formaat
- bevat.
+ Geef de locatie van het bestand dat uw X509-certificaat in PEM-formaat bevat.
+Description-pt.UTF-8: Por favor indique a localização do seu certificado X509 no formato PEM.
+ Por favor indique a localização do ficheiro que contém o seu certificado X509 em formato PEM.
Description-pt_BR.UTF-8: Por favor, informe a localização de seu certificado X509 no formato PEM.
- Por favor, informe a localização do arquivo contendo seu certificado
- X509 no formato PEM.
+ Por favor, informe a localização do arquivo contendo seu certificado X509 no formato PEM.
+Description-ru.UTF-8: Укажите место расположения вашего сертификата X509 в формате PEM.
+ Укажите место расположения файла, содержащего ваш сертификат X509 в формате PEM.
+Description-sv.UTF-8: Ange platsen för ditt X509-certifikat i PEM-format.
+ Ange platsen för din fil som innehåller ditt X509-certifikat i PEM-format.
Description-vi.UTF-8: Hãy nhập địa điểm của chứng nhận X509 của bạn, có dạng PEM.
- Hãy nhập địa điểm của tập tin chứa chứng nhận X509
- của bạn, có dạng PEM.
+ Hãy nhập địa điểm của tập tin chứa chứng nhận X509 của bạn, có dạng PEM.
Template: openswan/existing_x509_key_filename
Type: string
@@ -522,75 +312,59 @@
matching your X509 certificate in PEM format. This can be the same file
that contains the X509 certificate.
Description-cs.UTF-8: Zadejte prosím umístění vašeho certifikátu X509 ve formátu PEM.
- Zadejte prosím umístění souboru obsahujícího privátní RSA klíč
- odpovídající vašemu certifikátu X509 ve formátu PEM. Může to být
- stejný soubor jako ten obsahující certifikát X509.
+ Zadejte prosím umístění souboru obsahujícího privátní RSA klíč odpovídající vašemu certifikátu X509 ve formátu PEM. Může to být stejný soubor jako ten obsahující certifikát X509.
+Description-de.UTF-8: Bitte geben Sie den Speicherort Ihren privaten X509-Schlüssels im PEM-Format ein.
+ Bitte geben Sie den Speicherort der Datei ein, die den privaten RSA-Schlüssel im PEM-Format enthält, der zu Ihrem X509-Zertifikat passt. Dies kann dieselbe Datei sein, die das X509-Zertifikat enthält.
+Description-es.UTF-8: Ingrese la localización de su llave privada X509 en formato PEM.
+ Ingrese la ubicación del fichero que contiene la llave privada RSA que corresponde a su certificado X509, en formato PEM. Puede ser el mismo fichero que contiene el certificado X509.
+Description-fi.UTF-8: PEM-muotoisen salaisen X509-avaimen sijainti:
+ Anna PEM-muodossa olevaan X509-varmenteeseen täsmäävän salaisen RSA-avaimen sijainti. Tämä saattaa olla sama tiedosto kuin se, joka sisältää X509-varmenteen.
Description-fr.UTF-8: Emplacement de votre clé privée X509 au format PEM :
- Veuillez indiquer l'emplacement du fichier contenant la clé privée RSA
- correspondant à votre certificat X509 au format PEM. Cela peut être le
- fichier qui contient le certificat X509.
+ Veuillez indiquer l'emplacement du fichier contenant la clé privée RSA correspondant à votre certificat X509 au format PEM. Cela peut être le fichier qui contient le certificat X509.
+Description-gl.UTF-8: Introduza a ubicación da súa clave privada X509 en formato PEM.
+ Introduza a ubicación do ficheiro que contén a clave privada RSA que corresponde ao seu certificado X509 en formato PEM. Pode ser o mesmo ficheiro que o que contén o certificado X509.
Description-ja.UTF-8: PEM 形式の X509 秘密鍵の場所を入力してください。
- PEM 形式の X509
- 証明書に対応する秘密鍵を含んでいるファイルの場所を入力してください。これは
- X509 証明書を含んでいるファイルと同じで構いません。
+ PEM 形式の X509 証明書に対応する秘密鍵を含んでいるファイルの場所を入力してください。これは X509 証明書を含んでいるファイルと同じで構いません。
Description-nl.UTF-8: Geef de locatie van uw private X509-sleutel in PEM-formaat.
- Geef de locatie van het bestand dat uw private RSA-sleutel bevat die
- behoort bij uw X509-certificaat in PEM-formaat. Dit kan hetzelfde bestand
- zijn als dat wat uw X509-certificaat bevat.
+ Geef de locatie van het bestand dat uw private RSA-sleutel bevat die behoort bij uw X509-certificaat in PEM-formaat. Dit kan hetzelfde bestand zijn als dat wat uw X509-certificaat bevat.
+Description-pt.UTF-8: Por favor indique a localização da sua chave privada X509 em formato PEM.
+ Por favor indique a localização do ficheiro que contém a chave privada RSA quecorresponde ao seu certificado X509 em formato PEM. Pode ser o mesmo ficheiro que contém o certificado X509.
Description-pt_BR.UTF-8: Por favor, informe a localização de sua chave privada X509 no formato PEM.
- Por favor, informe a localização do arquivo contendo a chave privada RSA
- que casa com seu certificado X509 no formato PEM. Este pode ser o mesmo
- arquivo que contém o certificado X509.
+ Por favor, informe a localização do arquivo contendo a chave privada RSA que casa com seu certificado X509 no formato PEM. Este pode ser o mesmo arquivo que contém o certificado X509.
+Description-ru.UTF-8: Укажите место расположения секретного ключа X509 в формате PEM.
+ Введите путь к файлу, который содержит секретный ключ RSA, расшифровывающий ваш сертификат X509 в формате PEM. Этот может быть тот же файл, который содержит сертификат X509.
+Description-sv.UTF-8: Ange platsen för din privata X509-nyckel i PEM-format.
+ Ange platsen för den fil som innehåller den privata RSA-nyckeln som matchar ditt X509-certifikat i PEM-format. Detta kan vara samma fil som innehåller X509-certifikatet.
Description-vi.UTF-8: Hãy nhập địa điểm của khóa riêng X509 của bạn, có dạng PEM.
- Hãy nhập địa điểm của tập tin chứa khóa RSA riêng khớp
- với chứng nhận X509 của bạn, có dạng PEM. Có thể là cùng
- một tập tin chứa chứng nhận X509.
+ Hãy nhập địa điểm của tập tin chứa khóa RSA riêng khớp với chứng nhận X509 của bạn, có dạng PEM. Có thể là cùng một tập tin chứa chứng nhận X509.
Template: openswan/rsa_key_length
Type: string
Default: 2048
-Description: Which length should the created RSA key have ?
+Description: Which length should the created RSA key have?
Please enter the length of the created RSA key. it should not be less than
1024 bits because this should be considered unsecure and you will probably
not need anything more than 2048 bits because it only slows the
authentication process down and is not needed at the moment.
-Description-cs.UTF-8: Jakou délku by měl mít vytvořený RSA klíč?
- Zadejte prosím délku vytvářeného RSA klíče. Kvůli bezpečnosti by
- neměla být méně než 1024 bitů a pravděpodobně nepotřebujete víc
- než 2048 bitů, protože to již zpomaluje proces autentizace.
+Description-de.UTF-8: Welche Länge soll der erzeugte RSA-Schlüssel haben?
+ Bitte geben Sie die Länge des zu erzeugenden RSA-Schlüssels ein. Sie sollte nicht weniger als 1024 Bit sein, da dies als unsicher betrachtet wird. Und Sie werden wahrscheinlich nicht mehr als 2048 Bit benötigen, da längere Schlüssel den Authentifizierungs-Prozess verlangsamen und zur Zeit nicht benötigt werden.
+Description-fi.UTF-8: Minkä pituinen luotavan RSA-avaimen tulisi olla?
+ Anna luotavan RSA-avaimen pituus. Sen ei tulisi olla lyhyempi kuin 1024 bittiä, koska tätä lyhyempiä pidetään turvattomina, eikä sen luultavasti tarvitse olla 2048 bittiä pidempi, koska tällöin se lähinnä hidastaisi todennusprosessia, eikä pidempää avainta tällä hetkellä tarvita.
Description-fr.UTF-8: Longueur de la clé RSA à créer :
- Veuillez indiquer la longueur de la clé RSA qui sera créée. Elle ne
- doit pas être inférieure à 1024 bits car cela serait considéré comme
- insuffisamment sûr. Un choix excédant 2048 bits est probablement inutile
- car cela ne fait essentiellement que ralentir le processus
- d'authentification sans avoir d'intérêt actuellement.
-Description-ja.UTF-8: RSA 鍵をどの長さで生成しますか?
- 生成する RSA
- 鍵の長さを入力してください。安全のため、1024
- ビット以下にすべきではありません。2048
- ビット以上にする必要もないでしょう。認証プロセスが遅くなりますし、現時点ではおそらく必要ありません。
-Description-nl.UTF-8: Welke lengte moet de aangemaakte RSA-sleutel hebben?
- Geef de lengte van de aangemaakte RSA-sleutel. Het mag niet minder dan
- 1024 bits zijn omdat dit als onveilig wordt beschouwd en u zult
- waarschijnlijk niet meer dan 2048 bits nodig hebben omdat het enkel het
- authenticatieproces vertraagt en op dit moment niet nodig is.
-Description-pt_BR.UTF-8: Qual deve ser o tamanho da chave RSA criada ?
- Por favor, informe o tamanho da chave RSA a ser criada. A mesma não deve
- ser menor que 1024 bits devido a uma chave de tamanho menor que esse ser
- considerada insegura. Você também não precisará de nada maior que 2048
- porque isso somente deixaria o processo de autenticação mais lento e
- não seria necessário no momento.
-Description-vi.UTF-8: Khóa RSA mới được tạo nên có độ dài nào?
- Hãy nhập độ dài của khóa RSA mới được tạo. Nên có ít
- nhất 1024 bit, vì khóa nào nhỏ hơn kích thước ấy không
- phải là bảo mật. Rất có thể là bạn sẽ không cần sử
- dụng độ dài hơn 2048 bit, vì nó chỉ giảm tốc độ tiến
- trình xác thực, và hiện thời không cần thiết.
+ Veuillez indiquer la longueur de la clé RSA qui sera créée. Elle ne doit pas être inférieure à 1024 bits car cela serait considéré comme insuffisamment sûr. Un choix excédant 2048 bits est probablement inutile car cela ne fait essentiellement que ralentir le processus d'authentification sans avoir d'intérêt actuellement.
+Description-gl.UTF-8: ¿Que lonxitude debe ter a clave RSA creada?
+ Introduza a lonxitude da clave RSA creada. Non debería ser inferior a 1024 bits porque esta lonxitude é insegura, e probablemente non ha precisar de máis de 2048 bits porque só ralentiza a autenticación e non é necesario tanto neste momento.
+Description-ja.UTF-8: RSA 鍵をどの程度の長さで生成しますか?
+ 生成する RSA 鍵の長さを入力してください。安全のため、1024 ビット以下にすべきではありません。2048 ビット以上にする必要もないでしょう。認証プロセスが遅くなりますし、現時点ではおそらく必要ありません。
+Description-ru.UTF-8: Длина создаваемого ключа RSA:
+ Введите длину создаваемого ключа RSA. Она должна быть не менее 1024 бит, так как меньшая не считается безопасной, и вам, вероятно, не нужно задавать значение более 2048, так как это только замедлит процесс аутентификации и это не нужно.
+Description-sv.UTF-8: Vilken längd ska den skapade RSA-nyckeln ha?
+ Ange längden för den skapade RSA-nyckeln, den bör inte vara kortare än 1024 bitar för att detta bör anses som osäkert och du vill antagligen inte behöva någon längre än 2048 bitar för att det bara går autentiseringsprocessen långsammare och behövs inte just nu.
Template: openswan/x509_self_signed
Type: boolean
Default: true
-Description: Do you want to create a self-signed X509 certificate ?
+Description: Do you want to create a self-signed X509 certificate?
This installer can only create self-signed X509 certificates
automatically, because otherwise a certificate authority is needed to sign
the certificate request. If you want to create a self-signed certificate,
@@ -604,94 +378,34 @@
installer will only create the RSA private key and the certificate request
and you will have to sign the certificate request with your certificate
authority.
-Description-cs.UTF-8: Chcete vytvořit certifikát X509 podepsaný sám sebou?
- Tento instalátor může automaticky vytvořit pouze certifikát X509
- podepsaný sám sebou, jelikož v opačném případě je k podpisu
- certifikátu potřeba certifikační autorita. Tento certifikát můžete
- ihned použít k přípojení na další počítače s IPSec, které
- podporují autentizaci pomocí certifikátu X509. Nicméně chcete-li
- využít novýchmožností PKI Openswanu >= 1.91, budete k vytovření
- důvěryhodných cest potřebovat všechny certifikáty X509 podepsané
- jedinou certifikační autoritou.
- .
- Jestliže nechcete vytvořit certifikát podepsaný sám sebou, vytvořít
- tento instalátor jen privátní RSA klíč a certifikační požadavek.
- Vy potom musíte podepsat požadavek svojí certifikační autoritou.
-Description-fr.UTF-8: Souhaitez-vous créer un certificat X509 auto-signé ?
- Cet outil d'installation ne peut créer automatiquement qu'un certificat
- X509 auto-signé puisqu'une autorité de certification est indispensable
- pour signer la demande de certificat. Si vous choisissez de créer un
- certificat auto-signé, vous pourrez vous en servir immédiatement pour
- vous connecter aux hôtes qui authentifient les connexions IPSec avec des
- certificats X509. Cependant, si vous souhaitez utiliser les nouvelles
- fonctionnalités PKI de Openswan >= 1.91, vous aurez besoin que tous les
- certificats X509 soient signés par la même autorité de certification
- afin de créer un chemin de confiance.
- .
- Si vous ne voulez pas créer de certificat auto-signé, cet outil
- d'installation ne fera que créer la clé privée RSA et la demande de
- certificat, que vous devrez ensuite signer avec votre autorité de
- certification.
+Description-de.UTF-8: Möchten Sie ein selbstsigniertes X509-Zertifikat erzeugen?
+ Dieser Installer kann nur selbstsignierte X509-Zertifikate automatisch erzeugen, da anderenfalls eine Zertifizierungsstelle benötigt wird, um die Zertifikatsanforderung zu signieren. Falls Sie ein selbstsigniertes Zertifikat erzeugen möchten, können Sie dieses sofort verwenden, um sich mit anderen IPSec-Rechnern zu verbinden, die X509-Zertifikate zur Authentifizierung benutzen. Falls Sie jedoch die neuen PKI-Funktionen von Openswan >= 1.91 verwenden möchten, müssen alle X509-Zertifikate von einer einzigen Zertifizierungsstelle signiert sein, um einen Vertrauenspfad zu erzeugen.
+ .
+ Falls Sie kein selbstsigniertes Zertifikat erstellen möchten, wird dieser Installer nur den privaten Schlüssel und die Zertifikatsanforderung erzeugen. Sie müssen diese Zertifikatsanforderung mit Ihrer Zertifizierungsstelle signieren.
+Description-fi.UTF-8: Luodaanko itseallekirjoitettu X509-varmenne?
+ Tämä asennusohjelma voi automaattisesti luoda vain itseallekirjoitettuja X509-varmenteita, koska muussa tapauksessa varmentajan tulisi allekirjoittaa varmennepyyntö. Nyt voidaan luoda itseallekirjoitettu X509-varmenne, jota voidaan välittömästi käyttää toisiin X509-varmennusta tukeviin IPSec-koneisiin otettavien IPSec-yhteyksien varmentamiseen. Uudempien, Openswanin versiosta 1.91 alkaen mukana olevien PKI-ominaisuuksien käyttö kuitenkin vaatii, että kaikki X509-varmenteet on allekirjoitettu yhden varmentajan toimesta luottamuspolun luomiseksi.
+ .
+ Jos itseallekirjoitettua varmennetta ei haluta, asennusohjelma luo vain salaisen RSA-avaimen ja varmennepyynnön, joka varmentajan tulee allekirjoittaa.
+Description-fr.UTF-8: Souhaitez-vous créer un certificat X509 autosigné ?
+ Cet outil d'installation ne peut créer automatiquement qu'un certificat X509 autosigné puisqu'une autorité de certification est indispensable pour signer la demande de certificat. Si vous choisissez de créer un certificat autosigné, vous pourrez vous en servir immédiatement pour vous connecter aux hôtes qui authentifient les connexions IPSec avec des certificats X509. Cependant, si vous souhaitez utiliser les nouvelles fonctionnalités PKI de Openswan >= 1.91, vous aurez besoin que tous les certificats X509 soient signés par la même autorité de certification afin de créer un chemin de confiance.
+ .
+ Si vous ne voulez pas créer de certificat autosigné, cet outil d'installation ne fera que créer la clé privée RSA et la demande de certificat, que vous devrez ensuite signer avec votre autorité de certification.
+Description-gl.UTF-8: ¿Quere crear un certificado X509 autoasinado?
+ Este instalador só pode crear automaticamente certificados X509 autoasinados, porque se non, é necesario que unha autoridade certificadora asine a solicitude de certificado. Se quere crear un certificado autoasinado, ha poder empregalo inmediatamente para se conectar a outras máquinas IPSec que soporten certificados X509 para a autenticación de conexións IPSec. Nembargantes, se quere empregar as novas características PKI de Openswan >= 1.91, ha ter que ter tódolos certificados X509 asinados por unha soa autoridade certificadora para crear unha ruta de confianza.
+ .
+ Se non quere crear un certificado autoasinado, este instalador só ha crear a clave privada RSA e a solicitude de certificado, e vostede ha ter que facer que a autoridade certificadora asine a solicitude de certificado.
Description-ja.UTF-8: 自己署名 X509 証明書を生成しますか?
- 証明書要求に署名するためには認証局が必要となるので、このインストーラでは自己署名
- X509
- 証明書を自動的に生成する事だけが可能です。自己署名証明書を生成したい場合、これを使用してすぐに
- X509 証明書をサポートしている他の IPSec
- ホストに接続可能です。しかし、Openswan バージョン 1.91
- 以上での新しい PKI 機能を使いたい場合は、trust path
- を生成するために単一の認証局によってすべての X509
- 証明書に署名してもらう必要があります。
- .
- 自己署名証明書を生成したくない場合、このインストーラは
- RSA
- 秘密鍵と証明書要求のみを生成します。そして、認証局に証明書要求へ署名をしてもらう必要があります。
-Description-nl.UTF-8: Wilt u een door uzelf getekend X509-certificaat?
- Deze installatie kan automatisch een door uzelf getekend X509-certificaat
- aanmaken omdat anders een certificaatautoriteit nodig is om de
- certificaataanvraag te tekenen. Als u een door uzelf getekend certificaat
- wilt aanmaken, dan kunt u het onmiddellijk gebruiken om een verbinding te
- leggen met andere IPSec-hosts die X509-certificaten ondersteunen voor
- IPSec-verbindingen. Hoewel, als u de nieuwe PKI-mogelijkheden wilt
- gebruiken of als Openswan >= 1.91, dan zult u alle X509-certificaten
- moeten laten tekenen door één enkele certificaatautoriteit om een
- vertrouwenspad aan te maken.
- .
- Als u geen door uzelf getekend certificaat wilt aanmaken, dan zal deze
- installatie enkel de private RSA-sleutel en de certificaataanvraag
- aanmaken en u zult de certificaataanvraag moeten laten tekenen door uw
- certificaatautoriteit.
-Description-pt_BR.UTF-8: Deseja criar um certificado X509 auto-assinado ?
- Este instalador pode criar automaticamente somente certificados X509
- auto-assinados, devido a uma autoridade certificadora ser necessária para
- assinar a requisição de certificado. Caso você queira criar um
- certificado auto-assinado, você poderá usá-lo imediatamente para
- conexão com outros hosts IPSec que suportem certificados X509 para
- autenticação de conexões IPSec. Porém, caso você queira usar os novos
- recursos PKI do Openswan versão 1.91 ou superior, você precisará
- possuir todos seus certificados X509 assinados por uma única autoridade
- certificadora para criar um caminho de confiança.
- .
- Caso você não queira criar um certificado auto-assinado, este instalador
- irá somente criar a chave privada RSA e a requisição de certificado e
- você terá então que assinar a requisição de certificado junto a sua
- autoridade certificadora.
-Description-vi.UTF-8: Bạn có muốn tạo một chứng nhận X509 tự ký không?
- Trình cài đặt này chỉ có thể tự động tạo chứng nhận
- X509 tự ký, vì nếu không thì một nhà cầm quyền chứng
- nhận (Certificate Authority, CA) phải ký lời yêu cầu chứng
- nhận ấy. Nếu bạn muốn tạo một chứng nhận tự ký, bạn
- có thể sử dụng nó ngay lập tức để kết nối đến máy
- IPSec khác có hỗ trợ sử dụng chứng nhận X509 để xác
- thực sự kết nối IPSec. Tuy nhiên, nếu bạn muốn sử dụng
- những tính năng PKI mới của trình Openswan phiên bản ≥1.91,
- bạn sẽ phải có tất cả những chứng nhận X509 được ký
- bởi một nhà cầm quyền chứng nhận riêng lẻ, để tạo
- một «đường dẫn tin cây» (trust path).
- .
- Nếu bạn không muốn tạo một chứng nhận tự ký, thì trình
- cài đặt này sẽ tạo chỉ khóa RSA riêng và lời yêu cầu
- chứng nhận, và bạn sẽ phải ký lời yêu cầu ấy dùng nhà
- cầm quyền chứng nhận bạn.
+ 証明書要求に署名するためには認証局が必要となるので、このインストーラでは自己署名 X509 証明書を自動的に生成する事だけが可能です。自己署名証明書を生成したい場合、これを使用してすぐに X509 証明書をサポートしている他の IPSec ホストに接続可能です。しかし、Openswan バージョン 1.91 以上での新しい PKI 機能を使いたい場合は、trust path を生成するために単一の認証局によってすべての X509 証明書に署名してもらう必要があります。
+ .
+ 自己署名証明書を生成したくない場合、このインストーラは RSA 秘密鍵と証明書要求のみを生成します。そして、認証局に証明書要求へ署名をしてもらう必要があります。
+Description-ru.UTF-8: Создать самоподписанный сертификат X509?
+ Процесс установки умеет создавать автоматически только самоподписанные сертификаты X509, так как иначе требуется работа центра сертификации для подписи запроса сертификата. Созданный самоподписанный сертификат сразу можно использовать для подключения к другим машинам с IPSec, которые поддерживают сертификаты X509 для аутентификации соединений IPSec. Однако, если вы хотите воспользоваться новыми возможностями PKI из версии Openswan >= 1.91, то все ваши сертификаты X509 должны быть подписаны единым сертификационным центром для создания доверительного пути.
+ .
+ Если вы не хотите создавать самоподписанный сертификат, то процесс установки создаст только секретный ключ RSA и запрос сертификации, и вы сможете провести этот запрос в своём центре сертификации.
+Description-sv.UTF-8: Vill du skapa ett själv-signerat X509-certifikat?
+ Denna installerare kan bara skapa själv-signerade X509-certifikat automatiskt för att annars behövs en certifikatutställare som kan signera certifikatförfrågan. Om du vill skapa ett själv-signerat certifikat kan du använda det omedelbart för att ansluta till andra IPSec-värdar som har stöd för X509-certifikat för autentisering för IPSec-anslutningar. Om du vill använda de nya PKI-funktionerna i Openswan >= 1.91 behöver du ha alla X509-certifikat signerade av en enda certifikatutställare för att skapa en pålitlig väg.
+ .
+ Om du inte vill skapa ett själv-signerat certifikat kommer denna installerare bara att skapa den privata RSA-nyckeln och certifikatförfrågan och du kommer att behöva signera certifikatförfrågan med din certifikatutgivare.
Template: openswan/x509_country_code
Type: string
@@ -706,58 +420,81 @@
.
Example: AT
Description-cs.UTF-8: Zadejte prosím kód země pro X509 certifikační požadavek.
- Zadejte prosím dvoumístný kód vaší země. Tento kód bude umístěn
- do certifikačního požadavku.
+ Zadejte prosím dvoumístný kód vaší země. Tento kód bude umístěn do certifikačního požadavku.
.
- Je opravdu nutné, abyste vložili správný kód země, protože openssl
- jinak odmítne vygenerování certifikátu. Prázdné pole je povolené
- pro všechny ostatní pole certifikátu X509 kromě tohoto.
+ Je opravdu nutné, abyste vložili správný kód země, protože openssl jinak odmítne vygenerování certifikátu. Prázdné pole je povolené pro všechny ostatní pole certifikátu X509 kromě tohoto.
.
Příklad: CZ
+Description-de.UTF-8: Bitte geben Sie den Ländercode für die X509-Zertifikatsanforderung ein.
+ Bitte geben Sie den zweibuchstabigen Ländercode für Ihr Land ein. Dieser Code wird in die Zertifikatsanforderung eingefügt.
+ .
+ Sie müssen wirklich ein gültigen Ländercode hier eingeben, da Openssl es ablehnen wird, ohne diesen ein Zertifikat zu generieren. Ein leeres Feld ist zulässig für jedes andere Feld des X509-Zertifikats, aber nicht für dieses.
+ .
+ Beispiel: DE
+Description-es.UTF-8: Introduzca el código de país para la solicitud del certificado X509.
+ Ingrese las dos letras del código de su país. Este código será incluido en la solicitud del certificado.
+ .
+ Es necesario que aquí ingrese un código correcto del país, ya que openssl rechazará generar certificados sin uno. Se permite un campo vacío en cualquier otro campo del certificado X509, pero en éste no.
+ .
+ Por ejemplo: AT
+Description-fi.UTF-8: Maakoodi X509-varmennepyyntöä varten:
+ Anna kaksikirjaiminen maakoodi. Tämä koodi sisällytetään varmennepyyntöön.
+ .
+ Tähän syötettävän koodin tulee olla käypä, koska openssl ei suostu luomaan varmenteita ilman käypää koodia. X.509-varmenteen muut kentät voivat olla tyhjiä, mutta tämä ei.
+ .
+ Esimerkki: FI
Description-fr.UTF-8: Code du pays :
- Veuillez indiquer le code à deux lettres de votre pays. Ce code sera
- inclus dans la demande de certificat.
+ Veuillez indiquer le code à deux lettres de votre pays. Ce code sera inclus dans la demande de certificat.
.
- Il est impératif de choisir ici un code de pays valide sinon OpenSSL
- refusera de générer les certificats. Tous les autres champs d'un
- certificat X.509 peuvent être vides, sauf celui-ci.
+ Il est impératif de choisir ici un code de pays valide sinon OpenSSL refusera de générer les certificats. Tous les autres champs d'un certificat X.509 peuvent être vides, sauf celui-ci.
.
Exemple : FR
+Description-gl.UTF-8: Introduza o código do país para a solicitude de certificado X509.
+ Introduza o código de dúas letras correspondente ao seu país. Este código ha figurar na solicitude de certificado.
+ .
+ Ten que introducir un código de país válido aquí, porque openssl non ha poder xerar certificados sen un. Admítese un campo baleiro en calquera outro campo do certificado X.509, pero non neste.
+ .
+ Exemplo: ES
Description-ja.UTF-8: X509 証明書要求に記載する国コードを入力してください。
あなたの国の国コードを2文字で入力してください。このコードは証明書要求に記載されます。
.
- openssl
- が国コードなしでは証明書の生成を拒否するので、正しい国コードをここで入力する必要があります。X.509
- 証明書では、他のフィールドについては空でも構いませんが、これについては許可されていません。
+ openssl が国コードなしでは証明書の生成を拒否するので、正しい国コードをここで入力する必要があります。X.509 証明書では、他のフィールドについては空でも構いませんが、これについては許可されていません。
.
例: JP
Description-nl.UTF-8: Geef de landcode van de X509-certificaataanvraag.
- Geef de 2-letterige landcode voor uw land. Deze code zal in de
- certificaataanvraag worden geplaatst.
+ Geef de 2-letterige landcode voor uw land. Deze code zal in de certificaataanvraag worden geplaatst.
.
- U moet hier wel een geldige landcode opgeven omdat openssl anders zal
- weigeren om een certificaat aan te maken. Er is voor elke veld van het
- X509-certificaat een leeg veld toegestaan, maar niet voor dit veld.
+ U moet hier wel een geldige landcode opgeven omdat openssl anders zal weigeren om een certificaat aan te maken. Er is voor elke veld van het X509-certificaat een leeg veld toegestaan, maar niet voor dit veld.
.
Voorbeeld: BE
+Description-pt.UTF-8: Por favor indique o código de país para o pedido de certificado X509.
+ Por favor indique o código de 2 letras para o seu país. Este código será incluído no pedido de certificado.
+ .
+ Terá mesmo que indicar um código válido aqui, pois openssl recusará gerar certificados sem um. Um campo vazio é aceite para os outros campos do certificado X509, mas não para este.
+ .
+ Exemplo: PT
Description-pt_BR.UTF-8: Por favor, informe o código de país para a requisição de certificado X509.
- Por favor, informe o códifo de país de duas letras para seu país. Esse
- código será inserido na requisição de certificado.
+ Por favor, informe o códifo de país de duas letras para seu país. Esse código será inserido na requisição de certificado.
.
- Você realmente precisa informar um código de país válido aqui devido
- ao openssl se recusar a gerar certificados sem um código de país
- válido. Um campo em branco é permitido para qualquer outro campo do
- certificado X.509, mas não para esse campo.
+ Você realmente precisa informar um código de país válido aqui devido ao openssl se recusar a gerar certificados sem um código de país válido. Um campo em branco é permitido para qualquer outro campo do certificado X.509, mas não para esse campo.
.
Exemplo: BR
+Description-ru.UTF-8: Введите код страны для запроса сертификата X509.
+ Введите двухбуквенный код вашей страны. Этот код будет помещён в запрос сертификата.
+ .
+ Здесь нужно ввести правильный код страны, так как openssl откажется генерировать сертификаты в противном случае. Пустое значение разрешено для любого поля сертификата X.509 кроме этого.
+ .
+ Пример: RU
+Description-sv.UTF-8: Ange en landskod för X509-certifikatförfrågan.
+ Ange en landskod med 2 bokstäver för ditt land. Denna kod kommer att placeras i certifikatförfrågan.
+ .
+ Du behöver verkligen ange en giltig landskod här för att openssl kommer att vägra att generera certifikat utan ett. Ett tomt fält är tillåtet för alla andra fält i X509-certifikatet men inte för denna.
+ .
+ Exempel: SE
Description-vi.UTF-8: Hãy nhập mã quốc gia cho lời yêu cầu chứng nhận X509.
- Hãy nhập mã hai chữ cho quốc gia bạn. Sẽ chèn mã này vào
- lời yêu cầu chứng nhận.
+ Hãy nhập mã hai chữ cho quốc gia bạn. Sẽ chèn mã này vào lời yêu cầu chứng nhận.
.
- Bạn thật cần phải nhập một mã quốc gia hợp lệ vào
- đây, vì trình OpenSSL sẽ từ chối tạo ra chứng nhận nào
- khi không có mã ấy. Có thể bỏ rỗng bất cứ trường nào
- khác cho chứng nhận X509, nhưng mà không phải trường này.
+ Bạn thật cần phải nhập một mã quốc gia hợp lệ vào đây, vì trình OpenSSL sẽ từ chối tạo ra chứng nhận nào khi không có mã ấy. Có thể bỏ rỗng bất cứ trường nào khác cho chứng nhận X509, nhưng mà không phải trường này.
.
Lấy thí dụ: VN
@@ -770,34 +507,55 @@
.
Example: Upper Austria
Description-cs.UTF-8: Zadejte prosím jméno státu nebo oblasti pro certifikační požadavek.
- Zadejte prosím celé jméno státu nebo oblasti kde žijete. Toto jméno
- bude umístěno do certifikačního požadavku.
+ Zadejte prosím celé jméno státu nebo oblasti kde žijete. Toto jméno bude umístěno do certifikačního požadavku.
.
Příklad: Morava
+Description-de.UTF-8: Bitte geben Sie den Namen des Bundeslandes oder der Provinz für die X509-Zertifikatsanforderung ein.
+ Bitte geben Sie den vollständigen Namen des Bundeslandes oder der Provinz, in der Sie leben. Dieser Name wird in die Zertifikatsanforderung eingefügt.
+ .
+ Beispiel: Sachsen
+Description-es.UTF-8: Introduzca el nombre del estado o provincia para la solicitud del certificado X509.
+ Introduzca el nombre completo del estado o provincia en donde vive. Este nombre será colocado en la solicitud del certificado.
+ .
+ Por ejemplo: Alta Austria
+Description-fi.UTF-8: Osavaltion, läänin tai maakunnan nimi X509-varmennepyyntöä varten:
+ Anna osavaltion, läänin tai maakunnan koko nimi. Tämä nimi sisällytetään varmennepyyntöön.
+ .
+ Esimerkki: Etelä-Suomen lääni
Description-fr.UTF-8: État, province ou région :
- Veuillez indiquer le nom complet de l'état, de la province ou de la
- région où vous résidez. Ce nom sera inclus dans la demande de
- certificat.
+ Veuillez indiquer le nom complet de l'état, de la province ou de la région où vous résidez. Ce nom sera inclus dans la demande de certificat.
+ .
+ Exemples : Rhône-Alpes, Brabant Wallon, Bouches du Rhône, Québec, Canton de Vaud
+Description-gl.UTF-8: Introduza o nome do estado ou provincia para a solicitude de certificado X509.
+ Introduza o nome completo do estado ou privincia na que vive. Este nome ha figurar na solicitude de certificado.
.
- Exemples : Rhône-Alpes, Brabant, Bouches du Rhône, Québec, Canton de
- Vaud
+ Exemplo: A Coruña
Description-ja.UTF-8: X509 証明書要求に記載する都道府県名を入力してください。
あなたが在住している都道府県を入力してください。これは証明書要求に記載されます。
.
例: Tokyo
Description-nl.UTF-8: Geef de staat of provincie voor de X509-certificaataanvraag.
- Geef de volledige naam van de staat of provincie waarin u woont. Deze naam
- zal in de certificaataanvraag worden geplaatst.
+ Geef de volledige naam van de staat of provincie waarin u woont. Deze naam zal in de certificaataanvraag worden geplaatst.
.
Voorbeeld: Limburg
+Description-pt.UTF-8: Por favor indique o estado ou província para o pedido de certificado X509.
+ Por favor, indique o nome completo estado ou província onde vive. Este nome será colocado no pedido de certificado.
+ .
+ Exemplo: Distrito de Aveiro
Description-pt_BR.UTF-8: Por favor, informe o estado ou nome de província para a requisição de certificado X509.
- Por favor, informe o nome complete do estado ou província em que você
- mora. Esse nome será inserido na requisição de certificado.
+ Por favor, informe o nome complete do estado ou província em que você mora. Esse nome será inserido na requisição de certificado.
.
Exemplo : Sao Paulo
+Description-ru.UTF-8: Введите название области или округа для запроса сертификата X509.
+ Укажите полное название области или округа, в котором живёте. Оно будет помещено в запрос сертификата.
+ .
+ Пример: Moscow region
+Description-sv.UTF-8: Ange namnet på regionen eller länet för X509-certifikatförfrågan.
+ Ange det fulla namnet på regionen eller länet du bor i. Detta namn kommer att placeras i certifikatförfrågan.
+ .
+ Exempel: Centrala Sverige
Description-vi.UTF-8: Hãy nhập tên bảng hay tỉnh cho lời yêu cầu chứng nhận X509.
- Hãy nhập tên đầy đủ của bang hay tỉnh nơi bạn ở. Sẽ
- chèn tên này vào lời yêu cầu chứng nhận.
+ Hãy nhập tên đầy đủ của bang hay tỉnh nơi bạn ở. Sẽ chèn tên này vào lời yêu cầu chứng nhận.
.
Lấy thí dụ: Bình Định
@@ -810,33 +568,55 @@
.
Example: Vienna
Description-cs.UTF-8: Zadejte prosím jméno lokality pro certifikační požadavek.
- Zadejte prosím lokalitu (např. město) kde žijete. Toto jméno bude
- umístěno do certifikačního požadavku.
+ Zadejte prosím lokalitu (např. město) kde žijete. Toto jméno bude umístěno do certifikačního požadavku.
.
Příklad: Brno
+Description-de.UTF-8: Bitte geben Sie den Namen der Ortschaft für die X509-Zertifikatsanforderung ein.
+ Bitte geben Sie die Ortschaft ein, in der Sie leben. Dieser Name wird in die Zertifikatsanforderung eingefügt.
+ .
+ Beispiel: Dresden
+Description-es.UTF-8: Ingrese el nombre de la localidad para la solicitud del certificado X509.
+ Ingrese la localidad (p. ej. la ciudad) donde vive. Este nombre será colocado en la solicitud del certificado.
+ .
+ Por ejemplo: Vienna
+Description-fi.UTF-8: Paikkakunnan nimi X509-varmennepyyntöä varten:
+ Anna paikkakunta. Tämä nimi sisällytetään varmennepyyntöön.
+ .
+ Esimerkki: Helsinki
Description-fr.UTF-8: Localité :
- Veuillez indiquer la localité (p. ex. la ville) où vous résidez. Ce
- nom sera inclus dans la demande de certificat.
+ Veuillez indiquer la localité (p. ex. la ville) où vous résidez. Ce nom sera inclus dans la demande de certificat.
.
Exemple : Saint-Étienne
+Description-gl.UTF-8: Introduza o nome da localidade para a solicitude de certificado X509.
+ Introduza a localidade na que vive. Este nome ha figurar na solicitude de certificado.
+ .
+ Exemplo: Santiago
Description-ja.UTF-8: X509 証明書要求に記載する土地の名前を入力してください。
- あなたの在住している地方の名前 (例: 市町村名)
- を入力してください。これは証明書要求に記載されます。
+ あなたの在住している地方の名前 (例: 市町村名) を入力してください。これは証明書要求に記載されます。
.
例: Shinjuku-ku
Description-nl.UTF-8: Geef de plaatsnaam voor de X509-certificaataanvraag.
- Geef de plaatsnaam (v.b. stad) waar u woont. Deze naam zal in de
- certificaataanvraag worden geplaatst.
+ Geef de plaatsnaam (v.b. stad) waar u woont. Deze naam zal in de certificaataanvraag worden geplaatst.
.
- Voorbeeld: Genk
+ Voorbeeld: Brussel
+Description-pt.UTF-8: Por favor, indique a localidade para o pedido do certificado X509.
+ Por favor indique a localidade onde vive. Este nome será colocado no pedido de certificado.
+ .
+ Exemplo: Aveiro
Description-pt_BR.UTF-8: Por favor, informe o nome da localidade para a requisição de certificado X509.
- Por favor, informe a localidade (ou seja, cidade) onde você mora. Esse
- nome será inserido na requisição de certificado.
+ Por favor, informe a localidade (ou seja, cidade) onde você mora. Esse nome será inserido na requisição de certificado.
.
Exemplo : Sao Paulo
+Description-ru.UTF-8: Введите название места для запроса сертификата X509.
+ Укажите название места (например, город), где живёте. Оно будет помещено в запрос сертификата.
+ .
+ Пример: Sergiev Posad
+Description-sv.UTF-8: Ange platsen för X509-certifikatförfrågan.
+ Ange platsen (exempelvis stad) där du bor. Detta namn kommer att placeras i certifikatförfrågan.
+ .
+ Exempel: Stockholm
Description-vi.UTF-8: Hãy nhập tên địa phương cho lời yêu cầu chứng nhận X509.
- Hãy nhập địa phương (v.d. thành phố) nơi bạn ở. Sẽ chèn
- tên này vào lời yêu cầu chứng nhận.
+ Hãy nhập địa phương (v.d. thành phố) nơi bạn ở. Sẽ chèn tên này vào lời yêu cầu chứng nhận.
.
Lấy thí dụ: Quy Nhơn
@@ -850,34 +630,55 @@
.
Example: Debian
Description-cs.UTF-8: Zadejte prosím název organizace pro certifikační požadavek.
- Zadejte prosím organizaci pro kterou je certifikát vytvářen. Toto
- jméno bude umístěno do certifikačního požadavku.
+ Zadejte prosím organizaci pro kterou je certifikát vytvářen. Toto jméno bude umístěno do certifikačního požadavku.
.
Příklad: Debian
+Description-de.UTF-8: Bitte geben Sie den Namen der Organisation für die X509-Zertifikatsanforderung ein.
+ Bitte geben Sie die Organisation (im allgemeinen Firma) ein, für die das X509-Zertifikat ausgestellt werden soll. Dieser Name wird in die Zertifikatsanforderung eingefügt.
+ .
+ Beispiel: Debian
+Description-es.UTF-8: Ingrese el nombre de la organización para la solicitud del certificado X509.
+ Por favor, indique la organización (p. ej. la compañía) para la cual será creado el certificado X509. Este nombre será colocado en la solicitud del certificado.
+ .
+ Por ejemplo: Debian
+Description-fi.UTF-8: Järjestön nimi X509-varmennepyyntöä varten:
+ Anna järjestö tai yhtiö, jota varten X509-varmenne luodaan. Tämä nimi sisällytetään varmennepyyntöön.
+ .
+ Esimerkki: Debian
Description-fr.UTF-8: Organisme :
- Veuillez indiquer l'organisme (p. ex. l'entreprise) pour qui sera créé
- le certificat X509. Ce nom sera inclus dans la demande de certificat.
+ Veuillez indiquer l'organisme (p. ex. l'entreprise) pour qui sera créé le certificat X509. Ce nom sera inclus dans la demande de certificat.
.
Exemple : Debian
+Description-gl.UTF-8: Introduza o nome da organización para a solicitude de certificado X509.
+ Introduza a organización (p.ex. empresa) para a que se ha crear o certificado X509. Este nome ha figurar na solicitude de certificado.
+ .
+ Exemplo: Debian
Description-ja.UTF-8: X509 証明書要求に記載する組織名を入力してください。
- X509 証明書の生成対象となるべき組織 (例: 会社)
- を入力してください。これは証明書要求に記載されます。
+ X509 証明書の生成対象となるべき組織 (例: 会社) を入力してください。これは証明書要求に記載されます。
.
例: Debian
Description-nl.UTF-8: Geef de naam van de organisatie voor de X509-certificaataanvraag.
- Geef de organisatie (v.b. bedrijf) waarvoor het X509-certificaat wordt
- aangemaakt. Deze naam zal in de certicicaataanvraag worden geplaatst.
+ Geef de organisatie (v.b. bedrijf) waarvoor het X509-certificaat wordt aangemaakt. Deze naam zal in de certicicaataanvraag worden geplaatst.
.
Voorbeeld: Debian
+Description-pt.UTF-8: Por favor, indique o nome da organização para o pedido de certificado X509.
+ Por favor indique a organização para a qual será criado o certificado X509. Este nome ser+a incluído no pedido de certificado.
+ .
+ Exemplo: Debian
Description-pt_BR.UTF-8: Por favor, informe o nome da organização para a requisição de certificado X509.
- Por favor, informe a organização (ou seja, a empresa) para a qual este
- certificado X509 deverá ser criado. Esse nome será inserido na
- requisição de certificado.
+ Por favor, informe a organização (ou seja, a empresa) para a qual este certificado X509 deverá ser criado. Esse nome será inserido na requisição de certificado.
.
Exemplo : Debian
+Description-ru.UTF-8: Введите название организации для запроса сертификата X509.
+ Укажите название организации (например, компании), для которой нужно создать сертификат X509. Оно будет помещено в запрос сертификата.
+ .
+ Пример: Debian
+Description-sv.UTF-8: Ange organisationsnamnet för X509-certifikatförfrågan.
+ Ange organisationen (exempelvis företaget) som X509-certifikatet ska skapas för. Detta namn kommer att placeras i certifikatförfrågan.
+ .
+ Exempel: Debian
Description-vi.UTF-8: Hãy nhập tên tổ chức cho lời yêu cầu chứng nhận X509.
- Hãy nhập tổ chức (v.d. công ty) cho mà chứng nhận X509 nên
- được tạo. Sẽ chèn tên này vào lời yêu cầu chứng nhận.
+ Hãy nhập tổ chức (v.d. công ty) cho mà chứng nhận X509 nên được tạo. Sẽ chèn tên này vào lời yêu cầu chứng nhận.
.
Lấy thí dụ: Debian
@@ -891,37 +692,55 @@
.
Example: security group
Description-cs.UTF-8: Zadejte prosím název organizační jednotky pro certifikační požadavek.
- Zadejte prosím organizační jednotku pro kterou je certifikát
- vytvářen. Toto jméno bude umístěno do certifikačního požadavku.
+ Zadejte prosím organizační jednotku pro kterou je certifikát vytvářen. Toto jméno bude umístěno do certifikačního požadavku.
.
Příklad: bezpečnostní oddělení
+Description-de.UTF-8: Bitte geben Sie die Organisationseinheit für die X509-Zertifikatsanforderung ein.
+ Bitte geben Sie die Organisationseinheit (im allgemeinen Abteilung) ein, für die das X509-Zertifikat ausgestellt werden soll. Dieser Name wird in die Zertifikatsanforderung eingefügt.
+ .
+ Beispiel: Sicherheitsgruppe
+Description-es.UTF-8: Indique la unidad organizacional para la solicitud del certificado X509.
+ Ingrese la unidad organizacional (p. ej. el área) para el cual será creado el certificado X509. Este nombre será colocado en la solicitud del certificado.
+ .
+ Por ejemplo: grupo de seguridad
+Description-fi.UTF-8: Järjestön yksikön nimi X509-varmennepyyntöä varten:
+ Anna yksikkö (tai osasto), jota varten X509-varmenne luodaan. Tämä nimi sisällytetään varmennepyyntöön.
+ .
+ Esimerkki: tietoturvaryhmä
Description-fr.UTF-8: Unité d'organisation :
- Veuillez indiquer l'unité d'organisation (p. ex. département, division,
- etc.) pour qui sera créé le certificat X509. Ce nom sera inclus dans la
- demande de certificat.
+ Veuillez indiquer l'unité d'organisation (p. ex. département, division, etc.) pour qui sera créé le certificat X509. Ce nom sera inclus dans la demande de certificat.
.
Exemple : Département Réseaux et Informatique Scientifique
+Description-gl.UTF-8: Introduza a unidade organizativa para a solicitude de certificado X509.
+ Introduza a unidade organizativa (p.ex. sección) para a que se ha crear o certificado X509. Este nome ha figurar na solicitude de certificado.
+ .
+ Exemplo: grupo de seguridade
Description-ja.UTF-8: X509 証明書要求に記載する組織単位を入力してください。
- X509 証明書の生成対象となるべき組織単位 (例: 部署名)
- を入力してください。これは証明書要求に記載されます。
+ X509 証明書の生成対象となるべき組織単位 (例: 部署名) を入力してください。これは証明書要求に記載されます。
.
例: security group
Description-nl.UTF-8: Geef de organisatie-eenheid voor de X509-certificaataanvraag.
- Geef de organisatie-eenheid (v.b. dienst) waarvoor het X509-certificaat
- wordt aangemaakt. Deze naam zal in de certificaataanvraag worden
- geplaatst.
+ Geef de organisatie-eenheid (v.b. dienst) waarvoor het X509-certificaat wordt aangemaakt. Deze naam zal in de certificaataanvraag worden geplaatst.
.
Voorbeeld: dienst veiligheid
+Description-pt.UTF-8: Por favor indique a unidade organizacional para o pedido de certificado X509.
+ Por favor indique a unidade organizacional (e.g. secção) para a qual será criado o certificado. Este nome será colocado no pedido de certificado.
+ .
+ Exemplo: grupo de segurança
Description-pt_BR.UTF-8: Por favor, informe a unidade organizacional para a requisição de certificado X509.
- Por favor, informe a unidade organizacional (ou seja, seção ou
- departamento) para a qual este certificado deverá ser criado. Esse nome
- será inserido na requisição de certificado.
+ Por favor, informe a unidade organizacional (ou seja, seção ou departamento) para a qual este certificado deverá ser criado. Esse nome será inserido na requisição de certificado.
.
Exemplo : Grupo de Segurança
+Description-ru.UTF-8: Введите название структурной единицы организации для запроса сертификата X509.
+ Укажите название структурной единицы организации (например, подразделения), для которой нужно создать сертификат X509. Оно будет помещено в запрос сертификата.
+ .
+ Пример: security group
+Description-sv.UTF-8: Ange organisationsenheten för X509-certifikatförfrågan.
+ Ange organisationsenheten (exempelvis avdelning) som X509-certifikatet ska skapas för. Detta namn kommer att placeras i certifikatförfrågan.
+ .
+ Exempel: säkerhetsgruppen
Description-vi.UTF-8: Hãy nhập tên đơn vị tổ chức cho lời yêu cầu chứng nhận X509.
- Hãy nhập đơn vị tổ chức (v.d. phần) cho mà chứng nhận
- X509 nên được tạo. Sẽ chèn tên này vào lời yêu cầu
- chứng nhận.
+ Hãy nhập đơn vị tổ chức (v.d. phần) cho mà chứng nhận X509 nên được tạo. Sẽ chèn tên này vào lời yêu cầu chứng nhận.
.
Lấy thí dụ: nhóm Việt hóa
@@ -935,38 +754,55 @@
.
Example: gateway.debian.org
Description-cs.UTF-8: Zadejte prosím obvyklé jméno pro certifikační požadavek.
- Zadejte prosím běžné jméno (např. jméno počítače - hostname) pro
- kterou je certifikát vytvářen. Toto jméno bude umístěno do
- certifikačního požadavku.
+ Zadejte prosím běžné jméno (např. jméno počítače - hostname) pro kterou je certifikát vytvářen. Toto jméno bude umístěno do certifikačního požadavku.
.
Příklad: gateway.debian.org
-Description-fr.UTF-8: Nom ordinaire (« common name ») :
- Veuillez indiquer le nom ordinaire (p. ex. le nom réseau de cette
- machine) pour qui sera créé le certificat X509. Ce nom sera inclus dans
- la demande de certificat.
+Description-de.UTF-8: Bitte geben Sie den allgemeinen Namen für die X509-Zertifikatsanforderung ein.
+ Bitte geben Sie den allgemeinen Namen (engl.: common name, im allgemeinen der Hostname dieses Rechners) ein, für den das X509-Zertifikat ausgestellt werden soll. Dieser Name wird in die Zertifikatsanforderung eingefügt.
+ .
+ Beispiel: gateway.debian.org
+Description-es.UTF-8: Ingrese el nombre común para el certificado X509 solicitado.
+ Ingrese el nombre común (p. ej. nombre de este equipo) para el cual será creado el certificado X509. Este nombre estará incluido en la solicitud del certificado.
+ .
+ Por ejemplo: gateway.debian.org
+Description-fi.UTF-8: Yleinen nimi X509-varmennepyyntöä varten:
+ Anna yleinen nimi (eli tämän koneen verkkonimi), jota varten X509-varmenne luodaan. Tämä nimi sisällytetään varmennepyyntöön.
+ .
+ Esimerkki: gateway.debian.org
+Description-fr.UTF-8: Nom ordinaire :
+ Veuillez indiquer le nom ordinaire (p. ex. le nom réseau de cette machine) pour qui sera créé le certificat X509. Ce nom sera inclus dans la demande de certificat.
.
Exemple : gateway.debian.org
+Description-gl.UTF-8: Introduza o nome común para a solicitude de certificado X509.
+ Introduza o nome común (p.ex. o nome desta máquina) para o que se ha crear o certificado X509. Este nome ha figurar na solicitude de certificado.
+ .
+ Exemplo: gateway.debian.org
Description-ja.UTF-8: X509 証明書要求に記載するコモンネームを入力してください。
- X509 証明書の生成対象となるべきコモンネーム (例:
- このマシンのホスト名)
- を入力してください。これは証明書要求に記載されます。
+ X509 証明書の生成対象となるべきコモンネーム (例: このマシンのホスト名) を入力してください。これは証明書要求に記載されます。
.
例: gateway.debian.org
Description-nl.UTF-8: Geef de naam voor de X509-certificaataanvraag.
- Geef de naam (v.b. computernaam van deze machine) waarvoor het
- X509-certificaat wordt aangemaakt. Deze naam zal in de certificaataanvraag
- worden geplaatst.
+ Geef de naam (v.b. computernaam van deze machine) waarvoor het X509-certificaat wordt aangemaakt. Deze naam zal in de certificaataanvraag worden geplaatst.
.
Voorbeeld: gateway.debian.org
+Description-pt.UTF-8: Por favor indique o nome comum para o pedido de certificado X509.
+ Por favor indique o nome comum (e.g. nome da máquina) para o qual será criado o certificado X509. Este nome será incluído no pedido de certificado.
+ .
+ Exemplo: gateway.debian.org
Description-pt_BR.UTF-8: Por favor, informe o nome comum para a requisição de certificado X509.
- Por favor, informe o nome comum (ou seja, o nome do host dessa máquina)
- para o qual o certificado X509 deverá ser criado. Esse nome será
- inserido na requisição de certificado.
+ Por favor, informe o nome comum (ou seja, o nome do host dessa máquina) para o qual o certificado X509 deverá ser criado. Esse nome será inserido na requisição de certificado.
.
Exemplo : gateway.debian.org
+Description-ru.UTF-8: Введите общеизвестное название для запроса сертификата X509.
+ Укажите общеизвестное название (например, имя данного компьютера), для которого нужно создать сертификат X509. Оно будет помещено в запрос сертификата.
+ .
+ Пример: gateway.debian.org
+Description-sv.UTF-8: Ange namnet för X509-certifikatförfrågan.
+ Ange namnet (exempelvis värdnamnet för denna maskin) för vilken X509-certifikatet ska skapas för. Detta namn kommer att placeras i certifikatförfrågan.
+ .
+ Exempel: gateway.debian.org
Description-vi.UTF-8: Hãy nhập tên chung cho lời yêu cầu chứng nhận X509.
- Hãy nhập tên chung (v.d. tên máy) cho mà chứng nhận X509 nên
- được tạo. Sẽ chèn tên này vào lời yêu cầu chứng nhận.
+ Hãy nhập tên chung (v.d. tên máy) cho mà chứng nhận X509 nên được tạo. Sẽ chèn tên này vào lời yêu cầu chứng nhận.
.
Lấy thí cụ: gateway.debian.org
@@ -978,28 +814,31 @@
responsible for the X509 certificate, This address will be placed in the
certificate request.
Description-cs.UTF-8: Zadejte prosím emailovou adresu pro certifikační požadavek.
- Zadejte prosím emailovou adresu osoby nebo organizace, která je
- zodpovědná za certifikát X509. Toto jméno bude umístěno do
- certifikačního požadavku.
+ Zadejte prosím emailovou adresu osoby nebo organizace, která je zodpovědná za certifikát X509. Toto jméno bude umístěno do certifikačního požadavku.
+Description-de.UTF-8: Bitte geben Sie die Email-Adresse für die X509-Zertifikatsanforderung ein.
+ Bitte geben Sie die Email-Adresse der Person oder Organisation ein, die für das X509-Zertifikat verantwortlich ist. Diese Adresse wird in die Zertifikatsanforderung eingefügt.
+Description-es.UTF-8: Ingrese la dirección de correo electrónico para la solicitud del certificado X509.
+ Indique la dirección de correo electrónico de la persona u organización quien es responsable del certificado X509, esta dirección estará incluida en la solicitud del certificado.
+Description-fi.UTF-8: Sähköpostiosoite X509-varmennepyyntöä varten:
+ Anna X509-varmenteesta vastaavan henkilön tai järjestön sähköpostiosoite. Tämä osoite sisällytetään varmennepyyntöön.
Description-fr.UTF-8: Adresse électronique :
- Veuillez indiquer l'adresse électronique de la personne ou de l'organisme
- responsable du certificat X509. Cette adresse sera incluse dans la demande
- de certificat.
+ Veuillez indiquer l'adresse électronique de la personne ou de l'organisme responsable du certificat X509. Cette adresse sera incluse dans la demande de certificat.
+Description-gl.UTF-8: Introduza o enderezo de email para a solicitude de certificado X509.
+ Introduza o enderezo de email da persoa ou organización responsable do certificado X509. Este enderezo ha figurar na solicitude de certificado.
Description-ja.UTF-8: X509 証明書要求に記載するメールアドレスを入力してください。
- X509
- 証明書の責任者となる人物・団体のメールアドレスを入力してください。このアドレスは証明書要求に記載されます。
+ X509 証明書の責任者となる人物・団体のメールアドレスを入力してください。このアドレスは証明書要求に記載されます。
Description-nl.UTF-8: Geef het e-mailadres voor de X509-certificaataanvraag.
- Geef het e-mailadres van de persoon of organisatie die verantwoordelijk is
- voor het X509-certificaat. Dit adres zal in de certificaataanvraag worden
- geplaatst.
+ Geef het e-mailadres van de persoon of organisatie die verantwoordelijk is voor het X509-certificaat. Dit adres zal in de certificaataanvraag worden geplaatst.
+Description-pt.UTF-8: Por favor indique o endereço de email para o pedido de certificado X509.
+ Por favor indique o endereço de email da pessoa ou organização que será responsável pelo certificado X509. Este endereço será colocado no pedido de certificado.
Description-pt_BR.UTF-8: Por favor, informe o endereço de e-mail para a requisição de certificado X509.
- Por favor, informe o endereço de e-mail da pessoa ou organização
- responsável pelo certificado X509. Esse endereço será inserido na
- requisição de certificado.
+ Por favor, informe o endereço de e-mail da pessoa ou organização responsável pelo certificado X509. Esse endereço será inserido na requisição de certificado.
+Description-ru.UTF-8: Введите адрес электронной почты для запроса сертификата X509.
+ Укажите адрес электронной почты человека или организации, которой выдаётся сертификат X509. Этот адрес будет помещён в запрос сертификата.
+Description-sv.UTF-8: Ange e-postaddressen för X509-certifikatförfrågan.
+ Ange e-postaddressen till den person eller organisation som ansvarar för X509-certifikatet. Denna address kommer att placeras i certifikatförfrågan.
Description-vi.UTF-8: Hãy nhập địa chỉ thư điện tử chung cho lời yêu cầu chứng nhận X509.
- Hãy nhập địa chỉ thư điện tử của người hay tổ chức
- chịu trách nhiệm về chứng nhận X509 này. Sẽ chèn địa
- chỉ này vào lời yêu cầu chứng nhận.
+ Hãy nhập địa chỉ thư điện tử của người hay tổ chức chịu trách nhiệm về chứng nhận X509 này. Sẽ chèn địa chỉ này vào lời yêu cầu chứng nhận.
Template: openswan/enable-oe
Type: boolean
@@ -1010,61 +849,57 @@
secure) DNS records. Until this is widely deployed, activating it will
cause a significant slow-down for every new, outgoing connection. Since
version 2.0, Openswan upstream comes with OE enabled by default and is thus
- likely to break you existing connection to the Internet (i.e. your default
+ likely to break your existing connection to the Internet (i.e. your default
route) as soon as pluto (the Openswan keying daemon) is started.
.
Please choose whether you want to enable support for OE. If unsure, do not
enable it.
Description-cs.UTF-8: Chcete povolit opportunistic encryption ve Openswan?
- Openswan přichází s podporou pro opportunistic·encryption·(OE),
- která uchováváautentizační informace IPSec (např. veřejné RSA
- klíče) v (nejlépe zabezpečených)DNS záznamech. Dokud nebude tato
- schopnost více rozšířena, způsobí její aktivacevyrazné zpomalení
- s každým novým odchozím spojením. Od verze 2.0 přicházíOpenswan s
- implicitně zapnutou podporou OE čímž pravděpodobně zruší
- vašeprobíhající připojení k Internetu (např. vaši impicitní cestu
- - default route) jakmileje pluto (Openswan keying démon) spuštěno.
- .
- Prosím vyberte si zda chcete povolit podporu pro OE. Nejste-li si jisti,
- podporu nepovolujte.
-Description-fr.UTF-8: Souhaitez-vous activer le chiffrement opportuniste dansOpenswan ?
- Openswan gère le chiffrement opportuniste (« opportunistic
- encryption » : OE) qui permet de conserver les informations
- d'authentification IPSec (c'est-à-dire les clés publiques RSA) dans des
- enregistrements DNS, de préférence sécurisés. Tant que cette
- fonctionnalité ne sera pas déployée largement, son activation
- provoquera un ralentissement significatif pour toute nouvelle connexion
- sortante. À partir de la version 2.0, cette fonctionnalité est activée
- par défaut dans Openswan, ce qui peut interrompre le fonctionnement de
- votre connexion à l'Internet (c'est-à-dire votre route par défaut) dès
- le démarrage de pluto, le démon de gestion de clés d'Openswan.
- .
- Veuillez choisir si vous souhaitez activer la gestion du chiffrement
- opportuniste. Ne l'activez pas si vous n'êtes pas certain d'en avoir
- besoin.
+ Openswan přichází s podporou pro opportunistic·encryption·(OE), která uchováváautentizační informace IPSec (např. veřejné RSA klíče) v (nejlépe zabezpečených)DNS záznamech. Dokud nebude tato schopnost více rozšířena, způsobí její aktivacevyrazné zpomalení s každým novým odchozím spojením. Od verze 2.0 přicházíOpenswan s implicitně zapnutou podporou OE čímž pravděpodobně zruší vašeprobíhající připojení k Internetu (např. vaši impicitní cestu - default route) jakmileje pluto (Openswan keying démon) spuštěno.
+ .
+ Prosím vyberte si zda chcete povolit podporu pro OE. Nejste-li si jisti, podporu nepovolujte.
+Description-de.UTF-8: Möchten Sie opportunistische Verschlüsselung in Openswan aktivieren?
+ Openswan bringt die Unterstützung für opportunistische Verschlüsselung (engl.: opportunistic encryption, OE) mit, welche IPSec-Authentifizierungs-Informationen (zum Beispiel öffentliche RSA-Schlüssel) in (vorzugsweise sicheren) DNS-Einträgen speichert. Bis dies weitläufig eingesetzt wird, wird die Aktivierung eine signifikante Verlangsamung für jede neue ausgehende Verbindung verursachen. Seit Version 2.0 kommt Openswan mit aktivierter OE in der Voreinstellung und wird damit wahrscheinlich Ihre existierende Verbindung zum Internet unterbrechen, sobald Pluto (der Openswan-Schlüssel-Daemon) gestartet ist.
+ .
+ Bitte wählen Sie, ob Sie die Unterstützung für OE aktivieren möchten. Falls Sie sich nicht sicher sind, aktivieren Sie sie nicht.
+Description-es.UTF-8: ¿Desea activar el «cifrado oportunista» en Openswan?
+ Openswan viene con soporte para «cifrado oportunista» (OE), que almacena información de autenticaciones IPSec (p. ej. llaves públicas RSA) en registros DNS (preferencialmente seguros). Hasta que esté implementado extensamente, activarlo causará un significativo retardo en cada conexión nueva que venga de afuera. A partir de la versión 2.0, Openswan viene con OE activado de forma predeterminada y por lo tanto es probable que estropee su conexión a internet (p. ej. su encaminador por omisión) en cuanto pluto (el demonio de Openswan) se inicie.
+ .
+ Escoja si desea habilitar el soporte para OE. Si está en duda, no lo habilite.
+Description-fi.UTF-8: Käytetäänkö Openswanin kanssa opportunistista salausta?
+ Openswan tukee opportunistista salausta (Opportunistic Encryption, OE), joka tallentaa IPSec-todennustiedot (eli julkiset RSA-avaimet) DNS-tietoihin. Ennen kuin tämä on laajalti käytössä, jokainen uusi ulospäin suuntautuva yhteys hidastuu huomattavasti. Versiosta Openswan 2.0 alkaen OE on käytössä oletuksena ja siten todennäköisesti rikkoo olemassa olevan Internet-yhteyden (oletusreitin) heti, kun pluto (Openswanin avaintaustaohjelma) käynnistetään.
+ .
+ Valitse tulisiko OE-tuki ottaa käyttöön. Jos olet epävarma, älä valitse tätä.
+Description-fr.UTF-8: Souhaitez-vous activer le chiffrement opportuniste dans Openswan ?
+ Openswan gère le chiffrement opportuniste (« opportunistic encryption » : OE) qui permet de conserver les informations d'authentification IPSec (c'est-à-dire les clés publiques RSA) dans des enregistrements DNS, de préférence sécurisés. Tant que cette fonctionnalité ne sera pas déployée largement, son activation provoquera un ralentissement significatif pour toute nouvelle connexion sortante. À partir de la version 2.0, cette fonctionnalité est activée par défaut dans Openswan, ce qui peut interrompre le fonctionnement de votre connexion à l'Internet (c'est-à-dire votre route par défaut) dès le démarrage de pluto, le démon de gestion de clés d'Openswan.
+ .
+ Veuillez choisir si vous souhaitez activer la gestion du chiffrement opportuniste. Ne l'activez pas si vous n'êtes pas certain d'en avoir besoin.
+Description-gl.UTF-8: ¿Quere activar o cifrado oportunista en Openswan?
+ Openswan ten soporte de cifrado oportunista (OE), que armacena a información de autenticación de IPSec (é dicir, as claves públicas RSA) en rexistros DNS (preferiblemente seguros). Ata que isto sexa habitual, activalo ha causar unha ralentización nas conexións novas saíntes. A partires da versión 2.0, Openswan ten OE activado por defecto e, polo tanto, é probable que rompa a súa conexión existente a Internet (é dicir, a ruta por defecto) no momento en que se inicie pluto (o servizo de claves de Openswan).
+ .
+ Indique se quere activar o soporte de OE. Se non está seguro, non o active.
+Description-ja.UTF-8: Openswan で opportunistic encryption を有効にしますか?
+ Openswan は、IPSec 認証情報 (例: RSA 公開鍵) を (願わくはセキュアな) DNS レコード内に保存する opportunistic encryption (OE) をサポートしています。これは広く利用されるようになるまで、有効にすると外部への新規接続は全て格段に遅くなります。バージョン 2.0 より Openswan の開発元はデフォルトで OE を有効にしており、したがって pluto (Openswan 鍵署名デーモン) が開始するとすぐ、既に存在しているインターネットへの接続 (つまりデフォルトルート) が中断されるかもしれません。
+ .
+ OE のサポートを有効にするかどうかを選んでください。よくわからない場合は、有効にはしないでください。
Description-nl.UTF-8: Wilt u opportunistische encryptie aanschakelen in Openswan?
- Openswan heeft ondersteuning voor opportunistische encryptie (OE) die
- IPSec-authenticatie-informatie (v.b. publieke RSA-sleutels) bewaart in
- (liefst veilige) DNS-records. Totdat dit veelvuldig wordt toegepast zal
- dit activeren, een significante vertraging veroorzaken voor elke nieuwe
- uitgaande verbinding. Omdat versie 2.0 van Openswan standaard OE heeft
- aangeschakeld, wordt dus waarschijnlijk uw bestaande verbinding met het
- Internet (v.b. uw standaard route) verbroken vanaf dat pluto (de
- Openswan-sleutelringachtergronddienst) wordt gestart.
+ Openswan heeft ondersteuning voor opportunistische encryptie (OE) die IPSec-authentificatie-informatie (v.b. publieke RSA-sleutels) bewaart in (liefst veilige) DNS-records. Totdat dit veelvuldig wordt toegepast, zal dit bij activeren een significante vertraging veroorzaken voor elke nieuwe uitgaande verbinding. Omdat versie 2.0 van Openswan standaard OE heeft aangeschakeld, wordt dus waarschijnlijk uw bestaande verbinding met het Internet (v.b. uw standaard route) verbroken vanaf dat pluto (de Openswan-sleutelringachtergronddienst) wordt gestart.
+ .
+ Kiest of u OE-ondersteuning wilt aanschakelen. Indien onzeker, schakel het dan niet aan.
+Description-pt.UTF-8: Quer activar a encriptação oportunista no Openswan?
+ O Openswan tem suporte para encriptação oportunista (OE), que armazena a informação de autenticação IPSec (i.e. chaves públicas RSA) em registos DNS (preferencialmente seguros). Enquanto isto não é largamente implementado, a sua activação atrasará significativamente qualquer nova ligação para fora. Desde a versão 2.0, o Openswan genérico vem com OE activada por omissão e é portanto provável que prejudique a sua ligação à Internet (i.e. a sua rota por omissão) assim que pluto (o deamon do Openswan) for iniciado.
.
- Kiest of u OE-ondersteuning wilt aanschakelen. Indien onzeker, schakel het
- dan niet aan.
+ Por favor, escolha se que activar ou não o suporte para OE. Na dúvida, não o active.
Description-pt_BR.UTF-8: Você deseja habilitar a encriptação oportunística no Openswan ?
- O Openswan suporta encriptação oportunística (OE), a qual armazena
- informações de autenticação IPSec (por exemplo, chaves públicas RSA)
- em registros DNS (preferivelmente seguros). Até que esse suporte esteja
- largamento sendo utilizado, ativá-lo irá causar uma signficante
- lentidão para cada nova conexão de saída. Iniciando a partir da versão
- 2.0, o Openswan, da forma como é distribuído pelos desenvolvedores
- oficiais, é fornecido com o suporte a OE habilitado por padrão e,
- portanto, provavelmente irá quebrar suas conexões existentes com a
- Internet (por exemplo, sua rota padrão) tão logo o pluto (o daemon de
- troca de chaves do Openswan) seja iniciado.
+ O Openswan suporta encriptação oportunística (OE), a qual armazena informações de autenticação IPSec (por exemplo, chaves públicas RSA) em registros DNS (preferivelmente seguros). Até que esse suporte esteja largamento sendo utilizado, ativá-lo irá causar uma signficante lentidão para cada nova conexão de saída. Iniciando a partir da versão 2.0, o Openswan, da forma como é distribuído pelos desenvolvedores oficiais, é fornecido com o suporte a OE habilitado por padrão e, portanto, provavelmente irá quebrar suas conexões existentes com a Internet (por exemplo, sua rota padrão) tão logo o pluto (o daemon de troca de chaves do Openswan) seja iniciado.
.
- Por favor, informe se você deseja habilitar o suporte a OE. Em caso de
- dúvidas, não habilite esse suporte.
+ Por favor, informe se você deseja habilitar o suporte a OE. Em caso de dúvidas, não habilite esse suporte.
+Description-ru.UTF-8: Включить поддержку гибкого шифрования в Openswan?
+ Openswan предоставляет поддержку гибкого шифрования (opportunistic encryption, OE), при котором информация об аутентификации IPSec (то есть открытые ключи RSA) хранится в (желательно, защищённых) записях DNS. Пока это широко не распространено, его активация проведёт к значительному замедлению установления каждого нового подключения. Так как версия 2.0 оригинальных исходников поставляется с включённым OE по умолчанию, скорее всего произойдёт разрыв существующего соединения с интернет (то есть, маршрута по умолчанию), как только pluto (служба ключей Openswan) будет запущена.
+ .
+ Укажите, нужно ли включить поддержку OE. Если не знаете, ответьте отрицательно.
+Description-sv.UTF-8: Vill du aktivera opportunistisk kryptering i Openswan?
+ Openswan har stöd för opportunistisk kryptering (OE) som lagrar information om IPSec-autentiseringen (exempelvis publika RSA-nycklar) i (helst säkra) DNS-poster. Tills detta är en mer utbredd tjänst kan aktivering av det orsaka en betydande hastighetssänkning för varje ny utgående anslutning. Sedan version 2.0 kommer Openswan (uppström) med OE aktiverad som standard och kommer därför sannorlikt att bryta din existerande anslutning till Internet (exempelvis din standardrutt) som snart som pluto (demonen för Openswan-nycklar) startas.
+ .
+ Välj om du vill aktivera stöd för OE. Om du är osäker bör du inte aktivera det.
+
--- openswan-2.6.22+dfsg.orig/debian/changelog
+++ openswan-2.6.22+dfsg/debian/changelog
@@ -1,3 +1,450 @@
+openswan (1:2.6.22+dfsg-1) unstable; urgency=HIGH
+
+ Urgency high because of security release.
+ * New upstream release. Closes a security bug in the ASN.1 parser (no
+ CVE number at this time).
+ Closes: #528747: [FTBFS] cannot build with kernel 2.6.29-2-686
+ * The linux-patch-openswan package is no longer built, as this new
+ upstream release no longer requires a kernel patch for proper NAT-T
+ support with KLIPS (thanks to Harald Jenny).
+
+ -- Rene Mayrhofer Tue, 23 Jun 2009 09:34:17 +0200
+
+openswan (1:2.6.21+dfsg-2) unstable; urgency=low
+
+ * The new upstream release should also compile with newer Debian
+ kernels.
+ Closes: #522112: openswan-modules-source: Fails to build with kernel
+ 2.6.26
+ * Removed ununsed scripts in linux-patch-openswan that have security
+ issues.
+ Closes: #496376: The possibility of attack with the help of symlinks
+ in some Debian packages
+
+ -- Rene Mayrhofer Tue, 21 Apr 2009 10:02:14 +0200
+
+openswan (1:2.6.21+dfsg-1) unstable; urgency=low
+
+ * New upstream release
+ Closes: #521949: CVE-2009-0790: DoS
+
+ -- Rene Mayrhofer Thu, 09 Apr 2009 17:05:39 +0200
+
+openswan (1:2.6.20+dfsg-6) unstable; urgency=low
+
+ * Fix DoS issue via malicious Dead Peer Detection packet. Thanks to the
+ security team for providing the patch.
+ Closes: #521949: CVE-2009-0790: DoS
+ Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone
+ to a denial of service attack via a malicious packet.
+
+ -- Rene Mayrhofer Tue, 31 Mar 2009 09:56:06 +0000
+
+openswan (1:2.6.20+dfsg-5) unstable; urgency=low
+
+ * Mea culpa (again). Fix the fix.
+ Closes: #520082: openswan: reincarnation
+ * Correct the build dependency for openswan-modules-source. Thanks
+ to Harald Jenny for the patch.
+
+ -- Rene Mayrhofer Fri, 27 Mar 2009 07:39:12 +0100
+
+openswan (1:2.6.20+dfsg-4) unstable; urgency=low
+
+ * Backticks got messed up when applying last patch to init script to
+ check for user id instead of / being writable.
+ Closes: #520082: openswan: init script bug: "permission denied (must
+ be superuser)"
+
+ -- Rene Mayrhofer Sun, 22 Mar 2009 10:21:38 +0100
+
+openswan (1:2.6.20+dfsg-3) unstable; urgency=low
+
+ * Actually, mark ipsec.conf and ipsec.secrets as conffiles but avoid
+ editing them. Sorry for the blunder, reverting the last patch.
+ * The last upload was also messed up in terms of source package
+ (the orig.tar.gz was missing, so it was erroneously created as
+ native source).
+
+ -- Rene Mayrhofer Thu, 12 Mar 2009 19:08:51 +0100
+
+openswan (1:2.6.20+dfsg-2) unstable; urgency=low
+
+ * Fix a few problems caused by changes in upstream packaging, e.g. to
+ no longer require no_oe.conf hackery as there is now a config file
+ option. Removed debconf question for now (commented out, actually).
+ Closes: #515098: overwrites local configuration
+ * No longer advertise the debian-openswan@gibraltar.at mailing list as
+ support address, as I have deleted it. My personal email address
+ should be used again.
+ * I agree that md[25].[ch] are sufficiently compatible with distribution
+ in this Debian package according to http://www.ietf.org/ietf/IPR/RSA-MD-all.
+ IANAL, but as far as I judge the situation, there is no license issue.
+ Closes: #405363: openswan: contains non-free files
+ * Updated Swedish debconf translation
+ Closes: #518498: [INTL:sv] Swedish strings for openswan debconf
+ * Add libcurl4-openssl-dev to the list of Build-Dep alternatives and
+ remove lynx, which is no longer required for building.
+ * Explicitly remove directories /etc/ipsec.d and /var/run/pluto on purge.
+ Closes: #455112: openswan -- Doesn't purge all files after piuparts
+ Install+Upgrade+Purge test
+ * Don't check if / is writable in init script. This doesn't make sense
+ for readonly filesystems.
+ Closes: #499837: Will not start when / is mounted read only
+ * No longer mark ipsec.conf and ipsec.secrets as conffiles, as they
+ are modified by postinst. Although I don't particularly like this
+ method of patching DEBIAN/conffiles, I don't have a better solution
+ right now. Thus take patch from Mathieu Parent.
+ Closes: #515095: programmatically modifies a conffile
+ Integrated cleanup patch, also thanks to Mathieu Parent:
+ * Add 'rm -rf OBJ.*' in clean target.
+ Closes: #517703: openswan_1:2.6.20+dfsg-1(mipsel/unstable): FTBFS with
+ -rsudo
+ * clean generated doc/manpage.d/*.html and doc/index.html
+
+ -- Rene Mayrhofer Thu, 12 Mar 2009 15:29:40 +0100
+
+openswan (1:2.6.20+dfsg-1) unstable; urgency=low
+
+ * New upstream release. This no longer ships the fswcert tool, so skip
+ building and installing it in the Debian package as well.
+
+ -- Rene Mayrhofer Sat, 28 Feb 2009 19:39:16 +0000
+
+openswan (1:2.4.12+dfsg-1) unstable; urgency=low
+
+ * New upstream release that should compile with newer kernels again.
+ Closes: #439977: openswan-modules-source: Is not compatible with
+ kernel >=2.6.22
+ Dropping patch from openswan BTS included in 1:2.4.9+dfsg-3, which
+ has been added upstream.
+ * Pull in NMU patch.
+ Closes: #463361: openswan: ldap_init implicitly converted to pointer
+ * Added Finnish debconf translation.
+ Closes: #472504: [INTL:fi] Finnish translation of the debconf templates
+ * Updated Japanese debconf translation.
+ Closes: #463320: openswan: [INTL:ja] Update po-debconf template
+ translation (ja.po)
+ * Updated French debconf translation.
+ Closes: #461841: openswan: [INTL:fr] French debconf templates
+ translation update
+ * Added Galician debconf translation.
+ Closes: #474627: [INTL:gl] Galician debconf template translation for
+ openswan
+ * Added Russian debconf translation.
+ Closes: #475047: openswan: [INTL:ru] Russian debconf templates translation
+ * Sigh, another service to users by removing documentation. Removed
+ anything the looks like an RFC or an RFC draft again. Obviously, this
+ seems the most critical bug for this package, so I actually considered
+ increasing urgency - after all, we are fixing an RC bug here...
+ Closes: #451110: Source package contains non-free IETF RFC/I-D's
+ * According to http://bugs.xelerance.com/view.php?id=849, 2.4.10 should
+ fix this assertion failure (although the upstream bug report has not
+ been closed). Please reopen if the problem still persists (and if not,
+ please also tell upstream so that they can close their own bug report).
+ Closes: #443525: openswan: pluto dies with ASSERTION FAILED at
+ kernel.c:2237: c->kind == CK_PERMANENT || c->kind ==
+ CK_INSTANCE
+
+ -- Rene Mayrhofer Sun, 30 Mar 2008 10:24:54 +0200
+
+openswan (1:2.4.9+dfsg-3.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Define LDAP_DEPRECATED to continue use of deprecated LDAP functions.
+ Closes: #463361: ldap_init implicitly converted to pointer
+
+ -- dann frazier Mon, 10 Mar 2008 09:46:09 -0600
+
+openswan (1:2.4.9+dfsg-3) unstable; urgency=low
+
+ * Include upstream patch to make %defaultroute work with PPP uplinks
+ in certain cases.
+ Closes: #449512: openswan: defaultroute with PPP does not work
+
+ -- Rene Mayrhofer Sun, 20 Jan 2008 13:36:50 +0100
+
+openswan (1:2.4.9+dfsg-2) unstable; urgency=low
+
+ * Remove spaces before question marks in debconf template. Mea culpa,
+ I read the patch wrong when looking at it. debconf-updatepo seems to have
+ done the right thing in updating .po files with the "new" question
+ strings, so I don't think translators need to change anything.
+
+ -- Rene Mayrhofer Sat, 27 Oct 2007 11:18:14 +0200
+
+openswan (1:2.4.9+dfsg-1) unstable; urgency=low
+
+ * New upstream release.
+ * Add German debconf translation, but do not apply the patch to the English
+ template. I do not agree that a space should be placed before a question
+ mark, but feel free to correct me with references to some grammar material.
+ Closes: #406029: openswan: [INTL:de] German po-debconf template translation
+ * Add Spanish debconf translation.
+ Closes: #443613: [INTL:es] Spanish po-debconf template translation
+ * Drop the fileutils dependency, and thus no longer care about backports to
+ woody.
+ Closes: #368723: openswan: Cleanup of dependencies (fileutils)
+
+ -- Rene Mayrhofer Fri, 26 Oct 2007 16:37:31 +0200
+
+openswan (1:2.4.8-dfsg-1) unstable; urgency=low
+
+ * New upstream release.
+ Closes: #335074: openswan: ipsec.conf manpage doesn't include
+ {left|right}sourceip
+ Closes: #357718: ipsec.conf(5): automatic and manual keying options are
+ not disjoint
+ Closes: #357708: openswan: ipsec.secrets(5) does not document X.509 format
+ * Include Portugese debconf translation.
+ Closes: #426927: openswan: [INTL:pt] Portuguese translation for debconf
+ messages
+ * Also remove .gitignore files in addition to the other cruft when building
+ the binary package.
+ Closes: #413914: shipping gitignore file
+ /usr/share/doc/openswan/doc/.gitignore
+
+ -- Rene Mayrhofer Wed, 04 Jul 2007 20:59:35 +0100
+
+openswan (1:2.4.6+dfsg.2-1) unstable; urgency=low
+
+ * Acknowledge our-priority-are-the-users-thus-remove-docs NMU (nothing
+ personal, but documentation usually tends to be useful).
+ Closes: #390656
+ * Recommend linux-source instead of kernel-source.
+ Closes: #394664: Recommends unavailable kernel-source
+ * Update Japanese debconf translation.
+ Closes: #393176: openswan: [INTL:ja] Updated Japanese po-debconf
+ template translation (ja.po)
+ * Build-depend on po-debconf.
+ * Stop invoking /etc/init.d/ipsec directly in prerm. Use invoke-rc.d.
+
+ -- Rene Mayrhofer Mon, 6 Nov 2006 19:07:36 +0000
+
+openswan (1:2.4.6+dfsg.2-0.1) unstable; urgency=low
+
+ * NMU
+ * Remove additional non-free draft RFCs from upstream tarball.
+ Closes: #390656
+
+ -- Joey Hess Sun, 15 Oct 2006 17:52:57 -0400
+
+openswan (1:2.4.6+dfsg-1) unstable; urgency=low
+
+ * New upstream release.
+ * Acknowledge the last 2 NMUs:
+ Closes: #370752: diff for 1:2.4.5+dfsg-0.1 NMU
+ Closes: #363375: kernel-patch-openswan: Patched linux-source-2.6.16 fails to compile
+ Closes: #365196: [NONFREE-DOC] Package contains IETF RFC/I-D
+ Thanks to Steinar for his NMUs!
+ * Add a call to debconf-updatepo to the clean target of debian/rules, as suggested in
+ the bug report.
+ Closes: #372917: openswan: debconf-updatepo has not been launched
+ * Update the Dutch debconf translation.
+ Closes: #378415: [INTL:nl] Updated dutch po-debconf translation
+ * Removed the 01-ipcomp_hippi.dpatch again, this has been incorporated upstrean.
+
+ -- Rene Mayrhofer Wed, 23 Aug 2006 22:06:52 +0100
+
+openswan (1:2.4.5-4) unstable; urgency=low
+
+ * Removed the dependency on MAKEDEV, it does not seem to be used any
+ more. Thanks to Marco d'Itri for pointing it out.
+
+ -- Rene Mayrhofer Sat, 3 Jun 2006 21:11:44 +0100
+
+openswan (1:2.4.5+dfsg-0.2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * debian/patches/01-ipcomp_hippi.dpatch: Fix net/ipsec/ipcomp.c so it no
+ longer attempts to copy the "private" field of a struct_skbuff when
+ CONFIG_HIPPI is enabled; it was removed after 2.6.13, and this broke
+ compilation with 2.6.16, linux-patch-openswan and CONFIG_HIPPI.
+ (Closes: #363375)
+
+ -- Steinar H. Gunderson Fri, 9 Jun 2006 19:52:22 +0200
+
+openswan (1:2.4.5+dfsg-0.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Remove doc/rfc394[78].txt and doc/draft-*.txt from upstream tarball
+ to get rid of non-DFSG free documentation. (Closes: #365196)
+
+ -- Steinar H. Gunderson Tue, 6 Jun 2006 18:42:09 +0200
+
+openswan (1:2.4.5-3) unstable; urgency=low
+
+ * Renamed kernel-patch-openswan to linux-patch-openswan.
+ * Removed the remarks in the package descriptions that linux-patch-openswan
+ and openswan-modules-source will only work with 2.4 series kernels. This
+ is no longer true.
+ * Use updated French translation. Thanks to Christian Perrier and sorry for
+ not giving time to update the translations before the last upload. I felt
+ that the FTBFS should be corrected quickly.
+ Closes: #364399: openswan: [INTL:fr] French debconf templates translation
+
+ -- Rene Mayrhofer Sun, 23 Apr 2006 21:47:53 +0100
+
+openswan (1:2.4.5-2) unstable; urgency=low
+
+ * The NMU patch doesn't seem to have applied to debian/control,
+ because the dependency was still on libopensc1-dev. Fixed that now
+ by adding libopensc2-dev.
+ Closes: #363073: openswan_1:2.4.5-1: FTBFS: Build depends on
+ libopensc1-dev
+ * Added the patch to fix alignment issues on Sparc, as upstream acknowledged
+ it and applied it to their development tree.
+ Closes: #341630: openswan: Pluto crypto helper gets SIGBUS on SPARC due
+ to request memory alignment issue
+
+ -- Rene Mayrhofer Mon, 17 Apr 2006 14:53:37 +0100
+
+openswan (1:2.4.5-1) unstable; urgency=low
+
+ * New upstream release. This release adds support for patching newer kernel
+ versions. Verified that the patched kernel tree compiles with Debian
+ kernel sources 2.6.15-8 and 2.6.16-6.
+ Closes: #361800: kernel-patch-openswan: Fails to patch Debian 2.6.15
+ kernel
+ It also adds the patches for an IPSec/L2TP server behind a NAT.
+ Closes: #307529: More patches for openswan server behind NAT
+ Closes: #353792: openswan nat-t failure
+ And additionally there are (according to upstream changelogs) fixes for
+ running on SMP systems. If the following bug still persists (can not test
+ myself), then please reopen.
+ Closes: #343603: kernel-patch-openswan: Starting IPSEC makes system freeze
+ The patch to fix the snmpd crash is also in this upstream version (just
+ checked linux/net/ipsec/ipsec_tunnel.c). It was probably in older versions
+ as well, so this might have been closed earlier. It's not mentioned in
+ upstream changelog, so I don't know exactly when it has been fixed.
+ Closes: #318298: kernel-patch-openswan: Kernel Oops - Null Dereference
+ when using snmpd
+ The ipsec.conf manual page has been updated to document connaddrfamily.
+ Closes: #296611: openswan: "man -S 5 ipsec.conf" fails to mention the
+ parameter "connaddrfamily"
+ * Acknowledge fixes in last NMU - thanks to Christian.
+ Closes: #352050: openswan: FTBFS: Package libopensc1-dev has no
+ installation candidate
+ Closes: #356716: openswan: Incomplete clean when building
+ Closes: #316693: openswan_1/2.2.0-10
+ Closes: #339390: openswan: [INTL:sv] Swedish debconf templates translation
+ * Enable building of XAUTH support.
+ * Import override files from /etc/default instead of /etc/sysconfig. This
+ uses dpatch, so now Build-Depend on it.
+ Closes: #354965: openswan: /usr/lib/ipsec/_updown uses /etc/sysconfig/,
+ please change to /etc/default/
+ * Only ask if an existing certificate/private key pair should be used when
+ the user chose not to create a new key pair. Also mention, when asking to
+ create a new key pair, that an existing one can be used alternatively.
+ Closes: #298250: confusing debconf question about certificate creation
+ * Move the USE_LDAP, USE_LIBCURL, and HAVE_THREADS options from the
+ "make install" to the "make programs" call where it belongs.
+ Closes: #292838: openswan: Dynamic CRL fetching not supported
+ * Remove /usr/share/doc/openswan/index.html, because it is a duplicate of
+ /usr/share/doc/openswan/doc/index.html, and only the latter one has links
+ to existing files.
+ Closes: #311613: openswan: html documentation links to the wrong place
+ Closes: #357719: broken links in file:///usr/share/doc/openswan/index.html
+ Closes: #357698: broken links in file:///usr/share/doc/openswan/index.html
+ * Add #ifdef to linux/net/ipsec/ipsec_init.c to branch between Debian and
+ vanilla 2.4 kernels. For Debian kernels with the XFRM (26sec) backport,
+ a second option is necessary for inet_(add|del)_protocol. This should
+ allow KLIPS to compile on both Debian and vanilla 2.4 kernels. Verified
+ that it compiles with Debian 2.4.27-12 and vanilla 2.4.32.
+ Closes: #340294: openswan-modules-source: fails to build with 2.4.27 on
+ sarge
+ Closes: #342844: kernel-patch-openswan: FTBS with kernel-source-2.4.27
+ 2.4.27-11
+ * Document in README.Debian that KLIPS for 2.4 kernels will not compile with
+ newer GCC versions and give a hint on how to use older versions with
+ make-kpkg.
+ * Kernel 2.6.8 is not properly supported and is horribly outdated by now.
+ If you really need to use 2.6.8, then please use the native 26sec IPSec
+ stack. For KLIPS support, use at least 2.6.12, or better 2.6.15.
+ Closes: #318136: kernel-patch-openswan: Problem applying
+ kernel-openswan-patch to kernel-source-2.6.8
+ * Compress the modules source tree with bzip2 instead of gzip and thus
+ reduce the size of the openswan-modules-source package.
+
+ -- Rene Mayrhofer Sat, 15 Apr 2006 21:36:36 +0100
+
+openswan (1:2.4.4-3.1) unstable; urgency=high
+
+ * Non-maintainer upload with maintainer's agreement
+ * Fix FTBFS by replacing the build dependency on libopensc1-dev to
+ libopensc2-dev. Closes: #352050
+ * Really clean when building
+ Closes: #356716
+ * Correct typos and English errors in templates
+ Unfuzzy translations
+ Closes: #316693
+ * Swedish debconf templates translation added
+ Closes: #339390
+
+ -- Christian Perrier Thu, 16 Mar 2006 06:10:05 +0100
+
+openswan (1:2.4.4-3) unstable; urgency=low
+
+ * Corrected PATCHNAME in the kernel-patch-openswan unpatch script.
+ Closes: #344852: kernel-patch-openswan: PATCHNAME=openswan in apply script
+ but =freeswan in unpatch
+
+ -- Rene Mayrhofer Tue, 27 Dec 2005 10:38:33 +0000
+
+openswan (1:2.4.4-2) unstable; urgency=low
+
+ * Build-depend on libkrb5-dev.
+ Closes: #344612: openswan: pluto has shared library dependency on
+ libkrb5support.so
+
+ -- Rene Mayrhofer Mon, 26 Dec 2005 11:22:17 +0000
+
+openswan (1:2.4.4-1) unstable; urgency=high
+
+ Reasoning for urgency high: DoS security issues.
+ * New upstream version. This is supposed to fix the other part of the DoS
+ problem.
+
+ -- Rene Mayrhofer Fri, 18 Nov 2005 19:23:49 +0000
+
+openswan (1:2.4.3-1) unstable; urgency=high
+
+ Reasoning for urgency high: DoS security issues.
+ * New upstream version.
+ Closes: Bug#339082: kernel-patch-openswan: ISAKMP implementation
+ problems / DoS
+
+ -- Rene Mayrhofer Tue, 15 Nov 2005 15:49:44 +0000
+
+openswan (1:2.4.0-3) unstable; urgency=low
+
+ * Doh. Forgot to merge the new debconf depends from my openswan 2.2.0
+ package branch. Now again change the debconf depends to debconf |
+ debconf-2.0.
+ Closes: #332055: openswan depends on debconf without | debconf-2.0
+ alternate; blocks cdebconf transition
+ * Also build-depend on the new libssl (>= 0.9.8-1) now to help the
+ transition. If you recompile this package for woody/sarge, you can safely
+ ignore this versioned build-dependency. No new API is needed this is just
+ for the ABI transition.
+
+ -- Rene Mayrhofer Mon, 10 Oct 2005 11:22:12 +0100
+
+openswan (1:2.4.0-2) unstable; urgency=low
+
+ * Module building has changed a bit for the new openswan upstream
+ releases (need additional files). Adapt the openswan-modules-source
+ package to that and also fix pfkey_v2.c to compile with kernel 2.4
+ (patches sent to upstream for future inclusion).
+ Closes: #291274: Fails to build with 2.4.29: missing Makefile
+ Closes: #273443: openswan-modules-source: doesn't build with 2.6.8 -
+ different from #273144 (?)
+ * Fix the postinst script (must have been a bash update that broke it).
+ Closes: #330864: openswan: postinst fails with "`make-x509-cert': not a
+ valid identifier"
+
+ -- Rene Mayrhofer Fri, 30 Sep 2005 18:11:28 +0100
+
openswan (1:2.4.0-1) unstable; urgency=low
* New upstream release. This finally allows the Debian packages to be
--- openswan-2.6.22+dfsg.orig/debian/openswan-modules-source.rules
+++ openswan-2.6.22+dfsg/debian/openswan-modules-source.rules
@@ -43,6 +43,10 @@
ROOT_CMD=
endif
+# export these variables as they are necessary for building
+export KERNELSRC=${KSRC}
+export OPENSWANSRCDIR=$(CURDIR)
+
# this primarily sets ARCH, we may be able to do that in another way
# but it also defines IPSECVERSION, which is needed below
include Makefile.inc
@@ -64,7 +68,7 @@
build-stamp:
dh_testdir
- $(MAKE) module OPENSWANSRCDIR=$(CURDIR) KERNELSRC=${KSRC}
+ $(MAKE) module
touch build-stamp
@@ -73,7 +77,7 @@
dh_testroot
rm -f build-stamp configure-stamp
- $(MAKE) modclean OPENSWANSRCDIR=$(CURDIR) KERNELSRC=${KSRC}
+ $(MAKE) modclean
dh_clean
--- openswan-2.6.22+dfsg.orig/debian/openswan.postinst
+++ openswan-2.6.22+dfsg/debian/openswan.postinst
@@ -72,7 +72,7 @@
fi
}
-make-x509-cert() {
+make_x509_cert() {
if [ $# -ne 12 ]; then
echo "Error in creating X.509 certificate"
exit 1
@@ -124,72 +124,72 @@
rm $privkey
echo "Successfully created a plain openswan RSA keypair."
else
+ # extract the key from a (newly created) x509 certificate
host=`hostname`
newkeyfile="/etc/ipsec.d/private/${host}Key.pem"
- newcertfile="/etc/ipsec.d/certs/${host}Cert.pem"
- # extract the key from a x509 certificate
- db_get openswan/existing_x509_certificate
- if [ "$RET" = "true" ]; then
- if [ -e $newcertfile -o -e $newkeyfile ]; then
- echo "Error: $newcertfile or $newkeyfile already exists."
- echo "Please remove them first an re-run dpkg-reconfigure to create a new keypair."
- else
- # existing certificate - use it
- db_get openswan/existing_x509_certificate_filename
- certfile=$RET
- db_get openswan/existing_x509_key_filename
- keyfile=$RET
- if [ ! -r $certfile ] || [ ! -r $keyfile ]; then
- echo "Either the certificate or the key file could not be read !"
- else
- cp "$certfile" /etc/ipsec.d/certs
- umask 077
- cp "$keyfile" "/etc/ipsec.d/private"
- newkeyfile="/etc/ipsec.d/private/`basename $keyfile`"
- chmod 0600 "$newkeyfile"
- insert_private_key_filename "$newkeyfile"
- echo "Successfully extracted RSA key from existing x509 certificate."
- fi
- fi
- else
- if [ -e $newcertfile -o -e $newkeyfile ]; then
- echo "Error: $newcertfile or $newkeyfile already exists."
- echo "Please remove them first an re-run dpkg-reconfigure to create a new keypair."
- else
- # create a new certificate
- db_get openswan/rsa_key_length
- keylength=$RET
- db_get openswan/x509_self_signed
- selfsigned=$RET
- db_get openswan/x509_country_code
- countrycode=$RET
- if [ -z "$countrycode" ]; then countrycode="."; fi
- db_get openswan/x509_state_name
- statename=$RET
- if [ -z "$statename" ]; then statename="."; fi
- db_get openswan/x509_locality_name
- localityname=$RET
- if [ -z "$localityname" ]; then localityname="."; fi
- db_get openswan/x509_organization_name
- orgname=$RET
- if [ -z "$orgname" ]; then orgname="."; fi
- db_get openswan/x509_organizational_unit
- orgunit=$RET
- if [ -z "$orgunit" ]; then orgunit="."; fi
- db_get openswan/x509_common_name
- commonname=$RET
- if [ -z "$commonname" ]; then commonname="."; fi
- db_get openswan/x509_email_address
- email=$RET
- if [ -z "$email" ]; then email="."; fi
- make-x509-cert $keylength 1500 "$newkeyfile" "$newcertfile" "$selfsigned" "$countrycode" "$statename" "$localityname" "$orgname" "$orgunit" "$commonname" "$email"
- chmod 0600 "$newkeyfile"
- umask 077
- insert_private_key_filename "$newkeyfile"
- echo "Successfully created x509 certificate."
+ newcertfile="/etc/ipsec.d/certs/${host}Cert.pem"
+ if [ -e $newcertfile -o -e $newkeyfile ]; then
+ echo "Error: $newcertfile or $newkeyfile already exists."
+ echo "Please remove them first an re-run dpkg-reconfigure to create a new keypair."
+ else
+ # create a new certificate
+ db_get openswan/rsa_key_length
+ keylength=$RET
+ db_get openswan/x509_self_signed
+ selfsigned=$RET
+ db_get openswan/x509_country_code
+ countrycode=$RET
+ if [ -z "$countrycode" ]; then countrycode="."; fi
+ db_get openswan/x509_state_name
+ statename=$RET
+ if [ -z "$statename" ]; then statename="."; fi
+ db_get openswan/x509_locality_name
+ localityname=$RET
+ if [ -z "$localityname" ]; then localityname="."; fi
+ db_get openswan/x509_organization_name
+ orgname=$RET
+ if [ -z "$orgname" ]; then orgname="."; fi
+ db_get openswan/x509_organizational_unit
+ orgunit=$RET
+ if [ -z "$orgunit" ]; then orgunit="."; fi
+ db_get openswan/x509_common_name
+ commonname=$RET
+ if [ -z "$commonname" ]; then commonname="."; fi
+ db_get openswan/x509_email_address
+ email=$RET
+ if [ -z "$email" ]; then email="."; fi
+ make_x509_cert $keylength 1500 "$newkeyfile" "$newcertfile" "$selfsigned" "$countrycode" "$statename" "$localityname" "$orgname" "$orgunit" "$commonname" "$email"
+ chmod 0600 "$newkeyfile"
+ umask 077
+ insert_private_key_filename "$newkeyfile"
+ echo "Successfully created x509 certificate."
+ fi
+ fi
+ else
+ db_get openswan/existing_x509_certificate
+ if [ "$RET" = "true" ]; then
+ if [ -e $newcertfile -o -e $newkeyfile ]; then
+ echo "Error: $newcertfile or $newkeyfile already exists."
+ echo "Please remove them first an re-run dpkg-reconfigure to create a new keypair."
+ else
+ # existing certificate - use it
+ db_get openswan/existing_x509_certificate_filename
+ certfile=$RET
+ db_get openswan/existing_x509_key_filename
+ keyfile=$RET
+ if [ ! -r $certfile ] || [ ! -r $keyfile ]; then
+ echo "Either the certificate or the key file could not be read !"
+ else
+ cp "$certfile" /etc/ipsec.d/certs
+ umask 077
+ cp "$keyfile" "/etc/ipsec.d/private"
+ newkeyfile="/etc/ipsec.d/private/`basename $keyfile`"
+ chmod 0600 "$newkeyfile"
+ insert_private_key_filename "$newkeyfile"
+ echo "Successfully extracted RSA key from existing x509 certificate."
fi
- fi
fi
+ fi
fi
# figure out the correct start time
@@ -203,28 +203,28 @@
fi
update-rc.d ipsec $LEVELS > /dev/null
- db_get openswan/enable-oe
- if [ "$RET" != "true" ]; then
- echo -n "Disabling opportunistic encryption (OE) in config file ... "
- if egrep -q "^include /etc/ipsec.d/examples/no_oe.conf$" /etc/ipsec.conf; then
- echo "already disabled"
- else
- cat <> /etc/ipsec.conf
-#Disable Opportunistic Encryption
-include /etc/ipsec.d/examples/no_oe.conf
-EOF
- echo "done"
- fi
- else
- echo -n "Enabling opportunistic encryption (OE) in config file ... "
- if egrep -q "^include /etc/ipsec.d/examples/no_oe.conf$" /etc/ipsec.conf; then
- sed 's/include \/etc\/ipsec.d\/examples\/no_oe.conf/#include \/etc\/ipsec.d\/examples\/no_oe.conf/' < /etc/ipsec.conf > /etc/ipsec.conf.tmp
- mv /etc/ipsec.conf.tmp /etc/ipsec.conf
- echo "done"
- else
- echo "already enabled"
- fi
- fi
+# db_get openswan/enable-oe
+# if [ "$RET" != "true" ]; then
+# echo -n "Disabling opportunistic encryption (OE) in config file ... "
+# if egrep -q "^include /etc/ipsec.d/examples/no_oe.conf$" /etc/ipsec.conf; then
+# echo "already disabled"
+# else
+# cat <> /etc/ipsec.conf
+##Disable Opportunistic Encryption
+#include /etc/ipsec.d/examples/no_oe.conf
+#EOF
+# echo "done"
+# fi
+# else
+# echo -n "Enabling opportunistic encryption (OE) in config file ... "
+# if egrep -q "^include /etc/ipsec.d/examples/no_oe.conf$" /etc/ipsec.conf; then
+# sed 's/include \/etc\/ipsec.d\/examples\/no_oe.conf/#include \/etc\/ipsec.d\/examples\/no_oe.conf/' < /etc/ipsec.conf > /etc/ipsec.conf.tmp
+# mv /etc/ipsec.conf.tmp /etc/ipsec.conf
+# echo "done"
+# else
+# echo "already enabled"
+# fi
+# fi
if [ -z "$2" ]; then
# no old configured version - start openswan now
--- openswan-2.6.22+dfsg.orig/debian/openswan-nat-t-2.6.18.patch
+++ openswan-2.6.22+dfsg/debian/openswan-nat-t-2.6.18.patch
@@ -0,0 +1,175 @@
+--- linux-source-2.6.18/net/ipv4/Kconfig 2006-09-20 05:42:06.000000000 +0200
++++ linux-source-2.6.18_patched/net/ipv4/Kconfig 2009-05-11 13:45:43.000000000 +0200
+@@ -432,6 +432,12 @@
+
+ If unsure, say Y.
+
++config IPSEC_NAT_TRAVERSAL
++ bool "IPSEC NAT-Traversal (KLIPS compatible)"
++ depends on INET
++ ---help---
++ Includes support for RFC3947/RFC3948 NAT-Traversal of ESP over UDP.
++
+ config INET_DIAG
+ tristate "INET: socket monitoring interface"
+ default y
+--- linux-source-2.6.18/net/ipv4/udp.c 2009-05-05 01:40:20.000000000 +0200
++++ linux-source-2.6.18_patched/net/ipv4/udp.c 2009-05-11 13:43:47.000000000 +0200
+@@ -108,11 +108,14 @@
+ #include
+ #include
+ #include
++#include
+
+ /*
+ * Snmp MIB for the UDP layer
+ */
+
++static xfrm4_rcv_encap_t xfrm4_rcv_encap_func;
++
+ DEFINE_SNMP_STAT(struct udp_mib, udp_statistics) __read_mostly;
+
+ struct hlist_head udp_hash[UDP_HTABLE_SIZE];
+@@ -881,6 +884,42 @@
+ sk_common_release(sk);
+ }
+
++#if defined(CONFIG_XFRM) || defined(CONFIG_IPSEC_NAT_TRAVERSAL)
++
++/* if XFRM isn't a module, then register it directly. */
++#if 0 && !defined(CONFIG_XFRM_MODULE) && !defined(CONFIG_IPSEC_NAT_TRAVERSAL)
++static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = xfrm4_rcv_encap;
++#else
++static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = NULL;
++#endif
++
++int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
++ , xfrm4_rcv_encap_t *oldfunc)
++{
++ if(oldfunc != NULL) {
++ *oldfunc = xfrm4_rcv_encap_func;
++ }
++
++#if 0
++ if(xfrm4_rcv_encap_func != NULL)
++ return -1;
++#endif
++
++ xfrm4_rcv_encap_func = func;
++ return 0;
++}
++
++int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func)
++{
++ if(xfrm4_rcv_encap_func != func)
++ return -1;
++
++ xfrm4_rcv_encap_func = NULL;
++ return 0;
++}
++#endif /* CONFIG_XFRM_MODULE || CONFIG_IPSEC_NAT_TRAVERSAL */
++
++
+ /* return:
+ * 1 if the the UDP system should process it
+ * 0 if we should drop this packet
+@@ -888,9 +927,9 @@
+ */
+ static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
+ {
+-#ifndef CONFIG_XFRM
++#if !defined(CONFIG_XFRM) && !defined(CONFIG_IPSEC_NAT_TRAVERSAL)
+ return 1;
+-#else
++#else /* either CONFIG_XFRM or CONFIG_IPSEC_NAT_TRAVERSAL */
+ struct udp_sock *up = udp_sk(sk);
+ struct udphdr *uh;
+ struct iphdr *iph;
+@@ -903,16 +942,16 @@
+ /* if we're overly short, let UDP handle it */
+ len = skb->len - sizeof(struct udphdr);
+ if (len <= 0)
+- return 1;
++ return 2;
+
+ /* if this is not encapsulated socket, then just return now */
+ if (!encap_type)
+- return 1;
++ return 3;
+
+ /* If this is a paged skb, make sure we pull up
+ * whatever data we need to look at. */
+ if (!pskb_may_pull(skb, sizeof(struct udphdr) + min(len, 8)))
+- return 1;
++ return 4;
+
+ /* Now we can get the pointers */
+ uh = skb->h.uh;
+@@ -930,7 +969,7 @@
+ len = sizeof(struct udphdr);
+ } else
+ /* Must be an IKE packet.. pass it through */
+- return 1;
++ return 5;
+ break;
+ case UDP_ENCAP_ESPINUDP_NON_IKE:
+ /* Check if this is a keepalive packet. If so, eat it. */
+@@ -943,7 +982,7 @@
+ len = sizeof(struct udphdr) + 2 * sizeof(u32);
+ } else
+ /* Must be an IKE packet.. pass it through */
+- return 1;
++ return 6;
+ break;
+ }
+
+@@ -1018,10 +1057,14 @@
+ return 0;
+ }
+ if (ret < 0) {
+- /* process the ESP packet */
+- ret = xfrm4_rcv_encap(skb, up->encap_type);
+- UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
+- return -ret;
++ if(xfrm4_rcv_encap_func != NULL) {
++ ret = (*xfrm4_rcv_encap_func)(skb, up->encap_type);
++ UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS);
++ } else {
++ UDP_INC_STATS_BH(UDP_MIB_INERRORS);
++ ret = 1;
++ }
++ return ret;
+ }
+ /* FALLTHROUGH -- it's a UDP Packet */
+ }
+@@ -1110,7 +1153,6 @@
+ /*
+ * All we need to do is get the socket, and then do a checksum.
+ */
+-
+ int udp_rcv(struct sk_buff *skb)
+ {
+ struct sock *sk;
+@@ -1599,3 +1641,9 @@
+ EXPORT_SYMBOL(udp_proc_register);
+ EXPORT_SYMBOL(udp_proc_unregister);
+ #endif
++
++#if defined(CONFIG_IPSEC_NAT_TRAVERSAL)
++EXPORT_SYMBOL(udp4_register_esp_rcvencap);
++EXPORT_SYMBOL(udp4_unregister_esp_rcvencap);
++#endif
++
+--- linux-source-2.6.18/include/net/xfrmudp.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-source-2.6.18_patched/include/net/xfrmudp.h 2009-05-11 13:08:46.000000000 +0200
+@@ -0,0 +1,10 @@
++/*
++ * pointer to function for type that xfrm4_input wants, to permit
++ * decoupling of XFRM from udp.c
++ */
++#define HAVE_XFRM4_UDP_REGISTER
++
++typedef int (*xfrm4_rcv_encap_t)(struct sk_buff *skb, __u16 encap_type);
++extern int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
++ , xfrm4_rcv_encap_t *oldfunc);
++extern int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func);
--- openswan-2.6.22+dfsg.orig/debian/openswan.prerm
+++ openswan-2.6.22+dfsg/debian/openswan.prerm
@@ -19,7 +19,7 @@
upgrade)
;;
remove|deconfigure)
- /etc/init.d/ipsec stop || true
+ invoke-rc.d ipsec stop || true
# install-info --quiet --remove /usr/info/openswan.info.gz
;;
failed-upgrade)
--- openswan-2.6.22+dfsg.orig/debian/README.Debian
+++ openswan-2.6.22+dfsg/debian/README.Debian
@@ -6,7 +6,7 @@
This package has been created from scratch with some ideas from the
freeswan 1.3 package by Tommi Virtanen and the freeswan 1.5 package by
Aaron Johnson merged in. Most of the code in debian/rules for creating the
-kernel-patch-freeswan package has been taken directly from Tommi Virtanen's
+linux-patch-openswan package has been initially taken from Tommi Virtanen's
package, but has been mostly rewritten to fit the needs of newer kernel
versions (since version 1.9-1).
@@ -37,22 +37,32 @@
daemon.
If you do not want to use the in-kernel IPSec stack of newer 2.6 kernels or
-are building a custom 2.4 kernel, then the KLIPS kernel part is available in
-two forms: the kernel tree can be patched using the kernel-patch-openswan
-package, which will be applied automatically by make-kpkg, or stand-alone
-modules can be built using the openswan-modules-source package. Please note
+are building a custom 2.4 kernel, then the KLIPS kernel part can be compiled
+as stand-alone modules using the openswan-modules-source package. Please note
that, for building the modules, you need the _complete_, built kernel tree
for invoking "make-kpkg modules_install", only having the kernel headers is
-not enough. NAT Traversal can not be used at the moment with the stand-alone
-modules, it still needs a small kernel patch applied to the kernel tree. If
-you need NAT Traversal, please use either the in-kernel IPSec stack (which is
-preferred), the kernel-patch-openswan package, or patch the kernel tree with
-the (small) NAT Traversal patch before compiling it.
+not enough. Starting with kernel >= 2.6.23 and openswan >= 2.6.22, NAT
+Traversal will work without patching the kernel even with KLIPS compiled as a
+module. For previous kernels (or openswan versions), a small kernel patch
+needs to be applied to the kernel tree before recompiling it. To support such
+older kernels, patches for some kernel versions can be found under
+/usr/src/modules/openswan/debian/*nat-t*.diff once the openswan-modules-source
+package has been unpacked.
+
+Attention: Please note that KLIPS will not compile cleanly with newer GCC
+versions that are stricter with their syntax checks. It is known to compile
+with GCC 3.4, so I recommend to use this version for building it. If you build
+KLIPS modules without patching the kernel source, please note that the kernel
+needs to be compiled with the same GCC version, or the modules will not load!
+
+When using make-kpkg, the GCC version can be set with the environment variable
+MAKEFLAGS, e.g. with
+ MAKEFLAGS="CC=gcc-3.4" make-kpkg ...
+This should be necessary for 2.4 kernels, while KLIPS for 2.6 kernels might
+compile with newer GCC versions as well.
-For using the openswan (KLIPS) kernel modules, there are now two different
-methods:
-
-2.1) openswan-modules-source:
+Compiling KLIPS modules
+-----------------------
When you install the openswan-modules-source package and use
make-kpkg to build your kernel, make-kpkg modules_image will automatically
create a kernel module package. However, since the openswan-modules-source
@@ -81,32 +91,4 @@
Where upstream version is e.g. 2.4.20 and debian-version is e.g. 2.4.20-2 (it
should match the Debian package version).
-If you want to use NAT Traversal but still want to use openswan-modules-source
-(since you need to patch the kernel anyway, using kernel-patch-openswan is
-easier), you can find the necessary patch under
-/usr/src/modules/openswan/debian/nat-t-.diff
-It should apply cleanly to newer vanilla 2.4 and 2.6 series kernels. Debian
-kernels usually have that patch already applied, so you will not need to patch
-a Debian kernel to use openswan.
-
-2) kernel-patch-openswan:
-By installing the kernel-patch-openswan package and using make-kpkg to build
-your kernel, it automatically gets patched to include the freeswan IPSec kernel
-support in the kernel tree. This allows to enable NAT Traversal (which is not
-possible with building the openswan modules outside the kernel tree with the
-openswan-modules-source package without the additional patch). Please note
-that the environment variable PATCH_THE_KERNEL=YES has to be set for make-kpkg
-to apply the kernel patches.
-
-3) Miscellaneous
-
-Warning: Due to an upstream bug, pluto from this version will dump core on
-certain CRLs. If you are hit by this bug, please report it directly to
-upstream, they are still tracking the issue down.
-
-For support, please use the mailing list debian-openswan@gibraltar.at, which
-is now the official support address for the Debian package of openswan. You
-can subscribe to the list and view its archives at
-https://www.gibraltar.at/mailman/listinfo/debian-openswan
-
- -- Rene Mayrhofer , Mon, Sep 19 14:58:00 2005
+ -- Rene Mayrhofer , Tue, Jun 23 13:16:00 2009
--- openswan-2.6.22+dfsg.orig/debian/control
+++ openswan-2.6.22+dfsg/debian/control
@@ -2,14 +2,14 @@
Section: net
Priority: optional
Maintainer: Rene Mayrhofer
-Standards-Version: 3.6.1.0
-Build-Depends: debhelper (>= 4.1.16), libgmp3-dev, libssl-dev, htmldoc, man2html, libcurl4-dev | libcurl3-dev | libcurl2-dev, libopensc2-dev | libopensc1-dev | libopensc0-dev, libldap2-dev, libpam0g-dev, bison, flex, lynx
+Standards-Version: 3.8.0
+Build-Depends: debhelper (>= 4.1.16), libgmp3-dev, libssl-dev (>= 0.9.8), htmldoc, man2html, libcurl4-openssl-dev | libcurl3-dev | libcurl2-dev, libopensc2-dev | libopensc1-dev | libopensc0-dev, libldap2-dev, libpam0g-dev, libkrb5-dev, bison, flex, dpatch, bzip2, po-debconf, xmlto
Package: openswan
Architecture: any
-Pre-Depends: debconf
-Depends: ${shlibs:Depends}, bsdmainutils, makedev | devfsd, debianutils (>=1.7), ipsec-tools, openssl, host, iproute
-Suggests: openswan-modules-source | kernel-patch-openswan, curl
+Pre-Depends: debconf | debconf-2.0
+Depends: ${shlibs:Depends}, bsdmainutils, debianutils (>=1.7), ipsec-tools, openssl, host, iproute
+Suggests: openswan-modules-source | linux-patch-openswan, curl
Provides: ike-server
Conflicts: freeswan (<< 2.04-12)
Description: IPSEC utilities for Openswan
@@ -37,12 +37,13 @@
.
If you want to use the KLIPS IPSec code for kernel modules instead of the
native ones, you will need to install either openswan-modules-source or
- kernel-patch-openswan and build the respective modules for your kernel.
+ linux-patch-openswan and build the respective modules for your kernel.
Package: openswan-modules-source
Architecture: all
-Depends: coreutils | fileutils, debhelper
-Recommends: kernel-package (>= 7.04), kernel-source
+Section: kernel
+Depends: coreutils, debhelper, bzip2
+Recommends: kernel-package (>= 7.04), linux-source
Suggests: openswan
Description: IPSEC kernel modules source for Openswan
This package contains the source for the Openswan modules to get the necessary
@@ -50,22 +51,3 @@
.
It includes the NAT Traversal patches, which will need to be applied to the
kernel tree if NAT Traversal is needed.
- .
- It currently works only for 2.4 series kernels!
-
-Package: kernel-patch-openswan
-Architecture: all
-Depends: coreutils | fileutils
-Recommends: kernel-package (>= 7.04)
-Suggests: openswan
-Description: IPSEC kernel support for Openswan
- This package contains the patches for the Linux kernel to get the necessary
- kernel support to use Openswan. If you want to build a kernel module for
- IPSec, it is much easier to use the openswan-modules-source package instead.
- This kernel-patch package should probably only be used when building a
- non-modular kernel or when compiling IPSec non-modular.
- .
- It includes the NAT Traversal patches and applies them automatically to the
- kernel after inserting KLIPS.
- .
- It will only work for 2.4 series kernels!
--- openswan-2.6.22+dfsg.orig/debian/rules
+++ openswan-2.6.22+dfsg/debian/rules
@@ -5,9 +5,6 @@
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
-# This is the debhelper compatability version to use.
-export DH_COMPAT=3
-
export DH_OPTIONS
ifeq (,$(wildcard /usr/bin/po2debconf))
@@ -25,16 +22,16 @@
touch configure-stamp
-patch-stamp:
+patch:
dh_testdir
+ dpatch apply-all
- touch patch-stamp
-
-unpatch:
- rm -f patch-stamp
+unpatch:
+ dpatch deapply-all
+ #rm -f patch-stamp
build: build-stamp
-build-stamp: patch-stamp
+build-stamp: patch
# create a dummy ipsec.secrets file before building the package so
# that no RSA keys are created during the build process
# (a package should not include a RSA key, it should produce the key
@@ -45,18 +42,15 @@
FINALLIBEXECDIR=/usr/lib/ipsec \
PUBDIR=/usr/sbin \
MANTREE=/usr/share/man \
- CONFDIR=$(CURDIR)/debian
+ CONFDIR=$(CURDIR)/debian \
+ USE_LDAP=true USE_LIBCURL=true HAVE_THREADS=true \
+ USE_XAUTH=true USE_XAUTHPAM=true
# remove the temporary file, it will be created during install
rm -f $(CURDIR)/debian/ipsec.secrets
# here we re-generate the upstream HTML documentation
$(MAKE) -C doc/ index.html
- # also generate the fswcert tool
- $(MAKE) -C programs/fswcert/
- # ugly hack....
- $(MAKE) -C programs/fswcert/ programs WERROR='-lcrypto'
-
touch build-stamp
clean: unpatch
@@ -65,17 +59,25 @@
rm -f build-stamp configure-stamp
-$(MAKE) clean
- -$(MAKE) -C programs/fswcert/ clean
# after a make clean, no binaries _should_ be left, but ....
-find $(CURDIR) -name "*.o" | xargs --no-run-if-empty rm
-find $(CURDIR)/lib/libcrypto -name "*.a" | xargs --no-run-if-empty rm
- -$(MAKE) -f debian/rules unpatch
-
rm -rf debian/openswan-modules-source-build/
+ # Really clean (#356716)
+ # This is a hack: should be better implemented
+ rm -f lib/libopenswan/libopenswan.a || true
+ rm -f lib/libopenswan/liboswlog.a || true
+ rm -rf OBJ.* || true
+ rm -rf doc/manpage.d/*.html || true
+ rm -f doc/index.html || true
+
# just in case something went wrong
rm -f $(CURDIR)/debian/ipsec.secrets
+
+ # and make sure that template are up-to-date
+ debconf-updatepo
dh_clean
@@ -104,9 +106,7 @@
FINALLIBEXECDIR=/usr/lib/ipsec \
PUBDIR=$(CURDIR)/debian/openswan/usr/sbin \
MANTREE=$(CURDIR)/debian/openswan/usr/share/man \
- DESTDIR=$(CURDIR)/debian/openswan \
- USE_LDAP=true USE_LIBCURL=true HAVE_THREADS=true \
- USE_XAUTHPAM=true
+ DESTDIR=$(CURDIR)/debian/openswan
rm -rf $(CURDIR)/debian/openswan/usr/local
install --mode=0600 $(CURDIR)/debian/ipsec.secrets.proto $(CURDIR)/debian/openswan/etc/ipsec.secrets
@@ -114,10 +114,6 @@
patch $(CURDIR)/debian/openswan/etc/init.d/ipsec < debian/use-bash.diff
patch $(CURDIR)/debian/openswan/usr/lib/ipsec/_plutorun < debian/use-bash.diff
- # install the fswcert tool
- install $(CURDIR)/programs/fswcert/fswcert $(CURDIR)/debian/openswan/usr/bin
- install $(CURDIR)/programs/fswcert/fswcert.8 $(CURDIR)/debian/openswan/usr/share/man/man8
-
rm -f $(CURDIR)/debian/openswan/etc/init.d/ipsec?*
rm -f $(CURDIR)/debian/openswan/usr/lib/ipsec/_plutorun?*
@@ -138,6 +134,9 @@
done )
# but remove the doc/src dir, which just duplicates the HTML files
rm -rf $(CURDIR)/debian/openswan/usr/share/doc/openswan/doc/src
+ # and the index file in the main doc directory - it's replicated under
+ # doc/
+ rm -f $(CURDIR)/debian/openswan/usr/share/doc/openswan/index.html
# the logcheck ignore files
install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.paranoid $(CURDIR)/debian/openswan/etc/logcheck/ignore.d.paranoid/openswan
@@ -155,12 +154,13 @@
# more lintian cleanups
find $(CURDIR)/debian/openswan -name ".cvsignore" | xargs --no-run-if-empty rm -f
+ find $(CURDIR)/debian/openswan -name ".gitignore" | xargs --no-run-if-empty rm -f
find $(CURDIR)/debian/openswan -name "/.svn/" | xargs --no-run-if-empty rm -rf
install-openswan-modules-source: DH_OPTIONS=-i
install-openswan-modules-source: PKGDIR=$(CURDIR)/debian/openswan-modules-source
install-openswan-modules-source: BUILDDIR=$(CURDIR)/debian/openswan-modules-source-build
-install-openswan-modules-source: patch-stamp
+install-openswan-modules-source: patch
dh_testdir
dh_testroot
dh_installdirs
@@ -171,7 +171,7 @@
cp -r Makefile Makefile.top Makefile.inc Makefile.ver linux/ \
"$(BUILDDIR)/modules/openswan"
cp -r lib/libcrypto "$(BUILDDIR)/modules/openswan/lib/"
- cp -r packaging/makefiles packaging/linus packaging/utils packaging/defaults \
+ cp -r packaging/makefiles packaging/linus packaging/utils packaging/defaults/ \
"$(BUILDDIR)/modules/openswan/packaging/"
find "$(BUILDDIR)/modules/openswan/lib/" -name "*.o" | xargs --no-run-if-empty rm
install --mode=644 debian/openswan-modules-source.kernel-config "$(BUILDDIR)/modules/openswan/config-all.h"
@@ -183,9 +183,10 @@
# even with openswan-modules-source.
make nattpatch2.4 > $(BUILDDIR)/modules/openswan/debian/nat-t-2.4.diff
make nattpatch2.6 > $(BUILDDIR)/modules/openswan/debian/nat-t-2.6.diff
+ cp debian/openswan-nat-t-*.patch $(BUILDDIR)/modules/openswan/debian/
- tar -C $(BUILDDIR) -c modules/ | gzip -9 > \
- "$(PKGDIR)/usr/src/openswan-modules.tar.gz"
+ tar -C $(BUILDDIR) -c modules/ | bzip2 -9 > \
+ "$(PKGDIR)/usr/src/openswan-modules.tar.bz2"
dh_installdocs -popenswan-modules-source -n
@@ -193,78 +194,6 @@
find $(CURDIR)/debian/openswan-modules-source -name ".cvsignore" | xargs --no-run-if-empty rm -f
find $(PKGDIR) -name "/.svn/" | xargs --no-run-if-empty rm -rf
-install-kernel-patch-openswan: DH_OPTIONS=-i
-install-kernel-patch-openswan: PKGDIR=$(CURDIR)/debian/kernel-patch-openswan
-install-kernel-patch-openswan: patch-stamp
- dh_testdir
- dh_testroot
- dh_installdirs
- # some of this has been taken from Tommi Virtanen's package
- install --mode=0755 debian/kernel-patch-openswan.apply \
- "$(PKGDIR)/usr/src/kernel-patches/all/apply/openswan"
- install --mode=0755 debian/kernel-patch-openswan.unpatch \
- "$(PKGDIR)/usr/src/kernel-patches/all/unpatch/openswan"
- install --mode=0755 packaging/utils/patcher \
- "$(PKGDIR)/usr/src/kernel-patches/all/openswan"
- cp -r Makefile Makefile.inc Makefile.ver Makefile.top lib/ linux/ \
- packaging/ nat-t/ \
- "$(PKGDIR)/usr/src/kernel-patches/all/openswan"
- # also don't generate the out.kpatch file under /usr/src/....
- sed 's/>>out.kpatch//' \
- "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile" \
- > "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp"
- mv "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp" \
- "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile"
- sed 's/>out.kpatch//' \
- "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile" \
- > "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp"
- mv "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp" \
- "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile"
- sed 's/rm -f out.kpatch//' \
- "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile" \
- > "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp"
- mv "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile.tmp" \
- "$(PKGDIR)/usr/src/kernel-patches/all/openswan/Makefile"
- chmod u=rwX,go=rX "$(PKGDIR)/usr/src/kernel-patches/all/openswan"
- # remove extra junk not needed on linux / that lintian would complain about
- find "$(PKGDIR)/usr/src/kernel-patches/all/openswan" \
- -name '*.o' -print0 | xargs --no-run-if-empty -0 rm -f
- find "$(PKGDIR)/usr/src/kernel-patches/all/openswan" \
- -name '*.a' -print0 | xargs --no-run-if-empty -0 rm -f
- rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/libopenswan/"
- rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/libdes/"
- rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/liblwres/"
- rm -f "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/COPYING.LIB"
- rm -f "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/README"
- rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/linus"
- rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/ipkg"
- rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/makefiles"
- rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/redhat"
- rm -rf "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/suse"
- rm -r "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/utils/disttools.pl"
- rm -r "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/utils/kernel.patch.gen.sh"
- rm -r "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/utils/sshenv"
- rm -r "$(PKGDIR)/usr/src/kernel-patches/all/openswan/packaging/utils/setup"
- find "$(PKGDIR)/usr/src/kernel-patches/all/openswan/linux/net/ipsec/des/asm/" \
- -name '*.pl' -print0 | xargs --no-run-if-empty -0 \
- perl -pi -e 's{^#!/usr/local/bin/perl}{#!/usr/bin/perl}g'
- find "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/libcrypto/" \
- -name '*.pl' -print0 | xargs --no-run-if-empty -0 \
- perl -pi -e 's{^#!/usr/local/bin/perl}{#!/usr/bin/perl}g'
- find "$(PKGDIR)/usr/src/kernel-patches/all/openswan/linux/net/ipsec/des/asm/" \
- -name '*.pl' -print0 | xargs --no-run-if-empty -0 chmod a+x
- find "$(PKGDIR)/usr/src/kernel-patches/all/openswan/lib/libcrypto/" \
- -name '*.pl' -print0 | xargs --no-run-if-empty -0 chmod a+x
- find "$(PKGDIR)/usr/src/kernel-patches/all/openswan/linux/net/ipsec/alg/scripts/" \
- -name '*.sh' -print0 | xargs --no-run-if-empty -0 chmod a+x
- chmod -R u=rwX,go=rX "$(PKGDIR)/usr/src/kernel-patches/all/openswan"
-
- dh_installdocs -pkernel-patch-openswan -n
-
- # more lintian cleanups
- find $(PKGDIR) -name ".cvsignore" | xargs --no-run-if-empty rm -f
- find $(PKGDIR) -name "/.svn/" | xargs --no-run-if-empty rm -rf
-
binary-common:
#dh_testversion 2
dh_testdir
@@ -278,14 +207,13 @@
# dh_makeshlibs
dh_installdeb
-# dh_perl
dh_shlibdeps
dh_gencontrol
dh_md5sums
dh_builddeb
# Build architecture-independent files here.
-binary-indep: install-openswan-modules-source install-kernel-patch-openswan
+binary-indep: install-openswan-modules-source
$(MAKE) -f debian/rules DH_OPTIONS=-i binary-common
# Build architecture-dependent files here.
--- openswan-2.6.22+dfsg.orig/debian/openswan.config
+++ openswan-2.6.22+dfsg/debian/openswan.config
@@ -6,7 +6,15 @@
db_input medium openswan/restart || true
-db_input high openswan/enable-oe || true
+#guess current value:
+#if [ -e /etc/ipsec.conf ]; then
+# if egrep -q "^include /etc/ipsec.d/examples/no_oe.conf$" /etc/ipsec.conf; then
+# db_set openswan/enable-oe false
+# else
+# db_set openswan/enable-oe true
+# fi
+#fi
+#db_input high openswan/enable-oe || true
db_input high openswan/create_rsa_key || true
db_go || true
@@ -26,32 +34,32 @@
db_input high openswan/existing_x509_certificate || true
db_go || true
- db_get openswan/existing_x509_certificate
- if [ "$RET" = "true" ]; then
- # existing certificate - use it
- db_input critical openswan/existing_x509_certificate_filename || true
- db_input critical openswan/existing_x509_key_filename || true
- db_go || true
- else
- # create a new certificate
- db_input medium openswan/rsa_key_length || true
- db_input high openswan/x509_self_signed || true
- # we can't allow the country code to be empty - openssl will
- # refuse to create a certificate this way
- countrycode=""
- while [ -z "$countrycode" ]; do
- db_input medium openswan/x509_country_code || true
- db_go || true
- db_get openswan/x509_country_code
- countrycode="$RET"
- done
- db_input medium openswan/x509_state_name || true
- db_input medium openswan/x509_locality_name || true
- db_input medium openswan/x509_organization_name || true
- db_input medium openswan/x509_organizational_unit || true
- db_input medium openswan/x509_common_name || true
- db_input medium openswan/x509_email_address || true
- db_go || true
- fi
+ # create a new certificate
+ db_input medium openswan/rsa_key_length || true
+ db_input high openswan/x509_self_signed || true
+ # we can't allow the country code to be empty - openssl will
+ # refuse to create a certificate this way
+ countrycode=""
+ while [ -z "$countrycode" ]; do
+ db_input medium openswan/x509_country_code || true
+ db_go || true
+ db_get openswan/x509_country_code
+ countrycode="$RET"
+ done
+ db_input medium openswan/x509_state_name || true
+ db_input medium openswan/x509_locality_name || true
+ db_input medium openswan/x509_organization_name || true
+ db_input medium openswan/x509_organizational_unit || true
+ db_input medium openswan/x509_common_name || true
+ db_input medium openswan/x509_email_address || true
+ db_go || true
+ fi
+else
+ db_get openswan/existing_x509_certificate
+ if [ "$RET" = "true" ]; then
+ # existing certificate - use it
+ db_input critical openswan/existing_x509_certificate_filename || true
+ db_input critical openswan/existing_x509_key_filename || true
+ db_go || true
fi
fi
--- openswan-2.6.22+dfsg.orig/debian/openswan.templates.master
+++ openswan-2.6.22+dfsg/debian/openswan.templates.master
@@ -2,7 +2,7 @@
Type: select
_Choices: earliest, "after NFS", "after PCMCIA"
Default: earliest
-_Description: At which level do you wish to start Openswan ?
+_Description: At which level do you wish to start Openswan?
With the current Debian startup levels (nearly everything starting in
level 20), it is impossible for Openswan to always start at the correct
time. There are three possibilities when Openswan can start: before or
@@ -11,19 +11,19 @@
.
If you do not have your /usr tree mounted via NFS (either you only mount
other, less vital trees via NFS or don't use NFS mounted trees at all) and
- don't use a PCMCIA network card, then it is the best to start Openswan at
- the earliest possible time, thus allowing the NFS mounts to be secured by
- IPSec. In this case (or if you don't understand or care about this
+ don't use a PCMCIA network card, then it's best to start Openswan at
+ the earliest possible time, thus allowing the NFS mounts to be secured by
+ IPSec. In this case (or if you don't understand or care about this
issue), answer "earliest" to this question (the default).
.
If you have your /usr tree mounted via NFS and don't use a PCMCIA network
card, then you will need to start Openswan after NFS so that all
necessary files are available. In this case, answer "after NFS" to this
- question. Please note that the NFS mount of /usr can not be secured by
+ question. Please note that the NFS mount of /usr can not be secured by
IPSec in this case.
.
If you use a PCMCIA network card for your IPSec connections, then you only
- have to choice to start it after the PCMCIA services. Answer "after
+ have to choose to start it after the PCMCIA services. Answer "after
PCMCIA" in this case. This is also the correct answer if you want to fetch
keys from a locally running DNS server with DNSSec support.
@@ -39,23 +39,26 @@
Template: openswan/create_rsa_key
Type: boolean
Default: true
-_Description: Do you want to create a RSA public/private keypair for this host ?
+_Description: Do you want to create a RSA public/private keypair for this host?
This installer can automatically create a RSA public/private keypair for
this host. This keypair can be used to authenticate IPSec connections to
other hosts and is the preferred way for building up secure IPSec
connections. The other possibility would be to use shared secrets
(passwords that are the same on both sides of the tunnel) for
authenticating an connection, but for a larger number of connections RSA
- authentication is easier to administrate and more secure.
+ authentication is easier to administer and more secure.
+ .
+ If you do not want to create a new public/private keypair, you can choose to
+ use an existing one.
Template: openswan/rsa_key_type
Type: select
_Choices: x509, plain
Default: x509
-_Description: Which type of RSA keypair do you want to create ?
- It is possible to create a plain RSA public/private keypair for the use
+_Description: Which type of RSA keypair do you want to create?
+ It is possible to create a plain RSA public/private keypair for use
with Openswan or to create a X509 certificate file which contains the RSA
- public key and additionally store the corresponding private key.
+ public key and additionally stores the corresponding private key.
.
If you only want to build up IPSec connections to hosts also running
Openswan, it might be a bit easier using plain RSA keypairs. But if you
@@ -71,12 +74,12 @@
Template: openswan/existing_x509_certificate
Type: boolean
Default: false
-_Description: Do you have an existing X509 certificate file that you want to use for Openswan ?
+_Description: Do you have an existing X509 certificate file that you want to use for Openswan?
This installer can automatically extract the needed information from an
existing X509 certificate with a matching RSA private key. Both parts can
be in one file, if it is in PEM format. Do you have such an existing
certificate and key file and want to use it for authenticating IPSec
- connections ?
+ connections?
Template: openswan/existing_x509_certificate_filename
Type: string
@@ -94,7 +97,7 @@
Template: openswan/rsa_key_length
Type: string
Default: 2048
-_Description: Which length should the created RSA key have ?
+_Description: Which length should the created RSA key have?
Please enter the length of the created RSA key. it should not be less than
1024 bits because this should be considered unsecure and you will probably
not need anything more than 2048 bits because it only slows the
@@ -103,7 +106,7 @@
Template: openswan/x509_self_signed
Type: boolean
Default: true
-_Description: Do you want to create a self-signed X509 certificate ?
+_Description: Do you want to create a self-signed X509 certificate?
This installer can only create self-signed X509 certificates
automatically, because otherwise a certificate authority is needed to sign
the certificate request. If you want to create a self-signed certificate,
@@ -196,7 +199,7 @@
secure) DNS records. Until this is widely deployed, activating it will
cause a significant slow-down for every new, outgoing connection. Since
version 2.0, Openswan upstream comes with OE enabled by default and is thus
- likely to break you existing connection to the Internet (i.e. your default
+ likely to break your existing connection to the Internet (i.e. your default
route) as soon as pluto (the Openswan keying daemon) is started.
.
Please choose whether you want to enable support for OE. If unsure, do not
--- openswan-2.6.22+dfsg.orig/debian/NEWS
+++ openswan-2.6.22+dfsg/debian/NEWS
@@ -0,0 +1,14 @@
+openswan (1:2.6.22+dfsg-1) unstable; urgency=HIGH
+
+ NAT-Traversal for kernels >= 2.6.23 is now included in the ipsec.ko module,
+ eliminating the need for patching. There are no configuration changes
+ necessary to activate it, pluto will automatically try to use it.
+
+ Please note that this does not apply to kernels < 2.6.23, here you will
+ still need apply the NAT-T patch.
+
+ -- Harald Jenny Tue, 23 Jun 2009 21:55:32 +0200
+
+Local variables:
+mode: debian-changelog
+End:
--- openswan-2.6.22+dfsg.orig/debian/openswan-modules-source.control.in
+++ openswan-2.6.22+dfsg/debian/openswan-modules-source.control.in
@@ -7,7 +7,7 @@
Package: openswan-modules-$KVERS
Architecture: any
-Recommends: kernel-image-$KVERS (= $KDREV)
+Recommends: linux-image-$KVERS (= $KDREV)
Description: IPSEC kernel modules for Openswan (binary kernel modules)
This package contains the openswan binary kernel modules for linux
version $KVERS.
--- openswan-2.6.22+dfsg.orig/debian/compat
+++ openswan-2.6.22+dfsg/debian/compat
@@ -0,0 +1 @@
+5
--- openswan-2.6.22+dfsg.orig/debian/openswan.postrm
+++ openswan-2.6.22+dfsg/debian/openswan.postrm
@@ -32,6 +32,8 @@
if [ "$1" = "purge" ] ; then
update-rc.d ipsec remove >/dev/null
+ rm -rf /etc/ipsec.d/
+ rm -rf /var/run/pluto/
fi
# dh_installdeb will replace this with shell code automatically
--- openswan-2.6.22+dfsg.orig/debian/openswan-nat-t-2.6.22.19.patch
+++ openswan-2.6.22+dfsg/debian/openswan-nat-t-2.6.22.19.patch
@@ -0,0 +1,117 @@
+packaging/utils/nattpatch 2.6
+--- /dev/null Tue Mar 11 13:02:56 2003
++++ nat-t/include/net/xfrmudp.h Mon Feb 9 13:51:03 2004
+@@ -0,0 +1,10 @@
++/*
++ * pointer to function for type that xfrm4_input wants, to permit
++ * decoupling of XFRM from udp.c
++ */
++#define HAVE_XFRM4_UDP_REGISTER
++
++typedef int (*xfrm4_rcv_encap_t)(struct sk_buff *skb, __u16 encap_type);
++extern int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
++ , xfrm4_rcv_encap_t *oldfunc);
++extern int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func);
+--- /distros/kernel/linux-2.6.11.2/net/ipv4/Kconfig 2005-03-09 03:12:33.000000000 -0500
++++ swan26/net/ipv4/Kconfig 2005-04-04 18:46:13.000000000 -0400
+@@ -351,2 +351,8 @@
+
++config IPSEC_NAT_TRAVERSAL
++ bool "IPSEC NAT-Traversal (KLIPS compatible)"
++ depends on INET
++ ---help---
++ Includes support for RFC3947/RFC3948 NAT-Traversal of ESP over UDP.
++
+ config IP_TCPDIAG
+--- plain26/net/ipv4/udp.c.orig 2006-01-02 22:21:10.000000000 -0500
++++ plain26/net/ipv4/udp.c 2006-01-12 20:18:57.000000000 -0500
+@@ -110,2 +110,3 @@
+ #include
++#include
+
+@@ -894,6 +897,44 @@
+ sk_common_release(sk);
+ }
+
++#if defined(CONFIG_XFRM) || defined(CONFIG_IPSEC_NAT_TRAVERSAL)
++
++/* if XFRM isn't a module, then register it directly. */
++#if !defined(CONFIG_XFRM_MODULE)
++static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = xfrm4_rcv_encap;
++#else
++static xfrm4_rcv_encap_t xfrm4_rcv_encap_func = NULL;
++#endif
++
++static xfrm4_rcv_encap_t xfrm4_rcv_encap_func;
++
++int udp4_register_esp_rcvencap(xfrm4_rcv_encap_t func
++ , xfrm4_rcv_encap_t *oldfunc)
++{
++ if(oldfunc != NULL) {
++ *oldfunc = xfrm4_rcv_encap_func;
++ }
++
++#if 0
++ if(xfrm4_rcv_encap_func != NULL)
++ return -1;
++#endif
++
++ xfrm4_rcv_encap_func = func;
++ return 0;
++}
++
++int udp4_unregister_esp_rcvencap(xfrm4_rcv_encap_t func)
++{
++ if(xfrm4_rcv_encap_func != func)
++ return -1;
++
++ xfrm4_rcv_encap_func = NULL;
++ return 0;
++}
++#endif /* CONFIG_XFRM || defined(CONFIG_IPSEC_NAT_TRAVERSAL)*/
++
++
+ /* return:
+ * 1 if the the UDP system should process it
+ * 0 if we should drop this packet
+@@ -901,9 +940,9 @@
+ */
+ static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
+ {
+-#ifndef CONFIG_XFRM
++#if !defined(CONFIG_XFRM) && !defined(CONFIG_IPSEC_NAT_TRAVERSAL)
+ return 1;
+-#else
++#else /* either CONFIG_XFRM or CONFIG_IPSEC_NAT_TRAVERSAL */
+ struct udp_sock *up = udp_sk(sk);
+ struct udphdr *uh;
+ struct iphdr *iph;
+@@ -1021,10 +1060,14 @@
+ return 0;
+ }
+ if (ret < 0) {
+- /* process the ESP packet */
+- ret = xfrm4_rcv_encap(skb, up->encap_type);
+- UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, up->pcflag);
+- return -ret;
++ if(xfrm4_rcv_encap_func != NULL) {
++ ret = (*xfrm4_rcv_encap_func)(skb, up->encap_type);
++ UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, up->pcflag);
++ } else {
++ UDP_INC_STATS_BH(UDP_MIB_INERRORS, up->pcflag);
++ ret = 1;
++ }
++ return ret;
+ }
+ /* FALLTHROUGH -- it's a UDP Packet */
+ }
+@@ -1571,3 +1613,9 @@
+ EXPORT_SYMBOL(udp_proc_register);
+ EXPORT_SYMBOL(udp_proc_unregister);
+ #endif
++
++#if defined(CONFIG_IPSEC_NAT_TRAVERSAL)
++EXPORT_SYMBOL(udp4_register_esp_rcvencap);
++EXPORT_SYMBOL(udp4_unregister_esp_rcvencap);
++#endif
++
--- openswan-2.6.22+dfsg.orig/debian/po/templates.pot
+++ openswan-2.6.22+dfsg/debian/po/templates.pot
@@ -1,22 +1,14 @@
-#
-# Translators, if you are not familiar with the PO format, gettext
-# documentation is worth reading, especially sections dedicated to
-# this format, e.g. by running:
-# info -n '(gettext)PO Files'
-# info -n '(gettext)Header Entry'
-#
-# Some information specific to po-debconf are available at
-# /usr/share/doc/po-debconf/README-trans
-# or http://www.debian.org/intl/l10n/po-debconf/README-trans
-#
-# Developers do not need to manually edit POT or PO files.
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR , YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2005-01-13 11:49+0100\n"
+"Report-Msgid-Bugs-To: rmayr@debian.org\n"
+"POT-Creation-Date: 2007-10-27 11:19+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME \n"
"Language-Team: LANGUAGE \n"
@@ -26,19 +18,19 @@
#. Type: select
#. Choices
-#: ../openswan.templates.master:3
+#: ../openswan.templates.master:1001
msgid "earliest, \"after NFS\", \"after PCMCIA\""
msgstr ""
#. Type: select
#. Description
-#: ../openswan.templates.master:5
-msgid "At which level do you wish to start Openswan ?"
+#: ../openswan.templates.master:1002
+msgid "At which level do you wish to start Openswan?"
msgstr ""
#. Type: select
#. Description
-#: ../openswan.templates.master:5
+#: ../openswan.templates.master:1002
msgid ""
"With the current Debian startup levels (nearly everything starting in level "
"20), it is impossible for Openswan to always start at the correct time. "
@@ -49,46 +41,46 @@
#. Type: select
#. Description
-#: ../openswan.templates.master:5
+#: ../openswan.templates.master:1002
msgid ""
"If you do not have your /usr tree mounted via NFS (either you only mount "
"other, less vital trees via NFS or don't use NFS mounted trees at all) and "
-"don't use a PCMCIA network card, then it is the best to start Openswan at "
-"the earliest possible time, thus allowing the NFS mounts to be secured by "
-"IPSec. In this case (or if you don't understand or care about this issue), "
-"answer \"earliest\" to this question (the default)."
+"don't use a PCMCIA network card, then it's best to start Openswan at the "
+"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. "
+"In this case (or if you don't understand or care about this issue), answer "
+"\"earliest\" to this question (the default)."
msgstr ""
#. Type: select
#. Description
-#: ../openswan.templates.master:5
+#: ../openswan.templates.master:1002
msgid ""
"If you have your /usr tree mounted via NFS and don't use a PCMCIA network "
"card, then you will need to start Openswan after NFS so that all necessary "
"files are available. In this case, answer \"after NFS\" to this question. "
-"Please note that the NFS mount of /usr can not be secured by IPSec in this "
+"Please note that the NFS mount of /usr can not be secured by IPSec in this "
"case."
msgstr ""
#. Type: select
#. Description
-#: ../openswan.templates.master:5
+#: ../openswan.templates.master:1002
msgid ""
"If you use a PCMCIA network card for your IPSec connections, then you only "
-"have to choice to start it after the PCMCIA services. Answer \"after PCMCIA"
+"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA"
"\" in this case. This is also the correct answer if you want to fetch keys "
"from a locally running DNS server with DNSSec support."
msgstr ""
#. Type: boolean
#. Description
-#: ../openswan.templates.master:33
+#: ../openswan.templates.master:2001
msgid "Do you wish to restart Openswan?"
msgstr ""
#. Type: boolean
#. Description
-#: ../openswan.templates.master:33
+#: ../openswan.templates.master:2001
msgid ""
"Restarting Openswan is a good idea, since if there is a security fix, it "
"will not be fixed until the daemon restarts. Most people expect the daemon "
@@ -98,13 +90,13 @@
#. Type: boolean
#. Description
-#: ../openswan.templates.master:42
-msgid "Do you want to create a RSA public/private keypair for this host ?"
+#: ../openswan.templates.master:3001
+msgid "Do you want to create a RSA public/private keypair for this host?"
msgstr ""
#. Type: boolean
#. Description
-#: ../openswan.templates.master:42
+#: ../openswan.templates.master:3001
msgid ""
"This installer can automatically create a RSA public/private keypair for "
"this host. This keypair can be used to authenticate IPSec connections to "
@@ -112,33 +104,41 @@
"connections. The other possibility would be to use shared secrets (passwords "
"that are the same on both sides of the tunnel) for authenticating an "
"connection, but for a larger number of connections RSA authentication is "
-"easier to administrate and more secure."
+"easier to administer and more secure."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid ""
+"If you do not want to create a new public/private keypair, you can choose to "
+"use an existing one."
msgstr ""
#. Type: select
#. Choices
-#: ../openswan.templates.master:53
+#: ../openswan.templates.master:4001
msgid "x509, plain"
msgstr ""
#. Type: select
#. Description
-#: ../openswan.templates.master:55
-msgid "Which type of RSA keypair do you want to create ?"
+#: ../openswan.templates.master:4002
+msgid "Which type of RSA keypair do you want to create?"
msgstr ""
#. Type: select
#. Description
-#: ../openswan.templates.master:55
+#: ../openswan.templates.master:4002
msgid ""
-"It is possible to create a plain RSA public/private keypair for the use with "
+"It is possible to create a plain RSA public/private keypair for use with "
"Openswan or to create a X509 certificate file which contains the RSA public "
-"key and additionally store the corresponding private key."
+"key and additionally stores the corresponding private key."
msgstr ""
#. Type: select
#. Description
-#: ../openswan.templates.master:55
+#: ../openswan.templates.master:4002
msgid ""
"If you only want to build up IPSec connections to hosts also running "
"Openswan, it might be a bit easier using plain RSA keypairs. But if you want "
@@ -150,7 +150,7 @@
#. Type: select
#. Description
-#: ../openswan.templates.master:55
+#: ../openswan.templates.master:4002
msgid ""
"Therefore a X509 certificate is recommended since it is more flexible and "
"this installer should be able to hide the complex creation of the X509 "
@@ -159,32 +159,32 @@
#. Type: boolean
#. Description
-#: ../openswan.templates.master:74
+#: ../openswan.templates.master:5001
msgid ""
"Do you have an existing X509 certificate file that you want to use for "
-"Openswan ?"
+"Openswan?"
msgstr ""
#. Type: boolean
#. Description
-#: ../openswan.templates.master:74
+#: ../openswan.templates.master:5001
msgid ""
"This installer can automatically extract the needed information from an "
"existing X509 certificate with a matching RSA private key. Both parts can be "
"in one file, if it is in PEM format. Do you have such an existing "
"certificate and key file and want to use it for authenticating IPSec "
-"connections ?"
+"connections?"
msgstr ""
#. Type: string
#. Description
-#: ../openswan.templates.master:83
+#: ../openswan.templates.master:6001
msgid "Please enter the location of your X509 certificate in PEM format."
msgstr ""
#. Type: string
#. Description
-#: ../openswan.templates.master:83
+#: ../openswan.templates.master:6001
msgid ""
"Please enter the location of the file containing your X509 certificate in "
"PEM format."
@@ -192,13 +192,13 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:89
+#: ../openswan.templates.master:7001
msgid "Please enter the location of your X509 private key in PEM format."
msgstr ""
#. Type: string
#. Description
-#: ../openswan.templates.master:89
+#: ../openswan.templates.master:7001
msgid ""
"Please enter the location of the file containing the private RSA key "
"matching your X509 certificate in PEM format. This can be the same file that "
@@ -207,13 +207,13 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:97
-msgid "Which length should the created RSA key have ?"
+#: ../openswan.templates.master:8001
+msgid "Which length should the created RSA key have?"
msgstr ""
#. Type: string
#. Description
-#: ../openswan.templates.master:97
+#: ../openswan.templates.master:8001
msgid ""
"Please enter the length of the created RSA key. it should not be less than "
"1024 bits because this should be considered unsecure and you will probably "
@@ -223,13 +223,13 @@
#. Type: boolean
#. Description
-#: ../openswan.templates.master:106
-msgid "Do you want to create a self-signed X509 certificate ?"
+#: ../openswan.templates.master:9001
+msgid "Do you want to create a self-signed X509 certificate?"
msgstr ""
#. Type: boolean
#. Description
-#: ../openswan.templates.master:106
+#: ../openswan.templates.master:9001
msgid ""
"This installer can only create self-signed X509 certificates automatically, "
"because otherwise a certificate authority is needed to sign the certificate "
@@ -242,7 +242,7 @@
#. Type: boolean
#. Description
-#: ../openswan.templates.master:106
+#: ../openswan.templates.master:9001
msgid ""
"If you do not want to create a self-signed certificate, then this installer "
"will only create the RSA private key and the certificate request and you "
@@ -251,13 +251,13 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:124
+#: ../openswan.templates.master:10001
msgid "Please enter the country code for the X509 certificate request."
msgstr ""
#. Type: string
#. Description
-#: ../openswan.templates.master:124
+#: ../openswan.templates.master:10001
msgid ""
"Please enter the 2 letter country code for your country. This code will be "
"placed in the certificate request."
@@ -265,7 +265,7 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:124
+#: ../openswan.templates.master:10001
msgid ""
"You really need to enter a valid country code here, because openssl will "
"refuse to generate certificates without one. An empty field is allowed for "
@@ -274,20 +274,20 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:124
+#: ../openswan.templates.master:10001
msgid "Example: AT"
msgstr ""
#. Type: string
#. Description
-#: ../openswan.templates.master:137
+#: ../openswan.templates.master:11001
msgid ""
"Please enter the state or province name for the X509 certificate request."
msgstr ""
#. Type: string
#. Description
-#: ../openswan.templates.master:137
+#: ../openswan.templates.master:11001
msgid ""
"Please enter the full name of the state or province you live in. This name "
"will be placed in the certificate request."
@@ -295,19 +295,19 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:137
+#: ../openswan.templates.master:11001
msgid "Example: Upper Austria"
msgstr ""
#. Type: string
#. Description
-#: ../openswan.templates.master:146
+#: ../openswan.templates.master:12001
msgid "Please enter the locality name for the X509 certificate request."
msgstr ""
#. Type: string
#. Description
-#: ../openswan.templates.master:146
+#: ../openswan.templates.master:12001
msgid ""
"Please enter the locality (e.g. city) where you live. This name will be "
"placed in the certificate request."
@@ -315,19 +315,19 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:146
+#: ../openswan.templates.master:12001
msgid "Example: Vienna"
msgstr ""
#. Type: string
#. Description
-#: ../openswan.templates.master:155
+#: ../openswan.templates.master:13001
msgid "Please enter the organization name for the X509 certificate request."
msgstr ""
#. Type: string
#. Description
-#: ../openswan.templates.master:155
+#: ../openswan.templates.master:13001
msgid ""
"Please enter the organization (e.g. company) that the X509 certificate "
"should be created for. This name will be placed in the certificate request."
@@ -335,19 +335,19 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:155
+#: ../openswan.templates.master:13001
msgid "Example: Debian"
msgstr ""
#. Type: string
#. Description
-#: ../openswan.templates.master:165
+#: ../openswan.templates.master:14001
msgid "Please enter the organizational unit for the X509 certificate request."
msgstr ""
#. Type: string
#. Description
-#: ../openswan.templates.master:165
+#: ../openswan.templates.master:14001
msgid ""
"Please enter the organizational unit (e.g. section) that the X509 "
"certificate should be created for. This name will be placed in the "
@@ -356,19 +356,19 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:165
+#: ../openswan.templates.master:14001
msgid "Example: security group"
msgstr ""
#. Type: string
#. Description
-#: ../openswan.templates.master:175
+#: ../openswan.templates.master:15001
msgid "Please enter the common name for the X509 certificate request."
msgstr ""
#. Type: string
#. Description
-#: ../openswan.templates.master:175
+#: ../openswan.templates.master:15001
msgid ""
"Please enter the common name (e.g. the host name of this machine) for which "
"the X509 certificate should be created for. This name will be placed in the "
@@ -377,19 +377,19 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:175
+#: ../openswan.templates.master:15001
msgid "Example: gateway.debian.org"
msgstr ""
#. Type: string
#. Description
-#: ../openswan.templates.master:185
+#: ../openswan.templates.master:16001
msgid "Please enter the email address for the X509 certificate request."
msgstr ""
#. Type: string
#. Description
-#: ../openswan.templates.master:185
+#: ../openswan.templates.master:16001
msgid ""
"Please enter the email address of the person or organization who is "
"responsible for the X509 certificate, This address will be placed in the "
@@ -398,26 +398,26 @@
#. Type: boolean
#. Description
-#: ../openswan.templates.master:193
+#: ../openswan.templates.master:17001
msgid "Do you wish to enable opportunistic encryption in Openswan?"
msgstr ""
#. Type: boolean
#. Description
-#: ../openswan.templates.master:193
+#: ../openswan.templates.master:17001
msgid ""
"Openswan comes with support for opportunistic encryption (OE), which stores "
"IPSec authentication information (i.e. RSA public keys) in (preferably "
"secure) DNS records. Until this is widely deployed, activating it will cause "
"a significant slow-down for every new, outgoing connection. Since version "
"2.0, Openswan upstream comes with OE enabled by default and is thus likely "
-"to break you existing connection to the Internet (i.e. your default route) "
+"to break your existing connection to the Internet (i.e. your default route) "
"as soon as pluto (the Openswan keying daemon) is started."
msgstr ""
#. Type: boolean
#. Description
-#: ../openswan.templates.master:193
+#: ../openswan.templates.master:17001
msgid ""
"Please choose whether you want to enable support for OE. If unsure, do not "
"enable it."
--- openswan-2.6.22+dfsg.orig/debian/po/fr.po
+++ openswan-2.6.22+dfsg/debian/po/fr.po
@@ -1,38 +1,37 @@
-# translation of fr.po to French
-# Christian Perrier , 2004.
-#
-#
-#
+# Translation of openswan debconf templates to French
+# Copyright (C) 2004-2008 Christian Perrier
+# This file is distributed under the same license as the openswan package.
#
+# Christian Perrier , 2004, 2006, 2008.
msgid ""
msgstr ""
-"Project-Id-Version: freeswan 1.99-6\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2005-01-13 11:49+0100\n"
-"PO-Revision-Date: 2005-01-17 08:08+0100\n"
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: rmayr@debian.org\n"
+"POT-Creation-Date: 2007-10-27 11:19+0200\n"
+"PO-Revision-Date: 2008-01-21 08:42+0100\n"
"Last-Translator: Christian Perrier \n"
"Language-Team: French \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=ISO-8859-15\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: KBabel 1.9.1\n"
+"X-Generator: KBabel 1.11.4\n"
"Plural-Forms: Plural-Forms: nplurals=2; plural=n>1;\n"
#. Type: select
#. Choices
-#: ../openswan.templates.master:3
+#: ../openswan.templates.master:1001
msgid "earliest, \"after NFS\", \"after PCMCIA\""
msgstr "Le plus tt possible, Aprs NFS, Aprs PCMCIA"
#. Type: select
#. Description
-#: ../openswan.templates.master:5
-msgid "At which level do you wish to start Openswan ?"
+#: ../openswan.templates.master:1002
+msgid "At which level do you wish to start Openswan?"
msgstr "tape de lancement d'Openswan:"
#. Type: select
#. Description
-#: ../openswan.templates.master:5
+#: ../openswan.templates.master:1002
msgid ""
"With the current Debian startup levels (nearly everything starting in level "
"20), it is impossible for Openswan to always start at the correct time. "
@@ -43,19 +42,19 @@
"Avec les niveaux de dmarrage actuellement utiliss par Debian (presque tout "
"dmarre au niveau 20), il est impossible de faire en sorte qu'Openswan "
"dmarre toujours au moment appropri. Il existe trois moments o il est "
-"opportun de le dmarrer: avant ou aprs les services NFS ou aprs les "
+"opportun de le dmarrer: avant ou aprs les services NFS, ou aprs les "
"services PCMCIA. La rponse approprie dpend de vos rglages spcifiques."
#. Type: select
#. Description
-#: ../openswan.templates.master:5
+#: ../openswan.templates.master:1002
msgid ""
"If you do not have your /usr tree mounted via NFS (either you only mount "
"other, less vital trees via NFS or don't use NFS mounted trees at all) and "
-"don't use a PCMCIA network card, then it is the best to start Openswan at "
-"the earliest possible time, thus allowing the NFS mounts to be secured by "
-"IPSec. In this case (or if you don't understand or care about this issue), "
-"answer \"earliest\" to this question (the default)."
+"don't use a PCMCIA network card, then it's best to start Openswan at the "
+"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. "
+"In this case (or if you don't understand or care about this issue), answer "
+"\"earliest\" to this question (the default)."
msgstr ""
"Si votre arborescence /usr n'est pas un montage NFS (soit parce que vos "
"montages NFS sont d'autres endroits, moins critiques, soit parce que vous "
@@ -68,43 +67,43 @@
#. Type: select
#. Description
-#: ../openswan.templates.master:5
+#: ../openswan.templates.master:1002
msgid ""
"If you have your /usr tree mounted via NFS and don't use a PCMCIA network "
"card, then you will need to start Openswan after NFS so that all necessary "
"files are available. In this case, answer \"after NFS\" to this question. "
-"Please note that the NFS mount of /usr can not be secured by IPSec in this "
+"Please note that the NFS mount of /usr can not be secured by IPSec in this "
"case."
msgstr ""
"Si /usr est un montage NFS et que vous n'utilisez pas de carte rseau "
"PCMCIA, vous devrez alors dmarrer Openswan aprs les services NFS afin que "
"tous les fichiers ncessaires soient disponibles. Dans ce cas, choisissez "
-"aprs NFS. Veuillez noter que le montage NFS de /usr n'est alors pas "
+"Aprs NFS. Veuillez noter que le montage NFS de /usr n'est alors pas "
"scuris par IPSec."
#. Type: select
#. Description
-#: ../openswan.templates.master:5
+#: ../openswan.templates.master:1002
msgid ""
"If you use a PCMCIA network card for your IPSec connections, then you only "
-"have to choice to start it after the PCMCIA services. Answer \"after PCMCIA"
+"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA"
"\" in this case. This is also the correct answer if you want to fetch keys "
"from a locally running DNS server with DNSSec support."
msgstr ""
"Si vous utilisez une carte PCMCIA pour vos connexions IPSec, votre seul "
"choix possible est le dmarrage aprs les services PCMCIA. Choisissez alors "
-"aprs PCMCIA. Faites galement ce choix si vous souhaitez rcuprer les "
+"Aprs PCMCIA. Faites galement ce choix si vous souhaitez rcuprer les "
"cls d'authentification sur un serveur DNS reconnaissant DNSSec."
#. Type: boolean
#. Description
-#: ../openswan.templates.master:33
+#: ../openswan.templates.master:2001
msgid "Do you wish to restart Openswan?"
msgstr "Souhaitez-vous redmarrer Openswan?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:33
+#: ../openswan.templates.master:2001
msgid ""
"Restarting Openswan is a good idea, since if there is a security fix, it "
"will not be fixed until the daemon restarts. Most people expect the daemon "
@@ -119,14 +118,14 @@
#. Type: boolean
#. Description
-#: ../openswan.templates.master:42
-msgid "Do you want to create a RSA public/private keypair for this host ?"
+#: ../openswan.templates.master:3001
+msgid "Do you want to create a RSA public/private keypair for this host?"
msgstr ""
"Souhaitez-vous crer une paire de cls RSA publique et prive pour cet hte?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:42
+#: ../openswan.templates.master:3001
msgid ""
"This installer can automatically create a RSA public/private keypair for "
"this host. This keypair can be used to authenticate IPSec connections to "
@@ -134,7 +133,7 @@
"connections. The other possibility would be to use shared secrets (passwords "
"that are the same on both sides of the tunnel) for authenticating an "
"connection, but for a larger number of connections RSA authentication is "
-"easier to administrate and more secure."
+"easier to administer and more secure."
msgstr ""
"Cet outil d'installation peut crer automatiquement une paire de cls RSA "
"publique et prive pour cet hte. Cette paire de cls peut servir "
@@ -145,25 +144,35 @@
"extrmits du tunnel). Toutefois, pour de nombreuses connexions, "
"l'authentification RSA est plus simple administrer et plus sre."
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid ""
+"If you do not want to create a new public/private keypair, you can choose to "
+"use an existing one."
+msgstr ""
+"Si vous ne souhaitez pas crer une paire de cls publique et prive, vous "
+"pouvez choisir d'en utiliser une existante."
+
#. Type: select
#. Choices
-#: ../openswan.templates.master:53
+#: ../openswan.templates.master:4001
msgid "x509, plain"
-msgstr "X509, simple paire"
+msgstr "X509, Simple paire"
#. Type: select
#. Description
-#: ../openswan.templates.master:55
-msgid "Which type of RSA keypair do you want to create ?"
+#: ../openswan.templates.master:4002
+msgid "Which type of RSA keypair do you want to create?"
msgstr "Type de paire de cls RSA crer:"
#. Type: select
#. Description
-#: ../openswan.templates.master:55
+#: ../openswan.templates.master:4002
msgid ""
-"It is possible to create a plain RSA public/private keypair for the use with "
+"It is possible to create a plain RSA public/private keypair for use with "
"Openswan or to create a X509 certificate file which contains the RSA public "
-"key and additionally store the corresponding private key."
+"key and additionally stores the corresponding private key."
msgstr ""
"Il est possible de crer une simple paire de cls destine tre utilise "
"avec Openswan ou de crer un fichier de certificat X509 qui contient la cl "
@@ -171,7 +180,7 @@
#. Type: select
#. Description
-#: ../openswan.templates.master:55
+#: ../openswan.templates.master:4002
msgid ""
"If you only want to build up IPSec connections to hosts also running "
"Openswan, it might be a bit easier using plain RSA keypairs. But if you want "
@@ -184,58 +193,58 @@
"utilisant Openswan, il sera probablement plus facile d'utiliser des cls RSA "
"simples. Mais si vous souhaitez vous connecter des htes utilisant "
"d'autres implmentations d'IPSec, vous aurez besoin d'un certificat X509. Il "
-"est galement possible de crer un certificat X509 puis d'en extraire un "
+"est galement possible de crer un certificat X509 puis d'en extraire une "
"simple cl publique RSA, si l'autre extrmit de la connexion utilise "
-"Openswan sans le support des certificats X509."
+"Openswan sans la gestion des certificats X509."
#. Type: select
#. Description
-#: ../openswan.templates.master:55
+#: ../openswan.templates.master:4002
msgid ""
"Therefore a X509 certificate is recommended since it is more flexible and "
"this installer should be able to hide the complex creation of the X509 "
"certificate and its use in Openswan anyway."
msgstr ""
-"En consquence, il vous est conseill d'utiliser un certificat X509 car "
-"cette mthode est plus souple. Cet outil d'installation devrait vous "
-"simplifier la tche de cration et d'utilisation de ce certificat X509."
+"Ainsi, il vous est conseill d'utiliser un certificat X509 car cette mthode "
+"est plus souple. Cet outil d'installation devrait vous simplifier la tche "
+"de cration et d'utilisation de ce certificat X509."
#. Type: boolean
#. Description
-#: ../openswan.templates.master:74
+#: ../openswan.templates.master:5001
msgid ""
"Do you have an existing X509 certificate file that you want to use for "
-"Openswan ?"
+"Openswan?"
msgstr ""
-"Possdez-vous un fichier de certificat X509 existant utiliser avec "
+"Possdez-vous un fichier de certificat X509 existant utiliser avec "
"Openswan?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:74
+#: ../openswan.templates.master:5001
msgid ""
"This installer can automatically extract the needed information from an "
"existing X509 certificate with a matching RSA private key. Both parts can be "
"in one file, if it is in PEM format. Do you have such an existing "
"certificate and key file and want to use it for authenticating IPSec "
-"connections ?"
+"connections?"
msgstr ""
"Cet outil d'installation est capable d'extraire automatiquement "
"l'information ncessaire d'un fichier de certificat X509 existant, avec la "
"cl prive RSA correspondante. Les deux parties peuvent se trouver dans un "
-"seul fichier, s'il est en format PEM. Possdez-vous un tel certificat ainsi "
-"que la cl prive, et souhaitez-vous vous en servir pour l'authentification "
-"des connexions IPSec?"
+"seul fichier, s'il est en format PEM. Indiquez si vous possdez un tel "
+"certificat ainsi que la cl prive, et si vous souhaitez vous en servir pour "
+"l'authentification des connexions IPSec."
#. Type: string
#. Description
-#: ../openswan.templates.master:83
+#: ../openswan.templates.master:6001
msgid "Please enter the location of your X509 certificate in PEM format."
msgstr "Emplacement de votre certificat X509 au format PEM:"
#. Type: string
#. Description
-#: ../openswan.templates.master:83
+#: ../openswan.templates.master:6001
msgid ""
"Please enter the location of the file containing your X509 certificate in "
"PEM format."
@@ -245,13 +254,13 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:89
+#: ../openswan.templates.master:7001
msgid "Please enter the location of your X509 private key in PEM format."
msgstr "Emplacement de votre cl prive X509 au format PEM:"
#. Type: string
#. Description
-#: ../openswan.templates.master:89
+#: ../openswan.templates.master:7001
msgid ""
"Please enter the location of the file containing the private RSA key "
"matching your X509 certificate in PEM format. This can be the same file that "
@@ -263,13 +272,13 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:97
-msgid "Which length should the created RSA key have ?"
+#: ../openswan.templates.master:8001
+msgid "Which length should the created RSA key have?"
msgstr "Longueur de la cl RSA crer:"
#. Type: string
#. Description
-#: ../openswan.templates.master:97
+#: ../openswan.templates.master:8001
msgid ""
"Please enter the length of the created RSA key. it should not be less than "
"1024 bits because this should be considered unsecure and you will probably "
@@ -277,20 +286,20 @@
"authentication process down and is not needed at the moment."
msgstr ""
"Veuillez indiquer la longueur de la cl RSA qui sera cre. Elle ne doit pas "
-"tre infrieure 1024 bits car cela serait considr comme insuffisamment "
-"sr. Un choix excdant 2048 bits est probablement inutile car cela ne fait "
+"tre infrieure 1024bits car cela serait considr comme insuffisamment "
+"sr. Un choix excdant 2048bits est probablement inutile car cela ne fait "
"essentiellement que ralentir le processus d'authentification sans avoir "
"d'intrt actuellement."
#. Type: boolean
#. Description
-#: ../openswan.templates.master:106
-msgid "Do you want to create a self-signed X509 certificate ?"
-msgstr "Souhaitez-vous crer un certificat X509 auto-sign?"
+#: ../openswan.templates.master:9001
+msgid "Do you want to create a self-signed X509 certificate?"
+msgstr "Souhaitez-vous crer un certificat X509 autosign?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:106
+#: ../openswan.templates.master:9001
msgid ""
"This installer can only create self-signed X509 certificates automatically, "
"because otherwise a certificate authority is needed to sign the certificate "
@@ -301,37 +310,37 @@
"certificates signed by a single certificate authority to create a trust path."
msgstr ""
"Cet outil d'installation ne peut crer automatiquement qu'un certificat X509 "
-"auto-sign puisqu'une autorit de certification est indispensable pour "
-"signer la demande de certificat. Si vous choisissez de crer un certificat "
-"auto-sign, vous pourrez vous en servir immdiatement pour vous connecter "
-"aux htes qui authentifient les connexions IPSec avec des certificats X509. "
+"autosign puisqu'une autorit de certification est indispensable pour signer "
+"la demande de certificat. Si vous choisissez de crer un certificat "
+"autosign, vous pourrez vous en servir immdiatement pour vous connecter aux "
+"htes qui authentifient les connexions IPSec avec des certificats X509. "
"Cependant, si vous souhaitez utiliser les nouvelles fonctionnalits PKI de "
-"Openswan >= 1.91, vous aurez besoin que tous les certificats X509 soient "
+"Openswan>=1.91, vous aurez besoin que tous les certificats X509 soient "
"signs par la mme autorit de certification afin de crer un chemin de "
"confiance."
#. Type: boolean
#. Description
-#: ../openswan.templates.master:106
+#: ../openswan.templates.master:9001
msgid ""
"If you do not want to create a self-signed certificate, then this installer "
"will only create the RSA private key and the certificate request and you "
"will have to sign the certificate request with your certificate authority."
msgstr ""
-"Si vous ne voulez pas crer de certificat auto-sign, cet outil "
+"Si vous ne voulez pas crer de certificat autosign, cet outil "
"d'installation ne fera que crer la cl prive RSA et la demande de "
"certificat, que vous devrez ensuite signer avec votre autorit de "
"certification."
#. Type: string
#. Description
-#: ../openswan.templates.master:124
+#: ../openswan.templates.master:10001
msgid "Please enter the country code for the X509 certificate request."
msgstr "Code du pays:"
#. Type: string
#. Description
-#: ../openswan.templates.master:124
+#: ../openswan.templates.master:10001
msgid ""
"Please enter the 2 letter country code for your country. This code will be "
"placed in the certificate request."
@@ -341,7 +350,7 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:124
+#: ../openswan.templates.master:10001
msgid ""
"You really need to enter a valid country code here, because openssl will "
"refuse to generate certificates without one. An empty field is allowed for "
@@ -353,20 +362,20 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:124
+#: ../openswan.templates.master:10001
msgid "Example: AT"
msgstr "Exemple: FR"
#. Type: string
#. Description
-#: ../openswan.templates.master:137
+#: ../openswan.templates.master:11001
msgid ""
"Please enter the state or province name for the X509 certificate request."
msgstr "tat, province ou rgion:"
#. Type: string
#. Description
-#: ../openswan.templates.master:137
+#: ../openswan.templates.master:11001
msgid ""
"Please enter the full name of the state or province you live in. This name "
"will be placed in the certificate request."
@@ -376,20 +385,21 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:137
+#: ../openswan.templates.master:11001
msgid "Example: Upper Austria"
msgstr ""
-"Exemples: Rhne-Alpes, Brabant, Bouches du Rhne, Qubec, Canton de Vaud"
+"Exemples: Rhne-Alpes, Brabant Wallon, Bouches du Rhne, Qubec, Canton de "
+"Vaud"
#. Type: string
#. Description
-#: ../openswan.templates.master:146
+#: ../openswan.templates.master:12001
msgid "Please enter the locality name for the X509 certificate request."
msgstr "Localit:"
#. Type: string
#. Description
-#: ../openswan.templates.master:146
+#: ../openswan.templates.master:12001
msgid ""
"Please enter the locality (e.g. city) where you live. This name will be "
"placed in the certificate request."
@@ -399,19 +409,19 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:146
+#: ../openswan.templates.master:12001
msgid "Example: Vienna"
msgstr "Exemple: Saint-tienne"
#. Type: string
#. Description
-#: ../openswan.templates.master:155
+#: ../openswan.templates.master:13001
msgid "Please enter the organization name for the X509 certificate request."
msgstr "Organisme:"
#. Type: string
#. Description
-#: ../openswan.templates.master:155
+#: ../openswan.templates.master:13001
msgid ""
"Please enter the organization (e.g. company) that the X509 certificate "
"should be created for. This name will be placed in the certificate request."
@@ -421,19 +431,19 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:155
+#: ../openswan.templates.master:13001
msgid "Example: Debian"
msgstr "Exemple: Debian"
#. Type: string
#. Description
-#: ../openswan.templates.master:165
+#: ../openswan.templates.master:14001
msgid "Please enter the organizational unit for the X509 certificate request."
msgstr "Unit d'organisation:"
#. Type: string
#. Description
-#: ../openswan.templates.master:165
+#: ../openswan.templates.master:14001
msgid ""
"Please enter the organizational unit (e.g. section) that the X509 "
"certificate should be created for. This name will be placed in the "
@@ -445,19 +455,19 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:165
+#: ../openswan.templates.master:14001
msgid "Example: security group"
msgstr "Exemple: Dpartement Rseaux et Informatique Scientifique"
#. Type: string
#. Description
-#: ../openswan.templates.master:175
+#: ../openswan.templates.master:15001
msgid "Please enter the common name for the X509 certificate request."
-msgstr "Nom ordinaire (common name):"
+msgstr "Nom ordinaire:"
#. Type: string
#. Description
-#: ../openswan.templates.master:175
+#: ../openswan.templates.master:15001
msgid ""
"Please enter the common name (e.g. the host name of this machine) for which "
"the X509 certificate should be created for. This name will be placed in the "
@@ -469,19 +479,19 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:175
+#: ../openswan.templates.master:15001
msgid "Example: gateway.debian.org"
msgstr "Exemple: gateway.debian.org"
#. Type: string
#. Description
-#: ../openswan.templates.master:185
+#: ../openswan.templates.master:16001
msgid "Please enter the email address for the X509 certificate request."
msgstr "Adresse lectronique:"
#. Type: string
#. Description
-#: ../openswan.templates.master:185
+#: ../openswan.templates.master:16001
msgid ""
"Please enter the email address of the person or organization who is "
"responsible for the X509 certificate, This address will be placed in the "
@@ -493,41 +503,38 @@
#. Type: boolean
#. Description
-#: ../openswan.templates.master:193
+#: ../openswan.templates.master:17001
msgid "Do you wish to enable opportunistic encryption in Openswan?"
-msgstr "Souhaitez-vous activer le chiffrement opportuniste dansOpenswan?"
+msgstr "Souhaitez-vous activer le chiffrement opportuniste dans Openswan?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:193
+#: ../openswan.templates.master:17001
msgid ""
"Openswan comes with support for opportunistic encryption (OE), which stores "
"IPSec authentication information (i.e. RSA public keys) in (preferably "
"secure) DNS records. Until this is widely deployed, activating it will cause "
"a significant slow-down for every new, outgoing connection. Since version "
"2.0, Openswan upstream comes with OE enabled by default and is thus likely "
-"to break you existing connection to the Internet (i.e. your default route) "
+"to break your existing connection to the Internet (i.e. your default route) "
"as soon as pluto (the Openswan keying daemon) is started."
msgstr ""
-"Openswan gre le chiffrement opportuniste (opportunistic encryption: "
-"OE) qui permet de conserver les informations d'authentification IPSec (c'est-"
-"-dire les cls publiques RSA) dans des enregistrements DNS, de prfrence "
+"Openswan gre le chiffrement opportuniste (opportunistic encryption: OE) "
+"qui permet de conserver les informations d'authentification IPSec (c'est--"
+"dire les cls publiques RSA) dans des enregistrements DNS, de prfrence "
"scuriss. Tant que cette fonctionnalit ne sera pas dploye largement, son "
"activation provoquera un ralentissement significatif pour toute nouvelle "
-"connexion sortante. partir de la version 2.0, cette fonctionnalit est "
+"connexion sortante. partir de la version2.0, cette fonctionnalit est "
"active par dfaut dans Openswan, ce qui peut interrompre le fonctionnement "
"de votre connexion l'Internet (c'est--dire votre route par dfaut) ds le "
"dmarrage de pluto, le dmon de gestion de cls d'Openswan."
#. Type: boolean
#. Description
-#: ../openswan.templates.master:193
+#: ../openswan.templates.master:17001
msgid ""
"Please choose whether you want to enable support for OE. If unsure, do not "
"enable it."
msgstr ""
"Veuillez choisir si vous souhaitez activer la gestion du chiffrement "
"opportuniste. Ne l'activez pas si vous n'tes pas certain d'en avoir besoin."
-
-#~ msgid "2048"
-#~ msgstr "2048"
--- openswan-2.6.22+dfsg.orig/debian/po/de.po
+++ openswan-2.6.22+dfsg/debian/po/de.po
@@ -0,0 +1,554 @@
+# translation of po-debconf template to German
+# Copyright (C) 2007, Matthias Julius
+# This file is distributed under the same license as the openswan package.
+#
+# Matthias Julius , 2007.
+msgid ""
+msgstr ""
+"Project-Id-Version: openswan 1:2.4.6+dfsg.2-1\n"
+"Report-Msgid-Bugs-To: rmayr@debian.org\n"
+"POT-Creation-Date: 2006-08-23 23:04+0100\n"
+"PO-Revision-Date: 2007-01-07 22:41-0500\n"
+"Last-Translator: Matthias Julius \n"
+"Language-Team: German \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.11.4\n"
+
+#. Type: select
+#. Choices
+#: ../openswan.templates.master:1001
+msgid "earliest, \"after NFS\", \"after PCMCIA\""
+msgstr "zum frühest möglichen Zeitpunkt, nach NFS, nach PCMCIA"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid "At which level do you wish to start Openswan?"
+msgstr "Zu welchem Zeitpunkt soll Openswan gestartet werden?"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"With the current Debian startup levels (nearly everything starting in level "
+"20), it is impossible for Openswan to always start at the correct time. "
+"There are three possibilities when Openswan can start: before or after the "
+"NFS services and after the PCMCIA services. The correct answer depends on "
+"your specific setup."
+msgstr ""
+"Bei der gegenwärtigen Debian-Startreihenfolge (fast alles startet an Position "
+"20) ist es unmöglich für Openswan, immer zum richtigen Zeitpunkt zu starten. "
+"Es gibt drei Möglichkeiten, wann Openswan starten kann: vor oder nach den "
+"NFS-Diensten oder nach den PCMCIA-Diensten. Die richtige Antwort hängt von "
+"Ihrer spezifischen Installation ab."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"If you do not have your /usr tree mounted via NFS (either you only mount "
+"other, less vital trees via NFS or don't use NFS mounted trees at all) and "
+"don't use a PCMCIA network card, then it's best to start Openswan at the "
+"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. "
+"In this case (or if you don't understand or care about this issue), answer "
+"\"earliest\" to this question (the default)."
+msgstr ""
+"Sofern Sie Ihr /usr-Verzeichnis nicht über NFS eingebunden haben (entweder "
+"Sie binden nur andere, weniger wichtige Verzeichnisse über NFS ein oder Sie "
+"verwenden überhaupt keine über NFS eingebundenen Verzeichnisse) und keine "
+"PCMCIA-Netzwerkkarte verwenden, ist es am Besten, Openswan zum frühest "
+"möglichen Zeitpunkt zu starten. Dies erlaubt es, die per NFS eingehängten "
+"Verzeichnisse durch IPSec abzusichern. In diesem Fall (oder falls Sie dieses "
+"Problem nicht verstehen oder es Sie nicht interessiert), antworten Sie »zum "
+"frühest möglichen Zeitpunkt« (Voreinstellung) auf diese Frage."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"If you have your /usr tree mounted via NFS and don't use a PCMCIA network "
+"card, then you will need to start Openswan after NFS so that all necessary "
+"files are available. In this case, answer \"after NFS\" to this question. "
+"Please note that the NFS mount of /usr can not be secured by IPSec in this "
+"case."
+msgstr ""
+"Falls Sie Ihr /usr-Verzeichnis über NFS eingebunden haben und keine "
+"PCMCIA-Netzwerkkarte verwenden, müssen Sie Openswan nach NFS starten, damit "
+"alle notwendigen Dateien verfügbar sind. In diesem Fall antworten Sie »nach "
+"NFS« auf diese Frage. Bitte beachten Sie, dass das Einhängen von /usr über "
+"NFS in diesem Fall nicht durch IPSec abgesichert werden kann."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"If you use a PCMCIA network card for your IPSec connections, then you only "
+"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA"
+"\" in this case. This is also the correct answer if you want to fetch keys "
+"from a locally running DNS server with DNSSec support."
+msgstr ""
+"Falls Sie eine PCMCIA-Netzwerkkarte für Ihre IPSec-Verbindungen verwenden, "
+"brauchen Sie nur zu wählen, dass es nach den PCMCIA-Diensten gestartet wird. "
+"Antworten Sie »nach PCMCIA« in diesem Fall. Dies ist auch die richtige "
+"Antwort, falls Sie Schlüssel von einem lokal laufenden DNS-Server mit "
+"DNSSec-Unterstützung abrufen möchten."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:2001
+msgid "Do you wish to restart Openswan?"
+msgstr "Möchten Sie Openswan neu starten?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:2001
+msgid ""
+"Restarting Openswan is a good idea, since if there is a security fix, it "
+"will not be fixed until the daemon restarts. Most people expect the daemon "
+"to restart, so this is generally a good idea. However this might take down "
+"existing connections and then bring them back up."
+msgstr ""
+"Der Neustart von Openswan ist empfehlenswert. Denn falls ein "
+"Sicherheitsproblemm mit dieser Version beseitigt wurde, ist dies unwirksam, "
+"bis der Daemon neu gestartet wurde. Die meisten Anwender erwarten, dass sich "
+"der Daemon neu startet. Somit ist dies generell eine gute Idee. Jedoch kann "
+"der Neustart existierende Verbindungen schließen und hinterher "
+"wiederherstellen."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid "Do you want to create a RSA public/private keypair for this host?"
+msgstr ""
+"Möchten Sie ein öffentlich/privates RSA-Schlüsselpaar für diesen Rechner "
+"erzeugen?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid ""
+"This installer can automatically create a RSA public/private keypair for "
+"this host. This keypair can be used to authenticate IPSec connections to "
+"other hosts and is the preferred way for building up secure IPSec "
+"connections. The other possibility would be to use shared secrets (passwords "
+"that are the same on both sides of the tunnel) for authenticating an "
+"connection, but for a larger number of connections RSA authentication is "
+"easier to administer and more secure."
+msgstr ""
+"Dieser Installer kann automatisch ein öffentlich/privates RSA-Schlüsselpaar "
+"für diesen Rechner erzeugen. Dieses Schlüsselpaar kann zur Authentifizierung "
+"von IPSec-Verbindungen zu anderen Rechnern verwendet werden. Dies ist die "
+"empfohlene Methode zum Aufbau gesicherter IPSec-Verbindungen. Die andere "
+"Möglichkeit ist die Verwendung von gemeinsamen Geheimnissen (engl.: shared "
+"secrets, gleiche Passwörter an beiden Enden des Tunnels) zur "
+"Authentifizierung einer Verbindung. Für eine größere Anzahl von Verbindungen "
+"ist die RSA-Authentifizierung einfacher zu verwalten und sicherer."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid ""
+"If you do not want to create a new public/private keypair, you can choose to "
+"use an existing one."
+msgstr ""
+"Falls Sie kein öffentlich/privates Schlüsselpaar erzeugen möchten, können Sie "
+"ein existierendes verwenden."
+
+#. Type: select
+#. Choices
+#: ../openswan.templates.master:4001
+msgid "x509, plain"
+msgstr "X509, Klartext"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid "Which type of RSA keypair do you want to create?"
+msgstr "Welchen Typ von RSA-Schlüssel möchten Sie erzeugen?"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid ""
+"It is possible to create a plain RSA public/private keypair for use with "
+"Openswan or to create a X509 certificate file which contains the RSA public "
+"key and additionally stores the corresponding private key."
+msgstr ""
+"Es ist möglich, ein öffentlich/privates RSA-Schlüsselpaar im Klartext zur "
+"Verwendung mit Openswan zu erzeugen. Oder es wird eine X509-Zertifikats-Datei "
+"erstellt, die den öffentlichen RSA-Schlüssel enthält und zusätzlich den "
+"korrespondierenden privaten Schlüssel speichert."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid ""
+"If you only want to build up IPSec connections to hosts also running "
+"Openswan, it might be a bit easier using plain RSA keypairs. But if you want "
+"to connect to other IPSec implementations, you will need a X509 certificate. "
+"It is also possible to create a X509 certificate here and extract the RSA "
+"public key in plain format if the other side runs Openswan without X509 "
+"certificate support."
+msgstr ""
+"Falls Sie ausschließlich IPSec-Verbindungen zu Rechnern aufbauen möchten, die "
+"auch mit Openswan arbeiten, könnte es etwas einfacher sein, "
+"RSA-Schlüsselpaare im Klartext zu verwenden. Aber falls Sie sich mit anderen "
+"IPSec-Implementationen verbinden möchten, werden Sie ein X509-Zertifikat "
+"benötigen. Es ist auch möglich, ein X509-Zertifikat hier zu erzeugen und den "
+"öffentlichen RSA-Schlüssel im Klartextformat zu extrahieren, falls die andere "
+"Seite Openswan ohne Unterstützung für X509-Zertifikate verwendet."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid ""
+"Therefore a X509 certificate is recommended since it is more flexible and "
+"this installer should be able to hide the complex creation of the X509 "
+"certificate and its use in Openswan anyway."
+msgstr ""
+"Deshalb wird ein X509-Zertifikat empfohlen, da es flexibler ist. Dieser "
+"Installer sollte die komplexe Erzeugung des X509-Zertifikats und dessen "
+"Verwendung in Openswan verstecken können."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:5001
+msgid ""
+"Do you have an existing X509 certificate file that you want to use for "
+"Openswan?"
+msgstr ""
+"Haben Sie eine existierende X509-Zertifikats-Datei, die Sie mit Openswan "
+"verwenden möchten?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:5001
+msgid ""
+"This installer can automatically extract the needed information from an "
+"existing X509 certificate with a matching RSA private key. Both parts can be "
+"in one file, if it is in PEM format. Do you have such an existing "
+"certificate and key file and want to use it for authenticating IPSec "
+"connections?"
+msgstr ""
+"Dieser Installer kann automatisch die benötigten Informationen aus einer "
+"existierenden X509-Zertifikats-Datei mit einem passenden privaten "
+"RSA-Schlüssel extrahieren. Beide Teile können sich in einer Datei befinden, "
+"falls sie im PEM-Format vorliegt. Haben Sie eine solche existierende "
+"Zertifikat-und-Schlüssel-Datei und möchten Sie sie zur Authentifizierung von "
+"IPSec-Verbindungen verwenden? "
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:6001
+msgid "Please enter the location of your X509 certificate in PEM format."
+msgstr "Bitte geben Sie den Speicherort ihres X509-Zertifikats im PEM-Format ein."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:6001
+msgid ""
+"Please enter the location of the file containing your X509 certificate in "
+"PEM format."
+msgstr ""
+"Bitte geben Sie den Speicherort der Datei ein, die Ihr X509-Zertifikat im "
+"PEM-Format enthält."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:7001
+msgid "Please enter the location of your X509 private key in PEM format."
+msgstr ""
+"Bitte geben Sie den Speicherort Ihren privaten X509-Schlüssels im PEM-Format "
+"ein."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:7001
+msgid ""
+"Please enter the location of the file containing the private RSA key "
+"matching your X509 certificate in PEM format. This can be the same file that "
+"contains the X509 certificate."
+msgstr ""
+"Bitte geben Sie den Speicherort der Datei ein, die den privaten RSA-Schlüssel "
+"im PEM-Format enthält, der zu Ihrem X509-Zertifikat passt. Dies kann dieselbe "
+"Datei sein, die das X509-Zertifikat enthält."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:8001
+msgid "Which length should the created RSA key have?"
+msgstr "Welche Länge soll der erzeugte RSA-Schlüssel haben?"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:8001
+msgid ""
+"Please enter the length of the created RSA key. it should not be less than "
+"1024 bits because this should be considered unsecure and you will probably "
+"not need anything more than 2048 bits because it only slows the "
+"authentication process down and is not needed at the moment."
+msgstr ""
+"Bitte geben Sie die Länge des zu erzeugenden RSA-Schlüssels ein. Sie sollte "
+"nicht weniger als 1024 Bit sein, da dies als unsicher betrachtet wird. Und "
+"Sie werden wahrscheinlich nicht mehr als 2048 Bit benötigen, da längere "
+"Schlüssel den Authentifizierungs-Prozess verlangsamen und zur Zeit nicht "
+"benötigt werden."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
+msgid "Do you want to create a self-signed X509 certificate?"
+msgstr "Möchten Sie ein selbstsigniertes X509-Zertifikat erzeugen?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
+msgid ""
+"This installer can only create self-signed X509 certificates automatically, "
+"because otherwise a certificate authority is needed to sign the certificate "
+"request. If you want to create a self-signed certificate, you can use it "
+"immediately to connect to other IPSec hosts that support X509 certificate "
+"for authentication of IPSec connections. However, if you want to use the new "
+"PKI features of Openswan >= 1.91, you will need to have all X509 "
+"certificates signed by a single certificate authority to create a trust path."
+msgstr ""
+"Dieser Installer kann nur selbstsignierte X509-Zertifikate automatisch "
+"erzeugen, da anderenfalls eine Zertifizierungsstelle benötigt wird, um die "
+"Zertifikatsanforderung zu signieren. Falls Sie ein selbstsigniertes "
+"Zertifikat erzeugen möchten, können Sie dieses sofort verwenden, um sich mit "
+"anderen IPSec-Rechnern zu verbinden, die X509-Zertifikate zur "
+"Authentifizierung benutzen. Falls Sie jedoch die neuen PKI-Funktionen von "
+"Openswan >= 1.91 verwenden möchten, müssen alle X509-Zertifikate von einer "
+"einzigen Zertifizierungsstelle signiert sein, um einen Vertrauenspfad zu "
+"erzeugen."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
+msgid ""
+"If you do not want to create a self-signed certificate, then this installer "
+"will only create the RSA private key and the certificate request and you "
+"will have to sign the certificate request with your certificate authority."
+msgstr ""
+"Falls Sie kein selbstsigniertes Zertifikat erstellen möchten, wird dieser "
+"Installer nur den privaten Schlüssel und die Zertifikatsanforderung erzeugen. "
+"Sie müssen diese Zertifikatsanforderung mit Ihrer Zertifizierungsstelle "
+"signieren."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid "Please enter the country code for the X509 certificate request."
+msgstr "Bitte geben Sie den Ländercode für die X509-Zertifikatsanforderung ein."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid ""
+"Please enter the 2 letter country code for your country. This code will be "
+"placed in the certificate request."
+msgstr ""
+"Bitte geben Sie den zweibuchstabigen Ländercode für Ihr Land ein. Dieser Code "
+"wird in die Zertifikatsanforderung eingefügt."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid ""
+"You really need to enter a valid country code here, because openssl will "
+"refuse to generate certificates without one. An empty field is allowed for "
+"any other field of the X.509 certificate, but not for this one."
+msgstr ""
+"Sie müssen wirklich ein gültigen Ländercode hier eingeben, da Openssl es "
+"ablehnen wird, ohne diesen ein Zertifikat zu generieren. Ein leeres Feld ist "
+"zulässig für jedes andere Feld des X509-Zertifikats, aber nicht für dieses."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid "Example: AT"
+msgstr "Beispiel: DE"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
+msgid "Please enter the state or province name for the X509 certificate request."
+msgstr ""
+"Bitte geben Sie den Namen des Bundeslandes oder der Provinz für die "
+"X509-Zertifikatsanforderung ein."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
+msgid ""
+"Please enter the full name of the state or province you live in. This name "
+"will be placed in the certificate request."
+msgstr ""
+"Bitte geben Sie den vollständigen Namen des Bundeslandes oder der Provinz, in "
+"der Sie leben. Dieser Name wird in die Zertifikatsanforderung eingefügt."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
+msgid "Example: Upper Austria"
+msgstr "Beispiel: Sachsen"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
+msgid "Please enter the locality name for the X509 certificate request."
+msgstr ""
+"Bitte geben Sie den Namen der Ortschaft für die X509-Zertifikatsanforderung "
+"ein."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
+msgid ""
+"Please enter the locality (e.g. city) where you live. This name will be "
+"placed in the certificate request."
+msgstr ""
+"Bitte geben Sie die Ortschaft ein, in der Sie leben. Dieser Name wird in die "
+"Zertifikatsanforderung eingefügt."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
+msgid "Example: Vienna"
+msgstr "Beispiel: Dresden"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
+msgid "Please enter the organization name for the X509 certificate request."
+msgstr ""
+"Bitte geben Sie den Namen der Organisation für die "
+"X509-Zertifikatsanforderung ein."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
+msgid ""
+"Please enter the organization (e.g. company) that the X509 certificate "
+"should be created for. This name will be placed in the certificate request."
+msgstr ""
+"Bitte geben Sie die Organisation (im allgemeinen Firma) ein, für die das "
+"X509-Zertifikat ausgestellt werden soll. Dieser Name wird in die "
+"Zertifikatsanforderung eingefügt."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
+msgid "Example: Debian"
+msgstr "Beispiel: Debian"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
+msgid "Please enter the organizational unit for the X509 certificate request."
+msgstr ""
+"Bitte geben Sie die Organisationseinheit für die X509-Zertifikatsanforderung "
+"ein."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
+msgid ""
+"Please enter the organizational unit (e.g. section) that the X509 "
+"certificate should be created for. This name will be placed in the "
+"certificate request."
+msgstr ""
+"Bitte geben Sie die Organisationseinheit (im allgemeinen Abteilung) ein, für "
+"die das X509-Zertifikat ausgestellt werden soll. Dieser Name wird in die "
+"Zertifikatsanforderung eingefügt."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
+msgid "Example: security group"
+msgstr "Beispiel: Sicherheitsgruppe"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
+msgid "Please enter the common name for the X509 certificate request."
+msgstr ""
+"Bitte geben Sie den allgemeinen Namen für die X509-Zertifikatsanforderung "
+"ein."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
+msgid ""
+"Please enter the common name (e.g. the host name of this machine) for which "
+"the X509 certificate should be created for. This name will be placed in the "
+"certificate request."
+msgstr ""
+"Bitte geben Sie den allgemeinen Namen (engl.: common name, im allgemeinen der "
+"Hostname dieses Rechners) ein, für den das X509-Zertifikat ausgestellt werden "
+"soll. Dieser Name wird in die Zertifikatsanforderung eingefügt."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
+msgid "Example: gateway.debian.org"
+msgstr "Beispiel: gateway.debian.org"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:16001
+msgid "Please enter the email address for the X509 certificate request."
+msgstr "Bitte geben Sie die Email-Adresse für die X509-Zertifikatsanforderung ein."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:16001
+msgid ""
+"Please enter the email address of the person or organization who is "
+"responsible for the X509 certificate, This address will be placed in the "
+"certificate request."
+msgstr ""
+"Bitte geben Sie die Email-Adresse der Person oder Organisation ein, die für "
+"das X509-Zertifikat verantwortlich ist. Diese Adresse wird in die "
+"Zertifikatsanforderung eingefügt."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
+msgid "Do you wish to enable opportunistic encryption in Openswan?"
+msgstr "Möchten Sie opportunistische Verschlüsselung in Openswan aktivieren?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
+msgid ""
+"Openswan comes with support for opportunistic encryption (OE), which stores "
+"IPSec authentication information (i.e. RSA public keys) in (preferably "
+"secure) DNS records. Until this is widely deployed, activating it will cause "
+"a significant slow-down for every new, outgoing connection. Since version "
+"2.0, Openswan upstream comes with OE enabled by default and is thus likely "
+"to break your existing connection to the Internet (i.e. your default route) "
+"as soon as pluto (the Openswan keying daemon) is started."
+msgstr ""
+"Openswan bringt die Unterstützung für opportunistische Verschlüsselung "
+"(engl.: opportunistic encryption, OE) mit, welche "
+"IPSec-Authentifizierungs-Informationen (zum Beispiel öffentliche "
+"RSA-Schlüssel) in (vorzugsweise sicheren) DNS-Einträgen speichert. Bis dies "
+"weitläufig eingesetzt wird, wird die Aktivierung eine signifikante "
+"Verlangsamung für jede neue ausgehende Verbindung verursachen. Seit Version "
+"2.0 kommt Openswan mit aktivierter OE in der Voreinstellung und wird damit "
+"wahrscheinlich Ihre existierende Verbindung zum Internet unterbrechen, sobald "
+"Pluto (der Openswan-Schlüssel-Daemon) gestartet ist."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
+msgid ""
+"Please choose whether you want to enable support for OE. If unsure, do not "
+"enable it."
+msgstr ""
+"Bitte wählen Sie, ob Sie die Unterstützung für OE aktivieren möchten. Falls "
+"Sie sich nicht sicher sind, aktivieren Sie sie nicht."
+
--- openswan-2.6.22+dfsg.orig/debian/po/gl.po
+++ openswan-2.6.22+dfsg/debian/po/gl.po
@@ -0,0 +1,522 @@
+# Galician translation of openswan's debconf templates
+# This file is distributed under the same license as the openswan package.
+# Jacobo Tarrio , 2008.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openswan\n"
+"Report-Msgid-Bugs-To: rmayr@debian.org\n"
+"POT-Creation-Date: 2007-10-27 11:19+0200\n"
+"PO-Revision-Date: 2008-04-06 20:36+0100\n"
+"Last-Translator: Jacobo Tarrio \n"
+"Language-Team: Galician \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: select
+#. Choices
+#: ../openswan.templates.master:1001
+msgid "earliest, \"after NFS\", \"after PCMCIA\""
+msgstr "\"o antes posible\", \"despois de NFS\", \"despois de PCMCIA\""
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid "At which level do you wish to start Openswan?"
+msgstr "¿En que nivel quere iniciar Openswan?"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"With the current Debian startup levels (nearly everything starting in level "
+"20), it is impossible for Openswan to always start at the correct time. "
+"There are three possibilities when Openswan can start: before or after the "
+"NFS services and after the PCMCIA services. The correct answer depends on "
+"your specific setup."
+msgstr ""
+"Cos niveis de inicio actuais de Debian (practicamente todo se inicia no "
+"nivel 20) é imposible que Openswan se inicie sempre no momento correcto. Hai "
+"tres posibilidades para o inicio de Openswan: antes ou despois dos servizos "
+"NFS ou despois dos servizos PCMCIA. A resposta correcta depende da súa "
+"configuración específica."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"If you do not have your /usr tree mounted via NFS (either you only mount "
+"other, less vital trees via NFS or don't use NFS mounted trees at all) and "
+"don't use a PCMCIA network card, then it's best to start Openswan at the "
+"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. "
+"In this case (or if you don't understand or care about this issue), answer "
+"\"earliest\" to this question (the default)."
+msgstr ""
+"Se non monta a súa árbore /usr vía NFS (porque só monta outras árbores por "
+"NFS ou non monta nada por NFS) e non emprega unha tarxeta de rede PCMCIA, é "
+"mellor iniciar Openswan o antes posible para permitir que as montaxes por "
+"NFS se aseguren mediante IPSec. Neste caso (ou se non entende ou non lle "
+"importa o problema), resposte \"o antes posible\" a esta pregunta (a "
+"resposta por defecto)."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"If you have your /usr tree mounted via NFS and don't use a PCMCIA network "
+"card, then you will need to start Openswan after NFS so that all necessary "
+"files are available. In this case, answer \"after NFS\" to this question. "
+"Please note that the NFS mount of /usr can not be secured by IPSec in this "
+"case."
+msgstr ""
+"Se monta a súa árbore /usr vía NFS e non emprega unha tarxeta de rede "
+"PCMCIA, ha ter que iniciar Openswan despois de NFS para que tódolos "
+"ficheiros necesarios estean dispoñibles. Neste caso, resposte \"despois de "
+"NFS\" a esta pregunta. Teña en conta que neste caso non se pode asegurar "
+"mediante IPSec a montaxe por NFS de /usr."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"If you use a PCMCIA network card for your IPSec connections, then you only "
+"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA"
+"\" in this case. This is also the correct answer if you want to fetch keys "
+"from a locally running DNS server with DNSSec support."
+msgstr ""
+"Se emprega unha tarxeta de rede PCMCIA para as conexións IPSec só ha ter que "
+"decidir inicialas despois dos servizos PCMCIA. Resposte \"despois de PCMCIA"
+"\" neste caso. Tamén é a resposta correcta se quere recibir claves dun "
+"servidor DNS que se executa localmente con soporte de DNSSec."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:2001
+msgid "Do you wish to restart Openswan?"
+msgstr "¿Quere reiniciar Openswan?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:2001
+msgid ""
+"Restarting Openswan is a good idea, since if there is a security fix, it "
+"will not be fixed until the daemon restarts. Most people expect the daemon "
+"to restart, so this is generally a good idea. However this might take down "
+"existing connections and then bring them back up."
+msgstr ""
+"Reiniciar Openswan é unha boa idea, xa que se se arranxou un problema de "
+"seguridade, non se ha aplicar ata que se reinicie o servizo. A maior parte "
+"da xente espera que o servizo se reinicie, así que adoita ser unha boa idea. "
+"Nembargantes, isto podería cortar as conexións existentes e despois volvelas "
+"erguer."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid "Do you want to create a RSA public/private keypair for this host?"
+msgstr "¿Quere crear un par de claves pública/privada RSA para esta máquina?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid ""
+"This installer can automatically create a RSA public/private keypair for "
+"this host. This keypair can be used to authenticate IPSec connections to "
+"other hosts and is the preferred way for building up secure IPSec "
+"connections. The other possibility would be to use shared secrets (passwords "
+"that are the same on both sides of the tunnel) for authenticating an "
+"connection, but for a larger number of connections RSA authentication is "
+"easier to administer and more secure."
+msgstr ""
+"Este instalador pode crear automaticamente un par de claves pública/privada "
+"RSA para esta máquina. Este par de claves pódese empregar para autenticar as "
+"conexións IPSec a outras máquinas e é a maneira preferida de construír "
+"conexións IPSec seguras. A outra posibilidade sería empregar segredos "
+"compartidos (o mesmo contrasinal en ámbolous dous lados do túnel) para "
+"autenticar unha conexión, pero para ter moitas conexións é moito máis segura "
+"e fácil de administrar a autenticación RSA."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid ""
+"If you do not want to create a new public/private keypair, you can choose to "
+"use an existing one."
+msgstr ""
+"Se non quere crear un novo par de claves pública/privada, pode empregar un "
+"xa existente."
+
+#. Type: select
+#. Choices
+#: ../openswan.templates.master:4001
+msgid "x509, plain"
+msgstr "x509, simple"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid "Which type of RSA keypair do you want to create?"
+msgstr "¿Que tipo de par de claves RSA quere crear?"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid ""
+"It is possible to create a plain RSA public/private keypair for use with "
+"Openswan or to create a X509 certificate file which contains the RSA public "
+"key and additionally stores the corresponding private key."
+msgstr ""
+"Pode crear un par de claves pública/privada simple para empregalo con "
+"Openswan, ou pode crear un ficheiro de certificado X509 que contén a clave "
+"pública RSA e tamén garda a clave privada correspondente."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid ""
+"If you only want to build up IPSec connections to hosts also running "
+"Openswan, it might be a bit easier using plain RSA keypairs. But if you want "
+"to connect to other IPSec implementations, you will need a X509 certificate. "
+"It is also possible to create a X509 certificate here and extract the RSA "
+"public key in plain format if the other side runs Openswan without X509 "
+"certificate support."
+msgstr ""
+"Se só quere realizar conexións IPSec a máquinas que tamén empregan Openswan "
+"pode ser un pouco máis doado empregar pares de claves simples. Nembargantes, "
+"se quere conectarse a outras implementacións de IPSec, ha ter que empregar "
+"un certificado X509. Tamén é posible crear aquí un certificado X509 e "
+"extraer a clave pública RSA en formato simple se o outro estremo executa "
+"Openswan sen soporte de certificados X509."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid ""
+"Therefore a X509 certificate is recommended since it is more flexible and "
+"this installer should be able to hide the complex creation of the X509 "
+"certificate and its use in Openswan anyway."
+msgstr ""
+"Polo tanto recoméndase empregar un certificado X509, xa que é máis flexible "
+"e este instalador debería poder ocultar a complexidade da creación do "
+"certificado X509 e do seu emprego en Openswan."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:5001
+msgid ""
+"Do you have an existing X509 certificate file that you want to use for "
+"Openswan?"
+msgstr "¿Ten un certificado X509 existente que queira empregar en Openswan?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:5001
+msgid ""
+"This installer can automatically extract the needed information from an "
+"existing X509 certificate with a matching RSA private key. Both parts can be "
+"in one file, if it is in PEM format. Do you have such an existing "
+"certificate and key file and want to use it for authenticating IPSec "
+"connections?"
+msgstr ""
+"Este instalador pode extraer automaticamente a información necesaria dun "
+"certificado X509 existente cunha clave privada RSA correspondente. As dúas "
+"partes poden estar nun só ficheiro, se está en formato PEM. ¿Ten un "
+"certificado tal e un ficheiro coa clave privada, e quere empregalo para "
+"autenticar conexións IPSec?"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:6001
+msgid "Please enter the location of your X509 certificate in PEM format."
+msgstr "Introduza a ubicación do seu certificado X509 en formato PEM."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:6001
+msgid ""
+"Please enter the location of the file containing your X509 certificate in "
+"PEM format."
+msgstr ""
+"Introduza a ubicación do ficheiro que contén o seu certificado X509 en "
+"formato PEM."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:7001
+msgid "Please enter the location of your X509 private key in PEM format."
+msgstr "Introduza a ubicación da súa clave privada X509 en formato PEM."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:7001
+msgid ""
+"Please enter the location of the file containing the private RSA key "
+"matching your X509 certificate in PEM format. This can be the same file that "
+"contains the X509 certificate."
+msgstr ""
+"Introduza a ubicación do ficheiro que contén a clave privada RSA que "
+"corresponde ao seu certificado X509 en formato PEM. Pode ser o mesmo "
+"ficheiro que o que contén o certificado X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:8001
+msgid "Which length should the created RSA key have?"
+msgstr "¿Que lonxitude debe ter a clave RSA creada?"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:8001
+msgid ""
+"Please enter the length of the created RSA key. it should not be less than "
+"1024 bits because this should be considered unsecure and you will probably "
+"not need anything more than 2048 bits because it only slows the "
+"authentication process down and is not needed at the moment."
+msgstr ""
+"Introduza a lonxitude da clave RSA creada. Non debería ser inferior a 1024 "
+"bits porque esta lonxitude é insegura, e probablemente non ha precisar de "
+"máis de 2048 bits porque só ralentiza a autenticación e non é necesario "
+"tanto neste momento."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
+msgid "Do you want to create a self-signed X509 certificate?"
+msgstr "¿Quere crear un certificado X509 autoasinado?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
+msgid ""
+"This installer can only create self-signed X509 certificates automatically, "
+"because otherwise a certificate authority is needed to sign the certificate "
+"request. If you want to create a self-signed certificate, you can use it "
+"immediately to connect to other IPSec hosts that support X509 certificate "
+"for authentication of IPSec connections. However, if you want to use the new "
+"PKI features of Openswan >= 1.91, you will need to have all X509 "
+"certificates signed by a single certificate authority to create a trust path."
+msgstr ""
+"Este instalador só pode crear automaticamente certificados X509 "
+"autoasinados, porque se non, é necesario que unha autoridade certificadora "
+"asine a solicitude de certificado. Se quere crear un certificado "
+"autoasinado, ha poder empregalo inmediatamente para se conectar a outras "
+"máquinas IPSec que soporten certificados X509 para a autenticación de "
+"conexións IPSec. Nembargantes, se quere empregar as novas características "
+"PKI de Openswan >= 1.91, ha ter que ter tódolos certificados X509 asinados "
+"por unha soa autoridade certificadora para crear unha ruta de confianza."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
+msgid ""
+"If you do not want to create a self-signed certificate, then this installer "
+"will only create the RSA private key and the certificate request and you "
+"will have to sign the certificate request with your certificate authority."
+msgstr ""
+"Se non quere crear un certificado autoasinado, este instalador só ha crear a "
+"clave privada RSA e a solicitude de certificado, e vostede ha ter que facer "
+"que a autoridade certificadora asine a solicitude de certificado."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid "Please enter the country code for the X509 certificate request."
+msgstr "Introduza o código do país para a solicitude de certificado X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid ""
+"Please enter the 2 letter country code for your country. This code will be "
+"placed in the certificate request."
+msgstr ""
+"Introduza o código de dúas letras correspondente ao seu país. Este código ha "
+"figurar na solicitude de certificado."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid ""
+"You really need to enter a valid country code here, because openssl will "
+"refuse to generate certificates without one. An empty field is allowed for "
+"any other field of the X.509 certificate, but not for this one."
+msgstr ""
+"Ten que introducir un código de país válido aquí, porque openssl non ha "
+"poder xerar certificados sen un. Admítese un campo baleiro en calquera outro "
+"campo do certificado X.509, pero non neste."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid "Example: AT"
+msgstr "Exemplo: ES"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
+msgid ""
+"Please enter the state or province name for the X509 certificate request."
+msgstr ""
+"Introduza o nome do estado ou provincia para a solicitude de certificado "
+"X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
+msgid ""
+"Please enter the full name of the state or province you live in. This name "
+"will be placed in the certificate request."
+msgstr ""
+"Introduza o nome completo do estado ou privincia na que vive. Este nome ha "
+"figurar na solicitude de certificado."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
+msgid "Example: Upper Austria"
+msgstr "Exemplo: A Coruña"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
+msgid "Please enter the locality name for the X509 certificate request."
+msgstr "Introduza o nome da localidade para a solicitude de certificado X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
+msgid ""
+"Please enter the locality (e.g. city) where you live. This name will be "
+"placed in the certificate request."
+msgstr ""
+"Introduza a localidade na que vive. Este nome ha figurar na solicitude de "
+"certificado."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
+msgid "Example: Vienna"
+msgstr "Exemplo: Santiago"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
+msgid "Please enter the organization name for the X509 certificate request."
+msgstr ""
+"Introduza o nome da organización para a solicitude de certificado X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
+msgid ""
+"Please enter the organization (e.g. company) that the X509 certificate "
+"should be created for. This name will be placed in the certificate request."
+msgstr ""
+"Introduza a organización (p.ex. empresa) para a que se ha crear o "
+"certificado X509. Este nome ha figurar na solicitude de certificado."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
+msgid "Example: Debian"
+msgstr "Exemplo: Debian"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
+msgid "Please enter the organizational unit for the X509 certificate request."
+msgstr ""
+"Introduza a unidade organizativa para a solicitude de certificado X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
+msgid ""
+"Please enter the organizational unit (e.g. section) that the X509 "
+"certificate should be created for. This name will be placed in the "
+"certificate request."
+msgstr ""
+"Introduza a unidade organizativa (p.ex. sección) para a que se ha crear o "
+"certificado X509. Este nome ha figurar na solicitude de certificado."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
+msgid "Example: security group"
+msgstr "Exemplo: grupo de seguridade"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
+msgid "Please enter the common name for the X509 certificate request."
+msgstr "Introduza o nome común para a solicitude de certificado X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
+msgid ""
+"Please enter the common name (e.g. the host name of this machine) for which "
+"the X509 certificate should be created for. This name will be placed in the "
+"certificate request."
+msgstr ""
+"Introduza o nome común (p.ex. o nome desta máquina) para o que se ha crear o "
+"certificado X509. Este nome ha figurar na solicitude de certificado."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
+msgid "Example: gateway.debian.org"
+msgstr "Exemplo: gateway.debian.org"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:16001
+msgid "Please enter the email address for the X509 certificate request."
+msgstr "Introduza o enderezo de email para a solicitude de certificado X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:16001
+msgid ""
+"Please enter the email address of the person or organization who is "
+"responsible for the X509 certificate, This address will be placed in the "
+"certificate request."
+msgstr ""
+"Introduza o enderezo de email da persoa ou organización responsable do "
+"certificado X509. Este enderezo ha figurar na solicitude de certificado."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
+msgid "Do you wish to enable opportunistic encryption in Openswan?"
+msgstr "¿Quere activar o cifrado oportunista en Openswan?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
+msgid ""
+"Openswan comes with support for opportunistic encryption (OE), which stores "
+"IPSec authentication information (i.e. RSA public keys) in (preferably "
+"secure) DNS records. Until this is widely deployed, activating it will cause "
+"a significant slow-down for every new, outgoing connection. Since version "
+"2.0, Openswan upstream comes with OE enabled by default and is thus likely "
+"to break your existing connection to the Internet (i.e. your default route) "
+"as soon as pluto (the Openswan keying daemon) is started."
+msgstr ""
+"Openswan ten soporte de cifrado oportunista (OE), que armacena a información "
+"de autenticación de IPSec (é dicir, as claves públicas RSA) en rexistros DNS "
+"(preferiblemente seguros). Ata que isto sexa habitual, activalo ha causar "
+"unha ralentización nas conexións novas saíntes. A partires da versión 2.0, "
+"Openswan ten OE activado por defecto e, polo tanto, é probable que rompa a "
+"súa conexión existente a Internet (é dicir, a ruta por defecto) no momento "
+"en que se inicie pluto (o servizo de claves de Openswan)."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
+msgid ""
+"Please choose whether you want to enable support for OE. If unsure, do not "
+"enable it."
+msgstr ""
+"Indique se quere activar o soporte de OE. Se non está seguro, non o active."
--- openswan-2.6.22+dfsg.orig/debian/po/nl.po
+++ openswan-2.6.22+dfsg/debian/po/nl.po
@@ -1,3 +1,5 @@
+# Translation of openswan 1:2.4.5+dfsg-0.2_templates.po to Dutch
+# This file is distributed under the same license as the openswan package.
#
# Translators, if you are not familiar with the PO format, gettext
# documentation is worth reading, especially sections dedicated to
@@ -11,13 +13,17 @@
#
# Developers do not need to manually edit POT or PO files.
#
+# Luk Claes , 2005
+# Kurt De Bree , 2006
+# This is an unofficial translation
+#
msgid ""
msgstr ""
-"Project-Id-Version: openswan 2.3.0-3\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2005-01-13 11:49+0100\n"
-"PO-Revision-Date: 2005-02-07 20:53+0100\n"
-"Last-Translator: Luk Claes \n"
+"Project-Id-Version: openswan 1:2.4.5+dfsg-0.2\n"
+"Report-Msgid-Bugs-To: rmayr@debian.org\n"
+"POT-Creation-Date: 2007-10-27 11:19+0200\n"
+"PO-Revision-Date: 2006-06-30 19:40+0100\n"
+"Last-Translator: Kurt De Bree \n"
"Language-Team: Debian l10n Dutch \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
@@ -25,301 +31,534 @@
#. Type: select
#. Choices
-#: ../openswan.templates.master:3
+#: ../openswan.templates.master:1001
msgid "earliest, \"after NFS\", \"after PCMCIA\""
msgstr "\"zo vroeg mogelijk\", \"na NFS\", \"na PCMCIA\""
#. Type: select
#. Description
-#: ../openswan.templates.master:5
-msgid "At which level do you wish to start Openswan ?"
+#: ../openswan.templates.master:1002
+#, fuzzy
+#| msgid "At which level do you wish to start Openswan ?"
+msgid "At which level do you wish to start Openswan?"
msgstr "Op welk niveau wilt u Openswan starten?"
#. Type: select
#. Description
-#: ../openswan.templates.master:5
-msgid "With the current Debian startup levels (nearly everything starting in level 20), it is impossible for Openswan to always start at the correct time. There are three possibilities when Openswan can start: before or after the NFS services and after the PCMCIA services. The correct answer depends on your specific setup."
-msgstr "Met de huidige Debian-startniveaus (bijna alles start op niveau 20), is het onmogelijk voor Openswan om altijd op de correcte tijd te starten. Er zijn drie mogelijkheden waar Openswan kan starten: vóór of na de NFS-diensten en na de PCMCIA-diensten. Het correcte antwoord hangt af van uw specifieke configuratie."
+#: ../openswan.templates.master:1002
+msgid ""
+"With the current Debian startup levels (nearly everything starting in level "
+"20), it is impossible for Openswan to always start at the correct time. "
+"There are three possibilities when Openswan can start: before or after the "
+"NFS services and after the PCMCIA services. The correct answer depends on "
+"your specific setup."
+msgstr ""
+"Met de huidige Debian-startniveaus (bijna alles start op niveau 20), is het "
+"onmogelijk voor Openswan om altijd op de correcte tijd te starten. Er zijn "
+"drie mogelijkheden wanneer Openswan kan starten: vóór of na de NFS-diensten "
+"of na de PCMCIA-diensten. Het correcte antwoord hangt af van uw specifieke "
+"configuratie."
#. Type: select
#. Description
-#: ../openswan.templates.master:5
-msgid "If you do not have your /usr tree mounted via NFS (either you only mount other, less vital trees via NFS or don't use NFS mounted trees at all) and don't use a PCMCIA network card, then it is the best to start Openswan at the earliest possible time, thus allowing the NFS mounts to be secured by IPSec. In this case (or if you don't understand or care about this issue), answer \"earliest\" to this question (the default)."
-msgstr "Als u uw /usr-boom niet via NFS heeft aangekoppeld (u koppelt enkel andere, minder vitale bomen via NFS of u gebruikt NFS helemaal niet om bomen aan te koppelen) en u gebruikt geen PCMCIA-netwerkkaart, dan is het best om Openswan zo vroeg mogelijk te starten, dus toe te staan van de NFS-aankoppelingen te beveiligen door IPSec. In dit geval (of als u deze zaak niet verstaat of het u niet uitmaakt), antwoord dan \"zo vroeg mogelijk\" op deze vraag (de standaard)."
+#: ../openswan.templates.master:1002
+msgid ""
+"If you do not have your /usr tree mounted via NFS (either you only mount "
+"other, less vital trees via NFS or don't use NFS mounted trees at all) and "
+"don't use a PCMCIA network card, then it's best to start Openswan at the "
+"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. "
+"In this case (or if you don't understand or care about this issue), answer "
+"\"earliest\" to this question (the default)."
+msgstr ""
+"Als u uw /usr-boom niet via NFS heeft aangekoppeld (u koppelt enkel andere, "
+"minder vitale bomen via NFS of u gebruikt NFS helemaal niet om bomen aan te "
+"koppelen) en u gebruikt geen PCMCIA-netwerkkaart, dan is het het beste om "
+"Openswan zo vroeg mogelijk te starten, dus toe te staan van de NFS-"
+"aankoppelingen te beveiligen door IPSec. In dit geval (of als u deze zaak "
+"niet verstaat of het u niet uitmaakt), antwoord dan \"zo vroeg mogelijk\" op "
+"deze vraag (de standaard)."
#. Type: select
#. Description
-#: ../openswan.templates.master:5
-msgid "If you have your /usr tree mounted via NFS and don't use a PCMCIA network card, then you will need to start Openswan after NFS so that all necessary files are available. In this case, answer \"after NFS\" to this question. Please note that the NFS mount of /usr can not be secured by IPSec in this case."
-msgstr "Als u uw /usr-boom via NFS heeft aangekoppeld en u gebruikt geen PCMCIA-netwerkkaart, dan zult u Openswan moeten starten na NFS zodat alle nodige bestanden aanwezig zijn. In dit geval, antwoord \"na NFS\" op deze vraag. Merk op dat in dit geval de NFS-aankoppeling van /usr niet beveiligd kan worden door IPSec."
+#: ../openswan.templates.master:1002
+msgid ""
+"If you have your /usr tree mounted via NFS and don't use a PCMCIA network "
+"card, then you will need to start Openswan after NFS so that all necessary "
+"files are available. In this case, answer \"after NFS\" to this question. "
+"Please note that the NFS mount of /usr can not be secured by IPSec in this "
+"case."
+msgstr ""
+"Als u uw /usr-boom via NFS heeft aangekoppeld en u gebruikt geen PCMCIA-"
+"netwerkkaart, dan zult u Openswan moeten starten na NFS zodat alle nodige "
+"bestanden aanwezig zijn. In dit geval, antwoord \"na NFS\" op deze vraag. "
+"Merk op dat in dit geval de NFS-aankoppeling van /usr niet beveiligd kan "
+"worden door IPSec."
#. Type: select
#. Description
-#: ../openswan.templates.master:5
-msgid "If you use a PCMCIA network card for your IPSec connections, then you only have to choice to start it after the PCMCIA services. Answer \"after PCMCIA\" in this case. This is also the correct answer if you want to fetch keys from a locally running DNS server with DNSSec support."
-msgstr "Als u een PCMCIA-netwerkkaart gebruikt voor uw IPSec-verbindingen, dan hebt u enkel de keuze om te starten na de PCMCIA-diensten. Antwoord in dit geval \"na PCMCIA\". Dit is ook het correcte antwoord als u sleutels wilt afhalen van een lokaal draaiende DNS-server met DNSSec-ondersteuning."
+#: ../openswan.templates.master:1002
+msgid ""
+"If you use a PCMCIA network card for your IPSec connections, then you only "
+"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA"
+"\" in this case. This is also the correct answer if you want to fetch keys "
+"from a locally running DNS server with DNSSec support."
+msgstr ""
+"Als u een PCMCIA-netwerkkaart gebruikt voor uw IPSec-verbindingen, dan hebt "
+"u enkel de keuze om te starten na de PCMCIA-diensten. Antwoord in dit geval "
+"\"na PCMCIA\". Dit is ook het correcte antwoord als u sleutels wilt afhalen "
+"van een lokaal draaiende DNS-server met DNSSec-ondersteuning."
#. Type: boolean
#. Description
-#: ../openswan.templates.master:33
+#: ../openswan.templates.master:2001
msgid "Do you wish to restart Openswan?"
msgstr "Wilt u Openswan herstarten?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:33
-msgid "Restarting Openswan is a good idea, since if there is a security fix, it will not be fixed until the daemon restarts. Most people expect the daemon to restart, so this is generally a good idea. However this might take down existing connections and then bring them back up."
-msgstr "Openswan herstarten is een goed idee omdat als er een veiligheidsherstelling is, het pas echt hersteld zal zijn vanaf dat de achtergronddienst is herstart. De meeste mensen verwachten dat de achtergronddienst herstart, dus dit is meestal een goed idee. Hoewel, dit kan bestaande verbindingen verbreken en ze dan opnieuw herstellen."
+#: ../openswan.templates.master:2001
+msgid ""
+"Restarting Openswan is a good idea, since if there is a security fix, it "
+"will not be fixed until the daemon restarts. Most people expect the daemon "
+"to restart, so this is generally a good idea. However this might take down "
+"existing connections and then bring them back up."
+msgstr ""
+"Openswan herstarten is een goed idee omdat als er een veiligheidsherstelling "
+"is, het pas echt hersteld zal zijn vanaf dat de achtergronddienst is "
+"herstart. De meeste mensen verwachten dat de achtergronddienst herstart, dus "
+"dit is meestal een goed idee. Hoewel, dit kan bestaande verbindingen "
+"verbreken en ze dan opnieuw herstellen."
#. Type: boolean
#. Description
-#: ../openswan.templates.master:42
-msgid "Do you want to create a RSA public/private keypair for this host ?"
+#: ../openswan.templates.master:3001
+#, fuzzy
+#| msgid "Do you want to create a RSA public/private keypair for this host ?"
+msgid "Do you want to create a RSA public/private keypair for this host?"
msgstr "Wilt u een publiek/privaat RSA-sleutelpaar aanmaken voor deze host?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:42
-msgid "This installer can automatically create a RSA public/private keypair for this host. This keypair can be used to authenticate IPSec connections to other hosts and is the preferred way for building up secure IPSec connections. The other possibility would be to use shared secrets (passwords that are the same on both sides of the tunnel) for authenticating an connection, but for a larger number of connections RSA authentication is easier to administrate and more secure."
-msgstr "Deze installatie kan automatisch een publiek/privaat RSA-sleutelpaar aanmaken voor deze host. Dit sleutelpaar kan gebruikt worden om IPSec-verbinden naar andere hosts te authenticeren en is de aanbevolen manier om veilige IPSec-verbindingen op te zetten. De andere mogelijkheid zou zij om gedeelde geheimen (wachtwoorden die aan beide kanten van de tunnel hetzelfde zijn) te gebruiken voor het authenticeren van een verbinding, maar voor een groter aantal verbindingen is RSA-authenticatie gemakkelijker te beheren en veiliger."
+#: ../openswan.templates.master:3001
+msgid ""
+"This installer can automatically create a RSA public/private keypair for "
+"this host. This keypair can be used to authenticate IPSec connections to "
+"other hosts and is the preferred way for building up secure IPSec "
+"connections. The other possibility would be to use shared secrets (passwords "
+"that are the same on both sides of the tunnel) for authenticating an "
+"connection, but for a larger number of connections RSA authentication is "
+"easier to administer and more secure."
+msgstr ""
+"Deze installatie kan automatisch een publiek/privaat RSA-sleutelpaar "
+"aanmaken voor deze host. Dit sleutelpaar kan gebruikt worden om IPSec-"
+"verbinden naar andere hosts te authentificeren en is de aanbevolen manier om "
+"veilige IPSec-verbindingen op te zetten. De andere mogelijkheid zou zijn om "
+"gedeelde geheimen (wachtwoorden die aan beide kanten van de tunnel hetzelfde "
+"zijn) te gebruiken voor het authentificeren van een verbinding, maar voor "
+"een groter aantal verbindingen is RSA-authentificatie gemakkelijker te "
+"beheren en veiliger."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid ""
+"If you do not want to create a new public/private keypair, you can choose to "
+"use an existing one."
+msgstr ""
+"Indien u geen nieuw publiek/privaat sleutelpaar wenst aan te maken, kunt u "
+"een bestaand sleutelpaar kiezen."
#. Type: select
#. Choices
-#: ../openswan.templates.master:53
+#: ../openswan.templates.master:4001
msgid "x509, plain"
msgstr "x509, gewoon"
#. Type: select
#. Description
-#: ../openswan.templates.master:55
-msgid "Which type of RSA keypair do you want to create ?"
+#: ../openswan.templates.master:4002
+#, fuzzy
+#| msgid "Which type of RSA keypair do you want to create ?"
+msgid "Which type of RSA keypair do you want to create?"
msgstr "Welk type RSA-sleutelpaar wilt u aanmaken?"
#. Type: select
#. Description
-#: ../openswan.templates.master:55
-msgid "It is possible to create a plain RSA public/private keypair for the use with Openswan or to create a X509 certificate file which contains the RSA public key and additionally store the corresponding private key."
-msgstr "Het is mogelijk om een gewoon publiek/privaat RSA-sleutelpaar aan te maken om te gebruiken met Openswan of om een X509-certificaatbestand aan te maken die de publieke RSA-sleutel bevat en de corresponderende private sleutel te bewaren."
+#: ../openswan.templates.master:4002
+msgid ""
+"It is possible to create a plain RSA public/private keypair for use with "
+"Openswan or to create a X509 certificate file which contains the RSA public "
+"key and additionally stores the corresponding private key."
+msgstr ""
+"Het is mogelijk om een gewoon publiek/privaat RSA-sleutelpaar aan te maken "
+"om te gebruiken met Openswan of om een X509-certificaatbestand aan te maken "
+"die de publieke RSA-sleutel bevat en de corresponderende private sleutel te "
+"bewaren."
#. Type: select
#. Description
-#: ../openswan.templates.master:55
-msgid "If you only want to build up IPSec connections to hosts also running Openswan, it might be a bit easier using plain RSA keypairs. But if you want to connect to other IPSec implementations, you will need a X509 certificate. It is also possible to create a X509 certificate here and extract the RSA public key in plain format if the other side runs Openswan without X509 certificate support."
-msgstr "Als u enkel IPSec-verbindingen wilt opzetten naar hosts die ook Openswan draaien, dan is het misschien een beetje gemakkelijker om gewone RSA-sleutelparen te gebruiken. Maar als u verbindingen wilt leggen met andere IPSec-implementaties, dan zult u een X509-certificaat nodig hebben. Het is ook mogelijk om hier een X509-certificaat aan te maken en de publieke RSA-sleutel te extraheren in een gewoon formaat als de andere kant Openswan draait zonder X509-certificaatondersteuning."
+#: ../openswan.templates.master:4002
+msgid ""
+"If you only want to build up IPSec connections to hosts also running "
+"Openswan, it might be a bit easier using plain RSA keypairs. But if you want "
+"to connect to other IPSec implementations, you will need a X509 certificate. "
+"It is also possible to create a X509 certificate here and extract the RSA "
+"public key in plain format if the other side runs Openswan without X509 "
+"certificate support."
+msgstr ""
+"Als u enkel IPSec-verbindingen wilt opzetten naar hosts die ook Openswan "
+"draaien, dan is het misschien een beetje gemakkelijker om gewone RSA-"
+"sleutelparen te gebruiken. Maar als u verbindingen wilt leggen met andere "
+"IPSec-implementaties, dan zult u een X509-certificaat nodig hebben. Het is "
+"ook mogelijk om hier een X509-certificaat aan te maken en de publieke RSA-"
+"sleutel te extraheren in een gewoon formaat als de andere kant Openswan "
+"draait zonder X509-certificaatondersteuning."
#. Type: select
#. Description
-#: ../openswan.templates.master:55
-msgid "Therefore a X509 certificate is recommended since it is more flexible and this installer should be able to hide the complex creation of the X509 certificate and its use in Openswan anyway."
-msgstr "Daarom wordt een X509-certificaat aanbevolen omdat het flexibeler is en deze installatie moet de complexe creatie van een X509-certificaat kunnen verbergen en het toch in Openswan kunnen gebruiken."
+#: ../openswan.templates.master:4002
+msgid ""
+"Therefore a X509 certificate is recommended since it is more flexible and "
+"this installer should be able to hide the complex creation of the X509 "
+"certificate and its use in Openswan anyway."
+msgstr ""
+"Daarom wordt een X509-certificaat aanbevolen omdat het flexibeler is en deze "
+"installatie moet de complexe creatie van een X509-certificaat kunnen "
+"verbergen en het toch in Openswan kunnen gebruiken."
#. Type: boolean
#. Description
-#: ../openswan.templates.master:74
-msgid "Do you have an existing X509 certificate file that you want to use for Openswan ?"
-msgstr "Hebt u een bestaand X509-certificaatbestand dat u voor Openswan wilt gebruiken?"
+#: ../openswan.templates.master:5001
+#, fuzzy
+#| msgid ""
+#| "Do you have an existing X509 certificate file that you want to use for "
+#| "Openswan ?"
+msgid ""
+"Do you have an existing X509 certificate file that you want to use for "
+"Openswan?"
+msgstr ""
+"Hebt u een bestaand X509-certificaatbestand dat u voor Openswan wilt "
+"gebruiken?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:74
-msgid "This installer can automatically extract the needed information from an existing X509 certificate with a matching RSA private key. Both parts can be in one file, if it is in PEM format. Do you have such an existing certificate and key file and want to use it for authenticating IPSec connections ?"
-msgstr "Deze installatie kan de benodigde informatie automatisch extraheren van een bestaand X509-certificaat met een bijhorende private RSA-sleutel. Beide delen kunnen in één bestand zijn, als het in PEM-formaat is. Hebt u zo'n bestaand certificaat en een sleutelbestand; en wilt u het voor de authenticatie van IPSec-verbindingen gebruiken?"
+#: ../openswan.templates.master:5001
+#, fuzzy
+#| msgid ""
+#| "This installer can automatically extract the needed information from an "
+#| "existing X509 certificate with a matching RSA private key. Both parts can "
+#| "be in one file, if it is in PEM format. Do you have such an existing "
+#| "certificate and key file and want to use it for authenticating IPSec "
+#| "connections ?"
+msgid ""
+"This installer can automatically extract the needed information from an "
+"existing X509 certificate with a matching RSA private key. Both parts can be "
+"in one file, if it is in PEM format. Do you have such an existing "
+"certificate and key file and want to use it for authenticating IPSec "
+"connections?"
+msgstr ""
+"Deze installatie kan de benodigde informatie automatisch extraheren van een "
+"bestaand X509-certificaat met een bijhorende private RSA-sleutel. Beide "
+"delen kunnen in één bestand zijn, als het in PEM-formaat is. Hebt u zo'n "
+"bestaand certificaat en een sleutelbestand; en wilt u het voor de "
+"authentificatie van IPSec-verbindingen gebruiken?"
#. Type: string
#. Description
-#: ../openswan.templates.master:83
+#: ../openswan.templates.master:6001
msgid "Please enter the location of your X509 certificate in PEM format."
msgstr "Geef de locatie van uw X509-certificaat in PEM-formaat."
#. Type: string
#. Description
-#: ../openswan.templates.master:83
-msgid "Please enter the location of the file containing your X509 certificate in PEM format."
-msgstr "Geef de locatie van het bestand dat uw X509-certificaat in PEM-formaat bevat."
+#: ../openswan.templates.master:6001
+msgid ""
+"Please enter the location of the file containing your X509 certificate in "
+"PEM format."
+msgstr ""
+"Geef de locatie van het bestand dat uw X509-certificaat in PEM-formaat bevat."
#. Type: string
#. Description
-#: ../openswan.templates.master:89
+#: ../openswan.templates.master:7001
msgid "Please enter the location of your X509 private key in PEM format."
msgstr "Geef de locatie van uw private X509-sleutel in PEM-formaat."
#. Type: string
#. Description
-#: ../openswan.templates.master:89
-msgid "Please enter the location of the file containing the private RSA key matching your X509 certificate in PEM format. This can be the same file that contains the X509 certificate."
-msgstr "Geef de locatie van het bestand dat uw private RSA-sleutel bevat die behoort bij uw X509-certificaat in PEM-formaat. Dit kan hetzelfde bestand zijn als dat wat uw X509-certificaat bevat."
+#: ../openswan.templates.master:7001
+msgid ""
+"Please enter the location of the file containing the private RSA key "
+"matching your X509 certificate in PEM format. This can be the same file that "
+"contains the X509 certificate."
+msgstr ""
+"Geef de locatie van het bestand dat uw private RSA-sleutel bevat die behoort "
+"bij uw X509-certificaat in PEM-formaat. Dit kan hetzelfde bestand zijn als "
+"dat wat uw X509-certificaat bevat."
#. Type: string
#. Description
-#: ../openswan.templates.master:97
-msgid "Which length should the created RSA key have ?"
+#: ../openswan.templates.master:8001
+#, fuzzy
+#| msgid "Which length should the created RSA key have ?"
+msgid "Which length should the created RSA key have?"
msgstr "Welke lengte moet de aangemaakte RSA-sleutel hebben?"
#. Type: string
#. Description
-#: ../openswan.templates.master:97
-msgid "Please enter the length of the created RSA key. it should not be less than 1024 bits because this should be considered unsecure and you will probably not need anything more than 2048 bits because it only slows the authentication process down and is not needed at the moment."
-msgstr "Geef de lengte van de aangemaakte RSA-sleutel. Het mag niet minder dan 1024 bits zijn omdat dit als onveilig wordt beschouwd en u zult waarschijnlijk niet meer dan 2048 bits nodig hebben omdat het enkel het authenticatieproces vertraagt en op dit moment niet nodig is."
+#: ../openswan.templates.master:8001
+msgid ""
+"Please enter the length of the created RSA key. it should not be less than "
+"1024 bits because this should be considered unsecure and you will probably "
+"not need anything more than 2048 bits because it only slows the "
+"authentication process down and is not needed at the moment."
+msgstr ""
+"Geef de lengte van de aangemaakte RSA-sleutel. Het mag niet minder dan 1024 "
+"bits zijn omdat dit als onveilig wordt beschouwd en u zult waarschijnlijk "
+"niet meer dan 2048 bits nodig hebben omdat het enkel het authenticatieproces "
+"vertraagt en op dit moment niet nodig is."
#. Type: boolean
#. Description
-#: ../openswan.templates.master:106
-msgid "Do you want to create a self-signed X509 certificate ?"
+#: ../openswan.templates.master:9001
+#, fuzzy
+#| msgid "Do you want to create a self-signed X509 certificate ?"
+msgid "Do you want to create a self-signed X509 certificate?"
msgstr "Wilt u een door uzelf getekend X509-certificaat?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:106
-msgid "This installer can only create self-signed X509 certificates automatically, because otherwise a certificate authority is needed to sign the certificate request. If you want to create a self-signed certificate, you can use it immediately to connect to other IPSec hosts that support X509 certificate for authentication of IPSec connections. However, if you want to use the new PKI features of Openswan >= 1.91, you will need to have all X509 certificates signed by a single certificate authority to create a trust path."
-msgstr "Deze installatie kan automatisch een door uzelf getekend X509-certificaat aanmaken omdat anders een certificaatautoriteit nodig is om de certificaataanvraag te tekenen. Als u een door uzelf getekend certificaat wilt aanmaken, dan kunt u het onmiddellijk gebruiken om een verbinding te leggen met andere IPSec-hosts die X509-certificaten ondersteunen voor IPSec-verbindingen. Hoewel, als u de nieuwe PKI-mogelijkheden wilt gebruiken of als Openswan >= 1.91, dan zult u alle X509-certificaten moeten laten tekenen door één enkele certificaatautoriteit om een vertrouwenspad aan te maken."
+#: ../openswan.templates.master:9001
+msgid ""
+"This installer can only create self-signed X509 certificates automatically, "
+"because otherwise a certificate authority is needed to sign the certificate "
+"request. If you want to create a self-signed certificate, you can use it "
+"immediately to connect to other IPSec hosts that support X509 certificate "
+"for authentication of IPSec connections. However, if you want to use the new "
+"PKI features of Openswan >= 1.91, you will need to have all X509 "
+"certificates signed by a single certificate authority to create a trust path."
+msgstr ""
+"Deze installatie kan automatisch een door uzelf getekend X509-certificaat "
+"aanmaken omdat anders een certificaatautoriteit nodig is om de "
+"certificaataanvraag te tekenen. Als u een door uzelf getekend certificaat "
+"wilt aanmaken, dan kunt u het onmiddellijk gebruiken om een verbinding te "
+"maken met andere IPSec-hosts die X509-certificaten ondersteunen voor IPSec-"
+"verbindingen. Hoewel, als u de nieuwe PKI-mogelijkheden wilt gebruiken of "
+"als Openswan >= 1.91, dan zult u alle X509-certificaten moeten laten tekenen "
+"door één enkele certificaatautoriteit om een vertrouwenspad aan te maken."
#. Type: boolean
#. Description
-#: ../openswan.templates.master:106
-msgid "If you do not want to create a self-signed certificate, then this installer will only create the RSA private key and the certificate request and you will have to sign the certificate request with your certificate authority."
-msgstr "Als u geen door uzelf getekend certificaat wilt aanmaken, dan zal deze installatie enkel de private RSA-sleutel en de certificaataanvraag aanmaken en u zult de certificaataanvraag moeten laten tekenen door uw certificaatautoriteit."
+#: ../openswan.templates.master:9001
+msgid ""
+"If you do not want to create a self-signed certificate, then this installer "
+"will only create the RSA private key and the certificate request and you "
+"will have to sign the certificate request with your certificate authority."
+msgstr ""
+"Als u geen door uzelf getekend certificaat wilt aanmaken, dan zal deze "
+"installatie enkel de private RSA-sleutel en de certificaataanvraag aanmaken "
+"en zult u de certificaataanvraag moeten laten tekenen door uw "
+"certificaatautoriteit."
#. Type: string
#. Description
-#: ../openswan.templates.master:124
+#: ../openswan.templates.master:10001
msgid "Please enter the country code for the X509 certificate request."
msgstr "Geef de landcode van de X509-certificaataanvraag."
#. Type: string
#. Description
-#: ../openswan.templates.master:124
-msgid "Please enter the 2 letter country code for your country. This code will be placed in the certificate request."
-msgstr "Geef de 2-letterige landcode voor uw land. Deze code zal in de certificaataanvraag worden geplaatst."
+#: ../openswan.templates.master:10001
+msgid ""
+"Please enter the 2 letter country code for your country. This code will be "
+"placed in the certificate request."
+msgstr ""
+"Geef de 2-letterige landcode voor uw land. Deze code zal in de "
+"certificaataanvraag worden geplaatst."
#. Type: string
#. Description
-#: ../openswan.templates.master:124
-msgid "You really need to enter a valid country code here, because openssl will refuse to generate certificates without one. An empty field is allowed for any other field of the X.509 certificate, but not for this one."
-msgstr "U moet hier wel een geldige landcode opgeven omdat openssl anders zal weigeren om een certificaat aan te maken. Er is voor elke veld van het X509-certificaat een leeg veld toegestaan, maar niet voor dit veld."
+#: ../openswan.templates.master:10001
+msgid ""
+"You really need to enter a valid country code here, because openssl will "
+"refuse to generate certificates without one. An empty field is allowed for "
+"any other field of the X.509 certificate, but not for this one."
+msgstr ""
+"U moet hier wel een geldige landcode opgeven omdat openssl anders zal "
+"weigeren om een certificaat aan te maken. Er is voor elke veld van het X509-"
+"certificaat een leeg veld toegestaan, maar niet voor dit veld."
#. Type: string
#. Description
-#: ../openswan.templates.master:124
+#: ../openswan.templates.master:10001
msgid "Example: AT"
msgstr "Voorbeeld: BE"
#. Type: string
#. Description
-#: ../openswan.templates.master:137
-msgid "Please enter the state or province name for the X509 certificate request."
+#: ../openswan.templates.master:11001
+msgid ""
+"Please enter the state or province name for the X509 certificate request."
msgstr "Geef de staat of provincie voor de X509-certificaataanvraag."
#. Type: string
#. Description
-#: ../openswan.templates.master:137
-msgid "Please enter the full name of the state or province you live in. This name will be placed in the certificate request."
-msgstr "Geef de volledige naam van de staat of provincie waarin u woont. Deze naam zal in de certificaataanvraag worden geplaatst."
+#: ../openswan.templates.master:11001
+msgid ""
+"Please enter the full name of the state or province you live in. This name "
+"will be placed in the certificate request."
+msgstr ""
+"Geef de volledige naam van de staat of provincie waarin u woont. Deze naam "
+"zal in de certificaataanvraag worden geplaatst."
#. Type: string
#. Description
-#: ../openswan.templates.master:137
+#: ../openswan.templates.master:11001
msgid "Example: Upper Austria"
msgstr "Voorbeeld: Limburg"
#. Type: string
#. Description
-#: ../openswan.templates.master:146
+#: ../openswan.templates.master:12001
msgid "Please enter the locality name for the X509 certificate request."
msgstr "Geef de plaatsnaam voor de X509-certificaataanvraag."
#. Type: string
#. Description
-#: ../openswan.templates.master:146
-msgid "Please enter the locality (e.g. city) where you live. This name will be placed in the certificate request."
-msgstr "Geef de plaatsnaam (v.b. stad) waar u woont. Deze naam zal in de certificaataanvraag worden geplaatst."
+#: ../openswan.templates.master:12001
+msgid ""
+"Please enter the locality (e.g. city) where you live. This name will be "
+"placed in the certificate request."
+msgstr ""
+"Geef de plaatsnaam (v.b. stad) waar u woont. Deze naam zal in de "
+"certificaataanvraag worden geplaatst."
#. Type: string
#. Description
-#: ../openswan.templates.master:146
+#: ../openswan.templates.master:12001
msgid "Example: Vienna"
-msgstr "Voorbeeld: Genk"
+msgstr "Voorbeeld: Brussel"
#. Type: string
#. Description
-#: ../openswan.templates.master:155
+#: ../openswan.templates.master:13001
msgid "Please enter the organization name for the X509 certificate request."
msgstr "Geef de naam van de organisatie voor de X509-certificaataanvraag."
#. Type: string
#. Description
-#: ../openswan.templates.master:155
-msgid "Please enter the organization (e.g. company) that the X509 certificate should be created for. This name will be placed in the certificate request."
-msgstr "Geef de organisatie (v.b. bedrijf) waarvoor het X509-certificaat wordt aangemaakt. Deze naam zal in de certicicaataanvraag worden geplaatst."
+#: ../openswan.templates.master:13001
+msgid ""
+"Please enter the organization (e.g. company) that the X509 certificate "
+"should be created for. This name will be placed in the certificate request."
+msgstr ""
+"Geef de organisatie (v.b. bedrijf) waarvoor het X509-certificaat wordt "
+"aangemaakt. Deze naam zal in de certicicaataanvraag worden geplaatst."
#. Type: string
#. Description
-#: ../openswan.templates.master:155
+#: ../openswan.templates.master:13001
msgid "Example: Debian"
msgstr "Voorbeeld: Debian"
#. Type: string
#. Description
-#: ../openswan.templates.master:165
+#: ../openswan.templates.master:14001
msgid "Please enter the organizational unit for the X509 certificate request."
msgstr "Geef de organisatie-eenheid voor de X509-certificaataanvraag."
#. Type: string
#. Description
-#: ../openswan.templates.master:165
-msgid "Please enter the organizational unit (e.g. section) that the X509 certificate should be created for. This name will be placed in the certificate request."
-msgstr "Geef de organisatie-eenheid (v.b. dienst) waarvoor het X509-certificaat wordt aangemaakt. Deze naam zal in de certificaataanvraag worden geplaatst."
+#: ../openswan.templates.master:14001
+msgid ""
+"Please enter the organizational unit (e.g. section) that the X509 "
+"certificate should be created for. This name will be placed in the "
+"certificate request."
+msgstr ""
+"Geef de organisatie-eenheid (v.b. dienst) waarvoor het X509-certificaat "
+"wordt aangemaakt. Deze naam zal in de certificaataanvraag worden geplaatst."
#. Type: string
#. Description
-#: ../openswan.templates.master:165
+#: ../openswan.templates.master:14001
msgid "Example: security group"
msgstr "Voorbeeld: dienst veiligheid"
#. Type: string
#. Description
-#: ../openswan.templates.master:175
+#: ../openswan.templates.master:15001
msgid "Please enter the common name for the X509 certificate request."
msgstr "Geef de naam voor de X509-certificaataanvraag."
#. Type: string
#. Description
-#: ../openswan.templates.master:175
-msgid "Please enter the common name (e.g. the host name of this machine) for which the X509 certificate should be created for. This name will be placed in the certificate request."
-msgstr "Geef de naam (v.b. computernaam van deze machine) waarvoor het X509-certificaat wordt aangemaakt. Deze naam zal in de certificaataanvraag worden geplaatst."
+#: ../openswan.templates.master:15001
+msgid ""
+"Please enter the common name (e.g. the host name of this machine) for which "
+"the X509 certificate should be created for. This name will be placed in the "
+"certificate request."
+msgstr ""
+"Geef de naam (v.b. computernaam van deze machine) waarvoor het X509-"
+"certificaat wordt aangemaakt. Deze naam zal in de certificaataanvraag worden "
+"geplaatst."
#. Type: string
#. Description
-#: ../openswan.templates.master:175
+#: ../openswan.templates.master:15001
msgid "Example: gateway.debian.org"
msgstr "Voorbeeld: gateway.debian.org"
#. Type: string
#. Description
-#: ../openswan.templates.master:185
+#: ../openswan.templates.master:16001
msgid "Please enter the email address for the X509 certificate request."
msgstr "Geef het e-mailadres voor de X509-certificaataanvraag."
#. Type: string
#. Description
-#: ../openswan.templates.master:185
-msgid "Please enter the email address of the person or organization who is responsible for the X509 certificate, This address will be placed in the certificate request."
-msgstr "Geef het e-mailadres van de persoon of organisatie die verantwoordelijk is voor het X509-certificaat. Dit adres zal in de certificaataanvraag worden geplaatst."
+#: ../openswan.templates.master:16001
+msgid ""
+"Please enter the email address of the person or organization who is "
+"responsible for the X509 certificate, This address will be placed in the "
+"certificate request."
+msgstr ""
+"Geef het e-mailadres van de persoon of organisatie die verantwoordelijk is "
+"voor het X509-certificaat. Dit adres zal in de certificaataanvraag worden "
+"geplaatst."
#. Type: boolean
#. Description
-#: ../openswan.templates.master:193
+#: ../openswan.templates.master:17001
msgid "Do you wish to enable opportunistic encryption in Openswan?"
msgstr "Wilt u opportunistische encryptie aanschakelen in Openswan?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:193
-msgid "Openswan comes with support for opportunistic encryption (OE), which stores IPSec authentication information (i.e. RSA public keys) in (preferably secure) DNS records. Until this is widely deployed, activating it will cause a significant slow-down for every new, outgoing connection. Since version 2.0, Openswan upstream comes with OE enabled by default and is thus likely to break you existing connection to the Internet (i.e. your default route) as soon as pluto (the Openswan keying daemon) is started."
-msgstr "Openswan heeft ondersteuning voor opportunistische encryptie (OE) die IPSec-authenticatie-informatie (v.b. publieke RSA-sleutels) bewaart in (liefst veilige) DNS-records. Totdat dit veelvuldig wordt toegepast zal dit activeren, een significante vertraging veroorzaken voor elke nieuwe uitgaande verbinding. Omdat versie 2.0 van Openswan standaard OE heeft aangeschakeld, wordt dus waarschijnlijk uw bestaande verbinding met het Internet (v.b. uw standaard route) verbroken vanaf dat pluto (de Openswan-sleutelringachtergronddienst) wordt gestart."
+#: ../openswan.templates.master:17001
+msgid ""
+"Openswan comes with support for opportunistic encryption (OE), which stores "
+"IPSec authentication information (i.e. RSA public keys) in (preferably "
+"secure) DNS records. Until this is widely deployed, activating it will cause "
+"a significant slow-down for every new, outgoing connection. Since version "
+"2.0, Openswan upstream comes with OE enabled by default and is thus likely "
+"to break your existing connection to the Internet (i.e. your default route) "
+"as soon as pluto (the Openswan keying daemon) is started."
+msgstr ""
+"Openswan heeft ondersteuning voor opportunistische encryptie (OE) die IPSec-"
+"authentificatie-informatie (v.b. publieke RSA-sleutels) bewaart in (liefst "
+"veilige) DNS-records. Totdat dit veelvuldig wordt toegepast, zal dit bij "
+"activeren een significante vertraging veroorzaken voor elke nieuwe uitgaande "
+"verbinding. Omdat versie 2.0 van Openswan standaard OE heeft aangeschakeld, "
+"wordt dus waarschijnlijk uw bestaande verbinding met het Internet (v.b. uw "
+"standaard route) verbroken vanaf dat pluto (de Openswan-"
+"sleutelringachtergronddienst) wordt gestart."
#. Type: boolean
#. Description
-#: ../openswan.templates.master:193
-msgid "Please choose whether you want to enable support for OE. If unsure, do not enable it."
-msgstr "Kiest of u OE-ondersteuning wilt aanschakelen. Indien onzeker, schakel het dan niet aan."
-
+#: ../openswan.templates.master:17001
+msgid ""
+"Please choose whether you want to enable support for OE. If unsure, do not "
+"enable it."
+msgstr ""
+"Kiest of u OE-ondersteuning wilt aanschakelen. Indien onzeker, schakel het "
+"dan niet aan."
--- openswan-2.6.22+dfsg.orig/debian/po/pt.po
+++ openswan-2.6.22+dfsg/debian/po/pt.po
@@ -0,0 +1,544 @@
+# Portuguese translation for openswan debconf messages.
+# Copyright (C) 2007 Pedro Ribeiro
+# This file is distributed under the same license as the openswan package.
+# Pedro Ribeiro , 2007
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openswan_1:2.4.6+dfsg2-1.1.1\n"
+"Report-Msgid-Bugs-To: rmayr@debian.org\n"
+"POT-Creation-Date: 2007-10-27 11:19+0200\n"
+"PO-Revision-Date: 2007-05-31 21:30+0100\n"
+"Last-Translator: Pedro Ribeiro \n"
+"Language-Team: Portuguese \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: select
+#. Choices
+#: ../openswan.templates.master:1001
+msgid "earliest, \"after NFS\", \"after PCMCIA\""
+msgstr "\"o mais cedo\", \"depois de NFS\", \"depois de PCMCIA\""
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+#, fuzzy
+#| msgid "At which level do you wish to start Openswan ?"
+msgid "At which level do you wish to start Openswan?"
+msgstr "Em que nível deseja iniciar Openswan ?"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"With the current Debian startup levels (nearly everything starting in level "
+"20), it is impossible for Openswan to always start at the correct time. "
+"There are three possibilities when Openswan can start: before or after the "
+"NFS services and after the PCMCIA services. The correct answer depends on "
+"your specific setup."
+msgstr ""
+"Com os actuais níveis de arranque do Debian (quase tudo é iniciado no nível "
+"20), é impossível que o Openswan começe sempre no tempo correcto. Há três "
+"possibilidades para o arranque do Openswan: antes ou depois dos serviços de "
+"NFS e depois dos serviços PCMCIA. A opção correcta depende da sua "
+"configuraçãoespecífica."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"If you do not have your /usr tree mounted via NFS (either you only mount "
+"other, less vital trees via NFS or don't use NFS mounted trees at all) and "
+"don't use a PCMCIA network card, then it's best to start Openswan at the "
+"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. "
+"In this case (or if you don't understand or care about this issue), answer "
+"\"earliest\" to this question (the default)."
+msgstr ""
+"Se não tem a árvore /usr montada via NFS (ou monta apenas outras árvores "
+"menos importantes via NFS ou não usa NFS) e não usa placas de rede PCMCIA,"
+"então é preferível iniciar o Openswan o mais cedo possível, permitindo que "
+"os mounts NFS sejam protegidos com IPSec. Neste caso (ou se não entende ou "
+"não se importa com esta questão), responda \"o mais cedo\" (o padrão)."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"If you have your /usr tree mounted via NFS and don't use a PCMCIA network "
+"card, then you will need to start Openswan after NFS so that all necessary "
+"files are available. In this case, answer \"after NFS\" to this question. "
+"Please note that the NFS mount of /usr can not be secured by IPSec in this "
+"case."
+msgstr ""
+"Se tem a árvore /usr montada via NFS e não usa uma placa de rede PCMCIA "
+"então necessita de iniciar o Openswan depois do NFS para que todos os "
+"ficheiros necessários estejam disponíveis. Neste caso responda \"depois de "
+"NFS\". Por favor, note que neste caso o mount de /usr não pode ser protegido "
+"por IPSec."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"If you use a PCMCIA network card for your IPSec connections, then you only "
+"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA"
+"\" in this case. This is also the correct answer if you want to fetch keys "
+"from a locally running DNS server with DNSSec support."
+msgstr ""
+"Se usa uma placa de rede PCMCIA para as suas ligações IPSec, então só "
+"precisa de iniciar o Openswan após o PCMCIA. Responda \"depois de PCMCIA\" "
+"neste caso.Esta também é a resposta correcta se quiser obter chaves de um "
+"servidor DNS local com suporte DNSSec."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:2001
+msgid "Do you wish to restart Openswan?"
+msgstr "Quer re-iniciar o Openswan?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:2001
+msgid ""
+"Restarting Openswan is a good idea, since if there is a security fix, it "
+"will not be fixed until the daemon restarts. Most people expect the daemon "
+"to restart, so this is generally a good idea. However this might take down "
+"existing connections and then bring them back up."
+msgstr ""
+"Re-iniciar o Openswan é uma boa ideia, uma vez que se houver uma correcção "
+"de segurança não será activada até que o daemon re-inicie. A maioria das "
+"pessoas espera que isto aconteça, portanto é normalmente uma boa ideia. No "
+"entanto isto pode interromper ligações activas e recuperá-las."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+#, fuzzy
+#| msgid "Do you want to create a RSA public/private keypair for this host ?"
+msgid "Do you want to create a RSA public/private keypair for this host?"
+msgstr "Quer criar um par de chaves RSA pública/privada para esta máquina ?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid ""
+"This installer can automatically create a RSA public/private keypair for "
+"this host. This keypair can be used to authenticate IPSec connections to "
+"other hosts and is the preferred way for building up secure IPSec "
+"connections. The other possibility would be to use shared secrets (passwords "
+"that are the same on both sides of the tunnel) for authenticating an "
+"connection, but for a larger number of connections RSA authentication is "
+"easier to administer and more secure."
+msgstr ""
+"Este instalador pode criar automaticamente um par de chaves RSA pública/"
+"privada para esta máquina. Este par de chaves pode ser usado para autenticar "
+"ligações IPSec a outras máquinas e é o método preferido para criar conecções "
+"seguras. A outra possibilidade é usar segredos partilhados (passwords iguais "
+"de um e de outro lado do túnel IPSec) para autenticar uma ligação, mas para "
+"um grande número de ligações a autenticação RSA é mais fácil de administrar "
+"e mais segura."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid ""
+"If you do not want to create a new public/private keypair, you can choose to "
+"use an existing one."
+msgstr ""
+"Se não quer criar um par de chaves público/privado novo, pode usar um já "
+"existente"
+
+#. Type: select
+#. Choices
+#: ../openswan.templates.master:4001
+msgid "x509, plain"
+msgstr "x509, simples"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+#, fuzzy
+#| msgid "Which type of RSA keypair do you want to create ?"
+msgid "Which type of RSA keypair do you want to create?"
+msgstr "Que tipo de par de chaves RSA quer criar ?"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid ""
+"It is possible to create a plain RSA public/private keypair for use with "
+"Openswan or to create a X509 certificate file which contains the RSA public "
+"key and additionally stores the corresponding private key."
+msgstr ""
+"É possível criar um par de chaves RSA público/privado simples para usar com "
+"o Openswan ou criar um ficheiro de certificado x509 que contém a chave "
+"pública RSA e armazena também a chave privada correspondente."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid ""
+"If you only want to build up IPSec connections to hosts also running "
+"Openswan, it might be a bit easier using plain RSA keypairs. But if you want "
+"to connect to other IPSec implementations, you will need a X509 certificate. "
+"It is also possible to create a X509 certificate here and extract the RSA "
+"public key in plain format if the other side runs Openswan without X509 "
+"certificate support."
+msgstr ""
+"Se quer criar ligações IPSec apenas com máquinas que usem Openswan, pode ser "
+"um pouco mais fácil usar pares de chaves RSA simples. Mas se quiser ligar-se "
+"aoutras implementações IPSec, precisará de um certificado X509. Também é "
+"possível criar um certificado X509 e extrair a chave pública RSA em formato "
+"simples se o outro lado tiver Openswan sem suporte a certificados X509."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid ""
+"Therefore a X509 certificate is recommended since it is more flexible and "
+"this installer should be able to hide the complex creation of the X509 "
+"certificate and its use in Openswan anyway."
+msgstr ""
+"Portanto, um certificado X509 é recomendado por sem mais flexível e este "
+"instalador deve ser capaz de esconder a complexidade da criação do "
+"certificadoX509 e o seu uso em Openswan."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:5001
+#, fuzzy
+#| msgid ""
+#| "Do you have an existing X509 certificate file that you want to use for "
+#| "Openswan ?"
+msgid ""
+"Do you have an existing X509 certificate file that you want to use for "
+"Openswan?"
+msgstr ""
+"Tem um ficheiro com o certificado X509 que queira usar para o Openswan ?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:5001
+#, fuzzy
+#| msgid ""
+#| "This installer can automatically extract the needed information from an "
+#| "existing X509 certificate with a matching RSA private key. Both parts can "
+#| "be in one file, if it is in PEM format. Do you have such an existing "
+#| "certificate and key file and want to use it for authenticating IPSec "
+#| "connections ?"
+msgid ""
+"This installer can automatically extract the needed information from an "
+"existing X509 certificate with a matching RSA private key. Both parts can be "
+"in one file, if it is in PEM format. Do you have such an existing "
+"certificate and key file and want to use it for authenticating IPSec "
+"connections?"
+msgstr ""
+"Este instalador pode extrair automaticamente a informação necessária de um "
+"ficheiro de certificado X509 existente com a correspondente chave privada "
+"RSA.As duas partes podem estra num ficheiro, se for no formato PEM. Tem um "
+"destes ficheiros que queira usar para autenticar ligações IPSec ?"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:6001
+msgid "Please enter the location of your X509 certificate in PEM format."
+msgstr ""
+"Por favor indique a localização do seu certificado X509 no formato PEM."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:6001
+msgid ""
+"Please enter the location of the file containing your X509 certificate in "
+"PEM format."
+msgstr ""
+"Por favor indique a localização do ficheiro que contém o seu certificado "
+"X509 em formato PEM."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:7001
+msgid "Please enter the location of your X509 private key in PEM format."
+msgstr ""
+"Por favor indique a localização da sua chave privada X509 em formato PEM."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:7001
+msgid ""
+"Please enter the location of the file containing the private RSA key "
+"matching your X509 certificate in PEM format. This can be the same file that "
+"contains the X509 certificate."
+msgstr ""
+"Por favor indique a localização do ficheiro que contém a chave privada RSA "
+"quecorresponde ao seu certificado X509 em formato PEM. Pode ser o mesmo "
+"ficheiro que contém o certificado X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:8001
+#, fuzzy
+#| msgid "Which length should the created RSA key have ?"
+msgid "Which length should the created RSA key have?"
+msgstr "Que tamanho deve ter a chave RSA criada ?"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:8001
+msgid ""
+"Please enter the length of the created RSA key. it should not be less than "
+"1024 bits because this should be considered unsecure and you will probably "
+"not need anything more than 2048 bits because it only slows the "
+"authentication process down and is not needed at the moment."
+msgstr ""
+"Por favor indique o tamanho da chave RSA criada. Deve ser maior que 1024 por "
+"questões de segurança e provavelmente não necessitará de nada maior que 2048 "
+"pois causa atrasos no processo de autenticação e não é ainda necessária."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
+#, fuzzy
+#| msgid "Do you want to create a self-signed X509 certificate ?"
+msgid "Do you want to create a self-signed X509 certificate?"
+msgstr "Quer criar um certificado X509 auto-assinado ?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
+msgid ""
+"This installer can only create self-signed X509 certificates automatically, "
+"because otherwise a certificate authority is needed to sign the certificate "
+"request. If you want to create a self-signed certificate, you can use it "
+"immediately to connect to other IPSec hosts that support X509 certificate "
+"for authentication of IPSec connections. However, if you want to use the new "
+"PKI features of Openswan >= 1.91, you will need to have all X509 "
+"certificates signed by a single certificate authority to create a trust path."
+msgstr ""
+"Este instalador pode apenas criar automaticamente certificados auto-"
+"assinadospois caso sontrário será preciso uma autoridade certificadora "
+"assinar o pedido de certificado. Se quiser criar um certificado auto-"
+"assinado, pode usá-lo imediatamente para ligar a outras máquinas IPSec que "
+"suportem certificados X509 para autenticacao de ligações IPSec. No entanto, "
+"se quiser usar as novas funcionalidades PKI do Openswan >= 1.91, necessita "
+"de ter todos os certificados X509 assinados por uma única autoridade "
+"certificadora para criar um caminho de confiança."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
+msgid ""
+"If you do not want to create a self-signed certificate, then this installer "
+"will only create the RSA private key and the certificate request and you "
+"will have to sign the certificate request with your certificate authority."
+msgstr ""
+"Se não quer criar um certificado auto-assinado, então este instalador só "
+"irácriar a chave privada RSA e o pedido de certificado e terá que assinar "
+"esse pedido com a sua autoridade certificadora."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid "Please enter the country code for the X509 certificate request."
+msgstr "Por favor indique o código de país para o pedido de certificado X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid ""
+"Please enter the 2 letter country code for your country. This code will be "
+"placed in the certificate request."
+msgstr ""
+"Por favor indique o código de 2 letras para o seu país. Este código será "
+"incluído no pedido de certificado."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid ""
+"You really need to enter a valid country code here, because openssl will "
+"refuse to generate certificates without one. An empty field is allowed for "
+"any other field of the X.509 certificate, but not for this one."
+msgstr ""
+"Terá mesmo que indicar um código válido aqui, pois openssl recusará gerar "
+"certificados sem um. Um campo vazio é aceite para os outros campos do "
+"certificado X509, mas não para este."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid "Example: AT"
+msgstr "Exemplo: PT"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
+msgid ""
+"Please enter the state or province name for the X509 certificate request."
+msgstr ""
+"Por favor indique o estado ou província para o pedido de certificado X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
+msgid ""
+"Please enter the full name of the state or province you live in. This name "
+"will be placed in the certificate request."
+msgstr ""
+"Por favor, indique o nome completo estado ou província onde vive. Este nome "
+"será colocado no pedido de certificado."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
+msgid "Example: Upper Austria"
+msgstr "Exemplo: Distrito de Aveiro"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
+msgid "Please enter the locality name for the X509 certificate request."
+msgstr "Por favor, indique a localidade para o pedido do certificado X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
+msgid ""
+"Please enter the locality (e.g. city) where you live. This name will be "
+"placed in the certificate request."
+msgstr ""
+"Por favor indique a localidade onde vive. Este nome será colocado no pedido "
+"de certificado."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
+msgid "Example: Vienna"
+msgstr "Exemplo: Aveiro"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
+msgid "Please enter the organization name for the X509 certificate request."
+msgstr ""
+"Por favor, indique o nome da organização para o pedido de certificado X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
+msgid ""
+"Please enter the organization (e.g. company) that the X509 certificate "
+"should be created for. This name will be placed in the certificate request."
+msgstr ""
+"Por favor indique a organização para a qual será criado o certificado X509. "
+"Este nome ser+a incluído no pedido de certificado."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
+msgid "Example: Debian"
+msgstr "Exemplo: Debian"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
+msgid "Please enter the organizational unit for the X509 certificate request."
+msgstr ""
+"Por favor indique a unidade organizacional para o pedido de certificado X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
+msgid ""
+"Please enter the organizational unit (e.g. section) that the X509 "
+"certificate should be created for. This name will be placed in the "
+"certificate request."
+msgstr ""
+"Por favor indique a unidade organizacional (e.g. secção) para a qual será "
+"criado o certificado. Este nome será colocado no pedido de certificado."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
+msgid "Example: security group"
+msgstr "Exemplo: grupo de segurança"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
+msgid "Please enter the common name for the X509 certificate request."
+msgstr "Por favor indique o nome comum para o pedido de certificado X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
+msgid ""
+"Please enter the common name (e.g. the host name of this machine) for which "
+"the X509 certificate should be created for. This name will be placed in the "
+"certificate request."
+msgstr ""
+"Por favor indique o nome comum (e.g. nome da máquina) para o qual será "
+"criado o certificado X509. Este nome será incluído no pedido de certificado."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
+msgid "Example: gateway.debian.org"
+msgstr "Exemplo: gateway.debian.org"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:16001
+msgid "Please enter the email address for the X509 certificate request."
+msgstr ""
+"Por favor indique o endereço de email para o pedido de certificado X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:16001
+msgid ""
+"Please enter the email address of the person or organization who is "
+"responsible for the X509 certificate, This address will be placed in the "
+"certificate request."
+msgstr ""
+"Por favor indique o endereço de email da pessoa ou organização que será "
+"responsável pelo certificado X509. Este endereço será colocado no pedido de "
+"certificado."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
+msgid "Do you wish to enable opportunistic encryption in Openswan?"
+msgstr "Quer activar a encriptação oportunista no Openswan?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
+msgid ""
+"Openswan comes with support for opportunistic encryption (OE), which stores "
+"IPSec authentication information (i.e. RSA public keys) in (preferably "
+"secure) DNS records. Until this is widely deployed, activating it will cause "
+"a significant slow-down for every new, outgoing connection. Since version "
+"2.0, Openswan upstream comes with OE enabled by default and is thus likely "
+"to break your existing connection to the Internet (i.e. your default route) "
+"as soon as pluto (the Openswan keying daemon) is started."
+msgstr ""
+"O Openswan tem suporte para encriptação oportunista (OE), que armazena a "
+"informação de autenticação IPSec (i.e. chaves públicas RSA) em registos DNS "
+"(preferencialmente seguros). Enquanto isto não é largamente implementado, a "
+"sua activação atrasará significativamente qualquer nova ligação para fora. "
+"Desde a versão 2.0, o Openswan genérico vem com OE activada por omissão e é "
+"portanto provável que prejudique a sua ligação à Internet (i.e. a sua rota "
+"por omissão) assim que pluto (o deamon do Openswan) for iniciado."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
+msgid ""
+"Please choose whether you want to enable support for OE. If unsure, do not "
+"enable it."
+msgstr ""
+"Por favor, escolha se que activar ou não o suporte para OE. Na dúvida, não o "
+"active."
--- openswan-2.6.22+dfsg.orig/debian/po/vi.po
+++ openswan-2.6.22+dfsg/debian/po/vi.po
@@ -5,8 +5,8 @@
msgid ""
msgstr ""
"Project-Id-Version: openswan 1/2.2.0-10\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2004-05-18 20:20+0200\n"
+"Report-Msgid-Bugs-To: rmayr@debian.org\n"
+"POT-Creation-Date: 2007-10-27 11:19+0200\n"
"PO-Revision-Date: 2005-07-03 13:49+0930\n"
"Last-Translator: Clytie Siddall \n"
"Language-Team: Vietnamese \n"
@@ -16,87 +16,115 @@
"Plural-Forms: nplurals=1; plural=0\n"
"X-Generator: LocFactoryEditor 1.2.2\n"
-#.Type: select
-#.Choices
-#:../openswan.templates.master:3
+#. Type: select
+#. Choices
+#: ../openswan.templates.master:1001
msgid "earliest, \"after NFS\", \"after PCMCIA\""
msgstr "sớm nhất, «sau NFS», «sau PCMCIA»"
-#.Type: select
-#.Description
-#:../openswan.templates.master:5
-msgid "At which level do you wish to start Openswan ?"
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+#, fuzzy
+#| msgid "At which level do you wish to start Openswan ?"
+msgid "At which level do you wish to start Openswan?"
msgstr "Bạn có muốn khởi chạy trình Openswan tại cấp nào?"
-#.Type: select
-#.Description
-#:../openswan.templates.master:5
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
msgid ""
"With the current Debian startup levels (nearly everything starting in level "
"20), it is impossible for Openswan to always start at the correct time. "
"There are three possibilities when Openswan can start: before or after the "
"NFS services and after the PCMCIA services. The correct answer depends on "
"your specific setup."
-msgstr "Trong những cấp khởi chạy Debian hiện thời (gần mọi trình khởi chạy trên cấp 20), không thể đảm bảo trình Openswan sẽ khởi chạy vào điểm thời đúng. Có ba lúc có thể khởi chạy trình Openswan: lúc trước hay lúc sau dịch vụ NFS và lúc sau dịch vụ PCMCIA. Giá trị đúng phụ thuộc vào thiết lập riêng của bạn."
-
-#.Type: select
-#.Description
-#:../openswan.templates.master:5
+msgstr ""
+"Trong những cấp khởi chạy Debian hiện thời (gần mọi trình khởi chạy trên cấp "
+"20), không thể đảm bảo trình Openswan sẽ khởi chạy vào điểm thời đúng. Có ba "
+"lúc có thể khởi chạy trình Openswan: lúc trước hay lúc sau dịch vụ NFS và "
+"lúc sau dịch vụ PCMCIA. Giá trị đúng phụ thuộc vào thiết lập riêng của bạn."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
msgid ""
"If you do not have your /usr tree mounted via NFS (either you only mount "
"other, less vital trees via NFS or don't use NFS mounted trees at all) and "
-"don't use a PCMCIA network card, then it is the best to start Openswan at "
-"the earliest possible time, thus allowing the NFS mounts to be secured by "
-"IPSec. In this case (or if you don't understand or care about this issue), "
-"answer \"earliest\" to this question (the default)."
-msgstr "Nếu bạn không có cây «/usr» mình được gắn thông qua NFS (hoặc bạn chỉ gắn cây khác, ít quan trọng hơn, thông qua NFS, hoặc bạn không sử dụng cây do NFS gắn cách nào cả) và không sử dụng một thẻ mạng PCMCIA, thì tốt nhất là khởi chạy trình Openswan càng sớm càng có thể, mà cho phép IPSec bảo vệ những điểm gắn NFS. Trong trường hợp này (hoặc nếu bạn không hiểu được vấn đề này, hoặc không nghĩ nó là quan trọng) thì hãy trả lời «sớm nhất» (earliest: giá trị mặc định) cho câu hỏi này."
-
-#.Type: select
-#.Description
-#:../openswan.templates.master:5
+"don't use a PCMCIA network card, then it's best to start Openswan at the "
+"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. "
+"In this case (or if you don't understand or care about this issue), answer "
+"\"earliest\" to this question (the default)."
+msgstr ""
+"Nếu bạn không có cây «/usr» mình được gắn thông qua NFS (hoặc bạn chỉ gắn "
+"cây khác, ít quan trọng hơn, thông qua NFS, hoặc bạn không sử dụng cây do "
+"NFS gắn cách nào cả) và không sử dụng một thẻ mạng PCMCIA, thì tốt nhất là "
+"khởi chạy trình Openswan càng sớm càng có thể, mà cho phép IPSec bảo vệ "
+"những điểm gắn NFS. Trong trường hợp này (hoặc nếu bạn không hiểu được vấn "
+"đề này, hoặc không nghĩ nó là quan trọng) thì hãy trả lời «sớm "
+"nhất» (earliest: giá trị mặc định) cho câu hỏi này."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
msgid ""
"If you have your /usr tree mounted via NFS and don't use a PCMCIA network "
"card, then you will need to start Openswan after NFS so that all necessary "
"files are available. In this case, answer \"after NFS\" to this question. "
-"Please note that the NFS mount of /usr can not be secured by IPSec in this "
+"Please note that the NFS mount of /usr can not be secured by IPSec in this "
"case."
-msgstr "Nếu bạn có cây «/usr» mình được gắn thông qua NFS và không sử dụng một thẻ mạng PCMCIA, thì bạn sẽ cần phải khởi chạy Openswan sau NFS, để mọi tập tin cần thiết có sẵn sàng. Trong trường hợp này, hãy trả lời «sau NFS» (after NFS) cho câu hỏi này. Tuy nhiên, IPsec sẽ không thể bảo vệ điểm gắn của «/usr» trong trường hợp này."
-
-#.Type: select
-#.Description
-#:../openswan.templates.master:5
+msgstr ""
+"Nếu bạn có cây «/usr» mình được gắn thông qua NFS và không sử dụng một thẻ "
+"mạng PCMCIA, thì bạn sẽ cần phải khởi chạy Openswan sau NFS, để mọi tập tin "
+"cần thiết có sẵn sàng. Trong trường hợp này, hãy trả lời «sau NFS» (after "
+"NFS) cho câu hỏi này. Tuy nhiên, IPsec sẽ không thể bảo vệ điểm gắn của «/"
+"usr» trong trường hợp này."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
msgid ""
"If you use a PCMCIA network card for your IPSec connections, then you only "
-"have to choice to start it after the PCMCIA services. Answer \"after PCMCIA"
+"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA"
"\" in this case. This is also the correct answer if you want to fetch keys "
"from a locally running DNS server with DNSSec support."
-msgstr "Nếu bạn sử dụng thẻ PCMCIA để kết nối cách loại IPSec, thì chỉ hãy chọn khởi chạy FreeS/WAN sau những dịch vụ PCMCIA. Hãy trả lời «sau PCMCIA» trong trường hợp này. Trả lời này cũng đúng nếu bạn muốn gọi khóa từ một máy phục vụ DNS chạy địa phương có loại hỗ trợ DNSSec."
-
-#.Type: boolean
-#.Description
-#:../openswan.templates.master:33
+msgstr ""
+"Nếu bạn sử dụng thẻ PCMCIA để kết nối cách loại IPSec, thì chỉ hãy chọn khởi "
+"chạy FreeS/WAN sau những dịch vụ PCMCIA. Hãy trả lời «sau PCMCIA» trong "
+"trường hợp này. Trả lời này cũng đúng nếu bạn muốn gọi khóa từ một máy phục "
+"vụ DNS chạy địa phương có loại hỗ trợ DNSSec."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:2001
msgid "Do you wish to restart Openswan?"
msgstr "Bạn có muốn khởi chạy lại trình Openswan không?"
-#.Type: boolean
-#.Description
-#:../openswan.templates.master:33
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:2001
msgid ""
"Restarting Openswan is a good idea, since if there is a security fix, it "
"will not be fixed until the daemon restarts. Most people expect the daemon "
"to restart, so this is generally a good idea. However this might take down "
"existing connections and then bring them back up."
-msgstr "Khởi chạy lại trình Openswan là một ý kiến tốt, vì nó hiệu lực việc sửa bảo mật mới nào. Phần lớn người ngờ trình nền (dæmon) sẽ khởi chạy lại, thì nói chung làm như thế là một ý kiến tốt. Tuy nhiên, việc khởi chạy lại có thể ngắt các sự kết nối hiện thời, rồi kết nối chúng lại."
-
-#.Type: boolean
-#.Description
-#:../openswan.templates.master:42
-msgid "Do you want to create a RSA public/private keypair for this host ?"
+msgstr ""
+"Khởi chạy lại trình Openswan là một ý kiến tốt, vì nó hiệu lực việc sửa bảo "
+"mật mới nào. Phần lớn người ngờ trình nền (dæmon) sẽ khởi chạy lại, thì nói "
+"chung làm như thế là một ý kiến tốt. Tuy nhiên, việc khởi chạy lại có thể "
+"ngắt các sự kết nối hiện thời, rồi kết nối chúng lại."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+#, fuzzy
+#| msgid "Do you want to create a RSA public/private keypair for this host ?"
+msgid "Do you want to create a RSA public/private keypair for this host?"
msgstr "Bạn có muốn tạo một cặp khóa công/riêng RSA cho máy này không?"
-#.Type: boolean
-#.Description
-#:../openswan.templates.master:42
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
msgid ""
"This installer can automatically create a RSA public/private keypair for "
"this host. This keypair can be used to authenticate IPSec connections to "
@@ -104,33 +132,54 @@
"connections. The other possibility would be to use shared secrets (passwords "
"that are the same on both sides of the tunnel) for authenticating an "
"connection, but for a larger number of connections RSA authentication is "
-"easier to administrate and more secure."
-msgstr "Trình cài đặt này có thể tự động tạo một cặp khóa công/riêng RSA cho máy này. Có thể sử dụng cặp khóa này để xác thực cách kết nối IPSec tới máy khác, và nó là cách ưa thích để xây dụng cách kết nối IPSec bảo mật. Hoặc có thể sử dụng «bí mật dùng chung» (shared secrets), mà có cùng một mật khẩu tại cả hai đầu và cuối đều đường hầm, để xác thực mỗi sự kết nối. Tuy nhiên, với sự kết nối rất nhiều, dễ hơn để sử dụng cách xác thực RSA và nó bảo mật hơn. "
+"easier to administer and more secure."
+msgstr ""
+"Trình cài đặt này có thể tự động tạo một cặp khóa công/riêng RSA cho máy "
+"này. Có thể sử dụng cặp khóa này để xác thực cách kết nối IPSec tới máy "
+"khác, và nó là cách ưa thích để xây dụng cách kết nối IPSec bảo mật. Hoặc có "
+"thể sử dụng «bí mật dùng chung» (shared secrets), mà có cùng một mật khẩu "
+"tại cả hai đầu và cuối đều đường hầm, để xác thực mỗi sự kết nối. Tuy nhiên, "
+"với sự kết nối rất nhiều, dễ hơn để sử dụng cách xác thực RSA và nó bảo mật "
+"hơn. "
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+#, fuzzy
+msgid ""
+"If you do not want to create a new public/private keypair, you can choose to "
+"use an existing one."
+msgstr "Bạn có muốn tạo một cặp khóa công/riêng RSA cho máy này không?"
-#.Type: select
-#.Choices
-#:../openswan.templates.master:53
+#. Type: select
+#. Choices
+#: ../openswan.templates.master:4001
msgid "x509, plain"
msgstr "x509, giản dị"
-#.Type: select
-#.Description
-#:../openswan.templates.master:55
-msgid "Which type of RSA keypair do you want to create ?"
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+#, fuzzy
+#| msgid "Which type of RSA keypair do you want to create ?"
+msgid "Which type of RSA keypair do you want to create?"
msgstr "Bạn có muốn tạo cặp khóa RSA loại nào?"
-#.Type: select
-#.Description
-#:../openswan.templates.master:55
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
msgid ""
-"It is possible to create a plain RSA public/private keypair for the use with "
+"It is possible to create a plain RSA public/private keypair for use with "
"Openswan or to create a X509 certificate file which contains the RSA public "
-"key and additionally store the corresponding private key."
-msgstr "Có thể tạo một cặp khóa công/riêng RSA thô để sử dụng với trình Openswan, hoặc tạo một tập tin chứng nhận X509 chứa khóa công RSA ấy và cũng cất giữ khóa riêng tương ứng."
-
-#.Type: select
-#.Description
-#:../openswan.templates.master:55
+"key and additionally stores the corresponding private key."
+msgstr ""
+"Có thể tạo một cặp khóa công/riêng RSA thô để sử dụng với trình Openswan, "
+"hoặc tạo một tập tin chứng nhận X509 chứa khóa công RSA ấy và cũng cất giữ "
+"khóa riêng tương ứng."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
msgid ""
"If you only want to build up IPSec connections to hosts also running "
"Openswan, it might be a bit easier using plain RSA keypairs. But if you want "
@@ -138,90 +187,126 @@
"It is also possible to create a X509 certificate here and extract the RSA "
"public key in plain format if the other side runs Openswan without X509 "
"certificate support."
-msgstr "Nếu bạn chỉ muốn xây dụng sự kết nối IPSec đến máy cũng chạy trình Openswan, có thể dễ dàng hơn khi sử dụng cặp khóa RSA thô. Còn nếu bạn muốn kết nối đến một sự thực hiện IPSec khác, thì bạn sẽ cần có một chứng nhận loại X509. Cũng có thể tạo một chứng nhận X509 tại đây, rồi rút khóa công RSA có dạng thô, nếu bên khác có chạy trình Openswan không có hỗ trợ chứng nhận X509."
-
-#.Type: select
-#.Description
-#:../openswan.templates.master:55
+msgstr ""
+"Nếu bạn chỉ muốn xây dụng sự kết nối IPSec đến máy cũng chạy trình Openswan, "
+"có thể dễ dàng hơn khi sử dụng cặp khóa RSA thô. Còn nếu bạn muốn kết nối "
+"đến một sự thực hiện IPSec khác, thì bạn sẽ cần có một chứng nhận loại X509. "
+"Cũng có thể tạo một chứng nhận X509 tại đây, rồi rút khóa công RSA có dạng "
+"thô, nếu bên khác có chạy trình Openswan không có hỗ trợ chứng nhận X509."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
msgid ""
"Therefore a X509 certificate is recommended since it is more flexible and "
"this installer should be able to hide the complex creation of the X509 "
"certificate and its use in Openswan anyway."
-msgstr "Vì vậy khuyến khích một chứng nhận X509, vì nó dẻo hơn và trình cài đặt này nên có thể ẩn việc phức tạp tạo chứng nhận X509 và cách dùng nó trong trình Openswan."
-
-#.Type: boolean
-#.Description
-#:../openswan.templates.master:74
+msgstr ""
+"Vì vậy khuyến khích một chứng nhận X509, vì nó dẻo hơn và trình cài đặt này "
+"nên có thể ẩn việc phức tạp tạo chứng nhận X509 và cách dùng nó trong trình "
+"Openswan."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:5001
+#, fuzzy
+#| msgid ""
+#| "Do you have an existing X509 certificate file that you want to use for "
+#| "Openswan ?"
msgid ""
"Do you have an existing X509 certificate file that you want to use for "
-"Openswan ?"
-msgstr "Bạn có một tập tin chứng nhận X509 mà bạn muốn sử dụng với trình Openswan chưa?"
+"Openswan?"
+msgstr ""
+"Bạn có một tập tin chứng nhận X509 mà bạn muốn sử dụng với trình Openswan "
+"chưa?"
-#.Type: boolean
-#.Description
-#:../openswan.templates.master:74
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:5001
+#, fuzzy
+#| msgid ""
+#| "This installer can automatically extract the needed information from an "
+#| "existing X509 certificate with a matching RSA private key. Both parts can "
+#| "be in one file, if it is in PEM format. Do you have such an existing "
+#| "certificate and key file and want to use it for authenticating IPSec "
+#| "connections ?"
msgid ""
"This installer can automatically extract the needed information from an "
"existing X509 certificate with a matching RSA private key. Both parts can be "
"in one file, if it is in PEM format. Do you have such an existing "
"certificate and key file and want to use it for authenticating IPSec "
-"connections ?"
-msgstr "Trình cài đặt này có thể tự động giải mã thông tin cần thiết ra một chứng nhận X509 đã có, với khóa riêng RSA tương ứng. Cả hai điều có thể trong cùng một tập tin, nếu nó có dạng PEM. Bạn có chứng nhận đã có như vậy, và muốn sử dụng nó để xác thực cách kết nối IPSec không?"
-
-#.Type: string
-#.Description
-#:../openswan.templates.master:83
+"connections?"
+msgstr ""
+"Trình cài đặt này có thể tự động giải mã thông tin cần thiết ra một chứng "
+"nhận X509 đã có, với khóa riêng RSA tương ứng. Cả hai điều có thể trong cùng "
+"một tập tin, nếu nó có dạng PEM. Bạn có chứng nhận đã có như vậy, và muốn sử "
+"dụng nó để xác thực cách kết nối IPSec không?"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:6001
msgid "Please enter the location of your X509 certificate in PEM format."
msgstr "Hãy nhập địa điểm của chứng nhận X509 của bạn, có dạng PEM."
-#.Type: string
-#.Description
-#:../openswan.templates.master:83
+#. Type: string
+#. Description
+#: ../openswan.templates.master:6001
msgid ""
"Please enter the location of the file containing your X509 certificate in "
"PEM format."
-msgstr "Hãy nhập địa điểm của tập tin chứa chứng nhận X509 của bạn, có dạng PEM."
+msgstr ""
+"Hãy nhập địa điểm của tập tin chứa chứng nhận X509 của bạn, có dạng PEM."
-#.Type: string
-#.Description
-#:../openswan.templates.master:89
+#. Type: string
+#. Description
+#: ../openswan.templates.master:7001
msgid "Please enter the location of your X509 private key in PEM format."
msgstr "Hãy nhập địa điểm của khóa riêng X509 của bạn, có dạng PEM."
-#.Type: string
-#.Description
-#:../openswan.templates.master:89
+#. Type: string
+#. Description
+#: ../openswan.templates.master:7001
msgid ""
"Please enter the location of the file containing the private RSA key "
"matching your X509 certificate in PEM format. This can be the same file that "
"contains the X509 certificate."
-msgstr "Hãy nhập địa điểm của tập tin chứa khóa RSA riêng khớp với chứng nhận X509 của bạn, có dạng PEM. Có thể là cùng một tập tin chứa chứng nhận X509."
+msgstr ""
+"Hãy nhập địa điểm của tập tin chứa khóa RSA riêng khớp với chứng nhận X509 "
+"của bạn, có dạng PEM. Có thể là cùng một tập tin chứa chứng nhận X509."
-#.Type: string
-#.Description
-#:../openswan.templates.master:97
-msgid "Which length should the created RSA key have ?"
+#. Type: string
+#. Description
+#: ../openswan.templates.master:8001
+#, fuzzy
+#| msgid "Which length should the created RSA key have ?"
+msgid "Which length should the created RSA key have?"
msgstr "Khóa RSA mới được tạo nên có độ dài nào?"
-#.Type: string
-#.Description
-#:../openswan.templates.master:97
+#. Type: string
+#. Description
+#: ../openswan.templates.master:8001
msgid ""
"Please enter the length of the created RSA key. it should not be less than "
"1024 bits because this should be considered unsecure and you will probably "
"not need anything more than 2048 bits because it only slows the "
"authentication process down and is not needed at the moment."
-msgstr "Hãy nhập độ dài của khóa RSA mới được tạo. Nên có ít nhất 1024 bit, vì khóa nào nhỏ hơn kích thước ấy không phải là bảo mật. Rất có thể là bạn sẽ không cần sử dụng độ dài hơn 2048 bit, vì nó chỉ giảm tốc độ tiến trình xác thực, và hiện thời không cần thiết."
-
-#.Type: boolean
-#.Description
-#:../openswan.templates.master:106
-msgid "Do you want to create a self-signed X509 certificate ?"
+msgstr ""
+"Hãy nhập độ dài của khóa RSA mới được tạo. Nên có ít nhất 1024 bit, vì khóa "
+"nào nhỏ hơn kích thước ấy không phải là bảo mật. Rất có thể là bạn sẽ không "
+"cần sử dụng độ dài hơn 2048 bit, vì nó chỉ giảm tốc độ tiến trình xác thực, "
+"và hiện thời không cần thiết."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
+#, fuzzy
+#| msgid "Do you want to create a self-signed X509 certificate ?"
+msgid "Do you want to create a self-signed X509 certificate?"
msgstr "Bạn có muốn tạo một chứng nhận X509 tự ký không?"
-#.Type: boolean
-#.Description
-#:../openswan.templates.master:106
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
msgid ""
"This installer can only create self-signed X509 certificates automatically, "
"because otherwise a certificate authority is needed to sign the certificate "
@@ -230,187 +315,226 @@
"for authentication of IPSec connections. However, if you want to use the new "
"PKI features of Openswan >= 1.91, you will need to have all X509 "
"certificates signed by a single certificate authority to create a trust path."
-msgstr "Trình cài đặt này chỉ có thể tự động tạo chứng nhận X509 tự ký, vì nếu không thì một nhà cầm quyền chứng nhận (Certificate Authority, CA) phải ký lời yêu cầu chứng nhận ấy. Nếu bạn muốn tạo một chứng nhận tự ký, bạn có thể sử dụng nó ngay lập tức để kết nối đến máy IPSec khác có hỗ trợ sử dụng chứng nhận X509 để xác thực sự kết nối IPSec. Tuy nhiên, nếu bạn muốn sử dụng những tính năng PKI mới của trình Openswan phiên bản ≥1.91, bạn sẽ phải có tất cả những chứng nhận X509 được ký bởi một nhà cầm quyền chứng nhận riêng lẻ, để tạo một «đường dẫn tin cây» (trust path)."
-
-#.Type: boolean
-#.Description
-#:../openswan.templates.master:106
+msgstr ""
+"Trình cài đặt này chỉ có thể tự động tạo chứng nhận X509 tự ký, vì nếu không "
+"thì một nhà cầm quyền chứng nhận (Certificate Authority, CA) phải ký lời yêu "
+"cầu chứng nhận ấy. Nếu bạn muốn tạo một chứng nhận tự ký, bạn có thể sử dụng "
+"nó ngay lập tức để kết nối đến máy IPSec khác có hỗ trợ sử dụng chứng nhận "
+"X509 để xác thực sự kết nối IPSec. Tuy nhiên, nếu bạn muốn sử dụng những "
+"tính năng PKI mới của trình Openswan phiên bản ≥1.91, bạn sẽ phải có tất cả "
+"những chứng nhận X509 được ký bởi một nhà cầm quyền chứng nhận riêng lẻ, để "
+"tạo một «đường dẫn tin cây» (trust path)."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
msgid ""
"If you do not want to create a self-signed certificate, then this installer "
"will only create the RSA private key and the certificate request and you "
"will have to sign the certificate request with your certificate authority."
-msgstr "Nếu bạn không muốn tạo một chứng nhận tự ký, thì trình cài đặt này sẽ tạo chỉ khóa RSA riêng và lời yêu cầu chứng nhận, và bạn sẽ phải ký lời yêu cầu ấy dùng nhà cầm quyền chứng nhận bạn."
-
-#.Type: string
-#.Description
-#:../openswan.templates.master:124
+msgstr ""
+"Nếu bạn không muốn tạo một chứng nhận tự ký, thì trình cài đặt này sẽ tạo "
+"chỉ khóa RSA riêng và lời yêu cầu chứng nhận, và bạn sẽ phải ký lời yêu cầu "
+"ấy dùng nhà cầm quyền chứng nhận bạn."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
msgid "Please enter the country code for the X509 certificate request."
msgstr "Hãy nhập mã quốc gia cho lời yêu cầu chứng nhận X509."
-#.Type: string
-#.Description
-#:../openswan.templates.master:124
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
msgid ""
"Please enter the 2 letter country code for your country. This code will be "
"placed in the certificate request."
-msgstr "Hãy nhập mã hai chữ cho quốc gia bạn. Sẽ chèn mã này vào lời yêu cầu chứng nhận."
+msgstr ""
+"Hãy nhập mã hai chữ cho quốc gia bạn. Sẽ chèn mã này vào lời yêu cầu chứng "
+"nhận."
-#.Type: string
-#.Description
-#:../openswan.templates.master:124
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
msgid ""
"You really need to enter a valid country code here, because openssl will "
"refuse to generate certificates without one. An empty field is allowed for "
"any other field of the X.509 certificate, but not for this one."
-msgstr "Bạn thật cần phải nhập một mã quốc gia hợp lệ vào đây, vì trình OpenSSL sẽ từ chối tạo ra chứng nhận nào khi không có mã ấy. Có thể bỏ rỗng bất cứ trường nào khác cho chứng nhận X509, nhưng mà không phải trường này."
-
-#.Type: string
-#.Description
-#:../openswan.templates.master:124
+msgstr ""
+"Bạn thật cần phải nhập một mã quốc gia hợp lệ vào đây, vì trình OpenSSL sẽ "
+"từ chối tạo ra chứng nhận nào khi không có mã ấy. Có thể bỏ rỗng bất cứ "
+"trường nào khác cho chứng nhận X509, nhưng mà không phải trường này."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
msgid "Example: AT"
msgstr "Lấy thí dụ: VN"
-#.Type: string
-#.Description
-#:../openswan.templates.master:137
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
msgid ""
"Please enter the state or province name for the X509 certificate request."
msgstr "Hãy nhập tên bảng hay tỉnh cho lời yêu cầu chứng nhận X509."
-#.Type: string
-#.Description
-#:../openswan.templates.master:137
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
msgid ""
"Please enter the full name of the state or province you live in. This name "
"will be placed in the certificate request."
-msgstr "Hãy nhập tên đầy đủ của bang hay tỉnh nơi bạn ở. Sẽ chèn tên này vào lời yêu cầu chứng nhận."
+msgstr ""
+"Hãy nhập tên đầy đủ của bang hay tỉnh nơi bạn ở. Sẽ chèn tên này vào lời yêu "
+"cầu chứng nhận."
-#.Type: string
-#.Description
-#:../openswan.templates.master:137
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
msgid "Example: Upper Austria"
msgstr "Lấy thí dụ: Bình Định"
-#.Type: string
-#.Description
-#:../openswan.templates.master:146
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
msgid "Please enter the locality name for the X509 certificate request."
msgstr "Hãy nhập tên địa phương cho lời yêu cầu chứng nhận X509."
-#.Type: string
-#.Description
-#:../openswan.templates.master:146
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
msgid ""
"Please enter the locality (e.g. city) where you live. This name will be "
"placed in the certificate request."
-msgstr "Hãy nhập địa phương (v.d. thành phố) nơi bạn ở. Sẽ chèn tên này vào lời yêu cầu chứng nhận."
+msgstr ""
+"Hãy nhập địa phương (v.d. thành phố) nơi bạn ở. Sẽ chèn tên này vào lời yêu "
+"cầu chứng nhận."
-#.Type: string
-#.Description
-#:../openswan.templates.master:146
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
msgid "Example: Vienna"
msgstr "Lấy thí dụ: Quy Nhơn"
-#.Type: string
-#.Description
-#:../openswan.templates.master:155
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
msgid "Please enter the organization name for the X509 certificate request."
msgstr "Hãy nhập tên tổ chức cho lời yêu cầu chứng nhận X509."
-#.Type: string
-#.Description
-#:../openswan.templates.master:155
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
msgid ""
"Please enter the organization (e.g. company) that the X509 certificate "
"should be created for. This name will be placed in the certificate request."
-msgstr "Hãy nhập tổ chức (v.d. công ty) cho mà chứng nhận X509 nên được tạo. Sẽ chèn tên này vào lời yêu cầu chứng nhận."
+msgstr ""
+"Hãy nhập tổ chức (v.d. công ty) cho mà chứng nhận X509 nên được tạo. Sẽ chèn "
+"tên này vào lời yêu cầu chứng nhận."
-#.Type: string
-#.Description
-#:../openswan.templates.master:155
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
msgid "Example: Debian"
msgstr "Lấy thí dụ: Debian"
-#.Type: string
-#.Description
-#:../openswan.templates.master:165
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
msgid "Please enter the organizational unit for the X509 certificate request."
msgstr "Hãy nhập tên đơn vị tổ chức cho lời yêu cầu chứng nhận X509."
-#.Type: string
-#.Description
-#:../openswan.templates.master:165
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
msgid ""
"Please enter the organizational unit (e.g. section) that the X509 "
"certificate should be created for. This name will be placed in the "
"certificate request."
-msgstr "Hãy nhập đơn vị tổ chức (v.d. phần) cho mà chứng nhận X509 nên được tạo. Sẽ chèn tên này vào lời yêu cầu chứng nhận."
+msgstr ""
+"Hãy nhập đơn vị tổ chức (v.d. phần) cho mà chứng nhận X509 nên được tạo. Sẽ "
+"chèn tên này vào lời yêu cầu chứng nhận."
-#.Type: string
-#.Description
-#:../openswan.templates.master:165
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
msgid "Example: security group"
msgstr "Lấy thí dụ: nhóm Việt hóa"
-#.Type: string
-#.Description
-#:../openswan.templates.master:175
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
msgid "Please enter the common name for the X509 certificate request."
msgstr "Hãy nhập tên chung cho lời yêu cầu chứng nhận X509."
-#.Type: string
-#.Description
-#:../openswan.templates.master:175
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
msgid ""
"Please enter the common name (e.g. the host name of this machine) for which "
"the X509 certificate should be created for. This name will be placed in the "
"certificate request."
-msgstr "Hãy nhập tên chung (v.d. tên máy) cho mà chứng nhận X509 nên được tạo. Sẽ chèn tên này vào lời yêu cầu chứng nhận."
+msgstr ""
+"Hãy nhập tên chung (v.d. tên máy) cho mà chứng nhận X509 nên được tạo. Sẽ "
+"chèn tên này vào lời yêu cầu chứng nhận."
-#.Type: string
-#.Description
-#:../openswan.templates.master:175
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
msgid "Example: gateway.debian.org"
msgstr "Lấy thí cụ: gateway.debian.org"
-#.Type: string
-#.Description
-#:../openswan.templates.master:185
+#. Type: string
+#. Description
+#: ../openswan.templates.master:16001
msgid "Please enter the email address for the X509 certificate request."
msgstr "Hãy nhập địa chỉ thư điện tử chung cho lời yêu cầu chứng nhận X509."
-#.Type: string
-#.Description
-#:../openswan.templates.master:185
+#. Type: string
+#. Description
+#: ../openswan.templates.master:16001
msgid ""
"Please enter the email address of the person or organization who is "
"responsible for the X509 certificate, This address will be placed in the "
"certificate request."
-msgstr "Hãy nhập địa chỉ thư điện tử của người hay tổ chức chịu trách nhiệm về chứng nhận X509 này. Sẽ chèn địa chỉ này vào lời yêu cầu chứng nhận."
+msgstr ""
+"Hãy nhập địa chỉ thư điện tử của người hay tổ chức chịu trách nhiệm về chứng "
+"nhận X509 này. Sẽ chèn địa chỉ này vào lời yêu cầu chứng nhận."
-#.Type: boolean
-#.Description
-#:../openswan.templates.master:193
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
msgid "Do you wish to enable opportunistic encryption in Openswan?"
-msgstr "Bạn có muốn hiệu lực mật mã loại cơ hội chủ nghĩa trong trình Openswan không?"
+msgstr ""
+"Bạn có muốn hiệu lực mật mã loại cơ hội chủ nghĩa trong trình Openswan không?"
-#.Type: boolean
-#.Description
-#:../openswan.templates.master:193
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
+#, fuzzy
msgid ""
"Openswan comes with support for opportunistic encryption (OE), which stores "
-"IPSec authentication information (i.e. RSA public keys) in (preferrably "
+"IPSec authentication information (i.e. RSA public keys) in (preferably "
"secure) DNS records. Until this is widely deployed, activating it will cause "
"a significant slow-down for every new, outgoing connection. Since version "
"2.0, Openswan upstream comes with OE enabled by default and is thus likely "
-"to break you existing connection to the Internet (i.e. your default route) "
+"to break your existing connection to the Internet (i.e. your default route) "
"as soon as pluto (the Openswan keying daemon) is started."
-msgstr "Trình Openswan hỗ trợ có sẵn mật mã cơ hội chủ nghĩa (OE: opportunistic encryption) mà cất giữ thông tin xác thực IPSec (tức là khóa công RSA) trong mục ghi DNS (thích hơn loại bảo mật). Cho đến khi tính năng này thường dụng, hoạt hóa nó sẽ giảm một cách quan trọng mỗi sự kết nối ra mới. Từ phiên bản 2.0, trình Openswan gốc đã hiệu lực OE theo mặc định, thì sẽ rất có thể ngắt sự kết nối hiện thời đến Mạng của bạn (tức là đường mặc định) một khi khởi chạy pluto (trình nền quản lý khóa Openswan)."
-
-#.Type: boolean
-#.Description
-#:../openswan.templates.master:193
+msgstr ""
+"Trình Openswan hỗ trợ có sẵn mật mã cơ hội chủ nghĩa (OE: opportunistic "
+"encryption) mà cất giữ thông tin xác thực IPSec (tức là khóa công RSA) trong "
+"mục ghi DNS (thích hơn loại bảo mật). Cho đến khi tính năng này thường dụng, "
+"hoạt hóa nó sẽ giảm một cách quan trọng mỗi sự kết nối ra mới. Từ phiên bản "
+"2.0, trình Openswan gốc đã hiệu lực OE theo mặc định, thì sẽ rất có thể ngắt "
+"sự kết nối hiện thời đến Mạng của bạn (tức là đường mặc định) một khi khởi "
+"chạy pluto (trình nền quản lý khóa Openswan)."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
msgid ""
"Please choose whether you want to enable support for OE. If unsure, do not "
"enable it."
-msgstr "Hãy chọn có nên muốn hiệu lực hỗ trợ OE hay không. Nếu chưa chắc thì đừng bật nó."
+msgstr ""
+"Hãy chọn có nên muốn hiệu lực hỗ trợ OE hay không. Nếu chưa chắc thì đừng "
+"bật nó."
--- openswan-2.6.22+dfsg.orig/debian/po/fi.po
+++ openswan-2.6.22+dfsg/debian/po/fi.po
@@ -0,0 +1,320 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: openswan\n"
+"Report-Msgid-Bugs-To: rmayr@debian.org\n"
+"POT-Creation-Date: 2007-10-27 11:19+0200\n"
+"PO-Revision-Date: 2008-03-24 19:27+0200\n"
+"Last-Translator: Esko Arajärvi \n"
+"Language-Team: Finnish \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Finnish\n"
+"X-Poedit-Country: FINLAND\n"
+
+#. Type: select
+#. Choices
+#: ../openswan.templates.master:1001
+msgid "earliest, \"after NFS\", \"after PCMCIA\""
+msgstr "mahdollisimman aikaisin, NFS:n jälkeen, PCMCIA:n jälkeen"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid "At which level do you wish to start Openswan?"
+msgstr "Millä tasolla Openswan tulisi käynnistää?"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid "With the current Debian startup levels (nearly everything starting in level 20), it is impossible for Openswan to always start at the correct time. There are three possibilities when Openswan can start: before or after the NFS services and after the PCMCIA services. The correct answer depends on your specific setup."
+msgstr "Nykyisten Debianin käynnistystasojen kanssa (lähes kaikki käynnistyy tasolla 20) Openswanin on lähes mahdotonta käynnistyä aina oikeaan aikaan. Openswan voi käynnistyä kolmeen eri aikaan: ennen tai jälkeen NFS-palveluiden tai PCMCIA-palveluiden jälkeen. Oikea valinta riippuu koneen asetuksista."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid "If you do not have your /usr tree mounted via NFS (either you only mount other, less vital trees via NFS or don't use NFS mounted trees at all) and don't use a PCMCIA network card, then it's best to start Openswan at the earliest possible time, thus allowing the NFS mounts to be secured by IPSec. In this case (or if you don't understand or care about this issue), answer \"earliest\" to this question (the default)."
+msgstr "Jos hakemistopuuta /usr ei liitetä NFS:n avulla (joko NFS:ää ei käytetä ollenkaan tai sillä liitetään vain vähemmän tärkeitä osia), eikä käytössä ole PCMCIA-verkkokortteja, on Openswan parasta käynnistää mahdollisimman aikaisin, jolloin NSF-liitokset voidaan turvata IPSecillä. Valitse tällöin (ja myös, jos et ymmärrä kysymystä tai välitä siitä) ”mahdollisimman aikaisin” (oletus)."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid "If you have your /usr tree mounted via NFS and don't use a PCMCIA network card, then you will need to start Openswan after NFS so that all necessary files are available. In this case, answer \"after NFS\" to this question. Please note that the NFS mount of /usr can not be secured by IPSec in this case."
+msgstr "Jos hakemistopuu /usr liitetään NFS:n avulla, eikä käytössä ole PCMCIA-verkkokorttia, tulee Openswan käynnistää NFS:n jälkeen, jotta kaikki tarvittavat tiedostot ovat saatavilla. Valitse tällöin ”NFS:n jälkeen”. Tällöin hakemistopuun /usr NFS-liitäntää ei voida turvata IPSecin avulla."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid "If you use a PCMCIA network card for your IPSec connections, then you only have to choose to start it after the PCMCIA services. Answer \"after PCMCIA\" in this case. This is also the correct answer if you want to fetch keys from a locally running DNS server with DNSSec support."
+msgstr "Jos IPSec-yhteyksiin käytetään PCMCIA-verkkokorttia, tulee ohjelma käynnistää PCMCIA-palveluiden jälkeen. Valitse tällöin ”PCMCIA:n jälkeen”. Tämä on oikea valinta myös, jos avaimia haetaan paikalliselta DNS-palvelimelta DNSSec-tuen kanssa."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:2001
+msgid "Do you wish to restart Openswan?"
+msgstr "Tulisiko Openswan käynnistää uudelleen?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:2001
+msgid "Restarting Openswan is a good idea, since if there is a security fix, it will not be fixed until the daemon restarts. Most people expect the daemon to restart, so this is generally a good idea. However this might take down existing connections and then bring them back up."
+msgstr "Openswanin käynnistäminen uudelleen on suositeltavaa, koska mahdolliset tietoturvapäivitykset eivät tule käyttöön ennen kuin taustaohjelma käynnistetään uudelleen. Useimmat ihmiset olettavat, että taustaohjelma käynnistetään uudelleen, joten se on hyvä ajatus. Tämä saattaa kuitenkin katkaista olemassa olevat yhteydet ja avata ne sitten uudelleen."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid "Do you want to create a RSA public/private keypair for this host?"
+msgstr "Luodaanko tälle koneelle RSA-avainpari?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid "This installer can automatically create a RSA public/private keypair for this host. This keypair can be used to authenticate IPSec connections to other hosts and is the preferred way for building up secure IPSec connections. The other possibility would be to use shared secrets (passwords that are the same on both sides of the tunnel) for authenticating an connection, but for a larger number of connections RSA authentication is easier to administer and more secure."
+msgstr "Tämä asennusohjelma voi automaattisesti luoda julkisen ja salaisen avaimen sisältävän RSA-avainparin tälle koneelle. Tätä avainparia voidaan käyttää toisille koneille otettavien IPSec-yhteyksien todentamiseen. Tämä on suositeltava tapa turvallisten IPSec-yhteyksien luomiseen. Toinen vaihtoehto on käyttää jaettuja salaisuuksia (salasanat ovat samat tunnelin molemmissa päissä) yhteyksien todentamiseen, mutta useiden yhteyksien kanssa RSA-todennus on turvallisempi ja helpompi ylläpitää."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid "If you do not want to create a new public/private keypair, you can choose to use an existing one."
+msgstr "Jos uutta julkisen ja salaisen avaimen paria ei luoda, voidaan käyttöön valita olemassa oleva pari."
+
+#. Type: select
+#. Choices
+#: ../openswan.templates.master:4001
+msgid "x509, plain"
+msgstr "x509, tavallinen"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid "Which type of RSA keypair do you want to create?"
+msgstr "Minkä tyyppinen RSA-avainpari luodaan?"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid "It is possible to create a plain RSA public/private keypair for use with Openswan or to create a X509 certificate file which contains the RSA public key and additionally stores the corresponding private key."
+msgstr "On mahdollista luoda tavallinen RSA-avainpari Openswanin käyttöön tai luoda X509-varmennetiedosto, joka sisältää julkisen RSA-avaimen ja lisäksi tallentaa vastaavan salaisen avaimen."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid "If you only want to build up IPSec connections to hosts also running Openswan, it might be a bit easier using plain RSA keypairs. But if you want to connect to other IPSec implementations, you will need a X509 certificate. It is also possible to create a X509 certificate here and extract the RSA public key in plain format if the other side runs Openswan without X509 certificate support."
+msgstr "Jos halutaan vain luoda IPSec-yhteyksiä toiselle koneille, joilla myös ajetaan Openswania, on ehkä hieman helpompaa käyttää tavallisia RSA-avainpareja. Jos halutaan ottaa yhteyksiä muihin IPSec-toteutuksiin, tarvitaan X509-varmenne. On myös mahdollista luoda X509-varmenne nyt ja erottaa julkinen RSA-avain siitä tavalliseen muotoon, jos toisella puolella on Openswan, jossa ei ole X509-varmenteiden tukea."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid "Therefore a X509 certificate is recommended since it is more flexible and this installer should be able to hide the complex creation of the X509 certificate and its use in Openswan anyway."
+msgstr "Tästä syystä suositellaan joustavampaa X509-varmennetta. Tämä asennusohjelman pitäisi joka tapauksessa pystyä piilottamaan X509-varmenteen monimutkainen luontiprosessi ja käyttö Openswanissa."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:5001
+msgid "Do you have an existing X509 certificate file that you want to use for Openswan?"
+msgstr "Onko olemassa X509-varmennetiedostoa, jota halutaan käyttää Openswanin kanssa?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:5001
+msgid "This installer can automatically extract the needed information from an existing X509 certificate with a matching RSA private key. Both parts can be in one file, if it is in PEM format. Do you have such an existing certificate and key file and want to use it for authenticating IPSec connections?"
+msgstr "Tämä asennusohjelma voi automaattisesti erottaa tarvittavat tiedot olemassa olevasta X509-varmenteesta ja sitä vastaavasta salaisesta RSA-avaimesta. Molemmat osat voivat olla yhdessä tiedostossa, jos se on PEM-muodossa."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:6001
+msgid "Please enter the location of your X509 certificate in PEM format."
+msgstr "PEM-muodossa olevan X509-varmenteen sijainti:"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:6001
+msgid "Please enter the location of the file containing your X509 certificate in PEM format."
+msgstr "Anna PEM-muodossa olevan, X509-varmenteen sisältävän tiedoston sijainti."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:7001
+msgid "Please enter the location of your X509 private key in PEM format."
+msgstr "PEM-muotoisen salaisen X509-avaimen sijainti:"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:7001
+msgid "Please enter the location of the file containing the private RSA key matching your X509 certificate in PEM format. This can be the same file that contains the X509 certificate."
+msgstr "Anna PEM-muodossa olevaan X509-varmenteeseen täsmäävän salaisen RSA-avaimen sijainti. Tämä saattaa olla sama tiedosto kuin se, joka sisältää X509-varmenteen."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:8001
+msgid "Which length should the created RSA key have?"
+msgstr "Minkä pituinen luotavan RSA-avaimen tulisi olla?"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:8001
+msgid "Please enter the length of the created RSA key. it should not be less than 1024 bits because this should be considered unsecure and you will probably not need anything more than 2048 bits because it only slows the authentication process down and is not needed at the moment."
+msgstr "Anna luotavan RSA-avaimen pituus. Sen ei tulisi olla lyhyempi kuin 1024 bittiä, koska tätä lyhyempiä pidetään turvattomina, eikä sen luultavasti tarvitse olla 2048 bittiä pidempi, koska tällöin se lähinnä hidastaisi todennusprosessia, eikä pidempää avainta tällä hetkellä tarvita."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
+msgid "Do you want to create a self-signed X509 certificate?"
+msgstr "Luodaanko itseallekirjoitettu X509-varmenne?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
+msgid "This installer can only create self-signed X509 certificates automatically, because otherwise a certificate authority is needed to sign the certificate request. If you want to create a self-signed certificate, you can use it immediately to connect to other IPSec hosts that support X509 certificate for authentication of IPSec connections. However, if you want to use the new PKI features of Openswan >= 1.91, you will need to have all X509 certificates signed by a single certificate authority to create a trust path."
+msgstr "Tämä asennusohjelma voi automaattisesti luoda vain itseallekirjoitettuja X509-varmenteita, koska muussa tapauksessa varmentajan tulisi allekirjoittaa varmennepyyntö. Nyt voidaan luoda itseallekirjoitettu X509-varmenne, jota voidaan välittömästi käyttää toisiin X509-varmennusta tukeviin IPSec-koneisiin otettavien IPSec-yhteyksien varmentamiseen. Uudempien, Openswanin versiosta 1.91 alkaen mukana olevien PKI-ominaisuuksien käyttö kuitenkin vaatii, että kaikki X509-varmenteet on allekirjoitettu yhden varmentajan toimesta luottamuspolun luomiseksi."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
+msgid "If you do not want to create a self-signed certificate, then this installer will only create the RSA private key and the certificate request and you will have to sign the certificate request with your certificate authority."
+msgstr "Jos itseallekirjoitettua varmennetta ei haluta, asennusohjelma luo vain salaisen RSA-avaimen ja varmennepyynnön, joka varmentajan tulee allekirjoittaa."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid "Please enter the country code for the X509 certificate request."
+msgstr "Maakoodi X509-varmennepyyntöä varten:"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid "Please enter the 2 letter country code for your country. This code will be placed in the certificate request."
+msgstr "Anna kaksikirjaiminen maakoodi. Tämä koodi sisällytetään varmennepyyntöön."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid "You really need to enter a valid country code here, because openssl will refuse to generate certificates without one. An empty field is allowed for any other field of the X.509 certificate, but not for this one."
+msgstr "Tähän syötettävän koodin tulee olla käypä, koska openssl ei suostu luomaan varmenteita ilman käypää koodia. X.509-varmenteen muut kentät voivat olla tyhjiä, mutta tämä ei."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid "Example: AT"
+msgstr "Esimerkki: FI"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
+msgid "Please enter the state or province name for the X509 certificate request."
+msgstr "Osavaltion, läänin tai maakunnan nimi X509-varmennepyyntöä varten:"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
+msgid "Please enter the full name of the state or province you live in. This name will be placed in the certificate request."
+msgstr "Anna osavaltion, läänin tai maakunnan koko nimi. Tämä nimi sisällytetään varmennepyyntöön."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
+msgid "Example: Upper Austria"
+msgstr "Esimerkki: Etelä-Suomen lääni"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
+msgid "Please enter the locality name for the X509 certificate request."
+msgstr "Paikkakunnan nimi X509-varmennepyyntöä varten:"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
+msgid "Please enter the locality (e.g. city) where you live. This name will be placed in the certificate request."
+msgstr "Anna paikkakunta. Tämä nimi sisällytetään varmennepyyntöön."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
+msgid "Example: Vienna"
+msgstr "Esimerkki: Helsinki"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
+msgid "Please enter the organization name for the X509 certificate request."
+msgstr "Järjestön nimi X509-varmennepyyntöä varten:"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
+msgid "Please enter the organization (e.g. company) that the X509 certificate should be created for. This name will be placed in the certificate request."
+msgstr "Anna järjestö tai yhtiö, jota varten X509-varmenne luodaan. Tämä nimi sisällytetään varmennepyyntöön."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
+msgid "Example: Debian"
+msgstr "Esimerkki: Debian"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
+msgid "Please enter the organizational unit for the X509 certificate request."
+msgstr "Järjestön yksikön nimi X509-varmennepyyntöä varten:"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
+msgid "Please enter the organizational unit (e.g. section) that the X509 certificate should be created for. This name will be placed in the certificate request."
+msgstr "Anna yksikkö (tai osasto), jota varten X509-varmenne luodaan. Tämä nimi sisällytetään varmennepyyntöön."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
+msgid "Example: security group"
+msgstr "Esimerkki: tietoturvaryhmä"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
+msgid "Please enter the common name for the X509 certificate request."
+msgstr "Yleinen nimi X509-varmennepyyntöä varten:"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
+msgid "Please enter the common name (e.g. the host name of this machine) for which the X509 certificate should be created for. This name will be placed in the certificate request."
+msgstr "Anna yleinen nimi (eli tämän koneen verkkonimi), jota varten X509-varmenne luodaan. Tämä nimi sisällytetään varmennepyyntöön."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
+msgid "Example: gateway.debian.org"
+msgstr "Esimerkki: gateway.debian.org"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:16001
+msgid "Please enter the email address for the X509 certificate request."
+msgstr "Sähköpostiosoite X509-varmennepyyntöä varten:"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:16001
+msgid "Please enter the email address of the person or organization who is responsible for the X509 certificate, This address will be placed in the certificate request."
+msgstr "Anna X509-varmenteesta vastaavan henkilön tai järjestön sähköpostiosoite. Tämä osoite sisällytetään varmennepyyntöön."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
+msgid "Do you wish to enable opportunistic encryption in Openswan?"
+msgstr "Käytetäänkö Openswanin kanssa opportunistista salausta?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
+msgid "Openswan comes with support for opportunistic encryption (OE), which stores IPSec authentication information (i.e. RSA public keys) in (preferably secure) DNS records. Until this is widely deployed, activating it will cause a significant slow-down for every new, outgoing connection. Since version 2.0, Openswan upstream comes with OE enabled by default and is thus likely to break your existing connection to the Internet (i.e. your default route) as soon as pluto (the Openswan keying daemon) is started."
+msgstr "Openswan tukee opportunistista salausta (Opportunistic Encryption, OE), joka tallentaa IPSec-todennustiedot (eli julkiset RSA-avaimet) DNS-tietoihin. Ennen kuin tämä on laajalti käytössä, jokainen uusi ulospäin suuntautuva yhteys hidastuu huomattavasti. Versiosta Openswan 2.0 alkaen OE on käytössä oletuksena ja siten todennäköisesti rikkoo olemassa olevan Internet-yhteyden (oletusreitin) heti, kun pluto (Openswanin avaintaustaohjelma) käynnistetään."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
+msgid "Please choose whether you want to enable support for OE. If unsure, do not enable it."
+msgstr "Valitse tulisiko OE-tuki ottaa käyttöön. Jos olet epävarma, älä valitse tätä."
+
--- openswan-2.6.22+dfsg.orig/debian/po/ja.po
+++ openswan-2.6.22+dfsg/debian/po/ja.po
@@ -1,44 +1,44 @@
-#
-# Translators, if you are not familiar with the PO format, gettext
-# documentation is worth reading, especially sections dedicated to
-# this format, e.g. by running:
-# info -n '(gettext)PO Files'
-# info -n '(gettext)Header Entry'
-#
-# Some information specific to po-debconf are available at
-# /usr/share/doc/po-debconf/README-trans
-# or http://www.debian.org/intl/l10n/po-debconf/README-trans
-#
-# Developers do not need to manually edit POT or PO files.
-#
-#
-msgid ""
-msgstr ""
-"Project-Id-Version: openswan 1:2.2.0-8\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2005-01-13 11:49+0100\n"
-"PO-Revision-Date: 2005-05-28 01:26+0900\n"
-"Last-Translator: Hideki Yamane \n"
+#
+# Translators, if you are not familiar with the PO format, gettext
+# documentation is worth reading, especially sections dedicated to
+# this format, e.g. by running:
+# info -n '(gettext)PO Files'
+# info -n '(gettext)Header Entry'
+#
+# Some information specific to po-debconf are available at
+# /usr/share/doc/po-debconf/README-trans
+# or http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+# Developers do not need to manually edit POT or PO files.
+#
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openswan 1:2.4.9+dfsg-3\n"
+"Report-Msgid-Bugs-To: rmayr@debian.org\n"
+"POT-Creation-Date: 2007-10-27 11:19+0200\n"
+"PO-Revision-Date: 2008-01-31 06:52+0900\n"
+"Last-Translator: Hideki Yamane (Debian-JP) \n"
"Language-Team: Japanese \n"
"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=EUC-JP\n"
+"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
#. Type: select
#. Choices
-#: ../openswan.templates.master:3
+#: ../openswan.templates.master:1001
msgid "earliest, \"after NFS\", \"after PCMCIA\""
-msgstr "ǽʸ¤, \"NFS ư\", \"PCMCIA ư\""
+msgstr "可能な限り早く, \"NFS 起動後\", \"PCMCIA 起動後\""
#. Type: select
#. Description
-#: ../openswan.templates.master:5
-msgid "At which level do you wish to start Openswan ?"
-msgstr "ɤʳ Openswan ưޤ?"
+#: ../openswan.templates.master:1002
+msgid "At which level do you wish to start Openswan?"
+msgstr "どの段階で Openswan を起動させますか?"
#. Type: select
#. Description
-#: ../openswan.templates.master:5
+#: ../openswan.templates.master:1002
msgid ""
"With the current Debian startup levels (nearly everything starting in level "
"20), it is impossible for Openswan to always start at the correct time. "
@@ -46,88 +46,88 @@
"NFS services and after the PCMCIA services. The correct answer depends on "
"your specific setup."
msgstr ""
-"ߤ Debian Ǥεư٥ (ۤȤƤ٥20) ΤޤޤǤϡOpenswan "
-"ˤŬڤʥߥǵưǤޤOpenswan ư륿ߥ"
-"ȤƤ3Ĥͤޤ: NFS ӥγϸ塦PCMCIA ӥ"
-"ϸǤϤʤ꼡Ǥ"
+"現在の Debian での起動レベル (ほとんど全てがレベル20) のままでは、Openswan を"
+"常には適切なタイミングで起動できません。Openswan を起動させるタイミングの選択"
+"肢としては3つが考えられます: NFS サービスの開始前・開始後・PCMCIA サービスの"
+"開始後です。正解はあなたの設定次第です。"
#. Type: select
#. Description
-#: ../openswan.templates.master:5
+#: ../openswan.templates.master:1002
msgid ""
"If you do not have your /usr tree mounted via NFS (either you only mount "
"other, less vital trees via NFS or don't use NFS mounted trees at all) and "
-"don't use a PCMCIA network card, then it is the best to start Openswan at "
-"the earliest possible time, thus allowing the NFS mounts to be secured by "
-"IPSec. In this case (or if you don't understand or care about this issue), "
-"answer \"earliest\" to this question (the default)."
+"don't use a PCMCIA network card, then it's best to start Openswan at the "
+"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. "
+"In this case (or if you don't understand or care about this issue), answer "
+"\"earliest\" to this question (the default)."
msgstr ""
-"NFS ͳ /usr ޥȤ (¾Υѡƥ䤢ޤפǤϤʤѡ"
-"ƥ NFS ͳǥޥȤ뤫ޤ NFS ޥȤȤʤ)"
-" PCMCIA ͥåȥɤѤƤʤ硢ǽʸ¤ᤤ֤ "
-"Openswan ưΤ٥ȤǤˤäơNFS ǤΥޥȤ "
-"IPSec ݸޤξ (ޤϤƤʤä˵ˤ"
-") \"ǽʸ¤\"ȼƤ (ɸ) "
+"NFS 経由で /usr をマウントせず (他のパーティションやあまり重要ではないパー"
+"ティションを NFS 経由でマウントするか、または NFS マウントを全く使わない)、加"
+"えて PCMCIA ネットワークカードを利用していない場合、可能な限り早い時間に "
+"Openswan を起動するのがベストです。この設定によって、NFS でのマウントは "
+"IPSec で保護されます。この場合 (またはこの問題を理解していないか特に気にしな"
+"い場合) 、\"可能な限り早く\"と質問に答えてください (標準) 。"
#. Type: select
#. Description
-#: ../openswan.templates.master:5
+#: ../openswan.templates.master:1002
msgid ""
"If you have your /usr tree mounted via NFS and don't use a PCMCIA network "
"card, then you will need to start Openswan after NFS so that all necessary "
"files are available. In this case, answer \"after NFS\" to this question. "
-"Please note that the NFS mount of /usr can not be secured by IPSec in this "
+"Please note that the NFS mount of /usr can not be secured by IPSec in this "
"case."
msgstr ""
-"NFS ͳ /usr ޥȤƤ PCMCIA ͥåȥɤѤƤʤ"
-"ϡɬפʥեѲǽˤ뤿 Openswan NFS θǵưʤ"
-"Фʤޤξ硢\"NFS ư\" Ƥλ NFS ͳ"
-"ǥޥȤ /usr ϡIPSec ˤ륻奢ʾ֤ˤϤʤʤȤȤ"
-"դƤ"
+"NFS 経由で /usr をマウントしていて PCMCIA ネットワークカードを使用していない"
+"場合は、必要なファイルを利用可能にするために Openswan を NFS の後で起動しなけ"
+"ればなりません。この場合、\"NFS 起動後\" と答えてください。この時に NFS 経由"
+"でマウントされる /usr は、IPSec によるセキュアな状態にはならないということに"
+"注意してください。"
#. Type: select
#. Description
-#: ../openswan.templates.master:5
+#: ../openswan.templates.master:1002
msgid ""
"If you use a PCMCIA network card for your IPSec connections, then you only "
-"have to choice to start it after the PCMCIA services. Answer \"after PCMCIA"
+"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA"
"\" in this case. This is also the correct answer if you want to fetch keys "
"from a locally running DNS server with DNSSec support."
msgstr ""
-"IPSec ³ PCMCIA ͥåȥɤѤƤ硢PCMCIA ӥε"
-"ư Openswan ưʳϤޤξ硢\"PCMCIA ư"
-"\" ƤưƤ DNSSec ǽѤƤ DNS "
-"Ф鸰Ǥ⡢Ƥ"
+"IPSec 接続に PCMCIA ネットワークカードを利用していた場合、PCMCIA サービスの起"
+"動後に Openswan を起動する以外に選択はありません。この場合、\"PCMCIA 起動後"
+"\" と答えてください。ローカルで動作している DNSSec 機能を使用している DNS "
+"サーバから鍵を取得したい場合でも、この答えをしてください。"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:33
+#: ../openswan.templates.master:2001
msgid "Do you wish to restart Openswan?"
-msgstr "Openswan Ƶưޤ?"
+msgstr "Openswan を再起動しますか?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:33
+#: ../openswan.templates.master:2001
msgid ""
"Restarting Openswan is a good idea, since if there is a security fix, it "
"will not be fixed until the daemon restarts. Most people expect the daemon "
"to restart, so this is generally a good idea. However this might take down "
"existing connections and then bring them back up."
msgstr ""
-"ƥäˤϥǡƵưޤǽȿǤޤ"
-"ΤᡢOpenswan ƵưΤɤͤǤۤȤɤοͤϥǡ"
-"Ƶư褦ȤޤꤢޤκȤǸߤ"
-"³Ǥ졢ٷҤʤȤˤʤޤ"
+"セキュリティ修正があった場合にはデーモンが再起動されるまで修正が反映されませ"
+"ん。そのため、Openswan を再起動するのは良い考えです。ほとんどの人はデーモンを"
+"再起動しようとしますが、これは大抵問題ありません。しかし、この作業で現在の接"
+"続は切断され、再度繋ぎなおすことになります。"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:42
-msgid "Do you want to create a RSA public/private keypair for this host ?"
-msgstr "ΥۥȤ RSA ̩Υڥޤ?"
+#: ../openswan.templates.master:3001
+msgid "Do you want to create a RSA public/private keypair for this host?"
+msgstr "このホストの RSA 公開鍵と秘密鍵のキーペアを生成しますか?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:42
+#: ../openswan.templates.master:3001
msgid ""
"This installer can automatically create a RSA public/private keypair for "
"this host. This keypair can be used to authenticate IPSec connections to "
@@ -135,42 +135,52 @@
"connections. The other possibility would be to use shared secrets (passwords "
"that are the same on both sides of the tunnel) for authenticating an "
"connection, but for a larger number of connections RSA authentication is "
-"easier to administrate and more secure."
+"easier to administer and more secure."
msgstr ""
-"ΥȡϤΥۥȤ RSA ̩ΥڥưŪǤ"
-"ޤΥڥ¾ΥۥȤȤ IPSec ̿ǤǧڤѲǽǡ奢"
-" IPSec ̿ΩˡȤƹޤƤޤ¾ѲǽˡȤƤ϶"
-"̸ (ȥͥƱѥ) ̿ǧڤѤȤΤ"
-"¿³ФƤϡRSA ǧڤΤۤñǡꥻ奢"
-""
+"このインストーラはこのホストの RSA 公開鍵と秘密鍵のキーペアを自動的に生成でき"
+"ます。このキーペアは他のホストとの IPSec 通信での認証に利用可能で、セキュア"
+"な IPSec 通信を確立する方法として好まれています。他に利用可能な方法としては共"
+"通鍵 (トンネルの双方で同じパスワード) を通信の認証に利用するというのがありま"
+"すが、多数の接続に対しては、RSA 認証のほうが管理がより簡単で、よりセキュアで"
+"す。"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid ""
+"If you do not want to create a new public/private keypair, you can choose to "
+"use an existing one."
+msgstr ""
+"新しい公開鍵と秘密鍵のキーペアを生成したくないという場合は、既存の鍵を使うの"
+"を選ぶこともできます。"
#. Type: select
#. Choices
-#: ../openswan.templates.master:53
+#: ../openswan.templates.master:4001
msgid "x509, plain"
-msgstr "x509, ̾Υ"
+msgstr "x509, 通常のタイプ"
#. Type: select
#. Description
-#: ../openswan.templates.master:55
-msgid "Which type of RSA keypair do you want to create ?"
-msgstr "ɤΥפ RSA ڥޤ?"
+#: ../openswan.templates.master:4002
+msgid "Which type of RSA keypair do you want to create?"
+msgstr "どちらのタイプの RSA キーペアを生成しますか?"
#. Type: select
#. Description
-#: ../openswan.templates.master:55
+#: ../openswan.templates.master:4002
msgid ""
-"It is possible to create a plain RSA public/private keypair for the use with "
+"It is possible to create a plain RSA public/private keypair for use with "
"Openswan or to create a X509 certificate file which contains the RSA public "
-"key and additionally store the corresponding private key."
+"key and additionally stores the corresponding private key."
msgstr ""
-"Openswan Ѥ̾ RSA ̩Υڥޤ뤤 "
-"RSA (ˤϤб̩) ޤ X509 եƱ"
-"Ǥ"
+"Openswan で利用する通常の RSA 公開鍵・秘密鍵のキーペアを作れます。あるいは "
+"RSA 公開鍵を (さらにはそれに対応する秘密鍵も) 含む X509 証明書ファイルも同様"
+"です。"
#. Type: select
#. Description
-#: ../openswan.templates.master:55
+#: ../openswan.templates.master:4002
msgid ""
"If you only want to build up IPSec connections to hosts also running "
"Openswan, it might be a bit easier using plain RSA keypairs. But if you want "
@@ -179,106 +189,106 @@
"public key in plain format if the other side runs Openswan without X509 "
"certificate support."
msgstr ""
-" Openswan ưƤۥȤ IPSec ̿Ωξϡ"
-" RSA ڥѤ¿ñˤʤޤ¾ IPSec Ȥ"
-"³Ԥ X509 ɬפˤʤޤ̿ԤоݤΥۥȤ "
-"Openswan X509 Υݡ̵DZѤƤ硢 X509 "
-"ơۤ RSA ̾ηŸ뤳ȤǽǤ"
+"既に Openswan を動作させているホストと IPSec 通信を確立したいだけの場合は、通"
+"常の RSA キーペアを使用すると多少簡単になります。しかし、他の IPSec 実装との"
+"接続を行いたい場合は X509 証明書が必要になります。通信を行う対象のホストが "
+"Openswan を X509 証明書のサポート無しで運用していた場合、ここで X509 証明書を"
+"生成して、後ほど RSA 公開鍵を通常の形式に展開することも可能です。"
#. Type: select
#. Description
-#: ../openswan.templates.master:55
+#: ../openswan.templates.master:4002
msgid ""
"Therefore a X509 certificate is recommended since it is more flexible and "
"this installer should be able to hide the complex creation of the X509 "
"certificate and its use in Openswan anyway."
msgstr ""
-"ä X509 ǤΤۤǤΥȡ"
-"ȤСX509 Openswan ǤѤ˺ݤƤݤäƤ"
-"ϤǤ"
+"したがって X509 証明書がお勧めです。こちらのほうが柔軟ですし、このインストー"
+"ラを使えば、X509 証明書の生成や Openswan での利用に際しての面倒さを隠蔽してく"
+"れるはずです。"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:74
+#: ../openswan.templates.master:5001
msgid ""
"Do you have an existing X509 certificate file that you want to use for "
-"Openswan ?"
-msgstr "¸ߤƤ X509 ե Openswan Ѥޤ?"
+"Openswan?"
+msgstr "Openswan で利用したい X509 証明書ファイルがありますか?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:74
+#: ../openswan.templates.master:5001
msgid ""
"This installer can automatically extract the needed information from an "
"existing X509 certificate with a matching RSA private key. Both parts can be "
"in one file, if it is in PEM format. Do you have such an existing "
"certificate and key file and want to use it for authenticating IPSec "
-"connections ?"
+"connections?"
msgstr ""
-"Υȡϴ¸ߤƤ X509 RSA ̩ȾȤ餷碌"
-"ɬפʾưŪŸǽǤ PEM ξ硢ĤΥե"
-"ˤޤȤ뤳ȤǽǤΤ褦ʾȸΥե뤬ꡢ "
-"IPSec ̿Ǥǧڤ˻ѤǤ?"
+"このインストーラは既存の X509 証明書から RSA 秘密鍵と照らし合わせて必要な情報"
+"を自動的に展開する事が可能です。 PEM 形式の場合、双方を一つのファイルにまとめ"
+"ることも可能です。そのような証明書と鍵のファイルがあり、これらを IPSec 通信で"
+"の認証に使用したいですか?"
#. Type: string
#. Description
-#: ../openswan.templates.master:83
+#: ../openswan.templates.master:6001
msgid "Please enter the location of your X509 certificate in PEM format."
-msgstr "PEM X509 ξϤƤ"
+msgstr "PEM 形式の X509 証明書の場所を入力してください。"
#. Type: string
#. Description
-#: ../openswan.templates.master:83
+#: ../openswan.templates.master:6001
msgid ""
"Please enter the location of the file containing your X509 certificate in "
"PEM format."
-msgstr "PEM X509 ޤǤեξϤƤ"
+msgstr "PEM 形式の X509 証明書を含んでいるファイルの場所を入力してください。"
#. Type: string
#. Description
-#: ../openswan.templates.master:89
+#: ../openswan.templates.master:7001
msgid "Please enter the location of your X509 private key in PEM format."
-msgstr "PEM X509 ̩ξϤƤ"
+msgstr "PEM 形式の X509 秘密鍵の場所を入力してください。"
#. Type: string
#. Description
-#: ../openswan.templates.master:89
+#: ../openswan.templates.master:7001
msgid ""
"Please enter the location of the file containing the private RSA key "
"matching your X509 certificate in PEM format. This can be the same file that "
"contains the X509 certificate."
msgstr ""
-"PEM X509 б̩ޤǤեξϤƤ"
-" X509 ޤǤեƱǹޤ"
+"PEM 形式の X509 証明書に対応する秘密鍵を含んでいるファイルの場所を入力してく"
+"ださい。これは X509 証明書を含んでいるファイルと同じで構いません。"
#. Type: string
#. Description
-#: ../openswan.templates.master:97
-msgid "Which length should the created RSA key have ?"
-msgstr "RSA ɤĹޤ?"
+#: ../openswan.templates.master:8001
+msgid "Which length should the created RSA key have?"
+msgstr "RSA 鍵をどの程度の長さで生成しますか?"
#. Type: string
#. Description
-#: ../openswan.templates.master:97
+#: ../openswan.templates.master:8001
msgid ""
"Please enter the length of the created RSA key. it should not be less than "
"1024 bits because this should be considered unsecure and you will probably "
"not need anything more than 2048 bits because it only slows the "
"authentication process down and is not needed at the moment."
msgstr ""
-" RSA ĹϤƤΤᡢ1024 ӥåȰʲˤ٤"
-"ǤϤޤ2048 ӥåȰʾˤɬפʤǤ礦ǧڥץ٤"
-"ޤǤϤ餯ɬפޤ"
+"生成する RSA 鍵の長さを入力してください。安全のため、1024 ビット以下にすべき"
+"ではありません。2048 ビット以上にする必要もないでしょう。認証プロセスが遅くな"
+"りますし、現時点ではおそらく必要ありません。"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:106
-msgid "Do you want to create a self-signed X509 certificate ?"
-msgstr "ʽ̾ X509 ޤ?"
+#: ../openswan.templates.master:9001
+msgid "Do you want to create a self-signed X509 certificate?"
+msgstr "自己署名 X509 証明書を生成しますか?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:106
+#: ../openswan.templates.master:9001
msgid ""
"This installer can only create self-signed X509 certificates automatically, "
"because otherwise a certificate authority is needed to sign the certificate "
@@ -288,222 +298,221 @@
"PKI features of Openswan >= 1.91, you will need to have all X509 "
"certificates signed by a single certificate authority to create a trust path."
msgstr ""
-"˽̾뤿ˤǧڶɤɬפȤʤΤǡΥȡǤϼ"
-"̾ X509 ưŪǽǤʽ̾"
-"硢ѤƤ X509 ݡȤƤ¾ IPSec ۥȤ"
-"³ǽǤOpenswan С 1.91 ʾǤο PKI ǽȤ"
-"ϡtrust path 뤿ñǧڶɤˤäƤ٤Ƥ X509 "
-"˽̾Ƥ餦ɬפޤ"
+"証明書要求に署名するためには認証局が必要となるので、このインストーラでは自己"
+"署名 X509 証明書を自動的に生成する事だけが可能です。自己署名証明書を生成した"
+"い場合、これを使用してすぐに X509 証明書をサポートしている他の IPSec ホストに"
+"接続可能です。しかし、Openswan バージョン 1.91 以上での新しい PKI 機能を使い"
+"たい場合は、trust path を生成するために単一の認証局によってすべての X509 証明"
+"書に署名してもらう必要があります。"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:106
+#: ../openswan.templates.master:9001
msgid ""
"If you do not want to create a self-signed certificate, then this installer "
"will only create the RSA private key and the certificate request and you "
"will have to sign the certificate request with your certificate authority."
msgstr ""
-"ʽ̾ʤ硢Υȡ RSA ̩Ⱦ"
-"Τߤޤơǧڶɤ˾ؽ̾Ƥ餦ɬפ"
-""
+"自己署名証明書を生成したくない場合、このインストーラは RSA 秘密鍵と証明書要求"
+"のみを生成します。そして、認証局に証明書要求へ署名をしてもらう必要がありま"
+"す。"
#. Type: string
#. Description
-#: ../openswan.templates.master:124
+#: ../openswan.templates.master:10001
msgid "Please enter the country code for the X509 certificate request."
-msgstr "X509 ˵ܤɤϤƤ"
+msgstr "X509 証明書要求に記載する国コードを入力してください。"
#. Type: string
#. Description
-#: ../openswan.templates.master:124
+#: ../openswan.templates.master:10001
msgid ""
"Please enter the 2 letter country code for your country. This code will be "
"placed in the certificate request."
msgstr ""
-"ʤιιɤ2ʸϤƤΥɤϾ˵ܤ"
-"ޤ"
+"あなたの国の国コードを2文字で入力してください。このコードは証明書要求に記載さ"
+"れます。"
#. Type: string
#. Description
-#: ../openswan.templates.master:124
+#: ../openswan.templates.master:10001
msgid ""
"You really need to enter a valid country code here, because openssl will "
"refuse to generate certificates without one. An empty field is allowed for "
"any other field of the X.509 certificate, but not for this one."
msgstr ""
-"openssl ɤʤǤϾݤΤǡɤ"
-"ϤɬפޤX.509 Ǥϡ¾ΥեɤˤĤƤ϶Ǥ"
-"ޤˤĤƤϵĤƤޤ"
+"openssl が国コードなしでは証明書の生成を拒否するので、正しい国コードをここで"
+"入力する必要があります。X.509 証明書では、他のフィールドについては空でも構い"
+"ませんが、これについては許可されていません。"
#. Type: string
#. Description
-#: ../openswan.templates.master:124
+#: ../openswan.templates.master:10001
msgid "Example: AT"
-msgstr ": JP"
+msgstr "例: JP"
#. Type: string
#. Description
-#: ../openswan.templates.master:137
+#: ../openswan.templates.master:11001
msgid ""
"Please enter the state or province name for the X509 certificate request."
-msgstr "X509 ˵ܤƻܸ̾ϤƤ"
+msgstr "X509 証明書要求に記載する都道府県名を入力してください。"
#. Type: string
#. Description
-#: ../openswan.templates.master:137
+#: ../openswan.templates.master:11001
msgid ""
"Please enter the full name of the state or province you live in. This name "
"will be placed in the certificate request."
msgstr ""
-"ʤ߽ƤƻܸϤƤϾ˵ܤ"
-""
+"あなたが在住している都道府県を入力してください。これは証明書要求に記載されま"
+"す。"
#. Type: string
#. Description
-#: ../openswan.templates.master:137
+#: ../openswan.templates.master:11001
msgid "Example: Upper Austria"
-msgstr ": Tokyo"
+msgstr "例: Tokyo"
#. Type: string
#. Description
-#: ../openswan.templates.master:146
+#: ../openswan.templates.master:12001
msgid "Please enter the locality name for the X509 certificate request."
-msgstr "X509 ˵ܤϤ̾ϤƤ"
+msgstr "X509 証明書要求に記載する土地の名前を入力してください。"
#. Type: string
#. Description
-#: ../openswan.templates.master:146
+#: ../openswan.templates.master:12001
msgid ""
"Please enter the locality (e.g. city) where you live. This name will be "
"placed in the certificate request."
msgstr ""
-"ʤκ߽Ƥ̾ (: Į¼̾) ϤƤϾ"
-"˵ܤޤ"
+"あなたの在住している地方の名前 (例: 市町村名) を入力してください。これは証明"
+"書要求に記載されます。"
#. Type: string
#. Description
-#: ../openswan.templates.master:146
+#: ../openswan.templates.master:12001
msgid "Example: Vienna"
-msgstr ": Shinjuku-ku"
+msgstr "例: Shinjuku-ku"
#. Type: string
#. Description
-#: ../openswan.templates.master:155
+#: ../openswan.templates.master:13001
msgid "Please enter the organization name for the X509 certificate request."
-msgstr "X509 ˵ܤȿ̾ϤƤ"
+msgstr "X509 証明書要求に記載する組織名を入力してください。"
#. Type: string
#. Description
-#: ../openswan.templates.master:155
+#: ../openswan.templates.master:13001
msgid ""
"Please enter the organization (e.g. company) that the X509 certificate "
"should be created for. This name will be placed in the certificate request."
msgstr ""
-"X509 оݤȤʤ٤ȿ (: ) ϤƤϾ"
-"˵ܤޤ"
+"X509 証明書の生成対象となるべき組織 (例: 会社) を入力してください。これは証明"
+"書要求に記載されます。"
#. Type: string
#. Description
-#: ../openswan.templates.master:155
+#: ../openswan.templates.master:13001
msgid "Example: Debian"
-msgstr ": Debian"
+msgstr "例: Debian"
#. Type: string
#. Description
-#: ../openswan.templates.master:165
+#: ../openswan.templates.master:14001
msgid "Please enter the organizational unit for the X509 certificate request."
-msgstr "X509 ˵ܤȿñ̤ϤƤ"
+msgstr "X509 証明書要求に記載する組織単位を入力してください。"
#. Type: string
#. Description
-#: ../openswan.templates.master:165
+#: ../openswan.templates.master:14001
msgid ""
"Please enter the organizational unit (e.g. section) that the X509 "
"certificate should be created for. This name will be placed in the "
"certificate request."
msgstr ""
-"X509 оݤȤʤ٤ȿñ (: ̾) ϤƤ"
-"Ͼ˵ܤޤ"
+"X509 証明書の生成対象となるべき組織単位 (例: 部署名) を入力してください。これ"
+"は証明書要求に記載されます。"
#. Type: string
#. Description
-#: ../openswan.templates.master:165
+#: ../openswan.templates.master:14001
msgid "Example: security group"
-msgstr ": security group"
+msgstr "例: security group"
#. Type: string
#. Description
-#: ../openswan.templates.master:175
+#: ../openswan.templates.master:15001
msgid "Please enter the common name for the X509 certificate request."
-msgstr "X509 ˵ܤ륳͡ϤƤ"
+msgstr "X509 証明書要求に記載するコモンネームを入力してください。"
#. Type: string
#. Description
-#: ../openswan.templates.master:175
+#: ../openswan.templates.master:15001
msgid ""
"Please enter the common name (e.g. the host name of this machine) for which "
"the X509 certificate should be created for. This name will be placed in the "
"certificate request."
msgstr ""
-"X509 оݤȤʤ٤͡ (: ΥޥΥۥ̾) "
-"ƤϾ˵ܤޤ"
+"X509 証明書の生成対象となるべきコモンネーム (例: このマシンのホスト名) を入力"
+"してください。これは証明書要求に記載されます。"
#. Type: string
#. Description
-#: ../openswan.templates.master:175
+#: ../openswan.templates.master:15001
msgid "Example: gateway.debian.org"
-msgstr ": gateway.debian.org"
+msgstr "例: gateway.debian.org"
#. Type: string
#. Description
-#: ../openswan.templates.master:185
+#: ../openswan.templates.master:16001
msgid "Please enter the email address for the X509 certificate request."
-msgstr "X509 ˵ܤ륢ɥ쥹ϤƤ"
+msgstr "X509 証明書要求に記載するメールアドレスを入力してください。"
#. Type: string
#. Description
-#: ../openswan.templates.master:185
+#: ../openswan.templates.master:16001
msgid ""
"Please enter the email address of the person or organization who is "
"responsible for the X509 certificate, This address will be placed in the "
"certificate request."
msgstr ""
-"X509 ǤԤȤʤʪΤΥ륢ɥ쥹ϤƤΥ"
-"ɥ쥹Ͼ˵ܤޤ"
+"X509 証明書の責任者となる人物・団体のメールアドレスを入力してください。このア"
+"ドレスは証明書要求に記載されます。"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:193
+#: ../openswan.templates.master:17001
msgid "Do you wish to enable opportunistic encryption in Openswan?"
-msgstr "Openswan opportunistic encryption ͭˤޤ?"
+msgstr "Openswan で opportunistic encryption を有効にしますか?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:193
-#, fuzzy
+#: ../openswan.templates.master:17001
msgid ""
"Openswan comes with support for opportunistic encryption (OE), which stores "
"IPSec authentication information (i.e. RSA public keys) in (preferably "
"secure) DNS records. Until this is widely deployed, activating it will cause "
"a significant slow-down for every new, outgoing connection. Since version "
"2.0, Openswan upstream comes with OE enabled by default and is thus likely "
-"to break you existing connection to the Internet (i.e. your default route) "
+"to break your existing connection to the Internet (i.e. your default route) "
"as soon as pluto (the Openswan keying daemon) is started."
msgstr ""
-"Openswan ϡIPSec ǧھ (: RSA ) (勞ϥ奢) DNS "
-"¸ opportunistic encryption (OE) ݡȤƤޤ"
-"Ѥ褦ˤʤޤǡͭˤȳؤο³Ƴʤ٤"
-"ޤС 2.0 Openswan γȯϥǥեȤ OE ͭˤƤ"
-"ꡢä pluto (Openswan ̾ǡ) ϤȤ¸ߤ"
-"륤ͥåȤؤ³ (Ĥޤǥեȥ롼) Ǥ뤫⤷ޤ"
-""
+"Openswan は、IPSec 認証情報 (例: RSA 公開鍵) を (願わくはセキュアな) DNS レ"
+"コード内に保存する opportunistic encryption (OE) をサポートしています。これは"
+"広く利用されるようになるまで、有効にすると外部への新規接続は全て格段に遅くな"
+"ります。バージョン 2.0 より Openswan の開発元はデフォルトで OE を有効にしてお"
+"り、したがって pluto (Openswan 鍵署名デーモン) が開始するとすぐ、既に存在して"
+"いるインターネットへの接続 (つまりデフォルトルート) が中断されるかもしれませ"
+"ん。"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:193
+#: ../openswan.templates.master:17001
msgid ""
"Please choose whether you want to enable support for OE. If unsure, do not "
"enable it."
msgstr ""
-"OE ΥݡȤͭˤ뤫ɤǤ褯狼ʤϡͭ"
-"ˤϤʤǤ"
+"OE のサポートを有効にするかどうかを選んでください。よくわからない場合は、有効"
+"にはしないでください。"
--- openswan-2.6.22+dfsg.orig/debian/po/sv.po
+++ openswan-2.6.22+dfsg/debian/po/sv.po
@@ -0,0 +1,525 @@
+# Translation of openswan debconf template to Swedish
+# Copyright (C) 2009 Martin Bagge
+# This file is distributed under the same license as the openswan package.
+#
+# Daniel Nylander , 2005
+# Martin Bagge , 2009
+msgid ""
+msgstr ""
+"Project-Id-Version: openswan 2.4.0-3\n"
+"Report-Msgid-Bugs-To: rmayr@debian.org\n"
+"POT-Creation-Date: 2007-10-27 11:19+0200\n"
+"PO-Revision-Date: 2009-03-06 17:43+0100\n"
+"Last-Translator: Martin Bagge \n"
+"Language-Team: Swedish \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Swedish\n"
+
+#. Type: select
+#. Choices
+#: ../openswan.templates.master:1001
+msgid "earliest, \"after NFS\", \"after PCMCIA\""
+msgstr "tidigast, \"efter NFS\", \"efter PCMCIA\""
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid "At which level do you wish to start Openswan?"
+msgstr "Vid vilken nivå vill du starta Openswan?"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"With the current Debian startup levels (nearly everything starting in level "
+"20), it is impossible for Openswan to always start at the correct time. "
+"There are three possibilities when Openswan can start: before or after the "
+"NFS services and after the PCMCIA services. The correct answer depends on "
+"your specific setup."
+msgstr ""
+"Med de nuvarande uppstartsnivåerna i Debian (nästan allt startar på nivån "
+"20) är det omöjligt för Openswan att alltid starta vid rätt tid. Det finns "
+"tre möjligheter när Openswan kan startas: före eller efter NFS-tjänsterna "
+"och efter PCMCIA-tjänsterna. Det rätta svaret beror på din specifika "
+"konfiguration."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"If you do not have your /usr tree mounted via NFS (either you only mount "
+"other, less vital trees via NFS or don't use NFS mounted trees at all) and "
+"don't use a PCMCIA network card, then it's best to start Openswan at the "
+"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. "
+"In this case (or if you don't understand or care about this issue), answer "
+"\"earliest\" to this question (the default)."
+msgstr ""
+"Om du inte har ditt /usr-träd monterat via NFS (antingen monterar du andra, "
+"mindre viktiga träd via NFS eller så använder du inte NFS-monterade träd "
+"alls) och inte använder ett PCMCIA-nätverkskort är det bäst att starta "
+"Openswan så tidigt som möjligt och därmed tillåter säkra NFS-monteringar via "
+"IPSec. I detta fall (eller om du inte förstår eller bryr dig om detta) svara "
+"\"tidigast\" på denna fråga (standard)."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"If you have your /usr tree mounted via NFS and don't use a PCMCIA network "
+"card, then you will need to start Openswan after NFS so that all necessary "
+"files are available. In this case, answer \"after NFS\" to this question. "
+"Please note that the NFS mount of /usr can not be secured by IPSec in this "
+"case."
+msgstr ""
+"Om du inte har ditt /usr-träd monterat via NFS och inte använder ett PCMCIA-"
+"nätverkskort behöver du starta Openswan efter NFS så att alla nödvändiga "
+"filer finns tillgängliga. I detta fall, svara \"efter NFS\" på frågan. "
+"Notera dock att NFS-monteringen av /usr kan inte säkras upp via IPSec i "
+"detta fall."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"If you use a PCMCIA network card for your IPSec connections, then you only "
+"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA"
+"\" in this case. This is also the correct answer if you want to fetch keys "
+"from a locally running DNS server with DNSSec support."
+msgstr ""
+"Om du använder ett PCMCIA-nätverkskort för dina IPSec-anslutningar har du "
+"bara valet att starta den efter PCMCIA-tjänsterna. Svara \"efter PCMCIA\" i "
+"detta fall. Detta är också det rätta svaret om du vill hämta nycklar från en "
+"lokalt körande DNS-server med DNSSec-stöd."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:2001
+msgid "Do you wish to restart Openswan?"
+msgstr "Vill du starta om Openswan?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:2001
+msgid ""
+"Restarting Openswan is a good idea, since if there is a security fix, it "
+"will not be fixed until the daemon restarts. Most people expect the daemon "
+"to restart, so this is generally a good idea. However this might take down "
+"existing connections and then bring them back up."
+msgstr ""
+"Starta om Openswan är en bra idé eftersom om det är en säkerhetsrättning "
+"kommer den inte rättas till förräns demonen är omstartad. De flesta personer "
+"förväntar sig att demonen startar om så detta är generellt sett en bra idé. "
+"Dock kan detta kanske ta ner existerande anslutningar och sedan ta dom upp "
+"igen."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid "Do you want to create a RSA public/private keypair for this host?"
+msgstr "Vill du skapa ett publikt/privat RSA-nyckelpar för denna värdmaskin?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid ""
+"This installer can automatically create a RSA public/private keypair for "
+"this host. This keypair can be used to authenticate IPSec connections to "
+"other hosts and is the preferred way for building up secure IPSec "
+"connections. The other possibility would be to use shared secrets (passwords "
+"that are the same on both sides of the tunnel) for authenticating an "
+"connection, but for a larger number of connections RSA authentication is "
+"easier to administer and more secure."
+msgstr ""
+"Detta installerare kan automatiskt skapa ett publik/privat RSA-nyckelpar för "
+"denna värdmaskin. Detta nyckelpar kan användas för att autentisera IPSec-"
+"anslutningar till andra värdar och är det sätt som föredras för att bygga "
+"upp säkra IPSec-anslutningar. Den andra möjligheten skulle vara att använda "
+"delade hemligheter (lösenord som är samma på båda sidor av tunneln) för att "
+"autentisera en anslutning men för ett större antal anslutningar är RSA-"
+"autentiseringar det enklaste att administrera och mer säkert."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid ""
+"If you do not want to create a new public/private keypair, you can choose to "
+"use an existing one."
+msgstr ""
+"Om du inte vill skapa ett publikt/privat RSA-nyckelpar kan du använda ett "
+"som redan existerar."
+
+#. Type: select
+#. Choices
+#: ../openswan.templates.master:4001
+msgid "x509, plain"
+msgstr "x509, enkel"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid "Which type of RSA keypair do you want to create?"
+msgstr "Vilken typ av RSA-nyckelpar vill du skapa?"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid ""
+"It is possible to create a plain RSA public/private keypair for use with "
+"Openswan or to create a X509 certificate file which contains the RSA public "
+"key and additionally stores the corresponding private key."
+msgstr ""
+"Det är möjligt att skapa ett enkelt publik/privat RSA-nyckelpar för att "
+"använda med Openswan eller att skapa en X509-certifikatfil som innehåller "
+"den publika RSA-nyckeln och dessutom lagra den motsvarande privata nyckeln."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid ""
+"If you only want to build up IPSec connections to hosts also running "
+"Openswan, it might be a bit easier using plain RSA keypairs. But if you want "
+"to connect to other IPSec implementations, you will need a X509 certificate. "
+"It is also possible to create a X509 certificate here and extract the RSA "
+"public key in plain format if the other side runs Openswan without X509 "
+"certificate support."
+msgstr ""
+"Om du bara vill bygga upp IPSec-anslutningar till värdmaskin som också kör "
+"Openswan kan det vara lite enklare att använda enkla (plain) RSA-nyckelpar. "
+"Men om du vill ansluta till andra IPSec-implementationer behöver du ett X509-"
+"certifikat. Det är också möjligt att skapa ett X509-certifikat här och "
+"plocka ut den publika RSA-nyckeln i enkelt format om den andra sidan kör "
+"Openswan utan stöd för X509-certifikat."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid ""
+"Therefore a X509 certificate is recommended since it is more flexible and "
+"this installer should be able to hide the complex creation of the X509 "
+"certificate and its use in Openswan anyway."
+msgstr ""
+"Därför är ett X509-certifikat rekommenderat eftersom det är mer flexibelt "
+"och denna installerare bör kunna gömma den komplexa processen att skapa X509-"
+"certifikatet och dess användning i Openswan ändå."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:5001
+msgid ""
+"Do you have an existing X509 certificate file that you want to use for "
+"Openswan?"
+msgstr ""
+"Har du en existerande X509-certifikatfil som du vill använda för Openswan?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:5001
+msgid ""
+"This installer can automatically extract the needed information from an "
+"existing X509 certificate with a matching RSA private key. Both parts can be "
+"in one file, if it is in PEM format. Do you have such an existing "
+"certificate and key file and want to use it for authenticating IPSec "
+"connections?"
+msgstr ""
+"Denna installerare kan automatiskt plocka ut den information som behövs från "
+"ett existerande X509-certifikat med en matchande privat RSA-nyckel. Båda "
+"delar kan vara i en fil om den är i PEM-format. Har du ett sådant "
+"existerande certifikat och nyckelfil och vill använda det för att "
+"autentisera IPSec-anslutningar ?"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:6001
+msgid "Please enter the location of your X509 certificate in PEM format."
+msgstr "Ange platsen för ditt X509-certifikat i PEM-format."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:6001
+msgid ""
+"Please enter the location of the file containing your X509 certificate in "
+"PEM format."
+msgstr ""
+"Ange platsen för din fil som innehåller ditt X509-certifikat i PEM-format."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:7001
+msgid "Please enter the location of your X509 private key in PEM format."
+msgstr "Ange platsen för din privata X509-nyckel i PEM-format."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:7001
+msgid ""
+"Please enter the location of the file containing the private RSA key "
+"matching your X509 certificate in PEM format. This can be the same file that "
+"contains the X509 certificate."
+msgstr ""
+"Ange platsen för den fil som innehåller den privata RSA-nyckeln som matchar "
+"ditt X509-certifikat i PEM-format. Detta kan vara samma fil som innehåller "
+"X509-certifikatet."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:8001
+msgid "Which length should the created RSA key have?"
+msgstr "Vilken längd ska den skapade RSA-nyckeln ha?"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:8001
+msgid ""
+"Please enter the length of the created RSA key. it should not be less than "
+"1024 bits because this should be considered unsecure and you will probably "
+"not need anything more than 2048 bits because it only slows the "
+"authentication process down and is not needed at the moment."
+msgstr ""
+"Ange längden för den skapade RSA-nyckeln, den bör inte vara kortare än 1024 "
+"bitar för att detta bör anses som osäkert och du vill antagligen inte behöva "
+"någon längre än 2048 bitar för att det bara går autentiseringsprocessen "
+"långsammare och behövs inte just nu."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
+msgid "Do you want to create a self-signed X509 certificate?"
+msgstr "Vill du skapa ett själv-signerat X509-certifikat?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
+msgid ""
+"This installer can only create self-signed X509 certificates automatically, "
+"because otherwise a certificate authority is needed to sign the certificate "
+"request. If you want to create a self-signed certificate, you can use it "
+"immediately to connect to other IPSec hosts that support X509 certificate "
+"for authentication of IPSec connections. However, if you want to use the new "
+"PKI features of Openswan >= 1.91, you will need to have all X509 "
+"certificates signed by a single certificate authority to create a trust path."
+msgstr ""
+"Denna installerare kan bara skapa själv-signerade X509-certifikat "
+"automatiskt för att annars behövs en certifikatutställare som kan signera "
+"certifikatförfrågan. Om du vill skapa ett själv-signerat certifikat kan du "
+"använda det omedelbart för att ansluta till andra IPSec-värdar som har stöd "
+"för X509-certifikat för autentisering för IPSec-anslutningar. Om du vill "
+"använda de nya PKI-funktionerna i Openswan >= 1.91 behöver du ha alla X509-"
+"certifikat signerade av en enda certifikatutställare för att skapa en "
+"pålitlig väg."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
+msgid ""
+"If you do not want to create a self-signed certificate, then this installer "
+"will only create the RSA private key and the certificate request and you "
+"will have to sign the certificate request with your certificate authority."
+msgstr ""
+"Om du inte vill skapa ett själv-signerat certifikat kommer denna "
+"installerare bara att skapa den privata RSA-nyckeln och certifikatförfrågan "
+"och du kommer att behöva signera certifikatförfrågan med din "
+"certifikatutgivare."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid "Please enter the country code for the X509 certificate request."
+msgstr "Ange en landskod för X509-certifikatförfrågan."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid ""
+"Please enter the 2 letter country code for your country. This code will be "
+"placed in the certificate request."
+msgstr ""
+"Ange en landskod med 2 bokstäver för ditt land. Denna kod kommer att "
+"placeras i certifikatförfrågan."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid ""
+"You really need to enter a valid country code here, because openssl will "
+"refuse to generate certificates without one. An empty field is allowed for "
+"any other field of the X.509 certificate, but not for this one."
+msgstr ""
+"Du behöver verkligen ange en giltig landskod här för att openssl kommer att "
+"vägra att generera certifikat utan ett. Ett tomt fält är tillåtet för alla "
+"andra fält i X509-certifikatet men inte för denna."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid "Example: AT"
+msgstr "Exempel: SE"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
+msgid ""
+"Please enter the state or province name for the X509 certificate request."
+msgstr "Ange namnet på regionen eller länet för X509-certifikatförfrågan."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
+msgid ""
+"Please enter the full name of the state or province you live in. This name "
+"will be placed in the certificate request."
+msgstr ""
+"Ange det fulla namnet på regionen eller länet du bor i. Detta namn kommer "
+"att placeras i certifikatförfrågan."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
+msgid "Example: Upper Austria"
+msgstr "Exempel: Centrala Sverige"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
+msgid "Please enter the locality name for the X509 certificate request."
+msgstr "Ange platsen för X509-certifikatförfrågan."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
+msgid ""
+"Please enter the locality (e.g. city) where you live. This name will be "
+"placed in the certificate request."
+msgstr ""
+"Ange platsen (exempelvis stad) där du bor. Detta namn kommer att placeras i "
+"certifikatförfrågan."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
+msgid "Example: Vienna"
+msgstr "Exempel: Stockholm"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
+msgid "Please enter the organization name for the X509 certificate request."
+msgstr "Ange organisationsnamnet för X509-certifikatförfrågan."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
+msgid ""
+"Please enter the organization (e.g. company) that the X509 certificate "
+"should be created for. This name will be placed in the certificate request."
+msgstr ""
+"Ange organisationen (exempelvis företaget) som X509-certifikatet ska skapas "
+"för. Detta namn kommer att placeras i certifikatförfrågan."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
+msgid "Example: Debian"
+msgstr "Exempel: Debian"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
+msgid "Please enter the organizational unit for the X509 certificate request."
+msgstr "Ange organisationsenheten för X509-certifikatförfrågan."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
+msgid ""
+"Please enter the organizational unit (e.g. section) that the X509 "
+"certificate should be created for. This name will be placed in the "
+"certificate request."
+msgstr ""
+"Ange organisationsenheten (exempelvis avdelning) som X509-certifikatet ska "
+"skapas för. Detta namn kommer att placeras i certifikatförfrågan."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
+msgid "Example: security group"
+msgstr "Exempel: säkerhetsgruppen"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
+msgid "Please enter the common name for the X509 certificate request."
+msgstr "Ange namnet för X509-certifikatförfrågan."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
+msgid ""
+"Please enter the common name (e.g. the host name of this machine) for which "
+"the X509 certificate should be created for. This name will be placed in the "
+"certificate request."
+msgstr ""
+"Ange namnet (exempelvis värdnamnet för denna maskin) för vilken X509-"
+"certifikatet ska skapas för. Detta namn kommer att placeras i "
+"certifikatförfrågan."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
+msgid "Example: gateway.debian.org"
+msgstr "Exempel: gateway.debian.org"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:16001
+msgid "Please enter the email address for the X509 certificate request."
+msgstr "Ange e-postaddressen för X509-certifikatförfrågan."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:16001
+msgid ""
+"Please enter the email address of the person or organization who is "
+"responsible for the X509 certificate, This address will be placed in the "
+"certificate request."
+msgstr ""
+"Ange e-postaddressen till den person eller organisation som ansvarar för "
+"X509-certifikatet. Denna address kommer att placeras i certifikatförfrågan."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
+msgid "Do you wish to enable opportunistic encryption in Openswan?"
+msgstr "Vill du aktivera opportunistisk kryptering i Openswan?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
+msgid ""
+"Openswan comes with support for opportunistic encryption (OE), which stores "
+"IPSec authentication information (i.e. RSA public keys) in (preferably "
+"secure) DNS records. Until this is widely deployed, activating it will cause "
+"a significant slow-down for every new, outgoing connection. Since version "
+"2.0, Openswan upstream comes with OE enabled by default and is thus likely "
+"to break your existing connection to the Internet (i.e. your default route) "
+"as soon as pluto (the Openswan keying daemon) is started."
+msgstr ""
+"Openswan har stöd för opportunistisk kryptering (OE) som lagrar information "
+"om IPSec-autentiseringen (exempelvis publika RSA-nycklar) i (helst säkra) "
+"DNS-poster. Tills detta är en mer utbredd tjänst kan aktivering av det "
+"orsaka en betydande hastighetssänkning för varje ny utgående anslutning. "
+"Sedan version 2.0 kommer Openswan (uppström) med OE aktiverad som standard "
+"och kommer därför sannorlikt att bryta din existerande anslutning till "
+"Internet (exempelvis din standardrutt) som snart som pluto (demonen för "
+"Openswan-nycklar) startas."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
+msgid ""
+"Please choose whether you want to enable support for OE. If unsure, do not "
+"enable it."
+msgstr ""
+"Välj om du vill aktivera stöd för OE. Om du är osäker bör du inte aktivera "
+"det."
--- openswan-2.6.22+dfsg.orig/debian/po/cs.po
+++ openswan-2.6.22+dfsg/debian/po/cs.po
@@ -13,8 +13,8 @@
msgid ""
msgstr ""
"Project-Id-Version: openswan 2.3.0\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2005-01-13 11:49+0100\n"
+"Report-Msgid-Bugs-To: rmayr@debian.org\n"
+"POT-Creation-Date: 2007-10-27 11:19+0200\n"
"PO-Revision-Date: 2005-02-08 14:12+0100\n"
"Last-Translator: Ondra Kudlik \n"
"Language-Team: Czech \n"
@@ -24,19 +24,21 @@
#. Type: select
#. Choices
-#: ../openswan.templates.master:3
+#: ../openswan.templates.master:1001
msgid "earliest, \"after NFS\", \"after PCMCIA\""
msgstr "nejdříve, \"po NFS\", \"po PCMCIA\""
#. Type: select
#. Description
-#: ../openswan.templates.master:5
-msgid "At which level do you wish to start Openswan ?"
+#: ../openswan.templates.master:1002
+#, fuzzy
+#| msgid "At which level do you wish to start Openswan ?"
+msgid "At which level do you wish to start Openswan?"
msgstr "Na jaké úrovni chcete spouštět Openswan?"
#. Type: select
#. Description
-#: ../openswan.templates.master:5
+#: ../openswan.templates.master:1002
msgid ""
"With the current Debian startup levels (nearly everything starting in level "
"20), it is impossible for Openswan to always start at the correct time. "
@@ -51,14 +53,14 @@
#. Type: select
#. Description
-#: ../openswan.templates.master:5
+#: ../openswan.templates.master:1002
msgid ""
"If you do not have your /usr tree mounted via NFS (either you only mount "
"other, less vital trees via NFS or don't use NFS mounted trees at all) and "
-"don't use a PCMCIA network card, then it is the best to start Openswan at "
-"the earliest possible time, thus allowing the NFS mounts to be secured by "
-"IPSec. In this case (or if you don't understand or care about this issue), "
-"answer \"earliest\" to this question (the default)."
+"don't use a PCMCIA network card, then it's best to start Openswan at the "
+"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. "
+"In this case (or if you don't understand or care about this issue), answer "
+"\"earliest\" to this question (the default)."
msgstr ""
"Jestliže nemáte váš /usr strom připojen skrz NFS (buď přes NFS připojujete "
"jiné, ne tak důležité stromy nebo jej vůbec nepoužíváte) a zároveň "
@@ -69,12 +71,12 @@
#. Type: select
#. Description
-#: ../openswan.templates.master:5
+#: ../openswan.templates.master:1002
msgid ""
"If you have your /usr tree mounted via NFS and don't use a PCMCIA network "
"card, then you will need to start Openswan after NFS so that all necessary "
"files are available. In this case, answer \"after NFS\" to this question. "
-"Please note that the NFS mount of /usr can not be secured by IPSec in this "
+"Please note that the NFS mount of /usr can not be secured by IPSec in this "
"case."
msgstr ""
"Jestliže máte /usr strom připojen skrz NFS a nepoužíváte PCMCIA síťovou "
@@ -85,10 +87,10 @@
#. Type: select
#. Description
-#: ../openswan.templates.master:5
+#: ../openswan.templates.master:1002
msgid ""
"If you use a PCMCIA network card for your IPSec connections, then you only "
-"have to choice to start it after the PCMCIA services. Answer \"after PCMCIA"
+"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA"
"\" in this case. This is also the correct answer if you want to fetch keys "
"from a locally running DNS server with DNSSec support."
msgstr ""
@@ -99,13 +101,13 @@
#. Type: boolean
#. Description
-#: ../openswan.templates.master:33
+#: ../openswan.templates.master:2001
msgid "Do you wish to restart Openswan?"
msgstr "Přejete si spustit Openswan?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:33
+#: ../openswan.templates.master:2001
msgid ""
"Restarting Openswan is a good idea, since if there is a security fix, it "
"will not be fixed until the daemon restarts. Most people expect the daemon "
@@ -120,13 +122,15 @@
#. Type: boolean
#. Description
-#: ../openswan.templates.master:42
-msgid "Do you want to create a RSA public/private keypair for this host ?"
+#: ../openswan.templates.master:3001
+#, fuzzy
+#| msgid "Do you want to create a RSA public/private keypair for this host ?"
+msgid "Do you want to create a RSA public/private keypair for this host?"
msgstr "Přejete si vytvořit RSA veřejný/soukromý pár klíčů pro tento počítač?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:42
+#: ../openswan.templates.master:3001
msgid ""
"This installer can automatically create a RSA public/private keypair for "
"this host. This keypair can be used to authenticate IPSec connections to "
@@ -134,7 +138,7 @@
"connections. The other possibility would be to use shared secrets (passwords "
"that are the same on both sides of the tunnel) for authenticating an "
"connection, but for a larger number of connections RSA authentication is "
-"easier to administrate and more secure."
+"easier to administer and more secure."
msgstr ""
"Tento instalátor může automaticky vytvořit RSA soukromý/privátní pár klíčů "
"pro tento počítač. Pár klíčů může být využit k autentifikaci IPSec spojení "
@@ -143,25 +147,36 @@
"(hesel, která jsou stejná na obou stranách tunelu), ale pro větší množství "
"spojení je RSA autentifikace snažší pro správu a mnohem bezpečnější."
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+#, fuzzy
+msgid ""
+"If you do not want to create a new public/private keypair, you can choose to "
+"use an existing one."
+msgstr "Přejete si vytvořit RSA veřejný/soukromý pár klíčů pro tento počítač?"
+
#. Type: select
#. Choices
-#: ../openswan.templates.master:53
+#: ../openswan.templates.master:4001
msgid "x509, plain"
msgstr "x509, prostý"
#. Type: select
#. Description
-#: ../openswan.templates.master:55
-msgid "Which type of RSA keypair do you want to create ?"
+#: ../openswan.templates.master:4002
+#, fuzzy
+#| msgid "Which type of RSA keypair do you want to create ?"
+msgid "Which type of RSA keypair do you want to create?"
msgstr "Jaký typ RSA páru klíčů chcete vytvořit?"
#. Type: select
#. Description
-#: ../openswan.templates.master:55
+#: ../openswan.templates.master:4002
msgid ""
-"It is possible to create a plain RSA public/private keypair for the use with "
+"It is possible to create a plain RSA public/private keypair for use with "
"Openswan or to create a X509 certificate file which contains the RSA public "
-"key and additionally store the corresponding private key."
+"key and additionally stores the corresponding private key."
msgstr ""
"Je možné vytvořit čisty pár RSA klíčů pro použití s Openswan nebo vytvořit "
"soubor s certifikátem X509, který obsahuje veřejný RSA klíč a dodatečně "
@@ -169,7 +184,7 @@
#. Type: select
#. Description
-#: ../openswan.templates.master:55
+#: ../openswan.templates.master:4002
msgid ""
"If you only want to build up IPSec connections to hosts also running "
"Openswan, it might be a bit easier using plain RSA keypairs. But if you want "
@@ -187,7 +202,7 @@
#. Type: select
#. Description
-#: ../openswan.templates.master:55
+#: ../openswan.templates.master:4002
msgid ""
"Therefore a X509 certificate is recommended since it is more flexible and "
"this installer should be able to hide the complex creation of the X509 "
@@ -199,21 +214,32 @@
#. Type: boolean
#. Description
-#: ../openswan.templates.master:74
+#: ../openswan.templates.master:5001
+#, fuzzy
+#| msgid ""
+#| "Do you have an existing X509 certificate file that you want to use for "
+#| "Openswan ?"
msgid ""
"Do you have an existing X509 certificate file that you want to use for "
-"Openswan ?"
+"Openswan?"
msgstr "Vlastníte existující certifkát X509, který chcete použít pro Openswan?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:74
+#: ../openswan.templates.master:5001
+#, fuzzy
+#| msgid ""
+#| "This installer can automatically extract the needed information from an "
+#| "existing X509 certificate with a matching RSA private key. Both parts can "
+#| "be in one file, if it is in PEM format. Do you have such an existing "
+#| "certificate and key file and want to use it for authenticating IPSec "
+#| "connections ?"
msgid ""
"This installer can automatically extract the needed information from an "
"existing X509 certificate with a matching RSA private key. Both parts can be "
"in one file, if it is in PEM format. Do you have such an existing "
"certificate and key file and want to use it for authenticating IPSec "
-"connections ?"
+"connections?"
msgstr ""
"Instalátor může automaticky získat potřebné informace z existujícího "
"certiifikátu X509 s odpovídajícím privátním RSA klíčem. Obě části mohou být "
@@ -222,13 +248,13 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:83
+#: ../openswan.templates.master:6001
msgid "Please enter the location of your X509 certificate in PEM format."
msgstr "Zadejte prosím umístění vašeho certifikátu X509 ve formátu PEM."
#. Type: string
#. Description
-#: ../openswan.templates.master:83
+#: ../openswan.templates.master:6001
msgid ""
"Please enter the location of the file containing your X509 certificate in "
"PEM format."
@@ -236,13 +262,13 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:89
+#: ../openswan.templates.master:7001
msgid "Please enter the location of your X509 private key in PEM format."
msgstr "Zadejte prosím umístění vašeho certifikátu X509 ve formátu PEM."
#. Type: string
#. Description
-#: ../openswan.templates.master:89
+#: ../openswan.templates.master:7001
msgid ""
"Please enter the location of the file containing the private RSA key "
"matching your X509 certificate in PEM format. This can be the same file that "
@@ -254,13 +280,15 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:97
-msgid "Which length should the created RSA key have ?"
+#: ../openswan.templates.master:8001
+#, fuzzy
+#| msgid "Which length should the created RSA key have ?"
+msgid "Which length should the created RSA key have?"
msgstr "Jakou délku by měl mít vytvořený RSA klíč?"
#. Type: string
#. Description
-#: ../openswan.templates.master:97
+#: ../openswan.templates.master:8001
msgid ""
"Please enter the length of the created RSA key. it should not be less than "
"1024 bits because this should be considered unsecure and you will probably "
@@ -273,13 +301,15 @@
#. Type: boolean
#. Description
-#: ../openswan.templates.master:106
-msgid "Do you want to create a self-signed X509 certificate ?"
+#: ../openswan.templates.master:9001
+#, fuzzy
+#| msgid "Do you want to create a self-signed X509 certificate ?"
+msgid "Do you want to create a self-signed X509 certificate?"
msgstr "Chcete vytvořit certifikát X509 podepsaný sám sebou?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:106
+#: ../openswan.templates.master:9001
msgid ""
"This installer can only create self-signed X509 certificates automatically, "
"because otherwise a certificate authority is needed to sign the certificate "
@@ -299,7 +329,7 @@
#. Type: boolean
#. Description
-#: ../openswan.templates.master:106
+#: ../openswan.templates.master:9001
msgid ""
"If you do not want to create a self-signed certificate, then this installer "
"will only create the RSA private key and the certificate request and you "
@@ -311,13 +341,13 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:124
+#: ../openswan.templates.master:10001
msgid "Please enter the country code for the X509 certificate request."
msgstr "Zadejte prosím kód země pro X509 certifikační požadavek."
#. Type: string
#. Description
-#: ../openswan.templates.master:124
+#: ../openswan.templates.master:10001
msgid ""
"Please enter the 2 letter country code for your country. This code will be "
"placed in the certificate request."
@@ -327,7 +357,7 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:124
+#: ../openswan.templates.master:10001
msgid ""
"You really need to enter a valid country code here, because openssl will "
"refuse to generate certificates without one. An empty field is allowed for "
@@ -339,20 +369,20 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:124
+#: ../openswan.templates.master:10001
msgid "Example: AT"
msgstr "Příklad: CZ"
#. Type: string
#. Description
-#: ../openswan.templates.master:137
+#: ../openswan.templates.master:11001
msgid ""
"Please enter the state or province name for the X509 certificate request."
msgstr "Zadejte prosím jméno státu nebo oblasti pro certifikační požadavek."
#. Type: string
#. Description
-#: ../openswan.templates.master:137
+#: ../openswan.templates.master:11001
msgid ""
"Please enter the full name of the state or province you live in. This name "
"will be placed in the certificate request."
@@ -362,19 +392,19 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:137
+#: ../openswan.templates.master:11001
msgid "Example: Upper Austria"
msgstr "Příklad: Morava"
#. Type: string
#. Description
-#: ../openswan.templates.master:146
+#: ../openswan.templates.master:12001
msgid "Please enter the locality name for the X509 certificate request."
msgstr "Zadejte prosím jméno lokality pro certifikační požadavek."
#. Type: string
#. Description
-#: ../openswan.templates.master:146
+#: ../openswan.templates.master:12001
msgid ""
"Please enter the locality (e.g. city) where you live. This name will be "
"placed in the certificate request."
@@ -384,19 +414,19 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:146
+#: ../openswan.templates.master:12001
msgid "Example: Vienna"
msgstr "Příklad: Brno"
#. Type: string
#. Description
-#: ../openswan.templates.master:155
+#: ../openswan.templates.master:13001
msgid "Please enter the organization name for the X509 certificate request."
msgstr "Zadejte prosím název organizace pro certifikační požadavek."
#. Type: string
#. Description
-#: ../openswan.templates.master:155
+#: ../openswan.templates.master:13001
msgid ""
"Please enter the organization (e.g. company) that the X509 certificate "
"should be created for. This name will be placed in the certificate request."
@@ -406,19 +436,19 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:155
+#: ../openswan.templates.master:13001
msgid "Example: Debian"
msgstr "Příklad: Debian"
#. Type: string
#. Description
-#: ../openswan.templates.master:165
+#: ../openswan.templates.master:14001
msgid "Please enter the organizational unit for the X509 certificate request."
msgstr "Zadejte prosím název organizační jednotky pro certifikační požadavek."
#. Type: string
#. Description
-#: ../openswan.templates.master:165
+#: ../openswan.templates.master:14001
msgid ""
"Please enter the organizational unit (e.g. section) that the X509 "
"certificate should be created for. This name will be placed in the "
@@ -429,19 +459,19 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:165
+#: ../openswan.templates.master:14001
msgid "Example: security group"
msgstr "Příklad: bezpečnostní oddělení"
#. Type: string
#. Description
-#: ../openswan.templates.master:175
+#: ../openswan.templates.master:15001
msgid "Please enter the common name for the X509 certificate request."
msgstr "Zadejte prosím obvyklé jméno pro certifikační požadavek."
#. Type: string
#. Description
-#: ../openswan.templates.master:175
+#: ../openswan.templates.master:15001
msgid ""
"Please enter the common name (e.g. the host name of this machine) for which "
"the X509 certificate should be created for. This name will be placed in the "
@@ -452,19 +482,19 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:175
+#: ../openswan.templates.master:15001
msgid "Example: gateway.debian.org"
msgstr "Příklad: gateway.debian.org"
#. Type: string
#. Description
-#: ../openswan.templates.master:185
+#: ../openswan.templates.master:16001
msgid "Please enter the email address for the X509 certificate request."
msgstr "Zadejte prosím emailovou adresu pro certifikační požadavek."
#. Type: string
#. Description
-#: ../openswan.templates.master:185
+#: ../openswan.templates.master:16001
msgid ""
"Please enter the email address of the person or organization who is "
"responsible for the X509 certificate, This address will be placed in the "
@@ -475,20 +505,20 @@
#. Type: boolean
#. Description
-#: ../openswan.templates.master:193
+#: ../openswan.templates.master:17001
msgid "Do you wish to enable opportunistic encryption in Openswan?"
msgstr "Chcete povolit opportunistic encryption ve Openswan?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:193
+#: ../openswan.templates.master:17001
msgid ""
"Openswan comes with support for opportunistic encryption (OE), which stores "
"IPSec authentication information (i.e. RSA public keys) in (preferably "
"secure) DNS records. Until this is widely deployed, activating it will cause "
"a significant slow-down for every new, outgoing connection. Since version "
"2.0, Openswan upstream comes with OE enabled by default and is thus likely "
-"to break you existing connection to the Internet (i.e. your default route) "
+"to break your existing connection to the Internet (i.e. your default route) "
"as soon as pluto (the Openswan keying daemon) is started."
msgstr ""
"Openswan přichází s podporou pro opportunistic·encryption·(OE), která "
@@ -502,7 +532,7 @@
#. Type: boolean
#. Description
-#: ../openswan.templates.master:193
+#: ../openswan.templates.master:17001
msgid ""
"Please choose whether you want to enable support for OE. If unsure, do not "
"enable it."
--- openswan-2.6.22+dfsg.orig/debian/po/pt_BR.po
+++ openswan-2.6.22+dfsg/debian/po/pt_BR.po
@@ -14,8 +14,8 @@
msgid ""
msgstr ""
"Project-Id-Version: openswan\n"
-"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2005-01-13 11:49+0100\n"
+"Report-Msgid-Bugs-To: rmayr@debian.org\n"
+"POT-Creation-Date: 2007-10-27 11:19+0200\n"
"PO-Revision-Date: 2005-01-24 21:53-0200\n"
"Last-Translator: Andr Lus Lopes \n"
"Language-Team: Debian-BR Project \n"
@@ -25,19 +25,21 @@
#. Type: select
#. Choices
-#: ../openswan.templates.master:3
+#: ../openswan.templates.master:1001
msgid "earliest, \"after NFS\", \"after PCMCIA\""
msgstr "o quando antes, \"depois do NFS\", \"depois do PCMCIA\""
#. Type: select
#. Description
-#: ../openswan.templates.master:5
-msgid "At which level do you wish to start Openswan ?"
+#: ../openswan.templates.master:1002
+#, fuzzy
+#| msgid "At which level do you wish to start Openswan ?"
+msgid "At which level do you wish to start Openswan?"
msgstr "Em que nvel voc deseja iniciar o Openswan ?"
#. Type: select
#. Description
-#: ../openswan.templates.master:5
+#: ../openswan.templates.master:1002
msgid ""
"With the current Debian startup levels (nearly everything starting in level "
"20), it is impossible for Openswan to always start at the correct time. "
@@ -53,14 +55,14 @@
#. Type: select
#. Description
-#: ../openswan.templates.master:5
+#: ../openswan.templates.master:1002
msgid ""
"If you do not have your /usr tree mounted via NFS (either you only mount "
"other, less vital trees via NFS or don't use NFS mounted trees at all) and "
-"don't use a PCMCIA network card, then it is the best to start Openswan at "
-"the earliest possible time, thus allowing the NFS mounts to be secured by "
-"IPSec. In this case (or if you don't understand or care about this issue), "
-"answer \"earliest\" to this question (the default)."
+"don't use a PCMCIA network card, then it's best to start Openswan at the "
+"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. "
+"In this case (or if you don't understand or care about this issue), answer "
+"\"earliest\" to this question (the default)."
msgstr ""
"Caso voc no possua sua rvore /usr montada via NFS (voc somente monta "
"outras rvores no vitais via NFS ou no usa rvores montadas via NFS) e no "
@@ -72,12 +74,12 @@
#. Type: select
#. Description
-#: ../openswan.templates.master:5
+#: ../openswan.templates.master:1002
msgid ""
"If you have your /usr tree mounted via NFS and don't use a PCMCIA network "
"card, then you will need to start Openswan after NFS so that all necessary "
"files are available. In this case, answer \"after NFS\" to this question. "
-"Please note that the NFS mount of /usr can not be secured by IPSec in this "
+"Please note that the NFS mount of /usr can not be secured by IPSec in this "
"case."
msgstr ""
"Caso voc possua sua rvore /usr montada via NFS e no use um carto de rede "
@@ -88,10 +90,10 @@
#. Type: select
#. Description
-#: ../openswan.templates.master:5
+#: ../openswan.templates.master:1002
msgid ""
"If you use a PCMCIA network card for your IPSec connections, then you only "
-"have to choice to start it after the PCMCIA services. Answer \"after PCMCIA"
+"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA"
"\" in this case. This is also the correct answer if you want to fetch keys "
"from a locally running DNS server with DNSSec support."
msgstr ""
@@ -103,13 +105,13 @@
#. Type: boolean
#. Description
-#: ../openswan.templates.master:33
+#: ../openswan.templates.master:2001
msgid "Do you wish to restart Openswan?"
msgstr "Voc deseja reiniciar o Openswan ?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:33
+#: ../openswan.templates.master:2001
msgid ""
"Restarting Openswan is a good idea, since if there is a security fix, it "
"will not be fixed until the daemon restarts. Most people expect the daemon "
@@ -124,14 +126,16 @@
#. Type: boolean
#. Description
-#: ../openswan.templates.master:42
-msgid "Do you want to create a RSA public/private keypair for this host ?"
+#: ../openswan.templates.master:3001
+#, fuzzy
+#| msgid "Do you want to create a RSA public/private keypair for this host ?"
+msgid "Do you want to create a RSA public/private keypair for this host?"
msgstr ""
"Voc deseja criar um par de chaves RSA pblica/privada para este host ?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:42
+#: ../openswan.templates.master:3001
msgid ""
"This installer can automatically create a RSA public/private keypair for "
"this host. This keypair can be used to authenticate IPSec connections to "
@@ -139,7 +143,7 @@
"connections. The other possibility would be to use shared secrets (passwords "
"that are the same on both sides of the tunnel) for authenticating an "
"connection, but for a larger number of connections RSA authentication is "
-"easier to administrate and more secure."
+"easier to administer and more secure."
msgstr ""
"Este instalador pode automaticamente criar um par de chaves RSA pblica/"
"privada para este host. Esse par de chaves pode ser usado para autenticar "
@@ -149,25 +153,37 @@
"autenticar uma conexo, mas para um grande nmero de conexes RSA a "
"autenticao mais fcil de administrar e mais segura."
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+#, fuzzy
+msgid ""
+"If you do not want to create a new public/private keypair, you can choose to "
+"use an existing one."
+msgstr ""
+"Voc deseja criar um par de chaves RSA pblica/privada para este host ?"
+
#. Type: select
#. Choices
-#: ../openswan.templates.master:53
+#: ../openswan.templates.master:4001
msgid "x509, plain"
msgstr "x509, pura"
#. Type: select
#. Description
-#: ../openswan.templates.master:55
-msgid "Which type of RSA keypair do you want to create ?"
+#: ../openswan.templates.master:4002
+#, fuzzy
+#| msgid "Which type of RSA keypair do you want to create ?"
+msgid "Which type of RSA keypair do you want to create?"
msgstr "Qual tipo de par de chaves RSA voc deseja criar ?"
#. Type: select
#. Description
-#: ../openswan.templates.master:55
+#: ../openswan.templates.master:4002
msgid ""
-"It is possible to create a plain RSA public/private keypair for the use with "
+"It is possible to create a plain RSA public/private keypair for use with "
"Openswan or to create a X509 certificate file which contains the RSA public "
-"key and additionally store the corresponding private key."
+"key and additionally stores the corresponding private key."
msgstr ""
" possvel criar um par de chaves RSA pblica/privada pura (plain) para uso "
"com o Openswan ou para criar um arquivo de certificado X509 que ir conter a "
@@ -175,7 +191,7 @@
#. Type: select
#. Description
-#: ../openswan.templates.master:55
+#: ../openswan.templates.master:4002
msgid ""
"If you only want to build up IPSec connections to hosts also running "
"Openswan, it might be a bit easier using plain RSA keypairs. But if you want "
@@ -193,7 +209,7 @@
#. Type: select
#. Description
-#: ../openswan.templates.master:55
+#: ../openswan.templates.master:4002
msgid ""
"Therefore a X509 certificate is recommended since it is more flexible and "
"this installer should be able to hide the complex creation of the X509 "
@@ -205,23 +221,34 @@
#. Type: boolean
#. Description
-#: ../openswan.templates.master:74
+#: ../openswan.templates.master:5001
+#, fuzzy
+#| msgid ""
+#| "Do you have an existing X509 certificate file that you want to use for "
+#| "Openswan ?"
msgid ""
"Do you have an existing X509 certificate file that you want to use for "
-"Openswan ?"
+"Openswan?"
msgstr ""
"Voc possui um arquivo de certificado X509 existente que voc gostaria de "
"usar com o Openswan ?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:74
+#: ../openswan.templates.master:5001
+#, fuzzy
+#| msgid ""
+#| "This installer can automatically extract the needed information from an "
+#| "existing X509 certificate with a matching RSA private key. Both parts can "
+#| "be in one file, if it is in PEM format. Do you have such an existing "
+#| "certificate and key file and want to use it for authenticating IPSec "
+#| "connections ?"
msgid ""
"This installer can automatically extract the needed information from an "
"existing X509 certificate with a matching RSA private key. Both parts can be "
"in one file, if it is in PEM format. Do you have such an existing "
"certificate and key file and want to use it for authenticating IPSec "
-"connections ?"
+"connections?"
msgstr ""
"Este instalador pode extrair automaticamente a informao necessria de um "
"certificado X509 existente com uma chave RSA privada adequada. Ambas as "
@@ -231,14 +258,14 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:83
+#: ../openswan.templates.master:6001
msgid "Please enter the location of your X509 certificate in PEM format."
msgstr ""
"Por favor, informe a localizao de seu certificado X509 no formato PEM."
#. Type: string
#. Description
-#: ../openswan.templates.master:83
+#: ../openswan.templates.master:6001
msgid ""
"Please enter the location of the file containing your X509 certificate in "
"PEM format."
@@ -248,14 +275,14 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:89
+#: ../openswan.templates.master:7001
msgid "Please enter the location of your X509 private key in PEM format."
msgstr ""
"Por favor, informe a localizao de sua chave privada X509 no formato PEM."
#. Type: string
#. Description
-#: ../openswan.templates.master:89
+#: ../openswan.templates.master:7001
msgid ""
"Please enter the location of the file containing the private RSA key "
"matching your X509 certificate in PEM format. This can be the same file that "
@@ -267,13 +294,15 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:97
-msgid "Which length should the created RSA key have ?"
+#: ../openswan.templates.master:8001
+#, fuzzy
+#| msgid "Which length should the created RSA key have ?"
+msgid "Which length should the created RSA key have?"
msgstr "Qual deve ser o tamanho da chave RSA criada ?"
#. Type: string
#. Description
-#: ../openswan.templates.master:97
+#: ../openswan.templates.master:8001
msgid ""
"Please enter the length of the created RSA key. it should not be less than "
"1024 bits because this should be considered unsecure and you will probably "
@@ -288,13 +317,15 @@
#. Type: boolean
#. Description
-#: ../openswan.templates.master:106
-msgid "Do you want to create a self-signed X509 certificate ?"
+#: ../openswan.templates.master:9001
+#, fuzzy
+#| msgid "Do you want to create a self-signed X509 certificate ?"
+msgid "Do you want to create a self-signed X509 certificate?"
msgstr "Deseja criar um certificado X509 auto-assinado ?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:106
+#: ../openswan.templates.master:9001
msgid ""
"This installer can only create self-signed X509 certificates automatically, "
"because otherwise a certificate authority is needed to sign the certificate "
@@ -315,7 +346,7 @@
#. Type: boolean
#. Description
-#: ../openswan.templates.master:106
+#: ../openswan.templates.master:9001
msgid ""
"If you do not want to create a self-signed certificate, then this installer "
"will only create the RSA private key and the certificate request and you "
@@ -328,14 +359,14 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:124
+#: ../openswan.templates.master:10001
msgid "Please enter the country code for the X509 certificate request."
msgstr ""
"Por favor, informe o cdigo de pas para a requisio de certificado X509."
#. Type: string
#. Description
-#: ../openswan.templates.master:124
+#: ../openswan.templates.master:10001
msgid ""
"Please enter the 2 letter country code for your country. This code will be "
"placed in the certificate request."
@@ -345,7 +376,7 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:124
+#: ../openswan.templates.master:10001
msgid ""
"You really need to enter a valid country code here, because openssl will "
"refuse to generate certificates without one. An empty field is allowed for "
@@ -358,13 +389,13 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:124
+#: ../openswan.templates.master:10001
msgid "Example: AT"
msgstr "Exemplo: BR"
#. Type: string
#. Description
-#: ../openswan.templates.master:137
+#: ../openswan.templates.master:11001
msgid ""
"Please enter the state or province name for the X509 certificate request."
msgstr ""
@@ -373,7 +404,7 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:137
+#: ../openswan.templates.master:11001
msgid ""
"Please enter the full name of the state or province you live in. This name "
"will be placed in the certificate request."
@@ -383,13 +414,13 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:137
+#: ../openswan.templates.master:11001
msgid "Example: Upper Austria"
msgstr "Exemplo : Sao Paulo"
#. Type: string
#. Description
-#: ../openswan.templates.master:146
+#: ../openswan.templates.master:12001
msgid "Please enter the locality name for the X509 certificate request."
msgstr ""
"Por favor, informe o nome da localidade para a requisio de certificado "
@@ -397,7 +428,7 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:146
+#: ../openswan.templates.master:12001
msgid ""
"Please enter the locality (e.g. city) where you live. This name will be "
"placed in the certificate request."
@@ -407,13 +438,13 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:146
+#: ../openswan.templates.master:12001
msgid "Example: Vienna"
msgstr "Exemplo : Sao Paulo"
#. Type: string
#. Description
-#: ../openswan.templates.master:155
+#: ../openswan.templates.master:13001
msgid "Please enter the organization name for the X509 certificate request."
msgstr ""
"Por favor, informe o nome da organizao para a requisio de certificado "
@@ -421,7 +452,7 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:155
+#: ../openswan.templates.master:13001
msgid ""
"Please enter the organization (e.g. company) that the X509 certificate "
"should be created for. This name will be placed in the certificate request."
@@ -432,13 +463,13 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:155
+#: ../openswan.templates.master:13001
msgid "Example: Debian"
msgstr "Exemplo : Debian"
#. Type: string
#. Description
-#: ../openswan.templates.master:165
+#: ../openswan.templates.master:14001
msgid "Please enter the organizational unit for the X509 certificate request."
msgstr ""
"Por favor, informe a unidade organizacional para a requisio de certificado "
@@ -446,7 +477,7 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:165
+#: ../openswan.templates.master:14001
msgid ""
"Please enter the organizational unit (e.g. section) that the X509 "
"certificate should be created for. This name will be placed in the "
@@ -458,19 +489,19 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:165
+#: ../openswan.templates.master:14001
msgid "Example: security group"
msgstr "Exemplo : Grupo de Segurana"
#. Type: string
#. Description
-#: ../openswan.templates.master:175
+#: ../openswan.templates.master:15001
msgid "Please enter the common name for the X509 certificate request."
msgstr "Por favor, informe o nome comum para a requisio de certificado X509."
#. Type: string
#. Description
-#: ../openswan.templates.master:175
+#: ../openswan.templates.master:15001
msgid ""
"Please enter the common name (e.g. the host name of this machine) for which "
"the X509 certificate should be created for. This name will be placed in the "
@@ -482,13 +513,13 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:175
+#: ../openswan.templates.master:15001
msgid "Example: gateway.debian.org"
msgstr "Exemplo : gateway.debian.org"
#. Type: string
#. Description
-#: ../openswan.templates.master:185
+#: ../openswan.templates.master:16001
msgid "Please enter the email address for the X509 certificate request."
msgstr ""
"Por favor, informe o endereo de e-mail para a requisio de certificado "
@@ -496,7 +527,7 @@
#. Type: string
#. Description
-#: ../openswan.templates.master:185
+#: ../openswan.templates.master:16001
msgid ""
"Please enter the email address of the person or organization who is "
"responsible for the X509 certificate, This address will be placed in the "
@@ -508,20 +539,20 @@
#. Type: boolean
#. Description
-#: ../openswan.templates.master:193
+#: ../openswan.templates.master:17001
msgid "Do you wish to enable opportunistic encryption in Openswan?"
msgstr "Voc deseja habilitar a encriptao oportunstica no Openswan ?"
#. Type: boolean
#. Description
-#: ../openswan.templates.master:193
+#: ../openswan.templates.master:17001
msgid ""
"Openswan comes with support for opportunistic encryption (OE), which stores "
"IPSec authentication information (i.e. RSA public keys) in (preferably "
"secure) DNS records. Until this is widely deployed, activating it will cause "
"a significant slow-down for every new, outgoing connection. Since version "
"2.0, Openswan upstream comes with OE enabled by default and is thus likely "
-"to break you existing connection to the Internet (i.e. your default route) "
+"to break your existing connection to the Internet (i.e. your default route) "
"as soon as pluto (the Openswan keying daemon) is started."
msgstr ""
"O Openswan suporta encriptao oportunstica (OE), a qual armazena "
@@ -537,7 +568,7 @@
#. Type: boolean
#. Description
-#: ../openswan.templates.master:193
+#: ../openswan.templates.master:17001
msgid ""
"Please choose whether you want to enable support for OE. If unsure, do not "
"enable it."
--- openswan-2.6.22+dfsg.orig/debian/po/es.po
+++ openswan-2.6.22+dfsg/debian/po/es.po
@@ -0,0 +1,580 @@
+# openswan translation to spanish
+# Copyright (C) 2007 Software in the Public Interest, SPI Inc.
+# This file is distributed under the same license as the openswan package.
+#
+# Changes:
+# - Initial translation
+# Steve Lord Flaubert , 2007
+#
+#
+# Traductores, si no conoce el formato PO, merece la pena leer la
+# documentación de gettext, especialmente las secciones dedicadas a este
+# formato, por ejemplo ejecutando:
+# info -n '(gettext)PO Files'
+# info -n '(gettext)Header Entry'
+#
+# Equipo de traducción al español, por favor lean antes de traducir
+# los siguientes documentos:
+#
+# - El proyecto de traducción de Debian al español
+# http://www.debian.org/intl/spanish/
+# especialmente las notas y normas de traducción en
+# http://www.debian.org/intl/spanish/notas
+#
+# - La guía de traducción de po's de debconf:
+# /usr/share/doc/po-debconf/README-trans
+# o http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+# Si tiene dudas o consultas sobre esta traducción consulte con el último
+# traductor (campo Last-Translator) y ponga en copia a la lista de
+# traducción de Debian al español ()
+#
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openswan 1:2.4.8-dfsg-1\n"
+"Report-Msgid-Bugs-To: rmayr@debian.org\n"
+"POT-Creation-Date: 2007-10-27 11:19+0200\n"
+"PO-Revision-Date: 2007-08-26 08:23-0500\n"
+"Last-Translator: Steve Lord Flaubert \n"
+"Language-Team: Spanish\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: select
+#. Choices
+#: ../openswan.templates.master:1001
+msgid "earliest, \"after NFS\", \"after PCMCIA\""
+msgstr "\"lo antes posible\", \"después de NFS\", \"después de PCMCIA\""
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+#, fuzzy
+#| msgid "At which level do you wish to start Openswan ?"
+msgid "At which level do you wish to start Openswan?"
+msgstr "¿En qué nivel desea iniciar Openswan?"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"With the current Debian startup levels (nearly everything starting in level "
+"20), it is impossible for Openswan to always start at the correct time. "
+"There are three possibilities when Openswan can start: before or after the "
+"NFS services and after the PCMCIA services. The correct answer depends on "
+"your specific setup."
+msgstr ""
+"Con los actuales niveles de arranque de Debian (casi todos empiezan en el "
+"nivel 20), es imposible que Openswan siempre comience en el momento "
+"correcto. Existen tres posibilidades para el arranque de Openswan: antes o "
+"después de los servicios NFS y después de los servicios PCMCIA. La respuesta "
+"apropiada depende de su configuración."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"If you do not have your /usr tree mounted via NFS (either you only mount "
+"other, less vital trees via NFS or don't use NFS mounted trees at all) and "
+"don't use a PCMCIA network card, then it's best to start Openswan at the "
+"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. "
+"In this case (or if you don't understand or care about this issue), answer "
+"\"earliest\" to this question (the default)."
+msgstr ""
+"Si no tiene el árbol «/usr» montado mediante NFS (o monta sólo otros menos "
+"importantes vía NFS o simplemente no usa árboles NFS) y no usa una tarjeta "
+"de red PCMCIA, lo más recomendable es iniciar Openswan lo antes posible, así "
+"le permite a NFS montar de una forma segura mediante IPSec. En este caso (si "
+"no comprende o desconoce el tema) responda \"lo antes posible"
+"\" (predeterminado)."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"If you have your /usr tree mounted via NFS and don't use a PCMCIA network "
+"card, then you will need to start Openswan after NFS so that all necessary "
+"files are available. In this case, answer \"after NFS\" to this question. "
+"Please note that the NFS mount of /usr can not be secured by IPSec in this "
+"case."
+msgstr ""
+"Si tiene el árbol «/usr» montado mediante NFS y no usa una tarjeta de red "
+"PCMCIA, entonces necesita iniciar Openswan después NFS de modo que todos los "
+"ficheros estén disponibles. Para este caso, responda \"después de NFS\". Por "
+"favor, tenga en cuenta que montar «/usr» mediante NFS no puede ser protegido "
+"por IPSec."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"If you use a PCMCIA network card for your IPSec connections, then you only "
+"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA"
+"\" in this case. This is also the correct answer if you want to fetch keys "
+"from a locally running DNS server with DNSSec support."
+msgstr ""
+"Si usa una tarjeta de red PCMCIA en las conexiones IPSec, seleccione iniciar "
+"Openswan después de los servicios PCMCIA. Responda \"después de PCMCIA\". "
+"Esta también es la respuesta apropiada si desea obtener las llaves desde un "
+"servidor DNS con soporte DNSSec ejecutado localmente."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:2001
+msgid "Do you wish to restart Openswan?"
+msgstr "¿Desea reiniciar Openswan?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:2001
+msgid ""
+"Restarting Openswan is a good idea, since if there is a security fix, it "
+"will not be fixed until the daemon restarts. Most people expect the daemon "
+"to restart, so this is generally a good idea. However this might take down "
+"existing connections and then bring them back up."
+msgstr ""
+"Una buena idea es reiniciar Openswan, ya que si hay un error de seguridad "
+"corregido no se arreglará hasta que el demonio se reinicie. La mayoría de "
+"las personas espera que el demonio se reinicie, ya que esto es una buena "
+"idea. Sin embargo, esto puede interrumpir las conexiones existentes y luego "
+"tiene que recuperarlas."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+#, fuzzy
+#| msgid "Do you want to create a RSA public/private keypair for this host ?"
+msgid "Do you want to create a RSA public/private keypair for this host?"
+msgstr "¿Desea crear un par de llaves RSA «pública/privada» para este equipo?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid ""
+"This installer can automatically create a RSA public/private keypair for "
+"this host. This keypair can be used to authenticate IPSec connections to "
+"other hosts and is the preferred way for building up secure IPSec "
+"connections. The other possibility would be to use shared secrets (passwords "
+"that are the same on both sides of the tunnel) for authenticating an "
+"connection, but for a larger number of connections RSA authentication is "
+"easier to administer and more secure."
+msgstr ""
+"El instalador puede crear un par de llaves RSA «pública/privada» para este "
+"equipo automáticamente. Este par de llaves sirve para autenticar conexiones "
+"IPSec a otros equipos y es la forma común usada al establecer conexiones "
+"seguras. El otro método sería el uso de «shared secrets» (contraseñas que "
+"son las mismas en ambos lados del túnel IPSec) para autentificar una "
+"conexión, pero para un número grande de conexiones, la autenticación RSA es "
+"más fácil de administrar y segura."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid ""
+"If you do not want to create a new public/private keypair, you can choose to "
+"use an existing one."
+msgstr ""
+"Si no desea crear un nuevo par de llaves «pública/privada», puede "
+"seleccionar la existente."
+
+#. Type: select
+#. Choices
+#: ../openswan.templates.master:4001
+msgid "x509, plain"
+msgstr "x509, simple"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+#, fuzzy
+#| msgid "Which type of RSA keypair do you want to create ?"
+msgid "Which type of RSA keypair do you want to create?"
+msgstr "¿Qué tipo de par de llaves RSA desea crear?"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid ""
+"It is possible to create a plain RSA public/private keypair for use with "
+"Openswan or to create a X509 certificate file which contains the RSA public "
+"key and additionally stores the corresponding private key."
+msgstr ""
+"Es posible crear un par de llaves RSA «pública/privada» simples para usar "
+"con Openswan o de lo contrario crear un fichero de certificado X509 que "
+"contenga la llave pública RSA y además almacena su correspondiente clave "
+"privada."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid ""
+"If you only want to build up IPSec connections to hosts also running "
+"Openswan, it might be a bit easier using plain RSA keypairs. But if you want "
+"to connect to other IPSec implementations, you will need a X509 certificate. "
+"It is also possible to create a X509 certificate here and extract the RSA "
+"public key in plain format if the other side runs Openswan without X509 "
+"certificate support."
+msgstr ""
+"Si sólo quiere establecer conexiones IPSec a equipos que también ejecuten "
+"Openswan, simplemente use un par de llaves RSA simples. Pero si quiere "
+"conectarse a otras implementaciones de IPSec es mejor que use un certificado "
+"X509. También puede crear aquí el certificado X509 y obtener la llave "
+"pública en formato claro, si del otro lado se ejecuta Openswan sin el "
+"soporte del certificado X509."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid ""
+"Therefore a X509 certificate is recommended since it is more flexible and "
+"this installer should be able to hide the complex creation of the X509 "
+"certificate and its use in Openswan anyway."
+msgstr ""
+"Por lo tanto está recomendado el certificado X509, por ser más flexible y de "
+"todas formas el instalador debe ser capaz de ocultar toda la complejidad de "
+"la creación del certificado X509 y el uso en Openswan."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:5001
+#, fuzzy
+#| msgid ""
+#| "Do you have an existing X509 certificate file that you want to use for "
+#| "Openswan ?"
+msgid ""
+"Do you have an existing X509 certificate file that you want to use for "
+"Openswan?"
+msgstr "¿Tiene un certificado X509 que quiera utilizar para Openswan?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:5001
+#, fuzzy
+#| msgid ""
+#| "This installer can automatically extract the needed information from an "
+#| "existing X509 certificate with a matching RSA private key. Both parts can "
+#| "be in one file, if it is in PEM format. Do you have such an existing "
+#| "certificate and key file and want to use it for authenticating IPSec "
+#| "connections ?"
+msgid ""
+"This installer can automatically extract the needed information from an "
+"existing X509 certificate with a matching RSA private key. Both parts can be "
+"in one file, if it is in PEM format. Do you have such an existing "
+"certificate and key file and want to use it for authenticating IPSec "
+"connections?"
+msgstr ""
+"El instalador puede extraer la información que necesita de un fichero de "
+"certificado X509 con su llave privada RSA correspondiente automáticamente. "
+"Ambas partes pueden estar en un fichero, si éste está en formato PEM. ¿Tiene "
+"usted alguno de éstos que desee usar para autenticación de conecciones "
+"IPSec?."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:6001
+msgid "Please enter the location of your X509 certificate in PEM format."
+msgstr "Introduzca la localización del certificado X509 en formato PEM."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:6001
+msgid ""
+"Please enter the location of the file containing your X509 certificate in "
+"PEM format."
+msgstr ""
+"Ingrese la localización del fichero que contiene su certificado X509 en "
+"formato PEM."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:7001
+msgid "Please enter the location of your X509 private key in PEM format."
+msgstr "Ingrese la localización de su llave privada X509 en formato PEM."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:7001
+msgid ""
+"Please enter the location of the file containing the private RSA key "
+"matching your X509 certificate in PEM format. This can be the same file that "
+"contains the X509 certificate."
+msgstr ""
+"Ingrese la ubicación del fichero que contiene la llave privada RSA que "
+"corresponde a su certificado X509, en formato PEM. Puede ser el mismo "
+"fichero que contiene el certificado X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:8001
+#, fuzzy
+#| msgid "Which length should the created RSA key have ?"
+msgid "Which length should the created RSA key have?"
+msgstr "¿Qué tamaño tendría la llave RSA creada?"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:8001
+msgid ""
+"Please enter the length of the created RSA key. it should not be less than "
+"1024 bits because this should be considered unsecure and you will probably "
+"not need anything more than 2048 bits because it only slows the "
+"authentication process down and is not needed at the moment."
+msgstr ""
+"Ingrese el tamaño de la llave RSA creada. No debe ser menor que 1024 bits "
+"por cuestiones de seguridad y tal vez no necesitará más de 2048 bits ya que "
+"sería lento el proceso de autenticación y por el momento no es necesario."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
+#, fuzzy
+#| msgid "Do you want to create a self-signed X509 certificate ?"
+msgid "Do you want to create a self-signed X509 certificate?"
+msgstr "¿Desea crear un certificado X509 autofirmado?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
+msgid ""
+"This installer can only create self-signed X509 certificates automatically, "
+"because otherwise a certificate authority is needed to sign the certificate "
+"request. If you want to create a self-signed certificate, you can use it "
+"immediately to connect to other IPSec hosts that support X509 certificate "
+"for authentication of IPSec connections. However, if you want to use the new "
+"PKI features of Openswan >= 1.91, you will need to have all X509 "
+"certificates signed by a single certificate authority to create a trust path."
+msgstr ""
+"Este instalador sólo puede crear automáticamente certificados X509 "
+"autofirmados, porque de lo contrario se necesita firmar el certificado "
+"solicitado por una entidad emisora de certificados. Si desea crear el "
+"certificado firmado por usted, puede usarlo immediatamente para conectarse a "
+"otros equipos con IPSec que soporten el certificado X509 para autenticar "
+"conexiones IPSec. Además, si desea usar las nuevas características PKI de "
+"Openswan >= 1.91, requiere tener todos los certificado X509 firmados por una "
+"única entidad emisora de certificados para tener lazos de confianza."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
+msgid ""
+"If you do not want to create a self-signed certificate, then this installer "
+"will only create the RSA private key and the certificate request and you "
+"will have to sign the certificate request with your certificate authority."
+msgstr ""
+"Si no desea crear un certificado autofirmado, entonces este instalador sólo "
+"creará la clave privada RSA y la solicitud del certificado, y usted tendrá "
+"que firmar la solicitud del certificado con su autoridad certificadora."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid "Please enter the country code for the X509 certificate request."
+msgstr "Introduzca el código de país para la solicitud del certificado X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid ""
+"Please enter the 2 letter country code for your country. This code will be "
+"placed in the certificate request."
+msgstr ""
+"Ingrese las dos letras del código de su país. Este código será incluido en "
+"la solicitud del certificado."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid ""
+"You really need to enter a valid country code here, because openssl will "
+"refuse to generate certificates without one. An empty field is allowed for "
+"any other field of the X.509 certificate, but not for this one."
+msgstr ""
+"Es necesario que aquí ingrese un código correcto del país, ya que openssl "
+"rechazará generar certificados sin uno. Se permite un campo vacío en "
+"cualquier otro campo del certificado X509, pero en éste no."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid "Example: AT"
+msgstr "Por ejemplo: AT"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
+msgid ""
+"Please enter the state or province name for the X509 certificate request."
+msgstr ""
+"Introduzca el nombre del estado o provincia para la solicitud del "
+"certificado X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
+msgid ""
+"Please enter the full name of the state or province you live in. This name "
+"will be placed in the certificate request."
+msgstr ""
+"Introduzca el nombre completo del estado o provincia en donde vive. Este "
+"nombre será colocado en la solicitud del certificado."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
+msgid "Example: Upper Austria"
+msgstr "Por ejemplo: Alta Austria"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
+msgid "Please enter the locality name for the X509 certificate request."
+msgstr ""
+"Ingrese el nombre de la localidad para la solicitud del certificado X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
+msgid ""
+"Please enter the locality (e.g. city) where you live. This name will be "
+"placed in the certificate request."
+msgstr ""
+"Ingrese la localidad (p. ej. la ciudad) donde vive. Este nombre será "
+"colocado en la solicitud del certificado."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
+msgid "Example: Vienna"
+msgstr "Por ejemplo: Vienna"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
+msgid "Please enter the organization name for the X509 certificate request."
+msgstr ""
+"Ingrese el nombre de la organización para la solicitud del certificado X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
+msgid ""
+"Please enter the organization (e.g. company) that the X509 certificate "
+"should be created for. This name will be placed in the certificate request."
+msgstr ""
+"Por favor, indique la organización (p. ej. la compañía) para la cual será "
+"creado el certificado X509. Este nombre será colocado en la solicitud del "
+"certificado."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
+msgid "Example: Debian"
+msgstr "Por ejemplo: Debian"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
+msgid "Please enter the organizational unit for the X509 certificate request."
+msgstr ""
+"Indique la unidad organizacional para la solicitud del certificado X509. "
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
+msgid ""
+"Please enter the organizational unit (e.g. section) that the X509 "
+"certificate should be created for. This name will be placed in the "
+"certificate request."
+msgstr ""
+"Ingrese la unidad organizacional (p. ej. el área) para el cual será creado "
+"el certificado X509. Este nombre será colocado en la solicitud del "
+"certificado."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
+msgid "Example: security group"
+msgstr "Por ejemplo: grupo de seguridad"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
+msgid "Please enter the common name for the X509 certificate request."
+msgstr "Ingrese el nombre común para el certificado X509 solicitado."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
+msgid ""
+"Please enter the common name (e.g. the host name of this machine) for which "
+"the X509 certificate should be created for. This name will be placed in the "
+"certificate request."
+msgstr ""
+"Ingrese el nombre común (p. ej. nombre de este equipo) para el cual será "
+"creado el certificado X509. Este nombre estará incluido en la solicitud del "
+"certificado."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
+msgid "Example: gateway.debian.org"
+msgstr "Por ejemplo: gateway.debian.org"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:16001
+msgid "Please enter the email address for the X509 certificate request."
+msgstr ""
+"Ingrese la dirección de correo electrónico para la solicitud del certificado "
+"X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:16001
+msgid ""
+"Please enter the email address of the person or organization who is "
+"responsible for the X509 certificate, This address will be placed in the "
+"certificate request."
+msgstr ""
+"Indique la dirección de correo electrónico de la persona u organización "
+"quien es responsable del certificado X509, esta dirección estará incluida en "
+"la solicitud del certificado."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
+msgid "Do you wish to enable opportunistic encryption in Openswan?"
+msgstr "¿Desea activar el «cifrado oportunista» en Openswan?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
+msgid ""
+"Openswan comes with support for opportunistic encryption (OE), which stores "
+"IPSec authentication information (i.e. RSA public keys) in (preferably "
+"secure) DNS records. Until this is widely deployed, activating it will cause "
+"a significant slow-down for every new, outgoing connection. Since version "
+"2.0, Openswan upstream comes with OE enabled by default and is thus likely "
+"to break your existing connection to the Internet (i.e. your default route) "
+"as soon as pluto (the Openswan keying daemon) is started."
+msgstr ""
+"Openswan viene con soporte para «cifrado oportunista» (OE), que almacena "
+"información de autenticaciones IPSec (p. ej. llaves públicas RSA) en "
+"registros DNS (preferencialmente seguros). Hasta que esté implementado "
+"extensamente, activarlo causará un significativo retardo en cada conexión "
+"nueva que venga de afuera. A partir de la versión 2.0, Openswan viene con OE "
+"activado de forma predeterminada y por lo tanto es probable que estropee su "
+"conexión a internet (p. ej. su encaminador por omisión) en cuanto pluto (el "
+"demonio de Openswan) se inicie."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
+msgid ""
+"Please choose whether you want to enable support for OE. If unsure, do not "
+"enable it."
+msgstr ""
+"Escoja si desea habilitar el soporte para OE. Si está en duda, no lo "
+"habilite."
--- openswan-2.6.22+dfsg.orig/debian/po/ru.po
+++ openswan-2.6.22+dfsg/debian/po/ru.po
@@ -0,0 +1,532 @@
+# translation of ru.po to Russian
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+#
+# Yuri Kozlov , 2008.
+msgid ""
+msgstr ""
+"Project-Id-Version: openswan 1:2.4.9+dfsg-3.1\n"
+"Report-Msgid-Bugs-To: rmayr@debian.org\n"
+"POT-Creation-Date: 2007-10-27 11:19+0200\n"
+"PO-Revision-Date: 2008-04-08 21:32+0400\n"
+"Last-Translator: Yuri Kozlov \n"
+"Language-Team: Russian \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: KBabel 1.11.4\n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
+
+#. Type: select
+#. Choices
+#: ../openswan.templates.master:1001
+msgid "earliest, \"after NFS\", \"after PCMCIA\""
+msgstr "\"как можно раньше\", \"после NFS\", \"после PCMCIA\""
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid "At which level do you wish to start Openswan?"
+msgstr "С какого уровня нужно запускать Openswan?"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"With the current Debian startup levels (nearly everything starting in level "
+"20), it is impossible for Openswan to always start at the correct time. "
+"There are three possibilities when Openswan can start: before or after the "
+"NFS services and after the PCMCIA services. The correct answer depends on "
+"your specific setup."
+msgstr ""
+"С текущими уровнями запуска Debian (особенно, после 20 уровня) "
+"невозможно всегда запустить Openswan вовремя. "
+"Есть три промежутка, когда можно запускать Openswan: перед или после "
+"служб NFS и после служб PCMCIA. Правильный момент зависит "
+"от ваших специфических настроек."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"If you do not have your /usr tree mounted via NFS (either you only mount "
+"other, less vital trees via NFS or don't use NFS mounted trees at all) and "
+"don't use a PCMCIA network card, then it's best to start Openswan at the "
+"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. "
+"In this case (or if you don't understand or care about this issue), answer "
+"\"earliest\" to this question (the default)."
+msgstr ""
+"Если у вас дерево /usr не монтируется через NFS (или вы монтируете "
+"только другие менее важные каталоги через NFS, или вообще не "
+"используете NFS для монтирования), и вы не используете сетевые карты "
+"PCMCIA, то лучше всего запускать Openswan как можно раньше, таким "
+"образом монтирования NFS будут выполняться через шифрованное "
+"соединение IPSec. В этом случае (или, если вы не понимаете о чём речь, или "
+"вас это не волнует), ответьте \"как можно раньше\" (по умолчанию)."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"If you have your /usr tree mounted via NFS and don't use a PCMCIA network "
+"card, then you will need to start Openswan after NFS so that all necessary "
+"files are available. In this case, answer \"after NFS\" to this question. "
+"Please note that the NFS mount of /usr can not be secured by IPSec in this "
+"case."
+msgstr ""
+"Если дерево /usr монтируется по NFS и не используется сетевая карта "
+"PCMCIA, то вам нужно запускать Openswan после NFS для того, чтобы "
+"были доступны все необходимые файлы. В этом случае, ответьте "
+"\"после NFS\". Заметим, что в этом случае NFS монтирование /usr не "
+"будет зашифровано с помощью IPSec."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:1002
+msgid ""
+"If you use a PCMCIA network card for your IPSec connections, then you only "
+"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA"
+"\" in this case. This is also the correct answer if you want to fetch keys "
+"from a locally running DNS server with DNSSec support."
+msgstr ""
+"Если вы используете сетевую карту PCMCIA для соединений IPSec, то "
+"вам остаётся только выбрать запуск после служб PCMCIA. Ответьте "
+"\"после PCMCIA\" в этом случае. Этот ответ так же подойдёт, если вы "
+"хотите получать ключи от локально запущенного сервера DNS с поддержкой "
+"DNSSec."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:2001
+msgid "Do you wish to restart Openswan?"
+msgstr "Перезапустить Openswan?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:2001
+msgid ""
+"Restarting Openswan is a good idea, since if there is a security fix, it "
+"will not be fixed until the daemon restarts. Most people expect the daemon "
+"to restart, so this is generally a good idea. However this might take down "
+"existing connections and then bring them back up."
+msgstr ""
+"Хорошо бы перезапустить Openswan, так при наличии исправлений "
+"безопасности они не заработают, пока служба не будет перезапущена. "
+"Большинство людей всё равно перезапускают службу, поэтому обычно "
+"лучше это сделать. Однако это может привести к кратковременному "
+"разрыву существующих соединений."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid "Do you want to create a RSA public/private keypair for this host?"
+msgstr "Создать открытый/секретный ключи RSA для этой машины?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid ""
+"This installer can automatically create a RSA public/private keypair for "
+"this host. This keypair can be used to authenticate IPSec connections to "
+"other hosts and is the preferred way for building up secure IPSec "
+"connections. The other possibility would be to use shared secrets (passwords "
+"that are the same on both sides of the tunnel) for authenticating an "
+"connection, but for a larger number of connections RSA authentication is "
+"easier to administer and more secure."
+msgstr ""
+"Процедура установки может автоматически создать открытый/секретный "
+"RSA ключи для этой машины. Эта пара ключей может использоваться "
+"для аутентификации IPSec соединений с другими машинами, и это является "
+"предпочтительным способом создания безопасных соединений IPSec. "
+"Также для аутентификации соединения можно использовать общие "
+"секреты (одинаковые пароли на обоих концах туннеля), но при большом "
+"количестве соединений RSA аутентификацию легче администрировать "
+"и она более безопасна."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:3001
+msgid ""
+"If you do not want to create a new public/private keypair, you can choose to "
+"use an existing one."
+msgstr ""
+"Если вы не хотите создавать новые открытый/секретный ключи, то "
+"можете выбрать использование существующих."
+
+#. Type: select
+#. Choices
+#: ../openswan.templates.master:4001
+msgid "x509, plain"
+msgstr "x509, чистый формат"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid "Which type of RSA keypair do you want to create?"
+msgstr "Тип создаваемых ключей RSA:"
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid ""
+"It is possible to create a plain RSA public/private keypair for use with "
+"Openswan or to create a X509 certificate file which contains the RSA public "
+"key and additionally stores the corresponding private key."
+msgstr ""
+"Возможно создание чистых (plain) открытого/секретного ключей RSA "
+"для использования в Openswan, или можно создать файл сертификат X509, "
+"который содержит открытый ключ RSA, а также дополнительно хранит "
+"соответствующий секретный ключ."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid ""
+"If you only want to build up IPSec connections to hosts also running "
+"Openswan, it might be a bit easier using plain RSA keypairs. But if you want "
+"to connect to other IPSec implementations, you will need a X509 certificate. "
+"It is also possible to create a X509 certificate here and extract the RSA "
+"public key in plain format if the other side runs Openswan without X509 "
+"certificate support."
+msgstr ""
+"Если вы хотите построить IPSec соединения с только машинами, которые "
+"также используют Openswan, то использование чистых пар ключей RSA "
+"делает это чуть легче. Но если вы хотите соединяться с машинами, "
+"использующими другие реализации IPSec, то вам нужно использовать "
+"сертификат X509. Также здесь возможно создание сертификата X509 "
+"и извлечение открытого ключа RSA в чистый формат, если другая сторона "
+"работает на Openswan без поддержки сертификата X509."
+
+#. Type: select
+#. Description
+#: ../openswan.templates.master:4002
+msgid ""
+"Therefore a X509 certificate is recommended since it is more flexible and "
+"this installer should be able to hide the complex creation of the X509 "
+"certificate and its use in Openswan anyway."
+msgstr ""
+"Поэтому рекомендуется использовать сертификат X509, так как "
+"это более гибко, и данная процедура установки скроет сложность "
+"создания сертификата X509, и он всё равно используется в Openswan."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:5001
+msgid ""
+"Do you have an existing X509 certificate file that you want to use for "
+"Openswan?"
+msgstr ""
+"У вас уже есть файл сертификата X509, который вы бы хотели "
+"использовать в Openswan?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:5001
+msgid ""
+"This installer can automatically extract the needed information from an "
+"existing X509 certificate with a matching RSA private key. Both parts can be "
+"in one file, if it is in PEM format. Do you have such an existing "
+"certificate and key file and want to use it for authenticating IPSec "
+"connections?"
+msgstr ""
+"Процедура установки может автоматически извлечь необходимую "
+"информацию из имеющегося файла сертификата X509 с помощью "
+"ответного секретного ключа RSA. Обе части могут быть в одном файле, "
+"если он имеет формат PEM. У вас есть такой сертификат и файл ключа, "
+"и вы хотите использовать его для аутентификации соединений IPSec?"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:6001
+msgid "Please enter the location of your X509 certificate in PEM format."
+msgstr "Укажите место расположения вашего сертификата X509 в формате PEM."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:6001
+msgid ""
+"Please enter the location of the file containing your X509 certificate in "
+"PEM format."
+msgstr ""
+"Укажите место расположения файла, содержащего ваш сертификат X509 "
+"в формате PEM."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:7001
+msgid "Please enter the location of your X509 private key in PEM format."
+msgstr "Укажите место расположения секретного ключа X509 в формате PEM."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:7001
+msgid ""
+"Please enter the location of the file containing the private RSA key "
+"matching your X509 certificate in PEM format. This can be the same file that "
+"contains the X509 certificate."
+msgstr ""
+"Введите путь к файлу, который содержит секретный ключ RSA, "
+"расшифровывающий ваш сертификат X509 в формате PEM. Этот может "
+"быть тот же файл, который содержит сертификат X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:8001
+msgid "Which length should the created RSA key have?"
+msgstr "Длина создаваемого ключа RSA:"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:8001
+msgid ""
+"Please enter the length of the created RSA key. it should not be less than "
+"1024 bits because this should be considered unsecure and you will probably "
+"not need anything more than 2048 bits because it only slows the "
+"authentication process down and is not needed at the moment."
+msgstr ""
+"Введите длину создаваемого ключа RSA. Она должна быть не менее "
+"1024 бит, так как меньшая не считается безопасной, и вам, вероятно, "
+"не нужно задавать значение более 2048, так как это только замедлит "
+"процесс аутентификации и это не нужно."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
+msgid "Do you want to create a self-signed X509 certificate?"
+msgstr "Создать самоподписанный сертификат X509?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
+msgid ""
+"This installer can only create self-signed X509 certificates automatically, "
+"because otherwise a certificate authority is needed to sign the certificate "
+"request. If you want to create a self-signed certificate, you can use it "
+"immediately to connect to other IPSec hosts that support X509 certificate "
+"for authentication of IPSec connections. However, if you want to use the new "
+"PKI features of Openswan >= 1.91, you will need to have all X509 "
+"certificates signed by a single certificate authority to create a trust path."
+msgstr ""
+"Процесс установки умеет создавать автоматически только самоподписанные "
+"сертификаты X509, так как иначе требуется работа центра сертификации для "
+"подписи запроса сертификата. Созданный самоподписанный "
+"сертификат сразу можно использовать для подключения к другим "
+"машинам с IPSec, которые поддерживают сертификаты X509 для "
+"аутентификации соединений IPSec. Однако, если вы хотите воспользоваться "
+"новыми возможностями PKI из версии Openswan >= 1.91, то все ваши "
+"сертификаты X509 должны быть подписаны единым сертификационным "
+"центром для создания доверительного пути."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:9001
+msgid ""
+"If you do not want to create a self-signed certificate, then this installer "
+"will only create the RSA private key and the certificate request and you "
+"will have to sign the certificate request with your certificate authority."
+msgstr ""
+"Если вы не хотите создавать самоподписанный сертификат, то "
+"процесс установки создаст только секретный ключ RSA и запрос "
+"сертификации, и вы сможете провести этот запрос в своём центре "
+"сертификации."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid "Please enter the country code for the X509 certificate request."
+msgstr "Введите код страны для запроса сертификата X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid ""
+"Please enter the 2 letter country code for your country. This code will be "
+"placed in the certificate request."
+msgstr ""
+"Введите двухбуквенный код вашей страны. Этот код будет помещён "
+"в запрос сертификата."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid ""
+"You really need to enter a valid country code here, because openssl will "
+"refuse to generate certificates without one. An empty field is allowed for "
+"any other field of the X.509 certificate, but not for this one."
+msgstr ""
+"Здесь нужно ввести правильный код страны, так как openssl "
+"откажется генерировать сертификаты в противном случае. "
+"Пустое значение разрешено для любого поля сертификата "
+"X.509 кроме этого."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:10001
+msgid "Example: AT"
+msgstr "Пример: RU"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
+msgid "Please enter the state or province name for the X509 certificate request."
+msgstr "Введите название области или округа для запроса сертификата X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
+msgid ""
+"Please enter the full name of the state or province you live in. This name "
+"will be placed in the certificate request."
+msgstr ""
+"Укажите полное название области или округа, в котором живёте. Оно "
+"будет помещено в запрос сертификата."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:11001
+msgid "Example: Upper Austria"
+msgstr "Пример: Moscow region"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
+msgid "Please enter the locality name for the X509 certificate request."
+msgstr "Введите название места для запроса сертификата X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
+msgid ""
+"Please enter the locality (e.g. city) where you live. This name will be "
+"placed in the certificate request."
+msgstr ""
+"Укажите название места (например, город), где живёте. Оно "
+"будет помещено в запрос сертификата."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:12001
+msgid "Example: Vienna"
+msgstr "Пример: Sergiev Posad"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
+msgid "Please enter the organization name for the X509 certificate request."
+msgstr "Введите название организации для запроса сертификата X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
+msgid ""
+"Please enter the organization (e.g. company) that the X509 certificate "
+"should be created for. This name will be placed in the certificate request."
+msgstr ""
+"Укажите название организации (например, компании), для которой нужно "
+"создать сертификат X509. Оно будет помещено в запрос сертификата."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:13001
+msgid "Example: Debian"
+msgstr "Пример: Debian"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
+msgid "Please enter the organizational unit for the X509 certificate request."
+msgstr "Введите название структурной единицы организации для запроса сертификата X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
+msgid ""
+"Please enter the organizational unit (e.g. section) that the X509 "
+"certificate should be created for. This name will be placed in the "
+"certificate request."
+msgstr "Укажите название структурной единицы организации (например, подразделения), для которой нужно создать сертификат X509. Оно будет помещено в запрос сертификата."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:14001
+msgid "Example: security group"
+msgstr "Пример: security group"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
+msgid "Please enter the common name for the X509 certificate request."
+msgstr "Введите общеизвестное название для запроса сертификата X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
+msgid ""
+"Please enter the common name (e.g. the host name of this machine) for which "
+"the X509 certificate should be created for. This name will be placed in the "
+"certificate request."
+msgstr ""
+"Укажите общеизвестное название (например, имя данного компьютера), "
+"для которого нужно создать сертификат X509. Оно будет помещено в "
+"запрос сертификата."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:15001
+msgid "Example: gateway.debian.org"
+msgstr "Пример: gateway.debian.org"
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:16001
+msgid "Please enter the email address for the X509 certificate request."
+msgstr "Введите адрес электронной почты для запроса сертификата X509."
+
+#. Type: string
+#. Description
+#: ../openswan.templates.master:16001
+msgid ""
+"Please enter the email address of the person or organization who is "
+"responsible for the X509 certificate, This address will be placed in the "
+"certificate request."
+msgstr ""
+"Укажите адрес электронной почты человека или организации, которой "
+"выдаётся сертификат X509. Этот адрес будет помещён в запрос сертификата."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
+msgid "Do you wish to enable opportunistic encryption in Openswan?"
+msgstr "Включить поддержку гибкого шифрования в Openswan?"
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
+msgid ""
+"Openswan comes with support for opportunistic encryption (OE), which stores "
+"IPSec authentication information (i.e. RSA public keys) in (preferably "
+"secure) DNS records. Until this is widely deployed, activating it will cause "
+"a significant slow-down for every new, outgoing connection. Since version "
+"2.0, Openswan upstream comes with OE enabled by default and is thus likely "
+"to break your existing connection to the Internet (i.e. your default route) "
+"as soon as pluto (the Openswan keying daemon) is started."
+msgstr ""
+"Openswan предоставляет поддержку гибкого шифрования "
+"(opportunistic encryption, OE), при котором информация об аутентификации "
+"IPSec (то есть открытые ключи RSA) хранится в (желательно, защищённых) "
+"записях DNS. Пока это широко не распространено, его активация проведёт к "
+"значительному замедлению установления каждого нового подключения. "
+"Так как версия 2.0 оригинальных исходников поставляется с включённым OE по умолчанию, скорее всего произойдёт разрыв существующего соединения "
+"с интернет (то есть, маршрута по умолчанию), как только pluto (служба "
+"ключей Openswan) будет запущена."
+
+#. Type: boolean
+#. Description
+#: ../openswan.templates.master:17001
+msgid ""
+"Please choose whether you want to enable support for OE. If unsure, do not "
+"enable it."
+msgstr ""
+"Укажите, нужно ли включить поддержку OE. Если не знаете, "
+"ответьте отрицательно."
+
--- openswan-2.6.22+dfsg.orig/debian/patches/01-updown-default-path.dpatch
+++ openswan-2.6.22+dfsg/debian/patches/01-updown-default-path.dpatch
@@ -0,0 +1,68 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 01_updown-default-path.dpatch by
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Changes /etc/sysconfig to /etc/default
+
+@DPATCH@
+
+--- openswan/programs/_updown.klips/_updown.ip2.in.orig 2009-02-28 21:19:41.000000000 +0100
++++ openswan/programs/_updown.klips/_updown.ip2.in 2009-02-28 21:21:35.000000000 +0100
+@@ -119,7 +119,7 @@
+ # PLUTO_STACK
+ # the kernel stack being used (eg protostack= value)
+
+-# Import default _updown configs from the /etc/sysconfig/pluto_updown file
++# Import default _updown configs from the /etc/default/pluto_updown file
+ #
+ # Two variables can be set in this file:
+ #
+@@ -135,9 +135,9 @@
+ # IPRULEARGS
+ # is the extra argument list for ip rule command
+ #
+-if [ -f /etc/sysconfig/pluto_updown ]
++if [ -f /etc/default/pluto_updown ]
+ then
+- . /etc/sysconfig/pluto_updown
++ . /etc/default/pluto_updown
+ fi
+
+ # check interface version
+--- openswan/programs/_updown.netkey/_updown.ip2.in.orig 2009-02-28 21:19:53.000000000 +0100
++++ openswan/programs/_updown.netkey/_updown.ip2.in 2009-02-28 21:21:59.000000000 +0100
+@@ -118,9 +118,9 @@
+ # PLUTO_PROTO_STACK
+ # is the local IPsec kernel stack used, eg KLIPS, NETKEY,
+ # NOSTACK
+-if [ -f /etc/sysconfig/pluto_updown ]
++if [ -f /etc/default/pluto_updown ]
+ then
+- . /etc/sysconfig/pluto_updown
++ . /etc/default/pluto_updown
+ fi
+
+ # Ignore parameter custom
+--- openswan/programs/_updown.mast/_updown.mast.in.orig 2009-02-28 21:20:47.000000000 +0100
++++ openswan/programs/_updown.mast/_updown.mast.in 2009-02-28 21:22:22.000000000 +0100
+@@ -122,7 +122,7 @@
+ #exec 2>&1
+ #set -x
+
+-# Import default _updown configs from the /etc/sysconfig/pluto_updown file
++# Import default _updown configs from the /etc/default/pluto_updown file
+ #
+ # Two variables can be set in this file:
+ #
+@@ -135,9 +135,9 @@
+ # IPRULEARGS
+ # is the extra argument list for ip rule command
+ #
+-if [ -f /etc/sysconfig/pluto_updown ]
++if [ -f /etc/default/pluto_updown ]
+ then
+- . /etc/sysconfig/pluto_updown
++ . /etc/default/pluto_updown
+ fi
+
+ # check interface version
--- openswan-2.6.22+dfsg.orig/debian/patches/00list
+++ openswan-2.6.22+dfsg/debian/patches/00list
@@ -0,0 +1 @@
+01-updown-default-path
--- openswan-2.6.22+dfsg.orig/linux/net/ipsec/pfkey_v2.c
+++ openswan-2.6.22+dfsg/linux/net/ipsec/pfkey_v2.c
@@ -758,7 +758,7 @@
"No sk attached to sock=0p%p.\n", sock);
return 0; /* -EINVAL; */
}
-
+
KLIPS_PRINT(debug_pfkey,
"klips_debug:pfkey_release: "
"sock=0p%p sk=0p%p\n", sock, sk);