--- openvpn-2.1~rc19.orig/debian/copyright +++ openvpn-2.1~rc19/debian/copyright @@ -0,0 +1,47 @@ +This package was debianized by Alberto Gonzalez Iniesta on +Tue, 2 Apr 2002 12:24:50 +0200. + +It was downloaded from http://www.openvpn.net + +Upstream Author: James Yonan + +Copyright: (C) 2002-2005 OpenVPN Solutions LLC + + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 dated June, 1991. + + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this package; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301, USA. + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL-2'. + + In addition, as a special exception, James Yonan gives + permission to link the code of this program with the OpenSSL + library (or with modified versions of OpenSSL that use the same + license as OpenSSL), and distribute linked combinations including + the two. You must obey the GNU General Public License in all + respects for all of the code used other than OpenSSL. If you modify + this file, you may extend this exception to your version of the + file, but you are not obligated to do so. If you do not wish to + do so, delete this exception statement from your version. + +Markus F.X.J. Oberhumer made the following +exception in LZO's license to make possible the use of LZO with OpenSSL +in OpenVPN: + + Hereby I grant a special exception to the OpenVPN project + (http://openvpn.sourceforge.net) to link the LZO library with + the OpenSSL library (http://www.openssl.org). + + Markus F.X.J. Oberhumer + + --- openvpn-2.1~rc19.orig/debian/config +++ openvpn-2.1~rc19/debian/config @@ -0,0 +1,21 @@ +#!/bin/sh +# Copyright 2003 Alberto Gonzalez Iniesta +# Licensed under the GNU General Public License, version 2. See the file +# /usr/share/common-licenses/GPL or . +# +set -e +test $DEBIAN_SCRIPT_DEBUG && set -v -x + +# Use debconf +. /usr/share/debconf/confmodule + +# Do we want to create /dev/net/tun? +if [ ! -e /dev/.udev ] && [ ! -e /dev/net/tun ]; then + db_input medium openvpn/create_tun || true + db_go +fi + +db_stop + +exit 0 +# vim: set ai et sts=2 sw=2 tw=0: --- openvpn-2.1~rc19.orig/debian/README.Debian +++ openvpn-2.1~rc19/debian/README.Debian @@ -0,0 +1,161 @@ +In this file: + +- 'writepid' option warning +- Multiple tunnels +- Starting or stopping multiple tunnels with a single command +- Compatibility notes on 2.x vs 1.x # +- Changes in string remapping (affects tls-remote certificate names) +- plugin support +- Using resolvconf + + +openvpn for Debian +------------------ + +Documentation to get OpenVPN to work is mostly on the openvpn(8) man page. +You'll find example configuration files and additional docs in the +/usr/share/doc/openvpn/examples directory. + +OpenVPN requires TUN/TAP driver support in the kernel. You'll also need a +tun device file. If it's not present on your system, you may create one +with these commands (as root): +# mkdir /dev/net +# mknod /dev/net/tun c 10 200 + +'writepid' option warning +------------------------- + +Don't specify a 'writepid' option in the .conf files, or the init.d +script won't be able to stop/reload the tunnels. + +Multiple tunnels +---------------- + +When OpenVPN is started by /etc/init.d/openvpn a separate OpenVPN daemon will +be started for each .conf configuration file in the /etc/openvpn directory. +This allows you to define multiple VPN connections. + +[UPDATE: with OpenVPN 2.0 one openvpn daemon can serve multiple clients. That +way multiple instances of openvpn are no longer required to achieve this, and +one configuration file should be enough for these cases. Take a look at the +'Multi-Client Server options' on the man page] + +Be sure that each .conf file defines a different local port +number with the "port" or "lport" options; see the openvpn +man page for more information. + +Starting or stopping multiple tunnels with a single command +----------------------------------------------------------- + +It is now possible to specify multiple tunnel names to the init.d script. +Just put the names after the action (start|stop), like this: + +/etc/init.d/openvpn start vpn1 vpn4 vpn5 + +/etc/network/interfaces +----------------------- + +/etc/network/interfaces can be configured to start and stop openvpn when the +underlying network interface is brought up and down. To do so add a line such +as "openvpn vpn1" to the stanza for the underlying network interface, where +"vpn1" is the name of the vpn to start and stop. + +It is possible to control vpn interfaces using the standard ifup/ifdown +commands. This is helpful in case you want tunnels to be started right +after physical networks, so any network filesystems listed in fstab can be +mounted during the standard boot sequence. In order to do this several +steps need to be taken: + +- Select a specific tun/tap device name using the 'dev' option in your + config file (e.g. dev tun_work). This will ensure that the name you + use in /etc/network/interfaces will always match the one this vpn + will utilize. + +- Create a 'manual' type interface entry in /etc/network/interfaces. + There should be only one option - openvpn, which takes a config file + name as the argument (without the .conf suffix) For example: + + auto tun_work + iface tun_work inet manual + openvpn work_vpn + +- You should prevent openvpn from trying to start this tunnel when its + own init script runs, since the interface is already up. This is done + in /etc/default/openvpn by changing the AUTOSTART option as described + in the same file + + +##################################### +# Compatibility notes on 2.x vs 1.x # +##################################### + +In version 2.0, --tun-mtu 1500 --mssfix 1450 is now the default. In 1.x the +default is --link-mtu 1300 for tun interfaces and --tun-mtu 1500 for tap +interfaces, with --mssfix disabled). + +Also in version 2.0, when using TLS, --key-method 2 is now the default, +it was 1 in versions 1.x. + +To sum up, to make 2.0 work with 1.x put the following in the 1.x configuration +files: + + tun-mtu 1500 + tun-mtu-extra 32 + mssfix 1450 + key-method 2 ## (if you're using TLS) + + +Or, in case you'd rather not modify the 1.x configuration, set the 2.x side +configuration like this: + +If using TLS: + key-method 1 +If "dev tun": + link-mtu 1300 +If "dev tap": + tun-mtu 1500 + tun-mtu-extra 32 + +OpenVPN 1.x won't be able to act as a client against a OpenVPN 2.x +acting as multiple client server. OpenVPN 1.x can only work with 2.x +in point-to-point tunnels. + +Changes in string remapping +--------------------------- + +Quoting James Yonan: +"Prior to 2.0-beta12, the string remapping code was a bit ad-hoc. Since then +I've tried to unify all string remapping towards a consistent model which +remaps illegal chars to '_'. The choice of underbar is arbitrary -- any inert +character will do." + +So, you must use '_' instead of '.' to represent spaces in certificates names +from now on. + +plugin support +-------------- + +Plugins are now included in the package. They get installed in /usr/lib/openvpn. +Info on what they are and what they do in README.auth-pam and README.down-root. +Append /usr/lib/openvpn/ to the plugin name in the plugin option. +i.e. + plugin /usr/lib/openvpn/openvpn-auth-pam.so [service-type] + +Using resolvconf +---------------- + +Have a look at the shell script /etc/openvpn/update-resolv-conf +It parses DHCP options from openvpn to update /etc/resolv.conf +To use set as 'up' and 'down' script in your openvpn *.conf: + +up /etc/openvpn/update-resolv-conf +down /etc/openvpn/update-resolv-conf + +You will need to install resolvconf package. + +Out of Memory issues +------------------- + +You might run into issues with openvpn complaining about out of memory. The reason for this behavior is that openvpn uses mlockall to pin all of its pages into memory. To correct this issue you can put a "ulimit -l " in the openvpn init script. + + -- Alberto Gonzalez Iniesta Sun, 09 Dec 2007 01:32:10 +0100 --- openvpn-2.1~rc19.orig/debian/changelog +++ openvpn-2.1~rc19/debian/changelog @@ -0,0 +1,865 @@ +openvpn (2.1~rc19-1ubuntu2) karmic; urgency=low + + * debian/patches/redirect-gateway.patch: Fix regression introduced in + 2.1rc17 that makes redirect-gateway (without options) to be ignored. + Patch cherrypicked from upstream 2.1rc20 (SVN r5011), LP: #445695 + + -- Thierry Carrez Tue, 13 Oct 2009 09:31:20 +0200 + +openvpn (2.1~rc19-1ubuntu1) karmic; urgency=low + + * Merge from debian unstable (LP: #404099), remaining changes: + - debian/openvpn.init.d: + - Do not use start-stop-daemon and use < /dev/null to avoid blocking boot + - show per-VPN result messages + - add "--script-security 2" by default for backwards compatibility + - Added lsb-base>=3.2-14 depend to allow status_of_proc() + + -- Bhavani Shankar Fri, 24 Jul 2009 19:22:13 +0530 + +openvpn (2.1~rc19-1) unstable; urgency=low + + * New upstream version + - Removed remote_env.patch, applied upstream + - trusted_ip is exported again. (Closes: #524979) + * Bumped Standards-Version to 3.8.2 + + -- Alberto Gonzalez Iniesta Tue, 21 Jul 2009 17:00:56 +0200 + +openvpn (2.1~rc15-1ubuntu1) karmic; urgency=low + + * Merge from debian unstable (LP: #372358), remaining changes: + - debian/openvpn.init.d: + - Do not use start-stop-daemon and use < /dev/null to avoid blocking boot + - show per-VPN result messages + - add "--script-security 2" by default for backwards compatibility + - Added lsb-base>=3.2-14 depend to allow status_of_proc() + + -- Andres Rodriguez Tue, 05 May 2009 14:25:37 -0500 + +openvpn (2.1~rc15-1) unstable; urgency=low + + * New upstream version (Closes: #515575) + * remote_env.patch: patched options.c to fix remote* enviroment vars. + * openvpn-pkcs11warn.patch: warn on deprecated pkcs11 options. + Thanks A LOT to Florian Kulzer for the README.Debian text & patch! + (Closes: #475353) + * Removed lladdr-is-not-ip.patch, since it was included upstream. + * init.d script: Use start-stop-daemon to avoid failure on start when + a PID file is not deleted. (Closes: #445061) + * init.d script: Added 'status' action. Thanks Thierry Carrez for + the patch. (Closes: #498493) + * Updated debian/copyright: Point to GPL-2 + * Updated debian/control: Added ${misc:Depends} + * Bumped Standards-Version to 3.8.1 + * Moved to debhelper compat 7. + + -- Alberto Gonzalez Iniesta Thu, 30 Apr 2009 12:35:05 +0200 + +openvpn (2.1~rc11-1ubuntu3) jaunty; urgency=low + + * debian/openvpn.init.d: + - Fix unexpected operator on startup (LP: #340120) + + -- Michael Jeanson Mon, 09 Mar 2009 16:02:50 -0400 + +openvpn (2.1~rc11-1ubuntu2) intrepid; urgency=low + + * debian/openvpn.init.d: + - Revert fix from #454371 that was merged at 2.1~rc7-4 to prevent + openvpn prompts from blocking the boot (LP: #280428) + - Fix VPNs always reported started [ OK ] + + -- Thierry Carrez Wed, 15 Oct 2008 17:12:54 +0200 + +openvpn (2.1~rc11-1ubuntu1) intrepid; urgency=low + + * Merge with Debian (LP: #279655), remaining diffs: + - debian/openvpn.init.d: Added 'status' action to init script, show + per-VPN result messages and add "--script-security 2" by default for + backwards compatibility + - debian/control: Added lsb-base>=3.2-14 depend to allow status_of_proc() + * Fixes regression when calling commands with arguments (LP: #277447) + + -- Thierry Carrez Tue, 07 Oct 2008 16:30:44 +0200 + +openvpn (2.1~rc11-1) unstable; urgency=low + + * New upstream version + - Fixes TLS negotiation problems (Closes: #496649) + * Patched options.c, socket.c and socket.h to correctly check + for MAC addresses on lladdr parm. (Closes: #496141) + Thanks hoverhell@gmail.com for the patch. + * init.d script: exit with 0 status when trying to start + an already running VPN. (Closes: #499247) + + -- Alberto Gonzalez Iniesta Wed, 17 Sep 2008 13:43:22 +0200 + +openvpn (2.1~rc10-1) unstable; urgency=low + + * New upstream version. + - Fixed calls to external commands with arguments. + (Closes: #495964, #496314, #497411) + + -- Alberto Gonzalez Iniesta Thu, 11 Sep 2008 16:58:37 +0200 + +openvpn (2.1~rc9-3ubuntu2) intrepid; urgency=low + + * debian/openvpn.init.d: + - Added 'status' action to init script (LP: #251641) + - Restored per-VPN result messages by using log_action_begin_msg and + one log_daemon_msg per VPN instead of log_progress_msg (LP: #264966) + * debian/control: Added lsb-base>=3.2-14 depend to allow status_of_proc() + + -- Thierry Carrez Tue, 09 Sep 2008 10:45:45 +0200 + +openvpn (2.1~rc9-3ubuntu1) intrepid; urgency=low + + * debian/openvpn.init.d: Add "--script-security 2" by default for backwards compatibility + (LP: #260291) + + -- Chuck Short Mon, 25 Aug 2008 10:20:31 -0400 + +openvpn (2.1~rc9-3) unstable; urgency=low + + * debian/rules: run ./configure with path to 'route', for + those build daemons without 'route'. (Closes: #495082) + * Created NEWS.Debian with info on new option script-security. + (Closes: #494998) + + -- Alberto Gonzalez Iniesta Sat, 16 Aug 2008 13:34:24 +0200 + +openvpn (2.1~rc9-2) unstable; urgency=low + + * debian/rules: run ./configure with path to ifconfig, for + those build daemons without ifconfig. (Closes: #494918) + + -- Alberto Gonzalez Iniesta Wed, 13 Aug 2008 13:37:01 +0200 + +openvpn (2.1~rc9-1) unstable; urgency=high + + * New upstream version. + * Urgency high since it fixes a security bug in versions + 2.1-beta14 to 2.1-rc8. CVE-2008-3459. (Closes: #493488) + * Added sample-scripts/ to examples directory. + * Thanks Tristan Hill for rewritten debian_openssl_vulnkeys.patch + + -- Alberto Gonzalez Iniesta Mon, 11 Aug 2008 19:40:11 +0200 + +openvpn (2.1~rc8-1) unstable; urgency=low + + * New upstream version + * Added Build-dep on libpkcs11-helper1 to re-enable PKCS#11 + support. Sorry for the delay Florian :) (Closes: #475353) + + -- Alberto Gonzalez Iniesta Wed, 23 Jul 2008 10:38:13 +0200 + +openvpn (2.1~rc7-6) unstable; urgency=low + + * debian/control: Add Recommends on net-tools. (Closes: #469522) + * init.d script: clean up. (Closes: #486678) + * init.d script: Added soft-restart option to send SIGUSR1 to running + VPNs. (Closes: #414252) + * Added bash_completion for init.d script. (Closes: #394289) + * Removed obsolete templates and its associated code. (Closes: #459531) + * Removed stop before upgrade question, always restar after the upgrade + not in between. (Closes: #371148) + * New patch to correct spelling error in socket.c. (Closes: #487957) + * Added OPTARGS to init.d script and /etc/default/openvpn so that + Stanislav Maslovski does not have to edit this on every upgrade :) + (Closes: #488675) + + -- Alberto Gonzalez Iniesta Tue, 24 Jun 2008 15:46:15 +0200 + +openvpn (2.1~rc7-5) unstable; urgency=low + + * init.d script: Set default exit code to 0 when undefined. + (Closes: #486441) + + -- Alberto Gonzalez Iniesta Mon, 16 Jun 2008 16:59:02 +0200 + +openvpn (2.1~rc7-4) unstable; urgency=low + + * The 'Miriam helped me move to quilt' release + * Moved all the patches to debian/patches + * debian/control: Added Build-Dep on quilt + * Applied patch by Jamie Strandboge to fix openssl-vulnkey + extra passphrase prompts. Thanks Jamie. + (Closes: #483020, #483500, #486129) + * Updated Portuguese debconf templates. (Closes: #484007) + + [ Martin Pitt ] + * Added note on Out Of Memory issues. (Closes: #484113) + * Avoid asking about the tun device creation if using udev. + (Closes: #484111) + * Reworked init.d script to use LSB functions. (Closes: #484110) + + -- Alberto Gonzalez Iniesta Sat, 14 Jun 2008 19:00:40 +0200 + +openvpn (2.1~rc7-3) unstable; urgency=low + + * The 'Thanks the transtalors' release + * Updated Japanese debconf templates. (Closes: #483848) + * Updated Russian debconf templates. (Closes: #483693) + * Updated Brazilian Portuguese debconf templates. (Closes: #483686) + * Updated German debconf templates. (Closes: #483610) + * Updated French debconf templates. (Closes: #483104) + * Updated Spanish debconf templates. (Closes: #482939) + * Updated Italian debconf templates. (Closes: #482809) + * Updated Finnish debconf templates. (Closes: #482763) + * Updated Swedish debconf templates. (Closes: #482677) + * Updated Vietnamese debconf templates. (Closes: #482640) + * Updated Galician debconf templates. (Closes: #482461) + * Updated Czech debconf templates. (Closes: #482430) + * Updated Basque debconf templates. (Closes: #482398) + * Updated path to openssl-vulnkey. (Closes: #483723) + + -- Alberto Gonzalez Iniesta Sun, 01 Jun 2008 21:11:17 +0200 + +openvpn (2.1~rc7-2) unstable; urgency=high + + * init.c: Warn of use of known vulnerable weak SSL/TLS + and shared secret keys caused by Debian openssl bug. + Patch taken from Ubuntu. CVE-2008-0166 + * debian/(templates|postinst): Add warning on vulnerable + secrect/key files. + * debian/control: Add dependencies on openssl-blacklist and + openvpn-blacklist. Bumped dependency on libssl version. + + -- Alberto Gonzalez Iniesta Fri, 16 May 2008 00:45:23 +0200 + +openvpn (2.1~rc7-1) unstable; urgency=low + + * New upstream release (Closes: #464181) + - Slashes in X509 common name allowed (Closes: #452274) + * init.d script: Removed /dev/null stdin redirection, so passphrases + can be typed in. (Closes: #454371) + * Set FD_CLOEXEC in socket initialization BEFORE running the 'up script' + Thanks a lot Julien Cristau for finding this out and sending the + patch (Closes: #367716) + * Added multiple VPN configuration in /e/n/interfaces. + Thanks Sam Couter for the patch (Closes: #472924) + * Bumped Standards-Version to 3.7.3 + * Debconf templates and debian/control reviewed by the debian-l10n- + english team as part of the Smith review project. (Closes: #462048) + * Updated Vietnamese debconf templates. (Closes: #465535) + * Updated German debconf templates. (Closes: #465317) + * Updated Brazilian Portuguese debconf templates. (Closes: #465440) + * Updated Japanese debconf templates. (Closes: #462736) + * Updated Portuguese debconf templates. (Closes: #462795) + * Updated Swedish debconf templates. (Closes: #462979) + * Updated Galician debconf templates. (Closes: #462990) + * Updated Spanish debconf templates. (Closes: #463047) + * Updated French debconf templates. (Closes: #463636) + * Updated Italian debconf templates. (Closes: #463703) + * Updated Finnish debconf templates. (Closes: #463952) + * Updated Czech debconf templates. (Closes: #464221) + * Updated Russian debconf templates. (Closes: #464666) + * Updated Norwegian Bokmål debconf templates. (Closes: #462811) + + -- Alberto Gonzalez Iniesta Sat, 02 Feb 2008 22:41:31 +0100 + +openvpn (2.1~rc4-2) unstable; urgency=low + + * Upload to unstable. New upstream fixes: + - Bug with: Assertion failed at multi.c. (Closes: #411633) + - Hangs with tcp clients goin down with new option: + --connect-timeout. (Closes: #296834) + * Use rm -f to remove PIDFILE, in case rm wants to ask. + (Closes: #429932) + * Updated Vietnamese debconf templates. (Closes: #427048) + Thanks Clytie Siddall. + * Added note on resolvconf use with openvpn. (Closes: #451319) + + -- Alberto Gonzalez Iniesta Sat, 08 Dec 2007 21:58:05 +0100 + +openvpn (2.1~rc4-1) experimental; urgency=low + + * New upstream release + + -- Alberto Gonzalez Iniesta Mon, 22 Oct 2007 20:59:46 +0200 + +openvpn (2.1~rc2-1) experimental; urgency=low + + * Just forward-push the Debian patches to the new version, + and upload to experimental (with permission of the maintainer). + + -- Andreas Barth Thu, 19 Apr 2007 18:23:59 +0200 + +openvpn (2.0.9-8) unstable; urgency=low + + * Install /etc/openvpn/update-resolv-conf with correct permissions + + -- Alberto Gonzalez Iniesta Sat, 19 May 2007 18:12:12 +0200 + +openvpn (2.0.9-7) unstable; urgency=low + + * Added script to update resolv.conf with server's settings. + The script is located in the /etc/openvpn/ directory. + Thanks a lot Christof Lauber for the script. + Added resolvconf to Suggests. + * Added LSB section to the init.d script. + + -- Alberto Gonzalez Iniesta Sat, 19 May 2007 17:48:23 +0200 + +openvpn (2.0.9-6) unstable; urgency=low + + * Fixed init.d script to avoid running multiple instances of the + same VPN. Thanks Keith Kyzivat for pushing me into looking + again into this issue. (Closes: #326080) + * Included patch to README.Debian from Peter Rabbitson describing + /etc/network/interfaces integration. (Closes: #413732) + * Also included joeyh's suggestion on the previous subject. + (Closes: 419797) + * Avoid restarting a vpn instead of reloading it due to wrong + detection of 'user' option in init.d script. Thanks Josip Rodin. + (Closes: 403503) + * Added Russian debconf translation. (Closes: #414088) + Thanks Yuriy Talakan. + * Built against liblzo2 instead of liblzo. (Closes: #423366) + + -- Alberto Gonzalez Iniesta Tue, 15 May 2007 23:53:26 +0200 + +openvpn (2.0.9-5) unstable; urgency=low + + * Added Galician debconf translation. (Closes: #412492) + Thanks Jacobo Tarrio + + -- Alberto Gonzalez Iniesta Wed, 28 Feb 2007 00:36:14 +0100 + +openvpn (2.0.9-4) unstable; urgency=low + + * Updated Swedish debconf translation. (Closes: #407851) + Thanks Andreas Henriksson + + -- Alberto Gonzalez Iniesta Sun, 21 Jan 2007 22:24:58 +0100 + +openvpn (2.0.9-3) unstable; urgency=low + + * Fixed type in Portuguese debconf translation. + * debian/templates. Changed default value for init.d change + question to false. (Closes: #403317) + + -- Alberto Gonzalez Iniesta Fri, 22 Dec 2006 19:36:05 +0100 + +openvpn (2.0.9-2) unstable; urgency=low + + * Updated Spanish debconf translation. (Closes: #393796) + * Updated German debconf translation. (Closes: #397019) + * Updated Japanese debconf translation. (Closes: #392627) + * Added Italian debconf translation. (Closes: #398050) + * Added Portuguese debconf translation. (Closes: #400685) + + -- Alberto Gonzalez Iniesta Fri, 8 Dec 2006 12:28:34 +0100 + +openvpn (2.0.9-1) unstable; urgency=low + + * New upstream release. No changes in *NIX source code. + Updating to avoid 'New upstream, blah, blah'. + * debian/control: Fixed spelling error in description + (Closes: #390242) + * debian/copyright: Updated project's homepage and author's + email address. (Closes: #388466) + * debian/copyright: Updated the FSF address. + * Updated Dutch debconf translation. (Closes: #389982, 379802) + Thanks Kurt De Bree + * Updated Czech debconf translation. (Closes: #384755) + Thanks Miroslav Kure + + -- Alberto Gonzalez Iniesta Tue, 10 Oct 2006 12:17:57 +0200 + +openvpn (2.0.7-1) unstable; urgency=low + + * The 'Translators, translators, translators' release. + * New upstream version. + * Added Dutch debconf translation. (Closes: #370073) + Thanks Kurt De Bree + * Updated Danish debconf translation. (Closes: #369772, #376704) + Thanks Claus Hindsgaul + * Updated French debconf translation. (Closes: #373191) + Thanks Michel Grentzinger + + -- Alberto Gonzalez Iniesta Sat, 22 Jul 2006 20:44:52 +0200 + +openvpn (2.0.6-2) unstable; urgency=low + + * The "Mañana" Release. + * debian/control: Added Suggests: openssl (Closes: #368256) + * debian/postinst: Run the init.d script with 'start' when doing + a fresh install or stop2upgrade=true. (Closes: #366085, #338956) + * Updated Czech debconf translation (Closes: #333989) + Thanks Miroslav Kure. + * Bumped Standards-Version to 3.7.2.0, no change. + * debian/rules: Avoid compressing 'pkitool' (Closes: #354478) + * debian/templates: Corrected typo on init scripts order change. + (Closes: #351664) + * Updated German debconf translation (Closes: #345853) + Thanks Erik Schanze. + + -- Alberto Gonzalez Iniesta Mon, 22 May 2006 03:08:10 +0200 + +openvpn (2.0.6-1) unstable; urgency=high + + * New upstream release. Urgency high due to security fix. + - Disallow "setenv" to be pushed to clients from the server. + (Closes: #360559) + + -- Alberto Gonzalez Iniesta Wed, 5 Apr 2006 12:17:26 +0200 + +openvpn (2.0.5-1) unstable; urgency=high + + * New upstream release. Urgency high due to security issues. + - DoS vulnerability on the server in TCP mode. + (CVE-2005-3409) (Closes: #337334) + - Format string vulnerability in the foreign_option + function in options.c could potentially allow a malicious + or compromised server to execute arbitrary code on the + client. (CVE-2005-3393) (Closes: #336751) + + -- Alberto Gonzalez Iniesta Mon, 7 Nov 2005 10:13:55 +0100 + +openvpn (2.0.2-2) unstable; urgency=low + + * debian/control: fix Depends on debconf. (Closes: #332056) + * Bumped Standards-Version to 3.6.2.0, no change. + * Updated Danish debconf translation. (Closes: #326907) + * Updated French debconf translation. (Closes: #328076) + * Added Swedish debconf translation. (Closes: #332785) + + -- Alberto Gonzalez Iniesta Sun, 9 Oct 2005 18:42:34 +0200 + +openvpn (2.0.2-1) unstable; urgency=low + + * The [VAC] upload. Thanks Vorbis Gdynia for the free internet access :) + * New upstream release (Closes: #323594) + * Fixed use of backslash in username authentication. (Closes: #309787) + * Fixes several DoS vulnerabilities: CAN-2005-2531 CAN-2005-2532 + CAN-2005-2533 CAN-2005-2534. (Closes: #324167) + * Changed group option from 'nobody' to 'nogroup' in all the + *example* files... (Closes: #317987) + * Included openvpn-plugin.h to allow building third party plugins. + (Closes: #316139) + * Stop openvpn's daemon later to allow some services stopping later to use + it. Added debconf template to ask permission to make the change + on older installations. (Closes: #312371) + * Workaround to fix proper daemonize when 'log' option is used. + (Closes: #309944) Thanks Jason Lunz for the patch. + * Modified output of init.d script to make it more friendly when + passphrase for a tunnel certificate is asked. + Thanks Pavel Vávra for the patch. + + -- Alberto Gonzalez Iniesta Sun, 28 Aug 2005 13:05:49 +0200 + +openvpn (2.0-4) unstable; urgency=low + + * The 'It was about time I could make a new upload' release + * Rewrote some debconf templates (Closes: #316694). + Thanks Clytie Siddall for the corrections. + * Included Vietnamese debconf translation. (Closes: #316695) + * debian/rules: exclude openssl.cnf from being compress. + (Closes: #315764) + + -- Alberto Gonzalez Iniesta Wed, 6 Jul 2005 09:22:16 +0200 + +openvpn (2.0-3) unstable; urgency=low + + * postinst: call 'restart' when 'cond-restart' fails due to user + not upgrading the init.d script. (Closes: #308926) + + -- Alberto Gonzalez Iniesta Sat, 28 May 2005 12:52:16 +0200 + +openvpn (2.0-2) unstable; urgency=low + + * Added '-f' to rm when deleting the status file. This eliminates + the need to test if it exists and saves the init.d script from + failing. (Closes: #306588) + * Modified pam plugin to load libpam.so.0 instead of libpam.so. + (Closes: #306335) + + -- Alberto Gonzalez Iniesta Wed, 4 May 2005 15:02:45 +0200 + +openvpn (2.0-1) unstable; urgency=low + + * The 'This-is-the-real-2.0' release + * New upstream version. + * openvpn.8: s/--/\\-\\-/g a.k.a escaped dashes to make it possible + to search for options with UTF charsets. (Closes: #296133) + * Improved init.d script output. (Closes: #297997) + Thanks Thomas Hood for the patch. + * debian/control. Rewrote Description: field. + Now it's more useful and complete. (Closes: #304895) + * init.d script: + - Fixed restarting of multiple VPNs + - Fixed TAB converted to spaces. + - Remove status file on VPN stop + - Respect 'status' option if given in the config file + - New /etc/default/openvpn configuration file that allows + control on which VPNs are automatically started and also + controls status file refresh interval + Thanks Philipp A. Hartmann for the nice patch. (Closes: #294332) + * init.d script: Added cond-restart to only restart VPNs in use. + postint: Call init.d script with cond-restart instead of restart. + (Closes: #280464) + * init.d script: change order of --config and --cd to permit + nested 'configs'. (Closes: #299082) + + -- Alberto Gonzalez Iniesta Mon, 18 Apr 2005 09:07:05 +0200 + +openvpn (1.99+2.rc20-1) unstable; urgency=low + + * New upstream release + + -- Alberto Gonzalez Iniesta Mon, 4 Apr 2005 23:05:23 +0200 + +openvpn (1.99+2.rc18-1) unstable; urgency=low + + * New upstream release (Closes: #301949) + + -- Alberto Gonzalez Iniesta Tue, 29 Mar 2005 12:56:42 +0200 + +openvpn (1.99+2.rc16-1) unstable; urgency=low + + * New upstream release + + -- Alberto Gonzalez Iniesta Sun, 20 Feb 2005 20:24:25 +0100 + +openvpn (1.99+2.rc12-1) unstable; urgency=low + + * New upstream release + + -- Alberto Gonzalez Iniesta Sun, 6 Feb 2005 11:49:44 +0100 + +openvpn (1.99+2.rc11-2) unstable; urgency=low + + * Added --enable-password-save to configure call to allow + --askpass and --auth-user-pass passwords to be read from a file. + + -- Alberto Gonzalez Iniesta Thu, 3 Feb 2005 18:19:28 +0100 + +openvpn (1.99+2.rc11-1) unstable; urgency=low + + * New upstream release + * Added --status line to init.d script (Closes: #293144) + + -- Alberto Gonzalez Iniesta Thu, 3 Feb 2005 09:28:06 +0100 + +openvpn (1.99+2.rc10-1) unstable; urgency=low + + * New upstream release + * Updated pt_BR debconf translation (Closes: #292079) + + -- Alberto Gonzalez Iniesta Fri, 28 Jan 2005 14:44:42 +0100 + +openvpn (1.99+2.rc6-1) unstable; urgency=low + + * The 'Three Wise Men' release. + * New upstream release. + * Update README.Debian with comments on changed string remapping. + Thanks ron@debian.org for noting this first. (Closes: #288669) + + -- Alberto Gonzalez Iniesta Wed, 5 Jan 2005 19:03:11 +0100 + +openvpn (1.99+2.beta19-1) unstable; urgency=low + + * New upstream release. + * Updated README.Debian with info on plugins. + + -- Alberto Gonzalez Iniesta Sun, 5 Dec 2004 11:57:03 +0100 + +openvpn (1.99+2.beta18-2) unstable; urgency=low + + * Built and installed plugins. Thanks Michael Renner for noticing. + (Closes: #284224) + * Added Build-Depends on libpam0g-dev, required by auth-pam plugin. + + -- Alberto Gonzalez Iniesta Sun, 5 Dec 2004 10:19:45 +0100 + +openvpn (1.99+2.beta18-1) unstable; urgency=low + + * New upstream release. Corrects --mssfix behaviour (Closes: #280893) + * Included Czech debconf translation. (Closes: #282995) + + -- Alberto Gonzalez Iniesta Mon, 29 Nov 2004 10:56:07 +0100 + +openvpn (1.99+2.beta17-2) unstable; urgency=low + + * Updated (German|Danish|French|Japanese) debconf translations. + (Closes: #281235, #282095, #282216, #282881) + + -- Alberto Gonzalez Iniesta Wed, 24 Nov 2004 08:15:29 +0100 + +openvpn (1.99+2.beta17-1) unstable; urgency=low + + * New upstream version. Includes fix for the --key-method 1 bug. + * WARNING: This version changes the default port (5000 previously) + to 1194 (assigned by INANA). This will affect you if you don't + have a 'port' option specified in your configuration files. + Added a debconf note about it. + * Updated es.po. + + -- Alberto Gonzalez Iniesta Fri, 12 Nov 2004 15:32:56 +0100 + +openvpn (1.99+2.beta16-2) unstable; urgency=low + + * Patched ssl.c to fix bug in --key-method 1, that prevented + OpenVPN 2.x from working with 1.x using that method. + Thanks James for the prompt answer & patch. + Thanks weasel for finding it out. + + -- Alberto Gonzalez Iniesta Mon, 8 Nov 2004 11:59:12 +0100 + +openvpn (1.99+2.beta16-1) unstable; urgency=low + + * New upstream releases. Fixes the "Assertion failed at crypto.c" + (Closes: #265632, #270005) + + -- Alberto Gonzalez Iniesta Sun, 7 Nov 2004 17:46:09 +0100 + +openvpn (1.99+2.beta15-5) unstable; urgency=low + + * Updated README.Debian with clearer 2.x vs 1.x interoperability + instructions. + + -- Alberto Gonzalez Iniesta Sun, 7 Nov 2004 10:26:03 +0100 + +openvpn (1.99+2.beta15-4) unstable; urgency=low + + * Put if-{up,down}.d scripts back in place, this time they work. + Just remember to quote shell vars when checking if they are empty. + [ -n "$VAR" ] -> Good [ -n $VAR ] -> BAD + Note to self, don't trust people's patches even if they are DD. + + -- Alberto Gonzalez Iniesta Thu, 4 Nov 2004 08:33:45 +0100 + +openvpn (1.99+2.beta15-3) unstable; urgency=low + + * Removed if-{up,down}.d scripts until I get to know how they work. + + -- Alberto Gonzalez Iniesta Wed, 3 Nov 2004 20:58:41 +0100 + +openvpn (1.99+2.beta15-2) unstable; urgency=low + + * Corrected names of if-{up,down}.d scripts. Duh! + + -- Alberto Gonzalez Iniesta Wed, 3 Nov 2004 10:21:52 +0100 + +openvpn (1.99+2.beta15-1) unstable; urgency=low + + * New upstream release. + * Renamed package to 1.99 to make it clearer that we're using + version 2.0 and not 1.6. Some people rather talk about this on IRC + and not tell the maintainer directly. + * Added Brazilian Portuguese debconf templates. (Closes: #279351) + * Modified init.d script so that specifying a daemon option in a + VPN configuration won't make it fail. + Thanks Christoph Biedl for the patch. (Closes: #278302) + * Added scripts to allow specifying 'openvpn name' in + /etc/network/interfaces to have the tunnel created and destroyed with + the device it runs over. Thanks Joachim Breitner for the patch. + (Closes: #273481) + * Modified init.d script so that multiple VPNs can be started or stopped + with a single command. (See README.Debian) + + -- Alberto Gonzalez Iniesta Tue, 2 Nov 2004 12:49:41 +0100 + +openvpn (1.6.0+2.beta14-1) unstable; urgency=low + + * New upstream release. + + -- Alberto Gonzalez Iniesta Wed, 20 Oct 2004 09:13:09 +0200 + +openvpn (1.6.0+2.beta12-1) unstable; urgency=low + + * New upstream release. + * Added comments about compatibility issues between openvpn 2.x and 1.x + to README.Debian (Closes: #276799) + * Changed maintainer email address. + + -- Alberto Gonzalez Iniesta Mon, 18 Oct 2004 09:01:23 +0200 + +openvpn (1.6.0+2.beta11-1) unstable; urgency=low + + * New upstream release. (Closes: #269631) + * I decided to get OpenVPN 2 into sid, and hopefully into Sarge since + the current beta works pretty well and adds important features I don't + want missing in Sarge. + * Updated README.Debian + + -- Alberto Gonzalez Iniesta Fri, 15 Oct 2004 11:52:58 +0200 + +openvpn (1.6.0-5) unstable; urgency=low + + * Added German and Japanese debconf templates. + (Closes: #266927, #270477) + + -- Alberto Gonzalez Iniesta Fri, 10 Sep 2004 08:31:54 +0200 + +openvpn (1.6.0-4) unstable; urgency=low + + * Updated French and Danish debconf templates + (Closes: #254064, #256053) + + -- Alberto Gonzalez Iniesta Mon, 28 Jun 2004 09:51:44 +0200 + +openvpn (1.6.0-3) unstable; urgency=low + + * Included Catalan debconf templates. (Closes: #248750) + Thanks Aleix Badia i Bosch. + * Added debconf question on whether the daemon should be stopped at + the begining of and upgrade or not. Thus being more reliable on + remote upgrades. (Closes: #250558) + + -- Alberto Gonzalez Iniesta Thu, 10 Jun 2004 15:59:39 +0200 + +openvpn (1.6.0-2) unstable; urgency=low + + * Recover init.d modification suggested by Kai Henningsen to get + different syslog names for each VPN. How the fuck did that get lost? + + -- Alberto Gonzalez Iniesta Fri, 28 May 2004 16:51:04 +0200 + +openvpn (1.6.0-1) unstable; urgency=low + + * New upstream release + + -- Alberto Gonzalez Iniesta Mon, 10 May 2004 08:59:37 +0200 + +openvpn (1.5.0-3) unstable; urgency=low + + * Included Danish debconf template. Thanks Claus Hindsgau. + (Closes: #234944) + + -- Alberto Gonzalez Iniesta Tue, 9 Mar 2004 16:36:33 +0100 + +openvpn (1.5.0-2) unstable; urgency=low + + * Modified init.d script to permit different syslog names for each + VPN. Thanks Kai Henningsen for the tip. (Closes: #227376) + * Moved 'verify-cn' script to /usr to make weasel happier ;) + (Closes: #221995) + * Moved to gettext-based debconf templated. Added French translation. + Thanks Michel Grentzinger for the patches. + (Closes: #219015, #219016) + * Fixed spanish translation that was a complete mess. + (Closes: Fri-Sun) + + -- Alberto Gonzalez Iniesta Thu, 15 Jan 2004 18:08:24 +0100 + +openvpn (1.5.0-1) unstable; urgency=low + + * New upstream release + * Moved to debhelper compatibility 4. Created debian/compat. + + -- Alberto Gonzalez Iniesta Sat, 22 Nov 2003 18:18:50 +0100 + +openvpn (1.4.3-3) unstable; urgency=low + + * Added quotes around $2 in dpkg --compare-versions (config and postinst) + and check if $2 actually has a value. + This way it won't fail if $2 is not set. Duh! (Closes: #214848) + + -- Alberto Gonzalez Iniesta Thu, 9 Oct 2003 11:01:31 +0200 + +openvpn (1.4.3-2) unstable; urgency=low + + * Moved initscripts sequence number to S16 from S20. This will make + openvpn start earlier and be ready for other services. (Closes: #209225) + * Added Depends: on debconf, it's used in the maintainer's scripts now. + * Added debconf template to ask for the creation of the TUN/TAP device + node. (Closes: #211198) + + -- Alberto Gonzalez Iniesta Thu, 2 Oct 2003 21:39:46 +0200 + +openvpn (1.4.3-1) unstable; urgency=low + + * New upstream release + * Bumped Standards-Version to 3.6.1.0, no change. + * Patched init.d script to support single vpn stop/start/restart. + Thanks to Richard Mueller and Norbert Tretkowski (Closes: #204100) + + -- Alberto Gonzalez Iniesta Tue, 30 Sep 2003 20:04:37 +0200 + +openvpn (1.4.1.4-1) unstable; urgency=low + + * New upstream release. Backed out --dev-name patch, + modified --dev to offer equivalent functionality + (Closes: #194910) + * Updated README.Debian. Thanks to John R. Shearer + + -- Alberto Gonzalez Iniesta Tue, 17 Jun 2003 11:08:17 +0200 + +openvpn (1.4.1-1) unstable; urgency=low + + * New upstream release + + -- Alberto Gonzalez Iniesta Fri, 16 May 2003 17:14:41 +0200 + +openvpn (1.4.0-2) unstable; urgency=low + + * Patch from James Yonan to use 2.2.x TUN interface if 2.4.x fails. + (Closes: #182020) + + -- Alberto Gonzalez Iniesta Sun, 11 May 2003 10:24:51 +0200 + +openvpn (1.4.0-1) unstable; urgency=low + + * New upstream release (Closes: #179551) + * Re-enabled liblzo support. LZO's author made an exception in LZO's + license that permits OpenVPN to use LZO and OpenSSL. See copyright + file. + + -- Alberto Gonzalez Iniesta Thu, 8 May 2003 09:21:53 +0200 + +openvpn (1.3.2-3) unstable; urgency=low + + * Removed executable permissions from generated secret files. + (Closes: #178849) + + -- Alberto Gonzalez Iniesta Thu, 6 Feb 2003 10:04:11 +0100 + +openvpn (1.3.2-2) unstable; urgency=low + + * Disabled liblzo1 support to fix license issues with Openssl. + (Closes: #177497) + * Bumped Standards-Version to 3.5.8, no change. + + -- Alberto Gonzalez Iniesta Mon, 20 Jan 2003 16:09:16 +0100 + +openvpn (1.3.2-1) unstable; urgency=low + + * New upstream release + + -- Alberto Gonzalez Iniesta Mon, 28 Oct 2002 14:22:10 +0100 + +openvpn (1.3.0-2) unstable; urgency=low + + * Modified init.d script so it's not dependent on bash. (Closes: #161525) + + -- Alberto Gonzalez Iniesta Sat, 21 Sep 2002 12:23:46 +0200 + +openvpn (1.3.0-1) unstable; urgency=low + + * New upstream release + + -- Alberto Gonzalez Iniesta Wed, 10 Jul 2002 12:50:50 +0200 + +openvpn (1.2.1-1) unstable; urgency=low + + * New upstream release + * Added init.d script + + -- Alberto Gonzalez Iniesta Fri, 21 Jun 2002 14:05:42 +0200 + +openvpn (1.2.0-2) unstable; urgency=low + + * Modified configure(.ac) pthread library handling to work with GCC 3.0. + Thanks to Lamont Jones for the patch. (Closes: #148120) + + -- Alberto Gonzalez Iniesta Sat, 25 May 2002 11:41:59 +0200 + +openvpn (1.2.0-1) unstable; urgency=low + + * Initial Release. (Closes: #140463) + + -- Alberto Gonzalez Iniesta Thu, 23 May 2002 11:00:37 +0200 + --- openvpn-2.1~rc19.orig/debian/openvpn.if-down.d +++ openvpn-2.1~rc19/debian/openvpn.if-down.d @@ -0,0 +1,13 @@ +#!/bin/sh + +OPENVPN=/etc/init.d/openvpn + +if [ ! -x $OPENVPN ]; then + exit 0 +fi + +if [ -n "$IF_OPENVPN" ]; then + for vpn in $IF_OPENVPN; do + $OPENVPN stop $vpn + done +fi --- openvpn-2.1~rc19.orig/debian/compat +++ openvpn-2.1~rc19/debian/compat @@ -0,0 +1 @@ +7 --- openvpn-2.1~rc19.orig/debian/rules +++ openvpn-2.1~rc19/debian/rules @@ -0,0 +1,117 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +include /usr/share/quilt/quilt.make + + +# These are used for cross-compiling and for saving the configure script +# from having to guess our platform (since we know it already) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + + +ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS))) + CFLAGS += -g +endif +ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) + INSTALL_PROGRAM += -s +endif + +config.status: $(QUILT_STAMPFN) + dh_testdir + # Add here commands to configure the package. + ./configure --enable-pthread --enable-password-save --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --mandir=\$${prefix}/share/man --with-ifconfig-path=/sbin/ifconfig --with-route-path=/sbin/route + + +build: build-stamp + +build-stamp: config.status + dh_testdir + + # Add here commands to compile the package. + $(MAKE) + #make plugins + $(MAKE) -C plugin/auth-pam/ + $(MAKE) -C plugin/down-root/ + + touch build-stamp + +clean: unpatch + dh_testdir + dh_testroot + rm -f build-stamp + + # Add here commands to clean up after the build process. + [ ! -f Makefile ] || $(MAKE) distclean + + #clean plugins + $(MAKE) -C plugin/auth-pam/ clean + $(MAKE) -C plugin/down-root/ clean + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_prep + dh_installdirs + + # Add here commands to install the package into debian/openvpn + $(MAKE) install prefix=$(CURDIR)/debian/openvpn/usr + install -m 755 sample-scripts/verify-cn $(CURDIR)/debian/openvpn/usr/share/openvpn + install -m 755 debian/openvpn.if-up.d $(CURDIR)/debian/openvpn/etc/network/if-up.d/openvpn + install -m 755 debian/openvpn.if-down.d $(CURDIR)/debian/openvpn/etc/network/if-down.d/openvpn + #install plugins + install -m 644 plugin/auth-pam/openvpn-auth-pam.so $(CURDIR)/debian/openvpn/usr/lib/openvpn + install -m 644 plugin/down-root/openvpn-down-root.so $(CURDIR)/debian/openvpn/usr/lib/openvpn + install -m 644 plugin/auth-pam/README $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/README.auth-pam + install -m 644 plugin/down-root/README $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/README.down-root + # intall plugin headers + install -m 644 openvpn-plugin.h $(CURDIR)/debian/openvpn/usr/include/openvpn/openvpn-plugin.h + # resolvconf script + install -m 755 debian/update-resolv-conf $(CURDIR)/debian/openvpn/etc/openvpn/update-resolv-conf + # bash completion + install -m 644 debian/openvpn.bash_completion $(CURDIR)/debian/openvpn/etc/bash_completion.d/openvpn + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installdebconf + dh_installdocs + dh_installexamples + ## remove windoze stuff + rm -rf $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/examples/easy-rsa/Windows + dh_installmenu +# dh_installlogrotate +# dh_installemacsen +# dh_installpam +# dh_installmime + dh_installinit --no-start -- defaults 16 80 + dh_installcron + dh_installman + dh_installinfo +# dh_undocumented + dh_installchangelogs ChangeLog + dh_link + dh_strip + dh_compress --exclude=openssl.cnf --exclude=pkitool + dh_fixperms +# dh_makeshlibs + dh_installdeb +# dh_perl + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install --- openvpn-2.1~rc19.orig/debian/NEWS +++ openvpn-2.1~rc19/debian/NEWS @@ -0,0 +1,67 @@ +openvpn (2.1~rc15-1) unstable; urgency=low + + * The openvpn utility changed its handling of pkcs11 certificates when it + switched from built-in code to the pkcs11-helper library (package + libpkcs11-helper1 on Debian). This means that you will have to update your + openvpn configuration files if you are using such certificates. For + example, a stanza in a configuration file might previously have referred to + a given pkcs11 certificate like this: + + pkcs11-providers /usr/lib/opensc-pkcs11.so + pkcs11-slot-type id + pkcs11-slot 0 + pkcs11-id-type label + pkcs11-id "YOUR_LABEL" + + This stanza has to be rewritten now in the following way: + + pkcs11-providers /usr/lib/opensc-pkcs11.so + pkcs11-id 'YOUR_PKCS11_SERIALIZED_ID' + + The pkcs11-slot, pkcs11-slot-type, pkcs11-id-type options are obsolete; + a long ID string that is unique for each certificate is now used as the + only identifier. Note that YOUR_PKCS11_SERIALIZED_ID will almost + certainly be different from YOUR_LABEL that you used previously with the + pkcs11-id option. To find out the correct serialized ID(s) for your + certificate(s), you have to query the pkcs11-provider library: + + $ openvpn --show-pkcs11-ids /usr/lib/opensc-pkcs11.so + + The following objects are available for use. + Each object shown below may be used as parameter to --pkcs11-id option + please remember to use single quote mark. + + Certificate + DN: /CN=YOUR_USER + Serial: SERIAL_NUMBER + Serialized id: YOUR_PKCS11_SERIALIZED_ID + + You have to paste YOUR_PKCS11_SERIALIZED_ID as seen in this output into + your openvpn configuration file and make sure that the string is enclosed + in single quotation marks. + + The example above assumes that your cryptographic token can be accessed + via the opensc-pkcs11.so library from libopensc2. If you have to use + another library, for example a proprietary driver from the vendor of your + token, then you have to adapt both the stanza in the configuration file + and the path given on the command line accordingly. + + Florian Kulzer + + -- Alberto Gonzalez Iniesta Thu, 30 Apr 2009 12:35:05 +0200 + +openvpn (2.1~rc9-3) unstable; urgency=low + + * Calling of external commands/scripts + + Starting with version 2.1~rc9, openvpn has a new option to control the + ability to execute external commands (--script-security). + + By default (script-security 1) it will only allow the execution of + built-in commands (ip, ifconfig, route,...). If you require the execution + of external commands, such as /etc/openvpn/update-resolv-conf, you'll have + to include the following option in your configuration file: + script-security 2 + + -- Alberto Gonzalez Iniesta Sat, 16 Aug 2008 13:34:24 +0200 + --- openvpn-2.1~rc19.orig/debian/update-resolv-conf +++ openvpn-2.1~rc19/debian/update-resolv-conf @@ -0,0 +1,54 @@ +#!/bin/bash +# +# Parses DHCP options from openvpn to update resolv.conf +# To use set as 'up' and 'down' script in your openvpn *.conf: +# up /etc/openvpn/update-resolv-conf +# down /etc/openvpn/update-resolv-conf +# +# Used snippets of resolvconf script by Thomas Hood +# and Chris Hanson +# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL. +# +# 05/2006 chlauber@bnc.ch +# +# Example envs set from openvpn: +# foreign_option_1='dhcp-option DNS 193.43.27.132' +# foreign_option_2='dhcp-option DNS 193.43.27.133' +# foreign_option_3='dhcp-option DOMAIN be.bnc.ch' + +[ -x /sbin/resolvconf ] || exit 0 + +case $script_type in + +up) + for optionname in ${!foreign_option_*} ; do + option="${!optionname}" + echo $option + part1=$(echo "$option" | cut -d " " -f 1) + if [ "$part1" == "dhcp-option" ] ; then + part2=$(echo "$option" | cut -d " " -f 2) + part3=$(echo "$option" | cut -d " " -f 3) + if [ "$part2" == "DNS" ] ; then + IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3" + fi + if [ "$part2" == "DOMAIN" ] ; then + IF_DNS_SEARCH="$part3" + fi + fi + done + R="" + if [ "$IF_DNS_SEARCH" ] ; then + R="${R}search $IF_DNS_SEARCH +" + fi + for NS in $IF_DNS_NAMESERVERS ; do + R="${R}nameserver $NS +" + done + echo -n "$R" | /sbin/resolvconf -a "${dev}.inet" + ;; +down) + /sbin/resolvconf -d "${dev}.inet" + ;; +esac + --- openvpn-2.1~rc19.orig/debian/openvpn.init.d +++ openvpn-2.1~rc19/debian/openvpn.init.d @@ -0,0 +1,282 @@ +#!/bin/sh -e + +### BEGIN INIT INFO +# Provides: vpn +# Required-Start: $network $local_fs +# Required-Stop: $network $local_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Openvpn VPN service +### END INIT INFO + +# Original version by Robert Leslie +# , edited by iwj and cs +# Modified for openvpn by Alberto Gonzalez Iniesta +# Modified for restarting / starting / stopping single tunnels by Richard Mueller + +. /lib/lsb/init-functions + +test $DEBIAN_SCRIPT_DEBUG && set -v -x + +DAEMON=/usr/sbin/openvpn +DESC="virtual private network daemon(s)" +CONFIG_DIR=/etc/openvpn +test -x $DAEMON || exit 0 +test -d $CONFIG_DIR || exit 0 + +# Source defaults file; edit that file to configure this script. +AUTOSTART="all" +STATUSREFRESH=10 +if test -e /etc/default/openvpn ; then + . /etc/default/openvpn +fi + +start_vpn () { + if grep -q '^[ ]*daemon' $CONFIG_DIR/$NAME.conf ; then + # daemon already given in config file + DAEMONARG= + else + # need to daemonize + DAEMONARG="--daemon ovpn-$NAME" + fi + + if grep -q '^[ ]*status ' $CONFIG_DIR/$NAME.conf ; then + # status file already given in config file + STATUSARG="" + elif test $STATUSREFRESH -eq 0 ; then + # default status file disabled in /etc/default/openvpn + STATUSARG="" + else + # prepare default status file + STATUSARG="--status /var/run/openvpn.$NAME.status $STATUSREFRESH" + fi + + # Handle backwards compatibility + if test -z "$( grep '^[[:space:]]*script-security[[:space:]]' $CONFIG_DIR/$NAME.conf )" ; then + script_security="--script-security 2" + fi + + STATUS=0 + # Check to see if it's already started... + if test -e /var/run/openvpn.$NAME.pid ; then + log_failure_msg "Already running (PID file exists)" + else + $DAEMON $OPTARGS --writepid /var/run/openvpn.$NAME.pid \ + $DAEMONARG $STATUSARG --cd $CONFIG_DIR \ + --config $CONFIG_DIR/$NAME.conf $script_security < /dev/null || STATUS=1 + fi + log_end_msg $STATUS +} +stop_vpn () { + kill `cat $PIDFILE` || true + rm -f $PIDFILE + rm -f /var/run/openvpn.$NAME.status 2> /dev/null + log_end_msg 0 +} + +case "$1" in +start) + log_action_begin_msg "Starting $DESC" + + # autostart VPNs + if test -z "$2" ; then + # check if automatic startup is disabled by AUTOSTART=none + if test "x$AUTOSTART" = "xnone" -o -z "$AUTOSTART" ; then + log_warning_msg " Autostart disabled, no VPN will be started." + exit 0 + fi + if test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then + # all VPNs shall be started automatically + for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do + NAME=${CONFIG%%.conf} + log_daemon_msg " Autostarting VPN '$NAME'" + start_vpn + done + else + # start only specified VPNs + for NAME in $AUTOSTART ; do + if test -e $CONFIG_DIR/$NAME.conf ; then + log_daemon_msg " Autostarting VPN '$NAME'" + start_vpn + else + log_failure_msg " Autostarting VPN '$NAME': missing $CONFIG_DIR/$NAME.conf file !" + STATUS=1 + fi + done + fi + #start VPNs from command line + else + while shift ; do + [ -z "$1" ] && break + NAME=$1 + if test -e $CONFIG_DIR/$NAME.conf ; then + log_daemon_msg " Starting VPN '$NAME'" + start_vpn + else + log_failure_msg " Starting VPN '$NAME': missing $CONFIG_DIR/$NAME.conf file !" + STATUS=1 + fi + done + fi + exit ${STATUS:-0} + ;; +stop) + log_action_begin_msg "Stopping $DESC" + if test -z "$2" ; then + PIDFILE= + for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do + NAME=`echo $PIDFILE | cut -c18-` + NAME=${NAME%%.pid} + log_daemon_msg " Stopping VPN '$NAME'" + stop_vpn + done + if test -z "$PIDFILE" ; then + log_warning_msg " No VPN is running." + fi + else + while shift ; do + [ -z "$1" ] && break + if test -e /var/run/openvpn.$1.pid ; then + log_daemon_msg " Stopping VPN '$1'" + PIDFILE=`ls /var/run/openvpn.$1.pid 2> /dev/null` + NAME=`echo $PIDFILE | cut -c18-` + NAME=${NAME%%.pid} + stop_vpn + else + log_failure_msg " Stopping VPN '$1': No such VPN is running." + fi + done + fi + ;; +# Only 'reload' running VPNs. New ones will only start with 'start' or 'restart'. +reload|force-reload) + log_action_begin_msg "Reloading $DESC" + PIDFILE= + for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do + NAME=`echo $PIDFILE | cut -c18-` + NAME=${NAME%%.pid} +# If openvpn if running under a different user than root we'll need to restart + if egrep '^[[:blank:]]*user[[:blank:]]' $CONFIG_DIR/$NAME.conf > /dev/null 2>&1 ; then + log_daemon_msg " Stopping VPN '$NAME'" + stop_vpn + sleep 1 + log_daemon_msg " Restarting VPN '$NAME'" + start_vpn + else + log_daemon_msg " Restarting VPN '$NAME'" + kill -HUP `cat $PIDFILE` || true + log_end_msg 0 + fi + done + if test -z "$PIDFILE" ; then + log_warning_msg " No VPN is running." + fi + ;; +# Only 'soft-restart' running VPNs. New ones will only start with 'start' or 'restart'. +soft-restart) + log_action_begin_msg "Soft-restarting $DESC" + PIDFILE= + for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do + NAME=`echo $PIDFILE | cut -c18-` + NAME=${NAME%%.pid} + log_daemon_msg " Soft-restarting VPN '$NAME'" + kill -USR1 `cat $PIDFILE` || true + log_end_msg 0 + done + if test -z "$PIDFILE" ; then + log_warning_msg " No VPN is running." + fi + ;; +restart) + shift + $0 stop ${@} + sleep 1 + $0 start ${@} + ;; +cond-restart) + log_action_begin_msg "Restarting $DESC" + PIDFILE= + for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do + NAME=`echo $PIDFILE | cut -c18-` + NAME=${NAME%%.pid} + log_daemon_msg " Stopping VPN '$NAME'" + stop_vpn + sleep 1 + log_daemon_msg " Restarting VPN '$NAME'" + start_vpn + done + if test -z "$PIDFILE" ; then + log_warning_msg " No VPN is running." + fi + ;; +status) + GLOBAL_STATUS=0 + if test -z "$2" ; then + # We want status for all defined VPNs. + # Returns success if all autostarted VPNs are defined and running + if test "x$AUTOSTART" = "xnone" ; then + # Consider it a failure if AUTOSTART=none + log_warning_msg "No VPN autostarted" + GLOBAL_STATUS=1 + else + if ! test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then + # Consider it a failure if one of the autostarted VPN is not defined + for VPN in $AUTOSTART ; do + if ! test -f $CONFIG_DIR/$VPN.conf ; then + log_warning_msg "VPN '$VPN' is in AUTOSTART but is not defined" + GLOBAL_STATUS=1 + fi + done + fi + fi + for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do + NAME=${CONFIG%%.conf} + # Is it an autostarted VPN ? + if test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then + AUTOVPN=1 + else + if test "x$AUTOSTART" = "xnone" ; then + AUTOVPN=0 + else + AUTOVPN=0 + for VPN in $AUTOSTART; do + if test "x$VPN" = "x$NAME" ; then + AUTOVPN=1 + fi + done + fi + fi + if test "x$AUTOVPN" = "x1" ; then + # If it is autostarted, then it contributes to global status + status_of_proc -p /var/run/openvpn.${NAME}.pid openvpn "VPN '${NAME}'" || GLOBAL_STATUS=1 + else + status_of_proc -p /var/run/openvpn.${NAME}.pid openvpn "VPN '${NAME}' (non autostarted)" || true + fi + done + else + # We just want status for specified VPNs. + # Returns success if all specified VPNs are defined and running + while shift ; do + [ -z "$1" ] && break + NAME=$1 + if test -e $CONFIG_DIR/$NAME.conf ; then + # Config exists + status_of_proc -p /var/run/openvpn.${NAME}.pid openvpn "VPN '${NAME}'" || GLOBAL_STATUS=1 + else + # Config does not exist + log_warning_msg "VPN '$NAME': missing $CONFIG_DIR/$NAME.conf file !" + GLOBAL_STATUS=1 + fi + done + fi + exit $GLOBAL_STATUS + ;; +*) + echo "Usage: $0 {start|stop|reload|restart|force-reload|cond-restart|status}" >&2 + exit 1 + ;; +esac + +exit 0 + +# vim:set ai sts=2 sw=2 tw=0: --- openvpn-2.1~rc19.orig/debian/control +++ openvpn-2.1~rc19/debian/control @@ -0,0 +1,26 @@ +Source: openvpn +Section: net +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Alberto Gonzalez Iniesta +Build-Depends: debhelper (>= 7), libssl-dev (>> 0.9.8g-9), liblzo2-dev, libpam0g-dev, quilt, libpkcs11-helper1-dev +Standards-Version: 3.8.2 + +Package: openvpn +Architecture: any +Depends: debconf | debconf-2.0, ${shlibs:Depends}, ${misc:Depends}, libssl0.9.8 (>= 0.9.8g-9), openssl-blacklist (>= 0.4), openvpn-blacklist, lsb-base (>= 3.2-14) +Recommends: net-tools +Suggests: openssl, resolvconf +Description: virtual private network daemon + OpenVPN is an application to securely tunnel IP networks over a + single UDP or TCP port. It can be used to access remote sites, make + secure point-to-point connections, enhance wireless security, etc. + . + OpenVPN uses all of the encryption, authentication, and certification + features provided by the OpenSSL library (any cipher, key size, or + HMAC digest). + . + OpenVPN may use static, pre-shared keys or TLS-based dynamic key exchange. It + also supports VPNs with dynamic endpoints (DHCP or dial-up clients), tunnels + over NAT or connection-oriented stateful firewalls (such as Linux's iptables). + --- openvpn-2.1~rc19.orig/debian/docs +++ openvpn-2.1~rc19/debian/docs @@ -0,0 +1,3 @@ +AUTHORS +PORTS +README --- openvpn-2.1~rc19.orig/debian/default +++ openvpn-2.1~rc19/debian/default @@ -0,0 +1,19 @@ +# This is the configuration file for /etc/init.d/openvpn + +# +# Start only these VPNs automatically via init script. +# Allowed values are "all", "none" or space separated list of +# names of the VPNs. If empty, "all" is assumed. +# +#AUTOSTART="all" +#AUTOSTART="none" +#AUTOSTART="home office" +# +# Refresh interval (in seconds) of default status files +# located in /var/run/openvpn.$NAME.status +# Defaults to 10, 0 disables status file generation +# +#STATUSREFRESH=10 +#STATUSREFRESH=0 +# Optional arguments to openvpn's command line +OPTARGS="" --- openvpn-2.1~rc19.orig/debian/dirs +++ openvpn-2.1~rc19/debian/dirs @@ -0,0 +1,10 @@ +etc/openvpn +etc/network/if-up.d +etc/network/if-down.d +etc/bash_completion.d +usr/sbin +usr/share/man/man8 +usr/share/doc/openvpn +usr/share/openvpn +usr/lib/openvpn +usr/include/openvpn --- openvpn-2.1~rc19.orig/debian/openvpn.if-up.d +++ openvpn-2.1~rc19/debian/openvpn.if-up.d @@ -0,0 +1,13 @@ +#!/bin/sh + +OPENVPN=/etc/init.d/openvpn + +if [ ! -x $OPENVPN ]; then + exit 0 +fi + +if [ -n "$IF_OPENVPN" ]; then + for vpn in $IF_OPENVPN; do + $OPENVPN start $vpn + done +fi --- openvpn-2.1~rc19.orig/debian/templates +++ openvpn-2.1~rc19/debian/templates @@ -0,0 +1,32 @@ +# These templates have been reviewed by the debian-l10n-english +# team +# +# If modifications/additions/rewording are needed, please ask +# debian-l10n-english@lists.debian.org for advice. +# +# Even minor modifications require translation updates and such +# changes should be coordinated with translators and reviewers. + +Template: openvpn/create_tun +Type: boolean +Default: false +_Description: Create the TUN/TAP device? + If you choose this option, the /dev/net/tun device + needed by OpenVPN will be created. + . + You should not choose this option if you're using devfs. + +Template: openvpn/vulnerable_prng +Type: note +_Description: Vulnerable random number generator + A weakness has been discovered in the random number generator used by OpenSSL + on Ubuntu and Debian systems. As a result of this weakness, certain + encryption keys are generated much more frequently than they should be, such + that an attacker could guess the key through a brute-force attack given minimal + knowledge of the system. + . + Any keys created on a vulnerable system may be affected by this problem. The + 'openssl-vulnkey' command may be used as a partial test for RSA keys with + certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared secret keys. + Users are urged to verify their keys or simply regenerate any server or client + certificates and keys in use on the system. --- openvpn-2.1~rc19.orig/debian/examples +++ openvpn-2.1~rc19/debian/examples @@ -0,0 +1,4 @@ +sample-config-files/ +sample-keys/ +easy-rsa/ +sample-scripts/ --- openvpn-2.1~rc19.orig/debian/prerm +++ openvpn-2.1~rc19/debian/prerm @@ -0,0 +1,34 @@ +#!/bin/sh +# Copyright 2004 Alberto Gonzalez Iniesta +# Licensed under the GNU General Public License, version 2. See the file +# /usr/share/common-licenses/GPL or . +# + +set -e +test $DEBIAN_SCRIPT_DEBUG && set -v -x + +stop_vpn () { + if [ -x "/etc/init.d/openvpn" ]; then + if [ -x /usr/sbin/invoke-rc.d ] ; then + invoke-rc.d openvpn stop + else + /etc/init.d/openvpn stop + fi + fi +} + + +case "$1" in + upgrade) + # don't stop the vpn, it will be restarted after the upgrade + true + ;; + *) + stop_vpn + ;; +esac + +#DEBHELPER# + +exit 0 +# vim:set ai et sts=2 sw=2 tw=0: --- openvpn-2.1~rc19.orig/debian/openvpn.bash_completion +++ openvpn-2.1~rc19/debian/openvpn.bash_completion @@ -0,0 +1,23 @@ +# bash completion for openvpn init.d script +# Written by Alberto Gonzalez Iniesta + +_openvpn() +{ + + local cur + + COMPREPLY=() + cur=${COMP_WORDS[COMP_CWORD]} + + if [ $COMP_CWORD -eq 1 ] ; then + COMPREPLY=( $( compgen -W '$( /etc/init.d/openvpn 2>&1 \ + | cut -d"{" -f2 | tr -d "}" | tr "|" " " )' -- $cur ) ) + else + COMPREPLY=( $( compgen -W '$( command ls /etc/openvpn/*.conf 2>/dev/null \ + | sed -e 's%/etc/openvpn/%%' -e 's/\.conf//' )' -- $cur ) ) + fi + +} + + +complete -F _openvpn /etc/init.d/openvpn --- openvpn-2.1~rc19.orig/debian/postinst +++ openvpn-2.1~rc19/debian/postinst @@ -0,0 +1,53 @@ +#!/bin/sh +# Copyright 2001 Alberto Gonzalez Iniesta +# Licensed under the GNU General Public License, version 2. See the file +# /usr/share/common-licenses/GPL or . +# +set -e +test $DEBIAN_SCRIPT_DEBUG && set -v -x + +# use debconf +. /usr/share/debconf/confmodule + +case "$1" in + configure) + # get rid of confiles installed by mistake + rm -f /etc/network/if-up.d/openvpn.if-up.d || true + rm -f /etc/network/if-down.d/openvpn.if-down.d || true + db_get openvpn/create_tun || RET="false" + if [ "$RET" = "true" ]; then + [ -e /dev/net ] || mkdir -m 755 /dev/net + [ -d /dev/net -a ! -e /dev/net/tun ] && /bin/mknod /dev/net/tun c 10 200 + fi + # Do we want to move the old S20 symlinks to S18 ones? + if [ -n "$2" ] ; then + # PRNG warning + show_vuln_keys="" + if dpkg --compare-versions "$2" ge 2.0.6-2 && dpkg --compare-versions "$2" lt 2.1~rc7-2 ; then + show_vuln_keys="yes" + fi + + if [ "$show_vuln_keys" = "yes" ]; then + db_version 2.0 + db_input critical openvpn/vulnerable_prng || true + db_go + fi + + fi + ;; +esac + +if [ -x "/etc/init.d/openvpn" ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d openvpn cond-restart || invoke-rc.d openvpn restart + else + /etc/init.d/openvpn cond-restart || /etc/init.d/openvpn restart + fi +fi + +db_stop + +#DEBHELPER# + +exit 0 +# vim:set ai et sts=2 sw=2 tw=0: --- openvpn-2.1~rc19.orig/debian/patches/close_socket_before_scripts.patch +++ openvpn-2.1~rc19/debian/patches/close_socket_before_scripts.patch @@ -0,0 +1,26 @@ +Index: openvpn-2.1_rc15/socket.c +=================================================================== +--- openvpn-2.1_rc15.orig/socket.c 2009-04-30 12:58:46.786663525 +0200 ++++ openvpn-2.1_rc15/socket.c 2009-04-30 12:58:58.144489503 +0200 +@@ -1273,6 +1273,10 @@ + resolve_bind_local (sock); + resolve_remote (sock, 1, NULL, NULL); + } ++ ++ /* set socket file descriptor to not pass across execs, so that ++ scripts don't have access to it */ ++ set_cloexec (sock->sd); + } + + /* finalize socket initialization */ +@@ -1479,10 +1483,6 @@ + /* set socket to non-blocking mode */ + set_nonblock (sock->sd); + +- /* set socket file descriptor to not pass across execs, so that +- scripts don't have access to it */ +- set_cloexec (sock->sd); +- + #ifdef ENABLE_SOCKS + if (socket_defined (sock->ctrl_sd)) + set_cloexec (sock->ctrl_sd); --- openvpn-2.1~rc19.orig/debian/patches/manpage_dash_escaping.patch +++ openvpn-2.1~rc19/debian/patches/manpage_dash_escaping.patch @@ -0,0 +1,4689 @@ +Index: openvpn-2.1_rc19/openvpn.8 +=================================================================== +--- openvpn-2.1_rc19.orig/openvpn.8 2009-05-30 23:34:12.000000000 +0200 ++++ openvpn-2.1_rc19/openvpn.8 2009-07-21 18:54:23.679932251 +0200 +@@ -97,25 +97,25 @@ + .SH OPTIONS + OpenVPN allows any option to be placed either on the command line + or in a configuration file. Though all command line options are preceded +-by a double-leading-dash ("--"), this prefix can be removed when ++by a double-leading-dash ("\-\-"), this prefix can be removed when + an option is placed in a configuration file. + .\"********************************************************* + .TP +-.B --help ++.B \-\-help + Show options. + .\"********************************************************* + .TP +-.B --config file ++.B \-\-config file + Load additional config options from + .B file + where each line corresponds to one command line option, +-but with the leading '--' removed. ++but with the leading '\-\-' removed. + + If +-.B --config file ++.B \-\-config file + is the only option to the openvpn command, + the +-.B --config ++.B \-\-config + can be removed, and the command can be given as + .B openvpn file + +@@ -187,25 +187,25 @@ + .\"********************************************************* + .SS Tunnel Options: + .TP +-.B --mode m ++.B \-\-mode m + Set OpenVPN major mode. By default, OpenVPN runs in + point-to-point mode ("p2p"). OpenVPN 2.0 introduces + a new mode ("server") which implements a multi-client + server capability. + .\"********************************************************* + .TP +-.B --local host ++.B \-\-local host + Local host name or IP address for bind. + If specified, OpenVPN will bind to this address only. + If unspecified, OpenVPN will bind to all interfaces. + .\"********************************************************* + .TP +-.B --remote host [port] [proto] ++.B \-\-remote host [port] [proto] + Remote host name or IP address. On the client, multiple +-.B --remote ++.B \-\-remote + options may be specified for redundancy, each referring + to a different OpenVPN server. Specifying multiple +-.B --remote ++.B \-\-remote + options for this purpose is a special case of the more + general connection-profile feature. See the + .B +@@ -214,7 +214,7 @@ + The OpenVPN client will try to connect to a server at + .B host:port + in the order specified by the list of +-.B --remote ++.B \-\-remote + options. + + .B proto +@@ -229,18 +229,18 @@ + + Note that since UDP is connectionless, connection failure + is defined by the +-.B --ping ++.B \-\-ping + and +-.B --ping-restart ++.B \-\-ping-restart + options. + + Note the following corner case: If you use multiple +-.B --remote ++.B \-\-remote + options, AND you are dropping root privileges on + the client with +-.B --user ++.B \-\-user + and/or +-.B --group, ++.B \-\-group, + AND the client is running a non-Windows OS, if the client needs + to switch to a different server, and that server pushes + back different TUN/TAP or route settings, the client may lack +@@ -248,7 +248,7 @@ + This could cause the client to exit with a fatal error. + + If +-.B --remote ++.B \-\-remote + is unspecified, OpenVPN will listen + for packets from any IP address, but will not act on those packets unless + they pass all authentication tests. This requirement for authentication +@@ -257,7 +257,7 @@ + a UDP packet). + + When used in TCP mode, +-.B --remote ++.B \-\-remote + will act as a filter, rejecting connections from any host which does + not match + .B host. +@@ -283,7 +283,7 @@ + An OpenVPN client will try each connection profile sequentially + until it achieves a successful connection. + +-.B --remote-random ++.B \-\-remote-random + can be used to initially "scramble" the connection + list. + +@@ -381,15 +381,15 @@ + + .\"********************************************************* + .TP +-.B --remote-random ++.B \-\-remote-random + When multiple +-.B --remote ++.B \-\-remote + address/ports are specified, or if connection profiles are being + used, initially randomize the order of the list + as a kind of basic load-balancing measure. + .\"********************************************************* + .TP +-.B --proto p ++.B \-\-proto p + Use protocol + .B p + for communicating with remote host. +@@ -403,17 +403,17 @@ + The default protocol is + .B udp + when +-.B --proto ++.B \-\-proto + is not specified. + + For UDP operation, +-.B --proto udp ++.B \-\-proto udp + should be specified on both peers. + + For TCP operation, one peer must use +-.B --proto tcp-server ++.B \-\-proto tcp-server + and the other must use +-.B --proto tcp-client. ++.B \-\-proto tcp-client. + A peer started with + .B tcp-server + will wait indefinitely for an incoming connection. A peer +@@ -421,9 +421,9 @@ + .B tcp-client + will attempt to connect, and if that fails, will sleep for 5 + seconds (adjustable via the +-.B --connect-retry ++.B \-\-connect-retry + option) and try again infinite or up to N retries (adjustable via the +-.B --connect-retry-max ++.B \-\-connect-retry-max + option). Both TCP client and server will simulate + a SIGUSR1 restart signal if either side resets the connection. + +@@ -443,9 +443,9 @@ + possess a built-in reliability layer. + .\"********************************************************* + .TP +-.B --connect-retry n ++.B \-\-connect-retry n + For +-.B --proto tcp-client, ++.B \-\-proto tcp-client, + take + .B n + as the +@@ -453,16 +453,16 @@ + between connection retries (default=5). + .\"********************************************************* + .TP +-.B --connect-retry-max n ++.B \-\-connect-retry-max n + For +-.B --proto tcp-client, ++.B \-\-proto tcp-client, + take + .B n + as the + number of retries of connection attempt (default=infinite). + .\"********************************************************* + .TP +-.B --auto-proxy ++.B \-\-auto-proxy + Try to sense HTTP or SOCKS proxy settings automatically. + If no settings are present, a direct connection will be attempted. + If both HTTP and SOCKS settings are present, HTTP will be preferred. +@@ -474,7 +474,7 @@ + This option exists in OpenVPN 2.1 or higher. + .\"********************************************************* + .TP +-.B --http-proxy server port [authfile|'auto'] [auth-method] ++.B \-\-http-proxy server port [authfile|'auto'] [auth-method] + Connect to remote host through an HTTP proxy at address + .B server + and port +@@ -496,32 +496,32 @@ + exists on OpenVPN 2.1 or higher. + .\"********************************************************* + .TP +-.B --http-proxy-retry ++.B \-\-http-proxy-retry + Retry indefinitely on HTTP proxy errors. If an HTTP proxy error + occurs, simulate a SIGUSR1 reset. + .\"********************************************************* + .TP +-.B --http-proxy-timeout n ++.B \-\-http-proxy-timeout n + Set proxy timeout to + .B n + seconds, default=5. + .\"********************************************************* + .TP +-.B --http-proxy-option type [parm] ++.B \-\-http-proxy-option type [parm] + Set extended HTTP proxy options. + Repeat to set multiple options. + +-.B VERSION version -- ++.B VERSION version \-\- + Set HTTP version number to + .B version + (default=1.0). + +-.B AGENT user-agent -- ++.B AGENT user-agent \-\- + Set HTTP "User-Agent" string to + .B user-agent. + .\"********************************************************* + .TP +-.B --socks-proxy server [port] ++.B \-\-socks-proxy server [port] + Connect to remote host through a Socks5 proxy at address + .B server + and port +@@ -529,14 +529,14 @@ + (default=1080). + .\"********************************************************* + .TP +-.B --socks-proxy-retry ++.B \-\-socks-proxy-retry + Retry indefinitely on Socks proxy errors. If a Socks proxy error + occurs, simulate a SIGUSR1 reset. + .\"********************************************************* + .TP +-.B --resolv-retry n ++.B \-\-resolv-retry n + If hostname resolve fails for +-.B --remote, ++.B \-\-remote, + retry resolve for + .B n + seconds before failing. +@@ -546,18 +546,18 @@ + to "infinite" to retry indefinitely. + + By default, +-.B --resolv-retry infinite ++.B \-\-resolv-retry infinite + is enabled. You can disable by setting n=0. + .\"********************************************************* + .TP +-.B --float ++.B \-\-float + Allow remote peer to change its IP address and/or port number, such as due to + DHCP (this is the default if +-.B --remote ++.B \-\-remote + is not used). +-.B --float ++.B \-\-float + when specified with +-.B --remote ++.B \-\-remote + allows an OpenVPN session to initially connect to a peer + at a known address, however if packets arrive from a new + address and pass all authentication tests, the new address +@@ -566,14 +566,14 @@ + such as a dial-in user or DHCP client. + + Essentially, +-.B --float ++.B \-\-float + tells OpenVPN to accept authenticated packets + from any address, not only the address which was specified in the +-.B --remote ++.B \-\-remote + option. + .\"********************************************************* + .TP +-.B --ipchange cmd ++.B \-\-ipchange cmd + Execute shell command + .B cmd + when our remote ip-address is initially authenticated or +@@ -584,11 +584,11 @@ + .B cmd ip_address port_number + + Don't use +-.B --ipchange ++.B \-\-ipchange + in +-.B --mode server ++.B \-\-mode server + mode. Use a +-.B --client-connect ++.B \-\-client-connect + script instead. + + See the "Environmental Variables" section below for +@@ -623,41 +623,41 @@ + peer on its new IP address. + .\"********************************************************* + .TP +-.B --port port ++.B \-\-port port + TCP/UDP port number for both local and remote. The current + default of 1194 represents the official IANA port number + assignment for OpenVPN and has been used since version 2.0-beta17. + Previous versions used port 5000 as the default. + .\"********************************************************* + .TP +-.B --lport port ++.B \-\-lport port + TCP/UDP port number for bind. + .\"********************************************************* + .TP +-.B --rport port ++.B \-\-rport port + TCP/UDP port number for remote. + .\"********************************************************* + .TP +-.B --bind ++.B \-\-bind + Bind to local address and port. This is the default unless any of +-.B --proto tcp-client ++.B \-\-proto tcp-client + , +-.B --http-proxy ++.B \-\-http-proxy + or +-.B --socks-proxy ++.B \-\-socks-proxy + are used. + .\"********************************************************* + .TP +-.B --nobind ++.B \-\-nobind + Do not bind to local address and port. The IP stack will allocate + a dynamic port for returning packets. Since the value of the dynamic port + could not be known in advance by a peer, this option is only suitable for + peers which will be initiating connections by using the +-.B --remote ++.B \-\-remote + option. + .\"********************************************************* + .TP +-.B --dev tunX | tapX | null ++.B \-\-dev tunX | tapX | null + TUN/TAP virtual network device ( + .B X + can be omitted for a dynamic device.) +@@ -675,7 +675,7 @@ + devices encapsulate Ethernet 802.3 (OSI Layer 2). + .\"********************************************************* + .TP +-.B --dev-type device-type ++.B \-\-dev-type device-type + Which device type are we using? + .B device-type + should be +@@ -685,60 +685,60 @@ + .B tap + (OSI Layer 2). + Use this option only if the TUN/TAP device used with +-.B --dev ++.B \-\-dev + does not begin with + .B tun + or + .B tap. + .\"********************************************************* + .TP +-.B --topology mode ++.B \-\-topology mode + Configure virtual addressing topology when running in +-.B --dev tun ++.B \-\-dev tun + mode. This directive has no meaning in +-.B --dev tap ++.B \-\-dev tap + mode, which always uses a + .B subnet + topology. + + If you set this directive on the server, the +-.B --server ++.B \-\-server + and +-.B --server-bridge ++.B \-\-server-bridge + directives will automatically push your chosen topology setting to clients + as well. This directive can also be manually pushed to clients. Like the +-.B --dev ++.B \-\-dev + directive, this directive must always be compatible between client and server. + + .B mode + can be one of: + +-.B net30 -- ++.B net30 \-\- + Use a point-to-point topology, by allocating one /30 subnet per client. + This is designed to allow point-to-point semantics when some + or all of the connecting clients might be Windows systems. This is the + default on OpenVPN 2.0. + +-.B p2p -- ++.B p2p \-\- + Use a point-to-point topology where the remote endpoint of the client's + tun interface always points to the local endpoint of the server's tun interface. + This mode allocates a single IP address per connecting client. + Only use + when none of the connecting clients are Windows systems. This mode + is functionally equivalent to the +-.B --ifconfig-pool-linear ++.B \-\-ifconfig-pool-linear + directive which is available in OpenVPN 2.0 and is now deprecated. + +-.B subnet -- ++.B subnet \-\- + Use a subnet rather than a point-to-point topology by + configuring the tun interface with a local IP address and subnet mask, + similar to the topology used in +-.B --dev tap ++.B \-\-dev tap + and ethernet bridging mode. + This mode allocates a single IP address per connecting client and works on + Windows as well. Only available when server and clients are OpenVPN 2.1 or + higher, or OpenVPN 2.0.x which has been manually patched with the +-.B --topology ++.B \-\-topology + directive code. When used on Windows, requires version 8.2 or higher + of the TAP-Win32 driver. When used on *nix, requires that the tun + driver supports an +@@ -748,26 +748,26 @@ + This option exists in OpenVPN 2.1 or higher. + .\"********************************************************* + .TP +-.B --tun-ipv6 ++.B \-\-tun-ipv6 + Build a tun link capable of forwarding IPv6 traffic. + Should be used in conjunction with +-.B --dev tun ++.B \-\-dev tun + or +-.B --dev tunX. ++.B \-\-dev tunX. + A warning will be displayed + if no specific IPv6 TUN support for your OS has been compiled into OpenVPN. + .\"********************************************************* + .TP +-.B --dev-node node ++.B \-\-dev-node node + Explicitly set the device node rather than using + /dev/net/tun, /dev/tun, /dev/tap, etc. If OpenVPN + cannot figure out whether + .B node + is a TUN or TAP device based on the name, you should + also specify +-.B --dev-type tun ++.B \-\-dev-type tun + or +-.B --dev-type tap. ++.B \-\-dev-type tap. + + On Windows systems, select the TAP-Win32 adapter which + is named +@@ -775,24 +775,24 @@ + in the Network Connections Control Panel or the + raw GUID of the adapter enclosed by braces. + The +-.B --show-adapters ++.B \-\-show-adapters + option under Windows can also be used + to enumerate all available TAP-Win32 + adapters and will show both the network + connections control panel name and the GUID for + each TAP-Win32 adapter. + .TP +-.B --lladdr address ++.B \-\-lladdr address + Specify the link layer address, more commonly known as the MAC address. + Only applied to TAP devices. + .\"********************************************************* + .TP +-.B --iproute cmd ++.B \-\-iproute cmd + Set alternate command to execute instead of default iproute2 command. + May be used in order to execute OpenVPN in unprivileged environment. + .\"********************************************************* + .TP +-.B --ifconfig l rn ++.B \-\-ifconfig l rn + Set TUN/TAP adapter parameters. + .B l + is the IP address of the local VPN endpoint. +@@ -807,7 +807,7 @@ + For TUN devices, which facilitate virtual + point-to-point IP connections, + the proper usage of +-.B --ifconfig ++.B \-\-ifconfig + is to use two private IP addresses + which are not a member of any + existing subnet which is in use. +@@ -821,7 +821,7 @@ + For TAP devices, which provide + the ability to create virtual + ethernet segments, +-.B --ifconfig ++.B \-\-ifconfig + is used to set an IP address and + subnet mask just as a physical + ethernet adapter would be +@@ -842,42 +842,42 @@ + ifconfig implementations on different + platforms. + +-.B --ifconfig ++.B \-\-ifconfig + parameters which are IP addresses can + also be specified as a DNS or /etc/hosts + file resolvable name. + + For TAP devices, +-.B --ifconfig ++.B \-\-ifconfig + should not be used if the TAP interface will be + getting an IP address lease from a DHCP + server. + .\"********************************************************* + .TP +-.B --ifconfig-noexec ++.B \-\-ifconfig-noexec + Don't actually execute ifconfig/netsh commands, instead + pass +-.B --ifconfig ++.B \-\-ifconfig + parameters to scripts using environmental variables. + .\"********************************************************* + .TP +-.B --ifconfig-nowarn ++.B \-\-ifconfig-nowarn + Don't output an options consistency check warning + if the +-.B --ifconfig ++.B \-\-ifconfig + option on this side of the + connection doesn't match the remote side. This is useful + when you want to retain the overall benefits of the + options consistency check (also see +-.B --disable-occ ++.B \-\-disable-occ + option) while only disabling the ifconfig component of + the check. + + For example, + if you have a configuration where the local host uses +-.B --ifconfig ++.B \-\-ifconfig + but the remote host does not, use +-.B --ifconfig-nowarn ++.B \-\-ifconfig-nowarn + on the local host. + + This option will also silence warnings about potential +@@ -885,7 +885,7 @@ + users by triggering "false positive" warnings. + .\"********************************************************* + .TP +-.B --route network/IP [netmask] [gateway] [metric] ++.B \-\-route network/IP [netmask] [gateway] [metric] + Add route to routing table after connection is established. + Multiple routes can be specified. Routes will be + automatically torn down in reverse order prior to +@@ -899,20 +899,20 @@ + across OpenVPN's platform space. + + .B netmask +-default -- 255.255.255.255 ++default \-\- 255.255.255.255 + + .B gateway +-default -- taken from +-.B --route-gateway ++default \-\- taken from ++.B \-\-route-gateway + or the second parameter to +-.B --ifconfig ++.B \-\-ifconfig + when +-.B --dev tun ++.B \-\-dev tun + is specified. + + .B metric +-default -- taken from +-.B --route-metric ++default \-\- taken from ++.B \-\-route-metric + otherwise 0. + + The default can be specified by leaving an option blank or setting +@@ -929,11 +929,11 @@ + .B vpn_gateway + -- The remote VPN endpoint address + (derived either from +-.B --route-gateway ++.B \-\-route-gateway + or the second parameter to +-.B --ifconfig ++.B \-\-ifconfig + when +-.B --dev tun ++.B \-\-dev tun + is specified). + + .B net_gateway +@@ -942,15 +942,15 @@ + + .B remote_host + -- The +-.B --remote ++.B \-\-remote + address if OpenVPN is being run in client mode, and is undefined in server mode. + .\"********************************************************* + .TP +-.B --route-gateway gw|'dhcp' ++.B \-\-route-gateway gw|'dhcp' + Specify a default gateway + .B gw + for use with +-.B --route. ++.B \-\-route. + + If + .B dhcp +@@ -959,14 +959,14 @@ + negotiation with the OpenVPN server-side LAN. + .\"********************************************************* + .TP +-.B --route-metric m ++.B \-\-route-metric m + Specify a default metric + .B m + for use with +-.B --route. ++.B \-\-route. + .\"********************************************************* + .TP +-.B --route-delay [n] [w] ++.B \-\-route-delay [n] [w] + Delay + .B n + seconds (default=0) after connection +@@ -974,16 +974,16 @@ + .B n + is 0, routes will be added immediately upon connection + establishment. If +-.B --route-delay ++.B \-\-route-delay + is omitted, routes will be added immediately after TUN/TAP device + open and +-.B --up ++.B \-\-up + script execution, before any +-.B --user ++.B \-\-user + or +-.B --group ++.B \-\-group + privilege downgrade (or +-.B --chroot ++.B \-\-chroot + execution.) + + This option is designed to be useful in scenarios where DHCP is +@@ -992,18 +992,18 @@ + time to complete before routes are added. + + On Windows, +-.B --route-delay ++.B \-\-route-delay + tries to be more intelligent by waiting + .B w + seconds (w=30 by default) + for the TAP-Win32 adapter to come up before adding routes. + .\"********************************************************* + .TP +-.B --route-up cmd ++.B \-\-route-up cmd + Execute shell command + .B cmd + after routes are added, subject to +-.B --route-delay. ++.B \-\-route-delay. + + See the "Environmental Variables" section below for + additional parameters passed as environmental variables. +@@ -1013,17 +1013,17 @@ + can be a shell command with multiple arguments. + .\"********************************************************* + .TP +-.B --route-noexec ++.B \-\-route-noexec + Don't add or remove routes automatically. Instead pass routes to +-.B --route-up ++.B \-\-route-up + script using environmental variables. + .\"********************************************************* + .TP +-.B --route-nopull ++.B \-\-route-nopull + When used with +-.B --client ++.B \-\-client + or +-.B --pull, ++.B \-\-pull, + accept options pushed by server EXCEPT for routes. + + When used on the client, this option effectively bars the +@@ -1032,16 +1032,16 @@ + to set the TCP/IP properties of the client's TUN/TAP interface. + .\"********************************************************* + .TP +-.B --allow-pull-fqdn ++.B \-\-allow-pull-fqdn + Allow client to pull DNS names from server (rather than being limited + to IP address) for +-.B --ifconfig, +-.B --route, ++.B \-\-ifconfig, ++.B \-\-route, + and +-.B --route-gateway. ++.B \-\-route-gateway. + .\"********************************************************* + .TP +-.B --redirect-gateway flags... ++.B \-\-redirect-gateway flags... + (Experimental) Automatically execute routing commands to cause all outgoing IP traffic + to be redirected over the VPN. + +@@ -1049,7 +1049,7 @@ + + .B (1) + Create a static route for the +-.B --remote ++.B \-\-remote + address which forwards to the pre-existing default gateway. + This is done so that + .B (3) +@@ -1060,11 +1060,11 @@ + + .B (3) + Set the new default gateway to be the VPN endpoint address (derived either from +-.B --route-gateway ++.B \-\-route-gateway + or the second parameter to +-.B --ifconfig ++.B \-\-ifconfig + when +-.B --dev tun ++.B \-\-dev tun + is specified). + + When the tunnel is torn down, all of the above steps are reversed so +@@ -1072,7 +1072,7 @@ + + Option flags: + +-.B local -- ++.B local \-\- + Add the + .B local + flag if both OpenVPN servers are directly connected via a common subnet, +@@ -1082,19 +1082,19 @@ + .B 1 + above to be omitted. + +-.B def1 -- ++.B def1 \-\- + Use this flag to override + the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 + rather than 0.0.0.0/0. This has the benefit of overriding + but not wiping out the original default gateway. + +-.B bypass-dhcp -- ++.B bypass-dhcp \-\- + Add a direct route to the DHCP server (if it is non-local) which + bypasses the tunnel + (Available on Windows clients, may not be available + on non-Windows clients). + +-.B bypass-dns -- ++.B bypass-dns \-\- + Add a direct route to the DNS server(s) (if they are non-local) which + bypasses the tunnel + (Available on Windows clients, may not be available +@@ -1103,13 +1103,13 @@ + Using the def1 flag is highly recommended. + .\"********************************************************* + .TP +-.B --link-mtu n ++.B \-\-link-mtu n + Sets an upper bound on the size of UDP packets which are sent + between OpenVPN peers. It's best not to set this parameter unless + you know what you're doing. + .\"********************************************************* + .TP +-.B --tun-mtu n ++.B \-\-tun-mtu n + Take the TUN device MTU to be + .B n + and derive the link MTU +@@ -1125,17 +1125,17 @@ + hang during periods of active usage. + + It's best to use the +-.B --fragment ++.B \-\-fragment + and/or +-.B --mssfix ++.B \-\-mssfix + options to deal with MTU sizing issues. + .\"********************************************************* + .TP +-.B --tun-mtu-extra n ++.B \-\-tun-mtu-extra n + Assume that the TUN/TAP device might return as many as + .B n + bytes more than the +-.B --tun-mtu ++.B \-\-tun-mtu + size on read. This parameter defaults to 0, which is sufficient for + most TUN devices. TAP devices may introduce additional overhead in excess + of the MTU size, and a setting of 32 is the default when TAP devices are used. +@@ -1143,34 +1143,34 @@ + so there is no transmission overhead associated with using a larger value. + .\"********************************************************* + .TP +-.B --mtu-disc type ++.B \-\-mtu-disc type + Should we do Path MTU discovery on TCP/UDP channel? Only supported on OSes such + as Linux that supports the necessary system call to set. + + .B 'no' +--- Never send DF (Don't Fragment) frames ++\-\- Never send DF (Don't Fragment) frames + .br + .B 'maybe' +--- Use per-route hints ++\-\- Use per-route hints + .br + .B 'yes' +--- Always DF (Don't Fragment) ++\-\- Always DF (Don't Fragment) + .br + .\"********************************************************* + .TP +-.B --mtu-test ++.B \-\-mtu-test + To empirically measure MTU on connection startup, + add the +-.B --mtu-test ++.B \-\-mtu-test + option to your configuration. + OpenVPN will send ping packets of various sizes + to the remote peer and measure the largest packets + which were successfully received. The +-.B --mtu-test ++.B \-\-mtu-test + process normally takes about 3 minutes to complete. + .\"********************************************************* + .TP +-.B --fragment max ++.B \-\-fragment max + Enable internal datagram fragmentation so + that no UDP datagrams are sent which + are larger than +@@ -1180,24 +1180,24 @@ + The + .B max + parameter is interpreted in the same way as the +-.B --link-mtu ++.B \-\-link-mtu + parameter, i.e. the UDP packet size after encapsulation + overhead has been added in, but not including + the UDP header itself. + + The +-.B --fragment ++.B \-\-fragment + option only makes sense when you are using the UDP protocol ( +-.B --proto udp ++.B \-\-proto udp + ). + +-.B --fragment ++.B \-\-fragment + adds 4 bytes of overhead per datagram. + + See the +-.B --mssfix ++.B \-\-mssfix + option below for an important related option to +-.B --fragment. ++.B \-\-fragment. + + It should also be noted that this option is not meant to replace + UDP fragmentation at the IP stack level. It is only meant as a +@@ -1210,7 +1210,7 @@ + as tunneling a UDP multicast stream which requires fragmentation. + .\"********************************************************* + .TP +-.B --mssfix max ++.B \-\-mssfix max + Announce to TCP sessions running over the tunnel that they should limit + their send packet sizes such that after OpenVPN has encapsulated them, + the resulting UDP packet size that OpenVPN sends to its peer will not +@@ -1221,33 +1221,33 @@ + The + .B max + parameter is interpreted in the same way as the +-.B --link-mtu ++.B \-\-link-mtu + parameter, i.e. the UDP packet size after encapsulation + overhead has been added in, but not including + the UDP header itself. + + The +-.B --mssfix ++.B \-\-mssfix + option only makes sense when you are using the UDP protocol + for OpenVPN peer-to-peer communication, i.e. +-.B --proto udp. ++.B \-\-proto udp. + +-.B --mssfix ++.B \-\-mssfix + and +-.B --fragment ++.B \-\-fragment + can be ideally used together, where +-.B --mssfix ++.B \-\-mssfix + will try to keep TCP from needing + packet fragmentation in the first place, + and if big packets come through anyhow + (from protocols other than TCP), +-.B --fragment ++.B \-\-fragment + will internally fragment them. + + Both +-.B --fragment ++.B \-\-fragment + and +-.B --mssfix ++.B \-\-mssfix + are designed to work around cases where Path MTU discovery + is broken on the network path between OpenVPN peers. + +@@ -1256,35 +1256,35 @@ + during active usage. + + If +-.B --fragment ++.B \-\-fragment + and +-.B --mssfix ++.B \-\-mssfix + are used together, +-.B --mssfix ++.B \-\-mssfix + will take its default + .B max + parameter from the +-.B --fragment max ++.B \-\-fragment max + option. + + Therefore, one could lower the maximum UDP packet size + to 1300 (a good first try for solving MTU-related + connection problems) with the following options: + +-.B --tun-mtu 1500 --fragment 1300 --mssfix ++.B \-\-tun-mtu 1500 \-\-fragment 1300 \-\-mssfix + .\"********************************************************* + .TP +-.B --sndbuf size ++.B \-\-sndbuf size + Set the TCP/UDP socket send buffer size. + Currently defaults to 65536 bytes. + .\"********************************************************* + .TP +-.B --rcvbuf size ++.B \-\-rcvbuf size + Set the TCP/UDP socket receive buffer size. + Currently defaults to 65536 bytes. + .\"********************************************************* + .TP +-.B --socket-flags flags... ++.B \-\-socket-flags flags... + Apply the given flags to the OpenVPN transport socket. + Currently, only + .B TCP_NODELAY +@@ -1301,12 +1301,12 @@ + on both client and server for maximum effect. + .\"********************************************************* + .TP +-.B --txqueuelen n ++.B \-\-txqueuelen n + (Linux only) Set the TX queue length on the TUN/TAP interface. + Currently defaults to 100. + .\"********************************************************* + .TP +-.B --shaper n ++.B \-\-shaper n + Limit bandwidth of outgoing tunnel data to + .B n + bytes per second on the TCP/UDP port. +@@ -1342,7 +1342,7 @@ + to be between 100 bytes/sec and 100 Mbytes/sec. + .\"********************************************************* + .TP +-.B --inactive n [bytes] ++.B \-\-inactive n [bytes] + Causes OpenVPN to exit after + .B n + seconds of inactivity on the TUN/TAP device. The time length +@@ -1356,18 +1356,18 @@ + .B bytes. + .\"********************************************************* + .TP +-.B --ping n ++.B \-\-ping n + Ping remote over the TCP/UDP control channel + if no packets have been sent for at least + .B n + seconds (specify +-.B --ping ++.B \-\-ping + on both peers to cause ping packets to be sent in both directions since + OpenVPN ping packets are not echoed like IP ping packets). + When used in one of OpenVPN's secure modes (where +-.B --secret, --tls-server, ++.B \-\-secret, \-\-tls-server, + or +-.B --tls-client ++.B \-\-tls-client + is specified), the ping packet + will be cryptographically secure. + +@@ -1380,33 +1380,33 @@ + + (2) To provide a basis for the remote to test the existence + of its peer using the +-.B --ping-exit ++.B \-\-ping-exit + option. + .\"********************************************************* + .TP +-.B --ping-exit n ++.B \-\-ping-exit n + Causes OpenVPN to exit after + .B n + seconds pass without reception of a ping + or other packet from remote. + This option can be combined with +-.B --inactive, --ping, ++.B \-\-inactive, \-\-ping, + and +-.B --ping-exit ++.B \-\-ping-exit + to create a two-tiered inactivity disconnect. + + For example, + +-.B openvpn [options...] --inactive 3600 --ping 10 --ping-exit 60 ++.B openvpn [options...] \-\-inactive 3600 \-\-ping 10 \-\-ping-exit 60 + + when used on both peers will cause OpenVPN to exit within 60 + seconds if its peer disconnects, but will exit after one + hour if no actual tunnel data is exchanged. + .\"********************************************************* + .TP +-.B --ping-restart n ++.B \-\-ping-restart n + Similar to +-.B --ping-exit, ++.B \-\-ping-exit, + but trigger a + .B SIGUSR1 + restart after +@@ -1425,13 +1425,13 @@ + + If the peer cannot be reached, a restart will be triggered, causing + the hostname used with +-.B --remote ++.B \-\-remote + to be re-resolved (if +-.B --resolv-retry ++.B \-\-resolv-retry + is also specified). + + In server mode, +-.B --ping-restart, --inactive, ++.B \-\-ping-restart, \-\-inactive, + or any other type of internally generated signal will always be + applied to + individual client instance objects, never to whole server itself. +@@ -1440,14 +1440,14 @@ + of the client instance object instead. + + In client mode, the +-.B --ping-restart ++.B \-\-ping-restart + parameter is set to 120 seconds by default. This default will + hold until the client pulls a replacement value from the server, based on + the +-.B --keepalive ++.B \-\-keepalive + setting in the server configuration. + To disable the 120 second default, set +-.B --ping-restart 0 ++.B \-\-ping-restart 0 + on the client. + + See the signals section below for more information +@@ -1457,27 +1457,27 @@ + Note that the behavior of + .B SIGUSR1 + can be modified by the +-.B --persist-tun, --persist-key, --persist-local-ip, ++.B \-\-persist-tun, \-\-persist-key, \-\-persist-local-ip, + and +-.B --persist-remote-ip ++.B \-\-persist-remote-ip + options. + + Also note that +-.B --ping-exit ++.B \-\-ping-exit + and +-.B --ping-restart ++.B \-\-ping-restart + are mutually exclusive and cannot be used together. + .\"********************************************************* + .TP +-.B --keepalive n m ++.B \-\-keepalive n m + A helper directive designed to simplify the expression of +-.B --ping ++.B \-\-ping + and +-.B --ping-restart ++.B \-\-ping-restart + in server mode configurations. + + For example, +-.B --keepalive 10 60 ++.B \-\-keepalive 10 60 + expands as follows: + + .nf +@@ -1496,24 +1496,24 @@ + .fi + .\"********************************************************* + .TP +-.B --ping-timer-rem ++.B \-\-ping-timer-rem + Run the +-.B --ping-exit ++.B \-\-ping-exit + / +-.B --ping-restart ++.B \-\-ping-restart + timer only if we have a remote address. Use this option if you are + starting the daemon in listen mode (i.e. without an explicit +-.B --remote ++.B \-\-remote + peer), and you don't want to start clocking timeouts until a remote + peer connects. + .\"********************************************************* + .TP +-.B --persist-tun ++.B \-\-persist-tun + Don't close and reopen TUN/TAP device or run up/down scripts + across + .B SIGUSR1 + or +-.B --ping-restart ++.B \-\-ping-restart + restarts. + + .B SIGUSR1 +@@ -1523,14 +1523,14 @@ + reset options. + .\"********************************************************* + .TP +-.B --persist-key ++.B \-\-persist-key + Don't re-read key files across + .B SIGUSR1 + or +-.B --ping-restart. ++.B \-\-ping-restart. + + This option can be combined with +-.B --user nobody ++.B \-\-user nobody + to allow restarts triggered by the + .B SIGUSR1 + signal. +@@ -1543,29 +1543,29 @@ + resets, so they don't need to be re-read. + .\"********************************************************* + .TP +-.B --persist-local-ip ++.B \-\-persist-local-ip + Preserve initially resolved local IP address and port number + across + .B SIGUSR1 + or +-.B --ping-restart ++.B \-\-ping-restart + restarts. + .\"********************************************************* + .TP +-.B --persist-remote-ip ++.B \-\-persist-remote-ip + Preserve most recently authenticated remote IP address and port number + across + .B SIGUSR1 + or +-.B --ping-restart ++.B \-\-ping-restart + restarts. + .\"********************************************************* + .TP +-.B --mlock ++.B \-\-mlock + Disable paging by calling the POSIX mlockall function. + Requires that OpenVPN be initially run as root (though + OpenVPN can subsequently downgrade its UID using the +-.B --user ++.B \-\-user + option). + + Using this option ensures that key material and tunnel +@@ -1577,33 +1577,33 @@ + recover previously used + ephemeral keys, which are used for a period of time + governed by the +-.B --reneg ++.B \-\-reneg + options (see below), then are discarded. + + The downside + of using +-.B --mlock ++.B \-\-mlock + is that it will reduce the amount of physical + memory available to other applications. + .\"********************************************************* + .TP +-.B --up cmd ++.B \-\-up cmd + Shell command to run after successful TUN/TAP device open + (pre +-.B --user ++.B \-\-user + UID change). The up script is useful for specifying route + commands which route IP traffic destined for + private subnets which exist at the other + end of the VPN connection into the tunnel. + + For +-.B --dev tun ++.B \-\-dev tun + execute as: + + .B cmd tun_dev tun_mtu link_mtu ifconfig_local_ip ifconfig_remote_ip [ init | restart ] + + For +-.B --dev tap ++.B \-\-dev tap + execute as: + + .B cmd tap_dev tap_mtu link_mtu ifconfig_local_ip ifconfig_netmask [ init | restart ] +@@ -1628,62 +1628,62 @@ + will be + .I init. + If the +-.B --up-restart ++.B \-\-up-restart + option is also used, the up script will be called for restarts as + well. A restart is considered to be a partial reinitialization + of OpenVPN where the TUN/TAP instance is preserved (the +-.B --persist-tun ++.B \-\-persist-tun + option will enable such preservation). A restart + can be generated by a SIGUSR1 signal, a +-.B --ping-restart ++.B \-\-ping-restart + timeout, or a connection reset when the TCP protocol is enabled + with the +-.B --proto ++.B \-\-proto + option. If a restart occurs, and +-.B --up-restart ++.B \-\-up-restart + has been specified, the up script will be called with + .I restart + as the last parameter. + + The following standalone example shows how the +-.B --up ++.B \-\-up + script can be called in both an initialization and restart context. + (NOTE: for security reasons, don't run the following example unless UDP port + 9999 is blocked by your firewall. Also, the example will run indefinitely, + so you should abort with control-c). + +-.B openvpn --dev tun --port 9999 --verb 4 --ping-restart 10 --up 'echo up' --down 'echo down' --persist-tun --up-restart ++.B openvpn \-\-dev tun \-\-port 9999 \-\-verb 4 \-\-ping-restart 10 \-\-up 'echo up' \-\-down 'echo down' \-\-persist-tun \-\-up-restart + + Note that OpenVPN also provides the +-.B --ifconfig ++.B \-\-ifconfig + option to automatically ifconfig the TUN device, + eliminating the need to define an +-.B --up ++.B \-\-up + script, unless you also want to configure routes + in the +-.B --up ++.B \-\-up + script. + + If +-.B --ifconfig ++.B \-\-ifconfig + is also specified, OpenVPN will pass the ifconfig local + and remote endpoints on the command line to the +-.B --up ++.B \-\-up + script so that they can be used to configure routes such as: + + .B route add -net 10.0.0.0 netmask 255.255.255.0 gw $5 + .\"********************************************************* + .TP +-.B --up-delay ++.B \-\-up-delay + Delay TUN/TAP open and possible +-.B --up ++.B \-\-up + script execution + until after TCP/UDP connection establishment with peer. + + In +-.B --proto udp ++.B \-\-proto udp + mode, this option normally requires the use of +-.B --ping ++.B \-\-ping + to allow connection initiation to be sensed in the absence + of tunnel data, since UDP is a "connectionless" protocol. + +@@ -1692,50 +1692,50 @@ + i.e. the receipt of the first authenticated packet from the peer. + .\"********************************************************* + .TP +-.B --down cmd ++.B \-\-down cmd + Shell command to run after TUN/TAP device close + (post +-.B --user ++.B \-\-user + UID change and/or +-.B --chroot ++.B \-\-chroot + ). Called with the same parameters and environmental + variables as the +-.B --up ++.B \-\-up + option above. + + Note that if you reduce privileges by using +-.B --user ++.B \-\-user + and/or +-.B --group, ++.B \-\-group, + your +-.B --down ++.B \-\-down + script will also run at reduced privilege. + .\"********************************************************* + .TP +-.B --down-pre ++.B \-\-down-pre + Call +-.B --down ++.B \-\-down + cmd/script before, rather than after, TUN/TAP close. + .\"********************************************************* + .TP +-.B --up-restart ++.B \-\-up-restart + Enable the +-.B --up ++.B \-\-up + and +-.B --down ++.B \-\-down + scripts to be called for restarts as well as initial program start. + This option is described more fully above in the +-.B --up ++.B \-\-up + option documentation. + .\"********************************************************* + .TP +-.B --setenv name value ++.B \-\-setenv name value + Set a custom environmental variable + .B name=value + to pass to script. + .\"********************************************************* + .TP +-.B --setenv FORWARD_COMPATIBLE 1 ++.B \-\-setenv FORWARD_COMPATIBLE 1 + Relax config file syntax checking so that unknown directives + will trigger a warning but not a fatal error, + on the assumption that a given unknown directive might be valid +@@ -1748,7 +1748,7 @@ + older software versions. + .\"********************************************************* + .TP +-.B --setenv-safe name value ++.B \-\-setenv-safe name value + Set a custom environmental variable + .B OPENVPN_name=value + to pass to script. +@@ -1759,7 +1759,7 @@ + from a malicious or compromised server. + .\"********************************************************* + .TP +-.B --script-security level [method] ++.B \-\-script-security level [method] + This directive offers policy-level control over OpenVPN's usage of external programs + and scripts. Lower + .B level +@@ -1792,25 +1792,25 @@ + line is subject to shell expansion). + + The +-.B --script-security ++.B \-\-script-security + option was introduced in OpenVPN 2.1_rc9. For configuration file compatibility + with previous OpenVPN versions, use: +-.B --script-security 3 system ++.B \-\-script-security 3 system + .\"********************************************************* + .TP +-.B --disable-occ ++.B \-\-disable-occ + Don't output a warning message if option inconsistencies are detected between + peers. An example of an option inconsistency would be where one peer uses +-.B --dev tun ++.B \-\-dev tun + while the other peer uses +-.B --dev tap. ++.B \-\-dev tap. + + Use of this option is discouraged, but is provided as + a temporary fix in situations where a recent version of OpenVPN must + connect to an old version. + .\"********************************************************* + .TP +-.B --user user ++.B \-\-user user + Change the user ID of the OpenVPN process to + .B user + after initialization, dropping privileges in the process. +@@ -1832,7 +1832,7 @@ + signal + (for example in response + to a DHCP reset), you should make use of one or more of the +-.B --persist ++.B \-\-persist + options to ensure that OpenVPN doesn't need to execute any privileged + operations in order to restart (such as re-reading key files + or running +@@ -1840,16 +1840,16 @@ + on the TUN device). + .\"********************************************************* + .TP +-.B --group group ++.B \-\-group group + Similar to the +-.B --user ++.B \-\-user + option, + this option changes the group ID of the OpenVPN process to + .B group + after initialization. + .\"********************************************************* + .TP +-.B --cd dir ++.B \-\-cd dir + Change directory to + .B dir + prior to reading any files such as +@@ -1861,16 +1861,16 @@ + + This option is useful when you are running + OpenVPN in +-.B --daemon ++.B \-\-daemon + mode, and you want to consolidate all of + your OpenVPN control files in one location. + .\"********************************************************* + .TP +-.B --chroot dir ++.B \-\-chroot dir + Chroot to + .B dir + after initialization. +-.B --chroot ++.B \-\-chroot + essentially redefines + .B dir + as being the top +@@ -1889,7 +1889,7 @@ + are executed after the chroot operation. + .\"********************************************************* + .TP +-.B --daemon [progname] ++.B \-\-daemon [progname] + Become a daemon after all initialization functions are completed. + This option will cause all message and error output to + be sent to the syslog file (such as /var/log/messages), +@@ -1898,10 +1898,10 @@ + which will go to /dev/null unless otherwise redirected. + The syslog redirection occurs immediately at the point + that +-.B --daemon ++.B \-\-daemon + is parsed on the command line even though + the daemonization point occurs later. If one of the +-.B --log ++.B \-\-log + options is present, it will supercede syslog + redirection. + +@@ -1917,7 +1917,7 @@ + defaults to "openvpn". + + When OpenVPN is run with the +-.B --daemon ++.B \-\-daemon + option, it will try to delay daemonization until the majority of initialization + functions which are capable of generating fatal errors are complete. This means + that initialization scripts can test the return status of the +@@ -1927,20 +1927,20 @@ + In OpenVPN, the vast majority of errors which occur after initialization are non-fatal. + .\"********************************************************* + .TP +-.B --syslog [progname] ++.B \-\-syslog [progname] + Direct log output to system logger, but do not become a daemon. + See +-.B --daemon ++.B \-\-daemon + directive above for description of + .B progname + parameter. + .\"********************************************************* + .TP +-.B --passtos ++.B \-\-passtos + Set the TOS field of the tunnel packet to what the payload's TOS is. + .\"********************************************************* + .TP +-.B --inetd [wait|nowait] [progname] ++.B \-\-inetd [wait|nowait] [progname] + Use this option when OpenVPN is being run from the inetd or + .BR xinetd(8) + server. +@@ -1951,7 +1951,7 @@ + config file. The + .B nowait + mode can only be used with +-.B --proto tcp-server. ++.B \-\-proto tcp-server. + The default is + .B wait. + The +@@ -1963,16 +1963,16 @@ + .I http://openvpn.net/faq.html#oneport + + This option precludes the use of +-.B --daemon, --local, ++.B \-\-daemon, \-\-local, + or +-.B --remote. ++.B \-\-remote. + Note that this option causes message and error output to be handled in the same + way as the +-.B --daemon ++.B \-\-daemon + option. The optional + .B progname + parameter is also handled exactly as in +-.B --daemon. ++.B \-\-daemon. + + Also note that in + .B wait +@@ -1982,7 +1982,7 @@ + .I http://openvpn.net/1xhowto.html + .\"********************************************************* + .TP +-.B --log file ++.B \-\-log file + Output logging messages to + .B file, + including output to stdout/stderr which +@@ -1993,44 +1993,44 @@ + This option takes effect + immediately when it is parsed in the command line + and will supercede syslog output if +-.B --daemon ++.B \-\-daemon + or +-.B --inetd ++.B \-\-inetd + is also specified. + This option is persistent over the entire course of + an OpenVPN instantiation and will not be reset by SIGHUP, + SIGUSR1, or +-.B --ping-restart. ++.B \-\-ping-restart. + + Note that on Windows, when OpenVPN is started as a service, + logging occurs by default without the need to specify + this option. + .\"********************************************************* + .TP +-.B --log-append file ++.B \-\-log-append file + Append logging messages to + .B file. + If + .B file + does not exist, it will be created. + This option behaves exactly like +-.B --log ++.B \-\-log + except that it appends to rather + than truncating the log file. + .\"********************************************************* + .TP +-.B --suppress-timestamps ++.B \-\-suppress-timestamps + Avoid writing timestamps to log messages, even when they + otherwise would be prepended. In particular, this applies to + log messages sent to stdout. + .\"********************************************************* + .TP +-.B --writepid file ++.B \-\-writepid file + Write OpenVPN's main process ID to + .B file. + .\"********************************************************* + .TP +-.B --nice n ++.B \-\-nice n + Change process priority after initialization + ( + .B n +@@ -2039,14 +2039,14 @@ + less than zero is higher priority). + .\"********************************************************* + .\".TP +-.\".B --nice-work n ++.\".B \-\-nice-work n + .\"Change priority of background TLS work thread. The TLS thread + .\"feature is enabled when OpenVPN is built + .\"with pthread support, and you are running OpenVPN + .\"in TLS mode (i.e. with +-.\".B --tls-client ++.\".B \-\-tls-client + .\"or +-.\".B --tls-server ++.\".B \-\-tls-server + .\"specified). + .\" + .\"Using a TLS thread offloads the CPU-intensive process of SSL/TLS-based +@@ -2056,12 +2056,12 @@ + .\"The parameter + .\".B n + .\"is interpreted exactly as with the +-.\".B --nice ++.\".B \-\-nice + .\"option above, but in relation to the work thread rather + .\"than the main thread. + .\"********************************************************* + .TP +-.B --fast-io ++.B \-\-fast-io + (Experimental) Optimize TUN/TAP/UDP I/O writes by avoiding + a call to poll/epoll/select prior to the write operation. The purpose + of such a call would normally be to block until the device +@@ -2072,13 +2072,13 @@ + by 5% to 10%. + + This option can only be used on non-Windows systems, when +-.B --proto udp ++.B \-\-proto udp + is specified, and when +-.B --shaper ++.B \-\-shaper + is NOT specified. + .\"********************************************************* + .TP +-.B --echo [parms...] ++.B \-\-echo [parms...] + Echo + .B parms + to log output. +@@ -2087,7 +2087,7 @@ + which is receiving the OpenVPN log output. + .\"********************************************************* + .TP +-.B --remap-usr1 signal ++.B \-\-remap-usr1 signal + Control whether internally or externally + generated SIGUSR1 signals are remapped to + SIGHUP (restart without persisting state) or +@@ -2098,20 +2098,20 @@ + occurs. + .\"********************************************************* + .TP +-.B --verb n ++.B \-\-verb n + Set output verbosity to + .B n + (default=1). Each level shows all info from the previous levels. + Level 3 is recommended if you want a good summary + of what's happening without being swamped by output. + +-.B 0 -- ++.B 0 \-\- + No output except fatal errors. + .br +-.B 1 to 4 -- ++.B 1 to 4 \-\- + Normal usage range. + .br +-.B 5 -- ++.B 5 \-\- + Output + .B R + and +@@ -2119,12 +2119,12 @@ + characters to the console for each packet read and write, uppercase is + used for TCP/UDP packets and lowercase is used for TUN/TAP packets. + .br +-.B 6 to 11 -- ++.B 6 to 11 \-\- + Debug info range (see errlevel.h for additional + information on debug levels). + .\"********************************************************* + .TP +-.B --status file [n] ++.B \-\-status file [n] + Write operational status to + .B file + every +@@ -2136,20 +2136,20 @@ + signal. + .\"********************************************************* + .TP +-.B --status-version [n] ++.B \-\-status-version [n] + Choose the status file format version number. Currently + .B n + can be 1, 2, or 3 and defaults to 1. + .\"********************************************************* + .TP +-.B --mute n ++.B \-\-mute n + Log at most + .B n + consecutive messages in the same category. This is useful to + limit repetitive logging of similar message types. + .\"********************************************************* + .TP +-.B --comp-lzo [mode] ++.B \-\-comp-lzo [mode] + Use fast LZO compression -- may add up to 1 byte per + packet for incompressible data. + .B mode +@@ -2160,16 +2160,16 @@ + + First, make sure the client-side config file enables selective + compression by having at least one +-.B --comp-lzo ++.B \-\-comp-lzo + directive, such as +-.B --comp-lzo no. ++.B \-\-comp-lzo no. + This will turn off compression by default, + but allow a future directive push from the server to + dynamically change the + on/off/adaptive setting. + + Next in a +-.B --client-config-dir ++.B \-\-client-config-dir + file, specify the compression setting for the client, + for example: + +@@ -2188,12 +2188,12 @@ + side of the link, the second sets the client side. + .\"********************************************************* + .TP +-.B --comp-noadapt ++.B \-\-comp-noadapt + When used in conjunction with +-.B --comp-lzo, ++.B \-\-comp-lzo, + this option will disable OpenVPN's adaptive compression algorithm. + Normally, adaptive compression is enabled with +-.B --comp-lzo. ++.B \-\-comp-lzo. + + Adaptive compression tries to optimize the case where you have + compression enabled, but you are sending predominantly uncompressible +@@ -2205,7 +2205,7 @@ + compression for a period of time until the next re-sample test. + .\"********************************************************* + .TP +-.B --management IP port [pw-file] ++.B \-\-management IP port [pw-file] + Enable a TCP server on + .B IP:port + to handle daemon management functions. +@@ -2224,9 +2224,9 @@ + .B port + to 'unix'. While the default behavior is to create a unix domain socket + that may be connected to by any process, the +-.B --management-client-user ++.B \-\-management-client-user + and +-.B --management-client-group ++.B \-\-management-client-group + directives can be used to restrict access. + + The management interface provides a special mode where the TCP +@@ -2255,24 +2255,24 @@ + server to local clients. + .\"********************************************************* + .TP +-.B --management-query-passwords ++.B \-\-management-query-passwords + Query management channel for private key password and +-.B --auth-user-pass ++.B \-\-auth-user-pass + username/password. Only query the management channel + for inputs which ordinarily would have been queried from the + console. + .\"********************************************************* + .TP +-.B --management-forget-disconnect ++.B \-\-management-forget-disconnect + Make OpenVPN forget passwords when management session + disconnects. + + This directive does not affect the +-.B --http-proxy ++.B \-\-http-proxy + username/password. It is always cached. + .\"********************************************************* + .TP +-.B --management-hold ++.B \-\-management-hold + Start OpenVPN in a hibernating state, until a client + of the management interface explicitly starts it + with the +@@ -2280,45 +2280,45 @@ + command. + .\"********************************************************* + .TP +-.B --management-signal ++.B \-\-management-signal + Send SIGUSR1 signal to OpenVPN if management session disconnects. + This is useful when you wish to disconnect an OpenVPN session on + user logoff. + .\"********************************************************* + .TP +-.B --management-log-cache n ++.B \-\-management-log-cache n + Cache the most recent + .B n + lines of log file history for usage + by the management channel. + .\"********************************************************* + .TP +-.B --management-client-auth ++.B \-\-management-client-auth + Gives management interface client the responsibility + to authenticate clients after their client certificate + has been verified. See management-notes.txt in OpenVPN + distribution for detailed notes. + .\"********************************************************* + .TP +-.B --management-client-pf ++.B \-\-management-client-pf + Management interface clients must specify a packet + filter file for each connecting client. See management-notes.txt + in OpenVPN distribution for detailed notes. + .\"********************************************************* + .TP +-.B --management-client-user u ++.B \-\-management-client-user u + When the management interface is listening on a unix domain socket, + only allow connections from user + .B u. + .\"********************************************************* + .TP +-.B --management-client-group g ++.B \-\-management-client-group g + When the management interface is listening on a unix domain socket, + only allow connections from group + .B g. + .\"********************************************************* + .TP +-.B --plugin module-pathname [init-string] ++.B \-\-plugin module-pathname [init-string] + Load plug-in module from the file + .B module-pathname, + passing +@@ -2354,7 +2354,7 @@ + .SS Server Mode + Starting with OpenVPN 2.0, a multi-client TCP/UDP server mode + is supported, and can be enabled with the +-.B --mode server ++.B \-\-mode server + option. In server mode, OpenVPN will listen on a single + port for incoming client connections. All client + connections will be routed through a single tun or tap +@@ -2364,7 +2364,7 @@ + be used in this mode. + .\"********************************************************* + .TP +-.B --server network netmask ++.B \-\-server network netmask + A helper directive designed to simplify the configuration + of OpenVPN's server mode. This directive will set up an + OpenVPN server which will allocate addresses to clients +@@ -2374,7 +2374,7 @@ + TUN/TAP interface. + + For example, +-.B --server 10.8.0.0 255.255.255.0 ++.B \-\-server 10.8.0.0 255.255.255.0 + expands as follows: + + .nf +@@ -2404,23 +2404,23 @@ + .fi + + Don't use +-.B --server ++.B \-\-server + if you are ethernet bridging. Use +-.B --server-bridge ++.B \-\-server-bridge + instead. + .\"********************************************************* + .TP +-.B --server-bridge gateway netmask pool-start-IP pool-end-IP ++.B \-\-server-bridge gateway netmask pool-start-IP pool-end-IP + .TP +-.B --server-bridge ['nogw'] ++.B \-\-server-bridge ['nogw'] + + A helper directive similar to +-.B --server ++.B \-\-server + which is designed to simplify the configuration + of OpenVPN's server mode in ethernet bridging configurations. + + If +-.B --server-bridge ++.B \-\-server-bridge + is used without any parameters, it will enable a DHCP-proxy + mode, where connecting OpenVPN clients will receive an IP + address for their TAP adapter from the DHCP server running +@@ -2448,7 +2448,7 @@ + and + .B netmask + parameters to +-.B --server-bridge ++.B \-\-server-bridge + can be set to either the IP/netmask of the + bridge interface, or the IP/netmask of the + default gateway/router on the bridged +@@ -2480,7 +2480,7 @@ + .fi + + In another example, +-.B --server-bridge ++.B \-\-server-bridge + (without parameters) expands as follows: + + .nf +@@ -2495,7 +2495,7 @@ + .fi + + Or +-.B --server-bridge nogw ++.B \-\-server-bridge nogw + expands as follows: + + .nf +@@ -2508,13 +2508,13 @@ + .fi + .\"********************************************************* + .TP +-.B --push "option" ++.B \-\-push "option" + Push a config file option back to the client for remote + execution. Note that + .B + option + must be enclosed in double quotes (""). The client must specify +-.B --pull ++.B \-\-pull + in its config file. The set of options which can be + pushed is limited by both feasibility and security. + Some options such as those which would execute scripts +@@ -2525,44 +2525,44 @@ + them before the connection to the server can be initiated. + + This is a partial list of options which can currently be pushed: +-.B --route, --route-gateway, --route-delay, --redirect-gateway, +-.B --ip-win32, --dhcp-option, +-.B --inactive, --ping, --ping-exit, --ping-restart, +-.B --setenv, +-.B --persist-key, --persist-tun, --echo, +-.B --comp-lzo, +-.B --socket-flags, +-.B --sndbuf, --rcvbuf ++.B \-\-route, \-\-route-gateway, \-\-route-delay, \-\-redirect-gateway, ++.B \-\-ip-win32, \-\-dhcp-option, ++.B \-\-inactive, \-\-ping, \-\-ping-exit, \-\-ping-restart, ++.B \-\-setenv, ++.B \-\-persist-key, \-\-persist-tun, \-\-echo, ++.B \-\-comp-lzo, ++.B \-\-socket-flags, ++.B \-\-sndbuf, \-\-rcvbuf + .\"********************************************************* + .TP +-.B --push-reset ++.B \-\-push-reset + Don't inherit the global push list for a specific client instance. + Specify this option in a client-specific context such + as with a +-.B --client-config-dir ++.B \-\-client-config-dir + configuration file. This option will ignore +-.B --push ++.B \-\-push + options at the global config file level. + .\"********************************************************* + .TP +-.B --disable ++.B \-\-disable + Disable a particular client (based on the common name) + from connecting. Don't use this option to disable a client + due to key or password compromise. Use a CRL (certificate + revocation list) instead (see the +-.B --crl-verify ++.B \-\-crl-verify + option). + + This option must be associated with a specific client instance, + which means that it must be specified either in a client + instance config file using +-.B --client-config-dir ++.B \-\-client-config-dir + or dynamically generated using a +-.B --client-connect ++.B \-\-client-connect + script. + .\"********************************************************* + .TP +-.B --ifconfig-pool start-IP end-IP [netmask] ++.B \-\-ifconfig-pool start-IP end-IP [netmask] + Set aside a pool of subnets to be + dynamically allocated to connecting clients, similar + to a DHCP server. For tun-style +@@ -2575,7 +2575,7 @@ + + .\"********************************************************* + .TP +-.B --ifconfig-pool-persist file [seconds] ++.B \-\-ifconfig-pool-persist file [seconds] + Persist/unpersist ifconfig-pool + data to + .B file, +@@ -2590,7 +2590,7 @@ + Maintaining a long-term + association is good for clients because it allows them + to effectively use the +-.B --persist-tun ++.B \-\-persist-tun + option. + + .B file +@@ -2611,32 +2611,32 @@ + a common name and IP address. They do not guarantee that the given common + name will always receive the given IP address. If you want guaranteed + assignment, use +-.B --ifconfig-push ++.B \-\-ifconfig-push + .\"********************************************************* + .TP +-.B --ifconfig-pool-linear ++.B \-\-ifconfig-pool-linear + Modifies the +-.B --ifconfig-pool ++.B \-\-ifconfig-pool + directive to + allocate individual TUN interface addresses for + clients rather than /30 subnets. NOTE: This option + is incompatible with Windows clients. + + This option is deprecated, and should be replaced with +-.B --topology p2p ++.B \-\-topology p2p + which is functionally equivalent. + .\"********************************************************* + .TP +-.B --ifconfig-push local remote-netmask ++.B \-\-ifconfig-push local remote-netmask + Push virtual IP endpoints for client tunnel, +-overriding the --ifconfig-pool dynamic allocation. ++overriding the \-\-ifconfig-pool dynamic allocation. + + The parameters + .B local + and + .B remote-netmask + are set according to the +-.B --ifconfig ++.B \-\-ifconfig + directive which you want to execute on the client machine to + configure the remote end of the tunnel. Note that the parameters + .B local +@@ -2649,13 +2649,13 @@ + This option must be associated with a specific client instance, + which means that it must be specified either in a client + instance config file using +-.B --client-config-dir ++.B \-\-client-config-dir + or dynamically generated using a +-.B --client-connect ++.B \-\-client-connect + script. + + Remember also to include a +-.B --route ++.B \-\-route + directive in the main OpenVPN config file which encloses + .B local, + so that the kernel will know to route it +@@ -2665,23 +2665,23 @@ + follows: + + .B 1 +--- Use +-.B --client-connect script ++\-\- Use ++.B \-\-client-connect script + generated file for static IP (first choice). + .br + .B 2 +--- Use +-.B --client-config-dir ++\-\- Use ++.B \-\-client-config-dir + file for static IP (next choice). + .br + .B 3 +--- Use +-.B --ifconfig-pool ++\-\- Use ++.B \-\-ifconfig-pool + allocation for dynamic IP (last choice). + .br + .\"********************************************************* + .TP +-.B --iroute network [netmask] ++.B \-\-iroute network [netmask] + Generate an internal route to a specific + client. The + .B netmask +@@ -2692,36 +2692,36 @@ + of where the client is connecting from. Remember + that you must also add the route to the system + routing table as well (such as by using the +-.B --route ++.B \-\-route + directive). The reason why two routes are needed + is that the +-.B --route ++.B \-\-route + directive routes the packet from the kernel + to OpenVPN. Once in OpenVPN, the +-.B --iroute ++.B \-\-iroute + directive routes to the specific client. + + This option must be specified either in a client + instance config file using +-.B --client-config-dir ++.B \-\-client-config-dir + or dynamically generated using a +-.B --client-connect ++.B \-\-client-connect + script. + + The +-.B --iroute ++.B \-\-iroute + directive also has an important interaction with +-.B --push ++.B \-\-push + "route ...". +-.B --iroute ++.B \-\-iroute + essentially defines a subnet which is owned by a + particular client (we will call this client A). + If you would like other clients to be able to reach A's + subnet, you can use +-.B --push ++.B \-\-push + "route ..." + together with +-.B --client-to-client ++.B \-\-client-to-client + to effect this. In order for all clients to see + A's subnet, OpenVPN must push this route to all clients + EXCEPT for A, since the subnet is already owned by A. +@@ -2730,11 +2730,11 @@ + if it matches one of the client's iroutes. + .\"********************************************************* + .TP +-.B --client-to-client ++.B \-\-client-to-client + Because the OpenVPN server mode handles multiple clients + through a single tun or tap interface, it is effectively + a router. The +-.B --client-to-client ++.B \-\-client-to-client + flag tells OpenVPN to internally route client-to-client + traffic rather than pushing all client-originating traffic + to the TUN/TAP interface. +@@ -2746,13 +2746,13 @@ + custom, per-client rules. + .\"********************************************************* + .TP +-.B --duplicate-cn ++.B \-\-duplicate-cn + Allow multiple clients with the same common name to concurrently connect. + In the absence of this option, OpenVPN will disconnect a client instance + upon connection of a new client having the same common name. + .\"********************************************************* + .TP +-.B --client-connect script ++.B \-\-client-connect script + Run + .B script + on client connection. The script is passed the common name +@@ -2768,7 +2768,7 @@ + it should write it to the file named by $1. + + See the +-.B --client-config-dir ++.B \-\-client-config-dir + option below for options which + can be legally used in a dynamically generated config file. + +@@ -2780,18 +2780,18 @@ + to be disconnected. + .\"********************************************************* + .TP +-.B --client-disconnect ++.B \-\-client-disconnect + Like +-.B --client-connect ++.B \-\-client-connect + but called on client instance shutdown. Will not be called + unless the +-.B --client-connect ++.B \-\-client-connect + script and plugins (if defined) + were previously called on this instance with + successful (0) status returns. + + The exception to this rule is if the +-.B --client-disconnect ++.B \-\-client-disconnect + script or plugins are cascaded, and at least one client-connect + function succeeded, then ALL of the client-disconnect functions for + scripts and plugins will be called on client instance object deletion, +@@ -2800,7 +2800,7 @@ + .B + .\"********************************************************* + .TP +-.B --client-config-dir dir ++.B \-\-client-config-dir dir + Specify a directory + .B dir + for custom client config files. After +@@ -2814,9 +2814,9 @@ + + This file can specify a fixed IP address for a given + client using +-.B --ifconfig-push, ++.B \-\-ifconfig-push, + as well as fixed subnets owned by the client using +-.B --iroute. ++.B \-\-iroute. + + One of the useful properties of this option is that it + allows client configuration files to be conveniently +@@ -2825,28 +2825,28 @@ + + The following + options are legal in a client-specific context: +-.B --push, --push-reset, --iroute, --ifconfig-push, ++.B \-\-push, \-\-push-reset, \-\-iroute, \-\-ifconfig-push, + and +-.B --config. ++.B \-\-config. + .\"********************************************************* + .TP +-.B --ccd-exclusive ++.B \-\-ccd-exclusive + Require, as a + condition of authentication, that a connecting client has a +-.B --client-config-dir ++.B \-\-client-config-dir + file. + .\"********************************************************* + .TP +-.B --tmp-dir dir ++.B \-\-tmp-dir dir + Specify a directory + .B dir + for temporary files. This directory will be used by +-.B --client-connect ++.B \-\-client-connect + scripts to dynamically generate client-specific + configuration files. + .\"********************************************************* + .TP +-.B --hash-size r v ++.B \-\-hash-size r v + Set the size of the real address hash table to + .B r + and the virtual address table to +@@ -2854,13 +2854,13 @@ + By default, both tables are sized at 256 buckets. + .\"********************************************************* + .TP +-.B --bcast-buffers n ++.B \-\-bcast-buffers n + Allocate + .B n + buffers for broadcast datagrams (default=256). + .\"********************************************************* + .TP +-.B --tcp-queue-limit n ++.B \-\-tcp-queue-limit n + Maximum number of output packets queued before TCP (default=64). + + When OpenVPN is tunneling data from a TUN/TAP device to a +@@ -2872,7 +2872,7 @@ + at this client. + .\"********************************************************* + .TP +-.B --tcp-nodelay ++.B \-\-tcp-nodelay + This macro sets the TCP_NODELAY socket flag on the server + as well as pushes it to connecting clients. The TCP_NODELAY + flag disables the Nagle algorithm on TCP sockets causing +@@ -2895,13 +2895,13 @@ + .fi + .\"********************************************************* + .TP +-.B --max-clients n ++.B \-\-max-clients n + Limit server to a maximum of + .B n + concurrent clients. + .\"********************************************************* + .TP +-.B --max-routes-per-client n ++.B \-\-max-routes-per-client n + Allow a maximum of + .B n + internal routes per client (default=256). +@@ -2911,9 +2911,9 @@ + forcing the server to deplete + virtual memory as its internal routing table expands. + This directive can be used in a +-.B --client-config-dir ++.B \-\-client-config-dir + file or auto-generated by a +-.B --client-connect ++.B \-\-client-connect + script to override the global value for a particular client. + + Note that this +@@ -2921,7 +2921,7 @@ + kernel routing table. + .\"********************************************************* + .TP +-.B --connect-freq n sec ++.B \-\-connect-freq n sec + Allow a maximum of + .B n + new connections per +@@ -2935,12 +2935,12 @@ + + For the best protection against DoS attacks in server mode, + use +-.B --proto udp ++.B \-\-proto udp + and +-.B --tls-auth. ++.B \-\-tls-auth. + .\"********************************************************* + .TP +-.B --learn-address cmd ++.B \-\-learn-address cmd + Run script or shell command + .B cmd + to validate client virtual addresses or routes. +@@ -2948,19 +2948,19 @@ + .B cmd + will be executed with 3 parameters: + +-.B [1] operation -- ++.B [1] operation \-\- + "add", "update", or "delete" based on whether or not + the address is being added to, modified, or deleted from + OpenVPN's internal routing table. + .br +-.B [2] address -- ++.B [2] address \-\- + The address being learned or unlearned. This can be + an IPv4 address such as "198.162.10.14", an IPv4 subnet + such as "198.162.10.0/24", or an ethernet MAC address (when +-.B --dev tap ++.B \-\-dev tap + is being used) such as "00:FF:01:02:03:04". + .br +-.B [3] common name -- ++.B [3] common name \-\- + The common name on the certificate associated with the + client linked to this address. Only present for "add" + or "update" operations, not "delete". +@@ -2980,7 +2980,7 @@ + rather than the low level client virtual addresses. + .\"********************************************************* + .TP +-.B --auth-user-pass-verify script method ++.B \-\-auth-user-pass-verify script method + Require the client to provide a username/password (possibly + in addition to a client certificate) for authentication. + +@@ -3011,10 +3011,10 @@ + and the file will be automatically deleted by OpenVPN after + the script returns. The location of the temporary file is + controlled by the +-.B --tmp-dir ++.B \-\-tmp-dir + option, and will default to the current directory if unspecified. + For security, consider setting +-.B --tmp-dir ++.B \-\-tmp-dir + to a volatile storage medium such as + .B /dev/shm + (if available) to prevent the username/password file from touching the hard drive. +@@ -3046,7 +3046,7 @@ + in the OpenVPN source distribution. + .\"********************************************************* + .TP +-.B --opt-verify ++.B \-\-opt-verify + Clients that connect with options that are incompatible + with those of the server will be disconnected. + +@@ -3056,16 +3056,16 @@ + no-replay, no-iv, tls-auth, key-method, tls-server, and tls-client. + + This option requires that +-.B --disable-occ ++.B \-\-disable-occ + NOT be used. + .\"********************************************************* + .TP +-.B --auth-user-pass-optional ++.B \-\-auth-user-pass-optional + Allow connections by clients that do not specify a username/password. + Normally, when +-.B --auth-user-pass-verify ++.B \-\-auth-user-pass-verify + or +-.B --management-client-auth ++.B \-\-management-client-auth + is specified (or an authentication plugin module), the + OpenVPN server daemon will require connecting clients to specify a + username and password. This option makes the submission of a username/password +@@ -3078,35 +3078,35 @@ + to detect this condition and respond accordingly. + .\"********************************************************* + .TP +-.B --client-cert-not-required ++.B \-\-client-cert-not-required + Don't require client certificate, client will authenticate + using username/password only. Be aware that using this directive + is less secure than requiring certificates from all clients. + + If you use this directive, the + entire responsibility of authentication will rest on your +-.B --auth-user-pass-verify ++.B \-\-auth-user-pass-verify + script, so keep in mind that bugs in your script + could potentially compromise the security of your VPN. + + If you don't use this directive, but you also specify an +-.B --auth-user-pass-verify ++.B \-\-auth-user-pass-verify + script, then OpenVPN will perform double authentication. The + client certificate verification AND the +-.B --auth-user-pass-verify ++.B \-\-auth-user-pass-verify + script will need to succeed in order for a client to be + authenticated and accepted onto the VPN. + .\"********************************************************* + .TP +-.B --username-as-common-name ++.B \-\-username-as-common-name + For +-.B --auth-user-pass-verify ++.B \-\-auth-user-pass-verify + authentication, use + the authenticated username as the common name, + rather than the common name from the client cert. + .\"********************************************************* + .TP +-.B --no-name-remapping ++.B \-\-no-name-remapping + Allow Common Name, X509 Subject, and username strings to include + any printable character including space, but excluding control + characters such as tab, newline, and carriage-return. +@@ -3127,7 +3127,7 @@ + know what you are doing! + .\"********************************************************* + .TP +-.B --port-share host port ++.B \-\-port-share host port + When run in TCP server mode, share the OpenVPN port with + another application, such as an HTTPS server. If OpenVPN + senses a connection to its port which is using a non-OpenVPN +@@ -3142,13 +3142,13 @@ + .SS Client Mode + Use client mode when connecting to an OpenVPN server + which has +-.B --server, --server-bridge, ++.B \-\-server, \-\-server-bridge, + or +-.B --mode server ++.B \-\-mode server + in it's configuration. + .\"********************************************************* + .TP +-.B --client ++.B \-\-client + A helper directive designed to simplify the configuration + of OpenVPN's client mode. This directive is equivalent to: + +@@ -3162,33 +3162,33 @@ + .fi + .\"********************************************************* + .TP +-.B --pull ++.B \-\-pull + This option must be used on a client which is connecting + to a multi-client server. It indicates to OpenVPN that it + should accept options pushed by the server, provided they + are part of the legal set of pushable options (note that the +-.B --pull ++.B \-\-pull + option is implied by +-.B --client ++.B \-\-client + ). + + In particular, +-.B --pull ++.B \-\-pull + allows the server to push routes to the client, so you should + not use +-.B --pull ++.B \-\-pull + or +-.B --client ++.B \-\-client + in situations where you don't trust the server to have control + over the client's routing table. + .\"********************************************************* + .TP +-.B --auth-user-pass [up] ++.B \-\-auth-user-pass [up] + Authenticate with server using username/password. + .B up + is a file containing username/password on 2 lines (Note: OpenVPN + will only read passwords from a file if it has been built +-with the --enable-password-save configure option, or on Windows ++with the \-\-enable-password-save configure option, or on Windows + by defining ENABLE_PASSWORD_SAVE in config-win32.h). + + If +@@ -3197,12 +3197,12 @@ + console. + + The server configuration must specify an +-.B --auth-user-pass-verify ++.B \-\-auth-user-pass-verify + script to verify the username/password provided by + the client. + .\"********************************************************* + .TP +-.B --auth-retry type ++.B \-\-auth-retry type + Controls how OpenVPN responds to username/password verification + errors such as the client-side response to an AUTH_FAILED message from the server + or verification failure of the private key password. +@@ -3213,33 +3213,33 @@ + + An AUTH_FAILED message is generated by the server if the client + fails +-.B --auth-user-pass ++.B \-\-auth-user-pass + authentication, or if the server-side +-.B --client-connect ++.B \-\-client-connect + script returns an error status when the client + tries to connect. + + .B type + can be one of: + +-.B none -- ++.B none \-\- + Client will exit with a fatal error (this is the default). + .br +-.B nointeract -- ++.B nointeract \-\- + Client will retry the connection without requerying for an +-.B --auth-user-pass ++.B \-\-auth-user-pass + username/password. Use this option for unattended clients. + .br +-.B interact -- ++.B interact \-\- + Client will requery for an +-.B --auth-user-pass ++.B \-\-auth-user-pass + username/password and/or private key password before attempting a reconnection. + + Note that while this option cannot be pushed, it can be controlled + from the management interface. + .\"********************************************************* + .TP +-.B --explicit-exit-notify [n] ++.B \-\-explicit-exit-notify [n] + In UDP client mode or point-to-point mode, send server/peer an exit notification + if tunnel is restarted or OpenVPN process is exited. In client mode, on + exit/restart, this +@@ -3254,12 +3254,12 @@ + (must be compatible between peers). + .\"********************************************************* + .TP +-.B --secret file [direction] ++.B \-\-secret file [direction] + Enable Static Key encryption mode (non-TLS). + Use pre-shared secret + .B file + which was generated with +-.B --genkey. ++.B \-\-genkey. + + The optional + .B direction +@@ -3290,7 +3290,7 @@ + .B direction + parameter, will also support 2048 bit key file generation + using the +-.B --genkey ++.B \-\-genkey + option. + + Static key encryption mode has certain advantages, +@@ -3320,7 +3320,7 @@ + but random-looking data. + .\"********************************************************* + .TP +-.B --auth alg ++.B \-\-auth alg + Authenticate packets with HMAC using message + digest algorithm + .B alg. +@@ -3335,7 +3335,7 @@ + + In static-key encryption mode, the HMAC key + is included in the key file generated by +-.B --genkey. ++.B \-\-genkey. + In TLS mode, the HMAC key is dynamically generated and shared + between peers via the TLS control channel. If OpenVPN receives a packet with + a bad HMAC it will drop the packet. +@@ -3348,7 +3348,7 @@ + .I http://www.cs.ucsd.edu/users/mihir/papers/hmac.html + .\"********************************************************* + .TP +-.B --cipher alg ++.B \-\-cipher alg + Encrypt packets with cipher algorithm + .B alg. + The default is +@@ -3363,7 +3363,7 @@ + + To see other ciphers that are available with + OpenVPN, use the +-.B --show-ciphers ++.B \-\-show-ciphers + option. + + OpenVPN supports the CBC, CFB, and OFB cipher modes, +@@ -3375,10 +3375,10 @@ + to disable encryption. + .\"********************************************************* + .TP +-.B --keysize n ++.B \-\-keysize n + Size of cipher key in bits (optional). + If unspecified, defaults to cipher-specific default. The +-.B --show-ciphers ++.B \-\-show-ciphers + option (see below) shows all available OpenSSL ciphers, + their default key sizes, and whether the key size can + be changed. Use care in changing a cipher's default +@@ -3388,7 +3388,7 @@ + security, or may even reduce security. + .\"********************************************************* + .TP +-.B --prng alg [nsl] ++.B \-\-prng alg [nsl] + (Advanced) For PRNG (Pseudo-random number generator), + use digest algorithm + .B alg +@@ -3403,19 +3403,19 @@ + instead for all of OpenVPN's pseudo-random number needs. + .\"********************************************************* + .TP +-.B --engine [engine-name] ++.B \-\-engine [engine-name] + Enable OpenSSL hardware-based crypto engine functionality. + + If + .B engine-name + is specified, + use a specific crypto engine. Use the +-.B --show-engines ++.B \-\-show-engines + standalone option to list the crypto engines which are + supported by OpenSSL. + .\"********************************************************* + .TP +-.B --no-replay ++.B \-\-no-replay + (Advanced) Disable OpenVPN's protection against replay attacks. + Don't use this option unless you are prepared to make + a tradeoff of greater efficiency in exchange for less +@@ -3459,7 +3459,7 @@ + by IPSec. + .\"********************************************************* + .TP +-.B --replay-window n [t] ++.B \-\-replay-window n [t] + Use a replay protection sliding-window of size + .B n + and a time window of +@@ -3474,9 +3474,9 @@ + + This option is only relevant in UDP mode, i.e. + when either +-.B --proto udp ++.B \-\-proto udp + is specifed, or no +-.B --proto ++.B \-\-proto + option is specified. + + When OpenVPN tunnels IP packets over UDP, there is the possibility that +@@ -3488,7 +3488,7 @@ + + .B (a) + The packet cannot be a replay (unless +-.B --no-replay ++.B \-\-no-replay + is specified, which disables replay protection altogether). + + .B (b) +@@ -3510,7 +3510,7 @@ + Satellite links in particular often require this. + + If you run OpenVPN at +-.B --verb 4, ++.B \-\-verb 4, + you will see the message "Replay-window backtrack occurred [x]" + every time the maximum sequence number backtrack seen thus far + increases. This can be used to calibrate +@@ -3546,7 +3546,7 @@ + is easily fixed by simply using TCP as the VPN transport layer. + .\"********************************************************* + .TP +-.B --mute-replay-warnings ++.B \-\-mute-replay-warnings + Silence the output of replay warnings, which are a common + false alarm on WiFi networks. This option preserves + the security of the replay protection code without +@@ -3554,7 +3554,7 @@ + packets. + .\"********************************************************* + .TP +-.B --replay-persist file ++.B \-\-replay-persist file + Persist replay-protection state across sessions using + .B file + to save and reload the state. +@@ -3562,7 +3562,7 @@ + This option will strengthen protection against replay attacks, + especially when you are using OpenVPN in a dynamic context (such + as with +-.B --inetd) ++.B \-\-inetd) + when OpenVPN sessions are frequently started and stopped. + + This option will keep a disk copy of the current replay protection +@@ -3573,12 +3573,12 @@ + + This option only makes sense when replay protection is enabled + (the default) and you are using either +-.B --secret ++.B \-\-secret + (shared-secret key mode) or TLS mode with +-.B --tls-auth. ++.B \-\-tls-auth. + .\"********************************************************* + .TP +-.B --no-iv ++.B \-\-no-iv + (Advanced) Disable OpenVPN's use of IV (cipher initialization vector). + Don't use this option unless you are prepared to make + a tradeoff of greater efficiency in exchange for less +@@ -3599,24 +3599,24 @@ + datagram replay protection as the IV. + .\"********************************************************* + .TP +-.B --test-crypto ++.B \-\-test-crypto + Do a self-test of OpenVPN's crypto options by encrypting and + decrypting test packets using the data channel encryption options + specified above. This option does not require a peer to function, + and therefore can be specified without +-.B --dev ++.B \-\-dev + or +-.B --remote. ++.B \-\-remote. + + The typical usage of +-.B --test-crypto ++.B \-\-test-crypto + would be something like this: + +-.B openvpn --test-crypto --secret key ++.B openvpn \-\-test-crypto \-\-secret key + + or + +-.B openvpn --test-crypto --secret key --verb 9 ++.B openvpn \-\-test-crypto \-\-secret key \-\-verb 9 + + This option is very useful to test OpenVPN after it has been ported to + a new platform, or to isolate problems in the compiler, OpenSSL +@@ -3640,17 +3640,17 @@ + + To use TLS mode, each peer that runs OpenVPN should have its own local + certificate/key pair ( +-.B --cert ++.B \-\-cert + and +-.B --key ++.B \-\-key + ), signed by the root certificate which is specified + in +-.B --ca. ++.B \-\-ca. + + When two OpenVPN peers connect, each presents its local certificate to the + other. Each peer will then check that its partner peer presented a + certificate which was signed by the master root certificate as specified in +-.B --ca. ++.B \-\-ca. + + If that check on both peers succeeds, then the TLS negotiation + will succeed, both OpenVPN +@@ -3667,18 +3667,18 @@ + .I http://openvpn.net/easyrsa.html + .\"********************************************************* + .TP +-.B --tls-server ++.B \-\-tls-server + Enable TLS and assume server role during TLS handshake. Note that + OpenVPN is designed as a peer-to-peer application. The designation + of client or server is only for the purpose of negotiating the TLS + control channel. + .\"********************************************************* + .TP +-.B --tls-client ++.B \-\-tls-client + Enable TLS and assume client role during TLS handshake. + .\"********************************************************* + .TP +-.B --ca file ++.B \-\-ca file + Certificate authority (CA) file in .pem format, also referred to as the + .I root + certificate. This file can have multiple +@@ -3700,10 +3700,10 @@ + they are distributed with OpenVPN, they are totally insecure. + .\"********************************************************* + .TP +-.B --dh file ++.B \-\-dh file + File containing Diffie Hellman parameters + in .pem format (required for +-.B --tls-server ++.B \-\-tls-server + only). Use + + .B openssl dhparam -out dh1024.pem 1024 +@@ -3713,15 +3713,15 @@ + may be considered public. + .\"********************************************************* + .TP +-.B --cert file +-Local peer's signed certificate in .pem format -- must be signed ++.B \-\-cert file ++Local peer's signed certificate in .pem format \-\- must be signed + by a certificate authority whose certificate is in +-.B --ca file. ++.B \-\-ca file. + Each peer in an OpenVPN link running in TLS mode should have its own + certificate and private key file. In addition, each certificate should + have been signed by the key of a certificate + authority whose public key resides in the +-.B --ca ++.B \-\-ca + certificate authority file. + You can easily make your own certificate authority (see above) or pay money + to use a commercial service such as thawte.com (in which case you will be +@@ -3746,7 +3746,7 @@ + command reads the location of the certificate authority key from its + configuration file such as + .B /usr/share/ssl/openssl.cnf +--- note also ++\-\- note also + that for certificate authority functions, you must set up the files + .B index.txt + (may be empty) and +@@ -3757,61 +3757,61 @@ + ). + .\"********************************************************* + .TP +-.B --key file ++.B \-\-key file + Local peer's private key in .pem format. Use the private key which was generated + when you built your peer's certificate (see + .B -cert file + above). + .\"********************************************************* + .TP +-.B --pkcs12 file ++.B \-\-pkcs12 file + Specify a PKCS #12 file containing local private key, + local certificate, and root CA certificate. + This option can be used instead of +-.B --ca, --cert, ++.B \-\-ca, \-\-cert, + and +-.B --key. ++.B \-\-key. + .\"********************************************************* + .TP +-.B --pkcs11-cert-private [0|1]... ++.B \-\-pkcs11-cert-private [0|1]... + Set if access to certificate object should be performed after login. + Every provider has its own setting. + .\"********************************************************* + .TP +-.B --pkcs11-id name ++.B \-\-pkcs11-id name + Specify the serialized certificate id to be used. The id can be gotten + by the standalone +-.B --show-pkcs11-ids ++.B \-\-show-pkcs11-ids + option. + .\"********************************************************* + .TP +-.B --pkcs11-id-management ++.B \-\-pkcs11-id-management + Acquire PKCS#11 id from management interface. In this case a NEED-STR 'pkcs11-id-request' + real-time message will be triggered, application may use pkcs11-id-count command to + retrieve available number of certificates, and pkcs11-id-get command to retrieve certificate + id and certificate body. + .\"********************************************************* + .TP +-.B --pkcs11-pin-cache seconds ++.B \-\-pkcs11-pin-cache seconds + Specify how many seconds the PIN can be cached, the default is until the token is removed. + .\"********************************************************* + .TP +-.B --pkcs11-protected-authentication [0|1]... ++.B \-\-pkcs11-protected-authentication [0|1]... + Use PKCS#11 protected authentication path, useful for biometric and external + keypad devices. + Every provider has its own setting. + .\"********************************************************* + .TP +-.B --pkcs11-providers provider... ++.B \-\-pkcs11-providers provider... + Specify a RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki) providers + to load. + This option can be used instead of +-.B --cert, --key, ++.B \-\-cert, \-\-key, + and +-.B --pkcs12. ++.B \-\-pkcs12. + .\"********************************************************* + .TP +-.B --pkcs11-private-mode mode... ++.B \-\-pkcs11-private-mode mode... + Specify which method to use in order to perform private key operations. + A different mode can be specified for each provider. + Mode is encoded as hex number, and can be a mask one of the following: +@@ -3833,14 +3833,14 @@ + .br + .\"********************************************************* + .TP +-.B --cryptoapicert select-string ++.B \-\-cryptoapicert select-string + Load the certificate and private key from the + Windows Certificate System Store (Windows Only). + + Use this option instead of +-.B --cert ++.B \-\-cert + and +-.B --key. ++.B \-\-key. + + This makes + it possible to use any smart card, supported by Windows, but also any +@@ -3866,7 +3866,7 @@ + + .\"********************************************************* + .TP +-.B --key-method m ++.B \-\-key-method m + Use data channel key negotiation method + .B m. + The key method must match on both sides of the connection. +@@ -3894,16 +3894,16 @@ + of the connection producing certificates and verifying the certificate + (or other authentication info provided) of + the other side. The +-.B --key-method ++.B \-\-key-method + parameter has no effect on this process. + + (2) After the TLS connection is established, the tunnel session keys are + separately negotiated over the existing secure TLS channel. Here, +-.B --key-method ++.B \-\-key-method + determines the derivation of the tunnel session keys. + .\"********************************************************* + .TP +-.B --tls-cipher l ++.B \-\-tls-cipher l + A list + .B l + of allowable TLS ciphers delimited by a colon (":"). +@@ -3913,11 +3913,11 @@ + to force two peers to negotiate to the lowest level + of security they both support. + Use +-.B --show-tls ++.B \-\-show-tls + to see a list of supported TLS ciphers. + .\"********************************************************* + .TP +-.B --tls-timeout n ++.B \-\-tls-timeout n + Packet retransmit timeout on TLS control channel + if no acknowledgment from remote within + .B n +@@ -3934,7 +3934,7 @@ + such as TCP expect this role to be left to them. + .\"********************************************************* + .TP +-.B --reneg-bytes n ++.B \-\-reneg-bytes n + Renegotiate data channel key after + .B n + bytes sent or received (disabled by default). +@@ -3944,13 +3944,13 @@ + if any of these three criteria are met by either peer. + .\"********************************************************* + .TP +-.B --reneg-pkts n ++.B \-\-reneg-pkts n + Renegotiate data channel key after + .B n + packets sent and received (disabled by default). + .\"********************************************************* + .TP +-.B --reneg-sec n ++.B \-\-reneg-sec n + Renegotiate data channel key after + .B n + seconds (default=3600). +@@ -3961,16 +3961,16 @@ + Also, keep in mind that this option can be used on both the client and server, + and whichever uses the lower value will be the one to trigger the renegotiation. + A common mistake is to set +-.B --reneg-sec ++.B \-\-reneg-sec + to a higher value on either the client or server, while the other side of the connection + is still using the default value of 3600 seconds, meaning that the renegotiation will +-still occur once per 3600 seconds. The solution is to increase --reneg-sec on both the ++still occur once per 3600 seconds. The solution is to increase \-\-reneg-sec on both the + client and server, or set it to 0 on one side of the connection (to disable), and to + your chosen value on the other side. + .\"********************************************************* + .TP +-.B --hand-window n +-Handshake Window -- the TLS-based key exchange must finalize within ++.B \-\-hand-window n ++Handshake Window \-\- the TLS-based key exchange must finalize within + .B n + seconds + of handshake initiation by any peer (default = 60 seconds). +@@ -3978,47 +3978,47 @@ + we will attempt to reset our connection with our peer and try again. + Even in the event of handshake failure we will still use + our expiring key for up to +-.B --tran-window ++.B \-\-tran-window + seconds to maintain continuity of transmission of tunnel + data. + .\"********************************************************* + .TP +-.B --tran-window n +-Transition window -- our old key can live this many seconds ++.B \-\-tran-window n ++Transition window \-\- our old key can live this many seconds + after a new a key renegotiation begins (default = 3600 seconds). + This feature allows for a graceful transition from old to new + key, and removes the key renegotiation sequence from the critical + path of tunnel data forwarding. + .\"********************************************************* + .TP +-.B --single-session ++.B \-\-single-session + After initially connecting to a remote peer, disallow any new connections. + Using this + option means that a remote peer cannot connect, disconnect, and then + reconnect. + + If the daemon is reset by a signal or +-.B --ping-restart, ++.B \-\-ping-restart, + it will allow one new connection. + +-.B --single-session ++.B \-\-single-session + can be used with +-.B --ping-exit ++.B \-\-ping-exit + or +-.B --inactive ++.B \-\-inactive + to create a single dynamic session that will exit when finished. + .\"********************************************************* + .TP +-.B --tls-exit ++.B \-\-tls-exit + Exit on TLS negotiation failure. + .\"********************************************************* + .TP +-.B --tls-auth file [direction] ++.B \-\-tls-auth file [direction] + Add an additional layer of HMAC authentication on top of the TLS + control channel to protect against DoS attacks. + + In a nutshell, +-.B --tls-auth ++.B \-\-tls-auth + enables a kind of "HMAC firewall" on OpenVPN's TCP/UDP port, + where TLS control channel packets + bearing an incorrect HMAC signature can be dropped immediately without +@@ -4029,7 +4029,7 @@ + + .B (1) + An OpenVPN static key file generated by +-.B --genkey ++.B \-\-genkey + (required if + .B direction + parameter is used). +@@ -4047,19 +4047,19 @@ + a static key file, format (2) will be used. + + See the +-.B --secret ++.B \-\-secret + option for more information on the optional + .B direction + parameter. + +-.B --tls-auth ++.B \-\-tls-auth + is recommended when you are running OpenVPN in a mode where + it is listening for packets from any IP address, such as when +-.B --remote ++.B \-\-remote + is not specified, or +-.B --remote ++.B \-\-remote + is specified with +-.B --float. ++.B \-\-float. + + The rationale for + this feature is as follows. TLS requires a multi-packet exchange +@@ -4086,7 +4086,7 @@ + minimize the amount of resources a potential, but as yet unauthenticated, + client is able to consume. + +-.B --tls-auth ++.B \-\-tls-auth + does this by signing every TLS control channel packet with an HMAC signature, + including packets which are sent before the TLS level has had a chance + to authenticate the peer. +@@ -4094,20 +4094,20 @@ + the correct signature can be dropped immediately upon reception, + before they have a chance to consume additional system resources + such as by initiating a TLS handshake. +-.B --tls-auth ++.B \-\-tls-auth + can be strengthened by adding the +-.B --replay-persist ++.B \-\-replay-persist + option which will keep OpenVPN's replay protection state + in a file so that it is not lost across restarts. + + It should be emphasized that this feature is optional and that the + passphrase/key file used with +-.B --tls-auth ++.B \-\-tls-auth + gives a peer nothing more than the power to initiate a TLS + handshake. It is not used to encrypt or authenticate any tunnel data. + .\"********************************************************* + .TP +-.B --askpass [file] ++.B \-\-askpass [file] + Get certificate password from console or + .B file + before we daemonize. +@@ -4116,7 +4116,7 @@ + security conscious, it is possible to protect your private key with + a password. Of course this means that every time the OpenVPN + daemon is started you must be there to type the password. The +-.B --askpass ++.B \-\-askpass + option allows you to start OpenVPN from the command line. It will + query you for a password before it daemonizes. To protect a private + key with a password you should omit the +@@ -4133,15 +4133,15 @@ + to a certain extent invalidates the extra security provided by + using an encrypted key (Note: OpenVPN + will only read passwords from a file if it has been built +-with the --enable-password-save configure option, or on Windows ++with the \-\-enable-password-save configure option, or on Windows + by defining ENABLE_PASSWORD_SAVE in config-win32.h). + .\"********************************************************* + .TP +-.B --auth-nocache ++.B \-\-auth-nocache + Don't cache +-.B --askpass ++.B \-\-askpass + or +-.B --auth-user-pass ++.B \-\-auth-user-pass + username/passwords in virtual memory. + + If specified, this directive will cause OpenVPN to immediately +@@ -4151,19 +4151,19 @@ + OpenVPN session. + + This directive does not affect the +-.B --http-proxy ++.B \-\-http-proxy + username/password. It is always cached. + .\"********************************************************* + .TP +-.B --tls-verify cmd ++.B \-\-tls-verify cmd + Execute shell command + .B cmd + to verify the X509 name of a + pending TLS connection that has otherwise passed all other + tests of certification (except for revocation via +-.B --crl-verify ++.B \-\-crl-verify + directive; the revocation test occurs after the +-.B --tls-verify ++.B \-\-tls-verify + test). + + .B cmd +@@ -4196,7 +4196,7 @@ + to build a command line which will be passed to the script. + .\"********************************************************* + .TP +-.B --tls-remote name ++.B \-\-tls-remote name + Accept connections only from a host with X509 name + or common name equal to + .B name. +@@ -4206,24 +4206,24 @@ + Name can also be a common name prefix, for example if you + want a client to only accept connections to "Server-1", + "Server-2", etc., you can simply use +-.B --tls-remote Server ++.B \-\-tls-remote Server + + Using a common name prefix is a useful alternative to managing + a CRL (Certificate Revocation List) on the client, since it allows the client + to refuse all certificates except for those associated + with designated servers. + +-.B --tls-remote ++.B \-\-tls-remote + is a useful replacement for the +-.B --tls-verify ++.B \-\-tls-verify + option to verify the remote host, because +-.B --tls-remote ++.B \-\-tls-remote + works in a +-.B --chroot ++.B \-\-chroot + environment too. + .\"********************************************************* + .TP +-.B --ns-cert-type client|server ++.B \-\-ns-cert-type client|server + Require that peer certificate was signed with an explicit + .B nsCertType + designation of "client" or "server". +@@ -4238,19 +4238,19 @@ + + If the server certificate's nsCertType field is set + to "server", then the clients can verify this with +-.B --ns-cert-type server. ++.B \-\-ns-cert-type server. + + This is an important security precaution to protect against + a man-in-the-middle attack where an authorized client + attempts to connect to another client by impersonating the server. + The attack is easily prevented by having clients verify + the server certificate using any one of +-.B --ns-cert-type, --tls-remote, ++.B \-\-ns-cert-type, \-\-tls-remote, + or +-.B --tls-verify. ++.B \-\-tls-verify. + .\"********************************************************* + .TP +-.B --remote-cert-ku v... ++.B \-\-remote-cert-ku v... + Require that peer certificate was signed with an explicit + .B key usage. + +@@ -4261,7 +4261,7 @@ + usage can be specified. + .\"********************************************************* + .TP +-.B --remote-cert-eku oid ++.B \-\-remote-cert-eku oid + Require that peer certificate was signed with an explicit + .B extended key usage. + +@@ -4272,7 +4272,7 @@ + OpenSSL symbolic representation. + .\"********************************************************* + .TP +-.B --remote-cert-tls client|server ++.B \-\-remote-cert-tls client|server + Require that peer certificate was signed with an explicit + .B key usage + and +@@ -4283,18 +4283,18 @@ + the host they connect to is a designated server. + + The +-.B --remote-cert-tls client ++.B \-\-remote-cert-tls client + option is equivalent to + .B +---remote-cert-ku 80 08 88 --remote-cert-eku "TLS Web Client Authentication" ++\-\-remote-cert-ku 80 08 88 \-\-remote-cert-eku "TLS Web Client Authentication" + + The key usage is digitalSignature and/or keyAgreement. + + The +-.B --remote-cert-tls server ++.B \-\-remote-cert-tls server + option is equivalent to + .B +---remote-cert-ku a0 88 --remote-cert-eku "TLS Web Server Authentication" ++\-\-remote-cert-ku a0 88 \-\-remote-cert-eku "TLS Web Server Authentication" + + The key usage is digitalSignature and ( keyEncipherment or keyAgreement ). + +@@ -4303,12 +4303,12 @@ + attempts to connect to another client by impersonating the server. + The attack is easily prevented by having clients verify + the server certificate using any one of +-.B --remote-cert-tls, --tls-remote, ++.B \-\-remote-cert-tls, \-\-tls-remote, + or +-.B --tls-verify. ++.B \-\-tls-verify. + .\"********************************************************* + .TP +-.B --crl-verify crl ++.B \-\-crl-verify crl + Check peer certificate against the file + .B crl + in PEM format. +@@ -4328,28 +4328,28 @@ + .SS SSL Library information: + .\"********************************************************* + .TP +-.B --show-ciphers ++.B \-\-show-ciphers + (Standalone) + Show all cipher algorithms to use with the +-.B --cipher ++.B \-\-cipher + option. + .\"********************************************************* + .TP +-.B --show-digests ++.B \-\-show-digests + (Standalone) + Show all message digest algorithms to use with the +-.B --auth ++.B \-\-auth + option. + .\"********************************************************* + .TP +-.B --show-tls ++.B \-\-show-tls + (Standalone) + Show all TLS ciphers (TLS used only as a control channel). The TLS + ciphers will be sorted from highest preference (most secure) to + lowest. + .\"********************************************************* + .TP +-.B --show-engines ++.B \-\-show-engines + (Standalone) + Show currently available hardware-based crypto acceleration + engines supported by the OpenSSL library. +@@ -4358,18 +4358,18 @@ + Used only for non-TLS static key encryption mode. + .\"********************************************************* + .TP +-.B --genkey ++.B \-\-genkey + (Standalone) + Generate a random key to be used as a shared secret, + for use with the +-.B --secret ++.B \-\-secret + option. This file must be shared with the + peer over a pre-existing secure channel such as + .BR scp (1) + . + .\"********************************************************* + .TP +-.B --secret file ++.B \-\-secret file + Write key to + .B file. + .\"********************************************************* +@@ -4378,7 +4378,7 @@ + of OpenVPN which can be used to create and delete persistent tunnels. + .\"********************************************************* + .TP +-.B --mktun ++.B \-\-mktun + (Standalone) + Create a persistent tunnel on platforms which support them such + as Linux. Normally TUN/TAP tunnels exist only for +@@ -4389,9 +4389,9 @@ + + One of the advantages of persistent tunnels is that they eliminate the + need for separate +-.B --up ++.B \-\-up + and +-.B --down ++.B \-\-down + scripts to run the appropriate + .BR ifconfig (8) + and +@@ -4403,40 +4403,40 @@ + will not be reset if the OpenVPN peer restarts. This can be useful to + provide uninterrupted connectivity through the tunnel in the event of a DHCP + reset of the peer's public IP address (see the +-.B --ipchange ++.B \-\-ipchange + option above). + + One disadvantage of persistent tunnels is that it is harder to automatically + configure their MTU value (see +-.B --link-mtu ++.B \-\-link-mtu + and +-.B --tun-mtu ++.B \-\-tun-mtu + above). + + On some platforms such as Windows, TAP-Win32 tunnels are persistent by + default. + .\"********************************************************* + .TP +-.B --rmtun ++.B \-\-rmtun + (Standalone) + Remove a persistent tunnel. + .\"********************************************************* + .TP +-.B --dev tunX | tapX ++.B \-\-dev tunX | tapX + TUN/TAP device + .\"********************************************************* + .TP +-.B --user user ++.B \-\-user user + Optional user to be owner of this tunnel. + .\"********************************************************* + .TP +-.B --group group ++.B \-\-group group + Optional group to be owner of this tunnel. + .\"********************************************************* + .SS Windows-Specific Options: + .\"********************************************************* + .TP +-.B --win-sys path|'env' ++.B \-\-win-sys path|'env' + Set the Windows system directory pathname to use when looking for system + executables such as + .B route.exe +@@ -4452,14 +4452,14 @@ + environmental variable. + .\"********************************************************* + .TP +-.B --ip-win32 method ++.B \-\-ip-win32 method + When using +-.B --ifconfig ++.B \-\-ifconfig + on Windows, set the TAP-Win32 adapter + IP address and netmask using + .B method. + Don't use this option unless you are also using +-.B --ifconfig. ++.B \-\-ifconfig. + + .B manual -- + Don't set the IP address or netmask automatically. +@@ -4478,13 +4478,13 @@ + adapter must be set to "Obtain an IP address automatically," and + (2) OpenVPN needs to claim an IP address in the subnet for use + as the virtual DHCP server address. By default in +-.B --dev tap ++.B \-\-dev tap + mode, OpenVPN will + take the normally unused first address in the subnet. For example, + if your subnet is 192.168.4.0 netmask 255.255.255.0, then + OpenVPN will take the IP address 192.168.4.0 to use as the + virtual DHCP server address. In +-.B --dev tun ++.B \-\-dev tun + mode, OpenVPN will cause the DHCP server to masquerade as if it were + coming from the remote endpoint. The optional offset parameter is + an integer which is > -256 and < 256 and which defaults to 0. +@@ -4506,13 +4506,13 @@ + being lost when the system goes to sleep. The default + lease time is one year. + +-.B netsh -- ++.B netsh \-\- + Automatically set the IP address and netmask using + the Windows command-line "netsh" + command. This method appears to work correctly on + Windows XP but not Windows 2000. + +-.B ipapi -- ++.B ipapi \-\- + Automatically set the IP address and netmask using the + Windows IP Helper API. This approach + does not have ideal semantics, though testing has indicated +@@ -4521,7 +4521,7 @@ + adapter in their default state, i.e. "Obtain an IP address + automatically." + +-.B adaptive -- ++.B adaptive \-\- + (Default) Try + .B dynamic + method initially and fail over to +@@ -4551,55 +4551,55 @@ + to a DHCP configuration. + .\"********************************************************* + .TP +-.B --route-method m ++.B \-\-route-method m + Which method + .B m + to use for adding routes on Windows? + + .B adaptive +-(default) -- Try IP helper API first. If that fails, fall ++(default) \-\- Try IP helper API first. If that fails, fall + back to the route.exe shell command. + .br + .B ipapi +--- Use IP helper API. ++\-\- Use IP helper API. + .br + .B exe +--- Call the route.exe shell command. ++\-\- Call the route.exe shell command. + .\"********************************************************* + .TP +-.B --dhcp-option type [parm] ++.B \-\-dhcp-option type [parm] + Set extended TAP-Win32 TCP/IP properties, must + be used with +-.B --ip-win32 dynamic ++.B \-\-ip-win32 dynamic + or +-.B --ip-win32 adaptive. ++.B \-\-ip-win32 adaptive. + This option can be used to set additional TCP/IP properties + on the TAP-Win32 adapter, and is particularly useful for + configuring an OpenVPN client to access a Samba server + across the VPN. + +-.B DOMAIN name -- ++.B DOMAIN name \-\- + Set Connection-specific DNS Suffix. + +-.B DNS addr -- ++.B DNS addr \-\- + Set primary domain name server address. Repeat + this option to set secondary DNS server addresses. + +-.B WINS addr -- ++.B WINS addr \-\- + Set primary WINS server address (NetBIOS over TCP/IP Name Server). + Repeat this option to set secondary WINS server addresses. + +-.B NBDD addr -- ++.B NBDD addr \-\- + Set primary NBDD server address (NetBIOS over TCP/IP Datagram Distribution Server) + Repeat this option + to set secondary NBDD server addresses. + +-.B NTP addr -- ++.B NTP addr \-\- + Set primary NTP server address (Network Time Protocol). + Repeat this option + to set secondary NTP server addresses. + +-.B NBT type -- ++.B NBT type \-\- + Set NetBIOS over TCP/IP Node type. Possible options: + .B 1 + = b-node (broadcasts), +@@ -4612,7 +4612,7 @@ + .B 8 + = h-node (query name server, then broadcast). + +-.B NBS scope-id -- ++.B NBS scope-id \-\- + Set NetBIOS over TCP/IP Scope. A NetBIOS Scope ID provides an extended + naming service for the NetBIOS over TCP/IP (Known as NBT) module. The + primary purpose of a NetBIOS scope ID is to isolate NetBIOS traffic on +@@ -4624,19 +4624,19 @@ + scope IDs. The Scope ID becomes a part of the NetBIOS name, making the name unique. + (This description of NetBIOS scopes courtesy of NeonSurge@abyss.com) + +-.B DISABLE-NBT -- ++.B DISABLE-NBT \-\- + Disable Netbios-over-TCP/IP. + + Note that if +-.B --dhcp-option ++.B \-\-dhcp-option + is pushed via +-.B --push ++.B \-\-push + to a non-windows client, the option will be saved in the client's + environment before the up script is called, under + the name "foreign_option_{n}". + .\"********************************************************* + .TP +-.B --tap-sleep n ++.B \-\-tap-sleep n + Cause OpenVPN to sleep for + .B n + seconds immediately after the TAP-Win32 adapter state +@@ -4644,21 +4644,21 @@ + + This option is intended to be used to troubleshoot problems + with the +-.B --ifconfig ++.B \-\-ifconfig + and +-.B --ip-win32 ++.B \-\-ip-win32 + options, and is used to give + the TAP-Win32 adapter time to come up before + Windows IP Helper API operations are applied to it. + .\"********************************************************* + .TP +-.B --show-net-up ++.B \-\-show-net-up + Output OpenVPN's view of the system routing table and network + adapter list to the syslog or log file after the TUN/TAP adapter + has been brought up and any routes have been added. + .\"********************************************************* + .TP +-.B --dhcp-renew ++.B \-\-dhcp-renew + Ask Windows to renew the TAP adapter lease on startup. + This option is normally unnecessary, as Windows automatically + triggers a DHCP renegotiation on the TAP adapter when it +@@ -4667,21 +4667,21 @@ + flag. + .\"********************************************************* + .TP +-.B --dhcp-release ++.B \-\-dhcp-release + Ask Windows to release the TAP adapter lease on shutdown. + This option has the same caveats as +-.B --dhcp-renew ++.B \-\-dhcp-renew + above. + .\"********************************************************* + .TP +-.B --pause-exit ++.B \-\-pause-exit + Put up a "press any key to continue" message on the console prior + to OpenVPN program exit. This option is automatically used by the + Windows explorer when OpenVPN is run on a configuration + file using the right-click explorer menu. + .\"********************************************************* + .TP +-.B --service exit-event [0|1] ++.B \-\-service exit-event [0|1] + Should be used when OpenVPN is being automatically executed by another + program in such + a context that no interaction with the user via display or keyboard +@@ -4704,26 +4704,26 @@ + causing all such OpenVPN processes to exit. + + When executing an OpenVPN process using the +-.B --service ++.B \-\-service + directive, OpenVPN will probably not have a console + window to output status/error + messages, therefore it is useful to use +-.B --log ++.B \-\-log + or +-.B --log-append ++.B \-\-log-append + to write these messages to a file. + .\"********************************************************* + .TP +-.B --show-adapters ++.B \-\-show-adapters + (Standalone) + Show available TAP-Win32 adapters which can be selected using the +-.B --dev-node ++.B \-\-dev-node + option. On non-Windows systems, the + .BR ifconfig (8) + command provides similar functionality. + .\"********************************************************* + .TP +-.B --allow-nonadmin [TAP-adapter] ++.B \-\-allow-nonadmin [TAP-adapter] + (Standalone) + Set + .B TAP-adapter +@@ -4738,10 +4738,10 @@ + This directive can only be used by an administrator. + .\"********************************************************* + .TP +-.B --show-valid-subnets ++.B \-\-show-valid-subnets + (Standalone) + Show valid subnets for +-.B --dev tun ++.B \-\-dev tun + emulation. Since the TAP-Win32 driver + exports an ethernet interface to Windows, and since TUN devices are + point-to-point in nature, it is necessary for the TAP-Win32 driver +@@ -4751,7 +4751,7 @@ + must be the middle two addresses of a /30 subnet (netmask 255.255.255.252). + .\"********************************************************* + .TP +-.B --show-net ++.B \-\-show-net + (Standalone) + Show OpenVPN's view of the system routing table and network + adapter list. +@@ -4759,12 +4759,12 @@ + .SS PKCS#11 Standalone Options: + .\"********************************************************* + .TP +-.B --show-pkcs11-ids provider [cert_private] ++.B \-\-show-pkcs11-ids provider [cert_private] + (Standalone) + Show PKCS#11 token object list. Specify cert_private as 1 + if certificates are stored as private objects. + +-.B --verb ++.B \-\-verb + option can be used BEFORE this option to produce debugging information. + .\"********************************************************* + .SH SCRIPTING AND ENVIRONMENTAL VARIABLES +@@ -4774,52 +4774,52 @@ + .SS Script Order of Execution + .\"********************************************************* + .TP +-.B --up ++.B \-\-up + Executed after TCP/UDP socket bind and TUN/TAP open. + .\"********************************************************* + .TP +-.B --tls-verify ++.B \-\-tls-verify + Executed when we have a still untrusted remote peer. + .\"********************************************************* + .TP +-.B --ipchange ++.B \-\-ipchange + Executed after connection authentication, or remote IP address change. + .\"********************************************************* + .TP +-.B --client-connect ++.B \-\-client-connect + Executed in +-.B --mode server ++.B \-\-mode server + mode immediately after client authentication. + .\"********************************************************* + .TP +-.B --route-up ++.B \-\-route-up + Executed after connection authentication, either + immediately after, or some number of seconds after + as defined by the +-.B --route-delay ++.B \-\-route-delay + option. + .\"********************************************************* + .TP +-.B --client-disconnect ++.B \-\-client-disconnect + Executed in +-.B --mode server ++.B \-\-mode server + mode on client instance shutdown. + .\"********************************************************* + .TP +-.B --down ++.B \-\-down + Executed after TCP/UDP and TUN/TAP close. + .\"********************************************************* + .TP +-.B --learn-address ++.B \-\-learn-address + Executed in +-.B --mode server ++.B \-\-mode server + mode whenever an IPv4 address/route or MAC address is added to OpenVPN's + internal routing table. + .\"********************************************************* + .TP +-.B --auth-user-pass-verify ++.B \-\-auth-user-pass-verify + Executed in +-.B --mode server ++.B \-\-mode server + mode on new client connections, when the client is + still untrusted. + .\"********************************************************* +@@ -4843,7 +4843,7 @@ + + .B A: + Yes, by using the +-.B --no-name-remapping ++.B \-\-no-name-remapping + option, however this should be considered an advanced option. + + Here is a brief rundown of OpenVPN's current string types and the +@@ -4859,17 +4859,17 @@ + Alphanumeric, underbar ('_'), dash ('-'), dot ('.'), and at + ('@'). + +-.B --auth-user-pass username: ++.B \-\-auth-user-pass username: + Same as Common Name, with one exception: starting with OpenVPN 2.0.1, + the username is passed to the OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY plugin in its raw form, + without string remapping. + +-.B --auth-user-pass password: ++.B \-\-auth-user-pass password: + Any "printable" character except CR or LF. + Printable is defined to be a character which will cause the C library + isprint() function to return true. + +-.B --client-config-dir filename as derived from common name or username: ++.B \-\-client-config-dir filename as derived from common name or username: + Alphanumeric, underbar ('_'), dash ('-'), and dot ('.') except for "." or + ".." as standalone strings. As of 2.0.1-rc6, the at ('@') character has + been added as well for compatibility with the common name character class. +@@ -4899,45 +4899,45 @@ + .B bytes_received + Total number of bytes received from client during VPN session. + Set prior to execution of the +-.B --client-disconnect ++.B \-\-client-disconnect + script. + .\"********************************************************* + .TP + .B bytes_sent + Total number of bytes sent to client during VPN session. + Set prior to execution of the +-.B --client-disconnect ++.B \-\-client-disconnect + script. + .\"********************************************************* + .TP + .B common_name + The X509 common name of an authenticated client. + Set prior to execution of +-.B --client-connect, --client-disconnect, ++.B \-\-client-connect, \-\-client-disconnect, + and +-.B --auth-user-pass-verify ++.B \-\-auth-user-pass-verify + scripts. + .\"********************************************************* + .TP + .B config + Name of first +-.B --config ++.B \-\-config + file. + Set on program initiation and reset on SIGHUP. + .\"********************************************************* + .TP + .B daemon + Set to "1" if the +-.B --daemon ++.B \-\-daemon + directive is specified, or "0" otherwise. + Set on program initiation and reset on SIGHUP. + .\"********************************************************* + .TP + .B daemon_log_redirect + Set to "1" if the +-.B --log ++.B \-\-log + or +-.B --log-append ++.B \-\-log-append + directives are specified, or "0" otherwise. + Set on program initiation and reset on SIGHUP. + .\"********************************************************* +@@ -4946,30 +4946,30 @@ + The actual name of the TUN/TAP device, including + a unit number if it exists. + Set prior to +-.B --up ++.B \-\-up + or +-.B --down ++.B \-\-down + script execution. + .\"********************************************************* + .TP + .B foreign_option_{n} + An option pushed via +-.B --push ++.B \-\-push + to a client which does not natively support it, + such as +-.B --dhcp-option ++.B \-\-dhcp-option + on a non-Windows system, will be recorded to this + environmental variable sequence prior to +-.B --up ++.B \-\-up + script execution. + .\"********************************************************* + .TP + .B ifconfig_broadcast + The broadcast address for the virtual + ethernet segment which is derived from the +-.B --ifconfig ++.B \-\-ifconfig + option when +-.B --dev tap ++.B \-\-dev tap + is used. + Set prior to OpenVPN calling the + .I ifconfig +@@ -4977,13 +4977,13 @@ + .I netsh + (windows version of ifconfig) commands which + normally occurs prior to +-.B --up ++.B \-\-up + script execution. + .\"********************************************************* + .TP + .B ifconfig_local + The local VPN endpoint IP address specified in the +-.B --ifconfig ++.B \-\-ifconfig + option (first parameter). + Set prior to OpenVPN calling the + .I ifconfig +@@ -4991,15 +4991,15 @@ + .I netsh + (windows version of ifconfig) commands which + normally occurs prior to +-.B --up ++.B \-\-up + script execution. + .\"********************************************************* + .TP + .B ifconfig_remote + The remote VPN endpoint IP address specified in the +-.B --ifconfig ++.B \-\-ifconfig + option (second parameter) when +-.B --dev tun ++.B \-\-dev tun + is used. + Set prior to OpenVPN calling the + .I ifconfig +@@ -5007,16 +5007,16 @@ + .I netsh + (windows version of ifconfig) commands which + normally occurs prior to +-.B --up ++.B \-\-up + script execution. + .\"********************************************************* + .TP + .B ifconfig_netmask + The subnet mask of the virtual ethernet segment + that is specified as the second parameter to +-.B --ifconfig ++.B \-\-ifconfig + when +-.B --dev tap ++.B \-\-dev tap + is being used. + Set prior to OpenVPN calling the + .I ifconfig +@@ -5024,61 +5024,61 @@ + .I netsh + (windows version of ifconfig) commands which + normally occurs prior to +-.B --up ++.B \-\-up + script execution. + .\"********************************************************* + .TP + .B ifconfig_pool_local_ip + The local + virtual IP address for the TUN/TAP tunnel taken from an +-.B --ifconfig-push ++.B \-\-ifconfig-push + directive if specified, or otherwise from + the ifconfig pool (controlled by the +-.B --ifconfig-pool ++.B \-\-ifconfig-pool + config file directive). + Only set for +-.B --dev tun ++.B \-\-dev tun + tunnels. + This option is set on the server prior to execution + of the +-.B --client-connect ++.B \-\-client-connect + and +-.B --client-disconnect ++.B \-\-client-disconnect + scripts. + .\"********************************************************* + .TP + .B ifconfig_pool_netmask + The + virtual IP netmask for the TUN/TAP tunnel taken from an +-.B --ifconfig-push ++.B \-\-ifconfig-push + directive if specified, or otherwise from + the ifconfig pool (controlled by the +-.B --ifconfig-pool ++.B \-\-ifconfig-pool + config file directive). + Only set for +-.B --dev tap ++.B \-\-dev tap + tunnels. + This option is set on the server prior to execution + of the +-.B --client-connect ++.B \-\-client-connect + and +-.B --client-disconnect ++.B \-\-client-disconnect + scripts. + .\"********************************************************* + .TP + .B ifconfig_pool_remote_ip + The remote + virtual IP address for the TUN/TAP tunnel taken from an +-.B --ifconfig-push ++.B \-\-ifconfig-push + directive if specified, or otherwise from + the ifconfig pool (controlled by the +-.B --ifconfig-pool ++.B \-\-ifconfig-pool + config file directive). + This option is set on the server prior to execution + of the +-.B --client-connect ++.B \-\-client-connect + and +-.B --client-disconnect ++.B \-\-client-disconnect + scripts. + .\"********************************************************* + .TP +@@ -5086,31 +5086,31 @@ + The maximum packet size (not including the IP header) + of tunnel data in UDP tunnel transport mode. + Set prior to +-.B --up ++.B \-\-up + or +-.B --down ++.B \-\-down + script execution. + .\"********************************************************* + .TP + .B local + The +-.B --local ++.B \-\-local + parameter. + Set on program initiation and reset on SIGHUP. + .\"********************************************************* + .TP + .B local_port + The local port number, specified by +-.B --port ++.B \-\-port + or +-.B --lport. ++.B \-\-lport. + Set on program initiation and reset on SIGHUP. + .\"********************************************************* + .TP + .B password + The password provided by a connecting client. + Set prior to +-.B --auth-user-pass-verify ++.B \-\-auth-user-pass-verify + script execution only when the + .B via-env + modifier is specified, and deleted from the environment +@@ -5119,23 +5119,23 @@ + .TP + .B proto + The +-.B --proto ++.B \-\-proto + parameter. + Set on program initiation and reset on SIGHUP. + .\"********************************************************* + .TP + .B remote_{n} + The +-.B --remote ++.B \-\-remote + parameter. + Set on program initiation and reset on SIGHUP. + .\"********************************************************* + .TP + .B remote_port_{n} + The remote port number, specified by +-.B --port ++.B \-\-port + or +-.B --rport. ++.B \-\-rport. + Set on program initiation and reset on SIGHUP. + .\"********************************************************* + .TP +@@ -5143,29 +5143,29 @@ + The pre-existing default IP gateway in the system routing + table. + Set prior to +-.B --up ++.B \-\-up + script execution. + .\"********************************************************* + .TP + .B route_vpn_gateway + The default gateway used by +-.B --route ++.B \-\-route + options, as specified in either the +-.B --route-gateway ++.B \-\-route-gateway + option or the second parameter to +-.B --ifconfig ++.B \-\-ifconfig + when +-.B --dev tun ++.B \-\-dev tun + is specified. + Set prior to +-.B --up ++.B \-\-up + script execution. + .\"********************************************************* + .TP + .B route_{parm}_{n} + A set of variables which define each route to be added, and + are set prior to +-.B --up ++.B \-\-up + script execution. + + .B parm +@@ -5184,7 +5184,7 @@ + Set to "init" or "restart" prior to up/down script execution. + For more information, see + documentation for +-.B --up. ++.B \-\-up. + .\"********************************************************* + .TP + .B script_type +@@ -5200,15 +5200,15 @@ + The reason for exit or restart. Can be one of + .B sigusr1, sighup, sigterm, sigint, inactive + (controlled by +-.B --inactive ++.B \-\-inactive + option), + .B ping-exit + (controlled by +-.B --ping-exit ++.B \-\-ping-exit + option), + .B ping-restart + (controlled by +-.B --ping-restart ++.B \-\-ping-restart + option), + .B connection-reset + (triggered on TCP connection reset), +@@ -5222,7 +5222,7 @@ + Client connection timestamp, formatted as a human-readable + time string. + Set prior to execution of the +-.B --client-connect ++.B \-\-client-connect + script. + .\"********************************************************* + .TP +@@ -5230,7 +5230,7 @@ + The duration (in seconds) of the client session which is now + disconnecting. + Set prior to execution of the +-.B --client-disconnect ++.B \-\-client-disconnect + script. + .\"********************************************************* + .TP +@@ -5238,7 +5238,7 @@ + Client connection timestamp, formatted as a unix integer + date/time value. + Set prior to execution of the +-.B --client-connect ++.B \-\-client-connect + script. + .\"********************************************************* + .TP +@@ -5248,7 +5248,7 @@ + .B n + is the verification level. Only set for TLS connections. Set prior + to execution of +-.B --tls-verify ++.B \-\-tls-verify + script. + .\"********************************************************* + .TP +@@ -5258,34 +5258,34 @@ + .B n + is the verification level. Only set for TLS connections. Set prior + to execution of +-.B --tls-verify ++.B \-\-tls-verify + script. + .\"********************************************************* + .TP + .B tun_mtu + The MTU of the TUN/TAP device. + Set prior to +-.B --up ++.B \-\-up + or +-.B --down ++.B \-\-down + script execution. + .\"********************************************************* + .TP + .B trusted_ip + Actual IP address of connecting client or peer which has been authenticated. + Set prior to execution of +-.B --ipchange, --client-connect, ++.B \-\-ipchange, \-\-client-connect, + and +-.B --client-disconnect ++.B \-\-client-disconnect + scripts. + .\"********************************************************* + .TP + .B trusted_port + Actual port number of connecting client or peer which has been authenticated. + Set prior to execution of +-.B --ipchange, --client-connect, ++.B \-\-ipchange, \-\-client-connect, + and +-.B --client-disconnect ++.B \-\-client-disconnect + scripts. + .\"********************************************************* + .TP +@@ -5294,12 +5294,12 @@ + yet. Sometimes used to + .B nmap + the connecting host in a +-.B --tls-verify ++.B \-\-tls-verify + script to ensure it is firewalled properly. + Set prior to execution of +-.B --tls-verify ++.B \-\-tls-verify + and +-.B --auth-user-pass-verify ++.B \-\-auth-user-pass-verify + scripts. + .\"********************************************************* + .TP +@@ -5307,16 +5307,16 @@ + Actual port number of connecting client or peer which has not been authenticated + yet. + Set prior to execution of +-.B --tls-verify ++.B \-\-tls-verify + and +-.B --auth-user-pass-verify ++.B \-\-auth-user-pass-verify + scripts. + .\"********************************************************* + .TP + .B username + The username provided by a connecting client. + Set prior to +-.B --auth-user-pass-verify ++.B \-\-auth-user-pass-verify + script execution only when the + .B via-env + modifier is specified. +@@ -5328,7 +5328,7 @@ + .B n + is the verification level. Only set for TLS connections. Set prior + to execution of +-.B --tls-verify ++.B \-\-tls-verify + script. This variable is similar to + .B tls_id_{n} + except the component X509 subject fields are broken out, and +@@ -5372,30 +5372,30 @@ + except don't re-read configuration file, and possibly don't close and reopen TUN/TAP + device, re-read key files, preserve local IP address/port, or preserve most recently authenticated + remote IP address/port based on +-.B --persist-tun, --persist-key, --persist-local-ip, ++.B \-\-persist-tun, \-\-persist-key, \-\-persist-local-ip, + and +-.B --persist-remote-ip ++.B \-\-persist-remote-ip + options respectively (see above). + + This signal may also be internally generated by a timeout condition, governed + by the +-.B --ping-restart ++.B \-\-ping-restart + option. + + This signal, when combined with +-.B --persist-remote-ip, ++.B \-\-persist-remote-ip, + may be + sent when the underlying parameters of the host's network interface change + such as when the host is a DHCP client and is assigned a new IP address. + See +-.B --ipchange ++.B \-\-ipchange + above for more information. + .\"********************************************************* + .TP + .B SIGUSR2 + Causes OpenVPN to display its current statistics (to the syslog + file if +-.B --daemon ++.B \-\-daemon + is used, or stdout otherwise). + .\"********************************************************* + .TP +@@ -5450,7 +5450,7 @@ + the two machines, they should be set to forward UDP port 1194 + in both directions. If you do not have control over the firewalls + between the two machines, you may still be able to use OpenVPN by adding +-.B --ping 15 ++.B \-\-ping 15 + to each of the + .B openvpn + commands used below in the examples (this will cause each peer to send out +@@ -5519,11 +5519,11 @@ + .LP + On may: + .IP +-.B openvpn --remote june.kg --dev tun1 --ifconfig 10.4.0.1 10.4.0.2 --verb 9 ++.B openvpn \-\-remote june.kg \-\-dev tun1 \-\-ifconfig 10.4.0.1 10.4.0.2 \-\-verb 9 + .LP + On june: + .IP +-.B openvpn --remote may.kg --dev tun1 --ifconfig 10.4.0.2 10.4.0.1 --verb 9 ++.B openvpn \-\-remote may.kg \-\-dev tun1 \-\-ifconfig 10.4.0.2 10.4.0.1 \-\-verb 9 + .LP + Now verify the tunnel is working by pinging across the tunnel. + .LP +@@ -5536,17 +5536,17 @@ + .B ping 10.4.0.1 + .LP + The +-.B --verb 9 ++.B \-\-verb 9 + option will produce verbose output, similar to the + .BR tcpdump (8) + program. Omit the +-.B --verb 9 ++.B \-\-verb 9 + option to have OpenVPN run quietly. + .\"********************************************************* + .SS Example 2: A tunnel with static-key security (i.e. using a pre-shared secret) + First build a static key on may. + .IP +-.B openvpn --genkey --secret key ++.B openvpn \-\-genkey \-\-secret key + .LP + This command will build a random key file called + .B key +@@ -5560,11 +5560,11 @@ + .LP + On may: + .IP +-.B openvpn --remote june.kg --dev tun1 --ifconfig 10.4.0.1 10.4.0.2 --verb 5 --secret key ++.B openvpn \-\-remote june.kg \-\-dev tun1 \-\-ifconfig 10.4.0.1 10.4.0.2 \-\-verb 5 \-\-secret key + .LP + On june: + .IP +-.B openvpn --remote may.kg --dev tun1 --ifconfig 10.4.0.2 10.4.0.1 --verb 5 --secret key ++.B openvpn \-\-remote may.kg \-\-dev tun1 \-\-ifconfig 10.4.0.2 10.4.0.1 \-\-verb 5 \-\-secret key + .LP + Now verify the tunnel is working by pinging across the tunnel. + .LP +@@ -5586,10 +5586,10 @@ + + First, build a separate certificate/key pair + for both may and june (see above where +-.B --cert ++.B \-\-cert + is discussed for more info). Then construct + Diffie Hellman parameters (see above where +-.B --dh ++.B \-\-dh + is discussed for more info). You can also use the + included test files client.crt, client.key, + server.crt, server.key and ca.crt. +@@ -5602,11 +5602,11 @@ + .LP + On may: + .IP +-.B openvpn --remote june.kg --dev tun1 --ifconfig 10.4.0.1 10.4.0.2 --tls-client --ca ca.crt --cert client.crt --key client.key --reneg-sec 60 --verb 5 ++.B openvpn \-\-remote june.kg \-\-dev tun1 \-\-ifconfig 10.4.0.1 10.4.0.2 \-\-tls-client \-\-ca ca.crt \-\-cert client.crt \-\-key client.key \-\-reneg-sec 60 \-\-verb 5 + .LP + On june: + .IP +-.B openvpn --remote may.kg --dev tun1 --ifconfig 10.4.0.2 10.4.0.1 --tls-server --dh dh1024.pem --ca ca.crt --cert server.crt --key server.key --reneg-sec 60 --verb 5 ++.B openvpn \-\-remote may.kg \-\-dev tun1 \-\-ifconfig 10.4.0.2 10.4.0.1 \-\-tls-server \-\-dh dh1024.pem \-\-ca ca.crt \-\-cert server.crt \-\-key server.key \-\-reneg-sec 60 \-\-verb 5 + .LP + Now verify the tunnel is working by pinging across the tunnel. + .LP +@@ -5619,16 +5619,16 @@ + .B ping 10.4.0.1 + .LP + Notice the +-.B --reneg-sec 60 ++.B \-\-reneg-sec 60 + option we used above. That tells OpenVPN to renegotiate + the data channel keys every minute. + Since we used +-.B --verb 5 ++.B \-\-verb 5 + above, you will see status information on each new key negotiation. + + For production operations, a key renegotiation interval of 60 seconds + is probably too frequent. Omit the +-.B --reneg-sec 60 ++.B \-\-reneg-sec 60 + option to use OpenVPN's default key renegotiation interval of one hour. + .\"********************************************************* + .SS Routing: +@@ -5664,7 +5664,7 @@ + + In a production environment, you could put the route command(s) + in a shell script and execute with the +-.B --up ++.B \-\-up + option. + .\"********************************************************* + .SH FIREWALLS +@@ -5672,7 +5672,7 @@ + You should add an entry to your firewall rules to allow incoming OpenVPN + packets. On Linux 2.4+: + .IP +-.B iptables -A INPUT -p udp -s 1.2.3.4 --dport 1194 -j ACCEPT ++.B iptables -A INPUT -p udp -s 1.2.3.4 \-\-dport 1194 -j ACCEPT + .LP + This will allow incoming packets on UDP port 1194 (OpenVPN's default UDP port) + from an OpenVPN peer at 1.2.3.4. +@@ -5683,7 +5683,7 @@ + is a much more secure method of verifying the authenticity of + a packet source. In that case: + .IP +-.B iptables -A INPUT -p udp --dport 1194 -j ACCEPT ++.B iptables -A INPUT -p udp \-\-dport 1194 -j ACCEPT + .LP + would be adequate and would not render the host inflexible with + respect to its peer having a dynamic IP address. +@@ -5692,7 +5692,7 @@ + not need to add any static rules to the firewall list if you are + using a stateful firewall that knows how to track UDP connections. + If you specify +-.B --ping n, ++.B \-\-ping n, + OpenVPN will be guaranteed + to send a packet to its peer at least once every + .B n --- openvpn-2.1~rc19.orig/debian/patches/attemping_typo +++ openvpn-2.1~rc19/debian/patches/attemping_typo @@ -0,0 +1,13 @@ +Index: openvpn-2.1_rc15/socket.c +=================================================================== +--- openvpn-2.1_rc15.orig/socket.c 2009-04-30 12:58:58.144489503 +0200 ++++ openvpn-2.1_rc15/socket.c 2009-04-30 12:59:10.443052073 +0200 +@@ -1840,7 +1840,7 @@ + + if (sb->len < 1 || sb->len > sb->maxlen) + { +- msg (M_WARN, "WARNING: Bad encapsulated packet length from peer (%d), which must be > 0 and <= %d -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attemping restart...]", sb->len, sb->maxlen); ++ msg (M_WARN, "WARNING: Bad encapsulated packet length from peer (%d), which must be > 0 and <= %d -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]", sb->len, sb->maxlen); + stream_buf_reset (sb); + sb->error = true; + return false; --- openvpn-2.1~rc19.orig/debian/patches/redirect-gateway.patch +++ openvpn-2.1~rc19/debian/patches/redirect-gateway.patch @@ -0,0 +1,17 @@ +Index: openvpn-2.1~rc19/options.c +=================================================================== +--- openvpn-2.1~rc19.orig/options.c 2009-10-13 09:30:40.000000000 +0200 ++++ openvpn-2.1~rc19/options.c 2009-10-13 09:30:51.000000000 +0200 +@@ -4398,10 +4398,10 @@ + int j; + VERIFY_PERMISSION (OPT_P_ROUTE); + rol_check_alloc (options); ++ if (streq (p[0], "redirect-gateway")) ++ options->routes->flags |= RG_REROUTE_GW; + for (j = 1; j < MAX_PARMS && p[j] != NULL; ++j) + { +- if (streq (p[0], "redirect-gateway")) +- options->routes->flags |= RG_REROUTE_GW; + if (streq (p[j], "local")) + options->routes->flags |= RG_LOCAL; + else if (streq (p[j], "autolocal")) --- openvpn-2.1~rc19.orig/debian/patches/openvpn-pkcs11warn.patch +++ openvpn-2.1~rc19/debian/patches/openvpn-pkcs11warn.patch @@ -0,0 +1,25 @@ +Index: openvpn-2.1_rc19/options.c +=================================================================== +--- openvpn-2.1_rc19.orig/options.c 2009-07-21 18:54:50.517436162 +0200 ++++ openvpn-2.1_rc19/options.c 2009-07-21 18:55:11.642531413 +0200 +@@ -5625,6 +5625,20 @@ + VERIFY_PERMISSION (OPT_P_GENERAL); + options->pkcs11_id_management = true; + } ++ else if (streq (p[0], "pkcs11-id-type") || ++ streq (p[0], "pkcs11-sign-mode") || ++ streq (p[0], "pkcs11-slot") || ++ streq (p[0], "pkcs11-slot-type") || ++ streq (p[0], "show-pkcs11-objects") || ++ streq (p[0], "show-pkcs11-slots")) ++ { ++ if (file) ++ msg (msglevel, "You are using an obsolete parameter in %s:%d: %s (%s).\nPlease see /usr/share/doc/openvpn/NEWS.Debian.gz for details.", ++ file, line, p[0], PACKAGE_VERSION); ++ else ++ msg (msglevel, "You are using an obsolete parameter: --%s (%s).\nPlease see /usr/share/doc/openvpn/NEWS.Debian.gz for details.", ++ p[0], PACKAGE_VERSION); ++ } + #endif + #ifdef TUNSETPERSIST + else if (streq (p[0], "rmtun")) --- openvpn-2.1~rc19.orig/debian/patches/remote_env.patch +++ openvpn-2.1~rc19/debian/patches/remote_env.patch @@ -0,0 +1,15 @@ +Index: openvpn-2.1_rc15/options.c +=================================================================== +--- openvpn-2.1_rc15.orig/options.c 2009-04-30 12:58:46.952616319 +0200 ++++ openvpn-2.1_rc15/options.c 2009-04-30 12:58:50.352666598 +0200 +@@ -769,8 +769,8 @@ + setenv_str_i (es, "proto", proto2ascii (e->proto, false), i); + setenv_str_i (es, "local", e->local, i); + setenv_int_i (es, "local_port", e->local_port, i); +- setenv_str_i (es, "remote", e->local, i); +- setenv_int_i (es, "remote_port", e->local_port, i); ++ setenv_str_i (es, "remote", e->remote, i); ++ setenv_int_i (es, "remote_port", e->remote_port, i); + + #ifdef ENABLE_HTTP_PROXY + if (e->http_proxy_options) --- openvpn-2.1~rc19.orig/debian/patches/auth-pam_libpam_so_filename.patch +++ openvpn-2.1~rc19/debian/patches/auth-pam_libpam_so_filename.patch @@ -0,0 +1,11 @@ +--- openvpn-2.1~rc7.orig/plugin/auth-pam/auth-pam.c ++++ openvpn-2.1~rc7/plugin/auth-pam/auth-pam.c +@@ -658,7 +658,7 @@ + struct user_pass up; + int command; + #if DLOPEN_PAM +- static const char pam_so[] = "libpam.so"; ++ static const char pam_so[] = "libpam.so.0"; + #endif + + /* --- openvpn-2.1~rc19.orig/debian/patches/debian_nogroup_for_sample_files.patch +++ openvpn-2.1~rc19/debian/patches/debian_nogroup_for_sample_files.patch @@ -0,0 +1,78 @@ +Index: openvpn-2.1_rc15/sample-config-files/server.conf +=================================================================== +--- openvpn-2.1_rc15.orig/sample-config-files/server.conf 2009-04-30 12:58:46.468752631 +0200 ++++ openvpn-2.1_rc15/sample-config-files/server.conf 2009-04-30 12:59:03.535984196 +0200 +@@ -260,7 +260,7 @@ + # You can uncomment this out on + # non-Windows systems. + ;user nobody +-;group nobody ++;group nogroup + + # The persist options will try to avoid + # accessing certain resources on restart +Index: openvpn-2.1_rc15/sample-config-files/tls-home.conf +=================================================================== +--- openvpn-2.1_rc15.orig/sample-config-files/tls-home.conf 2009-04-30 12:58:46.484747045 +0200 ++++ openvpn-2.1_rc15/sample-config-files/tls-home.conf 2009-04-30 12:59:03.536981682 +0200 +@@ -51,7 +51,7 @@ + # "nobody" after initialization + # for extra security. + ; user nobody +-; group nobody ++; group nogroup + + # If you built OpenVPN with + # LZO compression, uncomment +Index: openvpn-2.1_rc15/sample-config-files/static-home.conf +=================================================================== +--- openvpn-2.1_rc15.orig/sample-config-files/static-home.conf 2009-04-30 12:58:46.505740620 +0200 ++++ openvpn-2.1_rc15/sample-config-files/static-home.conf 2009-04-30 12:59:03.541035034 +0200 +@@ -40,7 +40,7 @@ + # "nobody" after initialization + # for extra security. + ; user nobody +-; group nobody ++; group nogroup + + # If you built OpenVPN with + # LZO compression, uncomment +Index: openvpn-2.1_rc15/sample-config-files/static-office.conf +=================================================================== +--- openvpn-2.1_rc15.orig/sample-config-files/static-office.conf 2009-04-30 12:58:46.528733358 +0200 ++++ openvpn-2.1_rc15/sample-config-files/static-office.conf 2009-04-30 12:59:03.549976933 +0200 +@@ -37,7 +37,7 @@ + # "nobody" after initialization + # for extra security. + ; user nobody +-; group nobody ++; group nogroup + + # If you built OpenVPN with + # LZO compression, uncomment +Index: openvpn-2.1_rc15/sample-config-files/client.conf +=================================================================== +--- openvpn-2.1_rc15.orig/sample-config-files/client.conf 2009-04-30 12:58:46.548728609 +0200 ++++ openvpn-2.1_rc15/sample-config-files/client.conf 2009-04-30 12:59:03.551976933 +0200 +@@ -59,7 +59,7 @@ + + # Downgrade privileges after initialization (non-Windows only) + ;user nobody +-;group nobody ++;group nogroup + + # Try to preserve some state across restarts. + persist-key +Index: openvpn-2.1_rc15/sample-config-files/tls-office.conf +=================================================================== +--- openvpn-2.1_rc15.orig/sample-config-files/tls-office.conf 2009-04-30 12:58:46.574722464 +0200 ++++ openvpn-2.1_rc15/sample-config-files/tls-office.conf 2009-04-30 12:59:03.553977212 +0200 +@@ -51,7 +51,7 @@ + # "nobody" after initialization + # for extra security. + ; user nobody +-; group nobody ++; group nogroup + + # If you built OpenVPN with + # LZO compression, uncomment --- openvpn-2.1~rc19.orig/debian/patches/debian_openssl_vulnkeys.patch +++ openvpn-2.1~rc19/debian/patches/debian_openssl_vulnkeys.patch @@ -0,0 +1,90 @@ +Index: openvpn-2.1_rc19/init.c +=================================================================== +--- openvpn-2.1_rc19.orig/init.c 2009-07-21 18:54:51.151257670 +0200 ++++ openvpn-2.1_rc19/init.c 2009-07-21 18:55:04.267592028 +0200 +@@ -1537,6 +1537,23 @@ + const struct options *options = &c->options; + ASSERT (options->shared_secret_file); + ++ /* CVE-2008-0166 (Debian weak key checks) */ ++ /* Only check if we can actually read the key file. Unless the file does not ++ * exist in the first place, this should never happen (since static keys do ++ * not work with multi-client mode), but we test it anyway to be on the safe ++ * side and avoid wrong -vulnkey alerts. */ ++ if (access (options->shared_secret_file, R_OK) == 0) ++ { ++ struct argv argv = argv_new (); ++ argv_printf (&argv, "/usr/sbin/openvpn-vulnkey -q %s", options->shared_secret_file); ++ argv_msg (M_INFO, &argv); ++ if (openvpn_execve (&argv, c->c2.es, 0) != 0) ++ { ++ msg (M_WARN, "******* WARNING *******: '%s' is a known vulnerable key. See 'man openvpn-vulnkey' for details.", options->shared_secret_file); ++ } ++ argv_reset (&argv); ++ } ++ + init_crypto_pre (c, flags); + + /* Initialize packet ID tracking */ +@@ -1622,6 +1639,7 @@ + do_init_crypto_tls_c1 (struct context *c) + { + const struct options *options = &c->options; ++ SSL *ssl; + + if (!c->c1.ks.ssl_ctx) + { +@@ -1661,6 +1679,53 @@ + /* Initialize PRNG with config-specified digest */ + prng_init (options->prng_hash, options->prng_nonce_secret_len); + ++ /* CVE-2008-0166 (Debian weak key checks) ++ * Obtain the modulus and bits from the certificate that was initialized, ++ * and send that to openssl-vulnkey. ++ */ ++ ssl = SSL_new(c->c1.ks.ssl_ctx); ++ if (ssl != NULL) ++ { ++ X509* cert = NULL; ++ char *bn; ++ int bits; ++ ++ cert = SSL_get_certificate(ssl); ++ if (cert != NULL) ++ { ++ EVP_PKEY *pkey = X509_get_pubkey (cert); ++ if (pkey != NULL) ++ { ++ if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL ++ && pkey->pkey.rsa->n != NULL) ++ { ++ bits = BN_num_bits(pkey->pkey.rsa->n); ++ bn = BN_bn2hex(pkey->pkey.rsa->n); ++ } ++ else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL ++ && pkey->pkey.dsa->p != NULL) ++ { ++ bits = BN_num_bits(pkey->pkey.dsa->p); ++ bn = BN_bn2hex(pkey->pkey.dsa->p); ++ } ++ if (bn != NULL) ++ { ++ struct argv argv = argv_new (); ++ argv_printf (&argv, "/usr/bin/openssl-vulnkey -q -b %d -m %s", bits, bn); ++ OPENSSL_free(bn); ++ msg (M_INFO, "/usr/bin/openssl-vulnkey -q -b %d -m ", bits); ++ if (openvpn_execve (&argv, NULL, 0) != 0) ++ { ++ msg (M_WARN, "******* WARNING *******: '%s' is a known vulnerable key. See 'man openvpn-vulnkey' for details.", options->shared_secret_file); ++ } ++ argv_reset (&argv); ++ } ++ EVP_PKEY_free (pkey); ++ } ++ } ++ SSL_free(ssl); ++ } ++ + /* TLS handshake authentication (--tls-auth) */ + if (options->tls_auth_file) + { --- openvpn-2.1~rc19.orig/debian/patches/series +++ openvpn-2.1~rc19/debian/patches/series @@ -0,0 +1,8 @@ +auth-pam_libpam_so_filename.patch +close_socket_before_scripts.patch +manpage_dash_escaping.patch +debian_nogroup_for_sample_files.patch +debian_openssl_vulnkeys.patch +attemping_typo +openvpn-pkcs11warn.patch +redirect-gateway.patch --- openvpn-2.1~rc19.orig/debian/po/da.po +++ openvpn-2.1~rc19/debian/po/da.po @@ -0,0 +1,186 @@ +# translation of openvpn_1.5.0-2-da.po to Danish +# translation of openvpn_1.5.0-2_templates.po to Danish +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +# Claus Hindsgaul , 2004, 2005. +# Claus Hindsgaul , 2006. +msgid "" +msgstr "" +"Project-Id-Version: openvpn_1.5.0-2-da\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2008-06-24 20:24+0200\n" +"PO-Revision-Date: 2006-07-04 13:40+0200\n" +"Last-Translator: Claus Hindsgaul \n" +"Language-Team: Danish\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.2\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "Vulnerable random number generator" +msgstr "" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"A weakness has been discovered in the random number generator used by " +"OpenSSL on Ubuntu and Debian systems. As a result of this weakness, certain " +"encryption keys are generated much more frequently than they should be, such " +"that an attacker could guess the key through a brute-force attack given " +"minimal knowledge of the system." +msgstr "" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"Any keys created on a vulnerable system may be affected by this problem. The " +"'openssl-vulnkey' command may be used as a partial test for RSA keys with " +"certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared secret keys. " +"Users are urged to verify their keys or simply regenerate any server or " +"client certificates and keys in use on the system." +msgstr "" + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "nsker du at starte openvpn tidligere?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Tidligere udgaver af openvpn startede samtidig med de fleste andre " +#~ "services. Det betyder at de fleste af disse services ikke kunne benytte " +#~ "openvpn, da den kunne vre utilgngelig nr de startede. Nyere versioner " +#~ "af openvpn-pakken vil starte tidligere (ved hjlp af en S16openvpn-lnke " +#~ "i rc[235].d i stedet for S20openvpn)" + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Hvis du accepterer her, vil pakkeopgraderingen udfre denne ndring for " +#~ "dig. Hvis du afviser, bliver intet ndret, og openvpn vil fungere " +#~ "njagtig som fr." + +#, fuzzy +#~| msgid "" +#~| "Unless you do your upgrades locally, it is advised NOT to stop openvpn " +#~| "before it gets upgraded. The installation process will restart it once " +#~| "it's done." +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "Medmindre du udfrer dine opgraderinger lokalt, anbefales det IKKE at " +#~ "stoppe openvpn fr den opgraderes. Installationsprocessen vil genstarte " +#~ "den s snart den er frdig." + +#, fuzzy +#~| msgid "This option will take effect in your next upgrade." +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Denne indstilling vil trde i kraft ved din nste opgradering." + +#~ msgid "Default port has changed" +#~ msgstr "Standard-portnummeret er ndret" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "OpenVPNs standardport er ndret fra 5000 til 1194 (tildelt af IANA). Hvis " +#~ "du ikke angiver hvilken port, der skal bruges i dine VPN'er, kan denne " +#~ "opgradering resultere i at de ikke vil fungere." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Vlg 'port 5000' hvis du vil beholde den gamle port-opstning, eller srg " +#~ "for at din brandmur er sat op s den nye standard-portopstning kan " +#~ "fungere." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "nsker du at stoppe openvpn senere?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Tidligere udgaver af openvpn stoppede samtidig med de fleste andre " +#~ "services. Det betyder at nogle af de services, der stoppede senere, ikke " +#~ "kunne benytte openvpn, da den kunne vre stoppet fr dem. Nyere versioner " +#~ "af openvpn-pakken vil stoppe servicen senere (ved hjlp af en K80openvpn-" +#~ "lnke i rc[06].d i stedet for K20openvpn)" + +#~ msgid "Would you like a TUN/TAP device to be created?" +#~ msgstr "nsker du at der skal oprettes en TUN/TAP-enhed?" + +#~ msgid "" +#~ "If you accept here, the package will make a special device called /dev/" +#~ "net/tun for openvpn's use. If you refuse, the device won't be made now. " +#~ "Read README.Debian for details on how to make it. If you are using devfs " +#~ "refuse here." +#~ msgstr "" +#~ "Hvis du accepterer her, vil pakke oprette en specialenhed kaldet /dev/net/" +#~ "tun til brug for openvpn. Hvis du afviser, vil enheden ikke blive oprette " +#~ "nu. Ls README.Debian for detaljer om, hvordan den skal oprettes. Hvis du " +#~ "bruger devfs, skal du afvise her." + +#~ msgid "Would you like to stop openvpn before it gets upgraded?" +#~ msgstr "nsker du at stoppe openvpn fr den opgraderes?" + +#~ msgid "" +#~ "In some cases you may be upgrading openvpn in a remote server using a VPN " +#~ "to do so. The upgrade process stops the running daemon before installing " +#~ "the new version, in that case you may lose your connection, the upgrade " +#~ "may be interrupted, and you may not be able to reconnect to the remote " +#~ "host." +#~ msgstr "" +#~ "I nogle tilflde skal du opgradere openvpn p en fjern server via VPN for " +#~ "at gre dette. Opgraderingsprocessen stopper den krende dmon fr den " +#~ "installerer den nye version. I s fald kan du miste forbindelsen, " +#~ "opgraderingen kan bliveforstyrret, og du kan muligvis ikke forbinde dig " +#~ "til den fjerne vrt igen." --- openvpn-2.1~rc19.orig/debian/po/templates.pot +++ openvpn-2.1~rc19/debian/po/templates.pot @@ -0,0 +1,65 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2008-06-24 20:24+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "Vulnerable random number generator" +msgstr "" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"A weakness has been discovered in the random number generator used by " +"OpenSSL on Ubuntu and Debian systems. As a result of this weakness, certain " +"encryption keys are generated much more frequently than they should be, such " +"that an attacker could guess the key through a brute-force attack given " +"minimal knowledge of the system." +msgstr "" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"Any keys created on a vulnerable system may be affected by this problem. The " +"'openssl-vulnkey' command may be used as a partial test for RSA keys with " +"certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared secret keys. " +"Users are urged to verify their keys or simply regenerate any server or " +"client certificates and keys in use on the system." +msgstr "" --- openvpn-2.1~rc19.orig/debian/po/fr.po +++ openvpn-2.1~rc19/debian/po/fr.po @@ -0,0 +1,169 @@ +# Translation of openvpn debconf templates to French +# Copyright (C) 2008 Michel Grentzinger +# This file is distributed under the same license as the openvpn package. +# +# +# Michel Grentzinger , 2008. +# Christian Perrier, , 2008. +msgid "" +msgstr "" +"Project-Id-Version: openvpn\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2008-06-24 20:24+0200\n" +"PO-Revision-Date: 2008-05-27 21:15+0200\n" +"Last-Translator: Michel Grentzinger \n" +"Language-Team: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Faut-il créer le périphérique TUN/TAP ?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Si vous choississez cette option, le périphérique TUN/TAP /dev/net/tun " +"nécessaire pour OpenVPN sera créé." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Vous ne devriez pas choisir cette option si vous utilisez devfs." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "Vulnerable random number generator" +msgstr "Générateur de nombres aléatoires vulnérable" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"A weakness has been discovered in the random number generator used by " +"OpenSSL on Ubuntu and Debian systems. As a result of this weakness, certain " +"encryption keys are generated much more frequently than they should be, such " +"that an attacker could guess the key through a brute-force attack given " +"minimal knowledge of the system." +msgstr "" +"Une faille a été découverte dans le générateur de nombres aléatoires " +"d'OpenSSL dans Debian et les distributions dérivées. Cela implique que " +"certaines clés sont générées plus souvent que d'autres, permettant à une " +"attaque par force brute de réussir à trouver une clé de chiffrement même " +"avec une connaissance minimale du système." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"Any keys created on a vulnerable system may be affected by this problem. The " +"'openssl-vulnkey' command may be used as a partial test for RSA keys with " +"certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared secret keys. " +"Users are urged to verify their keys or simply regenerate any server or " +"client certificates and keys in use on the system." +msgstr "" +"Toutes les clés créées sur un système vulnérable sont potentiellement " +"touchées par ce problème. La commande « openssl-vulnkey » peut être utilisée " +"pour trouver certaines des clés RSA vulnérables d'une certaine taille. De " +"même la commande « openvpn-vulnkey » peut rechercher de telles clés secrètes " +"partagées d'OpenVPN. Il est très fortement conseillé de vérifier les clés de " +"chiffrement ou de simplement recréer les certificats des serveurs et des " +"clients, ainsi que les clés utilisées sur le système." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Faut-il démarrer openvpn dès que possible ?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Les précédentes versions d'openvpn démarraient en même temps que la " +#~ "plupart des autres services. Cela signifie que la majorité de ces " +#~ "services ne peuvent pas utiliser openvpn puisqu'il n'est pas encore " +#~ "disponible lorsqu'ils démarrent. Les versions récentes du paquet openvpn " +#~ "démarrent plus tôt (c.-à-d. que le lien dans rc[235].d est S16openvpn au " +#~ "lieu de S20openvpn)." + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Si vous choisissez cette option, cette modification sera effectuée lors " +#~ "de la mise à jour du paquet. Sinon, rien ne sera modifié, et openvpn " +#~ "fonctionnera comme auparavant." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Faut-il arrêter OpenVPN lors des mises à jour ?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "La mise à jour arrête le démon en cours d'exécution avant d'installer la " +#~ "nouvelle version. Si vous installez ou mettez à jour le système à " +#~ "distance, cela peut causer l'interruption de la mise à jour." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "Sauf pour les mises à jour effectuées localement, vous ne devriez pas " +#~ "arrêter OpenVPN avant sa mise à jour. Le processus d'installation le " +#~ "redémarrera une fois cette opération terminée." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Cette option prendra effet à la prochaine mise à jour." + +#~ msgid "Default port has changed" +#~ msgstr "Changement du port par défaut" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "Le port par défaut d'OpenVPN est passé de 5000 à 1194 (valeur choisie par " +#~ "l'IANA). Si vous n'indiquez pas le port à utiliser sur vos réseaux privés " +#~ "virtuels, cette mise à niveau peut les rendre inutilisables." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Vous devriez utiliser l'option « port 5000 » si vous souhaitez continuer à " +#~ "utiliser l'ancien port, ou vérifier les réglages du pare-feu pour vous " +#~ "assurer que la configuration avec le nouveau port pourra fonctionner." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Faut-il arrêter openvpn dès que possible ?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Les précédentes versions d'openvpn se terminaient en même temps que la " +#~ "plupart des autres services. Cela signifie que la majorité de ces " +#~ "services ne peuvent pas utiliser openvpn puisque ce dernier est déjà " +#~ "arrêté avant qu'ils ne s'arrêtent à leur tour. Les versions récentes du " +#~ "paquet openvpn s'arrêtent plus tard (c.-à-d. que le lien dans rc[06].d " +#~ "est K80openvpn au lieu de K20openvpn)." --- openvpn-2.1~rc19.orig/debian/po/POTFILES.in +++ openvpn-2.1~rc19/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] templates --- openvpn-2.1~rc19.orig/debian/po/it.po +++ openvpn-2.1~rc19/debian/po/it.po @@ -0,0 +1,162 @@ +# Italian (it) translation of debconf templates for openvpn +# Copyright (C) 2006 Software in the Public Interest +# This file is distributed under the same license as the openvpn package. +# Luca Monducci , 2006-2008. +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn 2.1 italian debconf templates\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2008-06-24 20:24+0200\n" +"PO-Revision-Date: 2008-05-24 20:14+0200\n" +"Last-Translator: Luca Monducci \n" +"Language-Team: Italian \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Creare il device TUN/TAP?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Se si accetta verrà creato il device /dev/net/tun necessario a OpenVPN." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Se si usa devfs, rifiutare la creazione del device." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "Vulnerable random number generator" +msgstr "Vulnerabilità nel generatore di numeri casuali" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"A weakness has been discovered in the random number generator used by " +"OpenSSL on Ubuntu and Debian systems. As a result of this weakness, certain " +"encryption keys are generated much more frequently than they should be, such " +"that an attacker could guess the key through a brute-force attack given " +"minimal knowledge of the system." +msgstr "" +"È stata scoperta una vulnerabilità nel generatore di numeri casuali usato da " +"OpenSSL su sistemi Debian e Ubuntu. L'effetto di questa vulnerabilità è che " +"alcune chiavi di cifratura sono state generate più frequentemente, quindi un " +"attaccante con una minima conoscenza del sistema potrebbe indovinare la " +"chiave usando un attacco di tipo forza bruta." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"Any keys created on a vulnerable system may be affected by this problem. The " +"'openssl-vulnkey' command may be used as a partial test for RSA keys with " +"certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared secret keys. " +"Users are urged to verify their keys or simply regenerate any server or " +"client certificates and keys in use on the system." +msgstr "" +"Qualsiasi chiave creata su un sistema vulnerabile potrebbe essere afflitta " +"da questo problema. È possibile usare il comando \"openssl-vulnkey\" per " +"fare un test parziale delle chiavi RSA con un certo numero di bit e il " +"comando \"openvpn-vulnkey\" per le chive segrete condivise di OpenVPN. Gli " +"utenti devono verificare le proprie chiavi oppure rigenerare qualsiasi " +"certificato o chiave per client o server usati su questo sistema." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Avviare openvpn in anticipo?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Le precedenti versioni di openvpn partono insieme alla maggior parte " +#~ "degli altri servizi. Questo implica che gli altri servizi non possono " +#~ "usare openvpn dato che al loro avvio può non essere disponibile. Le " +#~ "versioni più recenti di openvpn partono in anticipo (cioè in rc[235].d è " +#~ "presente il collegamento S16openvpn al posto di S20openvpn)." + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Se si accetta, l'aggiornamento del pacchetto esegue la sostituzione di " +#~ "questo collegamento automaticamente. Se si rifiuta non vengono fatte " +#~ "modifche e openvpn continua a funzionare come in precedenza." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Fermare OpenVPN all'aggiornamento?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "Il processo d'aggiornamento ferma il demone prima di installare la nuova " +#~ "versione. Se l'installazione o l'aggiornamento avviene da remoto, è " +#~ "possibile che questo provochi il blocco del processo di aggiornamento." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "Eccetto nei casi in cui l'aggiornamento è locale, si deve scegliere di " +#~ "NON fermare OpenVPN prima del suo aggiornamento. Al termine del processo " +#~ "d'installazione verrà riavviato automaticamente." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Questa opzione avrà effetto dal prossimo aggiornamento." + +#~ msgid "Default port has changed" +#~ msgstr "La porta predefinita è cambiata" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "La porta predefinita di OpenVPN passa da 5000 a 1194 (assegnata dallo " +#~ "IANA). Se non si specifica la porta da usare per le proprie VPN, questo " +#~ "aggiornamento potrebbe renderle inutilizzabili." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Per mantenere la configurazione con la vecchia porta, usare l'opzione " +#~ "\"port 5000\" oppure controllare le regole del firewall in modo da " +#~ "consentire il funzionamento con la nuova porta predefinita." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Fermare openvpn in ritardo?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Le precedenti versioni di openvpn sono fermate insieme alla maggior parte " +#~ "degli altri servizi. Questo implica che i servizi che si fermano dopo non " +#~ "possono usare openvpn dato che potrebbe già essere fermo. Le versioni più " +#~ "recenti di openvpn sono fermate dopo gli altri servizi (cioè in rc[06].d " +#~ "è presente il collegamento K80openvpn al posto di K20openvpn)." --- openvpn-2.1~rc19.orig/debian/po/gl.po +++ openvpn-2.1~rc19/debian/po/gl.po @@ -0,0 +1,194 @@ +# Galician translation of openvpn's debconf templates +# This file is distributed under the same license as the openvpn package. +# Jacobo Tarrio , 2007, 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2008-06-24 20:24+0200\n" +"PO-Revision-Date: 2008-05-22 22:54+0100\n" +"Last-Translator: Jacobo Tarrio \n" +"Language-Team: Galician \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "¿Crear o dispositivo TUN/TAP?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Se escolle esta opción, hase crear o dispositivo /dev/net/tun necesario para " +"OpenVPN." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Non debería escoller esta opción se emprega devfs." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "Vulnerable random number generator" +msgstr "Xerador de números aleatorios vulnerable" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"A weakness has been discovered in the random number generator used by " +"OpenSSL on Ubuntu and Debian systems. As a result of this weakness, certain " +"encryption keys are generated much more frequently than they should be, such " +"that an attacker could guess the key through a brute-force attack given " +"minimal knowledge of the system." +msgstr "" +"Descubriuse unha debilidade no xerador de números aleatorios empregado por " +"OpenSSL nos sistemas Ubuntu e Debian. Coma resultado desta debilidade, " +"algunhas claves de cifrado xéranse con moita máis frecuencia da que lles " +"corresponde, de xeito que un atacante podería adiviñar a clave mediante un " +"ataque por forza bruta tendo coñecementos mínimos do sistema." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"Any keys created on a vulnerable system may be affected by this problem. The " +"'openssl-vulnkey' command may be used as a partial test for RSA keys with " +"certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared secret keys. " +"Users are urged to verify their keys or simply regenerate any server or " +"client certificates and keys in use on the system." +msgstr "" +"As claves xeradas nun sistema vulnerable poden estar afectadas por este " +"problema. Pódese empregar a orde \"openssl-vulnkey\" coma unha proba parcial " +"para claves RSA con determinados tamaños, e a orde \"openvpn-vulnkey\" para " +"claves secretas compartidas de OpenVPN. Anímase aos usuarios a que " +"verifiquen as súas claves ou, simplemente, rexeneren os certificados de " +"cliente e servidor e as claves que empregue no sistema." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "¿Quere iniciar openvpn máis pronto?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "As versións anteriores de openvpn iniciábanse ao mesmo tempo que a " +#~ "maioría dos servizos. Isto significa que a maior parte deses servizos non " +#~ "podían empregar openvpn xa que podía non estar dispoñible cando se " +#~ "iniciaron. As versións máis recentes do paquete openvpn hanse iniciar " +#~ "máis pronto (é dicir, unha ligazón S16openvpn en rc[235].d no canto de " +#~ "S20openvpn)." + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Se acepta isto, a actualización do paquete ha facelo por vostede. Se o " +#~ "rexeita, nada ha cambiar e openvpn ha funcionar tan ben como viña " +#~ "facéndoo ata agora." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "¿Deter OpenVPN ao actualizalo?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "O proceso de actualización detén o servizo en execución antes de instalar " +#~ "a nova versión. Se está a instalar ou actualizar o sistema remotamente, " +#~ "isto pode deter o proceso de actualización." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "A menos que se fagan as actualizacións localmente, non se debería deter " +#~ "openvpn antes de actualizalo. O proceso de instalación ha reinicialo " +#~ "despois de que se complete a actualización." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Esta opción ha tomar efecto na próxima actualización." + +#~ msgid "Default port has changed" +#~ msgstr "O porto por defecto cambiou" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "O porto por defecto de OpenVPN cambiou de 5000 a 1194 (porto asignado " +#~ "pola IANA). Se non indica o porto a empregar nas súas VPN, esta " +#~ "actualización pode rompelas." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Empregue a opción \"port 5000\" se quere conservar a configuración antiga " +#~ "do porto, ou consulte as regras da devasa para permitir que a nova " +#~ "configuración de portos funcione." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "¿Quere deter openvpn máis tarde?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "As versións anteriores de openvpn detíñanse ao mesmo tempo que a maioría " +#~ "dos servizos. Isto significa que algúns deses servizos que se detiñan " +#~ "despois non podían empregar openvpn xa que podía terse detido antes " +#~ "deles. As versións máis recentes do paquete openvpn han deter o servizo " +#~ "máis tarde (é dicir, unha ligazón K80openvpn en rc[06].d no canto de " +#~ "K20openvpn)." + +#~ msgid "Would you like a TUN/TAP device to be created?" +#~ msgstr "¿Quere que se cree un dispositivo TUN/TAP?" + +#~ msgid "" +#~ "If you accept here, the package will make a special device called /dev/" +#~ "net/tun for openvpn's use. If you refuse, the device won't be made now. " +#~ "Read README.Debian for details on how to make it. If you are using devfs " +#~ "refuse here." +#~ msgstr "" +#~ "Se acepta isto, o paquete ha crear un dispositivo especial chamado /dev/" +#~ "net/tun para o uso de openvpn. Se o rexeita, non se ha crear agora o " +#~ "dispositivo. Consulte README.Debian para máis detalles sobre como o " +#~ "facer. Se emprega devfs rexeite isto." + +#~ msgid "Would you like to stop openvpn before it gets upgraded?" +#~ msgstr "¿Quere deter openvpn antes de o actualizar?" + +#~ msgid "" +#~ "In some cases you may be upgrading openvpn in a remote server using a VPN " +#~ "to do so. The upgrade process stops the running daemon before installing " +#~ "the new version, in that case you may lose your connection, the upgrade " +#~ "may be interrupted, and you may not be able to reconnect to the remote " +#~ "host." +#~ msgstr "" +#~ "Nalgúns casos pode estar a actualizar openvpn nun servidor remoto " +#~ "empregando unha VPN para o facer. O proceso de actualización detén o " +#~ "servizo en execución antes de instalar a nova versión; nese caso pode " +#~ "perder a conexión, a actualización hase interromper e non ha poder " +#~ "conectarse ao servidor remoto." --- openvpn-2.1~rc19.orig/debian/po/nl.po +++ openvpn-2.1~rc19/debian/po/nl.po @@ -0,0 +1,190 @@ +# translation of openvpn_2.0.7-1_nl.po to Debian l10n Dutch +# +# This file is distributed under the same license as the openvpn package. +# Please see debian/copyright. +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +# This is an unofficial translation +# Kurt De Bree , 2006. +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn_2.0.7-1_nl\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2008-06-24 20:24+0200\n" +"PO-Revision-Date: 2006-09-28 18:40+0200\n" +"Last-Translator: Kurt De Bree \n" +"Language-Team: Debian l10n Dutch \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.1\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "Vulnerable random number generator" +msgstr "" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"A weakness has been discovered in the random number generator used by " +"OpenSSL on Ubuntu and Debian systems. As a result of this weakness, certain " +"encryption keys are generated much more frequently than they should be, such " +"that an attacker could guess the key through a brute-force attack given " +"minimal knowledge of the system." +msgstr "" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"Any keys created on a vulnerable system may be affected by this problem. The " +"'openssl-vulnkey' command may be used as a partial test for RSA keys with " +"certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared secret keys. " +"Users are urged to verify their keys or simply regenerate any server or " +"client certificates and keys in use on the system." +msgstr "" + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Wenst u openvpn vroeger op te starten?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Vorige versies van openvpn startten tegelijkertijd met het merendeel van " +#~ "andere diensten. Dit betekent dat het merendeel van deze diensten openvpn " +#~ "niet konden gebruiken omdat openvpn mogelijk onbeschikbaar was wanneer " +#~ "zij opstartten. Nieuwere versies van het openvpn-pakket starten vroeger " +#~ "op (d.i. een S16openvpn-koppeling in 'rc[235].d' i.p.v. een S20openvpn-" +#~ "koppeling)." + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Indien u hier toestemt, wordt de wijziging door de pakketopwaardering " +#~ "uitgevoerd. Bij weigering wordt niets gewijzigd en zal openvpn werken " +#~ "zoals voordien." + +#, fuzzy +#~| msgid "" +#~| "Unless you do your upgrades locally, it is advised NOT to stop openvpn " +#~| "before it gets upgraded. The installation process will restart it once " +#~| "it's done." +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "Tenzij u uw opwaarderingen lokaal uitvoert, is het NIET aangewezen om " +#~ "openvpn uit te schakelen alvorens het is opgewaardeerd. Het " +#~ "installatieproces zal het nadien herstarten." + +#, fuzzy +#~| msgid "This option will take effect in your next upgrade." +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Deze optie zal na de volgende opwaardering in werking treden." + +#~ msgid "Default port has changed" +#~ msgstr "De standaardpoort is gewijzigd" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "De standaardpoort van openvpn is gewijzigd van 5000 naar 1194 (toegewezen " +#~ "door IANA). Als u geen poort specificeert dat op uw VPN's moet worden " +#~ "gebruikt, kan deze opwaardering hen breken." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Gebruik de optie 'poort 5000' als u de oude poortconfiguratie wenst te " +#~ "behouden, of kijk naar uw firewallregels om de werking van de nieuwe " +#~ "standaardpoortconfiguratie toe te staan." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Wilt u openvpn later stoppen?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Eerdere versies van openvpn stopten tegelijkertijd met het merendeel van " +#~ "andere diensten. Dit betekent dat diensten die later stopten openvpn niet " +#~ "konden gebruiken aangezien deze reeds voordien kon gestopt zijn. Nieuwere " +#~ "versies van het openvpn-pakket stopt de dienst later. (d.i. een " +#~ "K80openvpn-koppeling in 'rc[06].d' i.p.v. een K20openvpn-koppeling)." + +#~ msgid "Would you like a TUN/TAP device to be created?" +#~ msgstr "Wilt u een TUN/TAP-apparaat aanmaken?" + +#~ msgid "" +#~ "If you accept here, the package will make a special device called /dev/" +#~ "net/tun for openvpn's use. If you refuse, the device won't be made now. " +#~ "Read README.Debian for details on how to make it. If you are using devfs " +#~ "refuse here." +#~ msgstr "" +#~ "Indien u hier toestemt, zal het pakket een speciaal apparaat (/dev/net/" +#~ "tun), voor het gebruik van openvpn, aanmaken. Bij weigering zal het " +#~ "apparaat niet nu aangemaakt worden. Meer informatie over de aanmaak vindt " +#~ "u in README.Debian. Weiger hier indien u devfs gebruikt." + +#~ msgid "Would you like to stop openvpn before it gets upgraded?" +#~ msgstr "Wilt u openvpn uitschakelen alvorens het opgewaardeerd wordt?" + +#~ msgid "" +#~ "In some cases you may be upgrading openvpn in a remote server using a VPN " +#~ "to do so. The upgrade process stops the running daemon before installing " +#~ "the new version, in that case you may lose your connection, the upgrade " +#~ "may be interrupted, and you may not be able to reconnect to the remote " +#~ "host." +#~ msgstr "" +#~ "De opwaardering van openvpn stopt de lopende achtergronddienst voor de " +#~ "installatie van de nieuwe versie. Als u openvpn vanop afstand opwaardeert " +#~ "via een vpn verbinding kunt u dus uw verbinding verliezen en zal de " +#~ "opwaarding onderbroken worden, waardoor u waarschijnlijk de verbinding " +#~ "met de server die probeert op te waarderen niet meer kunt herstellen." --- openvpn-2.1~rc19.orig/debian/po/pt_BR.po +++ openvpn-2.1~rc19/debian/po/pt_BR.po @@ -0,0 +1,168 @@ +# openvpn Brazilian Portuguese translation +# Copyright (C) 2007 THE openvpn'S COPYRIGHT HOLDER +# This file is distributed under the same license as the openvpn package. +# André Luís Lopes , 2007 +# Eder L. Marques (frolic) , 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn 2.1~rc7-2\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2008-06-24 20:24+0200\n" +"PO-Revision-Date: 2008-05-26 10:26-0300\n" +"Last-Translator: Eder L. Marques (frolic) \n" +"Language-Team: Brazilian Portuguese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"pt_BR utf-8\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Criar o dispositivo TUN/TAP?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Se você escolher esta opção, o dispositivo /dev/net/tun necessário ao " +"openvpn será criado." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Você não deve escolher esta opção se você está usando devfs." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "Vulnerable random number generator" +msgstr "Gerador de números aleatórios vulnerável" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"A weakness has been discovered in the random number generator used by " +"OpenSSL on Ubuntu and Debian systems. As a result of this weakness, certain " +"encryption keys are generated much more frequently than they should be, such " +"that an attacker could guess the key through a brute-force attack given " +"minimal knowledge of the system." +msgstr "" +"Uma falha foi descoberta no gerador de números aleatórios usado pelo OpenSSL " +"em sistemas Ubuntu e Debian. Como resultado desta falha, certas chaves de " +"encriptação são geradas muito mais frequentemente do que deveriam ser, por " +"isso um atacante pode adivinhar a chave através de um ataque de força bruta " +"com um conhecimento mínimo do sistema. " + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"Any keys created on a vulnerable system may be affected by this problem. The " +"'openssl-vulnkey' command may be used as a partial test for RSA keys with " +"certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared secret keys. " +"Users are urged to verify their keys or simply regenerate any server or " +"client certificates and keys in use on the system." +msgstr "" +"Qualquer chave criada em um sistema vulnerável pode ser afetada por este " +"problema. O comando 'openssl-vulnkey' pode ser usado como um teste parcial " +"para chaves RSA com certos bits de tamanho, e o 'openvpn-vulnkey' para as " +"chaves secretas compartilhadas do OpenVPN. Usuários são instados a verificar " +"suas chaves ou simplesmente regerar qualquer certificado de servidor ou " +"cliente e chaves em uso no sistema." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Você gostaria de iniciar o openvpn antes?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Versões anteriores do openvpn iniciavam ao mesmo tempo que a maioria dos " +#~ "outros serviços. Isso significa que a maioria desses serviços não podiam " +#~ "utilizar o openvpn, uma vez que o mesmo poderia não estar disponível " +#~ "quando eles iniciavam. Novas versões do pacote openvpn iniciarão antes. " +#~ "(i.e. um link s16openvpn em rc[235].d ao invés de um S20openvpn)" + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Caso você aceite aqui, a atualização do pacote irá fazer essa mudança " +#~ "para você. Caso você não aceite, nada irá mudar e o openvpn continuará a " +#~ "funcionar exatamente da maneira que funcionava anteriormente." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Parar o OpenVPN quando atualizar?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "O processo de atualização pára os \"daemons\" em uso antes de instalar a " +#~ "nova versão. Se você está instalando ou atualizando o sistema " +#~ "remotamente, isso pode quebrar o processo de atualização." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "A menos que as atualizações estejam sendo feitas localmente, você não " +#~ "deve escolher parar o OpenVPN antes que ele seja atualizado. O processo " +#~ "de instalação irá reiniciá-lo assim que a atualização estiver completa." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Essa opção terá efeito na próxima atualização." + +#~ msgid "Default port has changed" +#~ msgstr "A porta padrão mudou" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "A porta padrão do OpenVPN mudou de 5000 para 1194 (atribuída pelo IANA). " +#~ "Caso você não especifique a porta a ser utilizada em suas VPNs, esta " +#~ "atualização pode quebrá-las." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Utilize a opção 'port 5000' se você quer manter a configuração antiga de " +#~ "porta. Opcionalmente, verifique suas regras de firewall e permita que a " +#~ "configuração da nova porta padrão funcione." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Você gostaria de parar o OpenVPN depois?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Versões anteriores do openvpn paravam ao mesmo tempo que a maioria dos " +#~ "outros serviços. Isto significa que alguns serviços que paravam depois " +#~ "não podiam utilizar o openvpn uma vez que ele poderia ter parado antes " +#~ "deles. Novas versões do pacote openvpn irão parar o serviço depois (i.e " +#~ "um link K80openvpn no rc[06].d em vez de um K20openvpn)" --- openvpn-2.1~rc19.orig/debian/po/es.po +++ openvpn-2.1~rc19/debian/po/es.po @@ -0,0 +1,219 @@ +# openvpn po-debconf translation to spanish +# Copyright (C) 2004 Software in the Public Interest +# This file is distributed under the same license as the postfix package. +# +# Changes: +# - Initial translation +# Rudy Godoy , 2006 +# +# +# Traductores, si no conoce el formato PO, merece la pena leer la +# documentacin de gettext, especialmente las secciones dedicadas a este +# formato, por ejemplo ejecutando: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Equipo de traduccin al espaol, por favor lean antes de traducir +# los siguientes documentos: +# +# - El proyecto de traduccin de Debian al espaol +# http://www.debian.org/intl/spanish/coordinacion +# especialmente las notas de traduccin en +# http://www.debian.org/intl/spanish/notas +# +# - La gua de traduccin de po's de debconf: +# /usr/share/doc/po-debconf/README-trans +# o http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn 2.0.9\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2008-06-24 20:24+0200\n" +"PO-Revision-Date: 2008-05-25 18:19-0500\n" +"Last-Translator: Rudy Godoy \n" +"Language-Team: Debian l10n Spanish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Crear dispositivo TUN/TAP?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Si elije esta opcin, se crear el dispositivo /dev/net/tun requerido por " +"OpenVPN." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "No elija esta opcin si est utilizando devfs." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "Vulnerable random number generator" +msgstr "Vulnerabilidad de generador de nmero aleatorio" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"A weakness has been discovered in the random number generator used by " +"OpenSSL on Ubuntu and Debian systems. As a result of this weakness, certain " +"encryption keys are generated much more frequently than they should be, such " +"that an attacker could guess the key through a brute-force attack given " +"minimal knowledge of the system." +msgstr "" +"Se ha descubierto un problema en el generador de nmero aleatorio utilizado " +"por OpenSSL en los sistemas Debian y Ubuntu. Como resultado de esto, ciertas " +"claves de cifrado se generan de forma mucho ms frecuente de las que " +"deberan, esto posibilita que un atacante pueda adivinar la clave mediante " +"un ataque de fuerza bruta si posee informacin bsica sobre el sistema " +"objetivo." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"Any keys created on a vulnerable system may be affected by this problem. The " +"'openssl-vulnkey' command may be used as a partial test for RSA keys with " +"certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared secret keys. " +"Users are urged to verify their keys or simply regenerate any server or " +"client certificates and keys in use on the system." +msgstr "" +"Todas las claves creadas en un sistema vulnerable estn afectas por este " +"problema. Puede utilizar la orden openssl-vulnkey para realizar una prueba " +"parcial para claves RSA con cierto tamao y la orden openvpn-vulnkey para " +"claves secretas compartidas de OpenVPN. Se insta a los usuarios a verificar " +"sus claves o simplemente volver a generar cualquier clave y certificado de " +"cliente y servidor que se usa en el sistema." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Desea iniciar openvpn ms pronto?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Las versiones antiguas de openvpn arrancaban al mismo tiempo que otros\n" +#~ "servicios. Esto significa que muchos de estos servicios no podan usar\n" +#~ "openvpn puesto que ste poda no estar disponible cuando arrancaban. Las\n" +#~ "versiones recientes de openvpn arrancarn mucho antes. (es decir, un\n" +#~ "enlace S18openvpn en rc[2345].d en vez de S20openvpn)" + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Si acepta ahora, la actualizacin del paquete activar este cambio. Si\n" +#~ "no acepta, no se cambiar nada, y openvpn funcionar como lo hacia\n" +#~ "hasta ahora." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Parar OpenVPN cuando se actualice?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "El proceso de actualizacin para el demonio antes de instalar la nueva " +#~ "versin. Si est instalado o actualizando el sistema remotamente, esto " +#~ "podra interrumpir el proceso de actualizacin." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "A menos de que haga las actualizaciones de forma local, se aconseja no\n" +#~ "parar openvpn antes de que se actualice. El proceso de instalacin lo\n" +#~ "reiniciara una vez que haya finalizado la actualizacin." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Esta opcin tomar efecto a partir de la siguiente actualizacin." + +#~ msgid "Default port has changed" +#~ msgstr "El puerto predeterminado ha cambiado" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "El puerto predeterminado de OpenVPN ha cambiado del 5000 al 1194 (por\n" +#~ "asignacin de IANA). Si no especifica el puerto a usar en sus VPNs,\n" +#~ "esto podra podra inutilizarlas." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Use la opcin port 5000 si quiere continuar usando el antiguo\n" +#~ "puerto, o compruebe las reglas de su cortafuegos para permitir el\n" +#~ "funcionamiento con el nuevo puerto predeterminado." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Deseara parar openvpn despus?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Las versiones antiguas de openvpn paraban al mismo tiempo que la\n" +#~ "mayora de otros servicios. Esto significa que algunos de estos\n" +#~ "servicios que se paraban despus no podan usar openvpn ya que ste\n" +#~ "poda haber sido parado antes. Las versiones recientes del paquete\n" +#~ "openvpn pararn el servicio despus. (es decir, un enlace K80openvpn\n" +#~ "en rc[06].d en lugar de K20openvpn)" + +#~ msgid "Would you like a TUN/TAP device to be created?" +#~ msgstr "Desea que la instalacin cree un dispositivo TUN/TAP?" + +#~ msgid "" +#~ "If you accept here, the package will make a special device called /dev/" +#~ "net/tun for openvpn's use. If you refuse, the device won't be made now. " +#~ "Read README.Debian for details on how to make it. If you are using devfs " +#~ "refuse here." +#~ msgstr "" +#~ "Si acepta, el paquete crear un dispositivo especial llamado\n" +#~ "/dev/net/tun necesario para el funcionamiento de openvpn. Si rechaza\n" +#~ "esta opcin, el dispositivo no se crear ahora. Lea el fichero\n" +#~ "README.Debian para saber como crearlo. Si est usando devfs no elija\n" +#~ "esta opcin" + +#~ msgid "Would you like to stop openvpn before it gets upgraded?" +#~ msgstr "Desea parar openvpn antes de actualizar?" + +#~ msgid "" +#~ "In some cases you may be upgrading openvpn in a remote server using a VPN " +#~ "to do so. The upgrade process stops the running daemon before installing " +#~ "the new version, in that case you may lose your connection, the upgrade " +#~ "may be interrupted, and you may not be able to reconnect to the remote " +#~ "host." +#~ msgstr "" +#~ "En algunos casos, puede estar actualizando openvpn en un servidor\n" +#~ "remoto utilizando la propia VPN. El proceso de actualizacin para el\n" +#~ "demonio openvpn antes de instalar la nueva versin, en ese caso podra\n" +#~ "perder la conexin y la actualizacin quedar interrumpida. Esto podra\n" +#~ "impedirle que pueda volver a conectar a la mquina remota." --- openvpn-2.1~rc19.orig/debian/po/cs.po +++ openvpn-2.1~rc19/debian/po/cs.po @@ -0,0 +1,197 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2008-06-24 20:24+0200\n" +"PO-Revision-Date: 2008-05-22 19:43+0200\n" +"Last-Translator: Miroslav Kure \n" +"Language-Team: Czech \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Vytvořit zařízení TUN/TAP?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Povolíte-li tuto možnost, vytvoří se zařízení /dev/net/tun, které je nutné " +"pro činnost OpenVPN." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Používáte-li devfs, tuto volbu nepovolujte." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "Vulnerable random number generator" +msgstr "Zranitelný generátor náhodných čísel" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"A weakness has been discovered in the random number generator used by " +"OpenSSL on Ubuntu and Debian systems. As a result of this weakness, certain " +"encryption keys are generated much more frequently than they should be, such " +"that an attacker could guess the key through a brute-force attack given " +"minimal knowledge of the system." +msgstr "" +"V OpenSSL používaném na systémech Ubuntu a Debian byla objevena slabina v " +"generátoru náhodných čísel. Důsledkem slabiny je fakt, že se některé " +"šifrovací klíče generují častěji než by měly. Útočník tak může s jistou " +"minimální znalostí systému odhalit klíč pomocí útoku hrubou silou." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"Any keys created on a vulnerable system may be affected by this problem. The " +"'openssl-vulnkey' command may be used as a partial test for RSA keys with " +"certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared secret keys. " +"Users are urged to verify their keys or simply regenerate any server or " +"client certificates and keys in use on the system." +msgstr "" +"Jakékoliv klíče vytvořené na postiženém systému mohou být tímto problémem " +"zasaženy. Jako částečný test RSA klíčů s určitými délkami můžete použít " +"příkaz „openssl-vulnkey“, případně pro sdílené tajné klíče OpenVPN příkaz " +"„openvpn-vulnkey“. Uživatelé by měli okamžitě zkontrolovat své klíče, " +"případně rovnou přegenerovat všechny serverové a klientské certifikáty a " +"klíče, které se na systému používají." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Chcete spouštět openvpn dříve?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Dřívější verze openvpn se spouštěly zhruba ve stejném čase jako ostatní " +#~ "služby. To znamená, že většina těchto služeb nemohla openvpn využít, " +#~ "protože tou dobou ještě nemuselo být k dispozici. Novější verze balíku " +#~ "openvpn mohou startovat o něco dříve (v rc[235].d se vytvoří místo " +#~ "S20openvpn odkaz S16openvpn)." + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Budete-li souhlasit, balík se o změnu postará. Pokud možnost odmítnete, " +#~ "nic se nestane a openvpn bude pracovat jako doposud." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Zastavit OpenVPN při aktualizaci?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "Před instalací nové verze bude běžící daemon zastaven. Jestliže " +#~ "aktualizujete systém vzdáleně, může to vést k narušení procesu " +#~ "aktualizace." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "Jestliže nebudete provádět aktualizace lokálně, doporučujeme openvpn před " +#~ "aktualizací nezastavovat. Instalační proces jej po instalaci restartuje." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Tato volba nabude účinnosti při příští aktualizaci." + +#~ msgid "Default port has changed" +#~ msgstr "Implicitní port se změnil" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "Implicitní port OpenVPN se změnil z 5000 na 1194 (přidělen organizací " +#~ "IANA). Pokud nezadáte port, který se má používat na vašich VPN, touto " +#~ "aktualizací je můžete rozbít." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Pokud chcete zachovat staré nastavení portu, použijte volbu 'port 5000'. " +#~ "V opačném případě nezapomeňte upravit pravidla firewallu, aby umožnila " +#~ "komunikaci na novém portu." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Chcete ukončovat openvpn později?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Dřívější verze openvpn se ukončovaly zhruba ve stejném čase jako ostatní " +#~ "služby. To znamená, že většina těchto služeb nemohla openvpn využít, " +#~ "protože tou dobou již nemuselo být k dispozici. Novější verze balíku " +#~ "openvpn mohou službu zastavit později (v rc[06].d se místo K20openvpn " +#~ "vytvoří odkaz K80openvpn)." + +#~ msgid "Would you like a TUN/TAP device to be created?" +#~ msgstr "Chcete vytvořit zařízení TUN/TAP?" + +#~ msgid "" +#~ "If you accept here, the package will make a special device called /dev/" +#~ "net/tun for openvpn's use. If you refuse, the device won't be made now. " +#~ "Read README.Debian for details on how to make it. If you are using devfs " +#~ "refuse here." +#~ msgstr "" +#~ "Odpovíte-li kladně, balík vytvoří speciální zařízení nazvané /dev/net/" +#~ "tun. Odmítnete-li, zařízení se nyní nevytvoří. Používáte-li devfs, " +#~ "odmítněte. Návod na ruční vytvoření zařízení naleznete v souboru README." +#~ "Debian." + +#~ msgid "Would you like to stop openvpn before it gets upgraded?" +#~ msgstr "Chcete openvpn při aktualizaci zastavit?" + +#~ msgid "" +#~ "In some cases you may be upgrading openvpn in a remote server using a VPN " +#~ "to do so. The upgrade process stops the running daemon before installing " +#~ "the new version, in that case you may lose your connection, the upgrade " +#~ "may be interrupted, and you may not be able to reconnect to the remote " +#~ "host." +#~ msgstr "" +#~ "V některých případech se může stát, že budete aktualizovat openvpn na " +#~ "vzdáleném serveru právě přes VPN tunel. Před instalací nové verze bude " +#~ "běžící daemon zastaven a vy tak ztratíte své připojení, aktualizace se " +#~ "přeruší a už se možná ke vzdálenému počítači nebudete moci přihlásit." --- openvpn-2.1~rc19.orig/debian/po/vi.po +++ openvpn-2.1~rc19/debian/po/vi.po @@ -0,0 +1,160 @@ +# Vietnamese translation for openvpn. +# Copyright © 2008 Free Software Foundation, Inc. +# Clytie Siddall , 2005-2008. +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn 2.1~rc7-2\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2008-06-24 20:24+0200\n" +"PO-Revision-Date: 2008-05-24 15:54+0930\n" +"Last-Translator: Clytie Siddall \n" +"Language-Team: Vietnamese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: LocFactoryEditor 1.7b3\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Tạo thiết bị TUN/TAP không?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "Bật tùy chọn này thì tạo thiết bị « /dev/net/tun » được OpenVPN cần." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Không nên bật tùy chọn này nếu bạn đang dùng devfs." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "Vulnerable random number generator" +msgstr "Cơ chế tạo ra số ngẫu nhiên còn có thể lạm dụng" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"A weakness has been discovered in the random number generator used by " +"OpenSSL on Ubuntu and Debian systems. As a result of this weakness, certain " +"encryption keys are generated much more frequently than they should be, such " +"that an attacker could guess the key through a brute-force attack given " +"minimal knowledge of the system." +msgstr "" +"Một sở đoản đã được phát hiện trong cơ chế tạo ra số ngẫu nhiên được OpenSSL " +"dùng trên hệ thống Ubuntu và Debian. Kết quả của sở đoản này là một số khoá " +"mật mã được tạo rất nhiều lần hơn số nên tạo, thì cho phép người tấn công " +"đoán khoá thông qua một sự tấn công sức mạnh vũ phu, không cần biết nhiều về " +"hệ thống đó." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"Any keys created on a vulnerable system may be affected by this problem. The " +"'openssl-vulnkey' command may be used as a partial test for RSA keys with " +"certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared secret keys. " +"Users are urged to verify their keys or simply regenerate any server or " +"client certificates and keys in use on the system." +msgstr "" +"Bất cứ khoá nào được tạo trên hệ thống sử dụng gói OpenSSL của Debian thì bị " +"vấn đề này ảnh hưởng. Có thể sử dụng câu lệnh « openssl-vulnkey » làm phép " +"thử bộ phận phát hiện khoá RSA có một số kích cỡ cụ thể, và câu lệnh « " +"openvpn-vulnkey » phát hiện khoá mật chia sẻ OpenVPN. Khuyên mọi người dùng " +"thẩm tra các khoá hoặc đơn giản tạo ra bất cứ khoá hay chứng nhận nào kiểu " +"máy phục vụ hay trình khách được dùng trên hệ thống đó." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Bạn có muốn khởi chạy trình openvpn sớm hơn không?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Phiên bản trước của trình openvpn đã khởi chạy cùng lúc với phần lớn dịch " +#~ "vụ khác. Có nghĩa là phần lớn dịch vụ này không thể dùng openvpn, vì nó " +#~ "có lẽ không sẵn sàng khi mỗi dịch vụ khởi chạy. Phiên bản mới hơn của gói " +#~ "openvn sẽ khởi chạy sớm hơn trong những cấp khởi chạy Debian (tức là một " +#~ "liên kết « S16openvpn » trong « rc[235].d » thay vào « S20openvpn »)." + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Chấp nhận ở đây thì tiến trình nâng cấp gói sẽ làm thay đổi này cho bạn. " +#~ "Từ chối thì không thay đổi gì: openvpn sẽ hoạt động đúng như trước." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Nâng cấp thì dừng OpenVPN không?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "Tiến trình nâng cấp sẽ dừng chạy trình nền trước khi cài đặt phiên bản " +#~ "mới. Nếu bạn đang cài đặt hoặc nâng cấp hệ thống từ xa, tiến trình nâng " +#~ "cấp có thể bị phá vỡ." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "Nếu không nâng cấp cục bộ, bạn nên chọn không dừng OpenVPN trước khi nâng " +#~ "cấp nó. Tiến trình cài đặt sẽ khởi chạy lại một khi nâng cấp xong." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Tùy chọn này sẽ có tác động việc nâng cấp kế tiếp." + +#~ msgid "Default port has changed" +#~ msgstr "Cổng mặc định đã thay đổi" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "Cổng mặc định của trình Openvpn đã thay đổi từ số 5000 thành số 1194 (do " +#~ "IANA gán). Nếu bạn không ghi rõ cổng cần dùng trên VPN, tiến trình nâng " +#~ "cấp này có thể phá vỡ nó." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Hãy dùng tùy chọn « port 5000 » (cổng số 5000) nếu bạn muốn giữ cấu hình " +#~ "cổng cũ, hoặc hãy kiểm tra xem những quy tắc bức tường lửa là đúng, để " +#~ "cho phép cấu hình cổng mặc định hoạt động được." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Bạn có muốn ngừng chạy trình openvpn trễ hơn không?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Phiên bản trước của trình openvpn đã ngừng chạy cùng lúc với phần lớn " +#~ "dịch vụ khác. Có nghĩa là phần lớn dịch vụ này không thể dùng openvpn, vì " +#~ "nó có lẽ đã ngừng trước chúng. Phiên bản mới hơn của gói openvn sẽ ngừng " +#~ "chạy dịch vụ trễ hơn trong những cấp ngừng chạy Debian (tức là một liên " +#~ "kết « K80openvpn » trong « rc[235].d » thay vào « K20openvpn »)." --- openvpn-2.1~rc19.orig/debian/po/ja.po +++ openvpn-2.1~rc19/debian/po/ja.po @@ -0,0 +1,169 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn 2.1~rc7-2\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2008-06-24 20:24+0200\n" +"PO-Revision-Date: 2008-05-30 23:52+0900\n" +"Last-Translator: Hideki Yamane (Debian-JP) \n" +"Language-Team: Japanese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "TUN/TAP デバイスを作成しますか?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"ここで「はい」と答えると、openvpn が必要とする /dev/net/tun デバイスを作成し" +"ます。" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "devfs を使っている場合は「いいえ」と答えてください。" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "Vulnerable random number generator" +msgstr "脆弱な乱数生成器について" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"A weakness has been discovered in the random number generator used by " +"OpenSSL on Ubuntu and Debian systems. As a result of this weakness, certain " +"encryption keys are generated much more frequently than they should be, such " +"that an attacker could guess the key through a brute-force attack given " +"minimal knowledge of the system." +msgstr "" +"Ubuntu および Debian のシステムの OpenSSL で利用されている乱数生成器に弱点が" +"見つかりました。この弱点によって、本来あるべきより頻繁に特定の暗号鍵が生成さ" +"れてしまうことになり、システムについてほんの少しだけ知識を得るだけで、攻撃者" +"が総当たり攻撃によって鍵を推測できてしまいます。" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"Any keys created on a vulnerable system may be affected by this problem. The " +"'openssl-vulnkey' command may be used as a partial test for RSA keys with " +"certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared secret keys. " +"Users are urged to verify their keys or simply regenerate any server or " +"client certificates and keys in use on the system." +msgstr "" +"脆弱性があるシステムで生成された全ての鍵がこの問題の影響を受けます。特定の" +"ビット数の RSA 鍵については 'openssl-vulnkey' コマンドが、OpenVPN の共有秘密" +"鍵には 'openvpn-vulnkey' コマンドが部分的なテストとして利用できます。ユーザに" +"は鍵の確認を行うか、システムで利用しているサーバ/クライアント証明書及び鍵を" +"単に再生成することをお勧めします。" + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "openvpn をすぐに起動しますか?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "openvpn の以前のバージョンでは他の大半のサービスと同時に起動していました。" +#~ "これは、これらのサービスの大半が起動時に openvpn が利用できない状態のた" +#~ "め、openvpn を利用できないのを意味します。新しいバージョンの openvpn パッ" +#~ "ケージはすぐに起動するようになっています。(つまり、rc[235].d では " +#~ "S20openvpn ではなく S16openvpn にリンクしています)" + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "ここで「はい」と答えると、パッケージのアップグレードでこの変更を行います。" +#~ "「いいえ」と答えた場合、何も変更されず、openvpn は以前同様に動作します。" + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "アップグレードの際に openvpn を停止しますか?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "アップグレード作業では、新バージョンをインストールする前に動作しているデー" +#~ "モンを停止します。リモートからシステムをインストール/アップグレードしてい" +#~ "る場合は、アップグレードは途中で中断される可能性があります。" + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "アップグレードをローカルで実行してないのであれば、アップグレードの前に " +#~ "openvpn は停止「しない」ようにしてください。インストール作業が一旦完了する" +#~ "と再起動を行います。" + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "このオプションは次回のアップグレード時に使われます。" + +#~ msgid "Default port has changed" +#~ msgstr "標準ポートが変更されました" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "OpenVPN の標準ポートが 5000 から (IANA によって割り当てられた) 1194 に変更" +#~ "されました。VPN 接続で利用するポートを明示的に指定していない場合は、この" +#~ "アップグレードによって接続ができなくなります。" + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "以前のポート設定をそのまま使い続けたい場合は 'port 5000' オプションを利用" +#~ "してっください。それ以外の場合はファイアウォールのルールを見直し、新しい標" +#~ "準ポート設定で動作するようにしてください。" + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "openvpn が遅れて停止するようにしますか?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "openvpn の以前のバージョンでは、他の大半のサービスと同時に終了していまし" +#~ "た。これは、遅れて終了するサービスの幾つかは、openvpn がサービスより前に停" +#~ "止されてしまうので、openvpn を利用できなかったということを意味しています。" +#~ "新しいバージョンの openvpn パッケージは遅れて停止するようになっています。" +#~ "(つまり、rc[06].d で K20openvpn ではなく K80openvpn にリンクしています)" --- openvpn-2.1~rc19.orig/debian/po/sv.po +++ openvpn-2.1~rc19/debian/po/sv.po @@ -0,0 +1,204 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# Developers do not need to manually edit POT or PO files. +# , fuzzy +# +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn 2.0.2-1\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2008-06-24 20:24+0200\n" +"PO-Revision-Date: 2008-05-24 13:50+0100\n" +"Last-Translator: Andreas Henriksson \n" +"Language-Team: Swedish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=iso-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Swedish\n" +"X-Poedit-Country: SWEDEN\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Skapa TUN/TAP-grnssnittet?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Om du vljer detta alternativ kommer specialfilen /dev/net/tun som behvs av " +"OpenVPN att skapas." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Du skall ej vlja detta alternativ om du anvnder devfs." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "Vulnerable random number generator" +msgstr "Srbar slumptalsgenerator" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"A weakness has been discovered in the random number generator used by " +"OpenSSL on Ubuntu and Debian systems. As a result of this weakness, certain " +"encryption keys are generated much more frequently than they should be, such " +"that an attacker could guess the key through a brute-force attack given " +"minimal knowledge of the system." +msgstr "" +"En srbarhet har hittats i slumptalsgeneratorn som anvnds av OpenSSL p " +"Ubuntu- och Debian-system. Som en fljd av denna srbarhet genereras vissa " +"krypteringsnycklar mycket oftare n de borde, s att en attack kan utfras " +"genom att med minimal kunskap om systemet nd kunna gissa sig fram till " +"rtt nyckel genom att anvnda \"r kraft\" (automatiskt testa alla " +"kombinationer)." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"Any keys created on a vulnerable system may be affected by this problem. The " +"'openssl-vulnkey' command may be used as a partial test for RSA keys with " +"certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared secret keys. " +"Users are urged to verify their keys or simply regenerate any server or " +"client certificates and keys in use on the system." +msgstr "" +"Alla nycklar som skapats p ett srbart system kan ha detta problem. " +"Kommandot 'openssl-vulnkey' kan anvndas som ett del-test fr RSA-nycklar " +"med vissa bit-storlekar, och 'openvpn-vulnkey' fr OpenVPNs delade hemliga " +"nycklar. Anvndare uppmanas att verifiera deras nycklar eller helt enkelt " +"generera om alla server- eller klient-certifikat och tillhrande nycklar som " +"anvnds p systemet." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Vill du starta openvpn tidigare?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Tidigare versioner av OpenVPN startade samtidigt som mnga andra " +#~ "tjnster. Detta betyder att mnga av dessa tjnster inte kunde anvnda " +#~ "sig av OpenVPN eftersom den inte var tillgnglig nr de startade. Senare " +#~ "versioner av OpenVPN startar tidigare. (Dvs, en S18openvpn lnk i rc[235]." +#~ "d istllet fr en S20openvpn)" + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Om du accepterar hr kommer paketuppgraderingen att skapa denna t dig. " +#~ "Om du vgrar kommer ingenting att gras och OpenVPN kommer att fungerar " +#~ "precis som den gjorde tidigare." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Stoppa OpenVPN vid uppgradering?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "Uppgraderingsprocessen avslutar tjnsten fre installationen av den nya " +#~ "versionen. Om du intallerar eller uppgraderar systemet via " +#~ "fjrranslutning kan detta eventuellt skapa problem under " +#~ "uppgraderingsprocessen." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "Bortsett frn nr dina uppgraderingar utfrst lokalt, s br du vlja att " +#~ "inte stoppa OpenVPN fre uppgraderingen. Installationsprocessen kommer " +#~ "starta om tjnsten nr uppgraderingen r frdig." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Detta val blir aktivt vid nsta uppgradering." + +#~ msgid "Default port has changed" +#~ msgstr "Standardporten har ndrats" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "OpenVPN's standardport har ndrats frn 5000 till 1194 (IANA tilldelad). " +#~ "Om du inte anger porten som ska anvndas i dina VPN kan denna " +#~ "uppgradering f dom att sluta fungera." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Anvnd instllningen 'port 5000' om du vill behlla den gamla " +#~ "portkonfigurationen eller ta en titt p dina brandvggsregler fr att " +#~ "tillta den nya konfigurationen fr standardporten att fungera." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Vill du stoppa openvpn senare?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Tidigare versioner av OpenVPN stoppade samtidigt som mnga andra " +#~ "tjnster. Detta betyder att ngra av dessa tjnster som stoppades senare " +#~ "inte kunde anvnda sig av OpenVPN eftersom de hade stoppats fre dom. " +#~ "Senare versioner av OpenVPN stoppar tjnsten senare (exempel, en " +#~ "K80openvpn lnk i rc[06].d istllet fr en K20openvpn)" + +#~ msgid "Would you like a TUN/TAP device to be created?" +#~ msgstr "Vill du att en TUN/TAP-enhet skapas?" + +#~ msgid "" +#~ "If you accept here, the package will make a special device called /dev/" +#~ "net/tun for openvpn's use. If you refuse, the device won't be made now. " +#~ "Read README.Debian for details on how to make it. If you are using devfs " +#~ "refuse here." +#~ msgstr "" +#~ "Om du accepterar hr kommer paketet att skapa en speciell enhet kallad /" +#~ "dev/net/tun som OpenVPN anvnder. Om du vgrar kommer inte enheten att " +#~ "skapas. Ls README.Debian fr detaljer hur du skapar den. Om du anvnder " +#~ "devfs s ska du vgra hr." + +#~ msgid "Would you like to stop openvpn before it gets upgraded?" +#~ msgstr "Vill du stoppa openvpn fre den uppgraderas?" + +#~ msgid "" +#~ "In some cases you may be upgrading openvpn in a remote server using a VPN " +#~ "to do so. The upgrade process stops the running daemon before installing " +#~ "the new version, in that case you may lose your connection, the upgrade " +#~ "may be interrupted, and you may not be able to reconnect to the remote " +#~ "host." +#~ msgstr "" +#~ "I vissa fall kan du uppgradera OpenVPN i en fjrrserver via ett VPN. " +#~ "Uppgraderingsprocessen stoppar den krande daemonen fre installation av " +#~ "den nya versionen och du kommer att tappa frbindelsen, uppgraderingen " +#~ "kommer att avbrytas och du kanske inte kan teruppta frbindelsen till " +#~ "fjrrservern." --- openvpn-2.1~rc19.orig/debian/po/ca.po +++ openvpn-2.1~rc19/debian/po/ca.po @@ -0,0 +1,126 @@ +# openvpn (debconf) translation to Catalan. +# Copyright (C) 2004 Free Software Foundation, Inc. +# Aleix Badia i Bosch , 2004 +# Josep Lladonosa i Capell , 2004 +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn_1.5.0-2_templates\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2008-06-24 20:24+0200\n" +"PO-Revision-Date: 2004-04-08 20:24+0200\n" +"Last-Translator: Aleix Badia i Bosch \n" +"Language-Team: Catalan \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "Vulnerable random number generator" +msgstr "" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"A weakness has been discovered in the random number generator used by " +"OpenSSL on Ubuntu and Debian systems. As a result of this weakness, certain " +"encryption keys are generated much more frequently than they should be, such " +"that an attacker could guess the key through a brute-force attack given " +"minimal knowledge of the system." +msgstr "" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"Any keys created on a vulnerable system may be affected by this problem. The " +"'openssl-vulnkey' command may be used as a partial test for RSA keys with " +"certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared secret keys. " +"Users are urged to verify their keys or simply regenerate any server or " +"client certificates and keys in use on the system." +msgstr "" + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Voldríeu iniciar l'openvpn abans?" + +#, fuzzy +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Les versions anteriors de l'openvpn s'iniciaven al mateix temps que la " +#~ "majoria de serveis. Aquesta característica implica que la majoria de " +#~ "serveis no poguessin utilitzar l'openvpn al no estar disponible. Les " +#~ "noves versions de l'openvpn s'iniciaran abans (ex. un enllaç S18openvpn a " +#~ "rc[235].d en comptes d'un S20openvpn)" + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Si ho accepteu, l'actualització del paquet ho modificarà per vosaltres. " +#~ "Si no ho accepteu, no canviarà res i l'openvpn s'executarà tal i com ho " +#~ "feia anteriorment." + +#, fuzzy +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Voldríeu iniciar l'openvpn abans?" + +#, fuzzy +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Les versions anteriors de l'openvpn s'iniciaven al mateix temps que la " +#~ "majoria de serveis. Aquesta característica implica que la majoria de " +#~ "serveis no poguessin utilitzar l'openvpn al no estar disponible. Les " +#~ "noves versions de l'openvpn s'iniciaran abans (ex. un enllaç S18openvpn a " +#~ "rc[235].d en comptes d'un S20openvpn)" + +#~ msgid "Would you like a TUN/TAP device to be created?" +#~ msgstr "Voleu que es creï un dispositiu TUN/TAP?" + +#~ msgid "" +#~ "If you accept here, the package will make a special device called /dev/" +#~ "net/tun for openvpn's use. If you refuse, the device won't be made now. " +#~ "Read README.Debian for details on how to make it. If you are using devfs " +#~ "refuse here." +#~ msgstr "" +#~ "Si ho accepteu, el paquet crearà un dispositiu especial anomenat /dev/net/" +#~ "tun per a l'openvpn. Si no ho accepteu, no es crearà el dispositiu. Per a " +#~ "més a informació sobre el procés llegiu el fitxer README.Debian. Si esteu " +#~ "utilitzant devfs, refuseu l'opció." + +#, fuzzy +#~ msgid "Would you like to stop openvpn before it gets upgraded?" +#~ msgstr "Voldríeu iniciar l'openvpn abans?" --- openvpn-2.1~rc19.orig/debian/po/pt.po +++ openvpn-2.1~rc19/debian/po/pt.po @@ -0,0 +1,194 @@ +# Portuguese translation for openvpn debconf messages. +# Copyright (C) Tiago Fernandes , 2006 +# This file is distributed under the same license as the Openvpn package. +# Tiago Fernandes , 2006-2008 +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn 2.0.9-1\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2008-06-24 20:24+0200\n" +"PO-Revision-Date: 2008-06-01 21:39+0100\n" +"Last-Translator: Tiago Fernandes \n" +"Language-Team: Portuguese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Criar o dispositivo TUN/TAP?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Se escolher esta opção, será criado o dispositivo /dev/net/tun preciso pelo " +"OpvnVPN." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Não deverá escolher esta opção se estiver a usar devfs." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "Vulnerable random number generator" +msgstr "Gerador de numeros aleatórios vulnerável" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"A weakness has been discovered in the random number generator used by " +"OpenSSL on Ubuntu and Debian systems. As a result of this weakness, certain " +"encryption keys are generated much more frequently than they should be, such " +"that an attacker could guess the key through a brute-force attack given " +"minimal knowledge of the system." +msgstr "" +"Foi descoberta uma fraqueza no gerador de números aleatórios utilizado pelo " +"OpenSSL nos sistemas Ubuntu e Debian. Como resultado desta fraqueza, " +"certaschaves de criptação são geradas com maior frequência do que devem ser, " +"de talforma que um atacante pode adivinhar a chave através de um ataque de " +"força bruta, dado um conhecimento minimo do sistema." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"Any keys created on a vulnerable system may be affected by this problem. The " +"'openssl-vulnkey' command may be used as a partial test for RSA keys with " +"certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared secret keys. " +"Users are urged to verify their keys or simply regenerate any server or " +"client certificates and keys in use on the system." +msgstr "" +"Quaisquer chaves criadas num sistema vulnerável podem estar afectadas por " +"este problema. O comando 'openssl-vulnkey' pode ser usado como um teste " +"parcialpara chaves RSA com certo tamanho de bits, e o 'openvpn-vulnkey' para " +"chaves secretas partilhadas do OpenVPN. É aconselhado aos utilizadores, " +"verificar com alguma urgênciaas suas chaves ou simplesmente gerar de novo " +"quaisquer certificados ou chavesde cliente e/ou servidor em utilização no " +"sistema." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Quer iniciar o openvpn mais cedo ?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "As versões anteriores do openvpn iniciavam ao mesmo tempo que a maioria " +#~ "dos outros serviços. Isto significa que a maior parte dos serviços não " +#~ "podiam usar o openvpn, uma vez que podia não estar disponível quando " +#~ "estes iniciavam. Nas novas versões do pacote openvpn, será inicado mais " +#~ "cedo. (p.exp: um link S16openvpn no rc[235].d em vez de S20openvpn)" + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Se aceitar, a actualização deste pacote irá fazer esta alteração por si. " +#~ "Se recusar, nada será alterado e o openvpn funcionará exactamente como " +#~ "antes." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Parar o OpenVPN quando actualizado?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "O processo de actualização pára o daemon em execução antes de instalar a " +#~ "nova versão. Se está a instalar ou a actualizar o sistema remotamente, " +#~ "isto poderá interromper o processo de actualização." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "A não ser que faça as suas actualizações localmente, deverá escolher NÃO " +#~ "parar o openvpn antes de ser actualizado. O processo de instalação irá " +#~ "reiniciá-lo assim que tenha completado a actualização." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Esta opção terá efeito para a próxima actualização." + +#~ msgid "Default port has changed" +#~ msgstr "O porto pré-definido foi alterado." + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "O porto pré-definido do OpenVPN foi alterado de 5000 para 1194 (atribuído " +#~ "pelo IANA). Se não especificar a porta nas suas VPN's, esta actualização " +#~ "pode interrompe-las." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Use a opção 'port 5000' se deseja manter configuração com o porto antigo, " +#~ "ou veja as regras da sua firewall para que a configuração com o novo " +#~ "porto pré-definido funcione." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Deseja parar o openvpn mais tarde?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "As versões anteriores do openvpn paravam ao mesmo tempo que a maioria dos " +#~ "outros serviços. Isto significa que alguns dos serviços que param mais " +#~ "tarde não conseguem usar o openvpn, pois pode parar antes deles. Novas " +#~ "versões do pacote openvpn irão parar o serviço mais tarde. (p.exp: um " +#~ "link K80openvpn em rc[06].d em vez de K20openvpn)" + +#~ msgid "Would you like a TUN/TAP device to be created?" +#~ msgstr "Quer criar um dispositivo TUN/TAP ?" + +#~ msgid "" +#~ "If you accept here, the package will make a special device called /dev/" +#~ "net/tun for openvpn's use. If you refuse, the device won't be made now. " +#~ "Read README.Debian for details on how to make it. If you are using devfs " +#~ "refuse here." +#~ msgstr "" +#~ "Se aceitar, o pacote irá criar um dispositivo especial chamado /dev/net/" +#~ "tun para ser usado pelos openvpn's. Se recusar, o dispositivo não será " +#~ "criado agora. Leia o README.Debian para ver os detalhes de como o criar. " +#~ "Se está a usar devfs, recuse agora." + +#~ msgid "Would you like to stop openvpn before it gets upgraded?" +#~ msgstr "Deseja parar o openvpn antes de ser actualizado?" + +#~ msgid "" +#~ "In some cases you may be upgrading openvpn in a remote server using a VPN " +#~ "to do so. The upgrade process stops the running daemon before installing " +#~ "the new version, in that case you may lose your connection, the upgrade " +#~ "may be interrupted, and you may not be able to reconnect to the remote " +#~ "host." +#~ msgstr "" +#~ "Em alguns casos pode actualizar o openvpn num servidor remoto, através de " +#~ "uma VPN. O processo de actualização pára o daemon em execução antes de " +#~ "instalar a nova versão, nesse caso pode perder a sua ligação, a " +#~ "actualização pode ser interrompida, e pode não conseguir re-estabelecer " +#~ "ligação ao computador remoto." --- openvpn-2.1~rc19.orig/debian/po/de.po +++ openvpn-2.1~rc19/debian/po/de.po @@ -0,0 +1,174 @@ +# translation of openvpn_2.1~rc7-2_de.po to German +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +# Erik Schanze , 2004-2008. +msgid "" +msgstr "" +"Project-Id-Version: openvpn_2.1~rc7-2_de\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2008-06-24 20:24+0200\n" +"PO-Revision-Date: 2008-05-29 22:46+0200\n" +"Last-Translator: Erik Schanze \n" +"Language-Team: German \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "TUN/TAP-Gerät anlegen?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Wenn Sie hier zustimmen, wird das von OpenVPN benötigte Gerät /dev/net/tun " +"erzeugt." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Sie sollten nicht zustimmen, wenn Sie Devfs benutzen." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "Vulnerable random number generator" +msgstr "Unsicherer Zufallszahlen-Generator" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"A weakness has been discovered in the random number generator used by " +"OpenSSL on Ubuntu and Debian systems. As a result of this weakness, certain " +"encryption keys are generated much more frequently than they should be, such " +"that an attacker could guess the key through a brute-force attack given " +"minimal knowledge of the system." +msgstr "" +"Im Zufallszahlen-Generator von OpenSSL auf Ubuntu- und Debian-Systemen ist " +"eine Schwachstelle gefunden worden. Diese Schwachstelle sorgt dafür, dass " +"bestimmte Verschlüsselungsschlüssel öfter erzeugt werden, als sie sollten. " +"Dadurch kann ein Angreifer den Schlüssel mittels eines »Brute-Force«-Angriffs " +"erraten, auch wenn er nur wenig über das System weiß." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"Any keys created on a vulnerable system may be affected by this problem. The " +"'openssl-vulnkey' command may be used as a partial test for RSA keys with " +"certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared secret keys. " +"Users are urged to verify their keys or simply regenerate any server or " +"client certificates and keys in use on the system." +msgstr "" +"Alle Schlüssel, die auf einem System mit dieser Schwachstelle erzeugt " +"wurden, können von diesem Problem betroffen sein. Das Kommando 'openssl-" +"vulnkey' kann als ein Teil eines Tests benutzt werden, um RSA-Schlüssel mit " +"bestimmten Bit-Größen zu überprüfen. Das Kommando 'openvpn-vulnkey' testet " +"OpenVPNs verteilte geheime Schlüssel (shared secret keys)." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Wollen Sie OpenVPN eher starten?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Frühere Versionen von OpenVPN starteten zur selben Zeit wie die meisten " +#~ "anderen Dienste. Das bedeutete, viele dieser Dienste konnten OpenVPN " +#~ "nicht benutzen, weil es noch nicht verfügbar war, als sie starteten. " +#~ "Neuere Versionen des Pakets OpenVPN starten eher. (z. B. ein Verweis " +#~ "S16openvpn in den Verzeichnissen /etc/rc[235].d anstelle von S20openvpn)" + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Wenn Sie hier zustimmen, führt das Installationsprogramm die Änderungen " +#~ "für Sie aus. Wenn Sie ablehnen, wird nichts geändert und OpenVPN " +#~ "funktioniert wie vorher." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "OpenVPN nach der Aktualisierung stoppen?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "Während der Aktualisierung wird der laufende Dienst angehalten, bevor die " +#~ "neue Version installiert wird. Wenn Sie das System von einem entfernten " +#~ "Rechner aus installieren oder aktualisieren, könnte das die " +#~ "Aktualisierung unterbrechen." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "Sie sollten OpenVPN NICHT anhalten, bevor es aktualisiert wird, außer Sie " +#~ "sind direkt vor Ort. Der Dienst wird dann am Ende der Installation neu " +#~ "gestartet." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Diese Auswahl betrifft die nächste Aktualisierung." + +#~ msgid "Default port has changed" +#~ msgstr "Standard-Port hat sich geändert" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "OpenVPNs Standard-Port wurde von 5000 nach 1194 (IANA registriert) " +#~ "geändert. Wenn Sie den Port, den Ihre VPNs nutzen, nicht angeben, werden " +#~ "sie evtl. durch diese Aktualisierung unterbrochen." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Verwenden Sie die Option 'port 5000', wenn Sie die alte Port-Einstellung " +#~ "behalten wollen oder kontrollieren Sie Ihre Firewallregeln und verwenden " +#~ "Sie die Einstellung für den neuen Standard-Port." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Wollen Sie OpenVPN später stoppen?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Frühere Versionen von OpenVPN stoppten zur selben Zeit wie die meisten " +#~ "anderen Dienste. Das bedeutete, einige Dienste, die später stoppten, " +#~ "konnten OpenVPN nicht benutzen, weil es schon beendet war. Neuere " +#~ "Versionen des Pakets OpenVPN stoppen später. (z. B. ein Verweis " +#~ "K80openvpn im Verzeichnis //dev/net/tunetc/rc[06].d anstelle von " +#~ "K20openvpn)" --- openvpn-2.1~rc19.orig/debian/po/eu.po +++ openvpn-2.1~rc19/debian/po/eu.po @@ -0,0 +1,164 @@ +# translation of openvpn-eu.po to Euskara +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Piarres Beobide , 2008. +msgid "" +msgstr "" +"Project-Id-Version: openvpn-eu\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2008-06-24 20:24+0200\n" +"PO-Revision-Date: 2008-05-22 15:07+0200\n" +"Last-Translator: Piarres Beobide \n" +"Language-Team: Euskara \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "TUN/TAP gailua sortu?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Aukera hau hautatzen baduzu OpenVPN-ek behar duen /dev/net/tun gailua " +"sortuko da." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Ez zenuke aukera hau onartu beharko devfs erabiltzen ari bazara." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "Vulnerable random number generator" +msgstr "Ausazko zenbaki sortzaile ahula" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"A weakness has been discovered in the random number generator used by " +"OpenSSL on Ubuntu and Debian systems. As a result of this weakness, certain " +"encryption keys are generated much more frequently than they should be, such " +"that an attacker could guess the key through a brute-force attack given " +"minimal knowledge of the system." +msgstr "" +"Debian eta Ubuntu sistemek erabiltzen duten OpenSSL bertsioan ahulgune bat " +"aurkitua izan da ausazko zenbaki sortzailean. Ahulgune honen eraginagatik " +"zenbait enkriptazio gako beharko luketenetan baino gehiagotan sortzen dira, " +"horregatik sistemaren ezagutza minimo duen erasotzaile batek indarrezko " +"eraso batez eskuratu ditzake." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"Any keys created on a vulnerable system may be affected by this problem. The " +"'openssl-vulnkey' command may be used as a partial test for RSA keys with " +"certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared secret keys. " +"Users are urged to verify their keys or simply regenerate any server or " +"client certificates and keys in use on the system." +msgstr "" +"Ahuldutako sistema batetan sortutako gako guztietan du honek eragina. " +"'openssl-vulnkey' komandoa erabili daiteke bit tamaina batzuetako RSA gakoak " +"probatzeko, eta 'openvpn-vulnkey' OpenVPN partekatutako gako sekretuentzat. " +"Erabiltzaileei bakoitzaren gakoak egiaztatu edo zuzenean sistemako " +"zerbitzari edo bezero ziurtagiriak eta erabiltzen diren gakoak birsortzea " +"eskatzen zaie." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Openvpn lehenago abiaraztea nahi al duzu?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Openvpn aurreko bertsioak beste zerbitzu gehienekin batera abiarazten " +#~ "ziren. Hau dela eta zerbitzu gehienen ezin zuten openvpn erabili " +#~ "abiaraztean zirenean ez bait zegoen erabilgarri. Openvpn paketearen " +#~ "bertsio berriak azkarrago abiarazten dira (adibidez: rc[235].d-en " +#~ "S16openvpn lotura sortuko da S20openvpn ordez)" + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Hemen onartuaz gero pakete eguneraketak egingo du aldaketa hau zuretzako. " +#~ "Baztertuaz gero ez da ezer aldatuko, eta openvpn-ek orain arte bezala " +#~ "funtzionatzen jarraituko du." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Bertsio-berritzean OpenVPN gelditu?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "Bertsio-berritzeak martxan dagoen deabrua gelditu egiten du bertsio " +#~ "berria instalatu aurretik. Sistema urrunetik instalatzen edo bertsio-" +#~ "berritzen ari bazara honek bertsio-berritze prozesua hondatu dezake." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "Ez bazaude bertsio-berritzeak lokalki egiten OpenVPN zerbitzaria ez " +#~ "gelditzea hautatu beharko zenuke. Instalazio prozesuak bertsio-berritzea " +#~ "osatu ondoren berrabiaraziko du." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Aukera honek hurrengo bertsio-berritzean eragingo du." + +#~ msgid "Default port has changed" +#~ msgstr "Lehenetsiriko ataka aldatua izan da" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "OpenVPN-ren lehenetsiriko ataka 5000-tik 1194-ra aldatu da (IANA-k " +#~ "ezarria). Zure VPN-etan erabiliko den ataka zehatzen ez baduzu bertsio-" +#~ "berritze honek hondatu ditzake." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "'5000 ataka' erabili ataka zaharraren konfigurazioa mantentzeko edo " +#~ "egiaztatu zure suebaki arauak lehenetsiriko ataka berriak funtzionatzeko " +#~ "onartzen duela." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Openvpn beranduago gelditu nahi al duzu?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Openvpn aurreko bertsioak beste zerbitzuekin batera gelditzen ziren. Hau " +#~ "dela eta beranduago itzaltzen ziren zerbitzuak ezin zuten vpn erabili hau " +#~ "lehenago gelditzen zen eta. Openvpn paketearen bertsio berriek zerbitzua " +#~ "beranduago gelditzen dute. (adib. rc[06].d-en K80openvpn lotura dago " +#~ "K20openvpn ordez)" --- openvpn-2.1~rc19.orig/debian/po/fi.po +++ openvpn-2.1~rc19/debian/po/fi.po @@ -0,0 +1,98 @@ +msgid "" +msgstr "" +"Project-Id-Version: openvpn\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2008-06-24 20:24+0200\n" +"PO-Revision-Date: 2008-05-24 23:40+0200\n" +"Last-Translator: Esko Arajärvi \n" +"Language-Team: Finnish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Finnish\n" +"X-Poedit-Country: FINLAND\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Luodaanko TUN/TAP-laite?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Jos valitset tämän vaihtoehdon, OpenVPN:n tarvitsema laite /dev/net/tun " +"luodaan." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Tätä vaihtoehtoa ei tulisi valita, jos käytössä on devfs." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "Vulnerable random number generator" +msgstr "Haavoittuva satunnaislukugeneraattori" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"A weakness has been discovered in the random number generator used by " +"OpenSSL on Ubuntu and Debian systems. As a result of this weakness, certain " +"encryption keys are generated much more frequently than they should be, such " +"that an attacker could guess the key through a brute-force attack given " +"minimal knowledge of the system." +msgstr "" +"Debianissa ja Ubuntussa käytössä olleesta ohjelman OpenSSL " +"satunnaislukugeneraattorista on löydetty heikkous. Siitä johtuen tietyt " +"salausavaimet luodaan huomattavasti useammin kuin olisi tarkoitus ja " +"hyökkääjä voi arvata avaimen järjestelmällisellä kokeilulla vähäisillä " +"tiedoilla järjestelmästä." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"Any keys created on a vulnerable system may be affected by this problem. The " +"'openssl-vulnkey' command may be used as a partial test for RSA keys with " +"certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared secret keys. " +"Users are urged to verify their keys or simply regenerate any server or " +"client certificates and keys in use on the system." +msgstr "" +"Tämä saattaa vaikuttaa mihin tahansa haavoittuvaisessa järjestelmässä " +"luotuun avaimeen. Komennolla ”openssl-vulnkey” voidaan osittain testata " +"tietyt kokoiset RSA-avaimet ja komennolla ”openvpn-vulnkey” OpenVPN:n jaetut " +"salaiset avaimet. Käyttäjiä kehoitetaan tarkistamaan avaimensa tai " +"yksinkertaisesti luomaan uudet palvelin- ja asiakasvarmenteet ja -avaimet " +"järjestelmään." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Pysäytetäänkö OpenVPN päivitettäessä?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "Päivitysprosessi pysäyttää taustaohjelman ennen uuden version " +#~ "asentamista. Jos asennat tai päivität järjestelmää etäyhteyden kautta, " +#~ "tämä saattaa rikkoa päivitysprosessin." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "Älä pysäytä OpenVPN:ää ennen kuin se on päivitetty, ellet päivitä sitä " +#~ "paikallisesti. Asennusprosessi käynnistää sen uudelleen, kun päivitys on " +#~ "valmis." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Tämä valinta otetaan huomioon seuraavasta päivityksestä alkaen." --- openvpn-2.1~rc19.orig/debian/po/nb.po +++ openvpn-2.1~rc19/debian/po/nb.po @@ -0,0 +1,151 @@ +# translation of nb.po_[u4VNua].po to Norwegian Bokmål +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Bjørn Steensrud , 2008. +msgid "" +msgstr "" +"Project-Id-Version: nb.po_[u4VNua]\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2008-06-24 20:24+0200\n" +"PO-Revision-Date: 2008-01-27 20:45+0100\n" +"Last-Translator: Bjørn Steensrud \n" +"Language-Team: Norwegian Bokmål \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Skal TUN/TAP-enheten opprettes?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Hvis du velger dette, så opprettes enheten /dev/net/tun/ som OpenVPN trenger." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Ikke velg dette derson du bruker devfs." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "Vulnerable random number generator" +msgstr "" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"A weakness has been discovered in the random number generator used by " +"OpenSSL on Ubuntu and Debian systems. As a result of this weakness, certain " +"encryption keys are generated much more frequently than they should be, such " +"that an attacker could guess the key through a brute-force attack given " +"minimal knowledge of the system." +msgstr "" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"Any keys created on a vulnerable system may be affected by this problem. The " +"'openssl-vulnkey' command may be used as a partial test for RSA keys with " +"certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared secret keys. " +"Users are urged to verify their keys or simply regenerate any server or " +"client certificates and keys in use on the system." +msgstr "" + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Vil du starte openvpn tidligere?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Tidligere versjoner av openvpn startet på samme tid som de fleste andre " +#~ "tjenester. Det betyr at de fleste av disse tjenestene ikke kunne bruke " +#~ "openvpn, siden den kanskje ikke var tilgjengelig da de startet. Nyere " +#~ "versjoner av openvpn-pakka starter tidligere. (dvs. en lenke i rc[235].d " +#~ "som heter S16openvpn i stedet for S20.openvpn)" + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Hvis du godtar her, så vil pakkeoppgraderingen gjøre denne endringen for " +#~ "deg. Hvis du avviser, så blir ingenting endret og openvpn fortsetter å " +#~ "virke akkurat som den gjorde før." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Skal OpenVPN stoppes når den er oppgradert?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "Oppgraderingsprosessen stopper den kjørende daemonen før den nye " +#~ "versjonen installeres. Hvis du installerer eller oppdaterer systemet over " +#~ "nettverket, så kan det ødelegge oppgraderingsprosessen." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "Hvis oppgraderinger ikke gjøres lokalt, så bør du velge å ikke stoppe " +#~ "OpenVPN før den oppgraderes. Installasjonsprosessen starter OpenVPN på " +#~ "nytt når oppgraderingen er fullført." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Dette valget får virkning for neste oppgradering." + +#~ msgid "Default port has changed" +#~ msgstr "Standardporten er endret" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "OpenVPNs standartport er endret fra 5000 til 1194 (tilordnet av IANA). " +#~ "Hvis du ikke oppgir porten som skal brukes på dine VPN-tilkoblinger, så " +#~ "kan denne oppgraderingen ødelegge dem." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Bruk valget «port 5000» hvis du vil beholde det gamle port-oppsettet, " +#~ "eller juster brannmur-reglene slik at den nye standardporten kan virke." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Vil du stoppe openvpn senere?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Tidligere versjoner av openvpn stoppet på samme tid som de fleste andre " +#~ "tjenester. Det betydde at noen tjenester som stoppet senere ikke kunne " +#~ "bruke openvpn siden den kan ha stoppet før dem. Nyere versjoner av " +#~ "openvpn-pakka vil stoppe tjenesten senere. (dvs. en lenke i rc[06].d som " +#~ "hete K80openvpn i stedet for K20openvpn)" --- openvpn-2.1~rc19.orig/debian/po/ru.po +++ openvpn-2.1~rc19/debian/po/ru.po @@ -0,0 +1,196 @@ +# Translation of OpenVPN debconf PO-file to Russian +# This file is distributed under the same license as the PACKAGE package. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER. +# Yuriy Talakan' , 2007. +# Sergey Alyoshin , 2008. +msgid "" +msgstr "" +"Project-Id-Version: openvpn_2.1~rc7-2_ru\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2008-06-24 20:24+0200\n" +"PO-Revision-Date: 2008-05-30 17:43+0400\n" +"Last-Translator: Sergey Alyoshin \n" +"Language-Team: Russian \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.9.1\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%" +"10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Создать устройство TUN/TAP?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"При выборе этой опции, будет создано устройство /dev/net/tun, необходимое " +"для OpenVPN." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Вам не следует выбирать эту опцию при использовании devfs." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "Vulnerable random number generator" +msgstr "Уязвимый генератор случайных чисел" + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"A weakness has been discovered in the random number generator used by " +"OpenSSL on Ubuntu and Debian systems. As a result of this weakness, certain " +"encryption keys are generated much more frequently than they should be, such " +"that an attacker could guess the key through a brute-force attack given " +"minimal knowledge of the system." +msgstr "" +"В генераторе случайных чисел систем Debian и Ubuntu использующем OpenSSL " +"была обнаружена уязвимость. В результате чего, определённые ключи шифрования " +"генерируются намного чаще, чем это следует, так что атакующий может " +"подобрать ключ атакой перебором, обладая минимальными знаниями о системе." + +#. Type: note +#. Description +#: ../templates:3001 +msgid "" +"Any keys created on a vulnerable system may be affected by this problem. The " +"'openssl-vulnkey' command may be used as a partial test for RSA keys with " +"certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared secret keys. " +"Users are urged to verify their keys or simply regenerate any server or " +"client certificates and keys in use on the system." +msgstr "" +"Любые ключи созданные на уязвимой системе могут быть подвержены этой " +"проблеме. Команда 'openssl-vulnkey' может использоваться как частичный тест " +"для ключей RSA с определёнными битовыми размерами, а команда 'openvpn-" +"vulnkey' -- для разделяемых секретных ключей OpenVPN. Пользователям " +"настоятельно рекомендуется проверить их ключи или пересоздать любые " +"серверные и клиентские сертификаты и ключи использующиеся в системе." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Запускать OpenVPN раньше?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Предыдущие версии OpenVPN запускались в то же время, что и большинство " +#~ "остальных сервисов. Это означает, что большинство из этих сервисов не " +#~ "могут использовать OpenVPN, поскольку он мог быть недоступен, когда они " +#~ "запустились. Новые версии пакета OpenVPN запускаются раньше. (т.е. ссылка " +#~ "S16openvpn в rc[235].d вместо S20openvpn)" + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Если согласиться, то обновление пакета сделает для вас это изменение. " +#~ "Если отклонить, то ничего не изменится, и OpenVPN будет работать по-" +#~ "прежнему." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Остановить OpenVPN при обновлении?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "Процесс обновления остановит выполняющийся сервис-демон перед установкой " +#~ "новой версии. Если вы устанавливаете или обновляете систему удалённо, это " +#~ "может нарушить процесс обновления." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "Если вы не выполняете обновление локально, то не следует останавливать " +#~ "OpenVPN до завершения обновления. Процесс установки перезапустит его по " +#~ "завершению обновления." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Эта опция начнёт действовать при следующем обновлении." + +#~ msgid "Default port has changed" +#~ msgstr "Порт по умолчанию изменился" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "Порт по умолчанию для OpenVPN изменился с 5000 на 1194 (назначено IANA). " +#~ "Если вы не указали используемый порт в ваших VPN, то это обновление может " +#~ "сломать их." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Используйте опцию 'port 5000', если хотите оставить старую настройку " +#~ "порта, или пересмотрите ваши правила межсетевого экрана чтобы разрешить " +#~ "работу новой настройки порта по умолчанию." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Останавливать OpenVPN позже?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Предыдущие версии OpenVPN останавливались в то же время, что и " +#~ "большинство остальных сервисов. Это значит, что некоторые из " +#~ "останавливаемых позже сервисов не могут использовать OpenVPN, поскольку " +#~ "он мог быть остановлен перед ними. Новые версии пакета OpenVPN " +#~ "останавливают сервис позже. (т.е. ссылка K80openvpn в rc[06].d вместо " +#~ "K20openvpn)" + +#~ msgid "Would you like a TUN/TAP device to be created?" +#~ msgstr "Создать устройство TUN/TAP?" + +#~ msgid "" +#~ "If you accept here, the package will make a special device called /dev/" +#~ "net/tun for openvpn's use. If you refuse, the device won't be made now. " +#~ "Read README.Debian for details on how to make it. If you are using devfs " +#~ "refuse here." +#~ msgstr "" +#~ "Если Вы согласитесь, то пакет создаст для нужд openvpn специальное " +#~ "устройство по имени /dev/net/tun. Если Вы откажетесь, то устройство не " +#~ "будет сейчас создано. Прочитайте детали его создания в README.Debian. " +#~ "Если Вы используете devfs, откажитесь здесь." + +#~ msgid "Would you like to stop openvpn before it gets upgraded?" +#~ msgstr "Остановить openvpn перед обновлением?" + +#~ msgid "" +#~ "In some cases you may be upgrading openvpn in a remote server using a VPN " +#~ "to do so. The upgrade process stops the running daemon before installing " +#~ "the new version, in that case you may lose your connection, the upgrade " +#~ "may be interrupted, and you may not be able to reconnect to the remote " +#~ "host." +#~ msgstr "" +#~ "В некоторых случаях Вы можете обновлять openvpn на удаленном сервере, " +#~ "используя для этого VPN. Процесс обновления остановит работающий демон " +#~ "перед установкой новой версии, в этом случае Вы можете потерять Ваше " +#~ "подключение, обновление может быть прервано, и Вы не сможете подключиться " +#~ "заново к удаленной машине."