--- strongswan-4.2.4.orig/src/ipsec/ipsec.in +++ strongswan-4.2.4/src/ipsec/ipsec.in @@ -326,7 +326,7 @@ ;; version|--version) echo "Linux $IPSEC_NAME $IPSEC_VERSION" - echo -e $IPSEC_DISTRO + printf "$IPSEC_DISTRO\n" echo "See \`ipsec --copyright' for copyright information." exit 0 ;; --- strongswan-4.2.4.orig/debian/ipsec.secrets.proto +++ strongswan-4.2.4/debian/ipsec.secrets.proto @@ -0,0 +1,11 @@ +# This file holds shared secrets or RSA private keys for inter-Pluto +# authentication. See ipsec_pluto(8) manpage, and HTML documentation. + +# RSA private key for this host, authenticating it to any other host +# which knows the public part. Suitable public keys, for ipsec.conf, DNS, +# or configuration of other implementations, can be extracted conveniently +# with "ipsec showhostkey". + +# this file is managed with debconf and will contain the automatically created private key +include /var/lib/strongswan/ipsec.secrets.inc + --- strongswan-4.2.4.orig/debian/strongswan.dirs +++ strongswan-4.2.4/debian/strongswan.dirs @@ -0,0 +1,16 @@ +/etc +/etc/ipsec.d +/etc/ipsec.d/cacerts +/etc/ipsec.d/ocspcerts +/etc/ipsec.d/crls +/etc/ipsec.d/private +/etc/ipsec.d/policies +/etc/init.d +/etc/logcheck/ignore.d.paranoid +/etc/logcheck/ignore.d.server +/etc/logcheck/ignore.d.workstation +/etc/logcheck/violations.ignore.d +/usr/sbin +/usr/share/lintian/overrides +/var/lock/subsys +/var/lib/strongswan --- strongswan-4.2.4.orig/debian/watch +++ strongswan-4.2.4/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://download.strongswan.org/strongswan-([\d.]+)\.tar\.bz2 --- strongswan-4.2.4.orig/debian/patches/01-fix-potential-DoS.dpatch +++ strongswan-4.2.4/debian/patches/01-fix-potential-DoS.dpatch @@ -0,0 +1,111 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 01-fix-potential-DoS.dpatch by +## +## All lines beginning with ## DP:' are a description of the patch. +## DP: Fixes a potential DoS issue, backported from 4.2.7. + +@DPATCH@ + +Index: strongswan/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +=================================================================== +--- strongswan/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c (revision 4317) ++++ strongswan/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c (revision 4345) +@@ -94,9 +94,13 @@ + mpz_powm(c, m, this->e, this->n); + +- encrypted.len = this->k; +- encrypted.ptr = mpz_export(NULL, NULL, 1, encrypted.len, 1, 0, c); ++ encrypted.len = this->k; ++ encrypted.ptr = mpz_export(NULL, NULL, 1, encrypted.len, 1, 0, c); ++ if (encrypted.ptr == NULL) ++ { ++ encrypted.len = 0; ++ } + + mpz_clear(c); +- mpz_clear(m); ++ mpz_clear(m); + + return encrypted; +Index: strongswan/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c +=================================================================== +--- strongswan/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c (revision 3806) ++++ strongswan/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c (revision 4345) +@@ -344,5 +344,5 @@ + */ + mpz_t g; +- ++ + /** + * My private value. +@@ -354,5 +354,5 @@ + */ + mpz_t ya; +- ++ + /** + * Other public value. +@@ -374,5 +374,5 @@ + */ + size_t p_len; +- ++ + /** + * True if shared secret is computed and stored in my_public_value. +@@ -441,5 +441,9 @@ + } + value->len = this->p_len; +- value->ptr = mpz_export(NULL, NULL, 1, value->len, 1, 0, this->yb); ++ value->ptr = mpz_export(NULL, NULL, 1, value->len, 1, 0, this->yb); ++ if (value->ptr == NULL) ++ { ++ return FAILED; ++ } + return SUCCESS; + } +@@ -452,4 +456,8 @@ + value->len = this->p_len; + value->ptr = mpz_export(NULL, NULL, 1, value->len, 1, 0, this->ya); ++ if (value->ptr == NULL) ++ { ++ value->len = 0; ++ } + } + +@@ -464,5 +472,9 @@ + } + secret->len = this->p_len; +- secret->ptr = mpz_export(NULL, NULL, 1, secret->len, 1, 0, this->zz); ++ secret->ptr = mpz_export(NULL, NULL, 1, secret->len, 1, 0, this->zz); ++ if (secret->ptr == NULL) ++ { ++ return FAILED; ++ } + return SUCCESS; + } +Index: strongswan/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +=================================================================== +--- strongswan/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c (revision 4317) ++++ strongswan/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c (revision 4345) +@@ -192,4 +192,8 @@ + decrypted.len = this->k; + decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1); ++ if (decrypted.ptr == NULL) ++ { ++ decrypted.len = 0; ++ } + + mpz_clear_randomized(t1); +Index: strongswan/src/openac/openac.c +=================================================================== +--- strongswan/src/openac/openac.c (revision 4318) ++++ strongswan/src/openac/openac.c (revision 4345) +@@ -104,4 +104,8 @@ + chunk.len = 1 + mpz_sizeinbase(number, 2)/BITS_PER_BYTE; + chunk.ptr = mpz_export(NULL, NULL, 1, chunk.len, 1, 0, number); ++ if (chunk.ptr == NULL) ++ { ++ chunk.len = 0; ++ } + return chunk; + } --- strongswan-4.2.4.orig/debian/patches/strongswan-glibc28-buildfix.dpatch +++ strongswan-4.2.4/debian/patches/strongswan-glibc28-buildfix.dpatch @@ -0,0 +1,30 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run + + +@DPATCH@ +diff -Naur strongswan-4.1.11.orig/src/charon/network/socket-raw.c strongswan-4.1.11/src/charon/network/socket-raw.c +--- strongswan-4.1.11.orig/src/charon/network/socket-raw.c 2007-11-26 20:03:06.000000000 +0000 ++++ strongswan-4.1.11/src/charon/network/socket-raw.c 2008-06-23 17:29:32.000000000 +0000 +@@ -22,6 +22,9 @@ + * for more details. + */ + ++/* for struct in6_pktinfo */ ++#define _GNU_SOURCE ++ + #include + #include + #include +diff -Naur strongswan-4.1.11.orig/src/charon/network/socket.c strongswan-4.1.11/src/charon/network/socket.c +--- strongswan-4.1.11.orig/src/charon/network/socket.c 2007-11-26 20:03:06.000000000 +0000 ++++ strongswan-4.1.11/src/charon/network/socket.c 2008-06-23 17:29:07.000000000 +0000 +@@ -22,6 +22,9 @@ + * for more details. + */ + ++/* for struct in6_pktinfo */ ++#define _GNU_SOURCE ++ + #include + #include + #include --- strongswan-4.2.4.orig/debian/patches/00list +++ strongswan-4.2.4/debian/patches/00list @@ -0,0 +1,2 @@ +01-fix-potential-DoS.dpatch +strongswan-glibc28-buildfix.dpatch --- strongswan-4.2.4.orig/debian/compat +++ strongswan-4.2.4/debian/compat @@ -0,0 +1 @@ +5 --- strongswan-4.2.4.orig/debian/control +++ strongswan-4.2.4/debian/control @@ -0,0 +1,42 @@ +Source: strongswan +Section: net +Priority: optional +XSBC-Original-Maintainer: Rene Mayrhofer +Maintainer: Ubuntu MOTU Developers +Standards-Version: 3.8.0 +Build-Depends: debhelper (>= 4.1.16), libtool, libgmp3-dev, libssl-dev (>= 0.9.8-1), libcurl3-dev | libcurl2-dev, libopensc2-dev | libopensc1-dev | libopensc0-dev, libldap2-dev, libpam0g-dev, libkrb5-dev, bison, flex, dpatch, bzip2, po-debconf, hardening-wrapper, network-manager-dev, libfcgi-dev, clearsilver-dev, libxml2-dev, libsqlite3-dev + +Package: strongswan +Architecture: any +Pre-Depends: debconf | debconf-2.0 +Depends: ${shlibs:Depends}, ${misc:Depends}, bsdmainutils, debianutils (>=1.7), ipsec-tools, openssl, host, iproute +Suggests: curl +Provides: ike-server +Conflicts: freeswan (<< 2.04-12), openswan +Replaces: openswan +Description: IPSec utilities for strongSwan + IPSec is Internet Protocol SECurity. It uses strong cryptography to provide + both authentication and encryption services. Authentication ensures that + packets are from the right sender and have not been altered in transit. + Encryption prevents unauthorised reading of packet contents. + . + This version of strongSwan supports Opportunistic Encryption (OE) out of the + box. OE enables you to set up IPSec tunnels to a site without + co-ordinating with the site administrator, and without hand + configuring each tunnel. If enough sites support OE, a "FAX effect" + occurs, and many of us can communicate without eavesdroppers. + . + In addition to OE, you may manually configure secure tunnels through + untrusted networks. Everything passing through the untrusted net is + encrypted by the IPSec gateway machine and decrypted by the gateway + at the other end. The result is Virtual Private Network or VPN. This + is a network which is effectively private even though it includes + machines at several different sites connected by the insecure Internet. + . + Please note that you will need a recent kernel (>=2.4.24 or 2.6.x) + for using this package. The standard Debian kernel includes both IPSec + and crypto support, patching the kernel is no longer necessary! + . + If you want to use the KLIPS IPSec code for kernel modules instead of the + native ones, you will need to install either openswan-modules-source or + linux-patch-openswan and build the respective modules for your kernel. --- strongswan-4.2.4.orig/debian/logcheck.violations.ignore +++ strongswan-4.2.4/debian/logcheck.violations.ignore @@ -0,0 +1 @@ +ipsec_setup: KLIPS debug `none' --- strongswan-4.2.4.orig/debian/strongswan.templates +++ strongswan-4.2.4/debian/strongswan.templates @@ -0,0 +1,221 @@ +Template: strongswan/start_level +Type: select +_Choices: earliest, "after NFS", "after PCMCIA" +Default: earliest +_Description: When to start strongSwan: + There are three possibilities when strongSwan can start: before or + after the NFS services and after the PCMCIA services. The correct answer + depends on your specific setup. + . + If you do not have your /usr tree mounted via NFS (either you only mount + other, less vital trees via NFS or don't use NFS mounted trees at all) and + don't use a PCMCIA network card, then it's best to start strongSwan at + the earliest possible time, thus allowing the NFS mounts to be secured by + IPSec. In this case (or if you don't understand or care about this + issue), answer "earliest" to this question (the default). + . + If you have your /usr tree mounted via NFS and don't use a PCMCIA network + card, then you will need to start strongSwan after NFS so that all + necessary files are available. In this case, answer "after NFS" to this + question. Please note that the NFS mount of /usr can not be secured by + IPSec in this case. + . + If you use a PCMCIA network card for your IPSec connections, then you only + have to choose to start it after the PCMCIA services. Answer "after + PCMCIA" in this case. This is also the correct answer if you want to fetch + keys from a locally running DNS server with DNSSec support. + +Template: strongswan/restart +Type: boolean +Default: true +_Description: Do you wish to restart strongSwan? + Restarting strongSwan is a good idea, since if there is a security fix, it + will not be fixed until the daemon restarts. Most people expect the daemon + to restart, so this is generally a good idea. However this might take down + existing connections and then bring them back up. + +Template: strongswan/ikev1 +Type: boolean +Default: true +_Description: Do you wish to support IKEv1? + strongSwan supports both versions of the Internet Key Exchange protocol, + IKEv1 and IKEv2. Do you want to start the "pluto" daemon for IKEv1 support + when strongSwan is started? + +Template: strongswan/ikev2 +Type: boolean +Default: true +_Description: Do you wish to support IKEv2? + strongSwan supports both versions of the Internet Key Exchange protocol, + IKEv1 and IKEv2. Do you want to start the "charon" daemon for IKEv2 support + when strongSwan is started? + +Template: strongswan/create_rsa_key +Type: boolean +Default: true +_Description: Do you want to create a RSA public/private keypair for this host? + This installer can automatically create a RSA public/private keypair for + this host. This keypair can be used to authenticate IPSec connections to + other hosts and is the preferred way for building up secure IPSec + connections. The other possibility would be to use shared secrets + (passwords that are the same on both sides of the tunnel) for + authenticating an connection, but for a larger number of connections RSA + authentication is easier to administer and more secure. + . + If you do not want to create a new public/private keypair, you can choose to + use an existing one. + +Template: strongswan/rsa_key_type +Type: select +_Choices: x509, plain +Default: x509 +_Description: The type of RSA keypair to create: + It is possible to create a plain RSA public/private keypair for use + with strongSwan or to create a X509 certificate file which contains the RSA + public key and additionally stores the corresponding private key. + . + If you only want to build up IPSec connections to hosts also running + strongSwan, it might be a bit easier using plain RSA keypairs. But if you + want to connect to other IPSec implementations, you will need a X509 + certificate. It is also possible to create a X509 certificate here and + extract the RSA public key in plain format if the other side runs + strongSwan without X509 certificate support. + . + Therefore a X509 certificate is recommended since it is more flexible and + this installer should be able to hide the complex creation of the X509 + certificate and its use in strongSwan anyway. + +Template: strongswan/existing_x509_certificate +Type: boolean +Default: false +_Description: Do you have an existing X509 certificate file for strongSwan? + This installer can automatically extract the needed information from an + existing X509 certificate with a matching RSA private key. Both parts can + be in one file, if it is in PEM format. If you have such an existing + certificate and key file and want to use it for authenticating IPSec + connections, then please answer yes. + +Template: strongswan/existing_x509_certificate_filename +Type: string +_Description: File name of your X509 certificate in PEM format: + Please enter the full location of the file containing your X509 + certificate in PEM format. + +Template: strongswan/existing_x509_key_filename +Type: string +_Description: File name of your X509 private key in PEM format: + Please enter the full location of the file containing the private RSA key + matching your X509 certificate in PEM format. This can be the same file + that contains the X509 certificate. + +Template: strongswan/rsa_key_length +Type: string +Default: 2048 +_Description: The length of the created RSA key (in bits): + Please enter the length of the created RSA key. It should not be less than + 1024 bits because this should be considered unsecure and you will probably + not need anything more than 2048 bits because it only slows the + authentication process down and is not needed at the moment. + +Template: strongswan/x509_self_signed +Type: boolean +Default: true +_Description: Do you want to create a self-signed X509 certificate? + This installer can only create self-signed X509 certificates + automatically, because otherwise a certificate authority is needed to sign + the certificate request. If you want to create a self-signed certificate, + you can use it immediately to connect to other IPSec hosts that support + X509 certificate for authentication of IPSec connections. However, if you + want to use the new PKI features of strongSwan >= 1.91, you will need to + have all X509 certificates signed by a single certificate authority to + create a trust path. + . + If you do not want to create a self-signed certificate, then this + installer will only create the RSA private key and the certificate request + and you will have to get the certificate request signed by your certificate + authority. + +Template: strongswan/x509_country_code +Type: string +Default: AT +_Description: Country code for the X509 certificate request: + Please enter the 2 letter country code for your country. This code will be + placed in the certificate request. + . + You really need to enter a valid country code here, because openssl will + refuse to generate certificates without one. An empty field is allowed for + any other field of the X.509 certificate, but not for this one. + . + Example: AT + +Template: strongswan/x509_state_name +Type: string +Default: +_Description: State or province name for the X509 certificate request: + Please enter the full name of the state or province you live in. This name + will be placed in the certificate request. + . + Example: Upper Austria + +Template: strongswan/x509_locality_name +Type: string +Default: +_Description: Locality name for the X509 certificate request: + Please enter the locality (e.g. city) where you live. This name will be + placed in the certificate request. + . + Example: Vienna + +Template: strongswan/x509_organization_name +Type: string +Default: +_Description: Organization name for the X509 certificate request: + Please enter the organization (e.g. company) that the X509 certificate + should be created for. This name will be placed in the certificate + request. + . + Example: Debian + +Template: strongswan/x509_organizational_unit +Type: string +Default: +_Description: Organizational unit for the X509 certificate request: + Please enter the organizational unit (e.g. section) that the X509 + certificate should be created for. This name will be placed in the + certificate request. + . + Example: security group + +Template: strongswan/x509_common_name +Type: string +Default: +_Description: Common name for the X509 certificate request: + Please enter the common name (e.g. the host name of this machine) for + which the X509 certificate should be created for. This name will be placed + in the certificate request. + . + Example: gateway.debian.org + +Template: strongswan/x509_email_address +Type: string +Default: +_Description: Email address for the X509 certificate request: + Please enter the email address of the person or organization who is + responsible for the X509 certificate, This address will be placed in the + certificate request. + +Template: strongswan/enable-oe +Type: boolean +Default: false +_Description: Do you wish to enable opportunistic encryption in strongSwan? + strongSwan comes with support for opportunistic encryption (OE), which stores + IPSec authentication information (i.e. RSA public keys) in (preferably + secure) DNS records. Until this is widely deployed, activating it will + cause a significant slow-down for every new, outgoing connection. Since + version 2.0, strongSwan upstream comes with OE enabled by default and is thus + likely to break your existing connection to the Internet (i.e. your default + route) as soon as pluto (the strongSwan keying daemon) is started. + . + Please choose whether you want to enable support for OE. If unsure, do not + enable it. + --- strongswan-4.2.4.orig/debian/strongswan.lintian-overrides +++ strongswan-4.2.4/debian/strongswan.lintian-overrides @@ -0,0 +1,3 @@ +strongswan: non-standard-file-perm etc/ipsec.secrets 0600 != 0644 +strongswan: non-standard-dir-perm etc/ipsec.d/examples/ 0775 != 0755 +strongswan: non-standard-dir-perm etc/ipsec.d/private/ 0700 != 0755 --- strongswan-4.2.4.orig/debian/logcheck.ignore.paranoid +++ strongswan-4.2.4/debian/logcheck.ignore.paranoid @@ -0,0 +1,20 @@ +ipsec_setup: KLIPS debug \`none\' +ipsec_setup: Stopping FreeS/WAN IPsec\.\.\. +ipsec_setup: stop ordered +ipsec_setup: doing cleanup anywan... +ipsec_setup: \.\.\.FreeS/WAN IPsec stopped +ipsec_setup: Starting FreeS/WAN IPsec +ipsec_setup: \.\.\.FreeS/WAN IPsec started +ipsec_plutorun: .*: initiate +pluto.*: deleting state +pluto.*: forgetting secrets +pluto.*: shutting down +pluto.*: \| +pluto.*: .* bytes loaded +pluto.*: including X\.509 patch +pluto.*: Loading my X\.509 certificate +pluto.*: Starting pluto +pluto.*: adding interface +pluto.*: listening for IKE messages +pluto.*: loading secrets +pluto.*: regenerating DH private secret --- strongswan-4.2.4.orig/debian/po/vi.po +++ strongswan-4.2.4/debian/po/vi.po @@ -0,0 +1,595 @@ +# Vietnamese translation for openswan. +# Copyright © 2005 Free Software Foundation, Inc. +# Clytie Siddall , 2005. +# +msgid "" +msgstr "" +"Project-Id-Version: openswan 1/2.2.0-10\n" +"Report-Msgid-Bugs-To: rmayr@debian.org\n" +"POT-Creation-Date: 2007-07-05 01:24+0100\n" +"PO-Revision-Date: 2005-07-03 13:49+0930\n" +"Last-Translator: Clytie Siddall \n" +"Language-Team: Vietnamese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0\n" +"X-Generator: LocFactoryEditor 1.2.2\n" + +#. Type: select +#. Choices +#: ../strongswan.templates:1001 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "sớm nhất, «sau NFS», «sau PCMCIA»" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +#, fuzzy +msgid "When to start strongSwan:" +msgstr "Bạn có muốn khởi chạy lại trình Openswan không?" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +#, fuzzy +msgid "" +"There are three possibilities when strongSwan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" +"Trong những cấp khởi chạy Debian hiện thời (gần mọi trình khởi chạy trên cấp " +"20), không thể đảm bảo trình Openswan sẽ khởi chạy vào điểm thời đúng. Có ba " +"lúc có thể khởi chạy trình Openswan: lúc trước hay lúc sau dịch vụ NFS và " +"lúc sau dịch vụ PCMCIA. Giá trị đúng phụ thuộc vào thiết lập riêng của bạn." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +#, fuzzy +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start strongSwan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" +"Nếu bạn không có cây «/usr» mình được gắn thông qua NFS (hoặc bạn chỉ gắn " +"cây khác, ít quan trọng hơn, thông qua NFS, hoặc bạn không sử dụng cây do " +"NFS gắn cách nào cả) và không sử dụng một thẻ mạng PCMCIA, thì tốt nhất là " +"khởi chạy trình Openswan càng sớm càng có thể, mà cho phép IPSec bảo vệ " +"những điểm gắn NFS. Trong trường hợp này (hoặc nếu bạn không hiểu được vấn " +"đề này, hoặc không nghĩ nó là quan trọng) thì hãy trả lời «sớm " +"nhất» (earliest: giá trị mặc định) cho câu hỏi này." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +#, fuzzy +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start strongSwan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" +"Nếu bạn có cây «/usr» mình được gắn thông qua NFS và không sử dụng một thẻ " +"mạng PCMCIA, thì bạn sẽ cần phải khởi chạy Openswan sau NFS, để mọi tập tin " +"cần thiết có sẵn sàng. Trong trường hợp này, hãy trả lời «sau NFS» (after " +"NFS) cho câu hỏi này. Tuy nhiên, IPsec sẽ không thể bảo vệ điểm gắn của «/" +"usr» trong trường hợp này." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" +"Nếu bạn sử dụng thẻ PCMCIA để kết nối cách loại IPSec, thì chỉ hãy chọn khởi " +"chạy FreeS/WAN sau những dịch vụ PCMCIA. Hãy trả lời «sau PCMCIA» trong " +"trường hợp này. Trả lời này cũng đúng nếu bạn muốn gọi khóa từ một máy phục " +"vụ DNS chạy địa phương có loại hỗ trợ DNSSec." + +#. Type: boolean +#. Description +#: ../strongswan.templates:2001 +#, fuzzy +msgid "Do you wish to restart strongSwan?" +msgstr "Bạn có muốn khởi chạy lại trình Openswan không?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:2001 +#, fuzzy +msgid "" +"Restarting strongSwan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" +"Khởi chạy lại trình Openswan là một ý kiến tốt, vì nó hiệu lực việc sửa bảo " +"mật mới nào. Phần lớn người ngờ trình nền (dæmon) sẽ khởi chạy lại, thì nói " +"chung làm như thế là một ý kiến tốt. Tuy nhiên, việc khởi chạy lại có thể " +"ngắt các sự kết nối hiện thời, rồi kết nối chúng lại." + +#. Type: boolean +#. Description +#: ../strongswan.templates:3001 +#, fuzzy +msgid "Do you wish to support IKEv1?" +msgstr "Bạn có muốn khởi chạy lại trình Openswan không?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:3001 +msgid "" +"strongSwan supports both versions of the Internet Key Exchange protocol, " +"IKEv1 and IKEv2. Do you want to start the \"pluto\" daemon for IKEv1 support " +"when strongSwan is started?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:4001 +#, fuzzy +msgid "Do you wish to support IKEv2?" +msgstr "Bạn có muốn khởi chạy lại trình Openswan không?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:4001 +msgid "" +"strongSwan supports both versions of the Internet Key Exchange protocol, " +"IKEv1 and IKEv2. Do you want to start the \"charon\" daemon for IKEv2 " +"support when strongSwan is started?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +#, fuzzy +msgid "Do you want to create a RSA public/private keypair for this host?" +msgstr "Bạn có muốn tạo một cặp khóa công/riêng RSA cho máy này không?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" +"Trình cài đặt này có thể tự động tạo một cặp khóa công/riêng RSA cho máy " +"này. Có thể sử dụng cặp khóa này để xác thực cách kết nối IPSec tới máy " +"khác, và nó là cách ưa thích để xây dụng cách kết nối IPSec bảo mật. Hoặc có " +"thể sử dụng «bí mật dùng chung» (shared secrets), mà có cùng một mật khẩu " +"tại cả hai đầu và cuối đều đường hầm, để xác thực mỗi sự kết nối. Tuy nhiên, " +"với sự kết nối rất nhiều, dễ hơn để sử dụng cách xác thực RSA và nó bảo mật " +"hơn. " + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +#, fuzzy +msgid "" +"If you do not want to create a new public/private keypair, you can choose to " +"use an existing one." +msgstr "Bạn có muốn tạo một cặp khóa công/riêng RSA cho máy này không?" + +#. Type: select +#. Choices +#: ../strongswan.templates:6001 +msgid "x509, plain" +msgstr "x509, giản dị" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +#, fuzzy +msgid "The type of RSA keypair to create:" +msgstr "Bạn có muốn tạo cặp khóa RSA loại nào?" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +#, fuzzy +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"strongSwan or to create a X509 certificate file which contains the RSA " +"public key and additionally stores the corresponding private key." +msgstr "" +"Có thể tạo một cặp khóa công/riêng RSA thô để sử dụng với trình Openswan, " +"hoặc tạo một tập tin chứng nhận X509 chứa khóa công RSA ấy và cũng cất giữ " +"khóa riêng tương ứng." + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +#, fuzzy +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"strongSwan, it might be a bit easier using plain RSA keypairs. But if you " +"want to connect to other IPSec implementations, you will need a X509 " +"certificate. It is also possible to create a X509 certificate here and " +"extract the RSA public key in plain format if the other side runs strongSwan " +"without X509 certificate support." +msgstr "" +"Nếu bạn chỉ muốn xây dụng sự kết nối IPSec đến máy cũng chạy trình Openswan, " +"có thể dễ dàng hơn khi sử dụng cặp khóa RSA thô. Còn nếu bạn muốn kết nối " +"đến một sự thực hiện IPSec khác, thì bạn sẽ cần có một chứng nhận loại X509. " +"Cũng có thể tạo một chứng nhận X509 tại đây, rồi rút khóa công RSA có dạng " +"thô, nếu bên khác có chạy trình Openswan không có hỗ trợ chứng nhận X509." + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +#, fuzzy +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in strongSwan anyway." +msgstr "" +"Vì vậy khuyến khích một chứng nhận X509, vì nó dẻo hơn và trình cài đặt này " +"nên có thể ẩn việc phức tạp tạo chứng nhận X509 và cách dùng nó trong trình " +"Openswan." + +#. Type: boolean +#. Description +#: ../strongswan.templates:7001 +#, fuzzy +msgid "Do you have an existing X509 certificate file for strongSwan?" +msgstr "" +"Bạn có một tập tin chứng nhận X509 mà bạn muốn sử dụng với trình Openswan " +"chưa?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:7001 +#, fuzzy +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. If you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections, then please answer yes." +msgstr "" +"Trình cài đặt này có thể tự động giải mã thông tin cần thiết ra một chứng " +"nhận X509 đã có, với khóa riêng RSA tương ứng. Cả hai điều có thể trong cùng " +"một tập tin, nếu nó có dạng PEM. Bạn có chứng nhận đã có như vậy, và muốn sử " +"dụng nó để xác thực cách kết nối IPSec không?" + +#. Type: string +#. Description +#: ../strongswan.templates:8001 +#, fuzzy +msgid "File name of your X509 certificate in PEM format:" +msgstr "Hãy nhập địa điểm của chứng nhận X509 của bạn, có dạng PEM." + +#. Type: string +#. Description +#: ../strongswan.templates:8001 +#, fuzzy +msgid "" +"Please enter the full location of the file containing your X509 certificate " +"in PEM format." +msgstr "" +"Hãy nhập địa điểm của tập tin chứa chứng nhận X509 của bạn, có dạng PEM." + +#. Type: string +#. Description +#: ../strongswan.templates:9001 +#, fuzzy +msgid "File name of your X509 private key in PEM format:" +msgstr "Hãy nhập địa điểm của khóa riêng X509 của bạn, có dạng PEM." + +#. Type: string +#. Description +#: ../strongswan.templates:9001 +#, fuzzy +msgid "" +"Please enter the full location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" +"Hãy nhập địa điểm của tập tin chứa khóa RSA riêng khớp với chứng nhận X509 " +"của bạn, có dạng PEM. Có thể là cùng một tập tin chứa chứng nhận X509." + +#. Type: string +#. Description +#: ../strongswan.templates:10001 +#, fuzzy +msgid "The length of the created RSA key (in bits):" +msgstr "Khóa RSA mới được tạo nên có độ dài nào?" + +#. Type: string +#. Description +#: ../strongswan.templates:10001 +#, fuzzy +#| msgid "" +#| "Please enter the length of the created RSA key. it should not be less " +#| "than 1024 bits because this should be considered unsecure and you will " +#| "probably not need anything more than 2048 bits because it only slows the " +#| "authentication process down and is not needed at the moment." +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Hãy nhập độ dài của khóa RSA mới được tạo. Nên có ít nhất 1024 bit, vì khóa " +"nào nhỏ hơn kích thước ấy không phải là bảo mật. Rất có thể là bạn sẽ không " +"cần sử dụng độ dài hơn 2048 bit, vì nó chỉ giảm tốc độ tiến trình xác thực, " +"và hiện thời không cần thiết." + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +#, fuzzy +msgid "Do you want to create a self-signed X509 certificate?" +msgstr "Bạn có muốn tạo một chứng nhận X509 tự ký không?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +#, fuzzy +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of strongSwan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" +"Trình cài đặt này chỉ có thể tự động tạo chứng nhận X509 tự ký, vì nếu không " +"thì một nhà cầm quyền chứng nhận (Certificate Authority, CA) phải ký lời yêu " +"cầu chứng nhận ấy. Nếu bạn muốn tạo một chứng nhận tự ký, bạn có thể sử dụng " +"nó ngay lập tức để kết nối đến máy IPSec khác có hỗ trợ sử dụng chứng nhận " +"X509 để xác thực sự kết nối IPSec. Tuy nhiên, nếu bạn muốn sử dụng những " +"tính năng PKI mới của trình Openswan phiên bản ≥1.91, bạn sẽ phải có tất cả " +"những chứng nhận X509 được ký bởi một nhà cầm quyền chứng nhận riêng lẻ, để " +"tạo một «đường dẫn tin cây» (trust path)." + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +#, fuzzy +#| msgid "" +#| "If you do not want to create a self-signed certificate, then this " +#| "installer will only create the RSA private key and the certificate " +#| "request and you will have to sign the certificate request with your " +#| "certificate authority." +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to get the certificate request signed by your certificate " +"authority." +msgstr "" +"Nếu bạn không muốn tạo một chứng nhận tự ký, thì trình cài đặt này sẽ tạo " +"chỉ khóa RSA riêng và lời yêu cầu chứng nhận, và bạn sẽ phải ký lời yêu cầu " +"ấy dùng nhà cầm quyền chứng nhận bạn." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +#, fuzzy +msgid "Country code for the X509 certificate request:" +msgstr "Hãy nhập mã quốc gia cho lời yêu cầu chứng nhận X509." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" +"Hãy nhập mã hai chữ cho quốc gia bạn. Sẽ chèn mã này vào lời yêu cầu chứng " +"nhận." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" +"Bạn thật cần phải nhập một mã quốc gia hợp lệ vào đây, vì trình OpenSSL sẽ " +"từ chối tạo ra chứng nhận nào khi không có mã ấy. Có thể bỏ rỗng bất cứ " +"trường nào khác cho chứng nhận X509, nhưng mà không phải trường này." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "Example: AT" +msgstr "Lấy thí dụ: VN" + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +#, fuzzy +msgid "State or province name for the X509 certificate request:" +msgstr "Hãy nhập tên bảng hay tỉnh cho lời yêu cầu chứng nhận X509." + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" +"Hãy nhập tên đầy đủ của bang hay tỉnh nơi bạn ở. Sẽ chèn tên này vào lời yêu " +"cầu chứng nhận." + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "Example: Upper Austria" +msgstr "Lấy thí dụ: Bình Định" + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +#, fuzzy +msgid "Locality name for the X509 certificate request:" +msgstr "Hãy nhập tên địa phương cho lời yêu cầu chứng nhận X509." + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" +"Hãy nhập địa phương (v.d. thành phố) nơi bạn ở. Sẽ chèn tên này vào lời yêu " +"cầu chứng nhận." + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "Example: Vienna" +msgstr "Lấy thí dụ: Quy Nhơn" + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +#, fuzzy +msgid "Organization name for the X509 certificate request:" +msgstr "Hãy nhập tên tổ chức cho lời yêu cầu chứng nhận X509." + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" +"Hãy nhập tổ chức (v.d. công ty) cho mà chứng nhận X509 nên được tạo. Sẽ chèn " +"tên này vào lời yêu cầu chứng nhận." + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "Example: Debian" +msgstr "Lấy thí dụ: Debian" + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +#, fuzzy +msgid "Organizational unit for the X509 certificate request:" +msgstr "Hãy nhập tên đơn vị tổ chức cho lời yêu cầu chứng nhận X509." + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Hãy nhập đơn vị tổ chức (v.d. phần) cho mà chứng nhận X509 nên được tạo. Sẽ " +"chèn tên này vào lời yêu cầu chứng nhận." + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "Example: security group" +msgstr "Lấy thí dụ: nhóm Việt hóa" + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +#, fuzzy +msgid "Common name for the X509 certificate request:" +msgstr "Hãy nhập tên chung cho lời yêu cầu chứng nhận X509." + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Hãy nhập tên chung (v.d. tên máy) cho mà chứng nhận X509 nên được tạo. Sẽ " +"chèn tên này vào lời yêu cầu chứng nhận." + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "Example: gateway.debian.org" +msgstr "Lấy thí cụ: gateway.debian.org" + +#. Type: string +#. Description +#: ../strongswan.templates:18001 +#, fuzzy +msgid "Email address for the X509 certificate request:" +msgstr "Hãy nhập địa chỉ thư điện tử chung cho lời yêu cầu chứng nhận X509." + +#. Type: string +#. Description +#: ../strongswan.templates:18001 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" +"Hãy nhập địa chỉ thư điện tử của người hay tổ chức chịu trách nhiệm về chứng " +"nhận X509 này. Sẽ chèn địa chỉ này vào lời yêu cầu chứng nhận." + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +#, fuzzy +msgid "Do you wish to enable opportunistic encryption in strongSwan?" +msgstr "" +"Bạn có muốn hiệu lực mật mã loại cơ hội chủ nghĩa trong trình Openswan không?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +#, fuzzy +msgid "" +"strongSwan comes with support for opportunistic encryption (OE), which " +"stores IPSec authentication information (i.e. RSA public keys) in " +"(preferably secure) DNS records. Until this is widely deployed, activating " +"it will cause a significant slow-down for every new, outgoing connection. " +"Since version 2.0, strongSwan upstream comes with OE enabled by default and " +"is thus likely to break your existing connection to the Internet (i.e. your " +"default route) as soon as pluto (the strongSwan keying daemon) is started." +msgstr "" +"Trình Openswan hỗ trợ có sẵn mật mã cơ hội chủ nghĩa (OE: opportunistic " +"encryption) mà cất giữ thông tin xác thực IPSec (tức là khóa công RSA) trong " +"mục ghi DNS (thích hơn loại bảo mật). Cho đến khi tính năng này thường dụng, " +"hoạt hóa nó sẽ giảm một cách quan trọng mỗi sự kết nối ra mới. Từ phiên bản " +"2.0, trình Openswan gốc đã hiệu lực OE theo mặc định, thì sẽ rất có thể ngắt " +"sự kết nối hiện thời đến Mạng của bạn (tức là đường mặc định) một khi khởi " +"chạy pluto (trình nền quản lý khóa Openswan)." + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" +"Hãy chọn có nên muốn hiệu lực hỗ trợ OE hay không. Nếu chưa chắc thì đừng " +"bật nó." + +#, fuzzy +#~ msgid "Please choose the when to start strongSwan:" +#~ msgstr "Bạn có muốn khởi chạy lại trình Openswan không?" + +#, fuzzy +#~ msgid "At which level do you wish to start strongSwan ?" +#~ msgstr "Bạn có muốn khởi chạy trình Openswan tại cấp nào?" --- strongswan-4.2.4.orig/debian/po/templates.pot +++ strongswan-4.2.4/debian/po/templates.pot @@ -0,0 +1,450 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: rmayr@debian.org\n" +"POT-Creation-Date: 2007-07-05 01:24+0100\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../strongswan.templates:1001 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "When to start strongSwan:" +msgstr "" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"There are three possibilities when strongSwan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start strongSwan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start strongSwan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:2001 +msgid "Do you wish to restart strongSwan?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:2001 +msgid "" +"Restarting strongSwan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:3001 +msgid "Do you wish to support IKEv1?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:3001 +msgid "" +"strongSwan supports both versions of the Internet Key Exchange protocol, " +"IKEv1 and IKEv2. Do you want to start the \"pluto\" daemon for IKEv1 support " +"when strongSwan is started?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:4001 +msgid "Do you wish to support IKEv2?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:4001 +msgid "" +"strongSwan supports both versions of the Internet Key Exchange protocol, " +"IKEv1 and IKEv2. Do you want to start the \"charon\" daemon for IKEv2 " +"support when strongSwan is started?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "Do you want to create a RSA public/private keypair for this host?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "" +"If you do not want to create a new public/private keypair, you can choose to " +"use an existing one." +msgstr "" + +#. Type: select +#. Choices +#: ../strongswan.templates:6001 +msgid "x509, plain" +msgstr "" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "The type of RSA keypair to create:" +msgstr "" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"strongSwan or to create a X509 certificate file which contains the RSA " +"public key and additionally stores the corresponding private key." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"strongSwan, it might be a bit easier using plain RSA keypairs. But if you " +"want to connect to other IPSec implementations, you will need a X509 " +"certificate. It is also possible to create a X509 certificate here and " +"extract the RSA public key in plain format if the other side runs strongSwan " +"without X509 certificate support." +msgstr "" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in strongSwan anyway." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:7001 +msgid "Do you have an existing X509 certificate file for strongSwan?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:7001 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. If you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections, then please answer yes." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:8001 +msgid "File name of your X509 certificate in PEM format:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:8001 +msgid "" +"Please enter the full location of the file containing your X509 certificate " +"in PEM format." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:9001 +msgid "File name of your X509 private key in PEM format:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:9001 +msgid "" +"Please enter the full location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:10001 +msgid "The length of the created RSA key (in bits):" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "Do you want to create a self-signed X509 certificate?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of strongSwan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to get the certificate request signed by your certificate " +"authority." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "Country code for the X509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "Example: AT" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "State or province name for the X509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "Example: Upper Austria" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "Locality name for the X509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "Example: Vienna" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "Organization name for the X509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "Example: Debian" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "Organizational unit for the X509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "Example: security group" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "Common name for the X509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "Example: gateway.debian.org" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:18001 +msgid "Email address for the X509 certificate request:" +msgstr "" + +#. Type: string +#. Description +#: ../strongswan.templates:18001 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "Do you wish to enable opportunistic encryption in strongSwan?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "" +"strongSwan comes with support for opportunistic encryption (OE), which " +"stores IPSec authentication information (i.e. RSA public keys) in " +"(preferably secure) DNS records. Until this is widely deployed, activating " +"it will cause a significant slow-down for every new, outgoing connection. " +"Since version 2.0, strongSwan upstream comes with OE enabled by default and " +"is thus likely to break your existing connection to the Internet (i.e. your " +"default route) as soon as pluto (the strongSwan keying daemon) is started." +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" --- strongswan-4.2.4.orig/debian/po/cs.po +++ strongswan-4.2.4/debian/po/cs.po @@ -0,0 +1,554 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# Developers do not need to manually edit POT or PO files. +# +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan\n" +"Report-Msgid-Bugs-To: rmayr@debian.org\n" +"POT-Creation-Date: 2007-07-05 01:24+0100\n" +"PO-Revision-Date: 2008-05-12 19:17+0200\n" +"Last-Translator: Miroslav Kure \n" +"Language-Team: Czech \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../strongswan.templates:1001 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "\"co nejdříve\", \"po NFS\", \"po PCMCIA\"" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "When to start strongSwan:" +msgstr "Kdy spustit strongSwan:" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"There are three possibilities when strongSwan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" +"Existují tři možnosti, kdy se dá strongSwan spouštět: před NFS službami, po " +"NFS službách nebo po PCMCIA službách. Správná odpověď závisí na vašem " +"konkrétním nastavení." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start strongSwan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" +"Jestliže nemáte svůj strom /usr připojen skrz NFS (buď přes NFS připojujete " +"jiné, ne tak důležité stromy, nebo NFS vůbec nepoužíváte) a nepoužíváte " +"síťovou kartu PCMCIA, je nejlepší spouštět strongSwan co nejdříve, čímž " +"umožníte aby byly NFS svazky chráněny pomocí IPSec. V takovém případě (nebo " +"pokud si nejste jisti, nebo pokud vám na tom nezáleží) na otázku odpovězte " +"„co nejdříve“ (výchozí)." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start strongSwan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" +"Jestliže máte strom /usr připojen skrz NFS a nepoužíváte síťovou kartu " +"PCMCIA, musíte spustit strongSwan po NFS, aby byly všechny potřebné soubory " +"dostupné. V tomto případě na otázku odpovězte „po NFS“. Uvědomte si prosím, " +"že v tomto případě nemůže být NFS svazek /usr chráněn pomocí IPSec." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" +"Jestliže používáte PCMCIA síťovou kartu pro vaše IPSec připojení, pak je " +"jedinou možností jej spustit po PCMCIA službách. V tom případě odpovězte „po " +"PCMCIA“. Toto je také správná odpověď, pokud chcete získat klíče z lokálního " +"DNS serveru s podporou DNSSec." + +#. Type: boolean +#. Description +#: ../strongswan.templates:2001 +msgid "Do you wish to restart strongSwan?" +msgstr "Přejete si restartovat strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:2001 +msgid "" +"Restarting strongSwan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" +"Restartování strongSwan je dobrý nápad, protože v případě, že aktualizace " +"obsahuje bezpečnostní záplatu, nebude opravena dokud se démon nerestartuje. " +"Většina lidí předpokládá restartování démona, takže je to v každém případě " +"správný postup. Nicméně je možné, že existující spojení budou shozena a poté " +"znovu nastavena." + +#. Type: boolean +#. Description +#: ../strongswan.templates:3001 +msgid "Do you wish to support IKEv1?" +msgstr "Přejete si podporu IKEv1?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:3001 +msgid "" +"strongSwan supports both versions of the Internet Key Exchange protocol, " +"IKEv1 and IKEv2. Do you want to start the \"pluto\" daemon for IKEv1 support " +"when strongSwan is started?" +msgstr "" +"strongSwan podporuje protokol Internet Key Exchange ve verzích 1 a 2 (IKEv1, " +"IKEv2). Přejete si při startu strongSwanu spustit daemona „pluto“ " +"podporujícího IKEv1?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:4001 +msgid "Do you wish to support IKEv2?" +msgstr "Přejete si podporu IKEv2?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:4001 +msgid "" +"strongSwan supports both versions of the Internet Key Exchange protocol, " +"IKEv1 and IKEv2. Do you want to start the \"charon\" daemon for IKEv2 " +"support when strongSwan is started?" +msgstr "" +"strongSwan podporuje protokol Internet Key Exchange ve verzích 1 a 2 (IKEv1, " +"IKEv2). Přejete si při startu strongSwanu spustit daemona „charon“ " +"podporujícího IKEv2?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "Do you want to create a RSA public/private keypair for this host?" +msgstr "Přejete si vytvořit veřejný/soukromý pár RSA klíčů pro tento počítač?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" +"Tento instalátor může automaticky vytvořit veřejný/soukromý pár RSA klíčů " +"pro tento počítač. Pár klíčů může být využit k autentizaci IPSec spojení na " +"další počítače a je upřednostňovanou cestou pro sestavování bezpečných IPSec " +"spojení. Další možností autentizace je využití sdílených tajemství (hesel, " +"která jsou stejná na obou stranách tunelu), ale pro větší počet spojení je " +"RSA autentizace snazší pro správu a mnohem bezpečnější." + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "" +"If you do not want to create a new public/private keypair, you can choose to " +"use an existing one." +msgstr "" +"Jestliže si nepřejete vytvořit nový pár klíčů pro tento počítač, můžete si " +"zvolit existující." + +#. Type: select +#. Choices +#: ../strongswan.templates:6001 +msgid "x509, plain" +msgstr "x509, prostý" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "The type of RSA keypair to create:" +msgstr "Typ páru RSA klíčů, který se vytvoří:" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"strongSwan or to create a X509 certificate file which contains the RSA " +"public key and additionally stores the corresponding private key." +msgstr "" +"Je možné vytvořit prostý pár RSA klíčů pro použití se strongSwanem, nebo " +"vytvořit soubor s certifikátem X509, který obsahuje veřejný RSA klíč a " +"dodatečně uchovává odpovídající soukromý klíč." + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"strongSwan, it might be a bit easier using plain RSA keypairs. But if you " +"want to connect to other IPSec implementations, you will need a X509 " +"certificate. It is also possible to create a X509 certificate here and " +"extract the RSA public key in plain format if the other side runs strongSwan " +"without X509 certificate support." +msgstr "" +"Pokud chcete vytvořit IPSec spojení jen k počítačům, na kterých taktéž běží " +"strongSwan, může být mnohem jednodušší použít pár prostých RSA klíčů. Pokud " +"se ale chcete připojit k jiným implementacím IPSec, budete potřebovat " +"certifikát X509. Také je možné zde vytvořit certifikát X509 a později, pokud " +"druhá strana používá strongSwan bez podpory certifikátů X509, z něj získat " +"veřejný RSA klíč v prostém formátu." + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in strongSwan anyway." +msgstr "" +"Certifikát X509 je proto doporučován zejména díky své flexibilitě. Tento " +"instalátor by v měl být schopen skrýt komplexnost vytváření a používání " +"certifikátu ve strongSwanu." + +#. Type: boolean +#. Description +#: ../strongswan.templates:7001 +msgid "Do you have an existing X509 certificate file for strongSwan?" +msgstr "" +"Vlastníte existující certifikát X509, který chcete použít pro strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:7001 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. If you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections, then please answer yes." +msgstr "" +"Instalátor může automaticky získat potřebné informace z existujícího " +"certifikátu X509 s odpovídajícím soukromým RSA klíčem. Jedná-li se o formát " +"PEM, mohou být obě části v jednom souboru. Vlastníte-li takový certifikát a " +"soubor s klíčem a chcete-li je použít pro autentizaci IPSec spojení, " +"odpovězte kladně." + +#. Type: string +#. Description +#: ../strongswan.templates:8001 +msgid "File name of your X509 certificate in PEM format:" +msgstr "Jméno souboru s certifikátem X509 ve formátu PEM:" + +#. Type: string +#. Description +#: ../strongswan.templates:8001 +msgid "" +"Please enter the full location of the file containing your X509 certificate " +"in PEM format." +msgstr "" +"Zadejte prosím celou cestu k souboru obsahujícímu váš certifikát X509 ve " +"formátu PEM." + +#. Type: string +#. Description +#: ../strongswan.templates:9001 +msgid "File name of your X509 private key in PEM format:" +msgstr "Jméno souboru se soukromým klíčem X509 ve formátu PEM:" + +#. Type: string +#. Description +#: ../strongswan.templates:9001 +msgid "" +"Please enter the full location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" +"Zadejte prosím absolutní cestu k souboru obsahujícímu soukromý RSA klíč ve " +"formátu PEM odpovídající vašemu certifikátu X509. Může to být stejný soubor " +"jako ten, ve kterém se nachází certifikát X509." + +#. Type: string +#. Description +#: ../strongswan.templates:10001 +msgid "The length of the created RSA key (in bits):" +msgstr "Délka vytvořeného RSA klíče (v bitech):" + +#. Type: string +#. Description +#: ../strongswan.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Zadejte prosím délku vytvářeného RSA klíče. Kvůli bezpečnosti by neměla být " +"menší než 1024 bitů a pravděpodobně nepotřebujete víc než 2048 bitů, protože " +"to již zpomaluje proces autentizace." + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "Do you want to create a self-signed X509 certificate?" +msgstr "Chcete vytvořit certifikát X509 podepsaný sám sebou?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of strongSwan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" +"Tento instalátor může automaticky vytvořit pouze certifikát X509 podepsaný " +"sám sebou, jelikož v opačném případě je k podpisu certifikátu potřeba " +"certifikační autorita. Tento certifikát můžete ihned použít k připojení na " +"další počítače s IPSec, které podporují autentizaci pomocí certifikátu X509. " +"Nicméně chcete-li využít nových PKI možností strongSwanu >= 1.91, budete k " +"vytvoření důvěryhodných cest potřebovat všechny certifikáty X509 podepsané " +"jedinou certifikační autoritou." + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to get the certificate request signed by your certificate " +"authority." +msgstr "" +"Jestliže nechcete vytvořit certifikát podepsaný sebou samým, vytvoří tento " +"instalátor jen soukromý RSA klíč a požadavek na certifikát. Vy potom musíte " +"podepsat požadavek svojí certifikační autoritou." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "Country code for the X509 certificate request:" +msgstr "Kód země pro požadavek na certifikát X509:" + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" +"Zadejte prosím dvoumístný kód vaší země. Tento kód bude umístěn do požadavku " +"na certifikát." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" +"Je opravdu nutné, abyste vložili správný kód země, protože openssl jinak " +"odmítne vygenerování certifikátu. Prázdné pole je dovoleno ve všech " +"ostatních polích certifikátu X509 kromě tohoto." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "Example: AT" +msgstr "Příklad: CZ" + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "State or province name for the X509 certificate request:" +msgstr "Jméno státu nebo oblasti pro požadavek na certifikát X509:" + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" +"Zadejte prosím celé jméno státu nebo oblasti kde žijete. Toto jméno bude " +"umístěno do požadavku na certifikát." + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "Example: Upper Austria" +msgstr "Příklad: Morava" + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "Locality name for the X509 certificate request:" +msgstr "Jméno lokality pro požadavek na certifikát X509:" + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" +"Zadejte prosím lokalitu (např. město) kde žijete. Toto jméno bude umístěno " +"do požadavku na certifikát." + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "Example: Vienna" +msgstr "Příklad: Olomouc" + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "Organization name for the X509 certificate request:" +msgstr "Název organizace pro požadavek na certifikát X509:" + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" +"Zadejte prosím organizaci pro kterou je certifikát vytvářen. Toto jméno bude " +"umístěno do požadavku na certifikát." + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "Example: Debian" +msgstr "Příklad: Debian" + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "Organizational unit for the X509 certificate request:" +msgstr "Název organizační jednotky pro požadavek na certifikát X509:" + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Zadejte prosím organizační jednotku pro kterou je certifikát vytvářen. Toto " +"jméno bude umístěno do požadavku na certifikát." + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "Example: security group" +msgstr "Příklad: bezpečnostní oddělení" + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "Common name for the X509 certificate request:" +msgstr "Obvyklé jméno pro požadavek na certifikát X509:" + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Zadejte prosím běžné jméno (např. jméno počítače) pro které je certifikát " +"vytvářen. Toto jméno bude umístěno do požadavku na certifikát." + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "Example: gateway.debian.org" +msgstr "Příklad: gateway.debian.org" + +#. Type: string +#. Description +#: ../strongswan.templates:18001 +msgid "Email address for the X509 certificate request:" +msgstr "Emailová adresa pro požadavek na certifikát X509:" + +#. Type: string +#. Description +#: ../strongswan.templates:18001 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" +"Zadejte prosím emailovou adresu osoby nebo organizace, která je zodpovědná " +"za certifikát X509. Toto jméno bude umístěno do požadavku na certifikát." + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "Do you wish to enable opportunistic encryption in strongSwan?" +msgstr "Chcete ve strongSwanu povolit oportunistické šifrování?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "" +"strongSwan comes with support for opportunistic encryption (OE), which " +"stores IPSec authentication information (i.e. RSA public keys) in " +"(preferably secure) DNS records. Until this is widely deployed, activating " +"it will cause a significant slow-down for every new, outgoing connection. " +"Since version 2.0, strongSwan upstream comes with OE enabled by default and " +"is thus likely to break your existing connection to the Internet (i.e. your " +"default route) as soon as pluto (the strongSwan keying daemon) is started." +msgstr "" +"strongSwan přichází s podporou pro oportunistické šifrování (OE), které " +"uchovává autentizační informace IPSecu (např. veřejné RSA klíče) v (nejlépe " +"zabezpečených) DNS záznamech. Dokud nebude tato schopnost více rozšířena, " +"způsobí její aktivace výrazné zpomalení každého nového odchozího spojení. Od " +"verze 2.0 přichází strongSwan s implicitně zapnutou podporou OE čímž " +"pravděpodobně zruší vaše probíhající spojení do Internetu (tj. vaši výchozí " +"cestu - default route) v okamžiku, kdy spustíte pluto (strongSwan keying " +"démon)." + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" +"Prosím vyberte si zda chcete povolit podporu pro OE. Nejste-li si jisti, " +"podporu nepovolujte." --- strongswan-4.2.4.orig/debian/po/sv.po +++ strongswan-4.2.4/debian/po/sv.po @@ -0,0 +1,567 @@ +# translation of strongswan_4.2.4-1_sv.po to Swedish +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +# Martin gren , 2008. +msgid "" +msgstr "" +"Project-Id-Version: strongswan_4.2.4-1_sv\n" +"Report-Msgid-Bugs-To: rmayr@debian.org\n" +"POT-Creation-Date: 2007-07-05 01:24+0100\n" +"PO-Revision-Date: 2008-07-29 19:30+0200\n" +"Last-Translator: Martin gren \n" +"Language-Team: Swedish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: swe\n" +"X-Poedit-Country: swe\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: select +#. Choices +#: ../strongswan.templates:1001 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "tidigast, \"efter NFS\", \"efter PCMCIA\"" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "When to start strongSwan:" +msgstr "Nr strongSwan ska startas om:" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"There are three possibilities when strongSwan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" +"Det finns tre mjligheter fr nr strongSwan kan startas: fre eller efter NFS-tjnsterna " +"samt efter PCMCIA-tjnsterna. Det rtta svaret beror p din specifika " +"konfiguration." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start strongSwan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" +"Om du inte har ditt /usr-trd monterat via NFS (antingen monterar du bara andra, " +"mindre viktiga trd via NFS eller s anvnder du inte NFS-monterade trd " +"alls) och inte anvnder ett PCMCIA-ntverkskort, r det bst att starta " +"strongSwan s tidigt som mjligt och drmed tillta skra NFS-monteringar via " +"IPSec. I detta fall (eller om du inte frstr eller bryr dig om detta), svara " +"\"tidigast\" p denna frga (standard)." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start strongSwan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" +"Om du har ditt /usr-trd monterat via NFS och inte anvnder ett PCMCIA-" +"ntverkskort, behver du starta strongSwan efter NFS s att alla ndvndiga " +"filer finns tillgngliga. I detta fall, svara \"efter NFS\" p denna frga. " +"Notera dock att NFS-monteringen av /usr inte kan skras upp via IPSec i " +"detta fall." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" +"Om du anvnder ett PCMCIA-ntverkskort fr dina IPSec-anslutningar har du " +"bara valet att starta den efter PCMCIA-tjnsterna. Svara \"efter PCMCIA\" i " +"detta fall. Detta r ocks det rtta svaret om du vill hmta nycklar frn en " +"lokalt krande DNS-server med DNSSec-std." + +#. Type: boolean +#. Description +#: ../strongswan.templates:2001 +msgid "Do you wish to restart strongSwan?" +msgstr "Vill du starta om strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:2001 +msgid "" +"Restarting strongSwan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" +"Att starta om strongSwan r en bra id, eftersom en eventuell skerhetsrttning " +"inte kommer rttas till frrn demonen r omstartad. De flesta personer " +"frvntar sig att demonen startar om s detta r generellt sett en bra id. " +"Detta kan dock eventuellt ta ner existerande anslutningar och sedan ta upp dem " +"igen." + +#. Type: boolean +#. Description +#: ../strongswan.templates:3001 +msgid "Do you wish to support IKEv1?" +msgstr "Vill du stdja IKEv1?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:3001 +msgid "" +"strongSwan supports both versions of the Internet Key Exchange protocol, " +"IKEv1 and IKEv2. Do you want to start the \"pluto\" daemon for IKEv1 support " +"when strongSwan is started?" +msgstr "" +"strongSwan stdjer bda versionerna av nyckelutbytesprotokollet IKE, IKEv1 och IKEv2. " +"Vill du starta \"pluto\"-demonen fr IKEv1-std nr strongSwan startas?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:4001 +msgid "Do you wish to support IKEv2?" +msgstr "Vill du stdja IKEv2?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:4001 +msgid "" +"strongSwan supports both versions of the Internet Key Exchange protocol, " +"IKEv1 and IKEv2. Do you want to start the \"charon\" daemon for IKEv2 " +"support when strongSwan is started?" +msgstr "" +"strongSwan stdjer bda versionerna av nyckelutbytesprotokollet IKE, IKEv1 och IKEv2. " +"Vill du starta \"charon\"-demonen fr IKEv2-std nr strongSwan startas?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "Do you want to create a RSA public/private keypair for this host?" +msgstr "Vill du skapa ett publik/privat RSA-nyckelpar fr denna vrdmaskin?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" +"Denna installerare kan automatiskt skapa ett publik/privat RSA-nyckelpar fr " +"denna vrdmaskin. Detta nyckelpar kan anvndas fr att autentisera IPSec-" +"anslutningar till andra vrdar och r det stt som fredras fr att bygga " +"upp skra IPSec-anslutningar. Den andra mjligheten skulle vara att anvnda " +"delade hemligheter (lsenord som r samma p bda sidor av tunneln) fr att " +"autentisera en anslutning men fr ett strre antal anslutningar r RSA-" +"autentiseringar enklare att administrera och skrare." + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "" +"If you do not want to create a new public/private keypair, you can choose to " +"use an existing one." +msgstr "Om du inte vill skapa ett nytt nyckelpar kan du vlja ett existerande." + +#. Type: select +#. Choices +#: ../strongswan.templates:6001 +msgid "x509, plain" +msgstr "x509, enkel" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "The type of RSA keypair to create:" +msgstr "Typ av RSA-nyckelpar som ska skapas:" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"strongSwan or to create a X509 certificate file which contains the RSA " +"public key and additionally stores the corresponding private key." +msgstr "" +"Det r mjligt att skapa ett enkelt publik/privat RSA-nyckelpar fr " +"anvndning med strongSwan eller att skapa en X509-certifikatsfil som innehller " +"den publika RSA-nyckeln och dessutom lagrar motsvarande privata nyckel." + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"strongSwan, it might be a bit easier using plain RSA keypairs. But if you " +"want to connect to other IPSec implementations, you will need a X509 " +"certificate. It is also possible to create a X509 certificate here and " +"extract the RSA public key in plain format if the other side runs strongSwan " +"without X509 certificate support." +msgstr "" +"Om du bara vill bygga upp IPSec-anslutningar till vrdmaskiner som ocks kr " +"strongSwan kan det vara lite enklare att anvnda enkla RSA-nyckelpar. " +"Men om du vill ansluta till andra IPSec-implementationer, kommer du " +"behva ett X509-" +"certifikat. Det r ocks mjligt att skapa ett X509-certifikat hr och " +"plocka ut den publika RSA-nyckeln i enkelt format om den andra sidan kr " +"strongSwan utan std fr X509-certifikat." + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in strongSwan anyway." +msgstr "" +"Drfr rekommenderas ett X509-certifikat eftersom det r mer flexibelt " +"och denna installerare br kunna gmma det komplexa skapandet av X509-" +"certifikatet och dess anvndning i strongSwan nd." + +#. Type: boolean +#. Description +#: ../strongswan.templates:7001 +msgid "Do you have an existing X509 certificate file for strongSwan?" +msgstr "Har du en existerande X509-certifikatsfil som du vill anvnda fr strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:7001 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. If you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections, then please answer yes." +msgstr "" +"Denna installerare kan automatiskt plocka ut den information som behvs frn " +"ett existerande X509-certifikat med en matchande privat RSA-nyckel. Bda " +"delarna kan vara i en fil om den r i PEM-format. Om du har ett sdant " +"existerande certifikat och nyckelfil och vill anvnda det fr att " +"autentisera IPSec-anslutningar, svara ja p frgan." + +#. Type: string +#. Description +#: ../strongswan.templates:8001 +msgid "File name of your X509 certificate in PEM format:" +msgstr "Platsen fr ditt X509-certifikat i PEM-format:" + +#. Type: string +#. Description +#: ../strongswan.templates:8001 +msgid "" +"Please enter the full location of the file containing your X509 certificate " +"in PEM format." +msgstr "Ange platsen fr den fil som innehller ditt X509-certifikat i PEM-format." + +#. Type: string +#. Description +#: ../strongswan.templates:9001 +msgid "File name of your X509 private key in PEM format:" +msgstr "Platsen fr din privata X509-nyckel i PEM-format:" + +#. Type: string +#. Description +#: ../strongswan.templates:9001 +msgid "" +"Please enter the full location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" +"Ange platsen fr den fil som innehller den privata RSA-nyckeln som matchar " +"ditt X509-certifikat i PEM-format. Detta kan vara samma fil som innehller " +"X509-certifikatet." + +#. Type: string +#. Description +#: ../strongswan.templates:10001 +msgid "The length of the created RSA key (in bits):" +msgstr "Lngd p den skapade RSA-nyckeln (i bitar):" + +#. Type: string +#. Description +#: ../strongswan.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Ange lngden fr den skapade RSA-nyckeln. Den br inte vara kortare n 1024 " +"bitar, eftersom detta anses som oskert, och du vill antagligen inte ha ngot " +"lngre n 2048 bitar, eftersom det bara gr autentiseringsprocessen " +"lngsammare och inte r ndvndigt just nu." + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "Do you want to create a self-signed X509 certificate?" +msgstr "Vill du skapa ett sjlvsignerat X509-certifikat?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of strongSwan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" +"Denna installerare kan bara skapa sjlvsignerade X509-certifikat " +"automatiskt, eftersom det annars behvs en certifikatsutstllare som kan signera " +"certifikatsfrfrgan. Om du vill skapa ett sjlvsignerat certifikat, kan du " +"anvnda det omedelbart fr att ansluta till andra IPSec-vrdar som har std " +"fr X509-certifikat fr autentisering fr IPSec-anslutningar. Om du vill " +"anvnda de nya PKI-funktionerna i strongSwan >= 1.91, behver du dock " +"ha alla X509-" +"certifikat signerade av en enda certifikatsutstllare fr att skapa en " +"plitlig vg." + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to get the certificate request signed by your certificate " +"authority." +msgstr "" +"Om du inte vill skapa ett sjlvsignerat certifikat, kommer denna " +"installerare bara att skapa den privata RSA-nyckeln och den " +"certifikatsfrfrgan " +"som du behver f signerad av din " +"certifikatsutstllare." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "Country code for the X509 certificate request:" +msgstr "Landskod fr X509-certifikatsfrfrgan:" + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" +"Ange en landskod med 2 bokstver fr ditt land. Denna kod kommer att " +"placeras i certifikatsfrfrgan." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" +"Du behver verkligen ange en giltig landskod hr, eftersom " +"openssl annars kommer " +"vgra att generera ett certifikat. Ett tomt flt r tilltet fr alla " +"andra flt i X509-certifikatet men inte fr detta." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "Example: AT" +msgstr "Exempel: SE" + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "State or province name for the X509 certificate request:" +msgstr "Region eller ln fr X509-certifikatsfrfrgan:" + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" +"Ange det fulla namnet p regionen eller lnet du bor i. Detta namn kommer " +"att placeras i certifikatsfrfrgan." + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "Example: Upper Austria" +msgstr "Exempel: Centrala Sverige" + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "Locality name for the X509 certificate request:" +msgstr "Lokaliteten fr X509-certifikatsfrfrgan:" + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" +"Ange lokaliteten (exempelvis staden) dr du bor. Detta namn kommer att " +"placeras i certifikatsfrfrgan." + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "Example: Vienna" +msgstr "Exempel: Stockholm" + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "Organization name for the X509 certificate request:" +msgstr "Organisationsnamnet fr X509-certifikatsfrfrgan:" + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" +"Ange organisationen (exempelvis fretaget) som X509-certifikatet ska skapas " +"fr. Detta namn kommer att placeras i certifikatsfrfrgan." + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "Example: Debian" +msgstr "Exempel: Debian" + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "Organizational unit for the X509 certificate request:" +msgstr "Organisationsenheten fr X509-certifikatsfrfrgan:" + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Ange organisationsenheten (exempelvis avdelningen) som X509-certifikatet ska " +"skapas fr. Detta namn kommer att placeras i certifikatsfrfrgan." + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "Example: security group" +msgstr "Exempel: skerhetsgruppen" + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "Common name for the X509 certificate request:" +msgstr "Namnet fr X509-certifikatsfrfrgan:" + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Ange namnet (exempelvis vrdnamnet fr denna maskin) som X509-" +"certifikatet ska skapas fr. Detta namn kommer att placeras i " +"certifikatsfrfrgan." + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "Example: gateway.debian.org" +msgstr "Exempel: gateway.debian.org" + +#. Type: string +#. Description +#: ../strongswan.templates:18001 +msgid "Email address for the X509 certificate request:" +msgstr "E-postadressen fr X509-certifikatsfrfrgan:" + +#. Type: string +#. Description +#: ../strongswan.templates:18001 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" +"Ange e-postadressen till den person eller organisation som ansvarar fr " +"X509-certifikatet. Denna adress kommer att placeras i certifikatsfrfrgan." + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "Do you wish to enable opportunistic encryption in strongSwan?" +msgstr "Vill du aktivera opportunistisk kryptering i strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "" +"strongSwan comes with support for opportunistic encryption (OE), which " +"stores IPSec authentication information (i.e. RSA public keys) in " +"(preferably secure) DNS records. Until this is widely deployed, activating " +"it will cause a significant slow-down for every new, outgoing connection. " +"Since version 2.0, strongSwan upstream comes with OE enabled by default and " +"is thus likely to break your existing connection to the Internet (i.e. your " +"default route) as soon as pluto (the strongSwan keying daemon) is started." +msgstr "" +"strongSwan har std fr opportunistisk kryptering (OE) som lagrar information " +"om IPSec-autentiseringen (exempelvis publika RSA-nycklar) i (helst skra) " +"DNS-poster. Tills detta r en mer utbredd tjnst kan aktivering av det " +"orsaka en betydande hastighetssnkning fr varje ny utgende anslutning. " +"Sedan version 2.0 kommer strongSwan frn uppstrms " +"med OE aktiverad som standard " +"och kommer drfr sannolikt att bryta din existerande anslutning till " +"Internet (exempelvis din standardrutt) s snart som pluto (demonen fr " +"strongSwan-nycklar) startas." + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" +"Vlj huruvida du vill aktivera std fr OE. Om du r osker br du inte aktivera " +"det." + --- strongswan-4.2.4.orig/debian/po/ja.po +++ strongswan-4.2.4/debian/po/ja.po @@ -0,0 +1,550 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan 4.1.8-2\n" +"Report-Msgid-Bugs-To: rmayr@debian.org\n" +"POT-Creation-Date: 2007-07-05 01:24+0100\n" +"PO-Revision-Date: 2008-01-31 06:52+0900\n" +"Last-Translator: Hideki Yamane (Debian-JP) \n" +"Language-Team: Japanese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../strongswan.templates:1001 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "可能な限り早く, \"NFS 起動後\", \"PCMCIA 起動後\"" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "When to start strongSwan:" +msgstr "strongSwan の起動タイミング:" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"There are three possibilities when strongSwan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" +"strongSwan を起動させるタイミングの選択肢としては3つが考えられます: NFS サー" +"ビスの開始前・開始後・PCMCIA サービスの開始後、です。正解はあなたの設定次第で" +"す。" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start strongSwan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" +"NFS 経由で /usr をマウントせず (他のパーティションやあまり重要ではないパー" +"ティションを NFS 経由でマウントするか、または NFS マウントを全く使わない)、加" +"えて PCMCIA ネットワークカードを利用していない場合、可能な限り早いタイミング" +"で strongSwan を起動するのがベストです。この設定によって、NFS でのマウントは " +"IPSec で保護されます。この場合 (またはこの問題を理解していないか特に気にしな" +"い場合) 、\"可能な限り早く\"と質問に答えてください (標準設定です) 。" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start strongSwan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" +"NFS 経由で /usr をマウントしていて PCMCIA ネットワークカードを使用していない" +"場合は、必要なファイルを利用可能にするために strongSwan を NFS の後で起動しな" +"ければなりません。この場合、\"NFS 起動後\" と答えてください。この時に NFS 経" +"由でマウントされる /usr は、IPSec によるセキュアな状態にはならないということ" +"に注意してください。" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" +"IPSec 接続に PCMCIA ネットワークカードを利用していた場合、PCMCIA サービスの起" +"動後に strongSwan を起動する以外に選択はありません。この場合、\"PCMCIA 起動後" +"\" と答えてください。ローカルで動作している DNSSec 機能を使用している DNS " +"サーバから鍵を取得したい場合でも、この答えをしてください。" + +#. Type: boolean +#. Description +#: ../strongswan.templates:2001 +msgid "Do you wish to restart strongSwan?" +msgstr "strongSwan を再起動しますか?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:2001 +msgid "" +"Restarting strongSwan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" +"セキュリティ修正があった場合にはデーモンが再起動されるまで修正が反映されませ" +"ん。ですので、strongSwan を再起動するのは良い考えです。ほとんどの人はデーモン" +"を再起動しようとしますが、これは大抵問題ありません。しかし、この作業で現在の" +"接続は切断され、再度繋ぎなおすことになります。" + +#. Type: boolean +#. Description +#: ../strongswan.templates:3001 +msgid "Do you wish to support IKEv1?" +msgstr "IKEv1 をサポートしますか?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:3001 +msgid "" +"strongSwan supports both versions of the Internet Key Exchange protocol, " +"IKEv1 and IKEv2. Do you want to start the \"pluto\" daemon for IKEv1 support " +"when strongSwan is started?" +msgstr "" +"strongSwan は IKEv1 と IKEv2 の両方のインターネット鍵交換プロトコルをサポート" +"しています。strongSwan が起動する際、IKEv1 サポートのため \"pluto\" デーモン" +"を起動しますか?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:4001 +msgid "Do you wish to support IKEv2?" +msgstr "IKEv2 をサポートしますか?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:4001 +msgid "" +"strongSwan supports both versions of the Internet Key Exchange protocol, " +"IKEv1 and IKEv2. Do you want to start the \"charon\" daemon for IKEv2 " +"support when strongSwan is started?" +msgstr "" +"strongSwan は IKEv1 と IKEv2 の両方のインターネット鍵交換プロトコルをサポート" +"しています。strongSwan が起動する際、IKEv2 サポートのため \"pluto\" デーモン" +"を起動しますか?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "Do you want to create a RSA public/private keypair for this host?" +msgstr "このホストの RSA 公開鍵・秘密鍵のキーペアを生成しますか?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" +"このインストーラはこのホストの RSA 公開鍵・秘密鍵のキーペアを自動的に生成でき" +"ます。このキーペアは他のホストとの IPSec 通信での認証に利用可能で、セキュア" +"な IPSec 通信を確立する方法として好まれています。他に利用可能な方法としては共" +"通鍵 (トンネルの双方で同じパスワード) を通信の認証に利用するというのがありま" +"すが、多数の接続に対しては、RSA 認証のほうが管理がより簡単で、よりセキュアで" +"す。" + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "" +"If you do not want to create a new public/private keypair, you can choose to " +"use an existing one." +msgstr "" +"新たな公開鍵・秘密鍵のキーペアを生成したくない場合は、既存のキーペアの利用を" +"選択することも可能です。" + +#. Type: select +#. Choices +#: ../strongswan.templates:6001 +msgid "x509, plain" +msgstr "x509, 通常のタイプ" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "The type of RSA keypair to create:" +msgstr "生成する RSA キーペアのタイプ:" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"strongSwan or to create a X509 certificate file which contains the RSA " +"public key and additionally stores the corresponding private key." +msgstr "" +"strongSwan で利用する通常の RSA 公開鍵・秘密鍵のキーペアを作れます。あるいは " +"RSA 公開鍵 (さらにはそれに対応する秘密鍵も) を含む X509 証明書ファイルも同様" +"です。" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"strongSwan, it might be a bit easier using plain RSA keypairs. But if you " +"want to connect to other IPSec implementations, you will need a X509 " +"certificate. It is also possible to create a X509 certificate here and " +"extract the RSA public key in plain format if the other side runs strongSwan " +"without X509 certificate support." +msgstr "" +"既に strongSwan を動作させているホストと IPSec 通信を確立したいだけの場合は、" +"通常の RSA キーペアを使用すると多少簡単になります。しかし、他の IPSec 実装と" +"の接続を行いたい場合は X509 証明書が必要になります。通信を行う対象のホストが " +"strongSwan を X509 証明書のサポート無しで運用していた場合、ここで X509 証明書" +"を生成してから、後ほど RSA 公開鍵を通常の形式に展開することも可能です。" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in strongSwan anyway." +msgstr "" +"したがって X509 証明書がお勧めです。こちらのほうが柔軟ですし、このインストー" +"ラを使えば、X509 証明書の生成や strongSwan での利用に際しての面倒さを隠蔽して" +"くれるはずです。" + +#. Type: boolean +#. Description +#: ../strongswan.templates:7001 +msgid "Do you have an existing X509 certificate file for strongSwan?" +msgstr "既に存在している X509 証明書ファイルを strongSwan で利用しますか?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:7001 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. If you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections, then please answer yes." +msgstr "" +"このインストーラは既に存在している X509 証明書から RSA 秘密鍵と照らし合わせて" +"必要な情報を自動的に展開する事が可能です。 PEM 形式の場合、双方を一つのファイ" +"ルにまとめることも可能です。そのような証明書と鍵のファイルがあり、これらを " +"IPSec 通信での認証に使用したい場合は「はい」と答えてください。" + +#. Type: string +#. Description +#: ../strongswan.templates:8001 +msgid "File name of your X509 certificate in PEM format:" +msgstr "PEM 形式の X509 証明書のファイル名:" + +#. Type: string +#. Description +#: ../strongswan.templates:8001 +msgid "" +"Please enter the full location of the file containing your X509 certificate " +"in PEM format." +msgstr "" +"PEM 形式の X509 証明書を含むファイルの場所を絶対パスで入力してください。" + +#. Type: string +#. Description +#: ../strongswan.templates:9001 +msgid "File name of your X509 private key in PEM format:" +msgstr "PEM 形式の X509 秘密鍵のファイル名:" + +#. Type: string +#. Description +#: ../strongswan.templates:9001 +msgid "" +"Please enter the full location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" +"PEM 形式の X509 証明書に対応する RSA 秘密鍵を含んでいるファイルの場所を絶対パ" +"スで入力してください。これは X509 証明書を含んでいるファイルと同じで構いませ" +"ん。" + +#. Type: string +#. Description +#: ../strongswan.templates:10001 +msgid "The length of the created RSA key (in bits):" +msgstr "RSA 鍵の鍵長(ビット数):" + +#. Type: string +#. Description +#: ../strongswan.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"生成する RSA 鍵の長さを入力してください。安全のため、1024 ビット未満にすべき" +"ではありません。2048 ビットより大きなものにする必要もないでしょう。認証プロセ" +"スが遅くなりますし、現時点ではおそらく必要ありません。" + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "Do you want to create a self-signed X509 certificate?" +msgstr "自己署名 X509 証明書を生成しますか?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of strongSwan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" +"証明書要求に署名するためには認証局が必要となるので、このインストーラでは自己" +"署名 X509 証明書を自動的に生成する事だけが可能です。自己署名証明書を生成した" +"い場合、これを使用してすぐに X509 証明書をサポートしている他の IPSec ホストに" +"接続可能です。しかし、strongSwan バージョン 1.91 以上での新しい PKI 機能を使" +"いたい場合は、trust path を生成するために単一の認証局によってすべての X509 証" +"明書に署名してもらう必要があります。" + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to get the certificate request signed by your certificate " +"authority." +msgstr "" +"自己署名証明書を生成したくないという場合は、このインストーラでは RSA 秘密鍵と" +"証明書要求のみを生成します。そのため、認証局に証明書要求へ署名をしてもらう必" +"要があります。" + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "Country code for the X509 certificate request:" +msgstr "X509 証明書要求に記載する国コード:" + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" +"あなたの国の国コードを2文字で入力してください。このコードは証明書要求に記載さ" +"れます。" + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" +"openssl が国コードなしでは証明書の生成を拒否するので、正しい国コードをここで" +"入力する必要があります。X.509 証明書では、他のフィールドについては空でも構い" +"ませんが、これについては許可されていません。" + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "Example: AT" +msgstr "例: JP" + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "State or province name for the X509 certificate request:" +msgstr "X509 証明書要求に記載する都道府県名:" + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" +"あなたが在住している都道府県を入力してください。これは証明書要求に記載されま" +"す。" + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "Example: Upper Austria" +msgstr "例: Tokyo" + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "Locality name for the X509 certificate request:" +msgstr "X509 証明書要求に記載する地域名:" + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" +"あなたの在住している地域の名前 (例: 市町村名) を入力してください。これは証明" +"書要求に記載されます。" + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "Example: Vienna" +msgstr "例: Shinjuku-ku" + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "Organization name for the X509 certificate request:" +msgstr "X509 証明書要求に記載する組織名:" + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" +"X509 証明書の生成対象となるべき組織 (例: 会社) を入力してください。これは証明" +"書要求に記載されます。" + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "Example: Debian" +msgstr "例: Debian" + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "Organizational unit for the X509 certificate request:" +msgstr "X509 証明書要求に記載する組織単位:" + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"X509 証明書の生成対象となるべき組織単位 (例: 部署名) を入力してください。これ" +"は証明書要求に記載されます。" + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "Example: security group" +msgstr "例: security group" + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "Common name for the X509 certificate request:" +msgstr "X509 証明書要求に記載するコモンネーム:" + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"X509 証明書の生成対象となるべきコモンネーム (例: このマシンのホスト名) を入力" +"してください。これは証明書要求に記載されます。" + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "Example: gateway.debian.org" +msgstr "例: gateway.debian.org" + +#. Type: string +#. Description +#: ../strongswan.templates:18001 +msgid "Email address for the X509 certificate request:" +msgstr "X509 証明書要求に記載するメールアドレス:" + +#. Type: string +#. Description +#: ../strongswan.templates:18001 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" +"X509 証明書の責任者となる人物・団体のメールアドレスを入力してください。このア" +"ドレスは証明書要求に記載されます。" + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "Do you wish to enable opportunistic encryption in strongSwan?" +msgstr "strongSwan で opportunistic encryption を有効にしますか?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "" +"strongSwan comes with support for opportunistic encryption (OE), which " +"stores IPSec authentication information (i.e. RSA public keys) in " +"(preferably secure) DNS records. Until this is widely deployed, activating " +"it will cause a significant slow-down for every new, outgoing connection. " +"Since version 2.0, strongSwan upstream comes with OE enabled by default and " +"is thus likely to break your existing connection to the Internet (i.e. your " +"default route) as soon as pluto (the strongSwan keying daemon) is started." +msgstr "" +"strongSwan は、IPSec 認証情報 (例: RSA 公開鍵) を (願わくはセキュアな) DNS レ" +"コード内に保存する opportunistic encryption (OE) をサポートしています。これは" +"広く利用されるようになるまで、有効にすると外部への新規接続は全て格段に遅くな" +"ります。バージョン 2.0 より strongSwan の開発元はデフォルトで OE を有効にして" +"います。そのため pluto (strongSwan 鍵署名デーモン) が開始するとすぐ、既存のイ" +"ンターネット接続 (つまりデフォルトルート) が中断されるかもしれません。" + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" +"OE のサポートを有効にするかどうかを選んでください。よくわからない場合は、有効" +"にはしないでください。" --- strongswan-4.2.4.orig/debian/po/pt_BR.po +++ strongswan-4.2.4/debian/po/pt_BR.po @@ -0,0 +1,636 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: openswan\n" +"Report-Msgid-Bugs-To: rmayr@debian.org\n" +"POT-Creation-Date: 2007-07-05 01:24+0100\n" +"PO-Revision-Date: 2005-01-24 21:53-0200\n" +"Last-Translator: Andr Lus Lopes \n" +"Language-Team: Debian-BR Project \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../strongswan.templates:1001 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "o quando antes, \"depois do NFS\", \"depois do PCMCIA\"" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +#, fuzzy +msgid "When to start strongSwan:" +msgstr "Voc deseja reiniciar o Openswan ?" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +#, fuzzy +msgid "" +"There are three possibilities when strongSwan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" +"Com os nveis de inicializao atuais do Debian (quase todos os servios " +"iniciando no nvel 20) impossvel para o Openswan sempre iniciar no " +"momento correto. Existem trs possibilidades para quando iniciar o " +"Openswan : antes ou depois dos servios NFS e depois dos servios PCMCIA. A " +"resposta correta depende se sua configurao especfica." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +#, fuzzy +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start strongSwan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" +"Caso voc no possua sua rvore /usr montada via NFS (voc somente monta " +"outras rvores no vitais via NFS ou no usa rvores montadas via NFS) e no " +"use um carto de rede PCMCIA, a melhor opo iniciar o Openswan o quando " +"antes, permitindo dessa forma que os pontos de montagem NFS estejam " +"protegidos por IPSec. Nesse caso (ou caso voc no compreenda ou no se " +"importe com esse problema), responda \"o quando antes\" para esta pergunta " +"(o que o padro)." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +#, fuzzy +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start strongSwan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" +"Caso voc possua sua rvore /usr montada via NFS e no use um carto de rede " +"PCMCIA, voc precisar iniciar o Openswan depois do NFS de modo que todos os " +"arquivos necessrios estejam disponveis. Nesse caso, responda \"depois do " +"NFS\" para esta pergunta. Por favor, note que a montagem NFS de /usr no " +"poder ser protegida pelo IPSec nesse caso." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" +"Caso voc use um carto de rede PCMCIA para suas conexes IPSec voc " +"precisar somente optar por iniciar o Opensan depois dos servios PCMCIA. " +"Responda \"depois do PCMCIA\" nesse caso. Esta tambm a maneira correta de " +"obter chaves de um servidor DNS sendo executado localmente e com suporte a " +"DNSSec." + +#. Type: boolean +#. Description +#: ../strongswan.templates:2001 +#, fuzzy +msgid "Do you wish to restart strongSwan?" +msgstr "Voc deseja reiniciar o Openswan ?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:2001 +#, fuzzy +msgid "" +"Restarting strongSwan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" +"Reiniciar o Openswan uma boa idia, uma vez que caso exista um correo " +"para uma falha de segurana, o mesmo no ser corrigido at que o daemon " +"seja reiniciado. A maioria das pessoas esperam que o daemon seja reiniciado, " +"portanto essa geralmente uma boa idia. Porm, reiniciar o Openswan pode " +"derrubar conexes existentes, mas posteriormente traz-las de volta." + +#. Type: boolean +#. Description +#: ../strongswan.templates:3001 +#, fuzzy +msgid "Do you wish to support IKEv1?" +msgstr "Voc deseja reiniciar o Openswan ?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:3001 +msgid "" +"strongSwan supports both versions of the Internet Key Exchange protocol, " +"IKEv1 and IKEv2. Do you want to start the \"pluto\" daemon for IKEv1 support " +"when strongSwan is started?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:4001 +#, fuzzy +msgid "Do you wish to support IKEv2?" +msgstr "Voc deseja reiniciar o Openswan ?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:4001 +msgid "" +"strongSwan supports both versions of the Internet Key Exchange protocol, " +"IKEv1 and IKEv2. Do you want to start the \"charon\" daemon for IKEv2 " +"support when strongSwan is started?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +#, fuzzy +msgid "Do you want to create a RSA public/private keypair for this host?" +msgstr "" +"Voc deseja criar um par de chaves RSA pblica/privada para este host ?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" +"Este instalador pode automaticamente criar um par de chaves RSA pblica/" +"privada para este host. Esse par de chaves pode ser usado para autenticar " +"conexes IPSec com outros hosts e a maneira preferida de construir " +"conexes IPSec seguras. A outra possibilidade seria usar segredos " +"compartilhados (senhas que so iguais em ambos os lados do tnel) para " +"autenticar uma conexo, mas para um grande nmero de conexes RSA a " +"autenticao mais fcil de administrar e mais segura." + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +#, fuzzy +msgid "" +"If you do not want to create a new public/private keypair, you can choose to " +"use an existing one." +msgstr "" +"Voc deseja criar um par de chaves RSA pblica/privada para este host ?" + +#. Type: select +#. Choices +#: ../strongswan.templates:6001 +msgid "x509, plain" +msgstr "x509, pura" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +#, fuzzy +msgid "The type of RSA keypair to create:" +msgstr "Qual tipo de par de chaves RSA voc deseja criar ?" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +#, fuzzy +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"strongSwan or to create a X509 certificate file which contains the RSA " +"public key and additionally stores the corresponding private key." +msgstr "" +" possvel criar um par de chaves RSA pblica/privada pura (plain) para uso " +"com o Openswan ou para criar um arquivo de certificado X509 que ir conter a " +"chave RSA pblica e adicionalmente armazenar a chave privada correspondente." + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +#, fuzzy +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"strongSwan, it might be a bit easier using plain RSA keypairs. But if you " +"want to connect to other IPSec implementations, you will need a X509 " +"certificate. It is also possible to create a X509 certificate here and " +"extract the RSA public key in plain format if the other side runs strongSwan " +"without X509 certificate support." +msgstr "" +"Caso voc queira somente construir conexes IPsec para hosts e tambm " +"executar o Openswan, pode ser um pouco mais fcil usar pares de chaves RSA " +"puros (plain). Mas caso voc queira se conectar a outras implementaes " +"IPSec, voc precisar de um certificado X509. tambm possvel criar um " +"certificado X509 aqui e extrair a chave pblica em formato puro (plain) caso " +"o outro lado execute o Openswan sem suporte a certificados X509." + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +#, fuzzy +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in strongSwan anyway." +msgstr "" +"Um certificado X509 recomendado, uma vez que o mesmo mais flexvel e " +"este instalador capaz de simplificar a complexa criao do certificado " +"X509 e seu uso com o Openswan." + +#. Type: boolean +#. Description +#: ../strongswan.templates:7001 +#, fuzzy +msgid "Do you have an existing X509 certificate file for strongSwan?" +msgstr "" +"Voc possui um arquivo de certificado X509 existente que voc gostaria de " +"usar com o Openswan ?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:7001 +#, fuzzy +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. If you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections, then please answer yes." +msgstr "" +"Este instalador pode extrair automaticamente a informao necessria de um " +"certificado X509 existente com uma chave RSA privada adequada. Ambas as " +"partes podem estar em um arquivo, caso estejam no formato PEM. Voc possui " +"um certificado existente e um arquivo de chave e quer us-los para " +"autenticar conexes IPSec ?" + +#. Type: string +#. Description +#: ../strongswan.templates:8001 +#, fuzzy +msgid "File name of your X509 certificate in PEM format:" +msgstr "" +"Por favor, informe a localizao de seu certificado X509 no formato PEM." + +#. Type: string +#. Description +#: ../strongswan.templates:8001 +#, fuzzy +msgid "" +"Please enter the full location of the file containing your X509 certificate " +"in PEM format." +msgstr "" +"Por favor, informe a localizao do arquivo contendo seu certificado X509 no " +"formato PEM." + +#. Type: string +#. Description +#: ../strongswan.templates:9001 +#, fuzzy +msgid "File name of your X509 private key in PEM format:" +msgstr "" +"Por favor, informe a localizao de sua chave privada X509 no formato PEM." + +#. Type: string +#. Description +#: ../strongswan.templates:9001 +#, fuzzy +msgid "" +"Please enter the full location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" +"Por favor, informe a localizao do arquivo contendo a chave privada RSA que " +"casa com seu certificado X509 no formato PEM. Este pode ser o mesmo arquivo " +"que contm o certificado X509." + +#. Type: string +#. Description +#: ../strongswan.templates:10001 +#, fuzzy +msgid "The length of the created RSA key (in bits):" +msgstr "Qual deve ser o tamanho da chave RSA criada ?" + +#. Type: string +#. Description +#: ../strongswan.templates:10001 +#, fuzzy +#| msgid "" +#| "Please enter the length of the created RSA key. it should not be less " +#| "than 1024 bits because this should be considered unsecure and you will " +#| "probably not need anything more than 2048 bits because it only slows the " +#| "authentication process down and is not needed at the moment." +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Por favor, informe o tamanho da chave RSA a ser criada. A mesma no deve ser " +"menor que 1024 bits devido a uma chave de tamanho menor que esse ser " +"considerada insegura. Voc tambm no precisar de nada maior que 2048 " +"porque isso somente deixaria o processo de autenticao mais lento e no " +"seria necessrio no momento." + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +#, fuzzy +msgid "Do you want to create a self-signed X509 certificate?" +msgstr "Deseja criar um certificado X509 auto-assinado ?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +#, fuzzy +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of strongSwan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" +"Este instalador pode criar automaticamente somente certificados X509 auto-" +"assinados, devido a uma autoridade certificadora ser necessria para assinar " +"a requisio de certificado. Caso voc queira criar um certificado auto-" +"assinado, voc poder us-lo imediatamente para conexo com outros hosts " +"IPSec que suportem certificados X509 para autenticao de conexes IPSec. " +"Porm, caso voc queira usar os novos recursos PKI do Openswan verso 1.91 " +"ou superior, voc precisar possuir todos seus certificados X509 assinados " +"por uma nica autoridade certificadora para criar um caminho de confiana." + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +#, fuzzy +#| msgid "" +#| "If you do not want to create a self-signed certificate, then this " +#| "installer will only create the RSA private key and the certificate " +#| "request and you will have to sign the certificate request with your " +#| "certificate authority." +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to get the certificate request signed by your certificate " +"authority." +msgstr "" +"Caso voc no queira criar um certificado auto-assinado, este instalador ir " +"somente criar a chave privada RSA e a requisio de certificado e voc ter " +"ento que assinar a requisio de certificado junto a sua autoridade " +"certificadora." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +#, fuzzy +msgid "Country code for the X509 certificate request:" +msgstr "" +"Por favor, informe o cdigo de pas para a requisio de certificado X509." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" +"Por favor, informe o cdifo de pas de duas letras para seu pas. Esse " +"cdigo ser inserido na requisio de certificado." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" +"Voc realmente precisa informar um cdigo de pas vlido aqui devido ao " +"openssl se recusar a gerar certificados sem um cdigo de pas vlido. Um " +"campo em branco permitido para qualquer outro campo do certificado X.509, " +"mas no para esse campo." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "Example: AT" +msgstr "Exemplo: BR" + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +#, fuzzy +msgid "State or province name for the X509 certificate request:" +msgstr "" +"Por favor, informe o estado ou nome de provncia para a requisio de " +"certificado X509." + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" +"Por favor, informe o nome complete do estado ou provncia em que voc mora. " +"Esse nome ser inserido na requisio de certificado." + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "Example: Upper Austria" +msgstr "Exemplo : Sao Paulo" + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +#, fuzzy +msgid "Locality name for the X509 certificate request:" +msgstr "" +"Por favor, informe o nome da localidade para a requisio de certificado " +"X509." + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" +"Por favor, informe a localidade (ou seja, cidade) onde voc mora. Esse nome " +"ser inserido na requisio de certificado." + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "Example: Vienna" +msgstr "Exemplo : Sao Paulo" + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +#, fuzzy +msgid "Organization name for the X509 certificate request:" +msgstr "" +"Por favor, informe o nome da organizao para a requisio de certificado " +"X509." + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" +"Por favor, informe a organizao (ou seja, a empresa) para a qual este " +"certificado X509 dever ser criado. Esse nome ser inserido na requisio de " +"certificado." + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "Example: Debian" +msgstr "Exemplo : Debian" + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +#, fuzzy +msgid "Organizational unit for the X509 certificate request:" +msgstr "" +"Por favor, informe a unidade organizacional para a requisio de certificado " +"X509." + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Por favor, informe a unidade organizacional (ou seja, seo ou departamento) " +"para a qual este certificado dever ser criado. Esse nome ser inserido na " +"requisio de certificado." + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "Example: security group" +msgstr "Exemplo : Grupo de Segurana" + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +#, fuzzy +msgid "Common name for the X509 certificate request:" +msgstr "Por favor, informe o nome comum para a requisio de certificado X509." + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Por favor, informe o nome comum (ou seja, o nome do host dessa mquina) para " +"o qual o certificado X509 dever ser criado. Esse nome ser inserido na " +"requisio de certificado." + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "Example: gateway.debian.org" +msgstr "Exemplo : gateway.debian.org" + +#. Type: string +#. Description +#: ../strongswan.templates:18001 +#, fuzzy +msgid "Email address for the X509 certificate request:" +msgstr "" +"Por favor, informe o endereo de e-mail para a requisio de certificado " +"X509." + +#. Type: string +#. Description +#: ../strongswan.templates:18001 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" +"Por favor, informe o endereo de e-mail da pessoa ou organizao responsvel " +"pelo certificado X509. Esse endereo ser inserido na requisio de " +"certificado." + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +#, fuzzy +msgid "Do you wish to enable opportunistic encryption in strongSwan?" +msgstr "Voc deseja habilitar a encriptao oportunstica no Openswan ?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +#, fuzzy +msgid "" +"strongSwan comes with support for opportunistic encryption (OE), which " +"stores IPSec authentication information (i.e. RSA public keys) in " +"(preferably secure) DNS records. Until this is widely deployed, activating " +"it will cause a significant slow-down for every new, outgoing connection. " +"Since version 2.0, strongSwan upstream comes with OE enabled by default and " +"is thus likely to break your existing connection to the Internet (i.e. your " +"default route) as soon as pluto (the strongSwan keying daemon) is started." +msgstr "" +"O Openswan suporta encriptao oportunstica (OE), a qual armazena " +"informaes de autenticao IPSec (por exemplo, chaves pblicas RSA) em " +"registros DNS (preferivelmente seguros). At que esse suporte esteja " +"largamento sendo utilizado, ativ-lo ir causar uma signficante lentido " +"para cada nova conexo de sada. Iniciando a partir da verso 2.0, o " +"Openswan, da forma como distribudo pelos desenvolvedores oficiais, " +"fornecido com o suporte a OE habilitado por padro e, portanto, " +"provavelmente ir quebrar suas conexes existentes com a Internet (por " +"exemplo, sua rota padro) to logo o pluto (o daemon de troca de chaves do " +"Openswan) seja iniciado." + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" +"Por favor, informe se voc deseja habilitar o suporte a OE. Em caso de " +"dvidas, no habilite esse suporte." + +#, fuzzy +#~ msgid "Please choose the when to start strongSwan:" +#~ msgstr "Voc deseja reiniciar o Openswan ?" + +#, fuzzy +#~ msgid "At which level do you wish to start strongSwan ?" +#~ msgstr "Em que nvel voc deseja iniciar o Openswan ?" + +#~ msgid "2048" +#~ msgstr "2048" --- strongswan-4.2.4.orig/debian/po/de.po +++ strongswan-4.2.4/debian/po/de.po @@ -0,0 +1,566 @@ +# German translation of strongswan templates +# Helge Kreutzmann , 2007. +# This file is distributed under the same license as the strongswan package. +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan 4.1.4-1\n" +"Report-Msgid-Bugs-To: rmayr@debian.org\n" +"POT-Creation-Date: 2007-07-05 01:24+0100\n" +"PO-Revision-Date: 2007-07-08 12:01+0200\n" +"Last-Translator: Helge Kreutzmann \n" +"Language-Team: German \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../strongswan.templates:1001 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "frhestmglich, nach NFS, nach PCMCIA" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "When to start strongSwan:" +msgstr "Wann soll strongSwan gestartet werden:" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"There are three possibilities when strongSwan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" +"Es gibt drei Mglichkeiten, wann strongSwan starten kann: vor oder nach den " +"NFS-Diensten und nach den PCMCIA-Diensten. Die richtige Antwort hngt von " +"Ihrer spezifischen Einrichtung ab." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start strongSwan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" +"Falls Sie Ihren /usr-Baum nicht ber NFS eingehngt haben (entweder weil Sie " +"nur andere, weniger lebenswichtige Bume ber NFS einhngen, oder falls Sie " +"NFS berhaupt nicht verwenden) und keine PCMCIA-Netzwerkkarte benutzen, ist " +"es am besten, strongSwan so frh wie mglich zu starten und damit durch " +"IPSec gesicherte NFS-Einhngungen zu erlauben. In diesem Fall (oder falls " +"Sie dieses Problem nicht verstehen oder es Ihnen egal ist), antworten Sie " +"frhestmglich (Standardwert) auf diese Frage." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start strongSwan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" +"Falls Sie Ihren /usr-Baum ber NFS eingehngt haben und keine PCMCIA-" +"Netzwerkkarte benutzen, mssen Sie strongSwan nach NFS starten, so dass alle " +"bentigten Dateien verfgbar sind. In diesem Fall antworten Sie nach NFS " +"auf diese Frage. Bitte beachten Sie, dass NFS-Einhngungen von /usr in " +"diesem Fall nicht ber IPSec gesichert werden knnen." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" +"Falls Sie eine PCMCIA-Netzwerkkarte fr Ihre IPSec-Verbindungen benutzen, " +"dann mssen Sie nur auswhlen, dass er nach den PCMCIA-Diensten startet. " +"Antworten Sie in diesem Fall nach PCMCIA. Dies ist auch die richtige " +"Antwort, falls Sie Schlssel von einem lokal laufenden DNS-Server mit DNSSec-" +"Untersttzung abholen wollen." + +#. Type: boolean +#. Description +#: ../strongswan.templates:2001 +msgid "Do you wish to restart strongSwan?" +msgstr "Mchten Sie strongSwan neustarten?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:2001 +msgid "" +"Restarting strongSwan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" +"Es ist eine gute Idee, strongSwan neuzustarten, da eine Sicherheitskorrektur " +"erst nach dem Neustart des Daemons greift. Die meisten Leute erwarten, dass " +"der Daemon neu startet, daher ist diese Wahl eine gute Idee. Er kann " +"allerdings existierende Verbindungen beenden und erneut aufbauen." + +#. Type: boolean +#. Description +#: ../strongswan.templates:3001 +msgid "Do you wish to support IKEv1?" +msgstr "Mchten Sie IKEv1 untersttzen?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:3001 +msgid "" +"strongSwan supports both versions of the Internet Key Exchange protocol, " +"IKEv1 and IKEv2. Do you want to start the \"pluto\" daemon for IKEv1 support " +"when strongSwan is started?" +msgstr "" +"strongSwan untersttzt beide Versionen des Internet Key Exchange-" +"Protokolls (Schlsselaustausch ber Internet), IKEv1 und IKEv2. Mchten Sie " +"den pluto-Daemon fr IKEv1-Untersttzung starten, wenn strongSwan gestartet " +"wird." + +#. Type: boolean +#. Description +#: ../strongswan.templates:4001 +msgid "Do you wish to support IKEv2?" +msgstr "Mchten Sie IKEv2 untersttzen?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:4001 +msgid "" +"strongSwan supports both versions of the Internet Key Exchange protocol, " +"IKEv1 and IKEv2. Do you want to start the \"charon\" daemon for IKEv2 " +"support when strongSwan is started?" +msgstr "" +"strongSwan untersttzt beide Versionen des Internet Key Exchange-" +"Protokolls (Schlsselaustausch ber Internet), IKEv1 und IKEv2. Mchten Sie " +"den charon-Daemon fr IKEv2-Untersttzung starten, wenn strongSwan " +"gestartet wird." + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "Do you want to create a RSA public/private keypair for this host?" +msgstr "" +"Mchten Sie ein ffentlich/privates RSA-Schlsselpaar fr diesen Rechner " +"erstellen?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" +"Das Installationsprogramm kann automatisch ein ffentliches/privates RSA-" +"Schlsselpaar fr diesen Rechner erstellen. Dieses Schlsselpaar kann zur " +"Authentifizierung von IPSec-Verbindungen anderer Rechner verwendet werden " +"und ist die bevorzugte Art, sichere IPSec-Verbindungen aufzubauen. Die " +"andere Mglichkeit besteht darin, vorab-verteilte Geheimnisse (Passwrter, " +"die auf beiden Seiten des Tunnels identisch sind) zur Authentifizierung " +"einer Verbindung zu verwenden, aber fr eine grere Anzahl an Verbindungen " +"ist die RSA-Authentifizierung einfacher zu administrieren und sicherer." + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "" +"If you do not want to create a new public/private keypair, you can choose to " +"use an existing one." +msgstr "" +"Falls Sie kein neues ffentliches/privates Schlsselpaar erstellen wollen, " +"knnen Sie ein existierendes auswhlen." + +#. Type: select +#. Choices +#: ../strongswan.templates:6001 +msgid "x509, plain" +msgstr "x509, einfach" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "The type of RSA keypair to create:" +msgstr "Die Art des RSA-Schlsselpaars, das erstellt werden soll:" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"strongSwan or to create a X509 certificate file which contains the RSA " +"public key and additionally stores the corresponding private key." +msgstr "" +"Es besteht die Mglichkeit, ein einfaches ffentliches/privates " +"Schlsselpaar fr den Einsatz mit strongSwan oder eine X509-Zertifikatsdatei " +"zu erstellen, die den ffentlichen Schlssel und zustzlich den zugehrigen " +"privaten Schlssel enthlt." + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"strongSwan, it might be a bit easier using plain RSA keypairs. But if you " +"want to connect to other IPSec implementations, you will need a X509 " +"certificate. It is also possible to create a X509 certificate here and " +"extract the RSA public key in plain format if the other side runs strongSwan " +"without X509 certificate support." +msgstr "" +"Falls Sie nur IPSec-Verbindungen zu Rechnern aufbauen wollen, auf denen auch " +"strongSwan luft, knnte es etwas einfacher sein, einfache RSA-" +"Schlsselpaare zu verwenden. Falls Sie aber mit anderen IPSec-" +"Implementierungen Verbindungen aufnehmen wollen, bentigen Sie ein X509-" +"Zertifikat. Es besteht auch die Mglichkeit, hier ein X509-Zertifikat zu " +"erstellen und den ffentlichen RSA-Schlssel im einfachen Format zu " +"extrahieren, falls die andere Seite strongSwan ohne X509-" +"Zertifikatsuntersttzung betreibt." + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in strongSwan anyway." +msgstr "" +"Daher wird ein X509-Zertifikat empfohlen, da es flexibler ist und dieses " +"Installationsprogramm in der Lage sein sollte, die komplexe Erstellung des " +"X509-Zertifikates und seinen Einsatz in strongSwan zu verstecken." + +#. Type: boolean +#. Description +#: ../strongswan.templates:7001 +msgid "Do you have an existing X509 certificate file for strongSwan?" +msgstr "Verfgen Sie ber ein existierendes X509-Zertifikat fr strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:7001 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. If you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections, then please answer yes." +msgstr "" +"Dieses Installationsprogramm kann automatisch die bentigten Informationen " +"aus einem existierenden X509-Zertifikat mit passendem privatem RSA-Schlssel " +"extrahieren. Beide Teile knnen in einer Datei sein, falls sie im PEM-Format " +"vorliegt. Falls Sie ber solch ein existierendes Zertifikat und eine solche " +"Schlsseldatei verfgen, und diese fr die Authentifizierung von IPSec-" +"Verbindungen verwenden mchten, stimmen Sie bitte zu." + +#. Type: string +#. Description +#: ../strongswan.templates:8001 +msgid "File name of your X509 certificate in PEM format:" +msgstr "Dateiname Ihres X509-Zertifikates im PEM-Format:" + +#. Type: string +#. Description +#: ../strongswan.templates:8001 +msgid "" +"Please enter the full location of the file containing your X509 certificate " +"in PEM format." +msgstr "" +"Bitte geben Sie den kompletten Ort der Datei an, die Ihr X509-Zertifikat im " +"PEM-Format enthlt." + +#. Type: string +#. Description +#: ../strongswan.templates:9001 +msgid "File name of your X509 private key in PEM format:" +msgstr "Dateiname Ihres privaten X509-Schlssels im PEM-Format:" + +#. Type: string +#. Description +#: ../strongswan.templates:9001 +msgid "" +"Please enter the full location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" +"Bitte geben Sie den kompletten Ort der Datei an, die den privaten RSA-" +"Schlssel enthlt, der zu Ihrem X509-Zertifikat im PEM-Format passt. Dies " +"kann die gleiche Datei sein, die auch das X509-Zertifikat enthlt." + +#. Type: string +#. Description +#: ../strongswan.templates:10001 +msgid "The length of the created RSA key (in bits):" +msgstr "Die Lnge des erstellten RSA-Schlssels (in Bits):" + +#. Type: string +#. Description +#: ../strongswan.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Bitte geben Sie die Lnge des erstellten RSA-Schlssels an. Er sollte nicht " +"krzer als 1024 Bits sein, da dies als unsicher betrachtet werden knnte und " +"Sie bentigen nicht mehr als 2048 Bits, da dies nur den Authentifizierungs-" +"Prozess verlangsamt und derzeit nicht bentigt wird." + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "Do you want to create a self-signed X509 certificate?" +msgstr "Mchten Sie ein selbst-signiertes X509-Zertifikat erstellen?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of strongSwan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" +"Das Installationsprogramm kann nur selbst-signierte X509-Zertifikate " +"automatisch erstellen, da andernfalls eine Zertifizierungsstelle zur " +"Signatur der Zertifikatsanfrage bentigt wird. Falls Sie ein selbst-" +"signiertes Zertifikat erstellen mchten, knnen Sie es sofort zur Verbindung " +"mit anderen IPSec-Rechnern verwenden, die X509-Zertifikate zur " +"Authentifizierung von IPSec-Verbindungen verwenden. Falls Sie allerdings die " +"neuen PKI-Funktionalitten von strongSwan >= 1.91 verwenden mchten, mssen " +"alle X509-Zertifikate von einer einzigen Zertifizierungsstelle signiert " +"sein, um einen vertrauensvollen Pfad zu etablieren." + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to get the certificate request signed by your certificate " +"authority." +msgstr "" +"Falls Sie kein selbst-signiertes Zertifikat erstellen mchten, wird dieses " +"Installationsprogramm nur einen privaten RSA-Schlssel und die " +"Zertifikatsanfrage erstellen und Sie mssen die Zertifikatsanfrage von Ihrer " +"Zertifizierungsstelle signiert bekommen." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "Country code for the X509 certificate request:" +msgstr "Lndercode fr die X509-Zertifizierungsanfrage:" + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" +"Bitte geben Sie den zweibuchstabigen Lndercode fr Ihr Land ein. Dieser " +"Code wird in der Zertifikatsanfrage verwendet." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" +"Sie mssen wirklich einen gltigen Lndercode hier eingeben, da OpenSSL es " +"ablehnen wird, Zertifikate ohne diese zu erstellen. Jedes andere Feld im " +"X509-Zertifikat darf leer bleiben; dieses aber nicht." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "Example: AT" +msgstr "Beispiel: AT" + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "State or province name for the X509 certificate request:" +msgstr "Name des Landes oder der Provinz fr diese X509-Zertifikatsanfrage:" + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" +"Bitte geben Sie den kompletten Namen des Landes oder der Provinz ein, in der " +"Sie leben. Dieser Name wird in der Zertifikatsanfrage verwendet." + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "Example: Upper Austria" +msgstr "Beispiel: Obersterreich" + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "Locality name for the X509 certificate request:" +msgstr "rtlichkeitsangabe fr die X509-Zertifikatsanfrage:" + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" +"Bitte geben Sie die rtlichkeit (z.B. Stadt) ein, in der Sie leben. Dieser " +"Name wird in der Zertifikatsanfrage verwandt." + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "Example: Vienna" +msgstr "Beispiel: Wien" + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "Organization name for the X509 certificate request:" +msgstr "Organisationsname fr die X509-Zertifikatsanfrage:" + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" +"Bitte geben Sie die Organisation (z.B. Firma) ein, fr die das X509-" +"Zertifikat erstellt werden soll. Dieser Name wird in der Zertifikatsanfrage " +"verwandt." + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "Example: Debian" +msgstr "Beispiel: Debian" + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "Organizational unit for the X509 certificate request:" +msgstr "Organisationseinheit fr die X509-Zertifikatsanfrage:" + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Bitte geben Sie die Organisationseinheit (z.B. Bereich) ein, fr die das " +"X509-Zertifikat erstellt werden soll. Dieser Name wird in der " +"Zertifikatsanfrage verwandt." + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "Example: security group" +msgstr "Beispiel: Sicherheitsgruppe" + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "Common name for the X509 certificate request:" +msgstr "Allgemeiner Name fr die X509-Zertifikatsanfrage:" + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Bitte geben Sie den allgemeinen Namen (z.B. den Rechnernamen dieser " +"Maschine) ein, fr den das X509-Zertifikat erstellt werden soll. Dieser Name " +"wird in der Zertifikatsanfrage verwandt." + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "Example: gateway.debian.org" +msgstr "Beispiel: gateway.debian.org" + +#. Type: string +#. Description +#: ../strongswan.templates:18001 +msgid "Email address for the X509 certificate request:" +msgstr "E-Mail-Adresse fr die X509-Zertifikatsanfrage:" + +#. Type: string +#. Description +#: ../strongswan.templates:18001 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" +"Bitte geben Sie die E-Mail-Adresse der Person oder Organisation ein, die fr " +"das X509-Zertifikat verantwortlich ist. Diese Adresse wird in der " +"Zertifikatsanfrage verwandt." + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "Do you wish to enable opportunistic encryption in strongSwan?" +msgstr "Mchten Sie opportunistische Verschlsselung in strongSwan aktivieren?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "" +"strongSwan comes with support for opportunistic encryption (OE), which " +"stores IPSec authentication information (i.e. RSA public keys) in " +"(preferably secure) DNS records. Until this is widely deployed, activating " +"it will cause a significant slow-down for every new, outgoing connection. " +"Since version 2.0, strongSwan upstream comes with OE enabled by default and " +"is thus likely to break your existing connection to the Internet (i.e. your " +"default route) as soon as pluto (the strongSwan keying daemon) is started." +msgstr "" +"strongSwan enthlt Untersttzung fr opportunistische Verschlsselung (OV), " +"die Authentifizierungsinformationen von IPSec (z.B. ffentliche RSA-" +"Schlssel) in DNS-Datenstzen speichert. Solange dies nicht weit verbreitet " +"ist, wird jede neue ausgehende Verbindung signifikant verlangsamt, falls " +"diese Option aktiviert ist. Seit Version 2.0 wird strongSwan von den Autoren " +"mit aktiviertem OV ausgeliefert und wird daher wahrscheinlich Ihre " +"existierenden Verbindungen ins Internet (d.h. Ihre Standard-Route) stren, " +"sobald Pluto (der strongSwan Schlssel-Daemon) gestartet wird." + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" +"Bitte whlen Sie aus, ob Sie OV aktivieren mchten. Falls Sie unsicher sind, " +"aktivieren Sie es nicht." --- strongswan-4.2.4.orig/debian/po/POTFILES.in +++ strongswan-4.2.4/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] strongswan.templates --- strongswan-4.2.4.orig/debian/po/pt.po +++ strongswan-4.2.4/debian/po/pt.po @@ -0,0 +1,555 @@ +# Portuguese translation of strongswan's debconf messages. +# Copyright (C) 2007 +# This file is distributed under the same license as the strongswan package. +# Luísa Lourenço , 2007. +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan 2.8.3-1\n" +"Report-Msgid-Bugs-To: rmayr@debian.org\n" +"POT-Creation-Date: 2007-09-30 12:15+0100\n" +"PO-Revision-Date: 2007-09-30 15:02+0100\n" +"Last-Translator: Luísa Lourenço \n" +"Language-Team: Portuguese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: select +#. Choices +#: ../strongswan.templates:1001 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "o mais cedo possível, \"depois do NFS\", \"depois do PCMCIA\"" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "When to start strongSwan:" +msgstr "Quando iniciar o strongSwan:" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"There are three possibilities when strongSwan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" +"Existem três possibilidades para iniciar o strongSwan: antes ou depois dos " +"serviços NFS e depois dos serviços PCMCIA. A resposta correcta depende da " +"sua configuração." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start strongSwan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" +"Se não tem a sua estrutura /usr montada via NFS (ou apenas outras estruturas " +"montadas, menos vitais, via NFS ou não usa de todo o NFS para estruturas " +"montadas) e não usar uma placa de rede PCMCIA, então é melhor iniciar o " +"strongSwan o mais cedo possível. Permitindo assim aos pontos de montagem NFS " +"serem protegidos por IPSec. Neste caso (ou se não entende ou não quer saber " +"deste assunto), responda \"o mais cedo possível\" a esta questão (é o escolha " +"pré-definida)." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start strongSwan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" +"Se tem o sua estrutura /usr montada via NFS e não usa uma placa de rede " +"PCMCIA, então necessita iniciar o strongSwan depois do NFS para que " +"todos os ficheiros necessários estejam disponíveis. Neste caso, responda " +"\"depois do NFS\" a esta questão. Por favor note que, neste caso, o mount " +"NFS do /usr não pode ser segurado pelo IPSec." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" +"Se usa uma placa de rede PCMCIA para as suas ligações IPSec, então só tem de " +"escolher para iniciar depois do serviços PCMCIA. Responda \"depois do PCMCIA" +"\" neste caso. Esta também é a reposta correcta se quiser obter chaves de um " +"servidor de DNS a correr localmente com suporte para DNSSec." + +#. Type: boolean +#. Description +#: ../strongswan.templates:2001 +msgid "Do you wish to restart strongSwan?" +msgstr "Deseja reiniciar o strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:2001 +msgid "" +"Restarting strongSwan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" +"Reiniciar o strongSwan é boa ideia, visto que se houver uma correcção de " +"segurança, não irá ser aplicada até o daemon reiniciar. A maioria das " +"pessoas espera que o daemon reinicie, por isso isto é geralmente uma boa " +"ideia. No entanto isto poderá deitar abaixo ligações existentes e depois " +"ligar de novo." + +#. Type: boolean +#. Description +#: ../strongswan.templates:3001 +msgid "Do you wish to support IKEv1?" +msgstr "Deseja suporte para o IKEv1?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:3001 +msgid "" +"strongSwan supports both versions of the Internet Key Exchange protocol, " +"IKEv1 and IKEv2. Do you want to start the \"pluto\" daemon for IKEv1 support " +"when strongSwan is started?" +msgstr "" +"O strongSwan suporta ambas as versões do protocolo Internet Key Exchange, " +"IKEv1 e IKEv2. Deseja iniciar o daemon \"pluto\" para suporte ao IKEv1 quando " +"o strongSwan for iniciado?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:4001 +msgid "Do you wish to support IKEv2?" +msgstr "Deseja suporte para o IKEv2?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:4001 +msgid "" +"strongSwan supports both versions of the Internet Key Exchange protocol, " +"IKEv1 and IKEv2. Do you want to start the \"charon\" daemon for IKEv2 " +"support when strongSwan is started?" +msgstr "" +"O strongSwan suporta ambas as versões do protocolo Internet Key Exchange, " +"IKEv1 e IKEv2. Deseja iniciar o daemon \"charon\" para suporte ao IKEv2 quando " +"o strongSwan for iniciado?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "Do you want to create a RSA public/private keypair for this host?" +msgstr "Deseja criar um par de chaves públicas/privadas RSA para esta máquina?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" +"Este instalador pode criar automaticamente um par de chaves públicas/" +"privadas RSA para esta máquina. Este par de chaves pode ser usado para " +"autenticar ligações IPSec a outras máquinas e é o método preferido para " +"criar ligações IPSec seguras. A outra possibilidade seria usar segredos " +"partilhados (palavras chaves que são as mesmas em ambos os sentidos do " +"túnel) para autenticação de uma ligação, mas para um largo número de " +"ligações a autenticação por RSA é mais fácil de administrar e mais segura." + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "" +"If you do not want to create a new public/private keypair, you can choose to " +"use an existing one." +msgstr "" +"Se não quiser criar um novo par de chaves pública/privada, pode escolher " +"usar um já existente." + +#. Type: select +#. Choices +#: ../strongswan.templates:6001 +msgid "x509, plain" +msgstr "x509, simples" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "The type of RSA keypair to create:" +msgstr "O tipo de par de chaves RSA a criar:" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"strongSwan or to create a X509 certificate file which contains the RSA " +"public key and additionally stores the corresponding private key." +msgstr "" +"É possível criar um par de chaves pública/privada RSA simples para uso com o " +"strongSwan ou criar um ficheiro certificado X509 que contenha a chave " +"pública RSA e que adicionalmente guarde a correspondente chave privada." + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"strongSwan, it might be a bit easier using plain RSA keypairs. But if you " +"want to connect to other IPSec implementations, you will need a X509 " +"certificate. It is also possible to create a X509 certificate here and " +"extract the RSA public key in plain format if the other side runs strongSwan " +"without X509 certificate support." +msgstr "" +"Se só quiser criar ligações IPSec para máquinas também a correr o " +"strongSwan, poderá ser um pouco mais fácil usar pares de chaves RSA simples. " +"Mas se quiser ligar a outras implementações IPSec, irá precisar de um " +"certificado X509. Também é possível criar aqui um certificado X509 e extrair " +"a chave pública RSA em formato simples se o outro lado correr o strongSwan " +"sem suporte para certificados X509." + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in strongSwan anyway." +msgstr "" +"Assim sendo um certificado X509 é recomendado visto ser mais flexível e este " +"instalador deve ser capaz de esconder a criação complexa do certificado X509 " +"e o seu uso no strongSwan de qualquer das maneiras." + +#. Type: boolean +#. Description +#: ../strongswan.templates:7001 +msgid "Do you have an existing X509 certificate file for strongSwan?" +msgstr "Tem um ficheiro de certificado X509 existente para o strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:7001 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. If you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections, then please answer yes." +msgstr "" +"Este instalador pode extrair automaticamente a informação necessária a " +"partir de um certificado X509 existente com uma chave privada RSA que " +"coincida. Ambas as partes podem estar num ficheiro, se estiver no formato " +"PEM. Se tiver tal ficheiro de certificado e chave existente e quiser usar " +"para autenticar conexões IPSec, então por favor responda sim." + +#. Type: string +#. Description +#: ../strongswan.templates:8001 +msgid "File name of your X509 certificate in PEM format:" +msgstr "Nome de ficheiro para o seu certificado X509 em formato PEM:" + +#. Type: string +#. Description +#: ../strongswan.templates:8001 +msgid "" +"Please enter the full location of the file containing your X509 certificate " +"in PEM format." +msgstr "" +"Por favor insira a localização completa do ficheiro que contém o seu certificado " +"X509 em formato PEM." + +#. Type: string +#. Description +#: ../strongswan.templates:9001 +msgid "File name of your X509 private key in PEM format:" +msgstr "Nome do ficheiro da sua chave privada X509 em formato PEM:" + +#. Type: string +#. Description +#: ../strongswan.templates:9001 +msgid "" +"Please enter the full location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" +"Por favor insira a localização completa do ficheiro que contém a chave " +"privada RSA que coincide com o seu certificado X509 em formato PEM. Este " +"pode ser o mesmo ficheiro que contém o certificado X509." + +#. Type: string +#. Description +#: ../strongswan.templates:10001 +msgid "The length of the created RSA key (in bits):" +msgstr "O tamanho da chave RSA criada (em bits):" + +#. Type: string +#. Description +#: ../strongswan.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Por favor insira o tamanho da chave RSA criada. Não deve ser menos do que 1024 " +"bits porque seria considerada insegura e não irá provavelmente necessitar de " +"mais do que 2048 bits porque só torna o processo de autenticação mais lento e " +"não é necessário de momento." + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "Do you want to create a self-signed X509 certificate?" +msgstr "Deseja criar um certificado X509 auto-assinado?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of strongSwan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" +"Este instalador só pode criar automaticamente certificados X509 auto-" +"assinados, porque de outra forma seria necessária uma autoridade de " +"certificados para assinar o pedido de certificado. Se quiser criar um " +"certificado auto-assinado, poderá usá-lo imediatamente para ligar a outras " +"máquinas IPSec que suportem certificados X509 para autenticação de ligações " +"IPSec. No entanto, se quiser usar as novas funcionalidades PKI do strongSwan " +">= 1.91, irá precisar de ter todos os certificados X509 assinados por uma só " +"autoridade de certificados para criar um caminho de confiança." + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to get the certificate request signed by your certificate " +"authority." +msgstr "" +"Se não quiser criar um certificado auto-assinado, então este instalador só " +"irá criar a chave privada RSA e o pedido de certificado e você terá que " +"ter o pedido de certificado assinado pela sua autoridade de certificados." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "Country code for the X509 certificate request:" +msgstr "Código de país para o pedido de certificado X509:" + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" +"Por favor insira o código do país, de 2 letras, correspondente ao seu país. " +"Este código será colocado no pedido de certificado." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" +"Tem mesmo de inserir aqui um código de país válido, porque o openssl irá " +"recusar gerar certificados sem um. Um campo vazio é permitido para qualquer " +"outro campo do certificado X.509, mas não para este." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "Example: AT" +msgstr "Exemplo: PT" + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "State or province name for the X509 certificate request:" +msgstr "Estado ou nome da província para o pedido do certificado X509:" + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" +"Por favor insira o nome completo do estado ou província em que vive. Este " +"nome será colocado no pedido de certificado." + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "Example: Upper Austria" +msgstr "Exemplo: Trás-os-Montes" + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "Locality name for the X509 certificate request:" +msgstr "Nome da localidade para o pedido de certificado X509:" + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" +"Por favor insira a localidade (ex. cidade) onde vive. Este nome irá ser " +"colocado no pedido de certificado." + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "Example: Vienna" +msgstr "Exemplo: Vila Real" + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "Organization name for the X509 certificate request:" +msgstr "Nome da organização para o pedido de certificado X509:" + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" +"Por favor insira a organização (ex. firma) para o qual o certificado " +"X509 deve ser criado. Este nome irá ser colocado no pedido de certificado." + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "Example: Debian" +msgstr "Exemplo: Debian" + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "Organizational unit for the X509 certificate request:" +msgstr "Unidade da organização para o pedido de certificado X509:" + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Por favor insira a unidade da organização (ex. departamento) para o qual o " +"certificado X509 deve ser criado. Este nome irá ser colocado no pedido de " +"certificado." + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "Example: security group" +msgstr "Exemplo: grupo de segurança" + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "Common name for the X509 certificate request:" +msgstr "Nome comum para o pedido de certificado X509:" + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Por favor insira o nome comum (ex. o nome desta máquina) para o qual o " +"certificado X509 deve ser criado. Este nome irá ser colocado no pedido de " +"certificado." + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "Example: gateway.debian.org" +msgstr "Exemplo: gateway.debian.org" + +#. Type: string +#. Description +#: ../strongswan.templates:18001 +msgid "Email address for the X509 certificate request:" +msgstr "Endereço de email para o pedido de certificado X509:" + +#. Type: string +#. Description +#: ../strongswan.templates:18001 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" +"Por favor insira o endereço de email da pessoa ou organização que é " +"responsável pelo certificado X509. Este endereço irá ser colocado no pedido " +"de certificado." + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "Do you wish to enable opportunistic encryption in strongSwan?" +msgstr "Deseja activar encriptação oportunística no strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "" +"strongSwan comes with support for opportunistic encryption (OE), which " +"stores IPSec authentication information (i.e. RSA public keys) in " +"(preferably secure) DNS records. Until this is widely deployed, activating " +"it will cause a significant slow-down for every new, outgoing connection. " +"Since version 2.0, strongSwan upstream comes with OE enabled by default and " +"is thus likely to break your existing connection to the Internet (i.e. your " +"default route) as soon as pluto (the strongSwan keying daemon) is started." +msgstr "" +"O strongSwan vem com suporte para encriptação oportunística (OE), a qual " +"guarda informação de autenticação IPSec (i.e. chaves públicas RSA) em " +"(preferêncialmente seguros) registos DNS. Até que isto seja largamente " +"espalhado, activá-lo irá causar um abrandamento significativo para cada " +"nova, ligação de saída. Desde a versão 2.0, upstream, o strongSwan vem com o " +"OE activado por omissão e é por isso provável deitar abaixo a sua ligação " +"existente à internet (i.e a sua rota por omissão) assim que o pluto (o " +"keying daemon do strongSwan) for iniciado." + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" +"Por favor escolha se quer activar ou não o suporte para OE. Se não tiver a " +"certeza, não o active." --- strongswan-4.2.4.orig/debian/po/nl.po +++ strongswan-4.2.4/debian/po/nl.po @@ -0,0 +1,585 @@ +# translation of strongswan_2.7.3+dfsg-1_nl.po to Dutch +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +# Luk Claes , 2005 +# Kurt De Bree , 2006. +# +msgid "" +msgstr "" +"Project-Id-Version: strongswan_2.7.3+dfsg-1_nl\n" +"Report-Msgid-Bugs-To: rmayr@debian.org\n" +"POT-Creation-Date: 2007-07-05 01:24+0100\n" +"PO-Revision-Date: 2006-09-28 19:50+0200\n" +"Last-Translator: Kurt De Bree \n" +"Language-Team: Dutch \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.9.1\n" + +#. Type: select +#. Choices +#: ../strongswan.templates:1001 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "\"zo vroeg mogelijk\", \"na NFS\", \"na PCMCIA\"" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "When to start strongSwan:" +msgstr "Wanneer moet strongSwan herstarten:" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"There are three possibilities when strongSwan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" +"Er zijn drie mogelijkheden wanneer stronSwan kan starten: vóór of na de NFS-" +"diensten en na de PCMCIA-diensten. Het juiste antwoord is afhankelijk van uw " +"specifieke installatie." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start strongSwan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" +"Als u uw /usr-boom niet via NFS heeft aangekoppeld (u koppelt enkel andere, " +"minder vitale bomen via NFS of u gebruikt NFS helemaal niet om bomen aan te " +"koppelen) en u gebruikt geen PCMCIA-netwerkkaart, dan is het best om " +"strongSwan zo vroeg mogelijk te starten, dus toe te staan van de NFS-" +"aankoppelingen te beveiligen door IPSec. In dit geval (of als u deze zaak " +"niet verstaat of het u niet uitmaakt), antwoord dan \"zo vroeg mogelijk\" op " +"deze vraag (de standaard)." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start strongSwan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" +"Als u uw /usr-boom via NFS heeft aangekoppeld en u gebruikt geen PCMCIA-" +"netwerkkaart, dan zult u strongSwan moeten starten na NFS zodat alle nodige " +"bestanden aanwezig zijn. In dit geval, antwoord \"na NFS\" op deze vraag. " +"Merk op dat in dit geval de NFS-aankoppeling van /usr niet kan worden " +"beveiligd door IPSec." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" +"Als u een PCMCIA-netwerkkaart gebruikt voor uw IPSec-verbindingen, dan hebt " +"u enkel de keuze om te starten na de PCMCIA-diensten. Antwoord in dit geval " +"\"na PCMCIA\". Dit is ook het correcte antwoord als u sleutels wilt afhalen " +"van een lokaal draaiende DNS-server met DNSSec-ondersteuning." + +#. Type: boolean +#. Description +#: ../strongswan.templates:2001 +msgid "Do you wish to restart strongSwan?" +msgstr "Wilt u strongSwan herstarten?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:2001 +msgid "" +"Restarting strongSwan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" +"strongSwan herstarten is een goed idee omdat als er een " +"veiligheidsherstelling is, het pas echt hersteld zal zijn vanaf dat de " +"achtergronddienst is herstart. De meeste mensen verwachten dat de " +"achtergronddienst herstart, dus dit is meestal een goed idee. Hoewel, dit " +"kan bestaande verbindingen verbreken en ze dan opnieuw herstellen." + +#. Type: boolean +#. Description +#: ../strongswan.templates:3001 +#, fuzzy +msgid "Do you wish to support IKEv1?" +msgstr "Wilt u strongSwan herstarten?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:3001 +msgid "" +"strongSwan supports both versions of the Internet Key Exchange protocol, " +"IKEv1 and IKEv2. Do you want to start the \"pluto\" daemon for IKEv1 support " +"when strongSwan is started?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:4001 +#, fuzzy +msgid "Do you wish to support IKEv2?" +msgstr "Wilt u strongSwan herstarten?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:4001 +msgid "" +"strongSwan supports both versions of the Internet Key Exchange protocol, " +"IKEv1 and IKEv2. Do you want to start the \"charon\" daemon for IKEv2 " +"support when strongSwan is started?" +msgstr "" + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "Do you want to create a RSA public/private keypair for this host?" +msgstr "Wilt u een publiek/privaat RSA-sleutelpaar aanmaken voor deze host?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" +"Deze installatie kan automatisch een publiek/privaat RSA-sleutelpaar " +"aanmaken voor deze host. Dit sleutelpaar kan worden gebruikt om IPSec-" +"verbinden naar andere hosts te authenticeren en is de aanbevolen manier om " +"veilige IPSec-verbindingen op te zetten. De andere mogelijkheid zou zijn om " +"gedeelde geheimen (wachtwoorden die aan beide kanten van de tunnel hetzelfde " +"zijn) te gebruiken voor het authenticeren van een verbinding, maar voor een " +"groter aantal verbindingen is RSA-authenticatie makkelijker te beheren en " +"veiliger." + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "" +"If you do not want to create a new public/private keypair, you can choose to " +"use an existing one." +msgstr "" +"Indien u geen nieuw publiek/privaat sleutelpaar wenst aan te maken, kunt u " +"een bestaand sleutelpaar kiezen." + +#. Type: select +#. Choices +#: ../strongswan.templates:6001 +msgid "x509, plain" +msgstr "x509, gewoon" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "The type of RSA keypair to create:" +msgstr "Aan te maken type RSA-sleutelpaar:" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"strongSwan or to create a X509 certificate file which contains the RSA " +"public key and additionally stores the corresponding private key." +msgstr "" +"Het is mogelijk om een gewoon publiek/privaat RSA-sleutelpaar aan te maken " +"om te gebruiken met strongSwan of om een X509-certificaatbestand aan te " +"maken die de publieke RSA-sleutel bevat en de corresponderende private " +"sleutel te bewaren." + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"strongSwan, it might be a bit easier using plain RSA keypairs. But if you " +"want to connect to other IPSec implementations, you will need a X509 " +"certificate. It is also possible to create a X509 certificate here and " +"extract the RSA public key in plain format if the other side runs strongSwan " +"without X509 certificate support." +msgstr "" +"Als u enkel IPSec-verbindingen wilt opzetten naar hosts die ook strongSwan " +"draaien, dan is het misschien een beetje gemakkelijker om gewone RSA-" +"sleutelparen te gebruiken. Maar als u verbindingen wilt leggen met andere " +"IPSec-implementaties, dan zult u een X509-certificaat nodig hebben. Het is " +"ook mogelijk om hier een X509-certificaat aan te maken en de publieke RSA-" +"sleutel te extraheren in een gewoon formaat als de andere kant strongSwan " +"draait zonder X509-certificaatondersteuning." + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in strongSwan anyway." +msgstr "" +"Daarom wordt een X509-certificaat aanbevolen omdat het flexibeler is en deze " +"installatie moet de complexe creatie van een X509-certificaat kunnen " +"verbergen en het toch in strongSwan kunnen gebruiken." + +#. Type: boolean +#. Description +#: ../strongswan.templates:7001 +msgid "Do you have an existing X509 certificate file for strongSwan?" +msgstr "" +"Hebt u een bestaand X509-certificaatbestand dat u voor strongSwan wilt " +"gebruiken?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:7001 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. If you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections, then please answer yes." +msgstr "" +"Deze installatie kan de benodigde informatie automatisch extraheren van een " +"bestaand X509-certificaat met een bijhorende private RSA-sleutel. Beide " +"delen kunnen in één bestand zijn, als het in PEM-formaat is. Hebt u zo'n " +"bestaand certificaat en een sleutelbestand; en wilt u het voor de " +"authenticatie van IPSec-verbindingen gebruiken, antwoord dan met 'ja'" + +#. Type: string +#. Description +#: ../strongswan.templates:8001 +msgid "File name of your X509 certificate in PEM format:" +msgstr "Bestandsnaam van uw X509-certificaat in PEM-formaat:" + +#. Type: string +#. Description +#: ../strongswan.templates:8001 +#, fuzzy +#| msgid "" +#| "Please enter the full location of the file containing your X509 " +#| "certificate in PEM format." +msgid "" +"Please enter the full location of the file containing your X509 certificate " +"in PEM format." +msgstr "" +"Geef de volledige locatie van het bestand dat uw X509-certificaat in PEM-" +"formaat bevat." + +#. Type: string +#. Description +#: ../strongswan.templates:9001 +msgid "File name of your X509 private key in PEM format:" +msgstr "Bestandsnaam van uw private X509-sleutel in PEM-formaat:" + +#. Type: string +#. Description +#: ../strongswan.templates:9001 +msgid "" +"Please enter the full location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" +"Geef de volledige locatie van het bestand dat uw private RSA-sleutel bevat " +"die behoort bij uw X509-certificaat in PEM-formaat. Dit kan hetzelfde " +"bestand zijn als dat wat uw X509-certificaat bevat." + +#. Type: string +#. Description +#: ../strongswan.templates:10001 +msgid "The length of the created RSA key (in bits):" +msgstr "Lengte van de aangemaakte RSA-sleutel (in bits):" + +#. Type: string +#. Description +#: ../strongswan.templates:10001 +#, fuzzy +#| msgid "" +#| "Please enter the length of the created RSA key. it should not be less " +#| "than 1024 bits because this should be considered unsecure and you will " +#| "probably not need anything more than 2048 bits because it only slows the " +#| "authentication process down and is not needed at the moment." +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Geef de lengte van de aangemaakte RSA-sleutel. Het mag niet minder dan 1024 " +"bits zijn omdat dit als onveilig wordt beschouwd en u zult waarschijnlijk " +"niet meer dan 2048 bits nodig hebben omdat het enkel het authenticatieproces " +"vertraagt en op dit moment niet nodig is." + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "Do you want to create a self-signed X509 certificate?" +msgstr "Wilt u een door uzelf getekend X509-certificaat aanmaken?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of strongSwan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" +"Deze installatie kan enkel een door uzelf getekend X509-certificaat " +"automatischaanmaken omdat anders een certificaatautoriteit nodig is om de " +"certificaataanvraag te tekenen. Als u een door uzelf getekend certificaat " +"wilt aanmaken, dan kunt u het onmiddellijk gebruiken om een verbinding te " +"leggen met andere IPSec-hosts die X509-certificaten ondersteunen voor IPSec-" +"verbindingen. Hoewel, als u de nieuwe PKI-mogelijkheden wilt gebruiken van " +"strongSwan >= 1.91, dan zult u alle X509-certificaten moeten laten tekenen " +"door één enkele certificaatautoriteit om een vertrouwenspad aan te maken." + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +#, fuzzy +#| msgid "" +#| "If you do not want to create a self-signed certificate, then this " +#| "installer will only create the RSA private key and the certificate " +#| "request and you will have to sign the certificate request with your " +#| "certificate authority." +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to get the certificate request signed by your certificate " +"authority." +msgstr "" +"Als u geen door uzelf getekend certificaat wilt aanmaken, dan zal deze " +"installatie enkel de private RSA-sleutel en de certificaataanvraag aanmaken " +"en u zult de certificaataanvraag moeten laten tekenen door uw " +"certificaatautoriteit." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "Country code for the X509 certificate request:" +msgstr "Landcode van de X509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" +"Geef de 2-letterige landcode voor uw land. Deze code zal in de " +"certificaataanvraag worden geplaatst." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" +"U moet hier wel een geldige landcode opgeven omdat openssl anders zal " +"weigeren om een certificaat aan te maken. Er is voor elke veld van het X509-" +"certificaat een leeg veld toegestaan, maar niet voor dit veld." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "Example: AT" +msgstr "Voorbeeld: BE" + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "State or province name for the X509 certificate request:" +msgstr "Staat of provincie voor de X509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" +"Geef de volledige naam van de staat of provincie waarin u woont. Deze naam " +"zal in de certificaataanvraag worden geplaatst." + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "Example: Upper Austria" +msgstr "Voorbeeld: Limburg" + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "Locality name for the X509 certificate request:" +msgstr "Plaatsnaam voor de X509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" +"Geef de plaatsnaam (v.b. stad) waar u woont. Deze naam zal in de " +"certificaataanvraag worden geplaatst." + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "Example: Vienna" +msgstr "Voorbeeld: Genk" + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "Organization name for the X509 certificate request:" +msgstr "Naam van de organisatie voor de X509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" +"Geef de organisatie (v.b. bedrijf) waarvoor het X509-certificaat wordt " +"aangemaakt. Deze naam zal in de certicicaataanvraag worden geplaatst." + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "Example: Debian" +msgstr "Voorbeeld: Debian" + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "Organizational unit for the X509 certificate request:" +msgstr "Organisatie-eenheid voor de X509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Geef de organisatie-eenheid (v.b. dienst) waarvoor het X509-certificaat " +"wordt aangemaakt. Deze naam zal in de certificaataanvraag worden geplaatst." + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "Example: security group" +msgstr "Voorbeeld: dienst veiligheid" + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "Common name for the X509 certificate request:" +msgstr "Naam voor de X509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Geef de naam (v.b. computernaam van deze machine) waarvoor het X509-" +"certificaat wordt aangemaakt. Deze naam zal in de certificaataanvraag worden " +"geplaatst." + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "Example: gateway.debian.org" +msgstr "Voorbeeld: gateway.debian.org" + +#. Type: string +#. Description +#: ../strongswan.templates:18001 +msgid "Email address for the X509 certificate request:" +msgstr "E-mailadres voor de X509-certificaataanvraag:" + +#. Type: string +#. Description +#: ../strongswan.templates:18001 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" +"Geef het e-mailadres van de persoon of organisatie die verantwoordelijk is " +"voor het X509-certificaat. Dit adres zal in de certificaataanvraag worden " +"geplaatst." + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "Do you wish to enable opportunistic encryption in strongSwan?" +msgstr "Wilt u opportunistische encryptie aanschakelen in strongSwan?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "" +"strongSwan comes with support for opportunistic encryption (OE), which " +"stores IPSec authentication information (i.e. RSA public keys) in " +"(preferably secure) DNS records. Until this is widely deployed, activating " +"it will cause a significant slow-down for every new, outgoing connection. " +"Since version 2.0, strongSwan upstream comes with OE enabled by default and " +"is thus likely to break your existing connection to the Internet (i.e. your " +"default route) as soon as pluto (the strongSwan keying daemon) is started." +msgstr "" +"strongSwan heeft ondersteuning voor opportunistische encryptie (OE) die " +"IPSec-authenticatie-informatie (v.b. publieke RSA-sleutels) bewaart in " +"(liefst veilige) DNS-records. Totdat dit veelvuldig wordt toegepast zal dit " +"activeren een significante vertraging veroorzaken voor elke nieuwe uitgaande " +"verbinding. Omdat versie 2.0 van strongSwan standaard OE heeft " +"aangeschakeld, wordt dus waarschijnlijk uw bestaande verbinding met het " +"Internet (v.b. uw standaard route) verbroken vanaf dat pluto (de strongSwan-" +"sleutelringachtergronddienst) wordt gestart." + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" +"Kiest of u OE-ondersteuning wilt aanschakelen. Indien onzeker, schakel het " +"dan niet aan." --- strongswan-4.2.4.orig/debian/po/fr.po +++ strongswan-4.2.4/debian/po/fr.po @@ -0,0 +1,572 @@ +# Translation of strongswan debconf templates to French +# Copyright (C) 2005-2007 Christian Perrier +# This file is distributed under the same license as the strongswan package. +# +# Christian Perrier , 2005-2007. +msgid "" +msgstr "" +"Project-Id-Version: strongswan\n" +"Report-Msgid-Bugs-To: rmayr@debian.org\n" +"POT-Creation-Date: 2007-07-05 01:24+0100\n" +"PO-Revision-Date: 2007-07-05 07:28+0200\n" +"Last-Translator: Christian Perrier \n" +"Language-Team: French \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: Plural-Forms: nplurals=2; plural=n>1;\n" + +#. Type: select +#. Choices +#: ../strongswan.templates:1001 +msgid "earliest, \"after NFS\", \"after PCMCIA\"" +msgstr "Le plus tôt possible, Après NFS, Après PCMCIA" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "When to start strongSwan:" +msgstr "Moment de démarrage de strongSwan :" + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"There are three possibilities when strongSwan can start: before or after the " +"NFS services and after the PCMCIA services. The correct answer depends on " +"your specific setup." +msgstr "" +"Il existe trois moments où il est opportun de démarrer strongSwan : avant ou " +"après les services NFS, ou après les services PCMCIA. La réponse appropriée " +"dépend de vos réglages spécifiques." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you do not have your /usr tree mounted via NFS (either you only mount " +"other, less vital trees via NFS or don't use NFS mounted trees at all) and " +"don't use a PCMCIA network card, then it's best to start strongSwan at the " +"earliest possible time, thus allowing the NFS mounts to be secured by IPSec. " +"In this case (or if you don't understand or care about this issue), answer " +"\"earliest\" to this question (the default)." +msgstr "" +"Si votre arborescence /usr n'est pas un montage NFS (soit parce que vos " +"montages NFS sont à d'autres endroits, moins critiques, soit parce que vous " +"n'utilisez pas du tout de montage NFS) et si vous n'utilisez pas de carte " +"réseau PCMCIA, il est préférable de démarrer strongSwan le plus tôt " +"possible, ce qui permettra de sécuriser les montages NFS avec IPSec. Dans ce " +"cas (ou bien si vous ne comprenez pas l'objet de la question ou qu'elle ne " +"vous concerne pas), choisissez « le plus tôt possible », qui est le choix " +"par défaut." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you have your /usr tree mounted via NFS and don't use a PCMCIA network " +"card, then you will need to start strongSwan after NFS so that all necessary " +"files are available. In this case, answer \"after NFS\" to this question. " +"Please note that the NFS mount of /usr can not be secured by IPSec in this " +"case." +msgstr "" +"Si /usr est un montage NFS et que vous n'utilisez pas de carte réseau " +"PCMCIA, vous devrez alors démarrer strongSwan après les services NFS afin " +"que tous les fichiers nécessaires soient disponibles. Dans ce cas, " +"choisissez « Après NFS ». Veuillez noter que le montage NFS de /usr n'est " +"alors pas sécurisé par IPSec." + +#. Type: select +#. Description +#: ../strongswan.templates:1002 +msgid "" +"If you use a PCMCIA network card for your IPSec connections, then you only " +"have to choose to start it after the PCMCIA services. Answer \"after PCMCIA" +"\" in this case. This is also the correct answer if you want to fetch keys " +"from a locally running DNS server with DNSSec support." +msgstr "" +"Si vous utilisez une carte PCMCIA pour vos connexions IPSec, votre seul " +"choix possible est le démarrage après les services PCMCIA. Choisissez alors " +"« Après PCMCIA ». Faites également ce choix si vous souhaitez récupérer les " +"clés d'authentification sur un serveur DNS reconnaissant DNSSec." + +#. Type: boolean +#. Description +#: ../strongswan.templates:2001 +msgid "Do you wish to restart strongSwan?" +msgstr "Souhaitez-vous redémarrer strongSwan ?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:2001 +msgid "" +"Restarting strongSwan is a good idea, since if there is a security fix, it " +"will not be fixed until the daemon restarts. Most people expect the daemon " +"to restart, so this is generally a good idea. However this might take down " +"existing connections and then bring them back up." +msgstr "" +"Redémarrer strongSwan est préférable car un éventuel correctif de sécurité " +"ne prendra effet que si le démon est redémarré. La plupart des utilisateurs " +"s'attendent à ce que le démon redémarre et c'est donc le plus souvent le " +"meilleur choix. Cependant, cela pourrait interrompre provisoirement des " +"connexions en cours." + +#. Type: boolean +#. Description +#: ../strongswan.templates:3001 +msgid "Do you wish to support IKEv1?" +msgstr "Souhaitez-vous gérer IKE v1 ?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:3001 +msgid "" +"strongSwan supports both versions of the Internet Key Exchange protocol, " +"IKEv1 and IKEv2. Do you want to start the \"pluto\" daemon for IKEv1 support " +"when strongSwan is started?" +msgstr "" +"StrongSwan gère les versions 1 et 2 du protocole d'échange de clés sur " +"Internet (IKE : « Internet Key Exchange »). Veuillez indiquer si le démon " +"« pluto », qui gère la version 1 du protocole, doit être lancé au démarrage " +"de strongSwan." + +#. Type: boolean +#. Description +#: ../strongswan.templates:4001 +msgid "Do you wish to support IKEv2?" +msgstr "Souhaitez-vous gérer IKE v2 ?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:4001 +msgid "" +"strongSwan supports both versions of the Internet Key Exchange protocol, " +"IKEv1 and IKEv2. Do you want to start the \"charon\" daemon for IKEv2 " +"support when strongSwan is started?" +msgstr "" +"StrongSwan gère les versions 1 et 2 du protocole d'échange de clés sur " +"Internet (IKE : « Internet Key Exchange »). Veuillez indiquer si le démon " +"« charon », qui gère la version 2 du protocole, doit être lancé au démarrage " +"de strongSwan." + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "Do you want to create a RSA public/private keypair for this host?" +msgstr "" +"Souhaitez-vous créer une paire de clés RSA publique et privée pour cet hôte ?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "" +"This installer can automatically create a RSA public/private keypair for " +"this host. This keypair can be used to authenticate IPSec connections to " +"other hosts and is the preferred way for building up secure IPSec " +"connections. The other possibility would be to use shared secrets (passwords " +"that are the same on both sides of the tunnel) for authenticating an " +"connection, but for a larger number of connections RSA authentication is " +"easier to administer and more secure." +msgstr "" +"Cet outil d'installation peut créer automatiquement une paire de clés RSA " +"publique et privée pour cet hôte. Cette paire de clés peut servir à " +"authentifier des connexions IPSec vers d'autres hôtes. Cette méthode est la " +"méthode conseillée pour l'établissement de liaisons IPSec sûres. L'autre " +"possibilité d'authentification à la connexion est l'utilisation d'un secret " +"partagé (« pre-shared key » : des mots de passe identiques aux deux " +"extrémités du tunnel). Toutefois, pour de nombreuses connexions, " +"l'authentification RSA est plus simple à administrer et plus sûre." + +#. Type: boolean +#. Description +#: ../strongswan.templates:5001 +msgid "" +"If you do not want to create a new public/private keypair, you can choose to " +"use an existing one." +msgstr "" +"Si vous ne souhaitez pas créer une paire de clés publique et privée, vous " +"pouvez choisir d'en utiliser une existante." + +#. Type: select +#. Choices +#: ../strongswan.templates:6001 +msgid "x509, plain" +msgstr "X509, Simple paire" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "The type of RSA keypair to create:" +msgstr "Type de paire de clés RSA à créer :" + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"It is possible to create a plain RSA public/private keypair for use with " +"strongSwan or to create a X509 certificate file which contains the RSA " +"public key and additionally stores the corresponding private key." +msgstr "" +"Il est possible de créer une simple paire de clés destinée à être utilisée " +"avec strongSwan ou de créer un fichier de certificat X509 qui contient la " +"clé publique RSA et de conserver la clé privée correspondante par ailleurs." + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"If you only want to build up IPSec connections to hosts also running " +"strongSwan, it might be a bit easier using plain RSA keypairs. But if you " +"want to connect to other IPSec implementations, you will need a X509 " +"certificate. It is also possible to create a X509 certificate here and " +"extract the RSA public key in plain format if the other side runs strongSwan " +"without X509 certificate support." +msgstr "" +"Si vous ne prévoyez d'établir des connexions IPSec qu'avec des hôtes " +"utilisant strongSwan, il sera probablement plus facile d'utiliser des clés " +"RSA simples. Mais si vous souhaitez vous connecter à des hôtes utilisant " +"d'autres implémentations d'IPSec, vous aurez besoin d'un certificat X509. Il " +"est également possible de créer un certificat X509 puis d'en extraire une " +"simple clé publique RSA, si l'autre extrémité de la connexion utilise " +"Openswan sans la gestion des certificats X509." + +#. Type: select +#. Description +#: ../strongswan.templates:6002 +msgid "" +"Therefore a X509 certificate is recommended since it is more flexible and " +"this installer should be able to hide the complex creation of the X509 " +"certificate and its use in strongSwan anyway." +msgstr "" +"Ainsi, il vous est conseillé d'utiliser un certificat X509 car cette méthode " +"est plus souple. Cet outil d'installation devrait vous simplifier la tâche " +"de création et d'utilisation de ce certificat X509 avec strongSwan." + +#. Type: boolean +#. Description +#: ../strongswan.templates:7001 +msgid "Do you have an existing X509 certificate file for strongSwan?" +msgstr "" +"Possédez-vous un fichier de certificat X509 existant à utiliser avec " +"strongSwan ?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:7001 +msgid "" +"This installer can automatically extract the needed information from an " +"existing X509 certificate with a matching RSA private key. Both parts can be " +"in one file, if it is in PEM format. If you have such an existing " +"certificate and key file and want to use it for authenticating IPSec " +"connections, then please answer yes." +msgstr "" +"Cet outil d'installation est capable d'extraire automatiquement " +"l'information nécessaire d'un fichier de certificat X509 existant, avec la " +"clé privée RSA correspondante. Les deux parties peuvent se trouver dans un " +"seul fichier, s'il est en format PEM. Indiquez si vous possédez un tel " +"certificat ainsi que la clé privée, et si vous souhaitez vous en servir pour " +"l'authentification des connexions IPSec." + +#. Type: string +#. Description +#: ../strongswan.templates:8001 +msgid "File name of your X509 certificate in PEM format:" +msgstr "Emplacement de votre certificat X509 au format PEM :" + +#. Type: string +#. Description +#: ../strongswan.templates:8001 +msgid "" +"Please enter the full location of the file containing your X509 certificate " +"in PEM format." +msgstr "" +"Veuillez indiquer l'emplacement du fichier contenant votre certificat X509 " +"au format PEM." + +#. Type: string +#. Description +#: ../strongswan.templates:9001 +msgid "File name of your X509 private key in PEM format:" +msgstr "Emplacement de votre clé privée X509 au format PEM :" + +#. Type: string +#. Description +#: ../strongswan.templates:9001 +msgid "" +"Please enter the full location of the file containing the private RSA key " +"matching your X509 certificate in PEM format. This can be the same file that " +"contains the X509 certificate." +msgstr "" +"Veuillez indiquer l'emplacement du fichier contenant la clé privée RSA " +"correspondant à votre certificat X509 au format PEM. Cela peut être le " +"fichier qui contient le certificat X509." + +#. Type: string +#. Description +#: ../strongswan.templates:10001 +msgid "The length of the created RSA key (in bits):" +msgstr "Longueur (en bits) de la clé RSA à créer :" + +#. Type: string +#. Description +#: ../strongswan.templates:10001 +msgid "" +"Please enter the length of the created RSA key. It should not be less than " +"1024 bits because this should be considered unsecure and you will probably " +"not need anything more than 2048 bits because it only slows the " +"authentication process down and is not needed at the moment." +msgstr "" +"Veuillez indiquer la longueur de la clé RSA qui sera créée. Elle ne doit pas " +"être inférieure à 1024 bits car cela serait considéré comme insuffisamment " +"sûr. Un choix excédant 2048 bits est probablement inutile car cela ne fait " +"essentiellement que ralentir le processus d'authentification sans avoir " +"d'intérêt actuellement." + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "Do you want to create a self-signed X509 certificate?" +msgstr "Souhaitez-vous créer un certificat X509 autosigné ?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "" +"This installer can only create self-signed X509 certificates automatically, " +"because otherwise a certificate authority is needed to sign the certificate " +"request. If you want to create a self-signed certificate, you can use it " +"immediately to connect to other IPSec hosts that support X509 certificate " +"for authentication of IPSec connections. However, if you want to use the new " +"PKI features of strongSwan >= 1.91, you will need to have all X509 " +"certificates signed by a single certificate authority to create a trust path." +msgstr "" +"Cet outil d'installation ne peut créer automatiquement qu'un certificat X509 " +"autosigné puisqu'une autorité de certification est indispensable pour signer " +"la demande de certificat. Si vous choisissez de créer un certificat " +"autosigné, vous pourrez vous en servir immédiatement pour vous connecter aux " +"hôtes qui authentifient les connexions IPSec avec des certificats X509. " +"Cependant, si vous souhaitez utiliser les nouvelles fonctionnalités PKI de " +"strongSwan >= 1.91, vous aurez besoin que tous les certificats X509 soient " +"signés par la même autorité de certification afin de créer un chemin de " +"confiance." + +#. Type: boolean +#. Description +#: ../strongswan.templates:11001 +msgid "" +"If you do not want to create a self-signed certificate, then this installer " +"will only create the RSA private key and the certificate request and you " +"will have to get the certificate request signed by your certificate " +"authority." +msgstr "" +"Si vous ne voulez pas créer de certificat autosigné, cet outil " +"d'installation ne fera que créer la clé privée RSA et la demande de " +"certificat, que vous devrez ensuite faire signer par votre autorité de " +"certification." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "Country code for the X509 certificate request:" +msgstr "Code du pays :" + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "" +"Please enter the 2 letter country code for your country. This code will be " +"placed in the certificate request." +msgstr "" +"Veuillez indiquer le code à deux lettres de votre pays. Ce code sera inclus " +"dans la demande de certificat." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "" +"You really need to enter a valid country code here, because openssl will " +"refuse to generate certificates without one. An empty field is allowed for " +"any other field of the X.509 certificate, but not for this one." +msgstr "" +"Il est impératif de choisir ici un code de pays valide sinon OpenSSL " +"refusera de générer les certificats. Tous les autres champs d'un certificat " +"X.509 peuvent être vides, sauf celui-ci." + +#. Type: string +#. Description +#: ../strongswan.templates:12001 +msgid "Example: AT" +msgstr "Exemple : FR" + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "State or province name for the X509 certificate request:" +msgstr "État, province ou région :" + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "" +"Please enter the full name of the state or province you live in. This name " +"will be placed in the certificate request." +msgstr "" +"Veuillez indiquer le nom complet de l'état, de la province ou de la région " +"où vous résidez. Ce nom sera inclus dans la demande de certificat." + +#. Type: string +#. Description +#: ../strongswan.templates:13001 +msgid "Example: Upper Austria" +msgstr "" +"Exemples : Rhône-Alpes, Brabant Wallon, Bouches du Rhône, Québec, Canton de " +"Vaud" + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "Locality name for the X509 certificate request:" +msgstr "Localité :" + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "" +"Please enter the locality (e.g. city) where you live. This name will be " +"placed in the certificate request." +msgstr "" +"Veuillez indiquer la localité (p. ex. la ville) où vous résidez. Ce nom sera " +"inclus dans la demande de certificat." + +#. Type: string +#. Description +#: ../strongswan.templates:14001 +msgid "Example: Vienna" +msgstr "Exemple : Saint-Étienne" + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "Organization name for the X509 certificate request:" +msgstr "Organisme :" + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "" +"Please enter the organization (e.g. company) that the X509 certificate " +"should be created for. This name will be placed in the certificate request." +msgstr "" +"Veuillez indiquer l'organisme (p. ex. l'entreprise) pour qui sera créé le " +"certificat X509. Ce nom sera inclus dans la demande de certificat." + +#. Type: string +#. Description +#: ../strongswan.templates:15001 +msgid "Example: Debian" +msgstr "Exemple : Debian" + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "Organizational unit for the X509 certificate request:" +msgstr "Unité d'organisation :" + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "" +"Please enter the organizational unit (e.g. section) that the X509 " +"certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Veuillez indiquer l'unité d'organisation (p. ex. département, division, " +"etc.) pour qui sera créé le certificat X509. Ce nom sera inclus dans la " +"demande de certificat." + +#. Type: string +#. Description +#: ../strongswan.templates:16001 +msgid "Example: security group" +msgstr "Exemple : Département Réseaux et Informatique Scientifique" + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "Common name for the X509 certificate request:" +msgstr "Nom commun :" + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "" +"Please enter the common name (e.g. the host name of this machine) for which " +"the X509 certificate should be created for. This name will be placed in the " +"certificate request." +msgstr "" +"Veuillez indiquer le nom commun (p. ex. le nom réseau de cette machine) pour " +"qui sera créé le certificat X509. Ce nom sera inclus dans la demande de " +"certificat." + +#. Type: string +#. Description +#: ../strongswan.templates:17001 +msgid "Example: gateway.debian.org" +msgstr "Exemple : gateway.debian.org" + +#. Type: string +#. Description +#: ../strongswan.templates:18001 +msgid "Email address for the X509 certificate request:" +msgstr "Adresse électronique :" + +#. Type: string +#. Description +#: ../strongswan.templates:18001 +msgid "" +"Please enter the email address of the person or organization who is " +"responsible for the X509 certificate, This address will be placed in the " +"certificate request." +msgstr "" +"Veuillez indiquer l'adresse électronique de la personne ou de l'organisme " +"responsable du certificat X509. Cette adresse sera incluse dans la demande " +"de certificat." + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "Do you wish to enable opportunistic encryption in strongSwan?" +msgstr "Souhaitez-vous activer le chiffrement opportuniste dans strongSwan ?" + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "" +"strongSwan comes with support for opportunistic encryption (OE), which " +"stores IPSec authentication information (i.e. RSA public keys) in " +"(preferably secure) DNS records. Until this is widely deployed, activating " +"it will cause a significant slow-down for every new, outgoing connection. " +"Since version 2.0, strongSwan upstream comes with OE enabled by default and " +"is thus likely to break your existing connection to the Internet (i.e. your " +"default route) as soon as pluto (the strongSwan keying daemon) is started." +msgstr "" +"StrongSwan gère le chiffrement opportuniste (« opportunistic encryption » : " +"OE) qui permet de conserver les informations d'authentification IPSec (c'est-" +"à-dire les clés publiques RSA) dans des enregistrements DNS, de préférence " +"sécurisés. Tant que cette fonctionnalité ne sera pas déployée largement, son " +"activation provoquera un ralentissement significatif pour toute nouvelle " +"connexion sortante. À partir de la version 2.0, cette fonctionnalité est " +"activée par défaut dans strongSwan, ce qui peut interrompre le " +"fonctionnement de votre connexion à l'Internet (c'est-à-dire votre route par " +"défaut) dès le démarrage de pluto, le démon de gestion de clés de strongSwan." + +#. Type: boolean +#. Description +#: ../strongswan.templates:19001 +msgid "" +"Please choose whether you want to enable support for OE. If unsure, do not " +"enable it." +msgstr "" +"Veuillez choisir si vous souhaitez activer la gestion du chiffrement " +"opportuniste. Ne l'activez pas si vous n'êtes pas certain d'en avoir besoin." --- strongswan-4.2.4.orig/debian/strongswan.config +++ strongswan-4.2.4/debian/strongswan.config @@ -0,0 +1,61 @@ +#!/bin/sh -e + +. /usr/share/debconf/confmodule + +db_input medium strongswan/start_level || true + +# disable for now, until we can deal with the don't-edit-conffiles situation +#db_input high strongswan/ikev1 || true +#db_input high strongswan/ikev2 || true + +db_input medium strongswan/restart || true + +db_input high strongswan/enable-oe || true + +db_input high strongswan/create_rsa_key || true +db_go || true + +db_get strongswan/create_rsa_key +if [ "$RET" = "true" ]; then + db_input high strongswan/rsa_key_type || true + db_go || true + + db_get strongswan/rsa_key_type + if [ "$RET" = "plain" ]; then + # create just a plain RSA keypair + db_input medium strongswan/rsa_key_length || true + db_go || true + else + # extract the RSA keypair from a x509 certificate + db_input high strongswan/existing_x509_certificate || true + db_go || true + + # create a new certificate + db_input medium strongswan/rsa_key_length || true + db_input high strongswan/x509_self_signed || true + # we can't allow the country code to be empty - openssl will + # refuse to create a certificate this way + countrycode="" + while [ -z "$countrycode" ]; do + db_input medium strongswan/x509_country_code || true + db_go || true + db_get strongswan/x509_country_code + countrycode="$RET" + done + db_input medium strongswan/x509_state_name || true + db_input medium strongswan/x509_locality_name || true + db_input medium strongswan/x509_organization_name || true + db_input medium strongswan/x509_organizational_unit || true + db_input medium strongswan/x509_common_name || true + db_input medium strongswan/x509_email_address || true + db_go || true + fi +else + db_get strongswan/existing_x509_certificate + if [ "$RET" = "true" ]; then + # existing certificate - use it + db_input critical strongswan/existing_x509_certificate_filename || true + db_input critical strongswan/existing_x509_key_filename || true + db_go || true + fi +fi --- strongswan-4.2.4.orig/debian/svn-deblayout +++ strongswan-4.2.4/debian/svn-deblayout @@ -0,0 +1,8 @@ +buildArea=/home/rene/amw/src/packages/build-area +origDir=/home/rene/amw/src/packages/tarballs +origUrl=svn+ssh://svn.gibraltar.at/svn/debian-packages/trunk/debian/tarballs +tagsUrl=svn+ssh://svn.gibraltar.at/svn/debian-packages/tags/strongswan +trunkDir=/home/rene/amw/src/packages/strongswan +trunkUrl=svn+ssh://svn.gibraltar.at/svn/debian-packages/trunk/debian/strongswan +upsCurrentUrl=svn+ssh://svn.gibraltar.at/svn/debian-packages/branches/source-dist/debian/strongswan +upsTagUrl=svn+ssh://svn.gibraltar.at/svn/debian-packages/tags/strongswan --- strongswan-4.2.4.orig/debian/README.Debian +++ strongswan-4.2.4/debian/README.Debian @@ -0,0 +1,124 @@ +strongswan for Debian +---------------------- + +1) General Remarks + +This package has been created from the openswan package, which was again +created from the freeswan package, which was created from scratch with some +ideas from the freeswan 1.3 package by Tommi Virtanen and the freeswan 1.5 +package by Aaron Johnson merged in. + +The differences between the strongSwan and the Openswan packages are +documented at http://www.strongswan.org/ . + +2) Kernel Support + +Note: This package can make use of the in-kernel IPSec stack, which is +available in the stock Debian kernel images (>=2.4.24 and 2.6.x). + +If you want to use the strongswan utilities, you will need the appropriate +kernel modules. The Debian default kernel native IPSec stack (which is +included in Linux 2.6 kernels and has been backported to Debian's 2.4 kernels) +can be used out-of-the-box with strongswan pluto, the key management daemon. +This native Linux IPSec stack is of high quality, has all of the features of +the latest Debian freeswan and openswan packages (i.e. support for other +ciphers like AES and NAT Traversal support) and is well integrated into the +kernel networking subsystem (which is not true for the freeswan kernel +modules). This is the recommended kernel support for strongswan. + +If you do not want to use the in-kernel IPSec stack of newer 2.6 kernels or +are building a custom 2.4 kernel, then the KLIPS kernel part can be used. +strongswan no longer ships this part, but is instead focussing on the newer +native IPSec stack. However, strongswan is interoperable with the KLIPS part +shipped with openswan, both for 2.4 and 2.6 series kernels. Please install +either the linux-patch-openswan or the openswan-modules-source packages and +follow their respective README.Debian files when you want to use KLIPS. + +3) Getting Started + +For connecting two Debian boxes using this strongswan package, the +simplest connection block on each side would look something like this: + +On host A, use + +conn to_hostb + left=%defaultroute + right=hostb.example.com + leftcert=hosta.pem + rightcert=hostb.pem + keyexchange=ikev2 + type=transport + auto=add + +On host B, use +conn to_hosta + left=%defaultroute + right=hosta.example.com + leftcert=hostb.pem + rightcert=hosta.pem + keyexchange=ikev2 + type=transport + auto=add + +This assumes that the respective hostnames hosta.example.com and +hostb.example.com can be resolved and that the internal hostnames are hosta +and hostb (and thus installing the strongswan package created the certificates +hosta.pem and hostb.pem, respectively). +Then the certificates (and not the private keys!) need to be exchanged between +the hosts, e.g. with + scp /etc/ipsec.d/certs/hosta.pem hostb.example.com:/etc/ipsec.d/certs/ + scp hostb.example.com:/etc/ipsec.d/certs/hostb.com /etc/ipsec.d/certs/ +from host A. The IPSec transport connection (that is, no subnets behind these +hosts that should be tunneled) can be started from either side using +"ipsec up to_hostb" (e.g. from host A). +Note that this example explicitly uses IKEv2 due to its nicer error messages. + +A more complicated example is to connect a "roadwarrior" (e.g. laptop) +to an internal network wbile it is behind another NAT. On the gateway +side, i.e. for the internal network the roadwarrior should connect to, +the configuration block could look something like this: + +conn roadwwarrior + left=%defaultroute + leftcert=gatewayCert.pem + rightcert=laptopCert.pem + rightrsasigkey=%cert + leftrsasigkey=%cert + auto=add + leftsubnet=10.0.0.0/24 + rightsubnetwithin=0.0.0.0/0 + right=%any + compress=yes + type=tunnel + dpddelay=30 + dpdtimeout=120 + dpdaction=clear + +On the laptop side, you could use something along the lines: + +conn %default + rightrsasigkey=%cert + leftrsasigkey=%cert + authby=rsasig + leftcert=laptopCert.pem + leftsendcert=always + leftsubnet= + dpddelay=30 + dpdtimeout=120 + dpdaction=clear + esp=aes128-sha1 + ike=aes128-sha1-modp2048 + +conn esys + left=%defaultroute + right=gateway.example.com + rightsubnet=10.0.0.0/24 + rightcert=gatewayCert.pem + auto=add + +Then load these new configuration blocks on both sides using "ipsec reload" +and, on the laptop, start the tunnel with "ipsec up mynetwork". +These configuration blocks assume host names "gateway" and "laptop" and an +inner subnet of 10.0.0.0/24. + +-- Rene Mayrhofer , Sun, Jul 09 12:31:00 2006 --- strongswan-4.2.4.orig/debian/strongswan.ipsec.init +++ strongswan-4.2.4/debian/strongswan.ipsec.init @@ -0,0 +1,133 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: vpn +# Required-Start: $network $local_fs +# Required-Stop: $network $local_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Strongswan IPsec services +### END INIT INFO + +# Author: Rene Mayrhofer + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="strongswan IPsec services" +NAME=ipsec +DAEMON=/usr/sbin/$NAME +PIDFILE=/var/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- start \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + # give the proper signal to stop + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- stop \ + || return 2 + # but kill if that didn't work + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +do_reload() { + $DAEMON reload + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + $DAEMON status + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + exit 3 + ;; +esac + +: --- strongswan-4.2.4.orig/debian/strongswan.docs +++ strongswan-4.2.4/debian/strongswan.docs @@ -0,0 +1,2 @@ +README +CREDITS --- strongswan-4.2.4.orig/debian/use-bash1.diff +++ strongswan-4.2.4/debian/use-bash1.diff @@ -0,0 +1,4 @@ +1c1 +< #! /bin/sh +--- +> #!/bin/bash --- strongswan-4.2.4.orig/debian/logcheck.ignore.server +++ strongswan-4.2.4/debian/logcheck.ignore.server @@ -0,0 +1,25 @@ +ipsec_setup: KLIPS debug \`none\' +ipsec_setup: Stopping FreeS/WAN IPsec\.\.\. +ipsec_setup: stop ordered +ipsec_setup: doing cleanup anywan... +ipsec_setup: \.\.\.FreeS/WAN IPsec stopped +ipsec_setup: Starting FreeS/WAN IPsec +ipsec_setup: \.\.\.FreeS/WAN IPsec started +ipsec_plutorun: .*: initiate +pluto.*: deleting state +pluto.*: forgetting secrets +pluto.*: shutting down +pluto.*: \| +pluto.*: .* bytes loaded +pluto.*: including X\.509 patch +pluto.*: Loading my X\.509 certificate +pluto.*: Starting pluto +pluto.*: added connection description +pluto.*: adding interface +pluto.*: listening for IKE messages +pluto.*: loading secrets +pluto.*: .* SA established +pluto.*: .* SA expired +pluto.*: replacing stale .* SA +pluto.*: initiating Quick Mode +pluto.*: regenerating DH private secret --- strongswan-4.2.4.orig/debian/use-bash2.diff +++ strongswan-4.2.4/debian/use-bash2.diff @@ -0,0 +1,4 @@ +1c1 +< #!/bin/sh +--- +> #!/bin/bash --- strongswan-4.2.4.orig/debian/rules +++ strongswan-4.2.4/debian/rules @@ -0,0 +1,166 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +export DH_OPTIONS + +# this is a security-critical package, set all the options we can +export DEB_BUILD_HARDENING=1 + +CONFIGUREARGS := --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ + --libexecdir=/usr/lib \ + --enable-http --enable-ldap \ + --enable-nonblocking --enable-thread \ + --enable-smartcard --enable-cisco-quirks \ + --with-default-pkcs11=/usr/lib/opensc-pkcs11.so \ + --enable-mediation \ + --enable-openssl \ + --disable-aes --disable-des --disable-fips-prf --disable-gmp \ + --disable-md5 --disable-sha1 --disable-sha2 + # Could enable --enable-nat-transport, but this is actually insecure, + # so don't! + # And for --enable-eap-sim we would need the library, which we don't + # have right now. + +DEB_BUILD_ARCH_CPU ?=$(shell dpkg-architecture -qDEB_BUILD_ARCH_CPU) + +# the padlock plugin only makes sense on i386 +# but it actually doesn't do much, so no need to enable it +#ifeq ($(DEB_BUILD_ARCH_CPU),i386) +# CONFIGUREARGS += --enable-padlock +#endif + + +configure: configure-stamp +configure-stamp: patch + dh_testdir + # Add here commands to configure the package. + ./configure $(CONFIGUREARGS) + + touch configure-stamp + +patch: + dh_testdir + dpatch apply-all + +unpatch: + dpatch deapply-all + +build: build-stamp +build-stamp: configure-stamp + $(MAKE) + + touch build-stamp + +clean: unpatch + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + + -$(MAKE) clean + #-$(MAKE) -C programs/fswcert/ clean + # after a make clean, no binaries _should_ be left, but .... + -find $(CURDIR) -name "*.o" | xargs --no-run-if-empty rm + -find $(CURDIR)/lib/libcrypto -name "*.a" | xargs --no-run-if-empty rm + + # Really clean (#356716) + # This is a hack: should be better implemented + rm -f lib/libstrongswan/libstrongswan.a || true + rm -f lib/libstrongswan/liboswlog.a || true + + # just in case something went wrong + rm -f $(CURDIR)/debian/ipsec.secrets + + # and make sure that template are up-to-date + debconf-updatepo + + dh_clean + +install-strongswan: DH_OPTIONS=-a +install-strongswan: build-stamp + dh_testdir + dh_testroot + dh_installdirs + + # Add here commands to install the package into debian/tmp. + $(MAKE) install DESTDIR=$(CURDIR)/debian/strongswan + install --mode=0600 $(CURDIR)/debian/ipsec.secrets.proto $(CURDIR)/debian/strongswan/etc/ipsec.secrets + # also "patch" ipsec.conf to include the debconf-managed file + echo >> $(CURDIR)/debian/strongswan/etc/ipsec.conf + echo "include /var/lib/strongswan/ipsec.conf.inc" >> $(CURDIR)/debian/strongswan/etc/ipsec.conf + # and to enable both IKEv1 and IKEv2 by default + sed -r 's/^[ \t]+# *plutostart=(yes|no) */\tplutostart=yes/;s/^[ \t]+# *charonstart=(yes|no) */\tcharonstart=yes/' < $(CURDIR)/debian/strongswan/etc/ipsec.conf > $(CURDIR)/debian/strongswan/etc/ipsec.conf.tmp + mv $(CURDIR)/debian/strongswan/etc/ipsec.conf.tmp $(CURDIR)/debian/strongswan/etc/ipsec.conf + + # this is handled by update-rc.d + rm -rf $(CURDIR)/debian/strongswan/etc/rc?.d + + dh_installdocs -pstrongswan -n + # change the paths in the installed doc files (but only in regular + # files, not in links to the outside of the build tree !) + # TODO: check if we still need this + ( cd $(CURDIR)/debian/strongswan/; \ + for f in `grep "/usr/local/" --recursive --files-with-match *`; \ + do \ + if [ -f $$f -a ! -L $$f ]; then \ + cp $$f $$f.old; \ + sed 's/\/usr\/local\//\/usr\//' $$f.old > $$f; \ + rm $$f.old; \ + fi; \ + done ) + + # the logcheck ignore files + install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.paranoid $(CURDIR)/debian/strongswan/etc/logcheck/ignore.d.paranoid/strongswan + install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.server $(CURDIR)/debian/strongswan/etc/logcheck/ignore.d.server/strongswan + install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.server $(CURDIR)/debian/strongswan/etc/logcheck/ignore.d.workstation/strongswan + install -D --mode=0600 $(CURDIR)/debian/logcheck.violations.ignore $(CURDIR)/debian/strongswan/etc/logcheck/violations.ignore.d/strongswan + + # set permissions on ipsec.secrets + chmod 600 $(CURDIR)/debian/strongswan/etc/ipsec.secrets + #chmod 644 $(CURDIR)/debian/strongswan/etc/ipsec.conf + chmod 700 -R $(CURDIR)/debian/strongswan/etc/ipsec.d/private/ + # don't know why they come with +x set by default... + #chmod 644 $(CURDIR)/debian/strongswan/etc/ipsec.d/policies/* + #chmod 644 $(CURDIR)/debian/strongswan/etc/ipsec.d/examples/* + + # more lintian cleanups + find $(CURDIR)/debian/strongswan -name ".cvsignore" | xargs --no-run-if-empty rm -f + find $(CURDIR)/debian/strongswan -name "/.svn/" | xargs --no-run-if-empty rm -rf + + # and lintian overrides + install --mode=0644 $(CURDIR)/debian/strongswan.lintian-overrides $(CURDIR)/debian/strongswan/usr/share/lintian/overrides/strongswan + +binary-common: + dh_testdir + dh_testroot + dh_installinit --name=ipsec + dh_installdebconf + dh_installchangelogs NEWS + dh_link + dh_strip + dh_compress + dh_fixperms -X etc/ipsec.secrets -X etc/ipsec.d + dh_makeshlibs + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +# Build architecture-independent files here. +binary-indep: + $(MAKE) -f debian/rules binary-common DH_OPTIONS=-i + +# Build architecture-dependent files here. +binary-arch: install-strongswan + $(MAKE) -f debian/rules binary-common DH_OPTIONS=-a + +# Any other binary targets build just one binary package at a time. +binary-%: build-stamp install-strongswan + make -f debian/rules binary-common DH_OPTIONS=-p$* + +binary: binary-indep binary-arch +.PHONY: clean binary-indep binary-arch --- strongswan-4.2.4.orig/debian/changelog +++ strongswan-4.2.4/debian/changelog @@ -0,0 +1,325 @@ +strongswan (4.2.4-5ubuntu1) intrepid; urgency=low + + * Merge from Debian unstable + * Remaining Ubuntu changes: + - strongswan-glibc28-buildfix.dpatch: Fixes FTBFS due to glibc28 changes. + * Includes a fix for CVE-2008-4551 + (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4551) + + -- Steve Kowalik Mon, 27 Oct 2008 10:54:18 +1100 + +strongswan (4.2.4-5) unstable; urgency=high + + Reason for urgency high: this is potentially security relevant. + * Patch backported from 4.2.7 to fix a potential DoS issue. + Thanks to Thomas Kallenberg for the patch. + + -- Rene Mayrhofer Mon, 29 Sep 2008 10:35:30 +0200 + +strongswan (4.2.4-4) unstable; urgency=low + + * Tweaked configure options for lenny to remove somewhat experimental, + incomplete, or unnecessary features. Removed --enable-xml, + --enable-padlock, and --enable-manager and added --disable-aes, + --disable-des, --disable-fips-prf, --disable-gmp, --disable-md5, + --disable-sha1, and --disable-sha2 because openssl already + contains this code, we depend on it and thus don't need it twice. + Padlock support does not do much, because the bulk encryption uses + it anyway (being done internally in the kernel) and using padlock + for IKEv2 key agreement adds complexity for little gain. + Thanks to Thomas Kallenberg of strongswan upstream team for + suggesting these changes. The package is now noticable smaller. + * Also remove dbus dependency, which is no longer necessary. + + -- Rene Mayrhofer Mon, 01 Sep 2008 08:59:10 +0200 + +strongswan (4.2.4-3) unstable; urgency=low + + * Changed configure option to build peer-to-peer service again. + Closes: #494678: strongswan: configure option --enable-p2p changed to + --enable-mediation + + -- Rene Mayrhofer Tue, 12 Aug 2008 20:08:26 +0200 + +strongswan (4.2.4-2ubuntu1) intrepid; urgency=low + + * debian/patches/strongswan-glibc28-buildfix.dpatch: + - Fixes FTBFS due to glibc28 changes. + + -- Albin Tonnerre Mon, 11 Aug 2008 12:35:01 +0200 + +strongswan (4.2.4-2) unstable; urgency=medium + + Urgency medium because this fixes an FTFBS bug on non-i386. + * Only compile padlock crypto acceleration support for i386. Thanks for + the patch! + Closes: #492455: strongswan: FTBFS: Uses i386 assembler on non-i386 + arches. + * Updated Swedish debconf translation. + Closes: #492902: [INTL:sv] po-debconf file for strongswan + + -- Rene Mayrhofer Thu, 07 Aug 2008 13:02:54 +0200 + +strongswan (4.2.4-1) unstable; urgency=medium + + Urgency medium because this new upstream versions no longer uses + dbus and thus fixed the grave bug from the last Debian package. This + version should transit to testing. + * New upstream release. Starting with version 4.2.0, crypto algorithms have + beeen modularized with existing code ported over. Among other improvments, + this version now supports AES-CCM (e.g. with esp=aes128ccm12) and AES-GCM + (e.g. with esp=aes256gcm16) starting with kernel 2.6.25 and enables dead + peer detection by default. + Note that charon (IKEv2) now uses the new /etc/strongswan.conf. + * Enabled building of VIA Padlock and openssl crypto plugins. + * Drop patch to rename AES_cbc_encrypt so as not to conflict with an + openssl method of the same name. This has been applied upstream. + * This new upstream version no longer uses dbus. + Closes: #475098: charon needs dbus but strongswan does not depend on dbus + Closes: #475099: charon does not work any more + * This new upstream version no longer prints error messages in its + init script. + Closes: #465718: strongswan: startup on booting returns error messages + * Apply patch to ipsec init script to fix bashism. + Closes: #473703: strongswan: bashism in /bin/sh script + * Updated Czech debconf translation. + Closes: #480928: [l10n] Updated Czech translation of strongswan debconf + messages + + -- Rene Mayrhofer Thu, 10 Jul 2008 14:40:43 +0200 + +strongswan (4.1.11-1ubuntu1) intrepid; urgency=low + + * debian/patches/strongswan-glibc28-buildfix.dpatch: + - Fixes FTBFS due to glibc28 changes. + + -- Chuck Short Mon, 23 Jun 2008 17:32:48 +0000 + +strongswan (4.1.11-1) unstable; urgency=low + + * New upstream release. + * DBUS support now interacts with network-manager, so need to build-depend + on network-manager-dev. + * The web interface has been improved and now requires libfcgi-dev and + clearsilver-dev to compile, so build-depend on them. Also build-depend + on libxml2-dev, libdbus-1-dev, libtool, and libsqlite3-dev (which were + all build-deps before but were not listed explicitly so far - fix that). + * Add patch to rename internal AES_cbc_encrypt function and thus avoid + conflict with the openssl function. + Closes: #470721: pluto segfaults when using pkcs11 library linked with + OpenSSL + + -- Rene Mayrhofer Sun, 30 Mar 2008 10:35:16 +0200 + +strongswan (4.1.10-2) unstable; urgency=low + + * Enable new configure options: dbus, xml, nonblocking, thread, peer- + to-peer NAT-traversal and the manager interface support. + * Also set the default path to the opensc-pkcs11 engine explicitly. + + -- Rene Mayrhofer Fri, 15 Feb 2008 10:25:49 +0100 + +strongswan (4.1.10-1) unstable; urgency=low + + * New upstream release. + Closes: #455711: New upstream version 4.1.9 + * Updated Japanese debconf translation. + Closes: #463321: strongswan: [INTL:ja] Update po-debconf template + translation (ja.po) + + -- Rene Mayrhofer Thu, 07 Feb 2008 15:15:14 +0100 + +strongswan (4.1.8-3) unstable; urgency=low + + * Force use of hardening-wrapper when building the package by setting + a Build-Dep to it and setting export DEB_BUILD_HARDENING=1 in + debian/rules. + + -- Rene Mayrhofer Thu, 07 Feb 2008 14:14:48 +0100 + +strongswan (4.1.8-2) unstable; urgency=medium + + * Ship our own init script, since upstream no longer does. This is still + installed as /etc/init.d/ipsec (and not /etc/init.d/strongswan) to be + backwards compatible. + Really closes: #442880: strongswan: postinst failure (missing + /etc/init.d/ipsec) + * Actually, need to be smarter with ipsec.conf and ipsec.secrets. Not + marking them as conffiles isn't the right thing either. Instead, now + use the includes feature to pull in config snippets that are + modified by debconf. It's not perfect, though, as the IKEv1/IKEv2 + protocols can't be enabled/disabled with includes. Therefore don't + support this option in debconf for the time being, but default to + enabled for both IKE versions. The files edited with debconf are kept + under /var/lib/strongswan. + * Cleanup debian/rules: no longer need to remove leftover files from + patching, as currently there are no Debian-specific patches (fortunately). + * More cleanup: drop debconf translations hack for woody compatibility, + depend on build-stamp instead of build in the install-strongswan target, + and remove the now unnecessary dh_clean -k call in install-strongswan so + that configure shouldn't run twice during building the package. + * Update French debconf translation. + Closes: #448327: strongswan: [INTL:fr] French debconf templates + translation update + + -- Rene Mayrhofer Fri, 02 Nov 2007 21:55:29 +0100 + +strongswan (4.1.8-1) unstable; urgency=low + + The "I'm back from my long semi-vacation, and strongswan is now bug-free + again" release. + * New upstream release. + Closes: #442880: strongswan: postinst failure (missing /etc/init.d/ipsec) + Closes: #431874: strongswan - FTBFS: cannot create regular file + `/etc/ipsec.conf': Permission denied + * Explicitly use debhalper compatbility version 5m now using debian/compat + instead of DH_COMPAT. + * Since there's no configurability in dh_installdeb's mania to flag + everything below /etc as a conffile, now hack DEBIAN/conffiles directly + to remove ipsec.conf and ipsec.secrets. + Closes: #442929: strongswan: Maintainer script modifies conffiles + * Add/update debconf translations. + Closes: #432189: strongswan: [INTL:de] updated German debconf translation + Closes: #432212: [l10n] Updated Czech translation of strongswan debconf + messages + Closes: #432642: strongswan: [INTL:fr] French debconf templates + translation update + Closes: #444710: strongswan: [INTL:pt] Updated Portuguese translation for + debconf messages + + -- Rene Mayrhofer Fri, 26 Oct 2007 16:16:51 +0200 + +strongswan (4.1.4-1) unstable; urgency=low + + * New upstream release. + * Fixed debconf descriptions. + Closes: #431157: strongswan: Minor errors in Debconf template + * Include Portugese and + Closes: #415178: strongswan: [INTL:pt] Portuguese translation for debconf + messages + Closes: #431154: strongswan: [INTL:de] initial German debconf translation + + -- Rene Mayrhofer Thu, 05 Jul 2007 00:53:01 +0100 + +strongswan (4.1.3-1) unreleased; urgency=low + + * New upstream release. + + -- Rene Mayrhofer Sun, 03 Jun 2007 18:39:11 +0100 + +strongswan (4.1.1-1) unreleased; urgency=low + + Major new upstream release: + * IKEv2 support with the new "charon" daemon in addition to the old "pluto" + which is still used for IKEv1. + * Switches to auto* tools build system. + * The postinst script is still not quite as complete in updating the 2.8.x + config automatically to a new 4.x config, but I don't want to wait any + longer with the upload. It can be improved later on. + + -- Rene Mayrhofer Thu, 12 Apr 2007 21:33:56 +0100 + +strongswan (2.8.3-1) unstable; urgency=low + + * New upstream release with fixes for the SHA-512-HMAC function and + added SHA-384 and SHA-2 implementations. + + -- Rene Mayrhofer Thu, 22 Feb 2007 20:19:45 +0000 + +strongswan (2.8.2-1) unstable; urgency=low + + * New upstream release with interoperability fixes for some VPN + clients. + + -- Rene Mayrhofer Tue, 30 Jan 2007 12:21:20 +0000 + +strongswan (2.8.1+dfsg-1) unstable; urgency=low + + * New upstream release, now with XAUTH support. + * Explicitly enable smartcard and vendorid options as well as a + few more in debian/rules. + Closes: #407449: strongswan: smartcard support is disabled + + -- Rene Mayrhofer Sun, 28 Jan 2007 21:06:25 +0000 + +strongswan (2.8.1-1) UNRELEASED; urgency=low + + * New upstream release. + + -- Rene Mayrhofer Sun, 28 Jan 2007 20:59:11 +0000 + +strongswan (2.8.0+dfsg-1) unstable; urgency=low + + * New upstream release. + * Update debconf templates. + Closes: #388672: strongswan: [INTL:fr] French debconf templates + translation update + Closes: #389253: [l10n] Updated Czech translation of strongswan + debconf messages + Closes: #391457: [INTL:nl] Updated dutch po-debconf translation + Closes: #396179: strongswan: [INTL:ja] Updated Japanese po-debconf + template translation (ja.po) + * Fix broken reference to a now non-existing config file. no_oe.conf + has been replaced by oe.conf, with the opposite meaning. Changed + postinst to deal with it correctly now, and also try to convert + older config file lines to newer (e.g. when updating from openswan + to strongswan). + Closes: #391565: fails to start : /etc/ipsec.conf:46: include + files found no matches + [/etc/ipsec.d/examples/no_oe.conf] + + -- Rene Mayrhofer Mon, 6 Nov 2006 19:01:58 +0000 + +strongswan (2.7.3+dfsg-1) unstable; urgency=low + + * New upstream release. Another try on getting it into unstable. + Closes: #372267: ITP: strongswan -- second fork of freeswan. + * Call debian-updatepo in the clean target, in line with the openswan + change for its version 2.4.6+dfsg-1. + * Remove man2html, htmldoc, and lynx from the Build-Deps because we no + longer rebuild the documentation tree. + * Starting shipping a lintian overrides file to finally silence the + warnings about non-standard-(file|dir)-perms (they are intentional). + * Clean up /usr/lib/ipsec somehow, again owing to lintian warnings. + * Add po-debconf to build dependencies. + + -- Rene Mayrhofer Wed, 23 Aug 2006 21:23:36 +0100 + +strongswan (2.7.2+dfsg-1) unstable; urgency=low + + * First upload to the main Debian archive. This does no longer build + the linux-patch-strongswan and strongswan-modules-source packages, + as KLIPS will be removed from the strongswan upstream source anyway + for the next major release. However, the openswan KLIPS could should + be interoperable with strongswan user space. + Closes: #372267: ITP: strongswan -- second fork of freeswan. + * This upload removes the draft RFCs, as they are not considered free under + the DFSG. + + -- Rene Mayrhofer Sun, 9 Jul 2006 12:40:34 +0100 + +strongswan (2.7.2-1) unstable; urgency=low + + * New upstream release. This release fixes a potential DoS problem. + + -- Rene Mayrhofer Mon, 26 Jun 2006 12:34:43 +0100 + +strongswan (2.7.0-1) unstable; urgency=low + + * Initial Debian packaging of strongswan. This is directly based on my + Debian package of openswan 2.4.5-3. + * Do not compile and ship fswcert right now, because it is not included + in strongswan upstream. If it turns out to be necessary for supporting + easy-to-use OE in the future (i.e. for generating the DNS format for the + public keys from generated X.509 certificates), I will re-add it to the + Debian package. + * Also disabled my patches to use /etc/default instead of /etc/sysconfig for + now. Something like that will be necessary in the future, but those parts + of strongswan differ significanty from openswan. + + -- Rene Mayrhofer Mon, 22 May 2006 07:37:00 +0100 + +Local variables: +mode: debian-changelog +End: + --- strongswan-4.2.4.orig/debian/strongswan.postrm +++ strongswan-4.2.4/debian/strongswan.postrm @@ -0,0 +1,38 @@ +#! /bin/sh +# postrm script for strongswan +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' overwrit>r> +# for details, see /usr/share/doc/packaging-manual/ + +case "$1" in + purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + + # update the menu system +# if [ -x /usr/bin/update-menus ]; then update-menus; fi + + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 0 + +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + + --- strongswan-4.2.4.orig/debian/copyright +++ strongswan-4.2.4/debian/copyright @@ -0,0 +1,418 @@ +This package was debianized by Rene Mayrhofer on +Thu, 10 Aug 2000 10:50:33 +0200. + +The Debian package was created from scratch with some hints taken from +previous freeswan packages by Tommi Virtanen and Aaron Johnson. +The upstream software was downloaded from http://www.freeswan.org/ + +After the FreeS/WAN folks decided to cease development, we used the forked +code base at http://www.strongswan.org/. + +This project has multiple authors, please see the file CREDITS for details. +However, all of the code is DFSG-free and, since 2002-09-16, +the LICENSE file in the upstream distribution includes a special GPL addition +to allow linking with libdes (which contains an advertising clause). +This LICENSE file was added to the Debian package of freeswan version 1.98b +by me, but has been authorized by Michael Richardson of freeswan upstream +(who sent the file to a mailing list). + +The contents of this LICENSE file are: +------------------------------------------------------------------------------ +Except for the DES library, this software is under the GNU Public License, +see the file COPYING. + +The DES library is under a BSD style license, see + linux/crypto/ciphers/des/COPYRIGHT. +Note that this software has a advertising clause in it. + +In addition to the terms set out under the GPL, permission is granted to +link the software against the libdes library just mentioned. +------------------------------------------------------------------------------ +A copy of this COPYRIGHT file can be found below, starting with the copyright +by Eric Young. + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. + +Rene Mayrhofer, 2006-08-25 + + + +These are various licenses from the code: + +--8<-- + * Copyright (C) 1996, 1997 John Ioannidis. + * Copyright (C) 1998, 1999 Richard Guy Briggs. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. +--8<-- + +The source tarball also includes several miscellanous libraries. + + + +An MD5 implementation: + +--8<-- +The MD5 implementation is from RSADSI, so this package must include the +following phrase: "derived from the RSA Data Security, Inc. MD5 +Message-Digest Algorithm". It is not under the GPL; see details in +klips/net/ipsec/ipsec_md5c.c. +--8<-- + +--8<-- +/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm + */ + +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All +rights reserved. + +License to copy and use this software is granted provided that it +is identified as the "RSA Data Security, Inc. MD5 Message-Digest +Algorithm" in all material mentioning or referencing this software +or this function. + +License is also granted to make and use derivative works provided +that such works are identified as "derived from the RSA Data +Security, Inc. MD5 Message-Digest Algorithm" in all material +mentioning or referencing the derived work. + +RSA Data Security, Inc. makes no representations concerning either +the merchantability of this software or the suitability of this +software for any particular purpose. It is provided "as is" +without express or implied warranty of any kind. + +These notices must be retained in any copies of any part of this +documentation and/or software. + */ +--8<-- + + + +An implementation of DES: + +--8<-- +The LIBDES library by Eric Young is used. It is not under the GPL -- see +details in libdes/COPYRIGHT -- although he has graciously waived the +advertising clause for FreeS/WAN use of LIBDES. +--8<-- + +--8<-- +Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +All rights reserved. + +This package is an DES implementation written by Eric Young (eay@cryptsoft.com). +The implementation was written so as to conform with MIT's libdes. + +This library is free for commercial and non-commercial use as long as +the following conditions are aheared to. The following conditions +apply to all code found in this distribution. + +Copyright remains Eric Young's, and as such any Copyright notices in +the code are not to be removed. +If this package is used in a product, Eric Young should be given attribution +as the author of that the SSL library. This can be in the form of a textual +message at program startup or in documentation (online or textual) provided +with the package. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by Eric Young (eay@cryptsoft.com) + +THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +The license and distribution terms for any publically available version or +derivative of this code cannot be changed. i.e. this code cannot simply be +copied and put under another distrubution license +[including the GNU Public License.] + +The reason behind this being stated in this direct manner is past +experience in code simply being copied and the attribution removed +from it and then being distributed as part of other packages. This +implementation was a non-trivial and unpaid effort. +--8<-- + +--8<-- +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +--8<-- + +An implementation of SHA-1: + +--8<-- +The SHA-1 code is derived from Steve Reid's; it is public domain. +--8<-- + +--8<-- +/* + * The rest of the code is derived from sha1.c by Steve Reid, which is + * public domain. + * Minor cosmetic changes to accommodate it in the Linux kernel by ji. + */ +--8<-- + + + +Portions of Linux kernel source code: + +--8<-- +Some bits of Linux code, notably drivers/net/new_tunnel.c and net/ipv4/ipip.c, +are used in heavily modified forms. +--8<-- + +The Linux kernel is licensed under the Gnu General Public License. + + + +Radix-tree library: + +--8<-- +The radix-tree code from 4.4BSD is used in a modified form. It is not +under the GPL; see details in klips/net/ipsec/radij.c. +--8<-- + +--8<-- +/* + * Copyright (c) 1988, 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)radix.c 8.2 (Berkeley) 1/4/94 + */ +--8<-- + + +The license from the OpenSSL code that is included in the extension algorithm +patch (the kernel-patch-freeswan-ext package): + +--8<-- + The OpenSSL toolkit stays under a dual license, i.e. both the conditions of + the OpenSSL License and the original SSLeay license apply to the toolkit. + See below for the actual license texts. Actually both licenses are BSD-style + Open Source licenses. In case of any license issues related to OpenSSL + please contact openssl-core@openssl.org. + + OpenSSL License + --------------- + +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + Original SSLeay License + ----------------------- + +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +--8<-- --- strongswan-4.2.4.orig/debian/strongswan.postinst +++ strongswan-4.2.4/debian/strongswan.postinst @@ -0,0 +1,343 @@ +#! /bin/bash +# postinst script for strongswan +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see /usr/share/doc/packaging-manual/ +# +# quoting from the policy: +# Any necessary prompting should almost always be confined to the +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see /usr/share/doc/packaging-manual/ +# +# quoting from the policy: +# Any necessary prompting should almost always be confined to the +# post-installation script, and should be protected with a conditional +# so that unnecessary prompting doesn't happen if a package's +# installation fails and the `postinst' is called with `abort-upgrade', +# `abort-remove' or `abort-deconfigure'. + +CONF_FILE=/var/lib/strongswan/ipsec.conf.inc +SECRETS_FILE=/var/lib/strongswan/ipsec.secrets.inc + +insert_private_key() { + cat <> $SECRETS_FILE +: RSA { +$1 + } +EOF +} + +insert_private_key_filename() { + if [ ! -e $SECRETS_FILE ] || ! grep -q ": RSA $1" $SECRETS_FILE; then + echo ": RSA $1" >> $SECRETS_FILE + fi +} + +IPSEC_SECRETS_PATTERN_1=': RSA {' +IPSEC_SECRETS_PATTERN_2=' # yyy' +IPSEC_SECRETS_PATTERN_3=' }' +IPSEC_SECRETS_PATTERN_4='# do not change the indenting of that "}"' + +# remove old, misguided attempts at a default ipsec.secrets files +repair_legacy_secrets() { + if [ -e $SECRETS_FILE ] && grep -A 2 "$IPSEC_SECRETS_PATTERN_1" $SECRETS_FILE | + tail --lines=2 | + grep -A 1 "$IPSEC_SECRETS_PATTERN_2" | + tail --lines=1 | + grep "$IPSEC_SECRETS_PATTERN_3" >/dev/null; then + echo "Old default config file detected, removing the old defaults now." + umask 077 ; ( + # this is ugly, and someone maybe can formulate this in sed, but + # this was the quickest way for me + line=`grep -n "$IPSEC_SECRETS_PATTERN_2" $SECRETS_FILE | cut -d':' -f1` + until=`expr $line - 1` + head -n $until $SECRETS_FILE + sum=`wc -l $SECRETS_FILE | cut -d ' ' -f1` + from=`expr $sum - $line -1` + tail -n $from $SECRETS_FILE + ) > $SECRETS_FILE.tmp + mv $SECRETS_FILE.tmp $SECRETS_FILE + grep -v "$IPSEC_SECRETS_PATTERN_4" $SECRETS_FILE > $SECRETS_FILE.tmp + mv $SECRETS_FILE.tmp $SECRETS_FILE + fi +} + +make_x509_cert() { + if [ $# -ne 12 ]; then + echo "Error in creating X.509 certificate" + exit 1 + fi + + case $5 in + false) + certreq=$4.req + selfsigned="" + ;; + true) + certreq=$4 + selfsigned="-x509" + ;; + *) + echo "Error in creating X.509 certificate" + exit 1 + ;; + esac + + echo -e "$6\n$7\n$8\n$9\n${10}\n${11}\n${12}\n\n\n" | \ + /usr/bin/openssl req -new -outform PEM -out $certreq \ + -newkey rsa:$1 -nodes -keyout $3 -keyform PEM \ + -days $2 $selfsigned >/dev/null +} + +enable_daemon_start() { + daemon=$1 + protocol=$2 + + echo -n "Enabling ${protocol} support by pluto ... " + if [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=yes\w*$" $CONF_FILE; then + echo "already enabled" + elif [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE; then + sed "s/${daemon}start=no/${daemon}start=yes/" < $CONF_FILE > $CONF_FILE.tmp + cp $CONF_FILE.tmp $CONF_FILE + rm $CONF_FILE.tmp + echo "done" + elif [ -e $CONF_FILE ] && egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" $CONF_FILE; then + sed "s/^\w+#\w*${daemon}start=(yes|no)\w*$/\t${daemon}start=yes/" < $CONF_FILE > $CONF_FILE.tmp + cp $CONF_FILE.tmp $CONF_FILE + rm $CONF_FILE.tmp + echo "done" + elif [ ! -e $CONF_FILE ]; then + echo -e "\t${daemon}start=yes" > $CONF_FILE + else + echo "ERROR: unknown or nonexistant ${daemon}start= directive, please fix manually!" + fi +} + +disable_daemon_start() { + daemon=$1 + protocol=$2 + + echo -n "Disabling ${protocol} support by pluto ... " + if [ -e $CONF_FILE ] && ( egrep -q "^\w+${daemon}start=no\w*$" $CONF_FILE || + egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" $CONF_FILE ); then + echo "already disabled" + elif [ -e $CONF_FILE ] && egrep -q "^\w+${daemon}start=yes\w*$" $CONF_FILE; then + sed "s/${daemon}start=yes/${daemon}start=no/" < $CONF_FILE > $CONF_FILE.tmp + cp $CONF_FILE.tmp $CONF_FILE + rm $CONF_FILE.tmp + echo "done" + elif [ ! -e $CONF_FILE ]; then + echo -e "\t${daemon}start=yes" > $CONF_FILE + else + echo "ERROR: unknown or nonexistant ${daemon}start= directive, please fix manually!" + fi +} + +. /usr/share/debconf/confmodule + +case "$1" in + configure) + db_get strongswan/create_rsa_key + if [ "$RET" = "true" ]; then + repair_legacy_secrets + # OK, ipsec.secrets should now be correct + db_get strongswan/rsa_key_type + if [ "$RET" = "plain" ]; then + # a RSA keypair should be created - check if there is one already + if [ -e /etc/ipsec.secrets ] && egrep -q ": RSA[:space:]*" /etc/ipsec.secrets; then + echo "Warning: there is already a RSA key in /etc/ipsec.secrets." + echo "Creating an additional one." + fi + if [ -e $SECRETS_FILE ] && egrep -q ": RSA[:space:]*" $SECRETS_FILE; then + echo "Warning: there is already a RSA key in $SECRETS_FILE." + echo "Creating an additional one." + fi + # create a plain strongswan keypair + db_get strongswan/rsa_key_length + umask 077 + keylength=$RET + privkey=`mktemp /tmp/ipsec-postinst.XXXXXX` + /usr/lib/ipsec/rsasigkey $keylength > $privkey + insert_private_key "`cat $privkey`" + rm $privkey + echo "Successfully created a plain strongSwan RSA keypair." + else + # extract the key from a (newly created) x509 certificate + host=`hostname` + newkeyfile="/etc/ipsec.d/private/${host}Key.pem" + newcertfile="/etc/ipsec.d/certs/${host}Cert.pem" + if [ -e $newcertfile -o -e $newkeyfile ]; then + echo "Error: $newcertfile or $newkeyfile already exists." + echo "Please remove them first an re-run dpkg-reconfigure to create a new keypair." + else + # create a new certificate + db_get strongswan/rsa_key_length + keylength=$RET + db_get strongswan/x509_self_signed + selfsigned=$RET + db_get strongswan/x509_country_code + countrycode=$RET + if [ -z "$countrycode" ]; then countrycode="."; fi + db_get strongswan/x509_state_name + statename=$RET + if [ -z "$statename" ]; then statename="."; fi + db_get strongswan/x509_locality_name + localityname=$RET + if [ -z "$localityname" ]; then localityname="."; fi + db_get strongswan/x509_organization_name + orgname=$RET + if [ -z "$orgname" ]; then orgname="."; fi + db_get strongswan/x509_organizational_unit + orgunit=$RET + if [ -z "$orgunit" ]; then orgunit="."; fi + db_get strongswan/x509_common_name + commonname=$RET + if [ -z "$commonname" ]; then commonname="."; fi + db_get strongswan/x509_email_address + email=$RET + if [ -z "$email" ]; then email="."; fi + make_x509_cert $keylength 1500 "$newkeyfile" "$newcertfile" "$selfsigned" "$countrycode" "$statename" "$localityname" "$orgname" "$orgunit" "$commonname" "$email" + chmod 0600 "$newkeyfile" + umask 077 + insert_private_key_filename "$newkeyfile" + echo "Successfully created x509 certificate." + fi + fi + else + db_get strongswan/existing_x509_certificate + if [ "$RET" = "true" ]; then + if [ -e $newcertfile -o -e $newkeyfile ]; then + echo "Error: $newcertfile or $newkeyfile already exists." + echo "Please remove them first an re-run dpkg-reconfigure to create a new keypair." + else + # existing certificate - use it + db_get strongswan/existing_x509_certificate_filename + certfile=$RET + db_get strongswan/existing_x509_key_filename + keyfile=$RET + if [ ! -r $certfile ] || [ ! -r $keyfile ]; then + echo "Either the certificate or the key file could not be read !" + else + cp "$certfile" /etc/ipsec.d/certs + umask 077 + cp "$keyfile" "/etc/ipsec.d/private" + newkeyfile="/etc/ipsec.d/private/`basename $keyfile`" + chmod 0600 "$newkeyfile" + insert_private_key_filename "$newkeyfile" + echo "Successfully extracted RSA key from existing x509 certificate." + fi + fi + fi + fi + + # figure out the correct start time + db_get strongswan/start_level + if [ "$RET" = "earliest" ]; then + LEVELS="start 41 S . stop 34 0 6 ." + elif [ "$RET" = "after NFS" ]; then + LEVELS="start 15 2 3 4 5 . stop 30 0 1 6 ." + else + LEVELS="start 21 2 3 4 5 . stop 19 0 1 6 ." + fi + update-rc.d ipsec $LEVELS > /dev/null + + db_get strongswan/enable-oe + if [ "$RET" != "true" ]; then + echo -n "Disabling opportunistic encryption (OE) in config file ... " + if [ -e $CONF_FILE ] && egrep -q "include /etc/ipsec.d/examples/no_oe.conf$" $CONF_FILE; then + # also update to new-style config + sed 's/.*include \/etc\/ipsec.d\/examples\/no_oe.conf/#include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp + mv $CONF_FILE.tmp $CONF_FILE + echo -n "converted old config line to new format" + fi + if [ -e $CONF_FILE ] && egrep -q "^include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then + sed 's/include \/etc\/ipsec.d\/examples\/oe.conf/#include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp + mv $CONF_FILE.tmp $CONF_FILE + echo "done" + elif [ ! -e $CONF_FILE ]; then + echo "#include /etc/ipsec.d/examples/oe.conf" > $CONF_FILE + else + echo "already disabled" + fi + else + echo -n "Enabling opportunistic encryption (OE) in config file ... " + if [ -e $CONF_FILE ] && egrep -q "include /etc/ipsec.d/examples/no_oe.conf$" $CONF_FILE; then + # also update to new-style config + sed 's/.*include \/etc\/ipsec.d\/examples\/no_oe.conf/include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp + mv $CONF_FILE.tmp $CONF_FILE + echo -n "converted old config line to new format" + fi + if [ -e $CONF_FILE ] && egrep -q "^include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then + echo "already enabled" + elif [ -e $CONF_FILE ] && egrep -q "^#.*include /etc/ipsec.d/examples/oe.conf$" $CONF_FILE; then + sed 's/#.*include \/etc\/ipsec.d\/examples\/oe.conf/include \/etc\/ipsec.d\/examples\/oe.conf/' < $CONF_FILE > $CONF_FILE.tmp + mv $CONF_FILE.tmp $CONF_FILE + echo "done" + elif [ ! -e $CONF_FILE ]; then + echo "include /etc/ipsec.d/examples/oe.conf" > $CONF_FILE + else + cat <> $CONF_FILE +#Enable Opportunistic Encryption +include /etc/ipsec.d/examples/oe.conf +EOF + echo "done" + fi + fi + + # disabled for now, until we can solve the don't-edit-conffiles issue + #db_get strongswan/ikev1 + #if [ "$RET" != "true" ]; then + # enable_daemon_start "pluto" "IKEv1" + #else + # disable_daemon_start "pluto" "IKEv1" + #fi + #db_get strongswan/ikev2 + #if [ "$RET" != "true" ]; then + # enable_daemon_start "charon" "IKEv2" + #else + # disable_daemon_start "charon" "IKEv2" + #fi + + if [ -z "$2" ]; then + # no old configured version - start strongswan now + invoke-rc.d ipsec start || true + else + # does the user wish strongswan to restart? + db_get strongswan/restart + if [ "$RET" = "true" ]; then + invoke-rc.d ipsec restart || true # sure, we'll restart it for you + fi + fi + + db_stop + + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + ;; + + *) + echo "postinst called with unknown argument '$1'" >&2 + exit 0 + ;; +esac + +# dh_installdeb will replace this with shell code automatically + +#DEBHELPER# + +exit 0 --- strongswan-4.2.4.orig/debian/strongswan.prerm +++ strongswan-4.2.4/debian/strongswan.prerm @@ -0,0 +1,40 @@ +#! /bin/sh +# prerm script for strongswan +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `upgrade' +# * `failed-upgrade' +# * `remove' `in-favour' +# * `deconfigure' `in-favour' +# `removing' +# +# for details, see /usr/share/doc/packaging-manual/ + +case "$1" in + upgrade) + ;; + remove|deconfigure) + invoke-rc.d ipsec stop || true +# install-info --quiet --remove /usr/info/strongswan.info.gz + ;; + failed-upgrade) + ;; + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + +