debian/0000775000000000000000000000000012012016635007164 5ustar debian/openswan-modules-source.lintian-overrides.in0000664000000000000000000000017412010653511017747 0ustar # we have a right link in it too openswan-modules-$KVERS: copyright-refers-to-symlink-license usr/share/common-licenses/GPL debian/NEWS0000664000000000000000000000516412010653511007667 0ustar openswan (1:2.6.27+dfsg-1) unstable; urgency=low Openswan's SAref patches for kernel versions 2.6.32 and 2.6.34 are now included in the openswan-modules-source tar.bz2 file. For detailed instructions how this new feature can be activated and used please take a look at README.Debian. -- Harald Jenny Thu, 1 Jul 2010 23:27:20 +0200 openswan (1:2.6.24+dfsg-2) unstable; urgency=low Plain RSA key creation has been removed from debconf as they do not really provide interoperability with other IPsec implementations and nowadays X.509 certificates are the de-facto standard. If there is still the need to create such a key please take a look at README.Debian on how to manually build and include it in the configuration. -- Harald Jenny Tue, 4 May 2010 01:10:40 +0200 openswan (1:2.6.24+dfsg-1) unstable; urgency=medium Support for choosing between different Start/Stop-Levels for Openswan was finally removed since it is really obsolete. The system startup nowadays has the three different points at which the init script could be called streamlined as a set of sequently running scripts in system runlevel S. Furthermore the syslog-service on which Openswan depends is only started in normal runlevels 2-5, so starting IPsec earlier would make little sense anyway. Please note that existing starting configurations which have been modified are not changed by an upgrade, this must be done manually done by the system administrator issuing the commands "update-rc.d -f ipsec remove" and "update-rc.d -f ipsec defaults 16 84". Additionally, the way in which plain RSA key creation is managed was changed. As debconf should not modify files marked as configs now when such a key gets created it is saved under /var/lib/openswan/ipsec.secrets.inc. This file in turn is included per default in /etc/ipsec.secrets. Also note that from now on X.509 certificates which get created or are imported via debconf will be registered too in the new include file. -- Harald Jenny Mon, 8 Mar 2010 11:47:26 +0100 openswan (1:2.6.22+dfsg-1) unstable; urgency=HIGH NAT-Traversal for kernels >= 2.6.23 is now included in the ipsec.ko module, eliminating the need for patching. There are no configuration changes necessary to activate it, pluto will automatically try to use it. Please note that this does not apply to kernels < 2.6.23, here you will still need apply a custom NAT-T patch. -- Harald Jenny Tue, 23 Jun 2009 21:55:32 +0200 Local variables: mode: debian-changelog End: debian/openswan-modules-dkms.lintian-overrides0000664000000000000000000000017212010653511016776 0ustar # we have a right link in it too openswan-modules-dkms: copyright-refers-to-symlink-license usr/share/common-licenses/GPL debian/openswan-modules-source.lintian-overrides0000664000000000000000000000017412010653511017342 0ustar # we have a right link in it too openswan-modules-source: copyright-refers-to-symlink-license usr/share/common-licenses/GPL debian/rules0000775000000000000000000002432212010653511010245 0ustar #!/usr/bin/make -f # Sample debian/rules that uses debhelper. # GNU copyright 1997 to 1999 by Joey Hess. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 export DH_OPTIONS export DEB_BUILD_MAINT_OPTIONS = hardening=+all DPKG_EXPORT_BUILDFLAGS = 1 DEB_CFLAGS_MAINT_APPEND=-fno-strict-aliasing DEB_CXXFLAGS_MAINT_APPEND=-fno-strict-aliasing include /usr/share/dpkg/buildflags.mk # The build system doesn't respect CPPFLAGS, pass them to CFLAGS/CXXFLAGS to # enable the missing (hardening) flags. CFLAGS += $(CPPFLAGS) CXXFLAGS += $(CPPFLAGS) build-arch: build build-indep: build build: build-stamp build-stamp: # create a dummy ipsec.secrets file before building the package so # that no RSA keys are created during the build process # (a package should not include a RSA key, it should produce the key # on demand, e.g. in the postinst script) touch $(CURDIR)/debian/ipsec.secrets $(MAKE) programs INC_USRLOCAL=/usr \ FINALBINDIR=/usr/lib/ipsec \ FINALLIBEXECDIR=/usr/lib/ipsec \ PUBDIR=/usr/sbin \ MANTREE=/usr/share/man \ CONFDIR=$(CURDIR)/debian \ USE_LDAP=true USE_LIBCURL=true \ USE_XAUTHPAM=true # remove the temporary file, it will be created during install rm -f $(CURDIR)/debian/ipsec.secrets touch build-stamp clean: dh_testdir dh_testroot rm -f build-stamp [ ! -f Makefile ] || $(MAKE) clean # after a make clean, no binaries _should_ be left, but .... -find $(CURDIR) -name "*.o" | xargs --no-run-if-empty rm -find $(CURDIR)/lib/libcrypto -name "*.a" | xargs --no-run-if-empty rm rm -rf debian/openswan-modules-source-build/ # Really clean (#356716) # This is a hack: should be better implemented rm -f lib/libopenswan/libopenswan.a || true rm -f lib/libopenswan/liboswlog.a || true rm -rf OBJ.* || true # just in case something went wrong rm -f $(CURDIR)/debian/ipsec.secrets # and make sure that template are up-to-date debconf-updatepo dh_clean install-openswan: DH_OPTIONS=-a install-openswan: build dh_testdir dh_testroot dh_prep dh_installdirs # Add here commands to install the package into debian/tmp. $(MAKE) install INC_USRLOCAL=/usr \ FINALBINDIR=/usr/lib/ipsec \ FINALLIBEXECDIR=/usr/lib/ipsec \ PUBDIR=$(CURDIR)/debian/openswan/usr/sbin \ MANTREE=$(CURDIR)/debian/openswan/usr/share/man \ DESTDIR=$(CURDIR)/debian/openswan rm -rf $(CURDIR)/debian/openswan/usr/local install --mode=0600 $(CURDIR)/debian/ipsec.secrets.proto $(CURDIR)/debian/openswan/etc/ipsec.secrets rm -f $(CURDIR)/debian/openswan/etc/init.d/ipsec?* rm -f $(CURDIR)/debian/openswan/usr/lib/ipsec/_plutorun?* # this is handled by update-rc.d rm -rf $(CURDIR)/debian/openswan/etc/rc?.d # delete var/lock/subsys and var/run to satisfy lintian rm -rf $(CURDIR)/debian/openswan/var/lock rm -rf $(CURDIR)/debian/openswan/var/run # remove the already installed docs rm -rf "$(CURDIR)/debian/openswan/usr/share/doc" # fix some manpage issues for oldname in `find $(CURDIR)/debian/openswan/usr/share/man -name "ipsec_ipsec*"`; \ do \ newname=`echo "$$oldname" | sed 's/ipsec_ipsec_/ipsec_/'`; \ if [ -f "$$newname" ]; then \ rm -f "$$oldname"; \ else \ mv "$$oldname" "$$newname"; \ fi; \ done dh_installdocs -popenswan -n dh_installchangelogs CHANGES # openswan-dbg depends on openswan so no need to ship doc twice rm -rf $(CURDIR)/debian/openswan-dbg/usr/share/doc/openswan-dbg # the logcheck ignore files install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.paranoid $(CURDIR)/debian/openswan/etc/logcheck/ignore.d.paranoid/openswan install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.server $(CURDIR)/debian/openswan/etc/logcheck/ignore.d.server/openswan install -D --mode=0600 $(CURDIR)/debian/logcheck.ignore.server $(CURDIR)/debian/openswan/etc/logcheck/ignore.d.workstation/openswan install -D --mode=0600 $(CURDIR)/debian/logcheck.violations.ignore $(CURDIR)/debian/openswan/etc/logcheck/violations.ignore.d/openswan # set permissions on ipsec.secrets chmod 600 $(CURDIR)/debian/openswan/etc/ipsec.secrets chmod 644 $(CURDIR)/debian/openswan/etc/ipsec.conf chmod 700 -R $(CURDIR)/debian/openswan/etc/ipsec.d/private/ # don't know why they come with +x set by default... chmod 644 $(CURDIR)/debian/openswan/etc/ipsec.d/policies/* chmod 644 $(CURDIR)/debian/openswan/etc/ipsec.d/examples/* # create /var/lib/openswan with permissions similar to ipsec.secrets mkdir -p $(CURDIR)/debian/openswan/var/lib/openswan chmod 700 -R $(CURDIR)/debian/openswan/var/lib/openswan # more lintian cleanups find $(CURDIR)/debian/openswan -name ".gitignore" | xargs --no-run-if-empty rm -f # Empty directory rmdir $(CURDIR)/debian/openswan/usr/bin install-openswan-doc: DH_OPTIONS=-popenswan-doc install-openswan-doc: build dh_testdir dh_testroot dh_installdocs -popenswan-doc -n dh_installchangelogs CHANGES # fix some doc issues for oldname in `find $(CURDIR)/debian/openswan-doc/usr/share/doc -name "ipsec_ipsec*"`; \ do \ newname=`echo "$$oldname" | sed 's/ipsec_ipsec_/ipsec_/'`; \ if [ -f "$$newname" ]; then \ rm -f "$$oldname"; \ else \ mv "$$oldname" "$$newname"; \ fi; \ done # change the paths in the installed doc files (but only in regular # files, not in links to the outside of the build tree !) ( cd $(CURDIR)/debian/openswan-doc/; \ for f in `grep "/usr/local/" --recursive --files-with-match *`; \ do \ if [ -f $$f -a ! -L $$f ]; then \ cp $$f $$f.old; \ sed 's/\/usr\/local\//\/usr\//' $$f.old > $$f; \ rm $$f.old; \ fi; \ done ) # but remove the doc/src dir, which just duplicates the HTML files rm -rf $(CURDIR)/debian/openswan-doc/usr/share/doc/openswan-doc/doc/src # more lintian cleanups find $(CURDIR)/debian/openswan-doc -name ".gitignore" | xargs --no-run-if-empty rm -f install-openswan-modules-source: DH_OPTIONS=-popenswan-modules-source install-openswan-modules-source: PKGDIR=$(CURDIR)/debian/openswan-modules-source install-openswan-modules-source: BUILDDIR=$(CURDIR)/debian/openswan-modules-source-build install-openswan-modules-source: dh_testdir dh_testroot dh_installdirs mkdir -p "$(BUILDDIR)/modules/openswan" mkdir -p "$(BUILDDIR)/modules/openswan/lib" mkdir -p "$(BUILDDIR)/modules/openswan/debian" mkdir -p "$(BUILDDIR)/modules/openswan/packaging" mkdir -p "$(BUILDDIR)/modules/openswan/patches/kernel" cp -r CHANGES CREDITS Makefile Makefile.top Makefile.inc Makefile.ver linux/ \ "$(BUILDDIR)/modules/openswan" cp -r lib/libcrypto "$(BUILDDIR)/modules/openswan/lib/" cp -r packaging/makefiles packaging/linus packaging/utils packaging/defaults/ \ "$(BUILDDIR)/modules/openswan/packaging/" cp -r patches/kernel/2.6.32 "$(BUILDDIR)/modules/openswan/patches/kernel/" cp -r patches/kernel/2.6.35 "$(BUILDDIR)/modules/openswan/patches/kernel/" find "$(BUILDDIR)/modules/openswan/lib/" -name "*.o" | xargs --no-run-if-empty rm install --mode=644 debian/openswan-modules-source.kernel-config "$(BUILDDIR)/modules/openswan/config-all.h" install --mode=755 debian/openswan-modules-source.rules "$(BUILDDIR)/modules/openswan/debian/rules" install --mode=644 debian/openswan-modules-source.control.in "$(BUILDDIR)/modules/openswan/debian/control.in" install --mode=644 debian/openswan-modules-source.docs "$(BUILDDIR)/modules/openswan/debian/docs.in" install --mode=644 debian/openswan-modules-source.lintian-overrides.in "$(BUILDDIR)/modules/openswan/debian/lintian-overrides.in" install --mode=644 debian/compat "$(BUILDDIR)/modules/openswan/debian/" install --mode=644 debian/changelog "$(BUILDDIR)/modules/openswan/debian/" install --mode=644 debian/copyright "$(BUILDDIR)/modules/openswan/debian/" install --mode=644 debian/NEWS "$(BUILDDIR)/modules/openswan/debian/" install --mode=644 debian/README.Debian "$(BUILDDIR)/modules/openswan/debian/" tar -C $(BUILDDIR) -c modules/ | bzip2 -9 > \ "$(PKGDIR)/usr/src/openswan-modules.tar.bz2" dh_installdocs -popenswan-modules-source -n dh_installchangelogs CHANGES # more lintian cleanups find $(PKGDIR) -name ".gitignore" | xargs --no-run-if-empty rm -f install-openswan-modules-dkms: DH_OPTIONS=-popenswan-modules-dkms install-openswan-modules-dkms: VERSION:=$(shell dpkg-parsechangelog | grep '^Version:' | cut -d' ' -f2 | cut -d: -f2 | cut -d- -f1) install-openswan-modules-dkms: dh_testdir dh_testroot dh_installdirs mkdir -p "$(CURDIR)/debian/openswan-modules-dkms/usr/src/openswan-$(VERSION)/lib" mkdir -p "$(CURDIR)/debian/openswan-modules-dkms/usr/src/openswan-$(VERSION)/debian" mkdir -p "$(CURDIR)/debian/openswan-modules-dkms/usr/src/openswan-$(VERSION)/packaging" cp -r Makefile Makefile.top Makefile.inc Makefile.ver linux/ \ "$(CURDIR)/debian/openswan-modules-dkms/usr/src/openswan-$(VERSION)" cp -r lib/libcrypto "$(CURDIR)/debian/openswan-modules-dkms/usr/src/openswan-$(VERSION)/lib" cp -r packaging/makefiles packaging/linus packaging/utils packaging/defaults/ \ "$(CURDIR)/debian/openswan-modules-dkms/usr/src/openswan-$(VERSION)/packaging/" find "$(CURDIR)/debian/openswan-modules-dkms/usr/src/openswan-$(VERSION)/lib" -name "*.o" | xargs --no-run-if-empty rm install --mode=644 debian/openswan-modules-source.kernel-config "$(CURDIR)/debian/openswan-modules-dkms/usr/src/openswan-$(VERSION)/config-all.h" sed -e "s/#VERSION#/$(VERSION)/g" debian/openswan-modules-dkms.dkms.conf.in > "$(CURDIR)/debian/openswan-modules-dkms/usr/src/openswan-$(VERSION)/dkms.conf" dh_installdocs -popenswan-modules-dkms -n dh_installchangelogs CHANGES # more lintian cleanups find $(CURDIR)/debian/openswan-modules-dkms -name ".gitignore" | xargs --no-run-if-empty rm -f # remove empty dir find $(CURDIR)/debian/openswan-modules-dkms -type d -name debian | xargs --no-run-if-empty rmdir binary-common: dh_testdir dh_testroot dh_installdebconf dh_link dh_strip --dbg-package=openswan-dbg dh_compress dh_fixperms -X etc/ipsec.secrets -X etc/ipsec.d/private -X var/lib/openswan dh_lintian dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb # Build architecture-independent files here. binary-indep: install-openswan-doc install-openswan-modules-source $(MAKE) -f debian/rules DH_OPTIONS=-i binary-common # Build architecture-dependent files here. binary-arch: install-openswan install-openswan-modules-dkms $(MAKE) -f debian/rules DH_OPTIONS=-a binary-common binary: binary-indep binary-arch .PHONY: clean binary-indep binary-arch debian/openswan-doc.lintian-overrides0000664000000000000000000000016112010653511015135 0ustar # we have a right link in it too openswan-doc: copyright-refers-to-symlink-license usr/share/common-licenses/GPL debian/logcheck.ignore.paranoid0000664000000000000000000000117012010653511013741 0ustar ipsec_setup: KLIPS debug \`none\' ipsec_setup: Stopping FreeS/WAN IPsec\.\.\. ipsec_setup: stop ordered ipsec_setup: doing cleanup anywan... ipsec_setup: \.\.\.FreeS/WAN IPsec stopped ipsec_setup: Starting FreeS/WAN IPsec ipsec_setup: \.\.\.FreeS/WAN IPsec started ipsec_plutorun: .*: initiate pluto.*: deleting state pluto.*: forgetting secrets pluto.*: shutting down pluto.*: \| pluto.*: .* bytes loaded pluto.*: including X\.509 patch pluto.*: Loading my X\.509 certificate pluto.*: Starting pluto pluto.*: adding interface pluto.*: listening for IKE messages pluto.*: loading secrets pluto.*: regenerating DH private secret debian/openswan-doc.docs0000664000000000000000000000005712010653511012433 0ustar BUGS README CREDITS debian/README.Debian docs/ debian/openswan.prerm0000664000000000000000000000160612010653511012066 0ustar #! /bin/sh # prerm script for openswan # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `upgrade' # * `failed-upgrade' # * `remove' `in-favour' # * `deconfigure' `in-favour' # `removing' # # for details, see /usr/share/doc/packaging-manual/ case "$1" in upgrade) ;; remove|deconfigure) invoke-rc.d ipsec stop || true ;; failed-upgrade) ;; *) echo "prerm called with unknown argument \`$1'" >&2 exit 0 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/po/0000775000000000000000000000000012012016635007602 5ustar debian/po/gl.po0000664000000000000000000007444012010653511010553 0ustar # Galician translation of openswan's debconf templates # This file is distributed under the same license as the openswan package. # Jacobo Tarrio , 2008. # msgid "" msgstr "" "Project-Id-Version: openswan\n" "Report-Msgid-Bugs-To: openswan@packages.debian.org\n" "POT-Creation-Date: 2010-07-29 19:03+0200\n" "PO-Revision-Date: 2008-04-06 20:36+0100\n" "Last-Translator: Jacobo Tarrio \n" "Language-Team: Galician \n" "Language: gl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../openswan.templates:1001 msgid "Old runlevel management superseded" msgstr "" #. Type: note #. Description #: ../openswan.templates:1001 msgid "" "Previous versions of the Openswan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your Openswan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" #. Type: boolean #. Description #: ../openswan.templates:2001 #, fuzzy #| msgid "Do you wish to restart Openswan?" msgid "Restart Openswan now?" msgstr "¿Quere reiniciar Openswan?" #. Type: boolean #. Description #: ../openswan.templates:2001 #, fuzzy #| msgid "" #| "Restarting Openswan is a good idea, since if there is a security fix, it " #| "will not be fixed until the daemon restarts. Most people expect the " #| "daemon to restart, so this is generally a good idea. However this might " #| "take down existing connections and then bring them back up." msgid "" "Restarting Openswan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such " "an Openswan tunnel to connect for this update, restarting is not recommended." msgstr "" "Reiniciar Openswan é unha boa idea, xa que se se arranxou un problema de " "seguridade, non se ha aplicar ata que se reinicie o servizo. A maior parte " "da xente espera que o servizo se reinicie, así que adoita ser unha boa idea. " "Nembargantes, isto podería cortar as conexións existentes e despois volvelas " "erguer." #. Type: boolean #. Description #: ../openswan.templates:3001 #, fuzzy #| msgid "" #| "Do you have an existing X509 certificate file that you want to use for " #| "Openswan?" msgid "Use an X.509 certificate for this host?" msgstr "¿Ten un certificado X509 existente que queira empregar en Openswan?" #. Type: boolean #. Description #: ../openswan.templates:3001 #, fuzzy #| msgid "" #| "This installer can automatically create a RSA public/private keypair for " #| "this host. This keypair can be used to authenticate IPSec connections to " #| "other hosts and is the preferred way for building up secure IPSec " #| "connections. The other possibility would be to use shared secrets " #| "(passwords that are the same on both sides of the tunnel) for " #| "authenticating an connection, but for a larger number of connections RSA " #| "authentication is easier to administer and more secure." msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Este instalador pode crear automaticamente un par de claves pública/privada " "RSA para esta máquina. Este par de claves pódese empregar para autenticar as " "conexións IPSec a outras máquinas e é a maneira preferida de construír " "conexións IPSec seguras. A outra posibilidade sería empregar segredos " "compartidos (o mesmo contrasinal en ámbolous dous lados do túnel) para " "autenticar unha conexión, pero para ter moitas conexións é moito máis segura " "e fácil de administrar a autenticación RSA." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure openswan\" to come back." msgstr "" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "create" msgstr "" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "import" msgstr "" #. Type: select #. Description #: ../openswan.templates:4002 #, fuzzy #| msgid "" #| "Do you have an existing X509 certificate file that you want to use for " #| "Openswan?" msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "¿Ten un certificado X509 existente que queira empregar en Openswan?" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" #. Type: string #. Description #: ../openswan.templates:5001 #, fuzzy #| msgid "Please enter the country code for the X509 certificate request." msgid "File name of your PEM format X.509 certificate:" msgstr "Introduza o código do país para a solicitude de certificado X509." #. Type: string #. Description #: ../openswan.templates:5001 #, fuzzy #| msgid "" #| "Please enter the location of the file containing your X509 certificate in " #| "PEM format." msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Introduza a ubicación do ficheiro que contén o seu certificado X509 en " "formato PEM." #. Type: string #. Description #: ../openswan.templates:6001 msgid "File name of your PEM format X.509 private key:" msgstr "" #. Type: string #. Description #: ../openswan.templates:6001 #, fuzzy #| msgid "" #| "Please enter the location of the file containing the private RSA key " #| "matching your X509 certificate in PEM format. This can be the same file " #| "that contains the X509 certificate." msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Introduza a ubicación do ficheiro que contén a clave privada RSA que " "corresponde ao seu certificado X509 en formato PEM. Pode ser o mesmo " "ficheiro que o que contén o certificado X509." #. Type: string #. Description #: ../openswan.templates:7001 msgid "File name of your PEM format X.509 RootCA:" msgstr "" #. Type: string #. Description #: ../openswan.templates:7001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" #. Type: string #. Description #: ../openswan.templates:8001 msgid "Length of RSA key to be created:" msgstr "" #. Type: string #. Description #: ../openswan.templates:8001 #, fuzzy #| msgid "" #| "Please enter the length of the created RSA key. it should not be less " #| "than 1024 bits because this should be considered unsecure and you will " #| "probably not need anything more than 2048 bits because it only slows the " #| "authentication process down and is not needed at the moment." msgid "" "Please enter the required RSA key-length. Anything under 1024 bits should be " "considered insecure; anything more than 4096 bits slows down the " "authentication process and is not useful at present." msgstr "" "Introduza a lonxitude da clave RSA creada. Non debería ser inferior a 1024 " "bits porque esta lonxitude é insegura, e probablemente non ha precisar de " "máis de 2048 bits porque só ralentiza a autenticación e non é necesario " "tanto neste momento." #. Type: boolean #. Description #: ../openswan.templates:9001 #, fuzzy #| msgid "Do you want to create a self-signed X509 certificate?" msgid "Create a self-signed X.509 certificate?" msgstr "¿Quere crear un certificado X509 autoasinado?" #. Type: boolean #. Description #: ../openswan.templates:9001 #, fuzzy #| msgid "" #| "This installer can only create self-signed X509 certificates " #| "automatically, because otherwise a certificate authority is needed to " #| "sign the certificate request. If you want to create a self-signed " #| "certificate, you can use it immediately to connect to other IPSec hosts " #| "that support X509 certificate for authentication of IPSec connections. " #| "However, if you want to use the new PKI features of Openswan >= 1.91, you " #| "will need to have all X509 certificates signed by a single certificate " #| "authority to create a trust path." msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using Openswan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Este instalador só pode crear automaticamente certificados X509 " "autoasinados, porque se non, é necesario que unha autoridade certificadora " "asine a solicitude de certificado. Se quere crear un certificado " "autoasinado, ha poder empregalo inmediatamente para se conectar a outras " "máquinas IPSec que soporten certificados X509 para a autenticación de " "conexións IPSec. Nembargantes, se quere empregar as novas características " "PKI de Openswan >= 1.91, ha ter que ter tódolos certificados X509 asinados " "por unha soa autoridade certificadora para crear unha ruta de confianza." #. Type: boolean #. Description #: ../openswan.templates:9001 #, fuzzy #| msgid "" #| "If you do not want to create a self-signed certificate, then this " #| "installer will only create the RSA private key and the certificate " #| "request and you will have to sign the certificate request with your " #| "certificate authority." msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Se non quere crear un certificado autoasinado, este instalador só ha crear a " "clave privada RSA e a solicitude de certificado, e vostede ha ter que facer " "que a autoridade certificadora asine a solicitude de certificado." #. Type: string #. Description #: ../openswan.templates:10001 #, fuzzy #| msgid "Please enter the country code for the X509 certificate request." msgid "Country code for the X.509 certificate request:" msgstr "Introduza o código do país para a solicitude de certificado X509." #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" #. Type: string #. Description #: ../openswan.templates:10001 #, fuzzy #| msgid "" #| "You really need to enter a valid country code here, because openssl will " #| "refuse to generate certificates without one. An empty field is allowed " #| "for any other field of the X.509 certificate, but not for this one." msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "Ten que introducir un código de país válido aquí, porque openssl non ha " "poder xerar certificados sen un. Admítese un campo baleiro en calquera outro " "campo do certificado X.509, pero non neste." #. Type: string #. Description #: ../openswan.templates:11001 #, fuzzy #| msgid "" #| "Please enter the state or province name for the X509 certificate request." msgid "State or province name for the X.509 certificate request:" msgstr "" "Introduza o nome do estado ou provincia para a solicitude de certificado " "X509." #. Type: string #. Description #: ../openswan.templates:11001 #, fuzzy #| msgid "" #| "Please enter the full name of the state or province you live in. This " #| "name will be placed in the certificate request." msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Introduza o nome completo do estado ou privincia na que vive. Este nome ha " "figurar na solicitude de certificado." #. Type: string #. Description #: ../openswan.templates:12001 #, fuzzy #| msgid "Please enter the locality name for the X509 certificate request." msgid "Locality name for the X.509 certificate request:" msgstr "Introduza o nome da localidade para a solicitude de certificado X509." #. Type: string #. Description #: ../openswan.templates:12001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" #. Type: string #. Description #: ../openswan.templates:13001 #, fuzzy #| msgid "Please enter the organization name for the X509 certificate request." msgid "Organization name for the X.509 certificate request:" msgstr "" "Introduza o nome da organización para a solicitude de certificado X509." #. Type: string #. Description #: ../openswan.templates:13001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" #. Type: string #. Description #: ../openswan.templates:14001 #, fuzzy #| msgid "" #| "Please enter the organizational unit for the X509 certificate request." msgid "Organizational unit for the X.509 certificate request:" msgstr "" "Introduza a unidade organizativa para a solicitude de certificado X509." #. Type: string #. Description #: ../openswan.templates:14001 #, fuzzy #| msgid "" #| "Please enter the organizational unit for the X509 certificate request." msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Introduza a unidade organizativa para a solicitude de certificado X509." #. Type: string #. Description #: ../openswan.templates:15001 #, fuzzy #| msgid "Please enter the common name for the X509 certificate request." msgid "Common Name for the X.509 certificate request:" msgstr "Introduza o nome común para a solicitude de certificado X509." #. Type: string #. Description #: ../openswan.templates:15001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" #. Type: string #. Description #: ../openswan.templates:16001 #, fuzzy #| msgid "Please enter the email address for the X509 certificate request." msgid "Email address for the X.509 certificate request:" msgstr "Introduza o enderezo de email para a solicitude de certificado X509." #. Type: string #. Description #: ../openswan.templates:16001 #, fuzzy #| msgid "" #| "Please enter the email address of the person or organization who is " #| "responsible for the X509 certificate, This address will be placed in the " #| "certificate request." msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Introduza o enderezo de email da persoa ou organización responsable do " "certificado X509. Este enderezo ha figurar na solicitude de certificado." #. Type: note #. Description #: ../openswan.templates:17001 msgid "Modification of /etc/ipsec.conf" msgstr "" #. Type: note #. Description #: ../openswan.templates:17001 msgid "" "Due to a change in upstream Openswan, opportunistic encryption is no longer " "enabled by default. The no_oe.conf file that was shipped in earlier versions " "to explicitly disable it can therefore no longer be included by ipsec.conf. " "Any such include paragraph will now be automatically removed to ensure that " "Openswan can start correctly." msgstr "" #, fuzzy #~| msgid "Please enter the location of your X509 certificate in PEM format." #~ msgid "Please enter the location of your X509 certificate in PEM format:" #~ msgstr "Introduza a ubicación do seu certificado X509 en formato PEM." #, fuzzy #~| msgid "Please enter the location of your X509 private key in PEM format." #~ msgid "Please enter the location of your X509 private key in PEM format:" #~ msgstr "Introduza a ubicación da súa clave privada X509 en formato PEM." #, fuzzy #~| msgid "Please enter the location of your X509 certificate in PEM format." #~ msgid "You may now enter the location of your X509 RootCA in PEM format:" #~ msgstr "Introduza a ubicación do seu certificado X509 en formato PEM." #, fuzzy #~| msgid "Which length should the created RSA key have?" #~ msgid "Please enter which length the created RSA key should have:" #~ msgstr "¿Que lonxitude debe ter a clave RSA creada?" #~ msgid "" #~ "Please enter the 2 letter country code for your country. This code will " #~ "be placed in the certificate request." #~ msgstr "" #~ "Introduza o código de dúas letras correspondente ao seu país. Este código " #~ "ha figurar na solicitude de certificado." #~ msgid "Example: AT" #~ msgstr "Exemplo: ES" #~ msgid "Example: Upper Austria" #~ msgstr "Exemplo: A Coruña" #~ msgid "" #~ "Please enter the locality (e.g. city) where you live. This name will be " #~ "placed in the certificate request." #~ msgstr "" #~ "Introduza a localidade na que vive. Este nome ha figurar na solicitude de " #~ "certificado." #~ msgid "Example: Vienna" #~ msgstr "Exemplo: Santiago" #~ msgid "" #~ "Please enter the organization (e.g. company) that the X509 certificate " #~ "should be created for. This name will be placed in the certificate " #~ "request." #~ msgstr "" #~ "Introduza a organización (p.ex. empresa) para a que se ha crear o " #~ "certificado X509. Este nome ha figurar na solicitude de certificado." #~ msgid "Example: Debian" #~ msgstr "Exemplo: Debian" #~ msgid "" #~ "Please enter the organizational unit (e.g. section) that the X509 " #~ "certificate should be created for. This name will be placed in the " #~ "certificate request." #~ msgstr "" #~ "Introduza a unidade organizativa (p.ex. sección) para a que se ha crear o " #~ "certificado X509. Este nome ha figurar na solicitude de certificado." #~ msgid "Example: security group" #~ msgstr "Exemplo: grupo de seguridade" #~ msgid "" #~ "Please enter the common name (e.g. the host name of this machine) for " #~ "which the X509 certificate should be created for. This name will be " #~ "placed in the certificate request." #~ msgstr "" #~ "Introduza o nome común (p.ex. o nome desta máquina) para o que se ha " #~ "crear o certificado X509. Este nome ha figurar na solicitude de " #~ "certificado." #~ msgid "Example: gateway.debian.org" #~ msgstr "Exemplo: gateway.debian.org" #~ msgid "Do you want to create a RSA public/private keypair for this host?" #~ msgstr "" #~ "¿Quere crear un par de claves pública/privada RSA para esta máquina?" #~ msgid "" #~ "If you do not want to create a new public/private keypair, you can choose " #~ "to use an existing one." #~ msgstr "" #~ "Se non quere crear un novo par de claves pública/privada, pode empregar " #~ "un xa existente." #~ msgid "x509" #~ msgstr "x509" #~ msgid "plain" #~ msgstr "simple" #~ msgid "" #~ "It is possible to create a plain RSA public/private keypair for use with " #~ "Openswan or to create a X509 certificate file which contains the RSA " #~ "public key and additionally stores the corresponding private key." #~ msgstr "" #~ "Pode crear un par de claves pública/privada simple para empregalo con " #~ "Openswan, ou pode crear un ficheiro de certificado X509 que contén a " #~ "clave pública RSA e tamén garda a clave privada correspondente." #, fuzzy #~| msgid "" #~| "If you only want to build up IPSec connections to hosts also running " #~| "Openswan, it might be a bit easier using plain RSA keypairs. But if you " #~| "want to connect to other IPSec implementations, you will need a X509 " #~| "certificate. It is also possible to create a X509 certificate here and " #~| "extract the RSA public key in plain format if the other side runs " #~| "Openswan without X509 certificate support." #~ msgid "" #~ "If you only want to create IPsec connections to hosts also running " #~ "Openswan, it might be a bit easier using plain RSA keypairs. But if you " #~ "want to connect to other IPsec implementations, you will need a X509 " #~ "certificate. It is also possible to create a X509 certificate here and " #~ "extract the RSA public key in plain format if the other side runs " #~ "Openswan without X509 certificate support." #~ msgstr "" #~ "Se só quere realizar conexións IPSec a máquinas que tamén empregan " #~ "Openswan pode ser un pouco máis doado empregar pares de claves simples. " #~ "Nembargantes, se quere conectarse a outras implementacións de IPSec, ha " #~ "ter que empregar un certificado X509. Tamén é posible crear aquí un " #~ "certificado X509 e extraer a clave pública RSA en formato simple se o " #~ "outro estremo executa Openswan sen soporte de certificados X509." #, fuzzy #~| msgid "" #~| "Therefore a X509 certificate is recommended since it is more flexible " #~| "and this installer should be able to hide the complex creation of the " #~| "X509 certificate and its use in Openswan anyway." #~ msgid "" #~ "Therefore a X509 certificate is recommended since it is more flexible and " #~ "this installer should be able to hide the complex creation of the X509 " #~ "certificate and its use in Openswan." #~ msgstr "" #~ "Polo tanto recoméndase empregar un certificado X509, xa que é máis " #~ "flexible e este instalador debería poder ocultar a complexidade da " #~ "creación do certificado X509 e do seu emprego en Openswan." #, fuzzy #~| msgid "" #~| "This installer can automatically extract the needed information from an " #~| "existing X509 certificate with a matching RSA private key. Both parts " #~| "can be in one file, if it is in PEM format. Do you have such an existing " #~| "certificate and key file and want to use it for authenticating IPSec " #~| "connections?" #~ msgid "" #~ "This installer can automatically extract the needed information from an " #~ "existing X509 certificate with a matching RSA private key. Both parts can " #~ "be in one file, if it is in PEM format. If you have such an existing " #~ "certificate and key file please select if want to use it for " #~ "authenticating IPSec connections." #~ msgstr "" #~ "Este instalador pode extraer automaticamente a información necesaria dun " #~ "certificado X509 existente cunha clave privada RSA correspondente. As " #~ "dúas partes poden estar nun só ficheiro, se está en formato PEM. ¿Ten un " #~ "certificado tal e un ficheiro coa clave privada, e quere empregalo para " #~ "autenticar conexións IPSec?" #~ msgid "x509, plain" #~ msgstr "x509, simple" #, fuzzy #~| msgid "earliest, \"after NFS\", \"after PCMCIA\"" #~ msgid "earliest, after NFS, after PCMCIA" #~ msgstr "\"o antes posible\", \"despois de NFS\", \"despois de PCMCIA\"" #, fuzzy #~| msgid "" #~| "With the current Debian startup levels (nearly everything starting in " #~| "level 20), it is impossible for Openswan to always start at the correct " #~| "time. There are three possibilities when Openswan can start: before or " #~| "after the NFS services and after the PCMCIA services. The correct answer " #~| "depends on your specific setup." #~ msgid "" #~ "With the default system startup levels (nearly everything starting in " #~ "level 20), it is impossible for Openswan to always start at the correct " #~ "time. There are three possibilities when Openswan can start: before or " #~ "after the NFS services and after the PCMCIA services. The correct answer " #~ "depends on your specific setup." #~ msgstr "" #~ "Cos niveis de inicio actuais de Debian (practicamente todo se inicia no " #~ "nivel 20) é imposible que Openswan se inicie sempre no momento correcto. " #~ "Hai tres posibilidades para o inicio de Openswan: antes ou despois dos " #~ "servizos NFS ou despois dos servizos PCMCIA. A resposta correcta depende " #~ "da súa configuración específica." #, fuzzy #~| msgid "" #~| "If you do not have your /usr tree mounted via NFS (either you only mount " #~| "other, less vital trees via NFS or don't use NFS mounted trees at all) " #~| "and don't use a PCMCIA network card, then it's best to start Openswan at " #~| "the earliest possible time, thus allowing the NFS mounts to be secured " #~| "by IPSec. In this case (or if you don't understand or care about this " #~| "issue), answer \"earliest\" to this question (the default)." #~ msgid "" #~ "If the /usr tree of this system is not mounted via NFS (either you only " #~ "mount other, less vital trees via NFS or don't use NFS mounted trees at " #~ "all) and no PCMCIA network card is used, then it's best to start Openswan " #~ "at the earliest possible time, thus allowing the NFS mounts to be secured " #~ "by IPSec. In this case (or if you don't understand or care about this " #~ "issue), answer \"earliest\" to this question (the default)." #~ msgstr "" #~ "Se non monta a súa árbore /usr vía NFS (porque só monta outras árbores " #~ "por NFS ou non monta nada por NFS) e non emprega unha tarxeta de rede " #~ "PCMCIA, é mellor iniciar Openswan o antes posible para permitir que as " #~ "montaxes por NFS se aseguren mediante IPSec. Neste caso (ou se non " #~ "entende ou non lle importa o problema), resposte \"o antes posible\" a " #~ "esta pregunta (a resposta por defecto)." #, fuzzy #~| msgid "" #~| "If you have your /usr tree mounted via NFS and don't use a PCMCIA " #~| "network card, then you will need to start Openswan after NFS so that all " #~| "necessary files are available. In this case, answer \"after NFS\" to " #~| "this question. Please note that the NFS mount of /usr can not be secured " #~| "by IPSec in this case." #~ msgid "" #~ "If the /usr tree is mounted via NFS and no PCMCIA network card is used, " #~ "then you will need to start Openswan after NFS so that all necessary " #~ "files are available. In this case, answer \"after NFS\" to this question. " #~ "Please note that the NFS mount of /usr can not be secured by IPSec in " #~ "this case." #~ msgstr "" #~ "Se monta a súa árbore /usr vía NFS e non emprega unha tarxeta de rede " #~ "PCMCIA, ha ter que iniciar Openswan despois de NFS para que tódolos " #~ "ficheiros necesarios estean dispoñibles. Neste caso, resposte \"despois " #~ "de NFS\" a esta pregunta. Teña en conta que neste caso non se pode " #~ "asegurar mediante IPSec a montaxe por NFS de /usr." #~ msgid "" #~ "If you use a PCMCIA network card for your IPSec connections, then you " #~ "only have to choose to start it after the PCMCIA services. Answer \"after " #~ "PCMCIA\" in this case. This is also the correct answer if you want to " #~ "fetch keys from a locally running DNS server with DNSSec support." #~ msgstr "" #~ "Se emprega unha tarxeta de rede PCMCIA para as conexións IPSec só ha ter " #~ "que decidir inicialas despois dos servizos PCMCIA. Resposte \"despois de " #~ "PCMCIA\" neste caso. Tamén é a resposta correcta se quere recibir claves " #~ "dun servidor DNS que se executa localmente con soporte de DNSSec." #, fuzzy #~| msgid "At which level do you wish to start Openswan?" #~ msgid "Please select the level at which you wish to start Openswan:" #~ msgstr "¿En que nivel quere iniciar Openswan?" #, fuzzy #~| msgid "Which type of RSA keypair do you want to create?" #~ msgid "Please select which type of RSA keypair you want to create:" #~ msgstr "¿Que tipo de par de claves RSA quere crear?" #~ msgid "Do you wish to enable opportunistic encryption in Openswan?" #~ msgstr "¿Quere activar o cifrado oportunista en Openswan?" #~ msgid "" #~ "Openswan comes with support for opportunistic encryption (OE), which " #~ "stores IPSec authentication information (i.e. RSA public keys) in " #~ "(preferably secure) DNS records. Until this is widely deployed, " #~ "activating it will cause a significant slow-down for every new, outgoing " #~ "connection. Since version 2.0, Openswan upstream comes with OE enabled by " #~ "default and is thus likely to break your existing connection to the " #~ "Internet (i.e. your default route) as soon as pluto (the Openswan keying " #~ "daemon) is started." #~ msgstr "" #~ "Openswan ten soporte de cifrado oportunista (OE), que armacena a " #~ "información de autenticación de IPSec (é dicir, as claves públicas RSA) " #~ "en rexistros DNS (preferiblemente seguros). Ata que isto sexa habitual, " #~ "activalo ha causar unha ralentización nas conexións novas saíntes. A " #~ "partires da versión 2.0, Openswan ten OE activado por defecto e, polo " #~ "tanto, é probable que rompa a súa conexión existente a Internet (é dicir, " #~ "a ruta por defecto) no momento en que se inicie pluto (o servizo de " #~ "claves de Openswan)." #~ msgid "" #~ "Please choose whether you want to enable support for OE. If unsure, do " #~ "not enable it." #~ msgstr "" #~ "Indique se quere activar o soporte de OE. Se non está seguro, non o " #~ "active." debian/po/fr.po0000664000000000000000000007645012010653511010563 0ustar # Translation of openswan debconf templates to French # Copyright (C) 2004-2008 Christian Perrier # This file is distributed under the same license as the openswan package. # # Christian Perrier , 2004, 2006, 2008, 2010. msgid "" msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: openswan@packages.debian.org\n" "POT-Creation-Date: 2010-07-29 19:03+0200\n" "PO-Revision-Date: 2010-04-26 20:26+0200\n" "Last-Translator: Christian Perrier \n" "Language-Team: fr \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 1.0\n" "Plural-Forms: Plural-Forms: nplurals=2; plural=n>1;\n" #. Type: note #. Description #: ../openswan.templates:1001 msgid "Old runlevel management superseded" msgstr "Abandon de l'ancien système de lancement d'Openswan" #. Type: note #. Description #: ../openswan.templates:1001 msgid "" "Previous versions of the Openswan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your Openswan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Les versions précédentes du paquet d'Openswan permettaient de choisir entre " "trois séquences possibles de lancement au démarrage de la machine. Comme " "l'organisation générale des scripts de lancement a été profondément modifiée " "dans le système, cela n'est désormais plus utile. Pour toutes les nouvelles " "installations, ainsi que pour les anciennes qui fonctionnaient selon un des " "trois modes prédéfinis, une séquence de lancement sûre va être mise en " "place. Si vous effectuez une mise à jour et aviez modifié les paramètres de " "lancement d'Openswan, veuillez consulter le fichier NEWS.Debian pour trouver " "les informations qui vous permettront d'adapter vos réglages." #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "Restart Openswan now?" msgstr "Souhaitez-vous redémarrer Openswan ?" #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "" "Restarting Openswan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such " "an Openswan tunnel to connect for this update, restarting is not recommended." msgstr "" "Redémarrer Openswan est préférable car un éventuel correctif de sécurité ne " "sera actif que si le démon est redémarré. La plupart des utilisateurs " "s'attendent à ce que le démon redémarre et c'est donc le plus souvent le " "meilleur choix. Cependant, cela pourrait interrompre provisoirement des " "connexions en cours, y compris la connexion utilisée actuellement pour cette " "mise à jour. En conséquence, il est déconseillé de redémarrer si le tunnel " "est utilisé pour l'administration du système." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "Use an X.509 certificate for this host?" msgstr "Faut-il utiliser un certificat X.509 existant avec cet hôte ?" #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Un certificat X.509 peut être créé automatiquement ou importé, pour cet " "hôte. Il peut servir à authentifier des connexions IPSec vers d'autres " "hôtes, ce qui est la méthode conseillée pour l'établissement de liaisons " "IPSec sûres. L'autre possibilité d'authentification à la connexion est " "l'utilisation d'un secret partagé (« pre-shared key » : des mots de passe " "identiques aux deux extrémités du tunnel). Toutefois, pour de nombreuses " "connexions, l'authentification à base de clés est plus simple à administrer " "et plus sûre." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure openswan\" to come back." msgstr "" "Vous pouvez ne pas choisir cette option et y revenir plus tard avec la " "commande « dpkg-reconfigure openswan »." #. Type: select #. Choices #: ../openswan.templates:4001 msgid "create" msgstr "Créer" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "import" msgstr "Importer" #. Type: select #. Description #: ../openswan.templates:4002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "" "Méthode de mise en place d'un certificat X.509 pour l'authentification de " "cet hôte :" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "Pour l'authentification des connexions IPsec, il est possible de créer un " "nouveau certificat X.509 avec des réglages personnalisés ou importer une " "paire de clés publique et privée depuis un ou plusieurs fichiers PEM." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Si vous choisissez de créer un nouveau certificat X.509, vous devrez fournir " "plusieurs informations avant la création. Veuillez noter que si vous " "souhaitez utiliser un certificat signé par une autorité de certification, " "vous ne devez pas choisir de créer un certificat auto-signé et devrez donner " "exactement les réponses souhaitées par l'autorité de certification sinon la " "requête de certificat risquerait d'être rejetée." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Si vous souhaitez importer une paire de clés, vous devrez en fournir les " "noms de fichiers (qui peuvent être identiques si les parties privée et " "publique sont dans le même fichier). Vous pourrez facultativement fournir le " "nom d'un fichier contenant la ou les clés publiques de l'autorité de " "certification. Ce fichier devra être différent des précédents. Le format des " "certificats X.509 doit être PEM et la clé privée ne doit pas être chiffrée. " "Dans le cas contraire, l'importation échouera." #. Type: string #. Description #: ../openswan.templates:5001 msgid "File name of your PEM format X.509 certificate:" msgstr "Nom du fichier PEM contenant le certificat X.509 :" #. Type: string #. Description #: ../openswan.templates:5001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Veuillez indiquer l'emplacement du fichier contenant votre certificat X.509 " "au format PEM." #. Type: string #. Description #: ../openswan.templates:6001 msgid "File name of your PEM format X.509 private key:" msgstr "Nom du fichier PEM contenant la clé privée X.509 :" #. Type: string #. Description #: ../openswan.templates:6001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Veuillez indiquer l'emplacement du fichier contenant la clé privée RSA " "correspondant au certificat X.509 au format PEM. Cela peut être le fichier " "qui contient le certificat X.509." #. Type: string #. Description #: ../openswan.templates:7001 msgid "File name of your PEM format X.509 RootCA:" msgstr "" "Nom du fichier PEM contenant le certificat X.509 de l'autorité de " "certification :" #. Type: string #. Description #: ../openswan.templates:7001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Veuillez indiquer facultativement l'emplacement du fichier (au format PEM) " "contenant le certificat X.509 de l'autorité de certification qui a signé le " "certificat que vous avez fourni. Si vous n'utilisez pas d'autorité de " "certification, vous pouvez laisser ce champ vide. Veuillez noter que ce " "fichier doit être différent du fichier de certificat X.509 et de la clé " "privée que vous utilisez." #. Type: string #. Description #: ../openswan.templates:8001 msgid "Length of RSA key to be created:" msgstr "Longueur de la clé RSA à créer :" #. Type: string #. Description #: ../openswan.templates:8001 msgid "" "Please enter the required RSA key-length. Anything under 1024 bits should be " "considered insecure; anything more than 4096 bits slows down the " "authentication process and is not useful at present." msgstr "" "Veuillez indiquer la longueur de la clé RSA qui sera créée. Elle ne doit pas " "être inférieure à 1024 bits car cela serait considéré comme insuffisamment " "sûr. Un choix excédant 4096 bits est probablement inutile car cela ne fait " "essentiellement que ralentir le processus d'authentification sans avoir " "d'intérêt actuellement." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "Create a self-signed X.509 certificate?" msgstr "Souhaitez-vous créer un certificat X.509 auto-signé ?" #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using Openswan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Seuls des certificats X.509 auto-signés peuvent être créés automatiquement " "puisqu'une autorité de certification est indispensable pour signer la " "demande de certificat. Si vous choisissez de créer un certificat auto-signé, " "vous pourrez vous en servir immédiatement pour vous connecter aux hôtes qui " "authentifient les connexions IPsec avec des certificats X.509. Cependant, si " "vous souhaitez utiliser les nouvelles fonctionnalités PKI d'Openswan, vous " "aurez besoin que tous les certificats soient signés par la même autorité de " "certification afin de créer un chemin de confiance." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Si vous ne voulez pas créer de certificat auto-signé, seules la clé privée " "RSA et la demande de certificat seront créées et vous devrez ensuite faire " "signer la demande de certificat par votre autorité de certification." #. Type: string #. Description #: ../openswan.templates:10001 msgid "Country code for the X.509 certificate request:" msgstr "Code du pays pour la demande de certificat X.509 :" #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Veuillez indiquer le code à deux lettres du pays où est situé le serveur " "(p. ex. « FR » pour la France)." #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "Il est impératif de choisir ici un code de pays ISO-3166 valable sinon " "OpenSSL refusera de créer les certificats. Tous les autres champs d'un " "certificat X.509 peuvent être vides, sauf celui-ci." #. Type: string #. Description #: ../openswan.templates:11001 msgid "State or province name for the X.509 certificate request:" msgstr "État, province ou région pour la demande de certificat X.509 :" #. Type: string #. Description #: ../openswan.templates:11001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Veuillez indiquer le nom de la région, d el'état ou de la province où est " "situé le serveur (p. ex. « Jura »)." #. Type: string #. Description #: ../openswan.templates:12001 msgid "Locality name for the X.509 certificate request:" msgstr "Localité pour la demande de certificat X.509 :" #. Type: string #. Description #: ../openswan.templates:12001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Veuillez indiquer la localité où est situé le serveur (ce sera souvent une " "ville, comme « Montcuq »)." #. Type: string #. Description #: ../openswan.templates:13001 msgid "Organization name for the X.509 certificate request:" msgstr "Organisme pour la demande de certificat X.509 :" #. Type: string #. Description #: ../openswan.templates:13001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" "Veuillez indiquer l'organisme propriétaire du serveur (p. ex. « Debian »)." #. Type: string #. Description #: ../openswan.templates:14001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Unité d'organisation pour la demande de certificat X.509 :" #. Type: string #. Description #: ../openswan.templates:14001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Veuillez indiquer l'unité d'organisation pour la demande de certificat X.509 " "(p. ex. « Équipe sécurité »)." #. Type: string #. Description #: ../openswan.templates:15001 msgid "Common Name for the X.509 certificate request:" msgstr "Nom ordinaire pour la demande de certification X.509 :" #. Type: string #. Description #: ../openswan.templates:15001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Veuillez indiquer le nom ordinaire de ce serveur (ce sera souvent son nom " "réseau)." #. Type: string #. Description #: ../openswan.templates:16001 msgid "Email address for the X.509 certificate request:" msgstr "Adresse électronique pour la demande de certificat X.509 :" #. Type: string #. Description #: ../openswan.templates:16001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Veuillez indiquer l'adresse électronique de la personne ou de l'organisme " "responsable du certificat X.509." #. Type: note #. Description #: ../openswan.templates:17001 msgid "Modification of /etc/ipsec.conf" msgstr "Modification de /etc/ipsec.conf" #. Type: note #. Description #: ../openswan.templates:17001 msgid "" "Due to a change in upstream Openswan, opportunistic encryption is no longer " "enabled by default. The no_oe.conf file that was shipped in earlier versions " "to explicitly disable it can therefore no longer be included by ipsec.conf. " "Any such include paragraph will now be automatically removed to ensure that " "Openswan can start correctly." msgstr "" "En raison de modifications dans la version amont d'Openswan, le chiffrement " "opportuniste n'est plus activé par défaut. Le fichier no_oe.conf qui était " "fourni avec les versions précédentes pour le désactiver explicitement ne " "peut donc plus être inclus dans ipsec.conf. Toute instruction d'inclusion de " "ce fichier sera automatiquement retirée afin qu'Openswan puisse démarrer " "correctement." #~ msgid "Please enter the location of your X509 certificate in PEM format:" #~ msgstr "Emplacement du certificat X509 :" #~ msgid "Please enter the location of your X509 private key in PEM format:" #~ msgstr "Emplacement de la clé privée X509 :" #~ msgid "You may now enter the location of your X509 RootCA in PEM format:" #~ msgstr "Emplacement du certificat X509 de l'autorité de certification :" #~ msgid "Please enter which length the created RSA key should have:" #~ msgstr "Longueur de la clé RSA à créer :" #~ msgid "" #~ "Please enter the 2 letter country code for your country. This code will " #~ "be placed in the certificate request." #~ msgstr "" #~ "Veuillez indiquer le code à deux lettres de votre pays. Ce code sera " #~ "inclus dans la demande de certificat." #~ msgid "Example: AT" #~ msgstr "Exemple : FR" #~ msgid "" #~ "Please enter the full name of the state or province you live in. This " #~ "name will be placed in the certificate request." #~ msgstr "" #~ "Veuillez indiquer le nom complet de l'état, de la province ou de la " #~ "région où vous résidez. Ce nom sera inclus dans la demande de certificat." #~ msgid "Example: Upper Austria" #~ msgstr "" #~ "Exemples : Rhône-Alpes, Brabant Wallon, Bouches du Rhône, Québec, Canton " #~ "de Vaud" #~ msgid "" #~ "Please enter the locality (e.g. city) where you live. This name will be " #~ "placed in the certificate request." #~ msgstr "" #~ "Veuillez indiquer la localité (p. ex. la ville) où vous résidez. Ce nom " #~ "sera inclus dans la demande de certificat." #~ msgid "Example: Vienna" #~ msgstr "Exemple : Saint-Étienne" #~ msgid "" #~ "Please enter the organization (e.g. company) that the X509 certificate " #~ "should be created for. This name will be placed in the certificate " #~ "request." #~ msgstr "" #~ "Veuillez indiquer l'organisme (p. ex. l'entreprise) pour qui sera créé le " #~ "certificat X509. Ce nom sera inclus dans la demande de certificat." #~ msgid "Example: Debian" #~ msgstr "Exemple : Debian" #~ msgid "" #~ "Please enter the organizational unit (e.g. section) that the X509 " #~ "certificate should be created for. This name will be placed in the " #~ "certificate request." #~ msgstr "" #~ "Veuillez indiquer l'unité d'organisation (p. ex. département, division, " #~ "etc.) pour qui sera créé le certificat X509. Ce nom sera inclus dans la " #~ "demande de certificat." #~ msgid "Example: security group" #~ msgstr "Exemple : Département Réseaux et Informatique Scientifique" #~ msgid "" #~ "Please enter the common name (e.g. the host name of this machine) for " #~ "which the X509 certificate should be created for. This name will be " #~ "placed in the certificate request." #~ msgstr "" #~ "Veuillez indiquer le nom ordinaire (p. ex. le nom réseau de cette " #~ "machine) pour qui sera créé le certificat X509. Ce nom sera inclus dans " #~ "la demande de certificat." #~ msgid "Example: gateway.debian.org" #~ msgstr "Exemple : gateway.debian.org" #~ msgid "Do you want to create a RSA public/private keypair for this host?" #~ msgstr "" #~ "Souhaitez-vous créer une paire de clés RSA publique et privée pour cet " #~ "hÃŽte ?" #~ msgid "" #~ "If you do not want to create a new public/private keypair, you can choose " #~ "to use an existing one." #~ msgstr "" #~ "Si vous ne souhaitez pas créer une paire de clés publique et privée, " #~ "vous pouvez choisir d'en utiliser une existante." #~ msgid "x509" #~ msgstr "X509" #~ msgid "plain" #~ msgstr "Simple paire" #~ msgid "" #~ "It is possible to create a plain RSA public/private keypair for use with " #~ "Openswan or to create a X509 certificate file which contains the RSA " #~ "public key and additionally stores the corresponding private key." #~ msgstr "" #~ "Il est possible de créer une simple paire de clés destinée à être " #~ "utilisée avec Openswan ou de créer un fichier de certificat X509 qui " #~ "contient la clé publique RSA et de conserver la clé privée " #~ "correspondante par ailleurs." #, fuzzy #~| msgid "" #~| "If you only want to build up IPSec connections to hosts also running " #~| "Openswan, it might be a bit easier using plain RSA keypairs. But if you " #~| "want to connect to other IPSec implementations, you will need a X509 " #~| "certificate. It is also possible to create a X509 certificate here and " #~| "extract the RSA public key in plain format if the other side runs " #~| "Openswan without X509 certificate support." #~ msgid "" #~ "If you only want to create IPsec connections to hosts also running " #~ "Openswan, it might be a bit easier using plain RSA keypairs. But if you " #~ "want to connect to other IPsec implementations, you will need a X509 " #~ "certificate. It is also possible to create a X509 certificate here and " #~ "extract the RSA public key in plain format if the other side runs " #~ "Openswan without X509 certificate support." #~ msgstr "" #~ "Si vous ne prévoyez d'établir des connexions IPSec qu'avec des hÃŽtes " #~ "utilisant Openswan, il sera probablement plus facile d'utiliser des clés " #~ "RSA simples. Mais si vous souhaitez vous connecter à des hÃŽtes " #~ "utilisant d'autres implémentations d'IPSec, vous aurez besoin d'un " #~ "certificat X509. Il est également possible de créer un certificat X509 " #~ "puis d'en extraire une simple clé publique RSA, si l'autre extrémité " #~ "de la connexion utilise Openswan sans la gestion des certificats X509." #, fuzzy #~| msgid "" #~| "Therefore a X509 certificate is recommended since it is more flexible " #~| "and this installer should be able to hide the complex creation of the " #~| "X509 certificate and its use in Openswan anyway." #~ msgid "" #~ "Therefore a X509 certificate is recommended since it is more flexible and " #~ "this installer should be able to hide the complex creation of the X509 " #~ "certificate and its use in Openswan." #~ msgstr "" #~ "Ainsi, il vous est conseillé d'utiliser un certificat X509 car cette " #~ "méthode est plus souple. Cet outil d'installation devrait vous " #~ "simplifier la tâche de création et d'utilisation de ce certificat X509." #, fuzzy #~| msgid "" #~| "This installer can automatically extract the needed information from an " #~| "existing X509 certificate with a matching RSA private key. Both parts " #~| "can be in one file, if it is in PEM format. Do you have such an existing " #~| "certificate and key file and want to use it for authenticating IPSec " #~| "connections?" #~ msgid "" #~ "This installer can automatically extract the needed information from an " #~ "existing X509 certificate with a matching RSA private key. Both parts can " #~ "be in one file, if it is in PEM format. If you have such an existing " #~ "certificate and key file please select if want to use it for " #~ "authenticating IPSec connections." #~ msgstr "" #~ "Cet outil d'installation est capable d'extraire automatiquement " #~ "l'information nécessaire d'un fichier de certificat X509 existant, avec " #~ "la clé privée RSA correspondante. Les deux parties peuvent se trouver " #~ "dans un seul fichier, s'il est en format PEM. Indiquez si vous possédez " #~ "un tel certificat ainsi que la clé privée, et si vous souhaitez vous en " #~ "servir pour l'authentification des connexions IPSec." #~ msgid "x509, plain" #~ msgstr "X509, Simple paire" #, fuzzy #~| msgid "earliest, \"after NFS\", \"after PCMCIA\"" #~ msgid "earliest, after NFS, after PCMCIA" #~ msgstr "Le plus tÃŽt possible, AprÚs NFS, AprÚs PCMCIA" #, fuzzy #~| msgid "" #~| "With the current Debian startup levels (nearly everything starting in " #~| "level 20), it is impossible for Openswan to always start at the correct " #~| "time. There are three possibilities when Openswan can start: before or " #~| "after the NFS services and after the PCMCIA services. The correct answer " #~| "depends on your specific setup." #~ msgid "" #~ "With the default system startup levels (nearly everything starting in " #~ "level 20), it is impossible for Openswan to always start at the correct " #~ "time. There are three possibilities when Openswan can start: before or " #~ "after the NFS services and after the PCMCIA services. The correct answer " #~ "depends on your specific setup." #~ msgstr "" #~ "Avec les niveaux de démarrage actuellement utilisés par Debian (presque " #~ "tout démarre au niveau 20), il est impossible de faire en sorte " #~ "qu'Openswan démarre toujours au moment approprié. Il existe trois " #~ "moments où il est opportun de le démarrer : avant ou aprÚs les " #~ "services NFS, ou aprÚs les services PCMCIA. La réponse appropriée " #~ "dépend de vos réglages spécifiques." #, fuzzy #~| msgid "" #~| "If you do not have your /usr tree mounted via NFS (either you only mount " #~| "other, less vital trees via NFS or don't use NFS mounted trees at all) " #~| "and don't use a PCMCIA network card, then it's best to start Openswan at " #~| "the earliest possible time, thus allowing the NFS mounts to be secured " #~| "by IPSec. In this case (or if you don't understand or care about this " #~| "issue), answer \"earliest\" to this question (the default)." #~ msgid "" #~ "If the /usr tree of this system is not mounted via NFS (either you only " #~ "mount other, less vital trees via NFS or don't use NFS mounted trees at " #~ "all) and no PCMCIA network card is used, then it's best to start Openswan " #~ "at the earliest possible time, thus allowing the NFS mounts to be secured " #~ "by IPSec. In this case (or if you don't understand or care about this " #~ "issue), answer \"earliest\" to this question (the default)." #~ msgstr "" #~ "Si votre arborescence /usr n'est pas un montage NFS (soit parce que vos " #~ "montages NFS sont à d'autres endroits, moins critiques, soit parce que " #~ "vous n'utilisez pas du tout de montage NFS) et si vous n'utilisez pas de " #~ "carte réseau PCMCIA, il est préférable de démarrer Openswan le plus " #~ "tÃŽt possible, ce qui permettra de sécuriser les montages NFS avec " #~ "IPSec. Dans ce cas (ou bien si vous ne comprenez pas l'objet de la " #~ "question ou qu'elle ne vous concerne pas), choisissez « le plus tÃŽt " #~ "possible », qui est le choix par défaut." #, fuzzy #~| msgid "" #~| "If you have your /usr tree mounted via NFS and don't use a PCMCIA " #~| "network card, then you will need to start Openswan after NFS so that all " #~| "necessary files are available. In this case, answer \"after NFS\" to " #~| "this question. Please note that the NFS mount of /usr can not be secured " #~| "by IPSec in this case." #~ msgid "" #~ "If the /usr tree is mounted via NFS and no PCMCIA network card is used, " #~ "then you will need to start Openswan after NFS so that all necessary " #~ "files are available. In this case, answer \"after NFS\" to this question. " #~ "Please note that the NFS mount of /usr can not be secured by IPSec in " #~ "this case." #~ msgstr "" #~ "Si /usr est un montage NFS et que vous n'utilisez pas de carte réseau " #~ "PCMCIA, vous devrez alors démarrer Openswan aprÚs les services NFS afin " #~ "que tous les fichiers nécessaires soient disponibles. Dans ce cas, " #~ "choisissez « AprÚs NFS ». Veuillez noter que le montage NFS de /usr " #~ "n'est alors pas sécurisé par IPSec." #~ msgid "" #~ "If you use a PCMCIA network card for your IPSec connections, then you " #~ "only have to choose to start it after the PCMCIA services. Answer \"after " #~ "PCMCIA\" in this case. This is also the correct answer if you want to " #~ "fetch keys from a locally running DNS server with DNSSec support." #~ msgstr "" #~ "Si vous utilisez une carte PCMCIA pour vos connexions IPSec, votre seul " #~ "choix possible est le démarrage aprÚs les services PCMCIA. Choisissez " #~ "alors « AprÚs PCMCIA ». Faites également ce choix si vous souhaitez " #~ "récupérer les clés d'authentification sur un serveur DNS reconnaissant " #~ "DNSSec." #, fuzzy #~| msgid "At which level do you wish to start Openswan?" #~ msgid "Please select the level at which you wish to start Openswan:" #~ msgstr "Étape de lancement d'Openswan :" #, fuzzy #~| msgid "Which type of RSA keypair do you want to create?" #~ msgid "Please select which type of RSA keypair you want to create:" #~ msgstr "Type de paire de clés RSA à créer :" #~ msgid "Do you wish to enable opportunistic encryption in Openswan?" #~ msgstr "Souhaitez-vous activer le chiffrement opportuniste dans Openswan ?" #~ msgid "" #~ "Openswan comes with support for opportunistic encryption (OE), which " #~ "stores IPSec authentication information (i.e. RSA public keys) in " #~ "(preferably secure) DNS records. Until this is widely deployed, " #~ "activating it will cause a significant slow-down for every new, outgoing " #~ "connection. Since version 2.0, Openswan upstream comes with OE enabled by " #~ "default and is thus likely to break your existing connection to the " #~ "Internet (i.e. your default route) as soon as pluto (the Openswan keying " #~ "daemon) is started." #~ msgstr "" #~ "Openswan gÚre le chiffrement opportuniste (« opportunistic " #~ "encryption » : OE) qui permet de conserver les informations " #~ "d'authentification IPSec (c'est-à-dire les clés publiques RSA) dans des " #~ "enregistrements DNS, de préférence sécurisés. Tant que cette " #~ "fonctionnalité ne sera pas déployée largement, son activation " #~ "provoquera un ralentissement significatif pour toute nouvelle connexion " #~ "sortante. À partir de la version 2.0, cette fonctionnalité est activée " #~ "par défaut dans Openswan, ce qui peut interrompre le fonctionnement de " #~ "votre connexion à l'Internet (c'est-à-dire votre route par défaut) " #~ "dÚs le démarrage de pluto, le démon de gestion de clés d'Openswan." #~ msgid "" #~ "Please choose whether you want to enable support for OE. If unsure, do " #~ "not enable it." #~ msgstr "" #~ "Veuillez choisir si vous souhaitez activer la gestion du chiffrement " #~ "opportuniste. Ne l'activez pas si vous n'êtes pas certain d'en avoir " #~ "besoin." debian/po/ru.po0000664000000000000000000005174612010653511010603 0ustar # translation of ru.po to Russian # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Yuri Kozlov , 2008. # Yuri Kozlov , 2010. msgid "" msgstr "" "Project-Id-Version: openswan 1:2.6.25+dfsg-1\n" "Report-Msgid-Bugs-To: openswan@packages.debian.org\n" "POT-Creation-Date: 2010-07-29 19:03+0200\n" "PO-Revision-Date: 2010-05-13 21:20+0400\n" "Last-Translator: Yuri Kozlov \n" "Language-Team: Russian \n" "Language: ru\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.4\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" #. Type: note #. Description #: ../openswan.templates:1001 msgid "Old runlevel management superseded" msgstr "Замена старого уровня выполнения" #. Type: note #. Description #: ../openswan.templates:1001 msgid "" "Previous versions of the Openswan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your Openswan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "В предыдущих версиях пакета Openswan предлагался выбор между тремя уровнями " "запуска/останова. Из-за изменений стандартной процедуры запуска в системе " "это больше не требуется и ненужно. В новых установках, а также в старых, " "работающих на любом уровне, будут выбраны разумные уровни по умолчанию. Если " "выполнятся обновление предыдущей версии и вы изменяли параметры запуска " "Openswan, прочитайте инструкции из файла NEWS.Debian о том, как изменить " "соответствующую настройку." #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "Restart Openswan now?" msgstr "Перезапустить Openswan прямо сейчас?" #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "" "Restarting Openswan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such " "an Openswan tunnel to connect for this update, restarting is not recommended." msgstr "" "Рекомендуется перезапустить Openswan, так как при наличии исправлений " "безопасности они не заработают, пока служба не будет перезапущена. " "Большинство людей всё равно перезапускают службу, поэтому обычно лучше это " "сделать. Однако это может привести к кратковременному разрыву существующих " "соединений, поэтому если вы сейчас используете туннель Openswan для " "подключения перезапуск не рекомендуется." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "Use an X.509 certificate for this host?" msgstr "Использовать сертификат X509 для этого узла?" #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Сертификат X.509 для этого узла может быть автоматически создан или " "импортирован.Он может использоваться для аутентификации IPSec соединений с " "другими узлами, и это является предпочтительным способом создания безопасных " "соединений IPSec. Также для аутентификации соединения можно использовать " "общие секреты (одинаковые пароли на обоих концах туннеля), но при большом " "количестве соединений аутентификация по ключам легче в администрировании и " "она более безопасна." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure openswan\" to come back." msgstr "" "Или же вы можете ответить отрицательно и позже вернуться к этому вопросу с " "помощью команды \"dpkg-reconfigure openswan\"." #. Type: select #. Choices #: ../openswan.templates:4001 msgid "create" msgstr "создать" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "import" msgstr "импортировать" #. Type: select #. Description #: ../openswan.templates:4002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "Методы, использующие сертификат X509 для аутентификации данного узла:" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "Возможно создать новый сертификат X.509 с пользовательскими настройками или " "импортировать существующий открытый и закрытый ключи из файла(ов) PEM для " "аутентификации соединений IPsec." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Если вы выберете создание нового сертификата X.509, то сначала вам будет " "задано несколько вопросов, на которые нужно ответить до начала создания. " "Учтите, что если вы хотите подписать открытый ключ в действующем центре " "сертификации, то вам ненужно выбирать создание самоподписанного сертификата, " "и все ответы должны точно удовлетворять требованиям ЦС, иначе запрос " "сертификата может быть отклонён." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Если вы хотите импортировать существующий открытый и закрытый ключи, то вам " "будет предложено указать имена файлов с ними (которые могут быть одинаковы, " "если обе части хранятся в одном файле). Также вы можете указать имя файла, " "где хранится открытый ключ(и) центра сертификации, но этот файл не может " "совпадать с предыдущими. Заметим, что формат сертификатов X.509 должен быть " "PEM и что закрытый ключ не должен быть зашифрован, иначе процедура импорта " "завершится неудачно." #. Type: string #. Description #: ../openswan.templates:5001 msgid "File name of your PEM format X.509 certificate:" msgstr "Имя файла сертификата X.509 в формате PEM:" #. Type: string #. Description #: ../openswan.templates:5001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Укажите место расположения файла, содержащего ваш сертификат X.509 в формате " "PEM." #. Type: string #. Description #: ../openswan.templates:6001 msgid "File name of your PEM format X.509 private key:" msgstr "Имя файла сертификата X.509 в формате PEM с закрытым ключом:" #. Type: string #. Description #: ../openswan.templates:6001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Введите путь к файлу, который содержит закрытый ключ RSA, расшифровывающий " "ваш сертификат X.509 в формате PEM. Этот может быть тот же файл, который " "содержит сертификат X.509." #. Type: string #. Description #: ../openswan.templates:7001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Имя файла сертификата X.509 в формате PEM для RootCA:" #. Type: string #. Description #: ../openswan.templates:7001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Также вы можете ввести расположение файла с сертификатом корневого центра " "сертификации X.509, используемого для подписи вашего сертификата в формате " "PEM. Если у вас его нет или вы не хотите его использовать, то оставьте поле " "пустым. Заметим, что невозможно хранить RootCA в одном файле с вашим " "открытым или закрытым ключом сертификата X.509." #. Type: string #. Description #: ../openswan.templates:8001 msgid "Length of RSA key to be created:" msgstr "Длина создаваемого ключа RSA:" #. Type: string #. Description #: ../openswan.templates:8001 msgid "" "Please enter the required RSA key-length. Anything under 1024 bits should be " "considered insecure; anything more than 4096 bits slows down the " "authentication process and is not useful at present." msgstr "" "Введите длину необходимую длину ключа RSA. Она должна быть не менее 1024 " "бит, так как меньшая не считается безопасной, и вам, вероятно, не нужно " "задавать значение более 4096, так как это только замедлит процесс " "аутентификации и, в настоящее время, не очень рационально." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "Create a self-signed X.509 certificate?" msgstr "Создать самоподписанный сертификат X.509?" #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using Openswan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Процесс установки умеет создавать автоматически только самоподписанные " "сертификаты X.509, так как иначе требуется работа центра сертификации для " "подписи запроса сертификата. Созданный самоподписанный сертификат сразу " "можно использовать для подключения к другим машинам с IPSec, которые " "поддерживают сертификаты X.509 для аутентификации соединений IPSec. Однако, " "если вы хотите воспользоваться новыми возможностями PKI из Openswan, то все " "ваши сертификаты X.509 должны быть подписаны единым сертификационным центром " "для создания доверительного пути." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Если вы не хотите создавать самоподписанный сертификат, то процесс установки " "создаст только закрытый ключ RSA и запрос сертификации, и вы сможете " "провести этот запрос в своём центре сертификации." #. Type: string #. Description #: ../openswan.templates:10001 msgid "Country code for the X.509 certificate request:" msgstr "Код страны для запроса сертификата X.509:" #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Введите двухбуквенный код страны, где расположен сервер (например, \"RU\" в " "России)." #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "Здесь нужно ввести правильный код страны согласно ISO-3166, так как OpenSSL " "откажется генерировать сертификаты в противном случае. Пустое значение " "разрешено для любого поля сертификата X.509 кроме этого." #. Type: string #. Description #: ../openswan.templates:11001 msgid "State or province name for the X.509 certificate request:" msgstr "Название области или округа для запроса сертификата X.509:" #. Type: string #. Description #: ../openswan.templates:11001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Укажите полное название области или округа, в котором находится сервер " "(например, \"Moscow region\")." #. Type: string #. Description #: ../openswan.templates:12001 msgid "Locality name for the X.509 certificate request:" msgstr "Название места для запроса сертификата X.509:" #. Type: string #. Description #: ../openswan.templates:12001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Укажите название места, где располагается сервер (например город, \"Sergiev " "Posad\")." #. Type: string #. Description #: ../openswan.templates:13001 msgid "Organization name for the X.509 certificate request:" msgstr "Название организации для запроса сертификата X.509:" #. Type: string #. Description #: ../openswan.templates:13001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" "Укажите название организации, которой принадлежит сервер (например, \"Debian" "\")." #. Type: string #. Description #: ../openswan.templates:14001 msgid "Organizational unit for the X.509 certificate request:" msgstr "" "Название структурной единицы организации для запроса сертификата X.509:" #. Type: string #. Description #: ../openswan.templates:14001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Введите название структурной единицы организации, которой принадлежит сервер " "(например, \"security group\")." #. Type: string #. Description #: ../openswan.templates:15001 msgid "Common Name for the X.509 certificate request:" msgstr "Общеизвестное название для запроса сертификата X.509:" #. Type: string #. Description #: ../openswan.templates:15001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Укажите общеизвестное название (например, имя данного компьютера), например, " "\"gateway.example.org\")." #. Type: string #. Description #: ../openswan.templates:16001 msgid "Email address for the X.509 certificate request:" msgstr "Адрес электронной почты для запроса сертификата X.509:" #. Type: string #. Description #: ../openswan.templates:16001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Укажите адрес электронной почты человека или организации, которой выдаётся " "сертификат X.509." #. Type: note #. Description #: ../openswan.templates:17001 msgid "Modification of /etc/ipsec.conf" msgstr "Изменение /etc/ipsec.conf" #. Type: note #. Description #: ../openswan.templates:17001 msgid "" "Due to a change in upstream Openswan, opportunistic encryption is no longer " "enabled by default. The no_oe.conf file that was shipped in earlier versions " "to explicitly disable it can therefore no longer be included by ipsec.conf. " "Any such include paragraph will now be automatically removed to ensure that " "Openswan can start correctly." msgstr "" "Из-за изменений оригинального кода Openswan поддержка гибкого шифрования " "(opportunistic encryption) по умолчанию выключена. Файл no_oe.conf, который " "распространялся в старых версиях, явным образом отключён, поэтому больше не " "может включаться в ipsec.conf. Любой найденный абзац для его включения будет " "автоматически удалён, чтобы Openswan мог запускаться." debian/po/pt.po0000664000000000000000000004075712010653511010600 0ustar # Portuguese translation for openswan debconf messages. # Copyright (C) 2007 Pedro Ribeiro # This file is distributed under the same license as the openswan package. # Pedro Ribeiro , 2007-2010 # msgid "" msgstr "" "Project-Id-Version: openswan_1:2.6.25+dfsg-1\n" "Report-Msgid-Bugs-To: openswan@packages.debian.org\n" "POT-Creation-Date: 2010-07-29 19:03+0200\n" "PO-Revision-Date: 2010-05-11 22:28+0100\n" "Last-Translator: Pedro Ribeiro \n" "Language-Team: Portuguese \n" "Language: pt\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../openswan.templates:1001 msgid "Old runlevel management superseded" msgstr "Antiga gestão de runlevel substituída" #. Type: note #. Description #: ../openswan.templates:1001 msgid "" "Previous versions of the Openswan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your Openswan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Versões anteriores do pacote Openswan permitiam que o utilizador escolhesse " "entre três níveis diferentes de Arrancar/Parar. Devido a alterações no " "procedimento padrão de arranque do sistema, isto já não é necessário nem " "útil. Para todas as novas instalações e para as antigas que corram num dos " "níveis predefinidos, serão agora definidos níveis apropriados. Se está a " "actualizar a partir de uma versão anterior e alterou os parâmetros de " "arranque do Openswan, veja por favor o ficheiro NEWS.Debian para instruções " "sobre como modificar a sua instalação." #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "Restart Openswan now?" msgstr "Reiniciar o Openswan agora?" #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "" "Restarting Openswan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such " "an Openswan tunnel to connect for this update, restarting is not recommended." msgstr "" "Reiniciar o Openswan é recomendado, uma vez que se houver uma correcção de " "segurança não será activada até que o daemon reinicie. A maioria das pessoas " "espera que isto aconteça, portanto é normalmente uma boa ideia. No entanto " "isto pode interromper ligações activas e recuperá-las (incluindo a ligação " "actualmente em uso para esta actualização, portanto recomenda-se que o " "daemon não seja reiniciado se está a usar um túnel para administração)." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "Use an X.509 certificate for this host?" msgstr "Quer usar um certificado X.509 para esta máquina?" #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Este instalador pode criar automaticamente ou importar um certificado X.509 " "para esta máquina. Este certificado pode ser usado para autenticar ligações " "IPSec a outras máquinas e é o método preferido para criar ligações IPSec " "seguras. A outra possibilidade é usar segredos partilhados (passwords iguais " "de um e de outro lado do túnel IPSec) para autenticar uma ligação, mas para " "um grande número de ligações a autenticação baseada em chaves é mais fácil " "de administrar e mais segura." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure openswan\" to come back." msgstr "" "Em alternativa, pode rejeitar esta opção agora e usar o comando \"dpkg-" "reconfigure openswan\" mais tarde." #. Type: select #. Choices #: ../openswan.templates:4001 msgid "create" msgstr "criar" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "import" msgstr "importar" #. Type: select #. Description #: ../openswan.templates:4002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "Métodos para usar um certificado X.509 para autenticar esta máquina:" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "É possível criar um novo certificado X.509 com opções definidas pelo " "utilizador ou importar um par de chaves pública e privada a partir de " "ficheiro(s) PEM para autenticar ligações IPSec." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Se escolher a criação de um novo certificado X.509 ser-lhe-á apresentado um " "conjunto de questões que devem ser respondidas antes da criação poder " "começar. Por favor, tenha em conta que se pretender assinar a chave pública " "por uma entidade de certificação existente não deve criar um certificado " "auto-assinado e todas as respostas devem corresponder exactamente aos " "requisitos da CA ou o pedido de certificado poderá ser rejeitado." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "No caso de querer importar um par de chaves pública e privada ser-lhe-ão " "pedidos os nomes dos ficheiros (poderão ser o mesmo se o par estiver " "guardado apenas num ficheiro). Pode opcionalmente indicar um nome de " "ficheiro que tenha a(s) chave(s) pública(s) da autoridade de certificação, " "mas este ficheiro não pode ser o mesmo que o(s) anterior(es). Tenha também " "em atenção que o formato para os certificados X.509 tem que ser o PEM e que " "a chave privada não pode estar encriptada, ou a importação irá falhar." #. Type: string #. Description #: ../openswan.templates:5001 msgid "File name of your PEM format X.509 certificate:" msgstr "Nome do fihceiro em formato PEM do certificado X.509:" #. Type: string #. Description #: ../openswan.templates:5001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Por favor indique a localização do ficheiro que contém o seu certificado " "X.509 em formato PEM." #. Type: string #. Description #: ../openswan.templates:6001 msgid "File name of your PEM format X.509 private key:" msgstr "Nome do ficheiro da sua chave privada X.509 em formato PEM:" #. Type: string #. Description #: ../openswan.templates:6001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Por favor indique a localização do ficheiro que contém a chave privada RSA " "que corresponde ao seu certificado X.509 em formato PEM. Pode ser o mesmo " "ficheiro que contém o certificado X.509." #. Type: string #. Description #: ../openswan.templates:7001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Nome do ficheiro da sua RootCA X.509 em formato PEM:" #. Type: string #. Description #: ../openswan.templates:7001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Opcionalmente pode agora indicar a localização do ficheiro que contém a " "Certificate Authority raiz do X.509 usada para assinar o seu certificado em " "formato PEM. Se não tem um, ou não o quer usar, deixe o campo vazio. Por " "favor, note que não é possível armazenar a RootCA no mesmo ficheiro que o " "seu certificado X.509 ou chave privada." #. Type: string #. Description #: ../openswan.templates:8001 msgid "Length of RSA key to be created:" msgstr "Tamanho da chave RSA a ser criada:" #. Type: string #. Description #: ../openswan.templates:8001 msgid "" "Please enter the required RSA key-length. Anything under 1024 bits should be " "considered insecure; anything more than 4096 bits slows down the " "authentication process and is not useful at present." msgstr "" "Por favor indique o tamanho da chave RSA a criar. Qualquer valor abaixo de " "1024 deve ser considerado inseguro; qualquer valor acima de 4096 atrasa o " "processo de autenticação e não é ainda necessária." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "Create a self-signed X.509 certificate?" msgstr "Criar um certificado X.509 auto-assinado?" #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using Openswan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Apenas certificados auto-assinados podem ser criados automaticamente, pois " "caso contrário será preciso que uma autoridade certificadora assine o pedido " "de certificado. Se quiser criar um certificado auto-assinado, pode usá-lo " "imediatamente para ligar a outras máquinas IPSec que suportem certificados " "X.509 para autenticacao de ligações IPSec. No entanto, as funcionalidades " "PKI do Openswan requerem que todos os certificados X.509 sejam assinados por " "uma única autoridade certificadora para criar um caminho de confiança." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Se não quer criar um certificado auto-assinado, então apenas a chave privada " "RSA e o pedido de certificado serão criados, e terá que assinar esse pedido " "com a sua autoridade certificadora." #. Type: string #. Description #: ../openswan.templates:10001 msgid "Country code for the X.509 certificate request:" msgstr "Código de país para o pedido de certificado X.509:" #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Indique o código de duas letras para o país onde se encontra o servidor (tal " "como \"PT\" para Portugal)." #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "O OpenSSL recusará a geração de um certificado a menos que um código ISO " "3166 válido; Um campo vazio é aceite para os outros campos do certificado " "X.509, mas não para este." #. Type: string #. Description #: ../openswan.templates:11001 msgid "State or province name for the X.509 certificate request:" msgstr "Estado ou província para o pedido de certificado X.509:" #. Type: string #. Description #: ../openswan.templates:11001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Indique o nome do estado ou provícia onde se encontra o servidor (tal como " "\"Distrito de Aveiro\")." #. Type: string #. Description #: ../openswan.templates:12001 msgid "Locality name for the X.509 certificate request:" msgstr "Localidade para o pedido do certificado X.509:" #. Type: string #. Description #: ../openswan.templates:12001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "indique por favor a localidade onde se encontra o servidor (normalmente uma " "cidade, como \"Aveiro\")." #. Type: string #. Description #: ../openswan.templates:13001 msgid "Organization name for the X.509 certificate request:" msgstr "Organização para o pedido de certificado X.509:" #. Type: string #. Description #: ../openswan.templates:13001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" "Indique por favor a organização à qual pertence o servidor (por exemplo, " "\"Debian\")." #. Type: string #. Description #: ../openswan.templates:14001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Unidade organizacional para o pedido de certificado X.509:" #. Type: string #. Description #: ../openswan.templates:14001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Por favor indique a unidade organizacional a que pertence o servidor (por " "exemplo \"grupo de segurança\")." #. Type: string #. Description #: ../openswan.templates:15001 msgid "Common Name for the X.509 certificate request:" msgstr "Nome Comum para o pedido de certificado X.509:" #. Type: string #. Description #: ../openswan.templates:15001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Indique por favor o Nome Comum deste servidor (tal como \"gateway.example.org" "\")." #. Type: string #. Description #: ../openswan.templates:16001 msgid "Email address for the X.509 certificate request:" msgstr "Endereço de email para o pedido de certificado X.509:" #. Type: string #. Description #: ../openswan.templates:16001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Por favor indique o endereço de email da pessoa ou organização que será " "responsável pelo certificado X.509." #. Type: note #. Description #: ../openswan.templates:17001 msgid "Modification of /etc/ipsec.conf" msgstr "Modificação do /etc/ipsec.conf" #. Type: note #. Description #: ../openswan.templates:17001 msgid "" "Due to a change in upstream Openswan, opportunistic encryption is no longer " "enabled by default. The no_oe.conf file that was shipped in earlier versions " "to explicitly disable it can therefore no longer be included by ipsec.conf. " "Any such include paragraph will now be automatically removed to ensure that " "Openswan can start correctly." msgstr "" "Devido a mudanças a montante do Openswan, a encriptação oportunista deixa de " "estar activada por predefinição. O ficheiro no_oe.conf que estava incluído " "em versões mais antigas para desactivá-la não pode portanto continuar a ser " "incluído pelo ipsec.conf. Todos os parágrafos de inclusão serão " "automaticamente removidos para garantir que o Openswan pode iniciar " "correctamente." debian/po/POTFILES.in0000664000000000000000000000005512010653511011355 0ustar [type: gettext/rfc822deb] openswan.templates debian/po/cs.po0000664000000000000000000004035312010653511010552 0ustar # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the openswan package. # Ondra Kudlik # msgid "" msgstr "" "Project-Id-Version: openswan 2.6.25\n" "Report-Msgid-Bugs-To: openswan@packages.debian.org\n" "POT-Creation-Date: 2010-07-29 19:03+0200\n" "PO-Revision-Date: 2010-05-11 17:27+0200\n" "Last-Translator: Martin Sin \n" "Language-Team: Czech \n" "Language: cs\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../openswan.templates:1001 msgid "Old runlevel management superseded" msgstr "Změna správy runlevelu" #. Type: note #. Description #: ../openswan.templates:1001 msgid "" "Previous versions of the Openswan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your Openswan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Předchozí verze balíčku Openswan umožňovaly tři různé úrovně spuštění/" "zastavení. Kvůli změnám při standardním spuštění systému není toto dál nutné " "ani žádoucí. Pro všechny nové instalace, stejně jako pro ty předchozí, se " "nyní používají stejná nastavení. Pokud aktualizujete předchozí verzi a " "měnili jste zaváděcí parametry Openswan, pak se prosím podívejte na soubor " "NEWS.Debian obsahující instrukce týkající se nových nastavení." #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "Restart Openswan now?" msgstr "Restartovat nyní Openswan?" #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "" "Restarting Openswan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such " "an Openswan tunnel to connect for this update, restarting is not recommended." msgstr "" "Restartování Openswan se doporučuje, protože pokud je k dispozici nějaká " "bezpečnostní záplata, je potřeba pro její použití restartování příslušného " "daemona. Většina lidí bude chtít daemon restartovat a obecně to je dobrý " "nápad. Tato operace však přeruší stávající připojení a pak je opět spustí. " "Pokud ovšem používáte tunel Openswan pro připojení k této aktualizaci, pak " "se restartování nedoporučuje." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "Use an X.509 certificate for this host?" msgstr "Použít pro tento počítač certifikát X.509?" #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Certifikát X.509 je možno automaticky vytvořit a naimportovat. Certifikát se " "používá pro autentizaci připojení IPsec k dalším počítačům a preferuje se " "zejména při vytváření bezpečných připojení IPsec. Další možností je sdílení " "hesel (stejná na obou stranách tunelu) pro autentizaci nějakého připojení. " "To je ale pro větší počet připojení ne příliš praktické a také ne tolik " "bezpečné." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure openswan\" to come back." msgstr "" "Volitelně můžete také tuto možnost odmítnout a později ji znovu vyvolat " "zadáním příkazu „dpkg-reconfigure openswan“." #. Type: select #. Choices #: ../openswan.templates:4001 msgid "create" msgstr "vytvořit" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "import" msgstr "importovat" #. Type: select #. Description #: ../openswan.templates:4002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "Způsoby použití certifikátu X.509 pro autentizaci tohoto počítače:" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "Pro autentizaci připojení IPsec je možné vytvoření certifikátu X.509 s " "uživatelem definovaným nastavením nebo import nějakého stávajícího veřejného " "a soukromého klíče uloženého v souboru (souborech) PEM." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Pokud zvolíte vytvoření nového certifikátu X.509, budete nejprve " "prostřednictvím několika otázek dotázáni na všechny potřebné informace. " "Pamatujte prosím, že pokud chcete používat veřejný klíč podepsaný nějakou " "existující certifikační autoritou, neměli byste vybírat vytvoření sebou-" "podepsaného certifikátu a také, že všechny předkládané otázky musí zcela " "přesně odpovídat požadavkům certifikační autority, jinak bude tento " "požadavek odmítnut." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Pokud chcete importovat nějaký stávající veřejný nebo soukromý klíč, budete " "dotázáni na jejich jména (která mohou být stejná pokud jsou obě informace " "uloženy v témže souboru). Volitelně můžete také specifikovat nějaký soubor, " "kde jsou uloženy veřejné klíče certifikační autority, tento soubor však " "nemůže být stejný jako výše jmenované. Pamatujte prosím také na to, že " "formát certifikátů X.509 musí být PEM a soukromý klíč není možno šifrovat " "jinak proces importu klíče selže." #. Type: string #. Description #: ../openswan.templates:5001 msgid "File name of your PEM format X.509 certificate:" msgstr "Jméno souboru s certifikátem PEM ve formátu X.509:" #. Type: string #. Description #: ../openswan.templates:5001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Zadejte prosím umístění souboru obsahujícího certifikát ve formátu PEM." #. Type: string #. Description #: ../openswan.templates:6001 msgid "File name of your PEM format X.509 private key:" msgstr "Jméno souboru s privátním klíčem v PEM formátu X.509:" #. Type: string #. Description #: ../openswan.templates:6001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Zadejte prosím umístění souboru obsahujícího soukromý RSA klíč odpovídající " "vašemu certifikátu X.509 ve formátu PEM. Tento soubor může být stejný jako " "ten s certifikátem X.509." #. Type: string #. Description #: ../openswan.templates:7001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Jméno souboru RootCA v PEM formátu X.509: " #. Type: string #. Description #: ../openswan.templates:7001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Volitelně můžete zadat umístění souboru obsahujícího kořen X.509 vaší " "certifikační autority (CA) používané pro podepsání vašich certifikátů ve " "formátu PEM. Pokud ho nemáte, nebo ho nechcete používat, nechejte toto " "políčko prázdné. Pamatujte prosím, že není možné mít uložený RootCA ve " "stejném souboru jako váš certifikát X.509 nebo soukromý klíč." #. Type: string #. Description #: ../openswan.templates:8001 msgid "Length of RSA key to be created:" msgstr "Délka vytvořeného RSA klíče:" #. Type: string #. Description #: ../openswan.templates:8001 msgid "" "Please enter the required RSA key-length. Anything under 1024 bits should be " "considered insecure; anything more than 4096 bits slows down the " "authentication process and is not useful at present." msgstr "" "Prosím zadejte požadovanou délku vytvořeného klíče RSA. Cokoliv menšího než " "1024 bitů se považuje za ne příliš bezpečné; vyšší hodnoty nad 4096 bitů " "však snižují rychlost autentizačního procesu a tak se nyní běžně nepoužívají." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "Create a self-signed X.509 certificate?" msgstr "Vytvořit sebou-podepsaný certifikát X.509?" #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using Openswan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Pouze sebou-podepsaný certifikát X.509 je možno vytvořit automaticky, " "protože v ostatních případech je třeba podpis nějaké certifikační autority. " "Pokud zvolíte vytvoření sebou-podepsaného certifikátu, budete moci ihned " "provést připojení k jinému počítači IPsec podporujícímu certifikát X.509. " "Samozřejmě, použití PKI Openswan vyžaduje pro vytvoření důvěryhodné cesty, " "aby byly všechny certifikáty podepsány jedinou certifikační autoritou." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Pokud nezvolíte vytvoření sebou-podepsaného certifikátu, bude vytvořen pouze " "soukromý klíč RSA a požadavek na certifikát, který budete muset podepsat " "prostřednictvím vaší certifikační autority." #. Type: string #. Description #: ../openswan.templates:10001 msgid "Country code for the X.509 certificate request:" msgstr "Kód země pro certifikát X.509:" #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Prosím zadejte dvou-písmenný kód země, kde je umístěný server (pro Českou " "republiku to je „CZ“)." #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "OpenSSL odmítne vytvoření certifikátu pokud nebude zadaný platný kód země " "dle ISO-3166; prázdné políčko je dovolené kdekoliv jinde, ale ne zde." #. Type: string #. Description #: ../openswan.templates:11001 msgid "State or province name for the X.509 certificate request:" msgstr "Stát nebo oblast pro certifikát X.509:" #. Type: string #. Description #: ../openswan.templates:11001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Prosím zadejte celý název státu nebo oblasti, kde se server nachází (např. " "Česká republika)." #. Type: string #. Description #: ../openswan.templates:12001 msgid "Locality name for the X.509 certificate request:" msgstr "Jméno umístění pro certifikát X.509:" #. Type: string #. Description #: ../openswan.templates:12001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "Zadejte prosím umístění serveru (často jím bývá město, např. „Praha“)." #. Type: string #. Description #: ../openswan.templates:13001 msgid "Organization name for the X.509 certificate request:" msgstr "Jméno organizace pro certifikát X.509:" #. Type: string #. Description #: ../openswan.templates:13001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "Zadejte prosím jméno organizace, které patří server (např. „Debian“)." #. Type: string #. Description #: ../openswan.templates:14001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Organizační jednotka pro certifikát X.509:" #. Type: string #. Description #: ../openswan.templates:14001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Zadejte prosím organizační jednotku, ke které patří server (např. " "„bezpečnostní skupina“)." #. Type: string #. Description #: ../openswan.templates:15001 msgid "Common Name for the X.509 certificate request:" msgstr "Běžné jméno pro certifikát X.509:" #. Type: string #. Description #: ../openswan.templates:15001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "Zadejte prosím běžné jméno počítače (např. „gateway.example.org“)." #. Type: string #. Description #: ../openswan.templates:16001 msgid "Email address for the X.509 certificate request:" msgstr "Emailová adresa pro certifikát X.509:" #. Type: string #. Description #: ../openswan.templates:16001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "Zadejte prosím emailovou adresu osoby odpovědné za certifikát X.509." #. Type: note #. Description #: ../openswan.templates:17001 msgid "Modification of /etc/ipsec.conf" msgstr "Úpravy /etc/ipsec.conf" #. Type: note #. Description #: ../openswan.templates:17001 msgid "" "Due to a change in upstream Openswan, opportunistic encryption is no longer " "enabled by default. The no_oe.conf file that was shipped in earlier versions " "to explicitly disable it can therefore no longer be included by ipsec.conf. " "Any such include paragraph will now be automatically removed to ensure that " "Openswan can start correctly." msgstr "" "Pro změny provedené ve vývoji Openswan není oportunistické šifrování dál ve " "výchozím nastavení povolené. Soubor no_oe.conf, který byl v předchozích " "verzích dodáván pro explicitní vypnutí této možnosti tak není více třeba a " "není proto v souboru ipsec.conf uveden. Pro správné spuštění Openswan budou " "nyní všechny odstavce obsahující zmínku o výše uvedeném souboru automaticky " "odstraněny." debian/po/pt_BR.po0000664000000000000000000004155212010653511011155 0ustar # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # # Developers do not need to manually edit POT or PO files. # msgid "" msgstr "" "Project-Id-Version: openswan\n" "Report-Msgid-Bugs-To: openswan@packages.debian.org\n" "POT-Creation-Date: 2010-07-29 19:03+0200\n" "PO-Revision-Date: 2005-01-24 21:53-0200\n" "Last-Translator: Dennis Fernandes Vieira \n" "Language-Team: Debian-BR Project \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=ISO-8859-1\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../openswan.templates:1001 msgid "Old runlevel management superseded" msgstr "Antigo nivel de execuo substituido" #. Type: note #. Description #: ../openswan.templates:1001 msgid "" "Previous versions of the Openswan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your Openswan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Verses antigas do pacote Openswan davam a escolha entre trs " "diferentesniveis inicializao. Devido a mudanas no procedimento de " "inicializaodo sistema padro, isto no mais nescessario ou til.Para " "qualquer instalao nova ou antiga executando qualquer um dos modos " "predefinidos,salvo o nivel padro agora ser definido, Se voc est " "atualizando uma verso antiga e modificou os paremetros de inicializao do " "seu Openswan, ento porfavor leia NEWS.Debian para instrues de como " "modificar suasconfiguraes correctamente" #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "Restart Openswan now?" msgstr "Reiniciar o Openswan agora ?" #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "" "Restarting Openswan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such " "an Openswan tunnel to connect for this update, restarting is not recommended." msgstr "" " recomendvel reiniciar o Openswan, uma vez que caso exista um correo " "para uma falha de segurana, o mesmo no ser corrigido at que o daemon " "seja reiniciado. A maioria das pessoas esperam que o daemon seja reiniciado, " "portanto essa geralmente uma boa ideia. Porm, reiniciar o Openswan pode " "derrubar conexes existentes, mas posteriormente traz-las de volta. Ento " "se voc esta usando um tnel do Openswan para conectar a esta " "autalizaoreiniciar o Openswan no recomendvel" #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "Use an X.509 certificate for this host?" msgstr "Usar um certificado X.509 para este host?" #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Um certificado X.509 para este host pode ser criado ou importado " "automaticamenteIsso pode ser usado para autenticar conexes IPsec outro host " "e o melhor jeito de construir uma uma conexo ipsec segura. A outra " "possibilidade seria utilizar senhas compartilhadas(a mesma senha utilizada " "nas duas pontas do tnel) paraautenticar a conexo,mas para um grande numero " "de conexes,a autenticao baseada chave mais fcil de ser administrada e " "mais segura" #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure openswan\" to come back." msgstr "" "Voc pode rejeitar esta opo eventualmente e mais tarde utilizar o comando " "\"dpkg-reconfigure opensawn\" para voltar" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "create" msgstr "criar" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "import" msgstr "importar" #. Type: select #. Description #: ../openswan.templates:4002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "Mtodos para utilizar um certificado X.509 para autenticar este host:" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" " possvel criar um novo certificado X.509 com as configurao definidas " "pelopelo usurio ou importar uma chave publica ou privada existente guardada " "no no arquivo PEM para autenticar conexes IPSEC" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Se voc escolher criar um novo certificado X.509 primeiro ser solicitado " "onumero de perguntas a serem feitas e que precisam ser respondias antes que " "sepossa comear a criar.Tenha em mente que se voc quer uma chave publica " "seja assinada por uma autoridade certificadora voc no deve seleccionar " "criar um certificadoauto-assinado e todas as respostas dadas devem " "correspondem exactamente s exigncias da CA, caso o contrario a requisio " "do certificado ser rejeitada" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Se voc quer importar uma chave publica existente e uma chave privada " "sersolicitado pelos seus nomes (que podem ser idnticos se as duas partes " "soguardadas juntas em um nico arquivo).Voc tambm pode especificar um " "arquivoonde a(s) chave(s) publica do Autoridade do certificado so " "guardadas, mas estearquivo no pode ser o nomes que os anteriores. Esteja " "ciente que o formato do certificado X.509 tem que ser PEM e que aquela chave " "privada no deve ser criptografia ou o processo de importao falhara" #. Type: string #. Description #: ../openswan.templates:5001 msgid "File name of your PEM format X.509 certificate:" msgstr "Nome do certificado X.509 no formato PEM:" #. Type: string #. Description #: ../openswan.templates:5001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Por favor, informe a localizao do arquivo contendo seu certificado X509 no " "formato PEM." #. Type: string #. Description #: ../openswan.templates:6001 msgid "File name of your PEM format X.509 private key:" msgstr "Nome da chave privada X.509 no formato PEM:" #. Type: string #. Description #: ../openswan.templates:6001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Por favor, informe a localizao do arquivo contendo a chave privada RSA que " "casa com seu certificado X509 no formato PEM. Este pode ser o mesmo arquivo " "que contm o certificado X509." #. Type: string #. Description #: ../openswan.templates:7001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Nome do seu RootCA no formato PEM:" #. Type: string #. Description #: ../openswan.templates:7001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Se desejar voc pode adicionar agora a localizao do arquivo que contem a " "raizsua autoridade certificadora usada para para autenticar o seu " "certificado no formato PEM.SE voc no possuir um ou no quiser utilizar um " "deixe o campo vazio.Note que no possvel adicionar a raiz da CA no mesmo " "arquivo que o seu certificado X.509 ou chave privada" #. Type: string #. Description #: ../openswan.templates:8001 msgid "Length of RSA key to be created:" msgstr "Tamanho da chave RSA a ser criada" #. Type: string #. Description #: ../openswan.templates:8001 msgid "" "Please enter the required RSA key-length. Anything under 1024 bits should be " "considered insecure; anything more than 4096 bits slows down the " "authentication process and is not useful at present." msgstr "" "Por favor, informe o tamanho da chave RSA a ser criada. A mesma no deve ser " "menor que 1024 bits devido a uma chave de tamanho menor que esse ser " "considerada insegura. Voc tambm no precisar de nada maior que 2048 " "porque isso somente deixaria o processo de autenticao mais lento e no " "seria necessrio no momento." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "Create a self-signed X.509 certificate?" msgstr "Criar um certificado X509 auto-assinado ?" #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using Openswan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Este instalador pode criar automaticamente somente certificados X509 auto-" "assinados, devido a uma autoridade certificadora ser necessria para assinar " "a requisio de certificado. Caso voc queira criar um certificado auto-" "assinado, voc poder us-lo imediatamente para conexo com outros hosts " "IPSec que suportem certificados X509 para autenticao de conexes IPSec. " "Porm, caso voc queira usar os novos recursos PKI do Openswan verso 1.91 " "ou superior, voc precisar possuir todos seus certificados X509 assinados " "por uma nica autoridade certificadora para criar um caminho de confiana." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Caso voc no queira criar um certificado auto-assinado, este instalador ir " "somente criar a chave privada RSA e a requisio de certificado e voc ter " "ento que assinar a requisio de certificado junto a sua autoridade " "certificadora." #. Type: string #. Description #: ../openswan.templates:10001 msgid "Country code for the X.509 certificate request:" msgstr "Informe o cdigo de pas para a requisio de certificado X509:" #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Por favor digite o cdigo do pais onde o servidor esta com duas letras ( \"AT" "\" para ustria por exemplo.)" #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "O Openssl ira se recusar a gerar um certificado a no ser que este sejaum " "cdigo de pais valido na ISO-3166;um campo vazio permitido em " "qualqueroutro lugar no certificado X.509, menos aqui." #. Type: string #. Description #: ../openswan.templates:11001 msgid "State or province name for the X.509 certificate request:" msgstr "Nome do estado ou provincia para a requisio do certificado X.509:" #. Type: string #. Description #: ../openswan.templates:11001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Por favor digite o nome completo do estado ou provincia onde o servidor " "esta \"Alta Austria\" por exemplo.)" #. Type: string #. Description #: ../openswan.templates:12001 msgid "Locality name for the X.509 certificate request:" msgstr "Informe o nome da localidade para a requisio do certificado X.509: " #. Type: string #. Description #: ../openswan.templates:12001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Digite o local a onde esta o servidor (geralmente a cidade, \"Vienna\"por " "exemplo)" #. Type: string #. Description #: ../openswan.templates:13001 msgid "Organization name for the X.509 certificate request:" msgstr "Informe o nome da organizao para a requisio de certificado X.509: " #. Type: string #. Description #: ../openswan.templates:13001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "Informe a qual organizao pertence o servidor(\"Debian\" por exemplo" #. Type: string #. Description #: ../openswan.templates:14001 msgid "Organizational unit for the X.509 certificate request:" msgstr "" "Informe a unidade organizacional para a requisio de certificado X.509:" #. Type: string #. Description #: ../openswan.templates:14001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Informe a unidade organizacional para a requisio de certificado X.509: " #. Type: string #. Description #: ../openswan.templates:15001 msgid "Common Name for the X.509 certificate request:" msgstr "Informe o nome comum para a requisio de certificado X.509:" #. Type: string #. Description #: ../openswan.templates:15001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Informe um nome comum para este host (\"gateway.example.org\" por exemplo)" #. Type: string #. Description #: ../openswan.templates:16001 msgid "Email address for the X.509 certificate request:" msgstr "Informe o endereo de e-mail para a requisio de certificado X.509:" #. Type: string #. Description #: ../openswan.templates:16001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Por favor, informe o endereo de e-mail da pessoa ou organizao responsvel " "pelo certificado X509." #. Type: note #. Description #: ../openswan.templates:17001 msgid "Modification of /etc/ipsec.conf" msgstr "Modificando o /etc/ipsec.conf" #. Type: note #. Description #: ../openswan.templates:17001 msgid "" "Due to a change in upstream Openswan, opportunistic encryption is no longer " "enabled by default. The no_oe.conf file that was shipped in earlier versions " "to explicitly disable it can therefore no longer be included by ipsec.conf. " "Any such include paragraph will now be automatically removed to ensure that " "Openswan can start correctly." msgstr "" "Devido a mudanas no trfego de sada do Openswan, criptografia oportunista " "no mais ativado por padro. O Arquivo no_oe.conf que enviado em verses " "antigasexactamente para desativa-la por isso no mais includo pelo ipsec." "conf.Qualquer coisa que inclua o paragrafo de agora em diante ser removido " "para garantirque o Openswan inicie correctamente" debian/po/nl.po0000664000000000000000000004110112010653511010546 0ustar # Dutch translation of openswan debconf templates. # Copyright (C) 2005-2011 THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the openswan package. # Luk Claes , 2005 # Kurt De Bree , 2006. # Jeroen Schot , 2011. # msgid "" msgstr "" "Project-Id-Version: openswan 4.5.0-1\n" "Report-Msgid-Bugs-To: openswan@packages.debian.org\n" "POT-Creation-Date: 2010-07-29 19:03+0200\n" "PO-Revision-Date: 2011-07-14 09:19+0200\n" "Last-Translator: Jeroen Schot \n" "Language-Team: Debian l10n Dutch \n" "Language: nl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../openswan.templates:1001 msgid "Old runlevel management superseded" msgstr "Het oude runlevel-beheer is vervangen" #. Type: note #. Description #: ../openswan.templates:1001 msgid "" "Previous versions of the Openswan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your Openswan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Vorige versies van het Openswan-pakket gaven de keuze tussen drie " "verschillende Start/Stop-niveaus. Vanwege veranderingen aan de standaard " "opstartprocedure van het systeem is dit niet langer nodig of nuttig. Er " "worden nu logische standaardwaardes ingesteld voor zowel nieuwe installaties " "als oude waarvoor één van de keuzes is gemaakt. Als u opwaardeert van een " "vorige versie en uw Openswan-opstartparameters heeft aangepast vindt u in " "NEWS.Debian instructies over het aanpassen van uw opstelling." #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "Restart Openswan now?" msgstr "Openswan nu herstarten?" #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "" "Restarting Openswan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such " "an Openswan tunnel to connect for this update, restarting is not recommended." msgstr "" "U wordt aanbevolen om Openswan te herstarten, want indien deze nieuwe versie " "veiligheidsproblemen verhelpt worden deze pas echt opgelost bij een herstart " "van de achtergronddienst. De meeste mensen verwachten dat de " "achtergronddienst herstart, dus dit is meestal een goed idee. Hoewel, dit " "kan bestaande verbindingen verbreken en ze dan opnieuw herstellen. Dus als u " "een Openswan-tunnel gebruikt voor deze verbinding kunt u beter niet " "herstarten." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "Use an X.509 certificate for this host?" msgstr "Moet er een X.509-certificaat voor deze computer gebruikt worden?" #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Een X.509-certificaat voor deze computer kan automatisch worden aangemaakt " "of geïmporteerd. Deze kan worden gebruikt voor het authenticeren van IPsec-" "verbindingen naar andere computers en is de beste manier om veilige IPsec-" "verbindingen op te bouwen. Een andere mogelijkheid is om het gebruik van " "shared secrets (wachtwoorden die hetzelfde zijn aan beide kanten van de " "tunnel) voor het authenticeren van een verbinding, maar voor een groter " "aantal verbindingen is authenticatie gebaseerd op sleutels makkelijker om te " "beheren en veiliger." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure openswan\" to come back." msgstr "" "U kunt deze optie ook weigeren en op een later moment hier terug komen met " "het commando \"dpkg-reconfigure openswan\"." #. Type: select #. Choices #: ../openswan.templates:4001 msgid "create" msgstr "aanmaken" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "import" msgstr "importeren" #. Type: select #. Description #: ../openswan.templates:4002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "" "Methodes bij het gebruik van een X.509-certificaat voor authenticatie van " "deze computer:" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "U kunt een nieuw X.509-certificaat aanmaken met eigen instellingen of een " "bestaand sleutelpaar in PEM-indeling importeren voor de authenticatie van " "IPsec-verbindingen." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Als u ervoor kiest om een nieuw X.509-certificaat te maken zal u antwoord " "moeten geven op een aantal vragen voordat het aanmaken kan beginnen. Wanneer " "u uw publieke sleutel door een bestaande certificaat-autoriteit wilt laten " "ondertekenen moet u niet voor een door uzelf getekend certificaat kiezen. " "Ook moet u er op letten dat al uw antwoorden voldoen aan de eisen van deze " "CA om te voorkomen dat deze uw ondertekeningsaanvraag zal weigeren." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Als u een bestaand sleutelpaar wilt importeren zal u gevraagd worden naar " "hun bestandsnamen (deze kunnen hetzelfde zijn als beide delen in één bestand " "zijn opgeslagen). U krijgt daarna ook de mogelijkheid om de bestandsnaam van " "de publieke sleutel(s) van de certificaat-autoriteit op te geven. Dit moet " "wel een ander bestand zijn. Let er ook op dat de X.509-certificaten in PEM-" "indeling moeten zijn en dat de geheime sleutel niet versleuteld mag zijn, " "anders zal de import-procedure mislukken." #. Type: string #. Description #: ../openswan.templates:5001 msgid "File name of your PEM format X.509 certificate:" msgstr "Bestandsnaam van uw X.509-certificaat in PEM-indeling:" #. Type: string #. Description #: ../openswan.templates:5001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Geef de volledige locatie van het bestand dat uw X.509-certificaat in PEM-" "indeling bevat." #. Type: string #. Description #: ../openswan.templates:6001 msgid "File name of your PEM format X.509 private key:" msgstr "Bestandsnaam van uw geheime X.509-sleutel in PEM-indeling:" #. Type: string #. Description #: ../openswan.templates:6001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Geef de volledige locatie van het bestand dat uw geheime RSA-sleutel bevat " "die behoort bij uw X.509-certificaat in PEM-indeling. Dit kan hetzelfde " "bestand zijn als dat wat uw X.509-certificaat bevat." #. Type: string #. Description #: ../openswan.templates:7001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Bestandsnaam van uw X.509-RootCA in PEM-indeling:" #. Type: string #. Description #: ../openswan.templates:7001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "U heeft nu de mogelijkheid om de locatie van het bestand (in PEM-indeling) " "dat het X.509-certificaat van de certificaat-autoriteit op te geven waarmee " "uw certificaat wordt ondertekend. Als u deze niet heeft of als u geen " "gebruik wilt maken van deze mogelijkheid dient u het veld leeg te laten. Let " "op: Het is niet mogelijk om de RootCA in hetzelfde bestand te bewaren als uw " "X.509-certificaat of geheime sleutel." #. Type: string #. Description #: ../openswan.templates:8001 msgid "Length of RSA key to be created:" msgstr "Lengte van de aan te maken RSA-sleutel:" #. Type: string #. Description #: ../openswan.templates:8001 msgid "" "Please enter the required RSA key-length. Anything under 1024 bits should be " "considered insecure; anything more than 4096 bits slows down the " "authentication process and is not useful at present." msgstr "" "Geef de lengte van de aan te maken RSA-sleutel. Minder dan 1024 bits dient " "als onveilig te worden beschouwd, meer dan 4096 vertraagd het " "authenticatieproces en is op dit moment niet nodig." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "Create a self-signed X.509 certificate?" msgstr "Wilt u een door uzelf getekend X.509-certificaat aanmaken?" #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using Openswan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Deze installatie kan enkel een door uzelf getekend X.509-certificaat " "automatisch aanmaken omdat anders een certificaat-autoriteit nodig is om de " "certificaataanvraag te tekenen. Als u een door uzelf getekend certificaat " "wilt aanmaken, dan kunt u het onmiddellijk gebruiken om een verbinding te " "leggen met andere IPsec-hosts die X.509-certificaten ondersteunen voor IPSec-" "verbindingen. Als u echter Openswan's PKI-mogelijkheden wilt gebruiken, dan " "zult u alle X.509-certificaten moeten laten tekenen door één enkele " "certificaat-autoriteit om een vertrouwenspad aan te maken." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Als u geen door uzelf getekend certificaat wilt aanmaken, dan zullen enkel " "de geheime RSA-sleutel en de certificaataanvraag worden aangemaakt en zult " "u de certificaataanvraag moeten laten tekenen door uw certificaat-autoriteit." #. Type: string #. Description #: ../openswan.templates:10001 msgid "Country code for the X.509 certificate request:" msgstr "Landcode van de X.509-certificaataanvraag:" #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Geef de tweeletterige code voor het land waarin de server staat (zoals \"NL" "\" voor Nederland)." #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "OpenSSL zal geen certificaat genereren als dit niet een geldige landcode uit " "ISO-3166 is. Voor andere velden van het X.509-certificaat is het toegestaan " "om ze leeg te laten, maar niet voor dit veld." #. Type: string #. Description #: ../openswan.templates:11001 msgid "State or province name for the X.509 certificate request:" msgstr "Staat of provincie voor de X.509-certificaataanvraag:" #. Type: string #. Description #: ../openswan.templates:11001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Geef de volledige naam van de staat of provincie waarin de server staat " "(zoals \"Noord-Holland\")." #. Type: string #. Description #: ../openswan.templates:12001 msgid "Locality name for the X.509 certificate request:" msgstr "Plaatsnaam voor de X.509-certificaataanvraag:" #. Type: string #. Description #: ../openswan.templates:12001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Geef de plaats waar de server staat (vaak een stad zoals \"Amsterdam\")." #. Type: string #. Description #: ../openswan.templates:13001 msgid "Organization name for the X.509 certificate request:" msgstr "Naam van de organisatie voor de X.509-certificaataanvraag:" #. Type: string #. Description #: ../openswan.templates:13001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" "Geef op van welke organisatie deze server deel uitmaakt (zoals \"Debian\")." #. Type: string #. Description #: ../openswan.templates:14001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Organisatie-eenheid voor de X.509-certificaataanvraag:" #. Type: string #. Description #: ../openswan.templates:14001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Geef op van welke organisatie-eenheid deze server deel uitmaakt (zoals " "\"Afdeling beveiliging\")." #. Type: string #. Description #: ../openswan.templates:15001 msgid "Common Name for the X.509 certificate request:" msgstr "Naam (Common Name) voor de X.509-certificaataanvraag:" #. Type: string #. Description #: ../openswan.templates:15001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Geef de naam (Common Name) voor deze computer op (zoals \"gateway.example.org" "\")." #. Type: string #. Description #: ../openswan.templates:16001 msgid "Email address for the X.509 certificate request:" msgstr "E-mailadres voor de X.509-certificaataanvraag:" #. Type: string #. Description #: ../openswan.templates:16001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Geef het e-mailadres van de persoon of organisatie die verantwoordelijk is " "voor het X.509-certificaat." #. Type: note #. Description #: ../openswan.templates:17001 msgid "Modification of /etc/ipsec.conf" msgstr "Aanpassing van /etc/ipsec.conf" #. Type: note #. Description #: ../openswan.templates:17001 msgid "" "Due to a change in upstream Openswan, opportunistic encryption is no longer " "enabled by default. The no_oe.conf file that was shipped in earlier versions " "to explicitly disable it can therefore no longer be included by ipsec.conf. " "Any such include paragraph will now be automatically removed to ensure that " "Openswan can start correctly." msgstr "" "Vanwege een verandering in de oorspronkelijke Openswan is opportunistische " "encryptie niet langer standaard geactiveerd. Het bestand no_oe.conf dat in " "eerdere versies werd meegeleverd om dit expliciet te deactiveren kan daarom " "niet meer worden ingelezen in ipsec.conf. Zulke inleesregels zullen nu " "automatisch worden verwijderd om ervoor te zorgen dat Openswan kan starten." debian/po/templates.pot0000664000000000000000000002355112010653511012330 0ustar # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: openswan@packages.debian.org\n" "POT-Creation-Date: 2010-07-29 19:03+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../openswan.templates:1001 msgid "Old runlevel management superseded" msgstr "" #. Type: note #. Description #: ../openswan.templates:1001 msgid "" "Previous versions of the Openswan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your Openswan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "Restart Openswan now?" msgstr "" #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "" "Restarting Openswan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such " "an Openswan tunnel to connect for this update, restarting is not recommended." msgstr "" #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "Use an X.509 certificate for this host?" msgstr "" #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure openswan\" to come back." msgstr "" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "create" msgstr "" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "import" msgstr "" #. Type: select #. Description #: ../openswan.templates:4002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" #. Type: string #. Description #: ../openswan.templates:5001 msgid "File name of your PEM format X.509 certificate:" msgstr "" #. Type: string #. Description #: ../openswan.templates:5001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" #. Type: string #. Description #: ../openswan.templates:6001 msgid "File name of your PEM format X.509 private key:" msgstr "" #. Type: string #. Description #: ../openswan.templates:6001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" #. Type: string #. Description #: ../openswan.templates:7001 msgid "File name of your PEM format X.509 RootCA:" msgstr "" #. Type: string #. Description #: ../openswan.templates:7001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" #. Type: string #. Description #: ../openswan.templates:8001 msgid "Length of RSA key to be created:" msgstr "" #. Type: string #. Description #: ../openswan.templates:8001 msgid "" "Please enter the required RSA key-length. Anything under 1024 bits should be " "considered insecure; anything more than 4096 bits slows down the " "authentication process and is not useful at present." msgstr "" #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "Create a self-signed X.509 certificate?" msgstr "" #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using Openswan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" #. Type: string #. Description #: ../openswan.templates:10001 msgid "Country code for the X.509 certificate request:" msgstr "" #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" #. Type: string #. Description #: ../openswan.templates:11001 msgid "State or province name for the X.509 certificate request:" msgstr "" #. Type: string #. Description #: ../openswan.templates:11001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" #. Type: string #. Description #: ../openswan.templates:12001 msgid "Locality name for the X.509 certificate request:" msgstr "" #. Type: string #. Description #: ../openswan.templates:12001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" #. Type: string #. Description #: ../openswan.templates:13001 msgid "Organization name for the X.509 certificate request:" msgstr "" #. Type: string #. Description #: ../openswan.templates:13001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" #. Type: string #. Description #: ../openswan.templates:14001 msgid "Organizational unit for the X.509 certificate request:" msgstr "" #. Type: string #. Description #: ../openswan.templates:14001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" #. Type: string #. Description #: ../openswan.templates:15001 msgid "Common Name for the X.509 certificate request:" msgstr "" #. Type: string #. Description #: ../openswan.templates:15001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" #. Type: string #. Description #: ../openswan.templates:16001 msgid "Email address for the X.509 certificate request:" msgstr "" #. Type: string #. Description #: ../openswan.templates:16001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" #. Type: note #. Description #: ../openswan.templates:17001 msgid "Modification of /etc/ipsec.conf" msgstr "" #. Type: note #. Description #: ../openswan.templates:17001 msgid "" "Due to a change in upstream Openswan, opportunistic encryption is no longer " "enabled by default. The no_oe.conf file that was shipped in earlier versions " "to explicitly disable it can therefore no longer be included by ipsec.conf. " "Any such include paragraph will now be automatically removed to ensure that " "Openswan can start correctly." msgstr "" debian/po/de.po0000664000000000000000000004276112010653511010542 0ustar # German translation of openswan debconf templates # Copyright (C) 2007, Matthias Julius # This file is distributed under the same license as the openswan package. # # Matthias Julius , 2007. # Martin Eberhard Schauer , 2010. # msgid "" msgstr "" "Project-Id-Version: openswan 1:2.6.26+dfsg-1\n" "Report-Msgid-Bugs-To: openswan@packages.debian.org\n" "POT-Creation-Date: 2010-07-29 19:03+0200\n" "PO-Revision-Date: 2010-07-19 11:33+0200\n" "Last-Translator: Martin Eberhard Schauer \n" "Language-Team: German \n" "Language: de\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../openswan.templates:1001 msgid "Old runlevel management superseded" msgstr "Alte Verwaltung der Runlevel abgelöst" # (mes) sync 1 Im letzten Satz: # Helge: setup -> Installation Martin: setup -> Setup # strongswan :2001 openswan: 1001 #. Type: note #. Description #: ../openswan.templates:1001 msgid "" "Previous versions of the Openswan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your Openswan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Frühere Versionen von Openswan ermöglichten eine Wahl zwischen drei " "verschiedenen Start/Stopp-Modi. Aufgrund von Änderungen des standardmäßigen " "Systemstarts ist dies nicht mehr notwendig oder nützlich. Sowohl für alle " "neuen als auch bestehende Installationen, die in einem der vordefinierten " "Modi betrieben wurden, werden jetzt vernünftige Standardwerte gesetzt. Wenn " "Sie jetzt ein Upgrade von einer früheren Version durchführen und Sie die " "Openswan-Startparameter angepasst haben, werfen Sie bitte einen Blick auf " "NEWS.Debian. Die Datei enthält Anweisungen, wie Sie Ihre Installation " "entsprechend ändern." #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "Restart Openswan now?" msgstr "Openswan jetzt neu starten?" # (mes) sync 2 Gemeinsame Formulierung erforderlich #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "" "Restarting Openswan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such " "an Openswan tunnel to connect for this update, restarting is not recommended." msgstr "" "Es wird empfohlen, Openswan neu zu starten, da eine Sicherheitskorrektur " "erst nach dem Neustart des Daemons greift. Weil meisten Anwender einen " "Neustart des Daemons erwarten, ist dies grundsätzlich eine gute Idee. Der " "Neustart kann aber bestehende Verbindungen beenden und erneut aufbauen. Wenn " "Sie einen solchen Openswan-Tunnel für die Verbindung bei dieser " "Aktualisierung verwenden, wird der Neustart nicht empfohlen." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "Use an X.509 certificate for this host?" msgstr "Für diesen Rechner ein X.509-Zertifikat verwenden?" #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Für diesen Rechner kann ein X.509-Zertifikat automatisch erstellt oder " "importiert werden, das zur Authentifizierung von IPSec-Verbindungen zu " "anderen Rechnern verwendet werden kann. Dieses Vorgehen ist für den Aufbau " "gesicherter IPSec-Verbindungen vorzuziehen. Die andere Möglichkeit ist die " "Verwendung von gemeinsamen Geheimnissen (engl.: shared secrets, gleiche " "Passwörter an beiden Enden des Tunnels) zur Authentifizierung einer " "Verbindung. Für eine größere Anzahl von Verbindungen ist aber die RSA-" "Authentifizierung einfacher zu verwalten und sicherer." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure openswan\" to come back." msgstr "" "Alternativ können Sie diese Option ablehnen und später mit dem Befehl »dpkg-" "reconfigure openswan« zurückkehren." #. Type: select #. Choices #: ../openswan.templates:4001 msgid "create" msgstr "erstellen" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "import" msgstr "importieren" #. Type: select #. Description #: ../openswan.templates:4002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "" "Methoden für die Authentifizierung dieses Rechners mittels eines X.509-" "Zertifikats:" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "Es ist möglich, mit benutzerdefinierten Einstellungen ein neues X.509-" "Zertifikat zu erstellen oder einen vorhandenen, in PEM-Datei(en) " "gespeicherten, öffentlichen und privaten Schlüssel für die Authentifizierung " "von IPSec-Verbindungen zu verwenden." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Wenn Sie sich für die Erzeugung eines neuen X.509-Zertifikats entscheiden, " "wird Ihnen zunächst eine Reihe von Fragen gestellt. Diese Fragen müssen " "beantwortet werden, damit das Zertifikat erzeugt werden kann. Bitte beachten " "Sie: Wenn Sie den öffentlichen Schlüssel von einer bestehenden " "Zertifizierungsstelle (Certificate Authority, CA) bestätigen lassen wollen, " "sollten Sie nicht wählen, ein selbst signiertes Zertifikat zu erstellen. " "Außerdem müssen dann alle gegebenen Antworten exakt den Anforderungen der CA " "entsprechen, da sonst der Antrag auf Zertifizierung zurückgewiesen werden " "kann." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Wenn Sie bestehende öffentliche und private Schlüssel importieren wollen, " "werden Sie nach deren Dateinamen gefragt. (Die Namen können übereinstimmen, " "wenn beide Teile zusammen in einer Datei gespeichert werden.) Optional " "können Sie auch den Namen einer Datei angeben, die den/(die) öffentlichen " "Schlüssel Ihrer Zertifizierungsstelle enthält. Dieser Name muss von den " "Erstgenannten verschieden sein. Bitte beachten Sie auch, dass Sie für die " "X.509-Zertifikate das Format PEM verwenden und dass der private Schlüssel " "nicht verschlüsselt sein darf, weil sonst der Import-Vorgang fehlschlagen " "wird." #. Type: string #. Description #: ../openswan.templates:5001 msgid "File name of your PEM format X.509 certificate:" msgstr "Dateiname Ihres X.509-Zertifikats im PEM-Format:" #. Type: string #. Description #: ../openswan.templates:5001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Bitte geben Sie den Speicherort der Datei ein, die Ihr X.509-Zertifikat im " "PEM-Format enthält." #. Type: string #. Description #: ../openswan.templates:6001 msgid "File name of your PEM format X.509 private key:" msgstr "Dateiname des privaten X.509-Schlüssels im PEM-Format:" #. Type: string #. Description #: ../openswan.templates:6001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Bitte geben Sie den Speicherort der Datei ein, die den zu Ihrem X.509-" "Zertifikat passenden privaten RSA-Schlüssel im PEM-Format enthält. Dies kann " "dieselbe Datei sein, die das X.509-Zertifikat enthält." #. Type: string #. Description #: ../openswan.templates:7001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Dateiname Ihrer PEM-Format-X.509-RootCA:" #. Type: string #. Description #: ../openswan.templates:7001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Optional können Sie nun den Speicherort der Datei mit dem »X.509 Certificate " "Authority Root« angeben, mit dem Ihr Zertifikat im PEM-Format unterzeichnet " "wurde. Wenn Sie keine haben oder diese nicht verwenden wollen, lassen Sie " "dieses Feld bitte leer. Bitte beachten Sie, dass es nicht möglich ist, die " "RootCA in der gleichen Datei wie Ihr X.509-Zertifikat oder den privaten " "Schlüssel zu speichern." #. Type: string #. Description #: ../openswan.templates:8001 msgid "Length of RSA key to be created:" msgstr "Länge des zu erstellenden RSA-Schlüssels:" #. Type: string #. Description #: ../openswan.templates:8001 msgid "" "Please enter the required RSA key-length. Anything under 1024 bits should be " "considered insecure; anything more than 4096 bits slows down the " "authentication process and is not useful at present." msgstr "" "Bitte geben Sie die Länge des zu erstellenden RSA-Schlüssels ein. Sie sollte " "nicht weniger als 1024 Bit sein, da dies als unsicher betrachtet wird. Alles " "über 4098 Bit verlangsamt den Authentifizierungs-Prozess und ist zur Zeit " "nicht nützlich." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "Create a self-signed X.509 certificate?" msgstr "Selbstsigniertes X.509-Zertifikat erstellen?" #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using Openswan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Nur selbstsignierte X.509-Zertifikate können automatisch erzeugt werden, da " "anderenfalls eine Zertifizierungsstelle zur Signatur der Zertifikatsanfrage " "benötigt wird. Falls Sie sich entscheiden, ein selbstsigniertes Zertifikat " "zu erstellen, können Sie es sofort zur Verbindung mit anderen IPSec-Rechnern " "verwenden, die X.509-Zertifikate zur Authentifizierung von IPSec-" "Verbindungen verwenden. Falls Sie jedoch die PKI-Funktionen von Openswan " "verwenden möchten, müssen alle X.509-Zertifikate von einer einzigen " "Zertifizierungsstelle signiert sein, um einen Vertrauenspfad zu schaffen." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Falls Sie kein selbstsigniertes Zertifikat erstellen möchten, wird nur der " "private RSA-Schlüssel und die Zertifikatsanforderung erstellt. Sie müssen " "diese Zertifikatsanforderung von Ihrer Zertifizierungsstelle signieren " "lassen." #. Type: string #. Description #: ../openswan.templates:10001 msgid "Country code for the X.509 certificate request:" msgstr "Ländercode für die X.509-Zertifikatsanforderung:" #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Geben Sie den Ländercode (zwei Zeichen) für das Land ein, in dem der Server " "steht (z. B. »AT« für Österreich)." #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "Ohne einen gültigen Ländercode nach ISO-3166 wird es OpenSSL ablehnen, ein " "Zertifikat zu generieren. Ein leeres Feld ist für andere Elemente des X.509-" "Zertifikats zulässig, aber nicht für dieses." #. Type: string #. Description #: ../openswan.templates:11001 msgid "State or province name for the X.509 certificate request:" msgstr "Name des Landes oder der Provinz für diese X.509-Zertifikatsanfrage:" #. Type: string #. Description #: ../openswan.templates:11001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Bitte geben Sie den kompletten Namen des Landes oder der Provinz ein, in der " "sich der Server befindet (wie »Oberösterreich«)." #. Type: string #. Description #: ../openswan.templates:12001 msgid "Locality name for the X.509 certificate request:" msgstr "Ort für die X.509-Zertifikatsanforderung:" #. Type: string #. Description #: ../openswan.templates:12001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Geben Sie bitte den Ort an, an dem der Server steht (oft ist das eine Stadt " "wie beispielsweise »Wien«)." #. Type: string #. Description #: ../openswan.templates:13001 msgid "Organization name for the X.509 certificate request:" msgstr "Organisationsname für die X.509-Zertifikatsanforderung:" #. Type: string #. Description #: ../openswan.templates:13001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" "Bitte geben Sie die Organisation an, zu der der Server gehört (wie z.B. " "»Debian«)." #. Type: string #. Description #: ../openswan.templates:14001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Organisationseinheit für die X.509-Zertifikatsanforderung:" #. Type: string #. Description #: ../openswan.templates:14001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Bitte geben Sie die Organisationseinheit für die X.509-" "Zertifikatsanforderung ein (z.B. »Sicherheitsgruppe«)." #. Type: string #. Description #: ../openswan.templates:15001 msgid "Common Name for the X.509 certificate request:" msgstr "Common Name für die X.509-Zertifikatsanforderung:" #. Type: string #. Description #: ../openswan.templates:15001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Bitte geben Sie den Common Name für diesen Rechner ein (wie z.B. »gateway." "example.org«)." #. Type: string #. Description #: ../openswan.templates:16001 msgid "Email address for the X.509 certificate request:" msgstr "E-Mail-Adresse für die X.509-Zertifikatsanforderung:" #. Type: string #. Description #: ../openswan.templates:16001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Bitte geben Sie die E-Mail-Adresse der für das X.509-Zertifikat " "verantwortlichen Person oder Organisation ein." #. Type: note #. Description #: ../openswan.templates:17001 msgid "Modification of /etc/ipsec.conf" msgstr "Veränderung von /etc/ipsec.conf" #. Type: note #. Description #: ../openswan.templates:17001 msgid "" "Due to a change in upstream Openswan, opportunistic encryption is no longer " "enabled by default. The no_oe.conf file that was shipped in earlier versions " "to explicitly disable it can therefore no longer be included by ipsec.conf. " "Any such include paragraph will now be automatically removed to ensure that " "Openswan can start correctly." msgstr "" "Aufgrund einer Änderung im Quelltext von Openswan ist opportunistische " "Verschlüsselung nicht mehr standardmäßig aktiviert. Ältere Versionen von " "Openswan enthielten die Datei no_oe.conf, die zur expliziten Deaktivierung " "der opportunistischen Verschlüsselung diente. Diese kann jetzt nicht mehr " "mittels ipsec.conf aufgenommen werden. Jeder entsprechende Absatz wird jetzt " "automatisch entfernt, um einen korrekten Start von Openswan sicherzustellen." debian/po/da.po0000664000000000000000000004021412010653511010525 0ustar # Danish translation openswan. # Copyright (C) 2012 openswan & nedenstående oversættere. # This file is distributed under the same license as the openswan package. # Joe Hansen (joedalton2@yahoo.dk), 2012. # msgid "" msgstr "" "Project-Id-Version: openswan\n" "Report-Msgid-Bugs-To: openswan@packages.debian.org\n" "POT-Creation-Date: 2010-07-29 19:03+0200\n" "PO-Revision-Date: 2012-02-17 12:42+0000\n" "Last-Translator: Joe Hansen \n" "Language-Team: Danish \n" "Language: da\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../openswan.templates:1001 msgid "Old runlevel management superseded" msgstr "Tidligere kørselsniveauhåndtering erstattet" #. Type: note #. Description #: ../openswan.templates:1001 msgid "" "Previous versions of the Openswan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your Openswan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Tidligere versioner af Openswan-pakken gav et valg mellem tre forskellige " "Start/stop-niveauer. På grund af ændringer i standardsystemets " "opstartsprocedure, er dette ikke længere nødvendigt eller brugbart. For alle " "nye installationer samt tidligere som kører i en af de prædefinerede " "tilstande, vil nye fornuftige standardniveauer blive sat. Hvis du opgraderer " "fra en tidligere version og ændrede dine opstartsparametre for Openswan, så " "tag venligst et kig på NEWS.Debian for instruktioner i hvordan du ændrer din " "opsætning." #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "Restart Openswan now?" msgstr "Genstart Openswan nu?" #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "" "Restarting Openswan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such " "an Openswan tunnel to connect for this update, restarting is not recommended." msgstr "" "Genstart af Openswan anbefales, da såfremt der er en sikkerhedsrettelse, så " "vil den ikke blive anvendt før dæmonen genstartes. De fleste forventer, at " "dæmomen skal genstartes, så dette er normalt en god ide. Dette kan dog lukke " "eksisterende forbindelser ned og op igen, så hvis du bruger en sådan " "Openswantunnel til forbindelsen for denne opdatering, så anbefales en " "genstart ikke." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "Use an X.509 certificate for this host?" msgstr "Brug et X.509-certifikat for denne vært?" #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Et X.509-certifikat for denne vært kan oprettes automatisk eller importeres. " "Det kan bruges til at godkende IPsec-forbindelser til andre værter og er den " "foretrukne måde at bygge sikre IPsec-forbindelser. Den anden mulighed ville " "være at bruge delte hemmeligheder (adgangskoder som er ens på begge sider af " "tunnelen) for godkendelse af en forbindelse, men for et større antal " "forbindelser er nøglebaseret godkendelse nemmere at administrere og mere " "sikker." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure openswan\" to come back." msgstr "" "Alternativt kan du afvise denne indstilling og senere bruge kommandoen »dpkg-" "reconfigure openswan« for at komme tilbage." #. Type: select #. Choices #: ../openswan.templates:4001 msgid "create" msgstr "opret" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "import" msgstr "importer" #. Type: select #. Description #: ../openswan.templates:4002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "Metoder for brug af et X.509-certifikat til at godkende denne vært:" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "Det er muligt at oprette et nyt X.509-certifikat med brugerdefinerede " "indstillinger eller at importere en eksisterende offentlig og privat nøgle " "gemt i PEM-filer for godkendelse af IPsec-forbindelser." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Hvis du vælger at oprette et nyt X.509-certifikat, så vil du først få " "stillet en række spørgsmål, som skal besvares før oprettelsen kan begynde. " "Husk, at hvis du ønsker, at den offentlige nøgle skal underskrives af et " "eksisterende Certificate Authority, så skal du ikke vælge at oprette et " "selvunderskrevet certifikat og alle svarene skal præcist opfylde kravene for " "CA'et, ellers kan certifikatanmodningen blive afvist." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Hvis du ønsker at importere en eksisterende offenlig og privat nøgle, så vil " "du blive spurgt om deres filnavne (som kan være identiske hvis begge dele er " "gemt sammen i en fil). Du kan valgfrit også angive et filnavn hvor de " "offentlige nøgler for Certificate Authority er gemt, men denne fil kan ikke " "være den samme som de tidligere. Vær venligst også opmærksom på at formatet " "for X.509-certifikater skal være PEM og at den private nøgle ikke må være " "krypteret ellers vil importproceduren fejle." #. Type: string #. Description #: ../openswan.templates:5001 msgid "File name of your PEM format X.509 certificate:" msgstr "Filnavn for dit PEM format X.509-certifikat:" #. Type: string #. Description #: ../openswan.templates:5001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Indtast placeringen for filen der indeholder dit X.509-certifikat i PEM-" "format." #. Type: string #. Description #: ../openswan.templates:6001 msgid "File name of your PEM format X.509 private key:" msgstr "Filnavn for din PEM-formateret X.509 private nøgle:" #. Type: string #. Description #: ../openswan.templates:6001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Indtast venligst placeringen for filen der indeholder den private RSA-nøgle " "der matcher dit X.509-certifikat i PEM-format. Dette kan være den samme fil " "som indeholder X.509-certifikatet." #. Type: string #. Description #: ../openswan.templates:7001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Filnavn for dit PEM-formateret X.509-RootCA:" #. Type: string #. Description #: ../openswan.templates:7001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Du kan nu valgfrit indtaste placeringen for filen der indeholder X.509 " "Certificate Authority-administratoren brugt til at underskrive dit " "certifikat i PEM-format. Hvis du ikke har en eller ikke ønsker at bruge den " "så efterlad feltet tomt. Bemærk venligst at det ikke er muligt at gemme " "RootCA'en i den samme fil som dit X.509-certifikat eller private nøgle." #. Type: string #. Description #: ../openswan.templates:8001 msgid "Length of RSA key to be created:" msgstr "Længde for RSA-nøgle der skal oprettes:" #. Type: string #. Description #: ../openswan.templates:8001 msgid "" "Please enter the required RSA key-length. Anything under 1024 bits should be " "considered insecure; anything more than 4096 bits slows down the " "authentication process and is not useful at present." msgstr "" "Indtast venligst den krævede RSA-nøglelængde. Alt under 1024 bit må anses " "for at være usikkert; alt over 4096 bit gør godkendelsesprocessen " "langsommere og er i øjeblikket ikke brugbart." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "Create a self-signed X.509 certificate?" msgstr "Opret et selvunderskrevet X.509-certifikat?" #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using Openswan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Kun selvunderskrevne X.509-certifikater kan oprettes automatisk, da et " "Certificate Authority ellers kræves for at underskrive " "certifikatforespørslen. Hvis du vælger at oprette et selvunderskrevet " "certifikat, så kan du bruge det umiddelbart til at forbinde til andre IPsec-" "værter som understøtter X.509-certifikat for godkendelse af IPsec-" "forbindelser. Brug af Openswans PKI-funktioner kræver alle certifikater for " "at blive underskrevet af en enkel Certificate Authority for at oprette en " "troværdighedssti." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Hvis du ikke vælger at oprette et selvunderskrevet certifikat vil kun den " "RSA privat nøgle og certifikatforespørgslen blive oprettet, og du skal så " "underskrive certifikatforespørgslen med dit Certificate Authority." #. Type: string #. Description #: ../openswan.templates:10001 msgid "Country code for the X.509 certificate request:" msgstr "Landekode for X.509-certifikatforespørgsel:" #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Indtast venligst tobogstavskoden for landet hvor serveren befinder sig " "(såsom »AT« for Østrig)." #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "OpenSSL vil nægte at oprette et certifikat med mindre at der er en gyldig " "landekode fra ISO-3166; et tomt felt er tilladt alle andre steder i X.509-" "certifikatet, men ikke her." #. Type: string #. Description #: ../openswan.templates:11001 msgid "State or province name for the X.509 certificate request:" msgstr "Stat eller områdenavn for X.509-certifkatforespørgsel:" #. Type: string #. Description #: ../openswan.templates:11001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Indtast venligst det fulde navn for staten eller området hvor serveren " "befinder sig (såsom »Fyn«)." #. Type: string #. Description #: ../openswan.templates:12001 msgid "Locality name for the X.509 certificate request:" msgstr "Stednavn for X.509-certifikatforespørgslen:" #. Type: string #. Description #: ../openswan.templates:12001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Indtast venligst stedet hvor serveren befindre sig (oftest en by, såsom " "»København«)." #. Type: string #. Description #: ../openswan.templates:13001 msgid "Organization name for the X.509 certificate request:" msgstr "Organisatinsnavn for X.509-certifikatforespørgsel:" #. Type: string #. Description #: ../openswan.templates:13001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" "Indtast venligst organisationen som serveren tilhører (såsom »Debian«)." #. Type: string #. Description #: ../openswan.templates:14001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Organisatorisk enhed for X.509-certifikatforespørgsel:" #. Type: string #. Description #: ../openswan.templates:14001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Indtast venligst den organisatoriske enhed som serveren tilhører (såsom " "»security group«)." #. Type: string #. Description #: ../openswan.templates:15001 msgid "Common Name for the X.509 certificate request:" msgstr "Common Name for X.509-certifikatforespørgsel:" #. Type: string #. Description #: ../openswan.templates:15001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Indtast venligst Common Name for denne vært (såsom »gateway.eksempel.org«)." #. Type: string #. Description #: ../openswan.templates:16001 msgid "Email address for the X.509 certificate request:" msgstr "E-postadresse for X.509-certifikatforespørgsel:" #. Type: string #. Description #: ../openswan.templates:16001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Indtast venligst e-postadressen for personen eller organisationen anvarlig " "for X.509-certifikatet." #. Type: note #. Description #: ../openswan.templates:17001 msgid "Modification of /etc/ipsec.conf" msgstr "Ændring af /etc/ipsec.conf" #. Type: note #. Description #: ../openswan.templates:17001 msgid "" "Due to a change in upstream Openswan, opportunistic encryption is no longer " "enabled by default. The no_oe.conf file that was shipped in earlier versions " "to explicitly disable it can therefore no longer be included by ipsec.conf. " "Any such include paragraph will now be automatically removed to ensure that " "Openswan can start correctly." msgstr "" "På grund af en ændring i opstrømmen for Openswan er opportunistisk " "kryptering ikke længere aktiveret som standard. Filen no_oe.conf som var " "indholdt i tidligere versioner for eksplicit at deaktivere den kan derfor " "ikke længere inkluderes af ipsec.conf. En sådan paragraf vil automatisk " "blive fjernet for at sikre, at Openswan kan starte korrekt op." debian/po/vi.po0000664000000000000000000004243012010653511010561 0ustar # Vietnamese translation for Openswan. # Copyright © 2010 Free Software Foundation, Inc. # Clytie Siddall , 2005, 2006, 2007, 2008, 2009, 2010. # msgid "" msgstr "" "Project-Id-Version: openswan 1:2.6.25+dfsg-1\n" "Report-Msgid-Bugs-To: openswan@packages.debian.org\n" "POT-Creation-Date: 2010-07-29 19:03+0200\n" "PO-Revision-Date: 2010-05-13 19:37+0930\n" "Last-Translator: Clytie Siddall \n" "Language-Team: Vietnamese \n" "Language: vi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: LocFactoryEditor 1.8\n" #. Type: note #. Description #: ../openswan.templates:1001 msgid "Old runlevel management superseded" msgstr "Quản lý cấp chạy trước bị thay thế vì quá cũ" #. Type: note #. Description #: ../openswan.templates:1001 msgid "" "Previous versions of the Openswan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your Openswan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Trước đây phiên bản Openswan đã cho phép người dùng chọn trong ba cấp khởi/" "ngừng chạy khác nhau. Do thay đổi trong thủ tục khởi chạy hệ thống tiêu " "chuẩn, chức năng này không còn cần thiết hay có ích lại. Đối với mọi bản cài " "đặt mới, cũng như bản cài đặt cũ đang chạy ở bất cứ chế độ nào định sẵn, một " "cấp mặc định có ích sắp được lập. Nếu bạn đang nâng cấp từ một phiên bản " "trước và đã thay đổi tham số khởi chạy Openswan thì xem tập tin tin tức « " "NEWS.Debian » để tìm hướng dẫn về cách sửa đổi thiết lập một cách thích hợp." #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "Restart Openswan now?" msgstr "Khởi chạy lại Openswan ngay bây giờ ?" #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "" "Restarting Openswan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such " "an Openswan tunnel to connect for this update, restarting is not recommended." msgstr "" "Khởi chạy lại Openswan là một ý kiến tốt, vì chức năng khởi chạy lại trình " "nền cũng thực hiện đắp vá bảo mật bị hoãn. Phần lớn người cũng mong đợi " "trình nền khởi chạy lại. Tuy nhiên, chức năng khởi chạy lại có thể ngắt rồi " "mở lại kết nối đang chạy: do đó nếu bạn đang sử dụng một đường hầm Openswan " "như vậy để kết nối cho bản cập nhật này thì không khuyên bạn khởi chạy lại " "vào lúc này." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "Use an X.509 certificate for this host?" msgstr "Dùng một chứng nhận X.509 cho máy này ?" #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Trình cài đặt này có khả năng tự động tạo hoặc nhập một chứng nhận X.509 cho " "máy này. Chứng nhận này có thể được sử dụng để xác thực kết nối IPsec đến " "máy khác: đây là phương pháp khuyến khích để xây dựng kết nối IPsec bảo mật. " "Tuỳ chọn khác là sử dụng điều bí mật chia sẻ (cùng một mật khẩu ở hai bên " "đường hầm) để xác thực kết nối, nhưng mà cho nhiều kết nối chức năng xác " "thực dựa vào khoá vẫn dễ quản trị hơn và bảo mật hơn." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure openswan\" to come back." msgstr "" "Hoặc bạn có thể tắt tuỳ chọn này và chạy chạy câu lệnh cấu hình lại « dpkg-" "reconfigure openswan » về sau." #. Type: select #. Choices #: ../openswan.templates:4001 msgid "create" msgstr "tạo" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "import" msgstr "nhập" #. Type: select #. Description #: ../openswan.templates:4002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "Phương pháp dùng chứng nhận X.509 để xác thực máy này:" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "Cũng có thể tạo một chứng nhận X.509 mới với thiết lập được người dùng xác " "định, hoặc nhập một cặp khoá công/riêng được lưu vào tập tin PEM, để xác " "thực kết nối IPsec." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Nếu bạn chọn tạo một chứng nhận X.509 mới thì trước tiên bạn cần phải đáp " "ứng một số câu hỏi cơ bản. Ghi chú rằng nếu bạn muốn xin một nhà cầm quyền " "cấp chứng nhận (CA) ký khoá công này thì không nên bật tuỳ chọn tạo một " "chứng nhận tự ký, và tất cả các đáp ứng phải tương ứng với tiêu chuẩn của " "CA: không thì yêu cầu chứng nhận có thể bị từ chối." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Nếu bạn muốn nhập một cặp khoá công/riêng đã có, quá trình sẽ nhắc bạn gõ " "tên tập tin (mà có thể là trùng nếu cả hai phần nằm trong cùng một tập tin). " "Tuỳ chọn bạn cũng có dịp xác định tên tập tin chứa (các) khoá công của nhà " "cầm quyền cấp chứng nhận (CA), mà phải khác với tên tập tin gõ trước. Ghi " "chú rằng chứng nhận X.509 phải có định dạng PEM, và khoá riêng phải được " "giải mật mã: không thì thủ tục nhập khẩu bị lỗi." #. Type: string #. Description #: ../openswan.templates:5001 msgid "File name of your PEM format X.509 certificate:" msgstr "Tên tập tin của chứng nhận X.509 định dạng PEM:" #. Type: string #. Description #: ../openswan.templates:5001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "Hãy nhập vị trí của tập tin chứa chứng nhận X.509 theo định dạng PEM." #. Type: string #. Description #: ../openswan.templates:6001 msgid "File name of your PEM format X.509 private key:" msgstr "Tên tập tin của khoá riêng X.509 định dạng PEM:" #. Type: string #. Description #: ../openswan.templates:6001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Hãy nhập vị trí của tập tin chứa khoá RSA riêng tương ứng với chứng nhận " "X.509 của bạn, cả hai theo định dạng PEM. Có thể là cùng một tập tin chứa " "chứng nhận X.509." #. Type: string #. Description #: ../openswan.templates:7001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Tên tập tin của RootCA X.509 định dạng PEM:" #. Type: string #. Description #: ../openswan.templates:7001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Tuỳ chọn bạn giờ có dịp nhập vị trí của tập tin định dạng PEM chứa gốc nhà " "cầm quyền cấp chứng nhận X.509 (RootCA) được dùng để ký chứng nhận của mình. " "Không có, hoặc không muốn sử dụng nó, thì bỏ trống trường này. Ghi chú rằng " "không thể lưu RootCA vào cùng một tập tin với chứng nhận X.509 hay khoá " "riêng của bạn." #. Type: string #. Description #: ../openswan.templates:8001 msgid "Length of RSA key to be created:" msgstr "Chiều dài của khoá RSA cần tạo :" #. Type: string #. Description #: ../openswan.templates:8001 msgid "" "Please enter the required RSA key-length. Anything under 1024 bits should be " "considered insecure; anything more than 4096 bits slows down the " "authentication process and is not useful at present." msgstr "" "Hãy nhập chiều dài dự định của khoá RSA. Khoá nhỏ hơn 1024 bit không phải an " "toàn, và khoá lớn hơn 4096 bit làm cho tiến trình xác thực chạy chậm và hiện " "thời không có ích." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "Create a self-signed X.509 certificate?" msgstr "Tạo một chứng nhận X.509 tự ký ?" #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using Openswan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Chỉ chứng nhận X.509 tự ký có thể được tự động tạo, vì cho các loại chứng " "nhận khác một nhà cầm quyền cấp chứng nhận (CA) cần thiết để ký yêu cầu " "chứng nhận. Một chứng nhận tự ký cho phép bạn dùng ngay lập tức để kết nối " "tới máy khác mà hỗ trợ sử dụng chứng nhận X.509 để xác thực kết nối IPsec. " "Tuy nhiên, tính năng PKI của Openswan yêu cầu mọi chứng nhận đều được ký bởi " "cùng một nhà cầm quyền cấp chứng nhận (CA) để tạo một đường dẫn tin cậy." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Không muốn tạo chứng nhận tự ký thì trình cài đặt này sẽ chỉ tạo khoá riêng " "RSA và yêu cầu chứng nhận, và bạn sẽ cần phải ký yêu cầu chứng nhận bằng nhà " "cầm quyền cấp chứng nhận của mình." #. Type: string #. Description #: ../openswan.templates:10001 msgid "Country code for the X.509 certificate request:" msgstr "Mã quốc gia cho yêu cầu chứng nhận X.509:" #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "Hãy nhập mã hai chữ cho quốc gia máy chủ ở (v.d. « VN » cho Việt Nam)." #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "Không có mã quốc gia ISO-3166 đúng thì OpenSSL từ chối tạo chứng nhận. Có " "thể bỏ trống trường ở một số nơi khác trong chứng nhận X.509 mà không phải ở " "đây." #. Type: string #. Description #: ../openswan.templates:11001 msgid "State or province name for the X.509 certificate request:" msgstr "Tên bang/tỉnh cho yêu cầu chứng nhận X.509:" #. Type: string #. Description #: ../openswan.templates:11001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Hãy nhập tên đầy đủ của bang hay tỉnh chứa máy phục vụ (v.d. « Bình Định »)." #. Type: string #. Description #: ../openswan.templates:12001 msgid "Locality name for the X.509 certificate request:" msgstr "Tên vùng cho yêu cầu chứng nhận X.509:" #. Type: string #. Description #: ../openswan.templates:12001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "Hãy nhập vùng máy chủ ở (thường là thành phố, v.d. « Hà Nội »)." #. Type: string #. Description #: ../openswan.templates:13001 msgid "Organization name for the X.509 certificate request:" msgstr "Tên tổ chức cho yêu cầu chứng nhận X.509:" #. Type: string #. Description #: ../openswan.templates:13001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" "Hãy nhập tên của tổ chức (v.d. công ty, trường học, dự án) sở hữu máy chủ." #. Type: string #. Description #: ../openswan.templates:14001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Tên đơn vị tổ chức cho yêu cầu chứng nhận X.509:" #. Type: string #. Description #: ../openswan.templates:14001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "Hãy nhập đơn vị tổ chức (v.d. « nhóm bảo mật ») sử dụng máy chủ này." #. Type: string #. Description #: ../openswan.templates:15001 msgid "Common Name for the X.509 certificate request:" msgstr "Tên chung cho yêu cầu chứng nhận X.509:" #. Type: string #. Description #: ../openswan.templates:15001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "Hãy nhập tên chung cho máy này (v.d. « cổng_ra.ví_dụ.org »)." #. Type: string #. Description #: ../openswan.templates:16001 msgid "Email address for the X.509 certificate request:" msgstr "Địa chỉ thư điện tử cho yêu cầu chứng nhận X.509:" #. Type: string #. Description #: ../openswan.templates:16001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Hãy nhập địa chỉ thư điện tử của người hay tổ chức chịu trách nhiệm về chứng " "nhận X509 này." #. Type: note #. Description #: ../openswan.templates:17001 msgid "Modification of /etc/ipsec.conf" msgstr "Sửa đổi « /etc/ipsec.conf »" #. Type: note #. Description #: ../openswan.templates:17001 msgid "" "Due to a change in upstream Openswan, opportunistic encryption is no longer " "enabled by default. The no_oe.conf file that was shipped in earlier versions " "to explicitly disable it can therefore no longer be included by ipsec.conf. " "Any such include paragraph will now be automatically removed to ensure that " "Openswan can start correctly." msgstr "" "Do một thay đổi được làm trong phần mềm Openswan bởi dự án gốc, chức năng " "mật mã cơ hội chủ nghĩa không phải được hiệu lực theo mặc định. Tập tin « " "no_oe.conf » có sẵn trong phiên bản trước để tắt chức năng này thì không còn " "được bao gồm lại bởi « ipsec.conf ». Bất cứ đoạn văn bao gồm (include) tương " "ứng nào giờ được tự động gỡ bỏ để đảm bảo rằng Openswan khởi chạy đúng." debian/po/fi.po0000664000000000000000000007312112010653511010542 0ustar msgid "" msgstr "" "Project-Id-Version: openswan\n" "Report-Msgid-Bugs-To: openswan@packages.debian.org\n" "POT-Creation-Date: 2010-07-29 19:03+0200\n" "PO-Revision-Date: 2008-03-24 19:27+0200\n" "Last-Translator: Esko Arajärvi \n" "Language-Team: Finnish \n" "Language: fi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Poedit-Language: Finnish\n" "X-Poedit-Country: FINLAND\n" #. Type: note #. Description #: ../openswan.templates:1001 msgid "Old runlevel management superseded" msgstr "" #. Type: note #. Description #: ../openswan.templates:1001 msgid "" "Previous versions of the Openswan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your Openswan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" #. Type: boolean #. Description #: ../openswan.templates:2001 #, fuzzy #| msgid "Do you wish to restart Openswan?" msgid "Restart Openswan now?" msgstr "Tulisiko Openswan käynnistää uudelleen?" #. Type: boolean #. Description #: ../openswan.templates:2001 #, fuzzy #| msgid "" #| "Restarting Openswan is a good idea, since if there is a security fix, it " #| "will not be fixed until the daemon restarts. Most people expect the " #| "daemon to restart, so this is generally a good idea. However this might " #| "take down existing connections and then bring them back up." msgid "" "Restarting Openswan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such " "an Openswan tunnel to connect for this update, restarting is not recommended." msgstr "" "Openswanin käynnistäminen uudelleen on suositeltavaa, koska mahdolliset " "tietoturvapäivitykset eivät tule käyttöön ennen kuin taustaohjelma " "käynnistetään uudelleen. Useimmat ihmiset olettavat, että taustaohjelma " "käynnistetään uudelleen, joten se on hyvä ajatus. Tämä saattaa kuitenkin " "katkaista olemassa olevat yhteydet ja avata ne sitten uudelleen." #. Type: boolean #. Description #: ../openswan.templates:3001 #, fuzzy #| msgid "" #| "Do you have an existing X509 certificate file that you want to use for " #| "Openswan?" msgid "Use an X.509 certificate for this host?" msgstr "" "Onko olemassa X509-varmennetiedostoa, jota halutaan käyttää Openswanin " "kanssa?" #. Type: boolean #. Description #: ../openswan.templates:3001 #, fuzzy #| msgid "" #| "This installer can automatically create a RSA public/private keypair for " #| "this host. This keypair can be used to authenticate IPSec connections to " #| "other hosts and is the preferred way for building up secure IPSec " #| "connections. The other possibility would be to use shared secrets " #| "(passwords that are the same on both sides of the tunnel) for " #| "authenticating an connection, but for a larger number of connections RSA " #| "authentication is easier to administer and more secure." msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Tämä asennusohjelma voi automaattisesti luoda julkisen ja salaisen avaimen " "sisältävän RSA-avainparin tälle koneelle. Tätä avainparia voidaan käyttää " "toisille koneille otettavien IPSec-yhteyksien todentamiseen. Tämä on " "suositeltava tapa turvallisten IPSec-yhteyksien luomiseen. Toinen vaihtoehto " "on käyttää jaettuja salaisuuksia (salasanat ovat samat tunnelin molemmissa " "päissä) yhteyksien todentamiseen, mutta useiden yhteyksien kanssa RSA-" "todennus on turvallisempi ja helpompi ylläpitää." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure openswan\" to come back." msgstr "" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "create" msgstr "" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "import" msgstr "" #. Type: select #. Description #: ../openswan.templates:4002 #, fuzzy #| msgid "" #| "Do you have an existing X509 certificate file that you want to use for " #| "Openswan?" msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "" "Onko olemassa X509-varmennetiedostoa, jota halutaan käyttää Openswanin " "kanssa?" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" #. Type: string #. Description #: ../openswan.templates:5001 #, fuzzy #| msgid "Please enter the country code for the X509 certificate request." msgid "File name of your PEM format X.509 certificate:" msgstr "Maakoodi X509-varmennepyyntöä varten:" #. Type: string #. Description #: ../openswan.templates:5001 #, fuzzy #| msgid "" #| "Please enter the location of the file containing your X509 certificate in " #| "PEM format." msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Anna PEM-muodossa olevan, X509-varmenteen sisältävän tiedoston sijainti." #. Type: string #. Description #: ../openswan.templates:6001 msgid "File name of your PEM format X.509 private key:" msgstr "" #. Type: string #. Description #: ../openswan.templates:6001 #, fuzzy #| msgid "" #| "Please enter the location of the file containing the private RSA key " #| "matching your X509 certificate in PEM format. This can be the same file " #| "that contains the X509 certificate." msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Anna PEM-muodossa olevaan X509-varmenteeseen täsmäävän salaisen RSA-avaimen " "sijainti. Tämä saattaa olla sama tiedosto kuin se, joka sisältää X509-" "varmenteen." #. Type: string #. Description #: ../openswan.templates:7001 msgid "File name of your PEM format X.509 RootCA:" msgstr "" #. Type: string #. Description #: ../openswan.templates:7001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" #. Type: string #. Description #: ../openswan.templates:8001 msgid "Length of RSA key to be created:" msgstr "" #. Type: string #. Description #: ../openswan.templates:8001 #, fuzzy #| msgid "" #| "Please enter the length of the created RSA key. it should not be less " #| "than 1024 bits because this should be considered unsecure and you will " #| "probably not need anything more than 2048 bits because it only slows the " #| "authentication process down and is not needed at the moment." msgid "" "Please enter the required RSA key-length. Anything under 1024 bits should be " "considered insecure; anything more than 4096 bits slows down the " "authentication process and is not useful at present." msgstr "" "Anna luotavan RSA-avaimen pituus. Sen ei tulisi olla lyhyempi kuin 1024 " "bittiä, koska tätä lyhyempiä pidetään turvattomina, eikä sen luultavasti " "tarvitse olla 2048 bittiä pidempi, koska tällöin se lähinnä hidastaisi " "todennusprosessia, eikä pidempää avainta tällä hetkellä tarvita." #. Type: boolean #. Description #: ../openswan.templates:9001 #, fuzzy #| msgid "Do you want to create a self-signed X509 certificate?" msgid "Create a self-signed X.509 certificate?" msgstr "Luodaanko itseallekirjoitettu X509-varmenne?" #. Type: boolean #. Description #: ../openswan.templates:9001 #, fuzzy #| msgid "" #| "This installer can only create self-signed X509 certificates " #| "automatically, because otherwise a certificate authority is needed to " #| "sign the certificate request. If you want to create a self-signed " #| "certificate, you can use it immediately to connect to other IPSec hosts " #| "that support X509 certificate for authentication of IPSec connections. " #| "However, if you want to use the new PKI features of Openswan >= 1.91, you " #| "will need to have all X509 certificates signed by a single certificate " #| "authority to create a trust path." msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using Openswan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Tämä asennusohjelma voi automaattisesti luoda vain itseallekirjoitettuja " "X509-varmenteita, koska muussa tapauksessa varmentajan tulisi allekirjoittaa " "varmennepyyntö. Nyt voidaan luoda itseallekirjoitettu X509-varmenne, jota " "voidaan välittömästi käyttää toisiin X509-varmennusta tukeviin IPSec-" "koneisiin otettavien IPSec-yhteyksien varmentamiseen. Uudempien, Openswanin " "versiosta 1.91 alkaen mukana olevien PKI-ominaisuuksien käyttö kuitenkin " "vaatii, että kaikki X509-varmenteet on allekirjoitettu yhden varmentajan " "toimesta luottamuspolun luomiseksi." #. Type: boolean #. Description #: ../openswan.templates:9001 #, fuzzy #| msgid "" #| "If you do not want to create a self-signed certificate, then this " #| "installer will only create the RSA private key and the certificate " #| "request and you will have to sign the certificate request with your " #| "certificate authority." msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Jos itseallekirjoitettua varmennetta ei haluta, asennusohjelma luo vain " "salaisen RSA-avaimen ja varmennepyynnön, joka varmentajan tulee " "allekirjoittaa." #. Type: string #. Description #: ../openswan.templates:10001 #, fuzzy #| msgid "Please enter the country code for the X509 certificate request." msgid "Country code for the X.509 certificate request:" msgstr "Maakoodi X509-varmennepyyntöä varten:" #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" #. Type: string #. Description #: ../openswan.templates:10001 #, fuzzy #| msgid "" #| "You really need to enter a valid country code here, because openssl will " #| "refuse to generate certificates without one. An empty field is allowed " #| "for any other field of the X.509 certificate, but not for this one." msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "Tähän syötettävän koodin tulee olla käypä, koska openssl ei suostu luomaan " "varmenteita ilman käypää koodia. X.509-varmenteen muut kentät voivat olla " "tyhjiä, mutta tämä ei." #. Type: string #. Description #: ../openswan.templates:11001 #, fuzzy #| msgid "" #| "Please enter the state or province name for the X509 certificate request." msgid "State or province name for the X.509 certificate request:" msgstr "Osavaltion, läänin tai maakunnan nimi X509-varmennepyyntöä varten:" #. Type: string #. Description #: ../openswan.templates:11001 #, fuzzy #| msgid "" #| "Please enter the full name of the state or province you live in. This " #| "name will be placed in the certificate request." msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Anna osavaltion, läänin tai maakunnan koko nimi. Tämä nimi sisällytetään " "varmennepyyntöön." #. Type: string #. Description #: ../openswan.templates:12001 #, fuzzy #| msgid "Please enter the locality name for the X509 certificate request." msgid "Locality name for the X.509 certificate request:" msgstr "Paikkakunnan nimi X509-varmennepyyntöä varten:" #. Type: string #. Description #: ../openswan.templates:12001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" #. Type: string #. Description #: ../openswan.templates:13001 #, fuzzy #| msgid "Please enter the organization name for the X509 certificate request." msgid "Organization name for the X.509 certificate request:" msgstr "Järjestön nimi X509-varmennepyyntöä varten:" #. Type: string #. Description #: ../openswan.templates:13001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" #. Type: string #. Description #: ../openswan.templates:14001 #, fuzzy #| msgid "" #| "Please enter the organizational unit for the X509 certificate request." msgid "Organizational unit for the X.509 certificate request:" msgstr "Järjestön yksikön nimi X509-varmennepyyntöä varten:" #. Type: string #. Description #: ../openswan.templates:14001 #, fuzzy #| msgid "" #| "Please enter the organizational unit for the X509 certificate request." msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "Järjestön yksikön nimi X509-varmennepyyntöä varten:" #. Type: string #. Description #: ../openswan.templates:15001 #, fuzzy #| msgid "Please enter the common name for the X509 certificate request." msgid "Common Name for the X.509 certificate request:" msgstr "Yleinen nimi X509-varmennepyyntöä varten:" #. Type: string #. Description #: ../openswan.templates:15001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" #. Type: string #. Description #: ../openswan.templates:16001 #, fuzzy #| msgid "Please enter the email address for the X509 certificate request." msgid "Email address for the X.509 certificate request:" msgstr "Sähköpostiosoite X509-varmennepyyntöä varten:" #. Type: string #. Description #: ../openswan.templates:16001 #, fuzzy #| msgid "" #| "Please enter the email address of the person or organization who is " #| "responsible for the X509 certificate, This address will be placed in the " #| "certificate request." msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Anna X509-varmenteesta vastaavan henkilön tai järjestön sähköpostiosoite. " "Tämä osoite sisällytetään varmennepyyntöön." #. Type: note #. Description #: ../openswan.templates:17001 msgid "Modification of /etc/ipsec.conf" msgstr "" #. Type: note #. Description #: ../openswan.templates:17001 msgid "" "Due to a change in upstream Openswan, opportunistic encryption is no longer " "enabled by default. The no_oe.conf file that was shipped in earlier versions " "to explicitly disable it can therefore no longer be included by ipsec.conf. " "Any such include paragraph will now be automatically removed to ensure that " "Openswan can start correctly." msgstr "" #, fuzzy #~| msgid "Please enter the location of your X509 certificate in PEM format." #~ msgid "Please enter the location of your X509 certificate in PEM format:" #~ msgstr "PEM-muodossa olevan X509-varmenteen sijainti:" #, fuzzy #~| msgid "Please enter the location of your X509 private key in PEM format." #~ msgid "Please enter the location of your X509 private key in PEM format:" #~ msgstr "PEM-muotoisen salaisen X509-avaimen sijainti:" #, fuzzy #~| msgid "Please enter the location of your X509 certificate in PEM format." #~ msgid "You may now enter the location of your X509 RootCA in PEM format:" #~ msgstr "PEM-muodossa olevan X509-varmenteen sijainti:" #, fuzzy #~| msgid "Which length should the created RSA key have?" #~ msgid "Please enter which length the created RSA key should have:" #~ msgstr "Minkä pituinen luotavan RSA-avaimen tulisi olla?" #~ msgid "" #~ "Please enter the 2 letter country code for your country. This code will " #~ "be placed in the certificate request." #~ msgstr "" #~ "Anna kaksikirjaiminen maakoodi. Tämä koodi sisällytetään varmennepyyntöön." #~ msgid "Example: AT" #~ msgstr "Esimerkki: FI" #~ msgid "Example: Upper Austria" #~ msgstr "Esimerkki: Etelä-Suomen lääni" #~ msgid "" #~ "Please enter the locality (e.g. city) where you live. This name will be " #~ "placed in the certificate request." #~ msgstr "Anna paikkakunta. Tämä nimi sisällytetään varmennepyyntöön." #~ msgid "Example: Vienna" #~ msgstr "Esimerkki: Helsinki" #~ msgid "" #~ "Please enter the organization (e.g. company) that the X509 certificate " #~ "should be created for. This name will be placed in the certificate " #~ "request." #~ msgstr "" #~ "Anna järjestö tai yhtiö, jota varten X509-varmenne luodaan. Tämä nimi " #~ "sisällytetään varmennepyyntöön." #~ msgid "Example: Debian" #~ msgstr "Esimerkki: Debian" #~ msgid "" #~ "Please enter the organizational unit (e.g. section) that the X509 " #~ "certificate should be created for. This name will be placed in the " #~ "certificate request." #~ msgstr "" #~ "Anna yksikkö (tai osasto), jota varten X509-varmenne luodaan. Tämä nimi " #~ "sisällytetään varmennepyyntöön." #~ msgid "Example: security group" #~ msgstr "Esimerkki: tietoturvaryhmä" #~ msgid "" #~ "Please enter the common name (e.g. the host name of this machine) for " #~ "which the X509 certificate should be created for. This name will be " #~ "placed in the certificate request." #~ msgstr "" #~ "Anna yleinen nimi (eli tämän koneen verkkonimi), jota varten X509-" #~ "varmenne luodaan. Tämä nimi sisällytetään varmennepyyntöön." #~ msgid "Example: gateway.debian.org" #~ msgstr "Esimerkki: gateway.debian.org" #~ msgid "Do you want to create a RSA public/private keypair for this host?" #~ msgstr "Luodaanko tälle koneelle RSA-avainpari?" #~ msgid "" #~ "If you do not want to create a new public/private keypair, you can choose " #~ "to use an existing one." #~ msgstr "" #~ "Jos uutta julkisen ja salaisen avaimen paria ei luoda, voidaan käyttöön " #~ "valita olemassa oleva pari." #~ msgid "x509" #~ msgstr "x509" #~ msgid "plain" #~ msgstr "tavallinen" #~ msgid "" #~ "It is possible to create a plain RSA public/private keypair for use with " #~ "Openswan or to create a X509 certificate file which contains the RSA " #~ "public key and additionally stores the corresponding private key." #~ msgstr "" #~ "On mahdollista luoda tavallinen RSA-avainpari Openswanin käyttöön tai " #~ "luoda X509-varmennetiedosto, joka sisältää julkisen RSA-avaimen ja " #~ "lisäksi tallentaa vastaavan salaisen avaimen." #, fuzzy #~| msgid "" #~| "If you only want to build up IPSec connections to hosts also running " #~| "Openswan, it might be a bit easier using plain RSA keypairs. But if you " #~| "want to connect to other IPSec implementations, you will need a X509 " #~| "certificate. It is also possible to create a X509 certificate here and " #~| "extract the RSA public key in plain format if the other side runs " #~| "Openswan without X509 certificate support." #~ msgid "" #~ "If you only want to create IPsec connections to hosts also running " #~ "Openswan, it might be a bit easier using plain RSA keypairs. But if you " #~ "want to connect to other IPsec implementations, you will need a X509 " #~ "certificate. It is also possible to create a X509 certificate here and " #~ "extract the RSA public key in plain format if the other side runs " #~ "Openswan without X509 certificate support." #~ msgstr "" #~ "Jos halutaan vain luoda IPSec-yhteyksiä toiselle koneille, joilla myös " #~ "ajetaan Openswania, on ehkä hieman helpompaa käyttää tavallisia RSA-" #~ "avainpareja. Jos halutaan ottaa yhteyksiä muihin IPSec-toteutuksiin, " #~ "tarvitaan X509-varmenne. On myös mahdollista luoda X509-varmenne nyt ja " #~ "erottaa julkinen RSA-avain siitä tavalliseen muotoon, jos toisella " #~ "puolella on Openswan, jossa ei ole X509-varmenteiden tukea." #, fuzzy #~| msgid "" #~| "Therefore a X509 certificate is recommended since it is more flexible " #~| "and this installer should be able to hide the complex creation of the " #~| "X509 certificate and its use in Openswan anyway." #~ msgid "" #~ "Therefore a X509 certificate is recommended since it is more flexible and " #~ "this installer should be able to hide the complex creation of the X509 " #~ "certificate and its use in Openswan." #~ msgstr "" #~ "Tästä syystä suositellaan joustavampaa X509-varmennetta. Tämä " #~ "asennusohjelman pitäisi joka tapauksessa pystyä piilottamaan X509-" #~ "varmenteen monimutkainen luontiprosessi ja käyttö Openswanissa." #, fuzzy #~| msgid "" #~| "This installer can automatically extract the needed information from an " #~| "existing X509 certificate with a matching RSA private key. Both parts " #~| "can be in one file, if it is in PEM format. Do you have such an existing " #~| "certificate and key file and want to use it for authenticating IPSec " #~| "connections?" #~ msgid "" #~ "This installer can automatically extract the needed information from an " #~ "existing X509 certificate with a matching RSA private key. Both parts can " #~ "be in one file, if it is in PEM format. If you have such an existing " #~ "certificate and key file please select if want to use it for " #~ "authenticating IPSec connections." #~ msgstr "" #~ "Tämä asennusohjelma voi automaattisesti erottaa tarvittavat tiedot " #~ "olemassa olevasta X509-varmenteesta ja sitä vastaavasta salaisesta RSA-" #~ "avaimesta. Molemmat osat voivat olla yhdessä tiedostossa, jos se on PEM-" #~ "muodossa." #~ msgid "x509, plain" #~ msgstr "x509, tavallinen" #, fuzzy #~| msgid "earliest, \"after NFS\", \"after PCMCIA\"" #~ msgid "earliest, after NFS, after PCMCIA" #~ msgstr "mahdollisimman aikaisin, NFS:n jälkeen, PCMCIA:n jälkeen" #, fuzzy #~| msgid "" #~| "With the current Debian startup levels (nearly everything starting in " #~| "level 20), it is impossible for Openswan to always start at the correct " #~| "time. There are three possibilities when Openswan can start: before or " #~| "after the NFS services and after the PCMCIA services. The correct answer " #~| "depends on your specific setup." #~ msgid "" #~ "With the default system startup levels (nearly everything starting in " #~ "level 20), it is impossible for Openswan to always start at the correct " #~ "time. There are three possibilities when Openswan can start: before or " #~ "after the NFS services and after the PCMCIA services. The correct answer " #~ "depends on your specific setup." #~ msgstr "" #~ "Nykyisten Debianin käynnistystasojen kanssa (lähes kaikki käynnistyy " #~ "tasolla 20) Openswanin on lähes mahdotonta käynnistyä aina oikeaan " #~ "aikaan. Openswan voi käynnistyä kolmeen eri aikaan: ennen tai jälkeen NFS-" #~ "palveluiden tai PCMCIA-palveluiden jälkeen. Oikea valinta riippuu koneen " #~ "asetuksista." #, fuzzy #~| msgid "" #~| "If you do not have your /usr tree mounted via NFS (either you only mount " #~| "other, less vital trees via NFS or don't use NFS mounted trees at all) " #~| "and don't use a PCMCIA network card, then it's best to start Openswan at " #~| "the earliest possible time, thus allowing the NFS mounts to be secured " #~| "by IPSec. In this case (or if you don't understand or care about this " #~| "issue), answer \"earliest\" to this question (the default)." #~ msgid "" #~ "If the /usr tree of this system is not mounted via NFS (either you only " #~ "mount other, less vital trees via NFS or don't use NFS mounted trees at " #~ "all) and no PCMCIA network card is used, then it's best to start Openswan " #~ "at the earliest possible time, thus allowing the NFS mounts to be secured " #~ "by IPSec. In this case (or if you don't understand or care about this " #~ "issue), answer \"earliest\" to this question (the default)." #~ msgstr "" #~ "Jos hakemistopuuta /usr ei liitetä NFS:n avulla (joko NFS:ää ei käytetä " #~ "ollenkaan tai sillä liitetään vain vähemmän tärkeitä osia), eikä käytössä " #~ "ole PCMCIA-verkkokortteja, on Openswan parasta käynnistää mahdollisimman " #~ "aikaisin, jolloin NSF-liitokset voidaan turvata IPSecillä. Valitse " #~ "tällöin (ja myös, jos et ymmärrä kysymystä tai välitä siitä) " #~ "”mahdollisimman aikaisin” (oletus)." #, fuzzy #~| msgid "" #~| "If you have your /usr tree mounted via NFS and don't use a PCMCIA " #~| "network card, then you will need to start Openswan after NFS so that all " #~| "necessary files are available. In this case, answer \"after NFS\" to " #~| "this question. Please note that the NFS mount of /usr can not be secured " #~| "by IPSec in this case." #~ msgid "" #~ "If the /usr tree is mounted via NFS and no PCMCIA network card is used, " #~ "then you will need to start Openswan after NFS so that all necessary " #~ "files are available. In this case, answer \"after NFS\" to this question. " #~ "Please note that the NFS mount of /usr can not be secured by IPSec in " #~ "this case." #~ msgstr "" #~ "Jos hakemistopuu /usr liitetään NFS:n avulla, eikä käytössä ole PCMCIA-" #~ "verkkokorttia, tulee Openswan käynnistää NFS:n jälkeen, jotta kaikki " #~ "tarvittavat tiedostot ovat saatavilla. Valitse tällöin ”NFS:n jälkeen”. " #~ "Tällöin hakemistopuun /usr NFS-liitäntää ei voida turvata IPSecin avulla." #~ msgid "" #~ "If you use a PCMCIA network card for your IPSec connections, then you " #~ "only have to choose to start it after the PCMCIA services. Answer \"after " #~ "PCMCIA\" in this case. This is also the correct answer if you want to " #~ "fetch keys from a locally running DNS server with DNSSec support." #~ msgstr "" #~ "Jos IPSec-yhteyksiin käytetään PCMCIA-verkkokorttia, tulee ohjelma " #~ "käynnistää PCMCIA-palveluiden jälkeen. Valitse tällöin ”PCMCIA:n " #~ "jälkeen”. Tämä on oikea valinta myös, jos avaimia haetaan paikalliselta " #~ "DNS-palvelimelta DNSSec-tuen kanssa." #, fuzzy #~| msgid "At which level do you wish to start Openswan?" #~ msgid "Please select the level at which you wish to start Openswan:" #~ msgstr "Millä tasolla Openswan tulisi käynnistää?" #, fuzzy #~| msgid "Which type of RSA keypair do you want to create?" #~ msgid "Please select which type of RSA keypair you want to create:" #~ msgstr "Minkä tyyppinen RSA-avainpari luodaan?" #~ msgid "Do you wish to enable opportunistic encryption in Openswan?" #~ msgstr "Käytetäänkö Openswanin kanssa opportunistista salausta?" #~ msgid "" #~ "Openswan comes with support for opportunistic encryption (OE), which " #~ "stores IPSec authentication information (i.e. RSA public keys) in " #~ "(preferably secure) DNS records. Until this is widely deployed, " #~ "activating it will cause a significant slow-down for every new, outgoing " #~ "connection. Since version 2.0, Openswan upstream comes with OE enabled by " #~ "default and is thus likely to break your existing connection to the " #~ "Internet (i.e. your default route) as soon as pluto (the Openswan keying " #~ "daemon) is started." #~ msgstr "" #~ "Openswan tukee opportunistista salausta (Opportunistic Encryption, OE), " #~ "joka tallentaa IPSec-todennustiedot (eli julkiset RSA-avaimet) DNS-" #~ "tietoihin. Ennen kuin tämä on laajalti käytössä, jokainen uusi ulospäin " #~ "suuntautuva yhteys hidastuu huomattavasti. Versiosta Openswan 2.0 alkaen " #~ "OE on käytössä oletuksena ja siten todennäköisesti rikkoo olemassa olevan " #~ "Internet-yhteyden (oletusreitin) heti, kun pluto (Openswanin " #~ "avaintaustaohjelma) käynnistetään." #~ msgid "" #~ "Please choose whether you want to enable support for OE. If unsure, do " #~ "not enable it." #~ msgstr "" #~ "Valitse tulisiko OE-tuki ottaa käyttöön. Jos olet epävarma, älä valitse " #~ "tätä." debian/po/sv.po0000664000000000000000000006600012010653511010572 0ustar # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # # Developers do not need to manually edit POT or PO files. # msgid "" msgstr "" "Project-Id-Version: openswan 2.4.0-3\n" "Report-Msgid-Bugs-To: openswan@packages.debian.org\n" "POT-Creation-Date: 2010-07-29 19:03+0200\n" "PO-Revision-Date: 2010-05-14 09:56+0100\n" "Last-Translator: Martin Bagge / brother \n" "Language-Team: Swedish \n" "Language: sv\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Poedit-Language: Swedish\n" "X-Poedit-Country: Sweden\n" #. Type: note #. Description #: ../openswan.templates:1001 msgid "Old runlevel management superseded" msgstr "Tidigare hantering av körlägen ersätts" #. Type: note #. Description #: ../openswan.templates:1001 msgid "" "Previous versions of the Openswan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your Openswan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Tidigare versioner av Openswan-paketet tillät tre olika lägen för Start/" "Stopp. På grund av ändringar i systemets standardprocedur för uppstart är " "detta inte längre nödvändigt att meningsfullt. För alla nya installationer " "såväl som äldre som körs i något av de fördefinierade lägena kommer vettiga " "standardlägen att anges. Om du uppgraderar från en tidigare version och " "ändrade uppstartsparameterar för Openswan så bör du läsa NEWS.Debian för " "instruktioner på hur du ska ändra din installation på korrekt sätt." #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "Restart Openswan now?" msgstr "Starta om Openswan?" #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "" "Restarting Openswan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such " "an Openswan tunnel to connect for this update, restarting is not recommended." msgstr "" "Starta om Openswan är en bra idé eftersom eventuella säkerhetsrättningar " "endast kommer användas först när demonen är omstartad. De flesta personer " "förväntar sig att demonen startar om så detta är generellt sett en bra idé. " "Dock kan detta kanske ta ner existerande anslutningar och sedan ta dom upp " "igen. Om du använder en sådan Openswan-tunnel för att göra denna uppdatering " "är det inte rekommenderat att starta om Openswan." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "Use an X.509 certificate for this host?" msgstr "Använd ett X.509-certifikat för din värd?" #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Ett X.509-certifikat kan automatiskt skapas eller importeras. Det kan " "användas för att autentisera IPsec-anslutningar för andra värdar och är det " "rekomenderade sättet att bygga säkra IPsec-anslutningar. Det alternativa " "sättet är att använda delad hemlighet (lösenord som är samma på båda sidor " "om tunneln) för att autentisera en anslutning, när antalet anslutningar blir " "fler är det mycket enklare att administrera certifikatbaserade anslutningar " "de är dessutom säkrare." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure openswan\" to come back." msgstr "" "Alternativt kan du avvisa detta alternativ och senare använda kommandot " "\"dpkg-reconfigure openswan\" för att återvända." #. Type: select #. Choices #: ../openswan.templates:4001 msgid "create" msgstr "skapa" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "import" msgstr "importera" #. Type: select #. Description #: ../openswan.templates:4002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "" "Metod för att använda ett X.509-certifikat för att autentisera denna värd:" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "Det är möjligt att skapa ett nytt X.509-certifikat med användardefinierade " "inställningar eller att importera en existerande publik och privat nyckel " "lagrad i PEM-filer för autentisering av IPsec-anslutningar." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Om du väljer att skapa ett nytt X.509-certifikat kommer först ett antal " "frågor att ställas som måste besvaras innan själva skapandet kan starta. Kom " "ihåg att om du vill ha den publika nyckeln för att få den signerad av en " "existerande certifikatutfärdare ska du inte ange att du vill skapa ett själv-" "signerat certifikat samt att alla svar som avges måste stämma exakt överrens " "med de krav som ställs från certifikatutfärdaren annars kan begäran om " "certifikat avvisas." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Om du vill importera en existerande publik och privat nyckel kommer du att " "se frågor om deras filnamn (som kan vara samma om båda delarna är sparade i " "samma fil). Alternativt kan du även ange ett filnamn där de publika " "nycklarna för certifikatutfärdaren sparas, men denna fil kan inte vara samma " "som de föregående. Var även uppmärksam på att formatet för X.509-" "certifikatet måste vara PEM och att den privata nyckeln inte kan vara " "krypterad annars kommer importproceduren att misslyckas." #. Type: string #. Description #: ../openswan.templates:5001 msgid "File name of your PEM format X.509 certificate:" msgstr "Filnamn för ditt PEM-formaterade X.509-certifikat:" #. Type: string #. Description #: ../openswan.templates:5001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Ange platsen för filen som innehåller ditt X.509-certifikat i PEM-format." #. Type: string #. Description #: ../openswan.templates:6001 msgid "File name of your PEM format X.509 private key:" msgstr "Filnamn på din PEM-formaterade privata X.509-nyckel:" #. Type: string #. Description #: ../openswan.templates:6001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Ange platsen för den fil som innehåller den privata RSA-nyckeln som matchar " "ditt X.509-certifikat i PEM-format. Detta kan vara samma fil som innehåller " "X.509-certifikatet." #. Type: string #. Description #: ../openswan.templates:7001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Filnamn på ditt PEM-formaterade X.509-RootCA:" #. Type: string #. Description #: ../openswan.templates:7001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Nu kan du välja att ange platsen för filen som innehåller den RootCA som " "användes för att signera ditt certifikat i PEM-format. Om du inte har något " "eller inte vill använda något lämnar du fältet tomt. Kom ihåg att det inte " "är möjligt att lagra RootCA i samma fil som ditt X.509-certifikat eller " "privata nyckel." #. Type: string #. Description #: ../openswan.templates:8001 msgid "Length of RSA key to be created:" msgstr "Längd på RSA-nyckeln som skapas:" #. Type: string #. Description #: ../openswan.templates:8001 msgid "" "Please enter the required RSA key-length. Anything under 1024 bits should be " "considered insecure; anything more than 4096 bits slows down the " "authentication process and is not useful at present." msgstr "" "Ange längden för den skapade RSA-nyckeln. Den bör inte vara mindre än 1024 " "bitar då detta bör anses som osäkert, en nyckel längre än 4096 bitar innebär " "bara att autentiseringsprocessen blir långsammare och den extra säkerheten " "behövs inte just nu." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "Create a self-signed X.509 certificate?" msgstr "Skapa ett själv-signerat X.509-certifikat?" #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using Openswan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Installeraren kan skapa själv-signerade X.509-certifikat automatiskt " "eftersom det inte kräver kontakt med en certifikatutställare som kan signera " "certifikatförfrågan. Om du vill skapa ett själv-signerat certifikat kan du " "använda det omedelbart för att ansluta till andra IPSec-värdar som har stöd " "för X.509-certifikat för autentisering för IPSec-anslutningar. Vill du dock " "använda Openswans PKI-funktioner måste alla certifikat signeras av en och " "samma certifikatutställare för att skapa en pålitlig anslutningsväg." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Om du väljer att skapa ett själv-signerat certifikat kommer denna " "installerare bara att skapa den privata RSA-nyckeln och certifikatförfrågan " "och du kommer att behöva signera certifikatförfrågan hos din " "certifikatutgivare." #. Type: string #. Description #: ../openswan.templates:10001 msgid "Country code for the X.509 certificate request:" msgstr "Ange landskod för X.509-certifikatförfrågan." #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Ange bokstavskombinationen om två tecken som identifierar var servern finns " "(ex. \"SE\" för Sverige)." #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "OpenSSL kommer att vägra att skapa certifikat utan en korrekt landskod " "enligt ISO-3166. Tomma fält är tillåtet för alla andra delar av X.509-" "certifikatet men inte för denna." #. Type: string #. Description #: ../openswan.templates:11001 msgid "State or province name for the X.509 certificate request:" msgstr "Ange namnet på regionen eller länet för X.509-certifikatförfrågan." #. Type: string #. Description #: ../openswan.templates:11001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "Ange namnet på regionen eller länet som servern finns i (\"Halland\")." #. Type: string #. Description #: ../openswan.templates:12001 msgid "Locality name for the X.509 certificate request:" msgstr "Ange placeringsnamnet (locality name) för X.509-certifikatförfrågan:" #. Type: string #. Description #: ../openswan.templates:12001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Ange placering där servern finns (vanligen en stad, ex. \"Stockholm\")." #. Type: string #. Description #: ../openswan.templates:13001 msgid "Organization name for the X.509 certificate request:" msgstr "Ange organisationsnamnet för X.509-certifikatförfrågan:" #. Type: string #. Description #: ../openswan.templates:13001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "Ange organisationen som servern tillhör (ex. \"Debian\")." #. Type: string #. Description #: ../openswan.templates:14001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Ange organisationsenheten för X.509-certifikatförfrågan:" #. Type: string #. Description #: ../openswan.templates:14001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Ange organisationsenheten som servern tillhör (ex. \"säkerhetsgruppen\")." #. Type: string #. Description #: ../openswan.templates:15001 msgid "Common Name for the X.509 certificate request:" msgstr "Ange namnet (common name) för X.509-certifikatförfrågan:" #. Type: string #. Description #: ../openswan.templates:15001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "Ange namnet för denna värd (ex. \"gateway.example.org\")." #. Type: string #. Description #: ../openswan.templates:16001 msgid "Email address for the X.509 certificate request:" msgstr "E-postaddress för X509-certifikatförfrågan:" #. Type: string #. Description #: ../openswan.templates:16001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Ange e-postaddressen till den person eller organisation som ansvarar för " "X509-certifikatet." #. Type: note #. Description #: ../openswan.templates:17001 msgid "Modification of /etc/ipsec.conf" msgstr "Modifiering av /etc/ipsec.conf" #. Type: note #. Description #: ../openswan.templates:17001 msgid "" "Due to a change in upstream Openswan, opportunistic encryption is no longer " "enabled by default. The no_oe.conf file that was shipped in earlier versions " "to explicitly disable it can therefore no longer be included by ipsec.conf. " "Any such include paragraph will now be automatically removed to ensure that " "Openswan can start correctly." msgstr "" "På grund av ändringar från originalutvecklarna av Openswan är opportunistisk " "kryptering inte aktiverat som standard. Konfigurationsfilen no_oe.conf som " "skeppades med tidigare versioner för att explicit avaktivera det kan därför " "inte längre inkluderas av ipsec.conf. Paragrafer som inkluderar denna kommer " "därför att raderas för att säkerställa att Openswan kan starta korrekt." #~ msgid "earliest, \"after NFS\", \"after PCMCIA\"" #~ msgstr "tidigast, \"efter NFS\", \"efter PCMCIA\"" #~ msgid "At which level do you wish to start Openswan ?" #~ msgstr "Vid vilken nivå vill du starta Openswan ?" #~ msgid "" #~ "With the current Debian startup levels (nearly everything starting in " #~ "level 20), it is impossible for Openswan to always start at the correct " #~ "time. There are three possibilities when Openswan can start: before or " #~ "after the NFS services and after the PCMCIA services. The correct answer " #~ "depends on your specific setup." #~ msgstr "" #~ "Med de nuvarande uppstartsnivåerna i Debian (nästan allt startar på nivån " #~ "20) är det omöjligt för Openswan att alltid starta vid rätt tid. Det " #~ "finns tre möjligheter när Openswan kan startas: före eller efter NFS-" #~ "tjänsterna och efter PCMCIA-tjänsterna. Det rätta svaret beror på din " #~ "specifika konfiguration." #~ msgid "" #~ "If you do not have your /usr tree mounted via NFS (either you only mount " #~ "other, less vital trees via NFS or don't use NFS mounted trees at all) " #~ "and don't use a PCMCIA network card, then it's best to start Openswan at " #~ "the earliest possible time, thus allowing the NFS mounts to be secured by " #~ "IPSec. In this case (or if you don't understand or care about this " #~ "issue), answer \"earliest\" to this question (the default)." #~ msgstr "" #~ "Om du inte har ditt /usr-träd monterat via NFS (antingen monterar du " #~ "andra, mindre viktiga träd via NFS eller så använder du inte NFS-" #~ "monterade träd alls) och inte använder ett PCMCIA-nätverkskort är det " #~ "bäst att starta Openswan så tidigt som möjligt och därmed tillåter säkra " #~ "NFS-monteringar via IPSec. I detta fall (eller om du inte förstår eller " #~ "bryr dig om detta) svara \"tidigast\" på denna fråga (standard)." #~ msgid "" #~ "If you have your /usr tree mounted via NFS and don't use a PCMCIA network " #~ "card, then you will need to start Openswan after NFS so that all " #~ "necessary files are available. In this case, answer \"after NFS\" to this " #~ "question. Please note that the NFS mount of /usr can not be secured by " #~ "IPSec in this case." #~ msgstr "" #~ "Om du inte har ditt /usr-träd monterat via NFS och inte använder ett " #~ "PCMCIA-nätverkskort behöver du starta Openswan efter NFS så att alla " #~ "nödvändiga filer finns tillgängliga. I detta fall, svara \"efter NFS\" på " #~ "frågan. Notera dock att NFS-monteringen av /usr kan inte säkras upp via " #~ "IPSec i detta fall." #~ msgid "" #~ "If you use a PCMCIA network card for your IPSec connections, then you " #~ "only have to choose to start it after the PCMCIA services. Answer \"after " #~ "PCMCIA\" in this case. This is also the correct answer if you want to " #~ "fetch keys from a locally running DNS server with DNSSec support." #~ msgstr "" #~ "Om du använder ett PCMCIA-nätverkskort för dina IPSec-anslutningar har du " #~ "bara valet att starta den efter PCMCIA-tjänsterna. Svara \"efter PCMCIA\" " #~ "i detta fall. Detta är också det rätta svaret om du vill hämta nycklar " #~ "från en lokalt körande DNS-server med DNSSec-stöd." #~ msgid "Do you want to create a RSA public/private keypair for this host ?" #~ msgstr "" #~ "Vill du skapa ett publik/privat RSA-nyckelpar för denna värdmaskin ?" #~ msgid "x509, plain" #~ msgstr "x509, enkel" #~ msgid "Which type of RSA keypair do you want to create ?" #~ msgstr "Vilken typ av RSA-nyckelpar vill du skapa ?" #~ msgid "" #~ "It is possible to create a plain RSA public/private keypair for use with " #~ "Openswan or to create a X509 certificate file which contains the RSA " #~ "public key and additionally stores the corresponding private key." #~ msgstr "" #~ "Det är möjligt att skapa ett enkelt publik/privat RSA-nyckelpar för att " #~ "använda med Openswan eller att skapa en X509-certifikatfil som innehåller " #~ "den publika RSA-nyckeln och dessutom lagra den motsvarande privata " #~ "nyckeln." #~ msgid "" #~ "If you only want to build up IPSec connections to hosts also running " #~ "Openswan, it might be a bit easier using plain RSA keypairs. But if you " #~ "want to connect to other IPSec implementations, you will need a X509 " #~ "certificate. It is also possible to create a X509 certificate here and " #~ "extract the RSA public key in plain format if the other side runs " #~ "Openswan without X509 certificate support." #~ msgstr "" #~ "Om du bara vill bygga upp IPSec-anslutningar till värdmaskin som också " #~ "kör Openswan kan det vara lite enklare att använda enkla (plain) RSA-" #~ "nyckelpar. Men om du vill ansluta till andra IPSec-implementationer " #~ "behöver du ett X509-certifikat. Det är också möjligt att skapa ett X509-" #~ "certifikat här och plocka ut den publika RSA-nyckeln i enkelt format om " #~ "den andra sidan kör Openswan utan stöd för X509-certifikat." #~ msgid "" #~ "Therefore a X509 certificate is recommended since it is more flexible and " #~ "this installer should be able to hide the complex creation of the X509 " #~ "certificate and its use in Openswan anyway." #~ msgstr "" #~ "Därför är ett X509-certifikat rekommenderat eftersom det är mer flexibelt " #~ "och denna installerare bör kunna gömma den komplexa processen att skapa " #~ "X509-certifikatet och dess användning i Openswan ändå." #~ msgid "" #~ "Do you have an existing X509 certificate file that you want to use for " #~ "Openswan ?" #~ msgstr "" #~ "Har du en existerande X509-certifikatfil som du vill använda för " #~ "Openswan ?" #~ msgid "" #~ "This installer can automatically extract the needed information from an " #~ "existing X509 certificate with a matching RSA private key. Both parts can " #~ "be in one file, if it is in PEM format. Do you have such an existing " #~ "certificate and key file and want to use it for authenticating IPSec " #~ "connections ?" #~ msgstr "" #~ "Denna installerare kan automatiskt plocka ut den information som behövs " #~ "från ett existerande X509-certifikat med en matchande privat RSA-nyckel. " #~ "Båda delar kan vara i en fil om den är i PEM-format. Har du ett sådant " #~ "existerande certifikat och nyckelfil och vill använda det för att " #~ "autentisera IPSec-anslutningar ?" #~ msgid "Please enter the location of your X509 certificate in PEM format." #~ msgstr "Ange platsen för ditt X509-certifikat i PEM-format." #~ msgid "Please enter the location of your X509 private key in PEM format." #~ msgstr "Ange platsen för din privata X509-nyckel i PEM-format." #~ msgid "Which length should the created RSA key have ?" #~ msgstr "Vilken längd ska den skapade RSA-nyckeln ha ?" #~ msgid "" #~ "Please enter the 2 letter country code for your country. This code will " #~ "be placed in the certificate request." #~ msgstr "" #~ "Ange en landskod med 2 bokstäver för ditt land. Denna kod kommer att " #~ "placeras i certifikatförfrågan." #~ msgid "Example: AT" #~ msgstr "Exempel: SE" #~ msgid "" #~ "Please enter the full name of the state or province you live in. This " #~ "name will be placed in the certificate request." #~ msgstr "" #~ "Ange det fulla namnet på regionen eller länet du bor i. Detta namn kommer " #~ "att placeras i certifikatförfrågan." #~ msgid "Example: Upper Austria" #~ msgstr "Exempel: Centrala Sverige" #~ msgid "" #~ "Please enter the locality (e.g. city) where you live. This name will be " #~ "placed in the certificate request." #~ msgstr "" #~ "Ange lokaliteten (exempelvis stad) där du bor. Detta namn kommer att " #~ "placeras i certifikatförfrågan." #~ msgid "Example: Vienna" #~ msgstr "Exempel: Stockholm" #~ msgid "" #~ "Please enter the organization (e.g. company) that the X509 certificate " #~ "should be created for. This name will be placed in the certificate " #~ "request." #~ msgstr "" #~ "Ange organisationen (exempelvis företaget) som X509-certifikatet ska " #~ "skapas för. Detta namn kommer att placeras i certifikatförfrågan." #~ msgid "Example: Debian" #~ msgstr "Exempel: Debian" #~ msgid "" #~ "Please enter the organizational unit (e.g. section) that the X509 " #~ "certificate should be created for. This name will be placed in the " #~ "certificate request." #~ msgstr "" #~ "Ange organisationsenheten (exempelvis avdelning) som X509-certifikatet " #~ "ska skapas för. Detta namn kommer att placeras i certifikatförfrågan." #~ msgid "Example: security group" #~ msgstr "Exempel: säkerhetsgruppen" #~ msgid "" #~ "Please enter the common name (e.g. the host name of this machine) for " #~ "which the X509 certificate should be created for. This name will be " #~ "placed in the certificate request." #~ msgstr "" #~ "Ange namnet (exempelvis värdnamnet för denna maskin) för vilken X509-" #~ "certifikatet ska skapas för. Detta namn kommer att placeras i " #~ "certifikatförfrågan." #~ msgid "Example: gateway.debian.org" #~ msgstr "Exempel: gateway.debian.org" #~ msgid "Do you wish to enable opportunistic encryption in Openswan?" #~ msgstr "Vill du aktivera opportunistisk kryptering i Openswan?" #~ msgid "" #~ "Openswan comes with support for opportunistic encryption (OE), which " #~ "stores IPSec authentication information (i.e. RSA public keys) in " #~ "(preferably secure) DNS records. Until this is widely deployed, " #~ "activating it will cause a significant slow-down for every new, outgoing " #~ "connection. Since version 2.0, Openswan upstream comes with OE enabled by " #~ "default and is thus likely to break your existing connection to the " #~ "Internet (i.e. your default route) as soon as pluto (the Openswan keying " #~ "daemon) is started." #~ msgstr "" #~ "Openswan har stöd för opportunistisk kryptering (OE) som lagrar " #~ "information om IPSec-autentiseringen (exempelvis publika RSA-nycklar) i " #~ "(helst säkra) DNS-poster. Tills detta är en mer utbredd tjänst kan " #~ "aktivering av det orsaka en betydande hastighetssänkning för varje ny " #~ "utgående anslutning. Sedan version 2.0 kommer Openswan (uppström) med OE " #~ "aktiverad som standard och kommer därför sannorlikt att bryta din " #~ "existerande anslutning till Internet (exempelvis din standardrutt) som " #~ "snart som pluto (demonen för Openswan-nycklar) startas." #~ msgid "" #~ "Please choose whether you want to enable support for OE. If unsure, do " #~ "not enable it." #~ msgstr "" #~ "Välj om du vill aktivera stöd för OE. Om du är osäker bör du inte " #~ "aktivera det." debian/po/pl.po0000664000000000000000000004211712010653511010560 0ustar # Translation of openswan debconf templates to Polish. # Copyright (C) 2010 # This file is distributed under the same license as the openswan package. # # Michał Kułach , 2012. msgid "" msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: openswan@packages.debian.org\n" "POT-Creation-Date: 2010-07-29 19:03+0200\n" "PO-Revision-Date: 2012-04-21 12:27+0200\n" "Last-Translator: Michał Kułach \n" "Language-Team: Polish \n" "Language: pl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 1.2\n" "Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " "|| n%100>=20) ? 1 : 2);\n" #. Type: note #. Description #: ../openswan.templates:1001 msgid "Old runlevel management superseded" msgstr "Zastąpiono stare zarządzanie poziomami uruchamiania" #. Type: note #. Description #: ../openswan.templates:1001 msgid "" "Previous versions of the Openswan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your Openswan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Poprzednie wersje pakietu Openswan umożliwiały wybór pomiędzy trzema różnymi " "Start/Stop-Level. Z powodu zmian w procedurze uruchamiania systemu " "podstawowego nie jest to dłużej ani potrzebne, ani użyteczne. W przypadku " "zarówno wszystkich nowych instalacji, jak i starych z którymś z działających " "trybów predefiniowanych, zostaną przyjęte domyślne, rozsądne poziomy. Jeśli " "jest to aktualizacja z poprzedniej wersji i zmieniono parametry uruchamiania " "Openswan, proszę zapoznać się z plikiem NEWS.Debian, aby dowiedzieć się jak " "odpowiednio zmodyfikować swoją konfigurację." #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "Restart Openswan now?" msgstr "Uruchomić Openswan ponownie?" #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "" "Restarting Openswan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such " "an Openswan tunnel to connect for this update, restarting is not recommended." msgstr "" "Restart Openswan jest zalecany, ponieważ jest to poprawka bezpieczeństwa, " "która nie zostanie uwzględniona przed zrestartowaniem demona. Większość " "użytkowników oczekuje restartu demona, więc jest to z reguły dobry pomysł. Z " "drugiej strony może spowodować zerwanie i ponowne nawiązanie istniejących " "połączeń, więc jeśli aktualizacja jest przeprowadzana przez tunel Openswan, " "restartowanie nie jest wskazane." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "Use an X.509 certificate for this host?" msgstr "Użyć certyfikatu X.509 dla tego komputera?" #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Certyfikat X.509 dla tego komputera może być automatycznie utworzony lub " "zaimportowany. Może zostać wykorzystany do uwierzytelnienia połączeń IPsec " "do innych hostów i jest zalecaną metodą tworzenia bezpiecznych połączeń " "IPsec. Inną możliwością jest użycie takich samych haseł znanych obu stronom " "tunelu (ang. shared secret) do uwierzytelnienia połączenia, ale przy " "większej liczbie połączeń łatwiej jest zarządzać uwierzytelnieniem za pomocą " "kluczy; jest to również bezpieczniejsze." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure openswan\" to come back." msgstr "" "Można również wybrać \"nie\" i użyć później polecenia \"dpkg-reconfigure " "openswan\", aby powrócić do niniejszego wyboru opcji." #. Type: select #. Choices #: ../openswan.templates:4001 msgid "create" msgstr "utwórz" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "import" msgstr "zaimportuj" #. Type: select #. Description #: ../openswan.templates:4002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "Metody używające certyfikatu X.509 do uwierzytelniania tego komputera:" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "Istnieje możliwość stworzenia nowego certyfikatu X.509 z ustawieniami " "użytkownika lub zaimportowania istniejącego klucza publicznego i prywatnego " "z pliku/plików PEM do uwierzytelniania połączeń IPsec." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Jeśli zostanie wybrana opcja stworzenia nowego certyfikatu X.509, najpierw " "zostaną zadane pytania, na które będzie trzeba odpowiedzieć przed " "uruchomieniem procesu tworzenia certyfikatu. Proszę wziąć pod uwagę, że aby " "używać klucza publicznego podpisanego przez istniejący ośrodek certyfikacji " "(CA), nie powinno się wybierać opcji tworzenia podpisanego przez siebie " "samego (ang. self-signed) certyfikatu, a wszystkie odpowiedzi muszą idealnie " "spełniać wymagania CA, w innym przypadku bowiem, certyfikat może zostać " "odrzucony." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "W przypadku importowania istniejącego klucza publicznego i prywatnego, " "pojawią się pytania o ich nazwy (mogą być identyczne, jeśli obie części są " "przechowywane w jednym pliku). Opcjonalnie, można również określić nazwę " "pliku, gdzie będzie przechowywany klucz (lub klucze) publiczny ośrodka " "certyfikacji (CA), nie może być jednak taka sama jak dwie poprzednie. Proszę " "zauważyć, że formatem certyfikatów X.509 musi być PEM, a klucz prywatny nie " "może być zaszyfrowany - w przeciwnym wypadku procedura zakończy się " "niepowodzeniem." #. Type: string #. Description #: ../openswan.templates:5001 msgid "File name of your PEM format X.509 certificate:" msgstr "Nazwa pliku certyfikatu X.509 użytkownika, w formacie PEM:" #. Type: string #. Description #: ../openswan.templates:5001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Proszę określić położenie pliku zawierającego certyfikat X.509 w formacie " "PEM." #. Type: string #. Description #: ../openswan.templates:6001 msgid "File name of your PEM format X.509 private key:" msgstr "Nazwa pliku klucza prywatnego X.509 użytkownika, w formacie PEM:" #. Type: string #. Description #: ../openswan.templates:6001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Proszę określić położenie pliku zawierającego certyfikat klucza publicznego " "RSA użytkownika, odpowiadającego certyfikatowi X.509 użytkownika w formacie " "PEM. Może być to ten sam plik, który zawiera certyfikat X.509." #. Type: string #. Description #: ../openswan.templates:7001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Nazwa pliku X.509 RootCA użytkownika, w formacie PEM:" #. Type: string #. Description #: ../openswan.templates:7001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Opcjonalnie, można teraz podać lokalizację pliku zawierającego główny urząd " "certyfikacji użyty do podpisu certyfikatu użytkownika w formacie PEM. W " "przypadku nieposiadania takowego, proszę pozostawić pole puste. Proszę " "zauważyć, że nie można przechowywać RootCA w tym samym pliku co certyfikat " "X.509 lub klucz publiczny." #. Type: string #. Description #: ../openswan.templates:8001 msgid "Length of RSA key to be created:" msgstr "Długość tworzonego klucza RSA:" #. Type: string #. Description #: ../openswan.templates:8001 msgid "" "Please enter the required RSA key-length. Anything under 1024 bits should be " "considered insecure; anything more than 4096 bits slows down the " "authentication process and is not useful at present." msgstr "" "Proszę wprowadzić wymaganą długość klucza. Wszystkie wartości poniżej 1024 " "bitów powinny być uznane za niebezpieczne, z kolei powyżej 4096 zwalniają " "proces uwierzytelniania i obecnie nie są przydatne." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "Create a self-signed X.509 certificate?" msgstr "Utworzyć podpisany przez samego siebie certyfikat X.509?" #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using Openswan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Wyłącznie certyfikaty X.509 podpisane przez siebie mogą być tworzone " "automatycznie, ponieważ w przeciwnym wypadku potrzebny jest urząd " "certyfikacji, aby podpisać żądany certyfikat. W przypadku wybrania opcji " "utworzenia podpisanego przez siebie samego certyfikatu, można użyć go od " "razu do połączenia z innymi hostami IPsec, które obsługują certyfikat X.509 " "do uwierzytelniania połączeń IPsec. Jednakże, używanie funkcji PKI Openswan " "wymaga, aby wszystkie certyfikaty były podpisane przez pojedynczy urząd " "certyfikacji, aby utworzyć zaufaną ścieżkę." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "W przypadku niewybrania opcji tworzenia certyfikatu podpisanego przez siebie " "samego, utworzone zostaną tylko klucz prywatny RSA i żądanie podpisania " "certyfikatu, które będzie musiało zostać podpisane przez odpowiedni urząd " "certyfikacji, już za pośrednictwem użytkownika." #. Type: string #. Description #: ../openswan.templates:10001 msgid "Country code for the X.509 certificate request:" msgstr "Kod kraju do żądania podpisania certyfikatu X.509:" #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Proszę wprowadzić dwuliterowy kod kraju, w którym położony jest serwer (np. " "\"PL\" dla Polski)." #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "OpenSSL odmówi utworzenia certyfikatu, jeśli nie jest to właściwy kod kraju " "ISO-3166; pozostawienie pustego pola, przy certyfikacie X.509, jest " "dozwolone we wszystkich innych przypadkach, poza tym." #. Type: string #. Description #: ../openswan.templates:11001 msgid "State or province name for the X.509 certificate request:" msgstr "Nazwa regionu lub prowincji do żądania podpisania certyfikatu X.509:" #. Type: string #. Description #: ../openswan.templates:11001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Proszę wprowadzić pełną nazwę regionu lub prowincji w której położony jest " "serwer (np. \"Malopolska\")." #. Type: string #. Description #: ../openswan.templates:12001 msgid "Locality name for the X.509 certificate request:" msgstr "Nazwa lokalizacji do żądania podpisania certyfikatu X.509:" #. Type: string #. Description #: ../openswan.templates:12001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Proszę wprowadzić nazwę lokalizacji serwera (z reguły miasto, np. \"Krakow" "\")." #. Type: string #. Description #: ../openswan.templates:13001 msgid "Organization name for the X.509 certificate request:" msgstr "Nazwa organizacji do żądania podpisania certyfikatu X.509:" #. Type: string #. Description #: ../openswan.templates:13001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" "Proszę wprowadzić nazwę organizacji, do której należy serwer (np. \"Debian" "\")." #. Type: string #. Description #: ../openswan.templates:14001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Jednostka organizacyjna do żądania podpisania certyfikatu X.509:" #. Type: string #. Description #: ../openswan.templates:14001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Proszę wprowadzić nazwę jednostki organizacyjnej do której należy serwer " "(np. \"grupa bezpieczeństwa\")." #. Type: string #. Description #: ../openswan.templates:15001 msgid "Common Name for the X.509 certificate request:" msgstr "" "Nazwa domeny (ang. Common Name) do żądania podpisania certyfikatu X.509:" #. Type: string #. Description #: ../openswan.templates:15001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Proszę wprowadzić nazwę domeny (ang. Common Name) dla tego komputera (np. " "\"gateway.example.org\")." #. Type: string #. Description #: ../openswan.templates:16001 msgid "Email address for the X.509 certificate request:" msgstr "Adres poczty elektronicznej do żądania podpisania certyfikatu X.509:" #. Type: string #. Description #: ../openswan.templates:16001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Proszę wprowadzić adres poczty elektronicznej osoby lub organizacji " "odpowiedzialnej za certyfikat X.509." #. Type: note #. Description #: ../openswan.templates:17001 msgid "Modification of /etc/ipsec.conf" msgstr "Modyfikacja /etc/ipsec.conf" #. Type: note #. Description #: ../openswan.templates:17001 msgid "" "Due to a change in upstream Openswan, opportunistic encryption is no longer " "enabled by default. The no_oe.conf file that was shipped in earlier versions " "to explicitly disable it can therefore no longer be included by ipsec.conf. " "Any such include paragraph will now be automatically removed to ensure that " "Openswan can start correctly." msgstr "" "Z powodu zmian w macierzystym projekcie Openswan, tzw. \"szyfrowanie " "oportunistyczne\" nie jest dłużej domyślnie włączone. Plik no_oe.conf, który " "był dołączony do wcześniejszych wersji aby je jawnie wyłączyć, nie może być " "dłużej dołączony do ipsec.conf. Każdy taki dołączony akapit, zostanie " "automatycznie usunięty, aby upewnić się, że Openswan może się poprawnie " "uruchomić." debian/po/it.po0000664000000000000000000004152012010653511010556 0ustar # Italian translation of openswan debconf messages. # Copyright (C) 2000-2010, Rene Mayrhofer # This file is distributed under the same license as the openswan package. # Beatrice Torracca , 2012. msgid "" msgstr "" "Project-Id-Version: openswan 1_2.6.37-1\n" "Report-Msgid-Bugs-To: openswan@packages.debian.org\n" "POT-Creation-Date: 2010-07-29 19:03+0200\n" "PO-Revision-Date: 2012-02-21 17:24+0200\n" "Last-Translator: Beatrice Torracca \n" "Language-Team: Italian \n" "Language: it\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Virtaal 0.7.1\n" #. Type: note #. Description #: ../openswan.templates:1001 msgid "Old runlevel management superseded" msgstr "La vecchia gestione dei runlevel è stata sorpassata" #. Type: note #. Description #: ../openswan.templates:1001 msgid "" "Previous versions of the Openswan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your Openswan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Le precedenti versioni del pacchetto Openswan permettevano di scegliere tra " "tre diversi livelli di Avvio/Stop. A causa di cambiamenti nella procedura " "standard di avvio del sistema, ciò non è più necessario o utile. Per tutte " "le nuove installazioni, così come quelle vecchie in esecuzione in una delle " "modalità predefinite, verranno ora impostati dei livelli predefiniti " "ragionevoli. Se si sta aggiornando da una versione precedente e i parametri " "di avvio di Openswan erano stati modificati, allora guardare le istruzioni " "in NEWS.Debian su come modificare la propria configurazione in modo " "appropriato." #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "Restart Openswan now?" msgstr "Riavviare Openswan adesso?" #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "" "Restarting Openswan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such " "an Openswan tunnel to connect for this update, restarting is not recommended." msgstr "" "È raccomandato di riavviare Openswan dato che, se è stata aggiunta la " "soluzione ad un problema di sicurezza, questa non sarà attiva fino a quando " "il demone non viene riattivato. La maggior parte degli utenti si aspetta il " "riavvio del demone, perciò questa è generalmente una buona idea. Tuttavia " "ciò potrebbe far cadere connessioni esistenti e poi riattivarle, perciò se " "si sta usando un tunnel Openswan per connettersi per questo aggiornamento, " "riavviare non è raccomandato." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "Use an X.509 certificate for this host?" msgstr "Usare un certificato X.509 per questo host?" #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "È possibile creare o importare automaticamente un certificato X.509 per " "questo host. Può essere usato per autenticare connessioni IPsec ad altri " "host ed è il metodo preferito per stabilire connessioni IPsec sicure. " "L'altra possibilità è di usare segreti condivisi (password che sono uguali " "da entrambi i lati del tunnel) per l'autenticazione di una connessione, ma " "per connessioni più numerose l'autenticazione basata su chiave è più facile " "da amministrare e più sicura." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure openswan\" to come back." msgstr "" "In alternativa si può scartare questa opzione e successivamente usare il " "comando \"dpkg-reconfigure openswan\" per ritornarvi." #. Type: select #. Choices #: ../openswan.templates:4001 msgid "create" msgstr "crea" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "import" msgstr "importa" #. Type: select #. Description #: ../openswan.templates:4002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "Metodi per usare un certificato X.509 per autenticare questo host:" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "Per autenticare connessioni IPsec, è possibile creare un nuovo certificato " "X.509 con impostazioni definite dall'utente oppure importare una chiave " "pubblica e una privata esistenti memorizzate in file PEM." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Se si sceglie di creare un nuovo certificato X.509, verranno poste dapprima " "alcune domande a cui si dovrà rispondere prima che la creazione possa " "iniziare. Tenere a mente che, se si desidera che la chiave pubblica venga " "firmata da una Certificate Authority esistente, non si deve scegliere di " "creare un certificato auto-firmato e tutte le risposte fornite devono " "corrispondere esattamente ai requisiti della CA, altrimenti la richiesta di " "certificato potrebbe essere respinta." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Se si desidera importare una chiave pubblica e una privata esistenti " "verranno chiesti i nomi dei loro file (che possono essere identici se " "entrambe le parti sono memorizzate insieme in un unico file). Opzionalmente " "si può specificare anche un nome di file dove sono archiviate le chiavi " "pubbliche della Certificate Authority, ma questo file non può coincidere con " "quelli precedenti. Notare inoltre che il formato dei certificati X.509 deve " "essere PEM e che la chiave privata non deve essere cifrata altrimenti la " "procedura di importazione fallirà." #. Type: string #. Description #: ../openswan.templates:5001 msgid "File name of your PEM format X.509 certificate:" msgstr "Nome del file del certificato X.509 in formato PEM:" #. Type: string #. Description #: ../openswan.templates:5001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Inserire la posizione del file contenente il certificato X.509 in formato " "PEM." #. Type: string #. Description #: ../openswan.templates:6001 msgid "File name of your PEM format X.509 private key:" msgstr "Nome del file della chiave privata X.509 in formato PEM:" #. Type: string #. Description #: ../openswan.templates:6001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Inserire la posizione del file contenente la chiave privata RSA che " "corrisponde al proprio certificato X.509 in formato PEM. Può essere lo " "stesso file che contiene il certificato X.509." #. Type: string #. Description #: ../openswan.templates:7001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Nome del file della RootCA X.509 in formato PEM:" #. Type: string #. Description #: ../openswan.templates:7001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Opzionalmente è possibile inserire adesso la posizione del file contenente " "la root della Certificate Authority X.509 usata per firmare il certificato " "in formato PEM. Se una non è disponibile o se non si desidera usarla, " "lasciare il campo vuoto. Notare che non è possibile memorizzare la RootCA " "nello stesso file del certificato o della chiave privata X.509." #. Type: string #. Description #: ../openswan.templates:8001 msgid "Length of RSA key to be created:" msgstr "Lunghezza della chiave RSA da creare:" #. Type: string #. Description #: ../openswan.templates:8001 msgid "" "Please enter the required RSA key-length. Anything under 1024 bits should be " "considered insecure; anything more than 4096 bits slows down the " "authentication process and is not useful at present." msgstr "" "Inserire la lunghezza richiesta per la chiave RSA. Qualsiasi valore " "inferiore ai 1024 bit dovrebbe essere considerato non sicuro; qualsiasi " "valore superiore ai 4096 bit rallenta il processo di autenticazione e al " "momento non è utile." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "Create a self-signed X.509 certificate?" msgstr "Creare un certificato X.509 auto-firmato?" #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using Openswan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Solo i certificati X.509 auto-firmati possono essere creati automaticamente, " "dato che altrimenti è necessaria una Certificate Authority che firmi la " "richiesta di certificato. Se si sceglie di creare un certificato auto-" "firmato, lo si può usare immediatamente per connettersi ad altri host IPsec " "che supportano certificati X.509 per l'autenticazione di connessioni IPsec. " "Tuttavia, l'uso delle funzionalità PKI di Openswan richiede che tutti i " "certificati siano firmati da una sola Certificate Authority per creare un " "percorso di fiducia." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Se non si sceglie di creare un certificato auto-firmato, verranno create " "soltanto la chiave privata RSA e la richiesta di certificato, e si dovrà " "firmare la richiesta di certificato con la propria Certificate Authority." #. Type: string #. Description #: ../openswan.templates:10001 msgid "Country code for the X.509 certificate request:" msgstr "Codice di nazione per la richiesta di certificato X.509:" #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Inserire il codice di due lettere per la nazione in cui ha sede il server " "(come \"AT\" per l'Austria)." #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "OpenSSL si rifiuterà di generare un certificato a meno che questo non sia un " "codice di nazione ISO-3166 valido; la presenza di un campo vuoto è permessa " "in altre parti del certificato X.509, ma non qui." #. Type: string #. Description #: ../openswan.templates:11001 msgid "State or province name for the X.509 certificate request:" msgstr "" "Nome dello stato o della provincia per la richiesta di certificato X.509:" #. Type: string #. Description #: ../openswan.templates:11001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Inserire il nome completo dello stato o della provincia in cui ha sede il " "server (come \"Austria Settentrionale\")." #. Type: string #. Description #: ../openswan.templates:12001 msgid "Locality name for the X.509 certificate request:" msgstr "Nome della località per la richiesta di certificato X.509:" #. Type: string #. Description #: ../openswan.templates:12001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Inserire la località in cui ha sede il server (spesso una città, come " "\"Vienna\")." #. Type: string #. Description #: ../openswan.templates:13001 msgid "Organization name for the X.509 certificate request:" msgstr "Nome dell'organizzazione per la richiesta di certificato X.509:" #. Type: string #. Description #: ../openswan.templates:13001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" "Inserire l'organizzazione a cui appartiene il server (come \"Debian\")." #. Type: string #. Description #: ../openswan.templates:14001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Unità organizzativa per la richiesta di certificato X.509:" #. Type: string #. Description #: ../openswan.templates:14001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Inserire l'unità organizzativa a cui appartiene il server (come \"gruppo di " "sicurezza\")." #. Type: string #. Description #: ../openswan.templates:15001 msgid "Common Name for the X.509 certificate request:" msgstr "Nome comune per la richiesta di certificato X.509:" #. Type: string #. Description #: ../openswan.templates:15001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Inserire il nome comune per questo host (come \"gateway.example.org\")." #. Type: string #. Description #: ../openswan.templates:16001 msgid "Email address for the X.509 certificate request:" msgstr "Indirizzo di posta elettronica per la richiesta di certificato X.509:" #. Type: string #. Description #: ../openswan.templates:16001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Inserire l'indirizzo di posta elettronica della persona o " "dell'organizzazione responsabile per il certificato X.509." #. Type: note #. Description #: ../openswan.templates:17001 msgid "Modification of /etc/ipsec.conf" msgstr "Modifica di /etc/ipsec.conf" #. Type: note #. Description #: ../openswan.templates:17001 msgid "" "Due to a change in upstream Openswan, opportunistic encryption is no longer " "enabled by default. The no_oe.conf file that was shipped in earlier versions " "to explicitly disable it can therefore no longer be included by ipsec.conf. " "Any such include paragraph will now be automatically removed to ensure that " "Openswan can start correctly." msgstr "" "A causa di un cambiamento nella versione originale a monte di Openswan, la " "cifratura opportunistica non è più abilitata in modo predefinito. Il file " "no_oe.conf, che veniva fornito nelle versioni precedenti per disabilitarlo " "in modo esplicito, non può perciò più essere incluso in ipsec.conf. " "Qualsiasi sezione include di questo tipo sarà adesso rimossa automaticamente " "per garantire il corretto avvio di Openswan." debian/po/tr.po0000664000000000000000000004061012010653511010566 0ustar # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Atila KOÇ , 2012. # msgid "" msgstr "" "Project-Id-Version: openswan\n" "Report-Msgid-Bugs-To: openswan@packages.debian.org\n" "POT-Creation-Date: 2010-07-29 19:03+0200\n" "PO-Revision-Date: 2012-02-13 14:22+0200\n" "Last-Translator: Atila KOÇ \n" "Language-Team: Türkçe \n" "Language: tr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../openswan.templates:1001 msgid "Old runlevel management superseded" msgstr "Eski çalışma düzeyi yönetimi yerine yenisi geçti" #. Type: note #. Description #: ../openswan.templates:1001 msgid "" "Previous versions of the Openswan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your Openswan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Openswan paketinin önceki sürümleri üç farklı Başlama/Durma-Seviyesi " "arasında seçim şansı tanırdı. Bu, olağan sistem başlatma yordamındaki " "değişiklikler nedeni ile artık gerekli ya da faydalı değildir. Şimdi tüm " "yeni kurulumlar ve herhangi bir öntanımlı kipte çalışan eskiler için aynı " "öntanımlı seviyeler ayarlanacaktır. Eğer eski bir sürümü yükseltiyorsanız ya " "da Openswan başlatma değişkenlerinizi değiştirdiyseniz, kurulumunuzu nasıl " "uyumlandıracağınızı anlamak için NEWS.Debian'a göz atınız." #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "Restart Openswan now?" msgstr "Openswan şimdi yeniden başlatılsın mı?" #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "" "Restarting Openswan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such " "an Openswan tunnel to connect for this update, restarting is not recommended." msgstr "" "Yapılan güvenlik iyileştirmesi artalan süreci yeniden başlatılmadan " "uygulanamayacağından, Openswan'ı yeniden başlatmanız önerilir. Çoğu kişi " "artalan sürecinin tekrar başlayacağını düşünür ve bu genellikle aldatıcıdır. " "Oysa, yeniden başlatma, varolan bağlantıları koparıp yeniden yapar ki, eğer " "bu güncellemeyi bir Openswan tüneli bağlantısını kullanarak yapıyorsanız " "yeniden başlatma önerilmez." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "Use an X.509 certificate for this host?" msgstr "Bu makine için bir X.509 sertifikası kullanılsın mı?" #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Bu makine için bir X.509 sertifikası kendiliğinden yaratılabilir ya da içe " "aktarılabilir. Bu sertifika diğer makinelerle IPsec bağlantılarını " "yetkilendirmek için kullanılacaktır ve bu yöntem güvenli IPsec bağlantıları " "için yeğlenen seçenektir. Başka bir seçenek de bağlantıyı yetkilendirmek " "için paylaşılan gizlerin (tünelin her iki tarafında da aynı olan parolalar) " "kullanılmasıdır, fakat çoğu bağlantılarda anahtar tabanlı yetkilendirme daha " "kolay yönetilir ve daha güvenlidir." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure openswan\" to come back." msgstr "" "Dilerseniz bu öneriyi geri çevirir ve daha sonra \"dpkg-reconfigure openswan" "\" komutu ile yeniden değerlendirebilirisiniz." #. Type: select #. Choices #: ../openswan.templates:4001 msgid "create" msgstr "yarat" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "import" msgstr "içe aktar" #. Type: select #. Description #: ../openswan.templates:4002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "Bu makineyi yetkilendirmek için X.509 sertifika kullanım yöntemleri:" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "IPsec bağlantılarını yetkilendirmek için kullanıcı tanımlı ayarlar ile yeni " "bir X.509 sertifikası yaratmak ya da PEM dosyası içinde varolan bir anahtarı " "içe aktarmak olasıdır." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Eğer yeni bir X.509 sertifikası yaratma seçeneğini seçerseniz, sertifika " "yaratılmadan önce bir takım soruları yanıtlamanız gerekecektir. Unutmayın, " "eğer ortak anahtarın varolan bir Sertifika Yetkilisi (CA) tarafından " "imzalanmasını istiyorsanız, kendiliğinden imzalı bir sertifika yaratmayı " "seçmemeli ve vereceğiniz tüm yanıtların Sertifika Yetkilisinin koşullarını " "bütünüyle karşıladığından emin olmalısınız, tersi durumda sertifika " "isteğiniz geri çevirilebilir." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Eğer varolan bir özel ve genel anahtarı içe aktarmak istiyorsanız, onların " "dosya adlarını girmeniz istenecektir (ve eğer anahtarların ikisi de aynı " "dosyada ise dosya adları da aynı olacaktır). İsteğe bağlı olarak, Sertifika " "Yetkilisinin genel anahtarını barındıran dosya adını belirtebilirsiniz, " "fakat bu dosya öncekilerle aynı olamaz. X.509 sertifikalarının biçiminin PEM " "ve özel anahtarın şifrelenmemiş olması gerektiğini unutmayın yoksa içe " "aktarma süreci başarısız olacaktır." #. Type: string #. Description #: ../openswan.templates:5001 msgid "File name of your PEM format X.509 certificate:" msgstr "PEM biçimindeki X.509 sertifikanızın dosya adı:" #. Type: string #. Description #: ../openswan.templates:5001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "PEM biçimindeki X.509 sertifikanızı barındıran dosyanın yolunu giriniz." #. Type: string #. Description #: ../openswan.templates:6001 msgid "File name of your PEM format X.509 private key:" msgstr "PEM biçimindeki X.509 özel anahtarınızın dosya adı:" #. Type: string #. Description #: ../openswan.templates:6001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "X.509 sertifikanıza karşılık gelen özel RSA anahtarınızı barındıran PEM " "biçimindeki dosyanın yolunu giriniz. Bu dosya, X.509 sertifikasını " "barındıran dosya ile aynı olabilir." #. Type: string #. Description #: ../openswan.templates:7001 msgid "File name of your PEM format X.509 RootCA:" msgstr "PEM biçimindeki X.509 KökSY (RootCA) dosya adı:" #. Type: string #. Description #: ../openswan.templates:7001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Şimdi, isteğe bağlı olarak, sertifikanızı imzalamak için kullanılan X.509 " "Sertifika Yetkilisi kökünü barındıran dosyanın yolunu girebilirsiniz. Eğer " "yoksa ya da kullanmak istemiyorsanız bu alanı boş bırakınız. Unutmayın, " "KökSY (RootCA) ile X.509 sertifikanızı ya da özel anahtarınızı aynı dosyada " "tutamazsınız." #. Type: string #. Description #: ../openswan.templates:8001 msgid "Length of RSA key to be created:" msgstr "Yaratılacak RSA anahtarının uzunluğu girin:" #. Type: string #. Description #: ../openswan.templates:8001 msgid "" "Please enter the required RSA key-length. Anything under 1024 bits should be " "considered insecure; anything more than 4096 bits slows down the " "authentication process and is not useful at present." msgstr "" "Yaratılacak RSA anahtar uzunluğunu giriniz. 1024 bit'ten kısa olduğunda " "güvenilirliğini yitirir; 4096 bit'ten uzun olduğunda doğrulama sürecini " "yavaşlatır ve zaten şu an faydası da yoktur." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "Create a self-signed X.509 certificate?" msgstr "Öz imzalı bir sertifika yaratılsın mı?" #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using Openswan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Yalnızca öz imzalı X.509 sertifikaları kendiliğinden yaratılabilir, çünkü " "öteki durumda sertifika isteğini imzalaması için bir Sertifika Yetkilisi " "gereklidir. Eğer öz imzalı bir sertifika yaratmayı seçerseniz, onu hemen " "X.509 sertifikaları ile yetkilendirmeyi destekleyen diğer IPsec makineleri " "ile bağlanmak için kullanabilirsiniz. Öte yandan, Openswan'ın PKI " "özellikleri, güven yolu oluşturmak için tüm sertifikaların aynı Sertifika " "Yetkilisi tarafından imzalanmış olmasını gerektirir." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Eğer öz imzalı bir sertifika yaratmayı seçmezseniz, yalnızca RSA özel " "anahtarı ve sertifika isteği yaratılacaktır ve sizin bu isteği Sertifika " "Yetkilinize imzalatmanız gerekecektedir." #. Type: string #. Description #: ../openswan.templates:10001 msgid "Country code for the X.509 certificate request:" msgstr "X.509 sertifika isteği için ülke kodu:" #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Sunucunun bulunduğu ülke için iki harfli ülke kodunu giriniz (Türkiye için " "\"TR\" gibi)." #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "Bu geçerli bir ISO-3166 ülke kodu olmadığı sürece OpenSSL sertifika üretmeyi " "geri çevirecektir. X.509 sertifikasının başka bir yerinde boş alan kabul " "edilir ama burada değil." #. Type: string #. Description #: ../openswan.templates:11001 msgid "State or province name for the X.509 certificate request:" msgstr "X.509 sertifika isteği için şehir adı:" #. Type: string #. Description #: ../openswan.templates:11001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "Sunucunun bulunduğu şehrin tam adını giriniz (örneğin \"Ankara\")." #. Type: string #. Description #: ../openswan.templates:12001 msgid "Locality name for the X.509 certificate request:" msgstr "X.509 sertifika isteği için ilçe adı:" #. Type: string #. Description #: ../openswan.templates:12001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "Sunucunun bulunduğu ilçeyi girin (örneğin \"Yenimahalle\" gibi):" #. Type: string #. Description #: ../openswan.templates:13001 msgid "Organization name for the X.509 certificate request:" msgstr "X.509 sertifika isteği için örgüt adı:" #. Type: string #. Description #: ../openswan.templates:13001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "Sunucunuzun bağlı olduğu örgütü giriniz (örneğin \"Debian\")." #. Type: string #. Description #: ../openswan.templates:14001 msgid "Organizational unit for the X.509 certificate request:" msgstr "X.509 sertifika isteği için örgütsel birim:" #. Type: string #. Description #: ../openswan.templates:14001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Sunucunuzun bağlı olduğu örgütsel birimi giriniz (örneğin \"Çeviri Birimi\")." #. Type: string #. Description #: ../openswan.templates:15001 msgid "Common Name for the X.509 certificate request:" msgstr "X.509 sertifika isteği için Genel Ad:" #. Type: string #. Description #: ../openswan.templates:15001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "Bu makine için Genel Ad giriniz (örneğin \"gecit.example.org\")." #. Type: string #. Description #: ../openswan.templates:16001 msgid "Email address for the X.509 certificate request:" msgstr "X.509 sertifika isteği için e-posta adresi:" #. Type: string #. Description #: ../openswan.templates:16001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "X.509 sertifikasından sorumlu kişinin ya da örgütün e-posta adresini giriniz." #. Type: note #. Description #: ../openswan.templates:17001 msgid "Modification of /etc/ipsec.conf" msgstr "/etc/ipsec.conf dosyasındaki değişiklikler" #. Type: note #. Description #: ../openswan.templates:17001 msgid "" "Due to a change in upstream Openswan, opportunistic encryption is no longer " "enabled by default. The no_oe.conf file that was shipped in earlier versions " "to explicitly disable it can therefore no longer be included by ipsec.conf. " "Any such include paragraph will now be automatically removed to ensure that " "Openswan can start correctly." msgstr "" "Openswan'da kaydedilen iyileştirmeler nedeni ile Fırsatçı Şifreleme " "(Opportunistic Encryption - OE) öntanımlı olarak devre dışı bırakılmıştır. " "Önceki sürümlerde fırsatçı şifrelemeyi devre dışı bırakmak için dağıtılan " "no_oe.conf dosyası artık ipsec.conf yapılandırma dosyasında yer " "almamaktadır. Openswan'ın düzgün başlamasını sağlamak amacıyla yapılandırma " "dosyasından Fırsatçı Şifreleme ile ilgili içerme satırları çıkarılacaktır." debian/po/ja.po0000664000000000000000000007003012010653511010532 0ustar # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # # Developers do not need to manually edit POT or PO files. # # msgid "" msgstr "" "Project-Id-Version: openswan 1:2.6.28+dfsg-5+b1\n" "Report-Msgid-Bugs-To: openswan@packages.debian.org\n" "POT-Creation-Date: 2010-07-29 19:03+0200\n" "PO-Revision-Date: 2011-05-03 10:52+0900\n" "Last-Translator: Hideki Yamane \n" "Language-Team: Japanese \n" "Language: ja\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../openswan.templates:1001 msgid "Old runlevel management superseded" msgstr "以前のランレベル管理は不要になりました" #. Type: note #. Description #: ../openswan.templates:1001 msgid "" "Previous versions of the Openswan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your Openswan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Openswan パッケージの以前のバージョンでは、3 つの異なった Start/Stop レベルか" "ら選べるようになっていました。標準のシステム起動手順が変更されたことによっ" "て、これはもう必要ではなくなったりあるいは役立たなくなったりしています。これ" "まで事前定義されていたモードで動作していたのものと同様に、新規にインストール" "したものは適切なデフォルトのレベルが設定されるようになっています。以前のバー" "ジョンからのアップグレードで Openswan の起動パラメータを変更していた場合は、" "どのように設定を修正するかは NEWS.Debian の指示を参照してください。" #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "Restart Openswan now?" msgstr "Openswan を今すぐ再起動しますか?" #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "" "Restarting Openswan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such " "an Openswan tunnel to connect for this update, restarting is not recommended." msgstr "" "セキュリティ修正があった場合、デーモンが再起動されるまでは修正が反映されない" "ので、Openswan の再起動をお勧めします。多くの人はデーモンが再起動するのを予期" "していますので、これは大抵の場合問題ありません。しかし、この作業では現在の接" "続が一旦切断されてから再度繋ぎなおすことになるので、今回のアップデートに " "Openswan のトンネルを使っているような場合は、再起動はお勧めしません。" #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "Use an X.509 certificate for this host?" msgstr "このホストに対して X.509 証明書を利用しますか?" #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "このホスト用に X.509 証明書を自動的に生成あるいはインポートできます。他のホス" "トとの IPSec 通信での認証に利用可能で、セキュアな IPSec 通信を確立する方法と" "して好まれています。他に利用可能な方法としては共通鍵 (PSK、トンネルの双方で同" "じパスワードを利用する) を通信の認証に利用するというのがありますが、多数の接" "続に対しては RSA 認証のほうが管理がより簡単でよりセキュアです。" #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure openswan\" to come back." msgstr "" "または、この選択肢を選ばないでおいて、後ほど「dpkg-reconfigure openswan」を実" "行して再度呼び出すこともできます。" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "create" msgstr "作成する" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "import" msgstr "インポートする" #. Type: select #. Description #: ../openswan.templates:4002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "このホストを認証するのに利用する X.509 証明書をどうするか:" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "ユーザが定義した設定で新規に X.509 証明書を作成することも、IPsec 接続認証用の" "既存の PEM ファイル形式で保存されている公開鍵および秘密鍵をインポートすること" "も可能です。" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "新規に X.509 証明書を作るのを選択した場合は、作成を始める前に答える必要がある" "質問をまず大量に尋ねられます。既存の認証局によって署名された公開鍵が必要な場" "合は、自己署名認証を作成するのを選んではならず、回答はすべて認証局 (CA) の要" "求項目に完全に一致している必要があることに留意してください。そうでない場合" "は、証明書要求は拒否されることになるでしょう。" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "既存の公開鍵および秘密鍵をインポートしたい場合は、ファイル名を尋ねられます " "(両方が一つのファイルに保存されている場合は全く同じになるかもしれません)。ど" "こに認証局の公開鍵が保存されているかを指定することも任意で可能ですが、この" "ファイルは先ほどのものと同じにはできません。X.509 証明書は PEM 形式であり、秘" "密鍵は暗号化されていないことが必要なことにも注意ください。さもなくばインポー" "ト作業は失敗します。" #. Type: string #. Description #: ../openswan.templates:5001 msgid "File name of your PEM format X.509 certificate:" msgstr "PEM 形式の X.509 証明書のファイル名:" #. Type: string #. Description #: ../openswan.templates:5001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "PEM 形式の X.509 証明書を含んでいるファイルの場所を入力してください。" #. Type: string #. Description #: ../openswan.templates:6001 msgid "File name of your PEM format X.509 private key:" msgstr "PEM 形式の X.509 ルート CA のファイル名:" #. Type: string #. Description #: ../openswan.templates:6001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "PEM 形式の X.509 証明書に対応する RSA 秘密鍵を含むファイルの場所を入力してく" "ださい。これは X.509 証明書を含んでいるファイルと同じで構いません。" #. Type: string #. Description #: ../openswan.templates:7001 msgid "File name of your PEM format X.509 RootCA:" msgstr "PEM 形式の X.509 ルート CA のファイル名:" #. Type: string #. Description #: ../openswan.templates:7001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "X.509 認証局のルートが証明書に署名するのに使った PEM 形式のファイルを含んだ" "ファイルの場所を入力することも任意で可能です。これを持っていない、あるいは利" "用したくないという場合にはこの欄を空のままにしておいてください。ルート CA を " "X.509 証明書や秘密鍵と同じファイルに保存するのはできないことにご注意くださ" "い。" #. Type: string #. Description #: ../openswan.templates:8001 msgid "Length of RSA key to be created:" msgstr "作成する RSA 鍵の鍵長を入力してください:" #. Type: string #. Description #: ../openswan.templates:8001 msgid "" "Please enter the required RSA key-length. Anything under 1024 bits should be " "considered insecure; anything more than 4096 bits slows down the " "authentication process and is not useful at present." msgstr "" "生成する RSA 鍵の長さを入力してください。安全のため、1024 ビット未満にすべき" "ではありません。4096 ビットより大きなものにする必要もないでしょう。認証プロセ" "スが遅くなりますし、現時点ではおそらく必要ありません。" #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "Create a self-signed X.509 certificate?" msgstr "自己署名 X.509 証明書を生成しますか?" #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using Openswan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "証明書要求に署名するためには認証局が必要となるので、自動的に行うには自己署名 " "X.509 証明書のみが生成が可能です。自己署名証明書の作成を選んだ場合は、すぐに" "これを利用して、IPSec 接続の認証に X.509 証明書を利用している他の IPSec ホス" "トへの接続が可能になります。しかし、strongSwan の PKI 機能を使いたい場合は、" "trust path を生成するために単一の認証局によってすべての X.509 証明書に署名し" "てもらう必要があります。" #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "自己署名証明書を作成したくない場合、RSA 秘密鍵と対応する証明書要求のみが作成" "されるので、認証局に対して証明書要求に署名をしてもらう必要が生じます。" #. Type: string #. Description #: ../openswan.templates:10001 msgid "Country code for the X.509 certificate request:" msgstr "X.509 証明書要求に記載する国コード:" #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "サーバが存在する場所の二文字の国コード (例えば日本の場合は「JP」) を入力して" "ください。" #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "OpenSSL は、正規の ISO-3166 国コードが無いと証明書の生成を拒否します。X.509 " "証明書において、他のフィールドについては空でも構いませんが、これについては許" "可されていません。" #. Type: string #. Description #: ../openswan.templates:11001 msgid "State or province name for the X.509 certificate request:" msgstr "X.509 証明書要求に記載する都道府県名:" #. Type: string #. Description #: ../openswan.templates:11001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "サーバ所在地の都道府県名 (例:「Tokyo」)を入力してください。" #. Type: string #. Description #: ../openswan.templates:12001 msgid "Locality name for the X.509 certificate request:" msgstr "X.509 証明書要求に記載する地域名:" #. Type: string #. Description #: ../openswan.templates:12001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "サーバ所在地 (大抵は「Shinjuku」のような市区名)を入力してください。" #. Type: string #. Description #: ../openswan.templates:13001 msgid "Organization name for the X.509 certificate request:" msgstr "X.509 証明書要求に記載する組織名:" #. Type: string #. Description #: ../openswan.templates:13001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "サーバが所属する組織 (「Debian」など) を入力してください。" #. Type: string #. Description #: ../openswan.templates:14001 msgid "Organizational unit for the X.509 certificate request:" msgstr "X.509 証明書要求に記載する部署名:" #. Type: string #. Description #: ../openswan.templates:14001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "サーバが所属する部署名 (「security group」など) を入力してください。" #. Type: string #. Description #: ../openswan.templates:15001 msgid "Common Name for the X.509 certificate request:" msgstr "X.509 証明書要求に記載するコモンネーム:" #. Type: string #. Description #: ../openswan.templates:15001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "このホスト用の (「gateway.example.org」のような) コモンネームを入力してくださ" "い。" #. Type: string #. Description #: ../openswan.templates:16001 msgid "Email address for the X.509 certificate request:" msgstr "X.509 証明書要求に記載するメールアドレス:" #. Type: string #. Description #: ../openswan.templates:16001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "X.509 証明書についての対応を行う、個人あるいは団体のメールアドレスを入力して" "ください。" #. Type: note #. Description #: ../openswan.templates:17001 msgid "Modification of /etc/ipsec.conf" msgstr "/etc/ipsec.conf の変更" #. Type: note #. Description #: ../openswan.templates:17001 msgid "" "Due to a change in upstream Openswan, opportunistic encryption is no longer " "enabled by default. The no_oe.conf file that was shipped in earlier versions " "to explicitly disable it can therefore no longer be included by ipsec.conf. " "Any such include paragraph will now be automatically removed to ensure that " "Openswan can start correctly." msgstr "" "Openswan の開発元での変更により、 opportunistic encryption (OE) はデフォルト" "では有効にはならなくなりました。以前のバージョンで明示的に無効にするために配" "布されていた no_oe.conf ファイルですが、ipsec.conf で含める必要は最早なくなり" "ました。そのような指定を含んでいる行は、Openswan が正常に起動するのを確実にす" "るため、自動的に削除されます。" #~ msgid "Please enter which length the created RSA key should have:" #~ msgstr "生成 する RSA 鍵の長さを入力してください:" #~ msgid "" #~ "Please enter the 2 letter country code for your country. This code will " #~ "be placed in the certificate request." #~ msgstr "" #~ "あなたの国の国コードを2文字で入力してください。このコードは証明書要求に記" #~ "載されます。" #~ msgid "Example: AT" #~ msgstr "例: JP" #~ msgid "Example: Upper Austria" #~ msgstr "例: Tokyo" #~ msgid "" #~ "Please enter the locality (e.g. city) where you live. This name will be " #~ "placed in the certificate request." #~ msgstr "" #~ "あなたの在住している地方の名前 (例: 市町村名) を入力してください。これは証" #~ "明書要求に記載されます。" #~ msgid "Example: Vienna" #~ msgstr "例: Shinjuku-ku" #~ msgid "Example: Debian" #~ msgstr "例: Debian" #~ msgid "Example: security group" #~ msgstr "例: security group" #~ msgid "" #~ "Please enter the common name (e.g. the host name of this machine) for " #~ "which the X509 certificate should be created for. This name will be " #~ "placed in the certificate request." #~ msgstr "" #~ "X509 証明書の生成対象となるべきコモンネーム (例: このマシンのホスト名) を" #~ "入力してください。これは証明書要求に記載されます。" #~ msgid "Example: gateway.debian.org" #~ msgstr "例: gateway.debian.org" #~ msgid "Do you want to create a RSA public/private keypair for this host?" #~ msgstr "このホストの RSA 公開鍵と秘密鍵のキーペアを生成しますか?" #~ msgid "" #~ "If you do not want to create a new public/private keypair, you can choose " #~ "to use an existing one." #~ msgstr "" #~ "新しい公開鍵と秘密鍵のキーペアを生成したくないという場合は、既存の鍵を使う" #~ "のを選ぶこともできます。" #~ msgid "plain" #~ msgstr "通常のタイプ" #~ msgid "" #~ "It is possible to create a plain RSA public/private keypair for use with " #~ "Openswan or to create a X509 certificate file which contains the RSA " #~ "public key and additionally stores the corresponding private key." #~ msgstr "" #~ "Openswan で利用する通常の RSA 公開鍵・秘密鍵のキーペアを作れます。あるい" #~ "は RSA 公開鍵を (さらにはそれに対応する秘密鍵も) 含む X509 証明書ファイル" #~ "も同様です。" #~ msgid "" #~ "If you only want to create IPsec connections to hosts also running " #~ "Openswan, it might be a bit easier using plain RSA keypairs. But if you " #~ "want to connect to other IPsec implementations, you will need a X509 " #~ "certificate. It is also possible to create a X509 certificate here and " #~ "extract the RSA public key in plain format if the other side runs " #~ "Openswan without X509 certificate support." #~ msgstr "" #~ "既に Openswan を動作させているホストと IPSec 通信を生成したいだけの場合" #~ "は、通常の RSA キーペアを使用すると多少簡単になります。しかし、他の IPSec " #~ "実装との接続を行いたい場合は X509 証明書が必要になります。通信を行う対象の" #~ "ホストが Openswan を X509 証明書のサポート無しで運用していた場合、ここで " #~ "X509 証明書を生成して、後ほど RSA 公開鍵を通常の形式に展開することも可能で" #~ "す。" #~ msgid "" #~ "Therefore a X509 certificate is recommended since it is more flexible and " #~ "this installer should be able to hide the complex creation of the X509 " #~ "certificate and its use in Openswan." #~ msgstr "" #~ "したがって X509 証明書がお勧めです。こちらのほうが柔軟ですし、このインス" #~ "トーラを使えば、X509 証明書の生成や Openswan での利用に際しての面倒さを隠" #~ "蔽してくれるはずです。" #~ msgid "" #~ "This installer can automatically extract the needed information from an " #~ "existing X509 certificate with a matching RSA private key. Both parts can " #~ "be in one file, if it is in PEM format. If you have such an existing " #~ "certificate and key file please select if want to use it for " #~ "authenticating IPSec connections." #~ msgstr "" #~ "このインストーラは既存の X509 証明書から RSA 秘密鍵と照らし合わせて必要な" #~ "情報を自動的に展開する事が可能です。 PEM 形式の場合、双方を一つのファイル" #~ "にまとめることも可能です。そのような証明書と鍵のファイルがある場合、これら" #~ "を IPSec 通信での認証に使用したいのであれば、選択してください。" #~ msgid "x509, plain" #~ msgstr "x509, 通常のタイプ" #~ msgid "earliest, after NFS, after PCMCIA" #~ msgstr "可能な限り早く, NFS の起動後, PCMCIA の起動後" #~ msgid "" #~ "With the default system startup levels (nearly everything starting in " #~ "level 20), it is impossible for Openswan to always start at the correct " #~ "time. There are three possibilities when Openswan can start: before or " #~ "after the NFS services and after the PCMCIA services. The correct answer " #~ "depends on your specific setup." #~ msgstr "" #~ "デフォルトのシステムでの起動レベル (ほとんど全てがレベル20) のままでは、" #~ "Openswan を常には適切なタイミングで起動できません。Openswan を起動させるタ" #~ "イミングの選択肢としては3つが考えられます: NFS サービスの開始前・開始後・" #~ "PCMCIA サービスの開始後です。正解はあなたの設定次第です。" #~ msgid "" #~ "If the /usr tree of this system is not mounted via NFS (either you only " #~ "mount other, less vital trees via NFS or don't use NFS mounted trees at " #~ "all) and no PCMCIA network card is used, then it's best to start Openswan " #~ "at the earliest possible time, thus allowing the NFS mounts to be secured " #~ "by IPSec. In this case (or if you don't understand or care about this " #~ "issue), answer \"earliest\" to this question (the default)." #~ msgstr "" #~ "/usr がNFS 経由でマウントされておらず (他のパーティションやあまり重要では" #~ "ないパーティションを NFS 経由でマウントするか、または NFS マウントを全く使" #~ "わない)、加えて PCMCIA ネットワークカードを利用していない場合、可能な限り" #~ "早い時間に Openswan を起動するのがベストです。この設定によって、NFS でのマ" #~ "ウントは IPSec で保護されます。この場合 (またはこの問題を理解していないか" #~ "特に気にしない場合) 、「可能な限り早く」と質問に答えてください (デフォル" #~ "ト) 。" #~ msgid "" #~ "If the /usr tree is mounted via NFS and no PCMCIA network card is used, " #~ "then you will need to start Openswan after NFS so that all necessary " #~ "files are available. In this case, answer \"after NFS\" to this question. " #~ "Please note that the NFS mount of /usr can not be secured by IPSec in " #~ "this case." #~ msgstr "" #~ "/usr を NFS 経由でマウントしていて PCMCIA ネットワークカードを使用していな" #~ "い場合は、必要なファイルを利用可能にするために Openswan を NFS の後で起動" #~ "しなければなりません。この場合、「NFS の起動後」と答えてください。この時" #~ "に NFS 経由でマウントされる /usr は、IPSec によるセキュアな状態にはならな" #~ "いということに注意してください。" #~ msgid "" #~ "If you use a PCMCIA network card for your IPSec connections, then you " #~ "only have to choose to start it after the PCMCIA services. Answer \"after " #~ "PCMCIA\" in this case. This is also the correct answer if you want to " #~ "fetch keys from a locally running DNS server with DNSSec support." #~ msgstr "" #~ "IPSec 接続に PCMCIA ネットワークカードを利用していた場合、PCMCIA サービス" #~ "の起動後に Openswan を起動する以外に選択はありません。この場合、\"PCMCIA " #~ "起動後\" と答えてください。ローカルで動作している DNSSec 機能を使用してい" #~ "る DNS サーバから鍵を取得したい場合でも、この答えをしてください。" #~ msgid "Please select the level at which you wish to start Openswan:" #~ msgstr "どの段階で Openswan を起動させたいレベルを選んでください:" #~ msgid "Please select which type of RSA keypair you want to create:" #~ msgstr "作成したい RSA キーペアの種類を選んでください:" #~ msgid "Do you wish to enable opportunistic encryption in Openswan?" #~ msgstr "Openswan で opportunistic encryption を有効にしますか?" #~ msgid "" #~ "Openswan comes with support for opportunistic encryption (OE), which " #~ "stores IPSec authentication information (i.e. RSA public keys) in " #~ "(preferably secure) DNS records. Until this is widely deployed, " #~ "activating it will cause a significant slow-down for every new, outgoing " #~ "connection. Since version 2.0, Openswan upstream comes with OE enabled by " #~ "default and is thus likely to break your existing connection to the " #~ "Internet (i.e. your default route) as soon as pluto (the Openswan keying " #~ "daemon) is started." #~ msgstr "" #~ "Openswan は、IPSec 認証情報 (例: RSA 公開鍵) を (願わくはセキュアな) DNS " #~ "レコード内に保存する opportunistic encryption (OE) をサポートしています。" #~ "これは広く利用されるようになるまで、有効にすると外部への新規接続は全て格段" #~ "に遅くなります。バージョン 2.0 より Openswan の開発元はデフォルトで OE を" #~ "有効にしており、したがって pluto (Openswan 鍵署名デーモン) が開始するとす" #~ "ぐ、既に存在しているインターネットへの接続 (つまりデフォルトルート) が中断" #~ "されるかもしれません。" #~ msgid "" #~ "Please choose whether you want to enable support for OE. If unsure, do " #~ "not enable it." #~ msgstr "" #~ "OE のサポートを有効にするかどうかを選んでください。よくわからない場合は、" #~ "有効にはしないでください。" debian/po/es.po0000664000000000000000000004321212010653511010551 0ustar # openswan po-debconf translation to Spanish # Copyright (C) 2007, 2009, 2010 Software in the Public Interest, SPI Inc. # This file is distributed under the same license as the openswan package. # # Changes: # - Initial translation # Steve Lord Flaubert , 2007 # # - Updates # Francisco Javier Cuadrado , 2009, 2010 # # Traductores, si no conocen el formato PO, merece la pena leer la # documentacin de gettext, especialmente las secciones dedicadas a este # formato, por ejemplo ejecutando: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Equipo de traduccin al espaol, por favor lean antes de traducir # los siguientes documentos: # # - El proyecto de traduccin de Debian al espaol # http://www.debian.org/intl/spanish/ # especialmente las notas y normas de traduccin en # http://www.debian.org/intl/spanish/notas # # - La gua de traduccin de po's de debconf: # /usr/share/doc/po-debconf/README-trans # o http://www.debian.org/intl/l10n/po-debconf/README-trans # msgid "" msgstr "" "Project-Id-Version: openswan 1:2.6.25+dfsg-1\n" "Report-Msgid-Bugs-To: openswan@packages.debian.org\n" "POT-Creation-Date: 2010-07-29 19:03+0200\n" "PO-Revision-Date: 2010-05-12 08:30+0100\n" "Last-Translator: Francisco Javier Cuadrado \n" "Language-Team: Debian l10n Spanish \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=ISO-8859-1\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../openswan.templates:1001 msgid "Old runlevel management superseded" msgstr "Se ha reemplazado la antigua gestin del nivel de ejecucin" #. Type: note #. Description #: ../openswan.templates:1001 msgid "" "Previous versions of the Openswan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your Openswan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Las versiones anteriores del paquete Openswan proporcionaban tres niveles " "diferentes de inicio y parada. Debido a cambios en el procedimiento de " "inicio del sistema estndar, esto no es necesario ni til. Para todas las " "nuevas instalaciones as como para las viejas que se ejecuten en cualquiera " "de los modos predefinidos, se asignarn los niveles correctos de forma " "predeterminada. Si est actualizando desde una versin anterior y cambi los " "parmetros de inicio de Openswan, consulte NEWS.Debian en busca de " "instrucciones sobre como modificar la configuracin de forma apropiada." #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "Restart Openswan now?" msgstr "Desea reiniciar Openswan ahora?" #. Type: boolean #. Description #: ../openswan.templates:2001 msgid "" "Restarting Openswan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such " "an Openswan tunnel to connect for this update, restarting is not recommended." msgstr "" "Se recomienda reiniciar Openswan, ya que si hay un error de seguridad " "corregido, ste no se arreglar hasta que el demonio se reinicie. La mayora " "de la gente espera que el demonio se reinicie, as que generalmente es una " "buena idea. Sin embargo, esto puede interrumpir las conexiones existentes " "para luego recuperarlas, de modo que si est utilizando un tnel de Openswan " "para la conexin de esta actualizacin, no se recomienda reiniciar." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "Use an X.509 certificate for this host?" msgstr "Desea utilizar un certificado X.509 para este equipo?" #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Se puede crear automticamente o importar un certificado X.509 para este " "equipo. Este se puede utilizar para autenticar las conexiones IPsec con " "otros equipos y es la forma preferida para crear conexiones IPsec seguras. " "La otra posibilidad sera utilizar contraseas compartidas (contraseas que " "son iguales en ambos lados del tnel) para autenticar una conexin, pero " "para muchas conexiones, la autenticacin basada en claves es ms sencilla de " "administrar y ms segura." #. Type: boolean #. Description #: ../openswan.templates:3001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure openswan\" to come back." msgstr "" "Puede rechazar esta opcin y, ms tarde, utilizar la orden dpkg-reconfigure " "openswan para cambiarla." #. Type: select #. Choices #: ../openswan.templates:4001 msgid "create" msgstr "crear" #. Type: select #. Choices #: ../openswan.templates:4001 msgid "import" msgstr "importar" #. Type: select #. Description #: ../openswan.templates:4002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "Mtodos para usar un certificado X.509 para autenticar este equipo:" #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "Es posible crear un certificado X.509 nuevo con una configuracin definida " "por el usuario o importar un par de claves (pblica/privada) almacenado en " "un archivo PEM para autenticar las conexiones IPsec." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Si escoge crear un certificado X.509 nuevo, primero deber contestar a unas " "cuantas preguntas antes de que comience la creacin. Tenga en cuenta que si " "quiere que la clave pblica la firme una Autoridad de Certificacin (CA) no " "debera crear un certificado auto-firmado y todas las respuestas deben " "coincidir exactamente con los requisitos de la CA, de otro modo se rechazar " "la solicitud del certificado." #. Type: select #. Description #: ../openswan.templates:4002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Si quiere importar un par de claves (pblica/privada) existente, se le " "preguntar por los nombres de los archivos (puede que sean idnticos si " "ambas claves estn almacenadas en el mismo archivo). Opcionalmente, tambin " "puede introducir el nombre de archivo dnde la/s clave/s pblica/s de la " "Autoridad de Certificacin estn almacenadas, pero este archivo puede no ser " "el mismo que los anteriores. Por favor, tambin tenga en cuenta que el " "formato de los certificados X.509 tiene que ser PEM y que la clave privada " "no debe estar cifrada o el proceso de importacin fallar." #. Type: string #. Description #: ../openswan.templates:5001 msgid "File name of your PEM format X.509 certificate:" msgstr "Nombre del archivo del certificado X.509 en formato PEM:" #. Type: string #. Description #: ../openswan.templates:5001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Introduzca la ubicacin del archivo que contiene el certificado X.509 en " "formato PEM." #. Type: string #. Description #: ../openswan.templates:6001 msgid "File name of your PEM format X.509 private key:" msgstr "Nombre del archivo de la clave privada X.509 en formato PEM:" #. Type: string #. Description #: ../openswan.templates:6001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Introduzca la ubicacin del archivo que contiene la clave privada RSA que " "corresponde al certificado X.509 en formato PEM. Puede ser el mismo archivo " "que contiene el certificado X.509." #. Type: string #. Description #: ../openswan.templates:7001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Nombre del archivo de la CA raz X.509 en formato PEM:" #. Type: string #. Description #: ../openswan.templates:7001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Opcionalmente puede introducir la ubicacin del archivo que contiene la " "Autoridad de Certificacin raz X.509 para firmar el certificado en formato " "PEM. Si no tiene uno o no quiere utilizarlo deje el campo en blanco. Tenga " "en cuenta que no es posible almacenar la CA raz en el mismo archivo que el " "certificado X.509 o la clave privada." #. Type: string #. Description #: ../openswan.templates:8001 msgid "Length of RSA key to be created:" msgstr "Longitud de la calve RSA a crear:" #. Type: string #. Description #: ../openswan.templates:8001 msgid "" "Please enter the required RSA key-length. Anything under 1024 bits should be " "considered insecure; anything more than 4096 bits slows down the " "authentication process and is not useful at present." msgstr "" "Introduzca la longitud de la clave RSA necesaria. Cualquier longitud menor " "que 1024 bits se considera insegura, y cualquier longitud mayor que 4096 " "bits ralentizar el proceso de autenticacin y en este momento no es til." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "Create a self-signed X.509 certificate?" msgstr "Desea crear un certificado X.509 auto-firmado?" #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using Openswan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Slo se pueden crear automticamente certificados X.509 auto-firmados, " "porque de otro modo se necesitar una Autoridad de Certificacin para firmar " "la solicitud del certificado. Si escoge crear un certificado auto-firmado, " "puede utilizarlo inmediatamente para conectar con otros equipos IPsec que " "permitan utilizar certificados X.509 para la autenticacin de las conexiones " "IPsec. Sin embargo, para utilizar las funcionalidades PKI de Openswan se " "necesita que todos los certificados estn firmados por una nica Autoridad " "de Certificacin para crear una ruta segura." #. Type: boolean #. Description #: ../openswan.templates:9001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Si no desea crear un certificado auto-firmado, entonces slo se crearn la " "clave privada RSA y la solicitud del certificado, y usted tendr que firmar " "la solicitud del certificado con una Autoridad de Certificacin." #. Type: string #. Description #: ../openswan.templates:10001 msgid "Country code for the X.509 certificate request:" msgstr "Cdigo del pas para la solicitud del certificado X.509:" #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Introduzca las dos letras del cdigo del pas en el que est ubicado el " "servidor (por ejemplo: ES para Espaa)." #. Type: string #. Description #: ../openswan.templates:10001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "OpenSSL no generar un certificado a menos que este campo sea un cdigo de " "pas ISO-3166 vlido, el campo se puede dejar en blanco para los " "certificados X.509, pero no en este caso." #. Type: string #. Description #: ../openswan.templates:11001 msgid "State or province name for the X.509 certificate request:" msgstr "Estado o provincia para la solicitud del certificado X.509:" #. Type: string #. Description #: ../openswan.templates:11001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Introduzca el nombre completo del estado o la provincia en el que est " "ubicado el servidor (por ejemplo: Comunidad de Madrid)." #. Type: string #. Description #: ../openswan.templates:12001 msgid "Locality name for the X.509 certificate request:" msgstr "Localidad para la solicitud del certificado X.509:" #. Type: string #. Description #: ../openswan.templates:12001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Introduzca la localidad dnde est ubicado el servidor (normalmente una " "ciudad, por ejemplo: Madrid)." #. Type: string #. Description #: ../openswan.templates:13001 msgid "Organization name for the X.509 certificate request:" msgstr "Nombre de la organizacin para la solicitud del certificado X.509:" #. Type: string #. Description #: ../openswan.templates:13001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" "Introduzca el nombre de la organizacin a la que el servidor pertenece (por " "ejemplo: Debian)." #. Type: string #. Description #: ../openswan.templates:14001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Unidad organizacional para la solicitud del certificado X.509:" #. Type: string #. Description #: ../openswan.templates:14001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Introduzca la unidad organizacional a la que el servidor pertenece (por " "ejemplo: departamento de seguridad)." #. Type: string #. Description #: ../openswan.templates:15001 msgid "Common Name for the X.509 certificate request:" msgstr "Nombre comn para la solicitud del certificado X.509:" #. Type: string #. Description #: ../openswan.templates:15001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Introduzca el nombre comn para este equipo (por ejemplo: enlace.ejemplo." "org)." #. Type: string #. Description #: ../openswan.templates:16001 msgid "Email address for the X.509 certificate request:" msgstr "" "Direccin de correo electrnico para la solicitud del certificado X.509:" #. Type: string #. Description #: ../openswan.templates:16001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Introduzca la direccin de correo electrnico de la persona u organizacin " "responsable del certificado X.509." #. Type: note #. Description #: ../openswan.templates:17001 msgid "Modification of /etc/ipsec.conf" msgstr "Modificacin del archivo /etc/ipsec.conf" #. Type: note #. Description #: ../openswan.templates:17001 msgid "" "Due to a change in upstream Openswan, opportunistic encryption is no longer " "enabled by default. The no_oe.conf file that was shipped in earlier versions " "to explicitly disable it can therefore no longer be included by ipsec.conf. " "Any such include paragraph will now be automatically removed to ensure that " "Openswan can start correctly." msgstr "" "Debido a cambios en el desarrollo principal de Openswan, el cifrado " "oportunstico no est activado de forma predeterminada. El archivo no_oe." "conf que se distribua en las versiones anteriores para desactivarlo " "explcitamente no se puede incluir ms en ipsec.conf. Se borrar " "automticamente cualquier prrafo de inclusin para asegurar que Openswan se " "ejecuta correctamente." #~ msgid "earliest, \"after NFS\", \"after PCMCIA\"" #~ msgstr "lo antes posible, despus de NFS, despus de PCMCIA" debian/openswan.dirs0000664000000000000000000000045712010653511011705 0ustar /etc /etc/ipsec.d /etc/ipsec.d/cacerts /etc/ipsec.d/ocspcerts /etc/ipsec.d/crls /etc/ipsec.d/private /etc/ipsec.d/policies /etc/init.d /etc/logcheck/ignore.d.paranoid /etc/logcheck/ignore.d.server /etc/logcheck/ignore.d.workstation /etc/logcheck/violations.ignore.d /usr/bin /usr/sbin /var/lib/openswan debian/openswan-modules-source.dirs0000664000000000000000000000001212010653511014634 0ustar /usr/src/ debian/changelog0000664000000000000000000016302712010653511011045 0ustar openswan (1:2.6.38-1) unstable; urgency=low [Harald Jenny] * New upstream release. * Removed format security patch by Moritz Muehlenhoff (applied upstream). * Added patch from upstream git to fix mast updown script. * Bumped Standards for all packages to 3.9.3 (no changes needed). * Added patch from upstream git to fix Android interoperability. * Added patch from upstream git to fix Cisco interoperability. * Added patch from upstream git to allow timestamps in stderr log. * Added patch from upstream git to fix some coding issues. * Added patch from upstream git to fix possible IKEv2 crash. * Added patch from upstream git to fix IPSec transport mode. * Added patch from upstream git to use ip route in startklips. -- Harald Jenny Fri, 29 Jun 2012 21:23:28 +0200 openswan (1:2.6.37-3) unstable; urgency=low * Actually need to pass CPPFLAGS to CFLAGS for the openswan Makefiles to use the hardening options. Thanks to Simon Ruderich for pointing this out. Really Closes: #655139 * Remove Build-Deps on man2html and htmldoc, they have not been used for a while now by the openswan Makefiles. -- Rene Mayrhofer Sun, 27 May 2012 10:03:00 +0200 openswan (1:2.6.37-2) unstable; urgency=low [Harald Jenny] * Finally migrated all patches to quilt, cleaned up debian rules file a little bit, removed build depedency on dpatch and corresponding lintian override. * Integrated patches for hardening build flags and missing format strings (thanks to Moritz Muehlenhoff for his patches), added required versioned build depedency on dpkg-dev and enabled all hardening options. Closes: #655139: Please enabled hardened build flags -- Harald Jenny Mon, 14 May 2012 22:22:55 +0200 openswan (1:2.6.37-1.1) unstable; urgency=low * Non-maintainer upload. * Fix pending l10n issues. Debconf translations: - Turkish (Atila KOÇ). Closes: #660192 - Danish (Joe Hansen). Closes: #660263 - Italian (Beatrice Torracca). Closes: #660758 - Polish (Michał Kułach). Closes: #669711 -- Christian Perrier Sat, 28 Apr 2012 07:17:18 +0200 openswan (1:2.6.37-1) unstable; urgency=HIGH [Harald Jenny] * New upstream release. Fixed pluto crypto helper handler vulnerability (CVE-2011-4073). Closes: #650674: [CVE-2011-4073] Openswan crypto helper crasher -- Harald Jenny Mon, 5 Dec 2011 09:05:27 +0100 openswan (1:2.6.36-1) UNRELEASED; urgency=medium [Harald Jenny] * New upstream release. * Adjusted one of the manpage patches for line break problems. * Removed pluto Makefile patch by Jari Aalto (fixed upstream). * Incorporated translation updates. Closes: #625277: openswan: [INTL:ja] Update po-debconf template translation (ja.po) Closes: #633831: openswan: [INTL:nl] Dutch translation of debconf templates * Removed obsolete build depedency on libopensc2-dev (code already removed by upstream). Closes: #632449: openswan: obsolete build-dependency: libopensc2-dev -- Harald Jenny Sun, 16 Oct 2011 22:10:30 +0200 openswan (1:2.6.35-1) UNRELEASED; urgency=medium [Harald Jenny] * New upstream release. Closes: #639299: openswan: IP compression doesn't work * Adjusted one of the manpage patches for line break problems. * Removed some old documentation handling code from debian/rules. * Modified openswan-doc to cope with changes in upstream documentation directory structure and file list. * Bumped Standards for all packages to 3.9.2 (no changes needed). * Added build-arch and build-indep targets to please lintian. -- Harald Jenny Sun, 21 Aug 2011 22:07:29 +0200 openswan (1:2.6.34-1) UNRELEASED; urgency=medium [Harald Jenny] * New upstream release. Closes: #520671: openswan: Unable to specify a specific MTU on a vpn tunnel Closes: #626790: openswan-modules-dkms: Kernel modules doesn't compile LP: #733382: package openswan-modules-dkms 1:2.6.28 dfsg-5 failed to build -- Harald Jenny Wed, 8 Jun 2011 22:58:41 +0200 openswan (1:2.6.33-1) UNRELEASED; urgency=low [Harald Jenny] * New upstream release. Closes: #595809: openswan: Manpage error ipsec_rsasigkey(8) Closes: #623985: 2.6.33 version Bump Request * Dropped +dfsg from Debian version as upstream has removed some old unfree documentation allowing unmodified usage of their tarball. * Removed previously introduced exit code patch. -- Harald Jenny Tue, 1 Mar 2011 17:50:11 +0100 openswan (1:2.6.32+dfsg-1~experimental+1) UNRELEASED; urgency=low [Harald Jenny] * New upstream release. * Removed patch for bad NAME section and multibyte character issues by Jari Aalto (fixed upstream). * Removed patch to correct manpage section mismatch (included upstream). * Re-enabled, renamed and rewrote init script patch by Jari Aalto to set correct start runlevels for openswan. * Added patch from upstream git to use proper exit code in init script when running under Debian. -- Harald Jenny Wed, 22 Dec 2010 21:04:10 +0100 openswan (1:2.6.31+dfsg-1~experimental+1) UNRELEASED; urgency=low [Harald Jenny] * New upstream release. Closes: #612977: Warning: ignored obsolete keyword (null) * Removed previously cherry-picked regression fix. * Removed patch to fix duplicate init script installation (upstream implemented a different solution). * Removed some manpage fixes for spelling errors and utf characters by Jari Aalto (included upstream). * Renamed and modified manpage patch for bad NAME section and multibyte character issues by Jari Aalto. * Re-enabled, renamed and modified manpage fixes for line break problems by Jari Aalto. * Removed lintian override for debug package linking to openswan docs. * Added patch to correct manpage section mismatch. * Re-added cleaning of debconf DB to postrm (thanks to Simon Deziel for pointing me to his fix). -- Harald Jenny Tue, 2 Nov 2010 17:34:09 +0100 openswan (1:2.6.29+dfsg-1~experimental+1) UNRELEASED; urgency=low [Harald Jenny] * New upstream release. Fixes XAUTH Cisco handling code (CVE-2010-3302, CVE-2010-3308). * Removed 2.6.35 git patches as they are included in new upstream version. * Added patch to fix duplicate init script installation (reincarnation of #532348: openswan: installs dupliate init script /etc/init.d/setup). * Modified lintian override for long but unsplittable manpage line again. * Integrated upstream patch fixing regression introduced by security fixes. * Created patch to allow line break in manpage and removed corresponding lintian override. * Added ${misc:Depends} to doc package and removed override. * Changed Vcs-Fields as Debian project switched from svn to git. -- Harald Jenny Tue, 28 Sep 2010 10:56:41 +0200 openswan (1:2.6.28+dfsg-2~experimental+1) UNRELEASED; urgency=low [Harald Jenny] * Modified lintian override for long but unsplittable manpage line. * Do not include 2.6.34 SAref patches from upstream anymore as this version already disappeared from experimental. * Instead added 2.6.35 git patches for SAref feature and KLIPS compatibility. LP: #623367: package openswan-modules-dkms (not installed) failed to install/upgrade: openswan kernel module failed to build * Bumped Standards for binary module package to 3.9.1 (no changes needed). * Added lintian override for docs in debug package. -- Harald Jenny Sun, 26 Sep 2010 22:48:12 +0200 openswan (1:2.6.28+dfsg-1) unstable; urgency=medium [Harald Jenny] * New upstream release. Closes: #566092: openswan: /usr/lib/ipsec/addconn does not like defaultroutenexthop set to %direct * Removed 2.6.34 git patches as they are now included in upstream package. * Set urgency to medium due to important NETKEY fixes. -- Harald Jenny Sat, 31 Jul 2010 20:01:01 +0200 openswan (1:2.6.27+dfsg-1) UNRELEASED; urgency=low [Harald Jenny] * New upstream release. Closes: #357709: openswan: "ipsec showhostkey" doesn't understand X.509 certs * Disabled most patches for now and modified the rest due to manpage corrections from upstream. * Modified lintian override for long but unsplittable manpage line. * For security reasons change permission on /var/lib/openswan and /var/lib/openswan/ipsec.secrets.inc. * Removed old unused code from installation scripts. * Removed old unused changelog. * Limit the architectures where openswan's userspace and kernel binaries are available to linux-any. * Bumped Standards to 3.9.0 (no changes needed). * Include SAref patches in openswan-modules-source (2.6.32 from tar.gz, 2.6.34 from git). * Made the dependency of the debug package on openswan versioned. * Fixed rules file of binary openswan-modules package to use dh_prep. * Incorporated translation updates. Closes: #590109: openswan [INTL:de] updated German debconf translation * Bumped Standards to 3.9.1 (no changes needed). * Added Replaces line for ike-server. -- Harald Jenny Thu, 29 Jul 2010 19:00:48 +0200 openswan (1:2.6.26+dfsg-2) UNRELEASED; urgency=low [Harald Jenny] * Modified patch to fix some more minor manpage lintian errors. * Added lintian override for long but unsplittable manpage line. * Incorporated translation update. Closes: #585598: openswan: [INTL:fr] French debconf translation update -- Harald Jenny Mon, 14 Jun 2010 01:33:53 +0200 openswan (1:2.6.26+dfsg-1) unstable; urgency=low [Harald Jenny] * New upstream release. * Removed some obsoleted patches. * Modified some patches for new upstream version. * Added preinstall script to remove old duplicate init script. Closes: #532348: openswan: installs dupliate init script /etc/init.d/setup * Added patch to fix segfault of showhostkey with encrypted key (thanks to Kevin Locke for his patch). Closes: #575757: openswan: showhostkey segfault with 3DES-encrypted host key * Changes debian/rules to only omit permission fixing where it's really necessary. Closes: #389680: openswan: wrong permissions of /etc/ipsec.d/examples * Removed orphaned conflict with freeswan (not shipped anymore). [Rene Mayrhofer] * Openswan package now provides ike-server and conflicts with it. Closes: #537762: openswan: pluto fails to start without manual "modprobe ip_gre" Closes: #583334: racoon and openswan: error when trying to install together -- Harald Jenny Mon, 31 May 2010 23:11:12 +0200 openswan (1:2.6.25+dfsg-1) unstable; urgency=low [Harald Jenny] * Removed some obsoleted patches. * Modified some patches for new upstream version. * Adapted copyright file to include all used licenses. * Added two upstream patches to fix userspace code for KLIPS (thanks to David McCullough for his patch). * Added some lintian overrides for wrong copyright messages. * Removed support for 2.4 kernel versions in openswan-modules packages. Closes: #276521: openswan-modules-source: ipsec_aes.o & ipsec_cryptoapi.o not kernel modules * Rewrote parts of README.Debian. Closes: #585549: openswan-modules-source: Build instructions outdated and not working anymore * Incorporated translation updates. Closes: #527586: [INTL:es] Spanish debconf template translation for openswan Closes: #537430: [l10n] Czech translation for openswan Closes: #570022: [INTL:sv] Swedish strings for openswan debconf Closes: #579303: [INTL:sv] Swedish strings for openswan debconf Closes: #570788: [I18N, DE] Updated german debconf translation for openswan Closes: #580452: openswan [INTL:de] updated German debconf translation Closes: #575140: openswan: [INTL:fr] French debconf templates translation update Closes: #579199: openswan: [INTL:vi] Vietnamese debconf templates translation update Closes: #579381: openswan: [INTL:vi] Vietnamese debconf templates translation update Closes: #581501: openswan: [INTL:vi] Vietnamese debconf templates translation update Closes: #580437: openswan: [INTL:pt] Updated Portuguese translation for debconf messages Closes: #581253: openswan: [INTL:pt] Updated Portuguese translation for debconf messages Closes: #581561: openswan: [INTL:ru] Russian debconf templates translation update [Rene Mayrhofer] * New upstream release. * Polished README.Debian, NEWS.Debian, and other documentation files. -- Harald Jenny Sun, 2 May 2010 18:15:33 +0200 openswan (1:2.6.24+dfsg-2) UNRELEASED; urgency=low [Harald Jenny] * Fixed init script to correctly provide ipsec satisfying lintian. Closes: #539121: NMU patch used for version 1:2.6.22+dfsg-1.1 Closes: #537335: Fix LSB header in programs/setup/setup.in to fix init.d script * Switch to dpkg-source 3.0 (quilt) format * Cleaned up duplicate html-pages and move documentation to openswan-doc package satisfying lintian. * Removed plain rsa key creation from openswan package as nowadays X.509 certificates are commonly used. Closes: #446556: openswan installation takes a very long time without any warning Closes: #523339: openswan: Openswan security update creates a second host key in /etc/ipsec.secrets * Enhanced X.509 certificate import by making it possible to integrate a RootCA file. * Modified X.509 menus to reflect changes in create/import procedures. -- Harald Jenny Wed, 17 Mar 2010 03:11:00 +0100 openswan (1:2.6.24+dfsg-1) UNRELEASED; urgency=medium [Harald Jenny] * New upstream release. LP: #731680: xl2tpd ko * Removed bash-patch for scripts as problem is fixed upstream. * Removed dependency on xmlto as this processing is now done upstream. * Added fix from Ubuntu to compile with gcc-4.4 (thanks to Fabrice Coutadeur for his patch). Closes: #505600: [PATCH] FTBFS with GCC 4.4: dereferencing type-punned pointer will... * Modified package descriptions. * Remove two directories after build process to satisfy lintian. * Modified template wording. * Added three upstream git patches to fix some bugs in KLIPS. * Added patch for manpage to fix lintian error. * Removed orphaned opportunistic encryption question from package. * Fix some duplicated and mangled manpages. * Fixed some little lintian issues. * Fixed some little issues in module-building-process. * Recommend module-assistant and linux-headers for module-source package. * Fixed package dependencies. * Dropped NAT-T patches as they are no longer need for kernels >= 2.6.23. * Dropped old compatibility code for translations. * Dropped possibility to select between different Start/Stop-Levels as the current system startup already handles such situations. * Changed building of plain RSA key to store it in a separate file under /var/lib/openswan and then include it in /etc/ipsec.secrets (idea taken from strongswan package). Closes: #561473: prompting due to modified conffiles which where not modified by the user * Fix postinstall script when using existing X.509 certificates (thanks to Kevin Locke for his patch). Closes: #572849: openswan: postinst fails with existing certificates * Dropped ancient code for fixing wrong legacy RSA keys. * Added a debug package for openswan. Closes: #477677: Missing dbg version of the package * Added a dkms package for openswan-modules to simplify KLIPS deployment for normal users (ideas and code taken from batman-adv-dkms and sl-modem-source) [Jari Aalto] * debian/control - (Build-Depends): Remove coreutils (E: lintian). Add version 7.1 to debhelper (W: lintian). - (Standards-Version): Update to 3.8.4. - (Vcs-*): Add version control headers. - (openswan::Depends): Add ${misc:Depends} (W: lintian). - (openswan-dbg::Depends): Add ${misc:Depends} (W: lintian). - (openswan-dbg::Description): Extend description string to (W: lintian). - (openswan-modules-source::Depends): Add ${misc:Depends} (W: lintian). - (openswan-modules-dkms::Depends): Add ${misc:Depends} (W: lintian). * debian/patches - (number 10): Add LSB dependency $remote_fs (E: lintian). - (number 29): Fix bashism n programs/_startklips/_startklips.in (important; Closes: #530155). Note: in the bug report is also reported bashism in programs/_realsetup.bsd/_realsetup.in, but that is false positive. The code in line 268 is correct. The place is just too complex for checkbashisms(1) to check correctly. File programs/_realsetup.bsd/_realsetup.in comes clean from "dash -nx". - (number 30): programs/rsasigkey/rsasigkey.8: Fix Invalid or incomplete multibyte or wide characters invalid combination of . (minor; Closes: #464620). - (number 31): programs/_updown/_updown.8: Fix Invalid or incomplete multibyte or wide characters. See above, - (number 33): Add missing lib to fix Gcc 4.4 build programs/pluto/fetch.c:393: error: undefined reference to 'ber_free'. (minor; Closes: #555950). - (number 35): Fix all Perl *.pl patch to /usr/bin/perl (W: lintian). - (number 40) programs/_confread/ipsec.conf.5. Fix spelling (W: lintian). Fix groff error in line 1006: warning [p 12, 8.7i]: can't break line. - (number 42) programs/lwdnsq/lwdnsq.8:: Fix spelling (I: lintian). - (number 43) programs/pluto/ipsec.secrets.5: Fix spelling (I: lintian). - (number 44) programs/_updown/_updown.8: Fix spelling (I: lintian). - (number 45) programs/barf/barf.8: Fix spelling (I: lintian). - (number 46) programs/pluto/pluto.8: Fix spelling (W: lintian). Fix groff error in line 47: groff error in line 47 (can't break line). - (number 47) programs/eroute/eroute.8: Fix lines 17-21 groff warning [p 1, 1.5i]: can't break line (W: lintian). - (number 48) programs/auto/auto.8: Fix groff line 36 warning [p 1, 4.3i]: can't break line (W: lintian) - (number 50) The big-bang patch to change 51 files to fix incorrect TH and NAME entries and incorrect wide character codes \'s. (W: lintian manpage-has-bad-whatis-entry). (minor; Closes: #493755). - (number 60) lib/libopenswan/x509dn.c: Fix spelling (W: lintian). - (number 61) programs/pluto/ocsp.c: Fix spelling (W: lintian). - (number 62) linux/net/ipsec/pfkey_v2_build.c: Fix spelling (W: lintian). - (number 63) programs/pluto/ikev2_x509.c: Fix spelling (W: lintian). - (number 64) programs/eroute/eroute.c: Fix spelling (W: lintian). - (number 65) programs/pluto/demux.c: Fix spelling (W: lintian). - (number 70) packaging/utils/kernelpatching.sh: Add missing shebang line (W: lintian). * debian/README.source - New file (W: lintian). * debian/rules - Remove EOL whitespaces. - (clean): fix debian-rules-ignores-make-clean-error (W: lintian). - (install-openswan): change dh_clean -k to dp_prep (W: lintian). Remove empty directory usr/bin (I: lintian). - (install-openswan-modules-dkms): chmod 755 all *.sh and *pl (W: lintian). Remove empty debian dir (W: lintian). Set permissions of setup and sshenv to 644 (W: lintian executable-not-elf-or-script). - (install-openswan-modules-source): chmod 644 sshenv setup (W: lintian). * debian/openswan.postinst - (Warn): new function. - (Error): new function. - (configure): Add if-checks for non-existing cert files that may cause problems. Add --verbose to cp(1). Send errors to stderr. (post-installation script returns error; normal; Closes: #309692). [Rene Mayrhofer] * Fixed copyright issue to satisfy lintian. * Polish descriptions and texts in control and debconf templates. * Added Harald Jenny as Uploader. -- Harald Jenny Thu, 11 Mar 2010 12:02:33 +0100 openswan (1:2.6.23+dfsg-1) unstable; urgency=low * New upstream release. Closes: #551565: openswan: new version 2.6.23 is available - resolves problem with SA refcount Closes: #539121: NMU patch used for version 1:2.6.22+dfsg-1.1 Closes: #532348: openswan: installs dupliate init script /etc/init.d/setup Closes: #542657: prompting due to modified conffiles which where not modified by the user -- Rene Mayrhofer Mon, 19 Oct 2009 12:12:46 +0200 openswan (1:2.6.22+dfsg-1.1) unstable; urgency=low * Non-maintainer upload. * Fix LSB header in programs/setup/setup.in to fix init.d script (Closes: #537335). -- Petter Reinholdtsen Wed, 29 Jul 2009 09:58:51 +0200 openswan (1:2.6.22+dfsg-1) unstable; urgency=HIGH Urgency high because of security release. * New upstream release. Closes a security bug in the ASN.1 parser (no CVE number at this time). Closes: #528747: [FTBFS] cannot build with kernel 2.6.29-2-686 * The linux-patch-openswan package is no longer built, as this new upstream release no longer requires a kernel patch for proper NAT-T support with KLIPS (thanks to Harald Jenny). Closes: #535876: linux-patch-openswan: bashism in /bin/sh script -- Rene Mayrhofer Tue, 23 Jun 2009 09:34:17 +0200 openswan (1:2.6.21+dfsg-2) unstable; urgency=low * The new upstream release should also compile with newer Debian kernels. Closes: #522112: openswan-modules-source: Fails to build with kernel 2.6.26 * Removed ununsed scripts in linux-patch-openswan that have security issues. Closes: #496376: The possibility of attack with the help of symlinks in some Debian packages -- Rene Mayrhofer Tue, 21 Apr 2009 10:02:14 +0200 openswan (1:2.6.21+dfsg-1) unstable; urgency=low * New upstream release Closes: #521949: CVE-2009-0790: DoS -- Rene Mayrhofer Thu, 09 Apr 2009 17:05:39 +0200 openswan (1:2.6.20+dfsg-6) unstable; urgency=low * Fix DoS issue via malicious Dead Peer Detection packet. Thanks to the security team for providing the patch. Closes: #521949: CVE-2009-0790: DoS Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone to a denial of service attack via a malicious packet. -- Rene Mayrhofer Tue, 31 Mar 2009 09:56:06 +0000 openswan (1:2.6.20+dfsg-5) unstable; urgency=low * Mea culpa (again). Fix the fix. Closes: #520082: openswan: reincarnation * Correct the build dependency for openswan-modules-source. Thanks to Harald Jenny for the patch. -- Rene Mayrhofer Fri, 27 Mar 2009 07:39:12 +0100 openswan (1:2.6.20+dfsg-4) unstable; urgency=low * Backticks got messed up when applying last patch to init script to check for user id instead of / being writable. Closes: #520082: openswan: init script bug: "permission denied (must be superuser)" -- Rene Mayrhofer Sun, 22 Mar 2009 10:21:38 +0100 openswan (1:2.6.20+dfsg-3) unstable; urgency=low * Actually, mark ipsec.conf and ipsec.secrets as conffiles but avoid editing them. Sorry for the blunder, reverting the last patch. * The last upload was also messed up in terms of source package (the orig.tar.gz was missing, so it was erroneously created as native source). -- Rene Mayrhofer Thu, 12 Mar 2009 19:08:51 +0100 openswan (1:2.6.20+dfsg-2) unstable; urgency=low * Fix a few problems caused by changes in upstream packaging, e.g. to no longer require no_oe.conf hackery as there is now a config file option. Removed debconf question for now (commented out, actually). Closes: #515098: overwrites local configuration * No longer advertise the debian-openswan@gibraltar.at mailing list as support address, as I have deleted it. My personal email address should be used again. * I agree that md[25].[ch] are sufficiently compatible with distribution in this Debian package according to http://www.ietf.org/ietf/IPR/RSA-MD-all. IANAL, but as far as I judge the situation, there is no license issue. Closes: #405363: openswan: contains non-free files * Updated Swedish debconf translation Closes: #518498: [INTL:sv] Swedish strings for openswan debconf * Add libcurl4-openssl-dev to the list of Build-Dep alternatives and remove lynx, which is no longer required for building. * Explicitly remove directories /etc/ipsec.d and /var/run/pluto on purge. Closes: #455112: openswan -- Doesn't purge all files after piuparts Install+Upgrade+Purge test * Don't check if / is writable in init script. This doesn't make sense for readonly filesystems. Closes: #499837: Will not start when / is mounted read only * No longer mark ipsec.conf and ipsec.secrets as conffiles, as they are modified by postinst. Although I don't particularly like this method of patching DEBIAN/conffiles, I don't have a better solution right now. Thus take patch from Mathieu Parent. Closes: #515095: programmatically modifies a conffile Integrated cleanup patch, also thanks to Mathieu Parent: * Add 'rm -rf OBJ.*' in clean target. Closes: #517703: openswan_1:2.6.20+dfsg-1(mipsel/unstable): FTBFS with -rsudo * clean generated doc/manpage.d/*.html and doc/index.html -- Rene Mayrhofer Thu, 12 Mar 2009 15:29:40 +0100 openswan (1:2.6.20+dfsg-1) unstable; urgency=low * New upstream release. This no longer ships the fswcert tool, so skip building and installing it in the Debian package as well. Closes: #315559: openswan: sometimes does not use ipsec.o module but uses af_key.o module Closes: #405601: /etc/init.d/ipsec stop doesn't work correctly Closes: #487566: ipsec livetest fails due to missing file Closes: #524184: openswan: %any does not work in ipsec.secrets Closes: #564054: Pluto fails with error status 134 (signal 6) LP: #246713: openswan-modules-source pkg does not compile with m-a -- Rene Mayrhofer Sat, 28 Feb 2009 19:39:16 +0000 openswan (1:2.4.12+dfsg-1) unstable; urgency=low * New upstream release that should compile with newer kernels again. Closes: #439977: openswan-modules-source: Is not compatible with kernel >=2.6.22 Closes: #359183: openswan: Unable to use "ike=" and "leftxauthclient=yes" simultaneously LP: #228274: openswan creates "rundir" and "subsysdir" Dropping patch from openswan BTS included in 1:2.4.9+dfsg-3, which has been added upstream. * Pull in NMU patch. Closes: #463361: openswan: ldap_init implicitly converted to pointer * Added Finnish debconf translation. Closes: #472504: [INTL:fi] Finnish translation of the debconf templates * Updated Japanese debconf translation. Closes: #463320: openswan: [INTL:ja] Update po-debconf template translation (ja.po) * Updated French debconf translation. Closes: #461841: openswan: [INTL:fr] French debconf templates translation update * Added Galician debconf translation. Closes: #474627: [INTL:gl] Galician debconf template translation for openswan * Added Russian debconf translation. Closes: #475047: openswan: [INTL:ru] Russian debconf templates translation * Sigh, another service to users by removing documentation. Removed anything the looks like an RFC or an RFC draft again. Obviously, this seems the most critical bug for this package, so I actually considered increasing urgency - after all, we are fixing an RC bug here... Closes: #451110: Source package contains non-free IETF RFC/I-D's * According to http://bugs.xelerance.com/view.php?id=849, 2.4.10 should fix this assertion failure (although the upstream bug report has not been closed). Please reopen if the problem still persists (and if not, please also tell upstream so that they can close their own bug report). Closes: #443525: openswan: pluto dies with ASSERTION FAILED at kernel.c:2237: c->kind == CK_PERMANENT || c->kind == CK_INSTANCE -- Rene Mayrhofer Sun, 30 Mar 2008 10:24:54 +0200 openswan (1:2.4.9+dfsg-3.1) unstable; urgency=low * Non-maintainer upload. * Define LDAP_DEPRECATED to continue use of deprecated LDAP functions. Closes: #463361: ldap_init implicitly converted to pointer -- dann frazier Mon, 10 Mar 2008 09:46:09 -0600 openswan (1:2.4.9+dfsg-3) unstable; urgency=low * Include upstream patch to make %defaultroute work with PPP uplinks in certain cases. Closes: #449512: openswan: defaultroute with PPP does not work LP: #227294: defaultroute with PPP does not work -- Rene Mayrhofer Sun, 20 Jan 2008 13:36:50 +0100 openswan (1:2.4.9+dfsg-2) unstable; urgency=low * Remove spaces before question marks in debconf template. Mea culpa, I read the patch wrong when looking at it. debconf-updatepo seems to have done the right thing in updating .po files with the "new" question strings, so I don't think translators need to change anything. -- Rene Mayrhofer Sat, 27 Oct 2007 11:18:14 +0200 openswan (1:2.4.9+dfsg-1) unstable; urgency=low * New upstream release. * Add German debconf translation, but do not apply the patch to the English template. I do not agree that a space should be placed before a question mark, but feel free to correct me with references to some grammar material. Closes: #406029: openswan: [INTL:de] German po-debconf template translation * Add Spanish debconf translation. Closes: #443613: [INTL:es] Spanish po-debconf template translation * Drop the fileutils dependency, and thus no longer care about backports to woody. Closes: #368723: openswan: Cleanup of dependencies (fileutils) -- Rene Mayrhofer Fri, 26 Oct 2007 16:37:31 +0200 openswan (1:2.4.8-dfsg-1) unstable; urgency=low * New upstream release. Closes: #335074: openswan: ipsec.conf manpage doesn't include {left|right}sourceip Closes: #357718: ipsec.conf(5): automatic and manual keying options are not disjoint Closes: #357708: openswan: ipsec.secrets(5) does not document X.509 format * Include Portugese debconf translation. Closes: #426927: openswan: [INTL:pt] Portuguese translation for debconf messages * Also remove .gitignore files in addition to the other cruft when building the binary package. Closes: #413914: shipping gitignore file /usr/share/doc/openswan/doc/.gitignore -- Rene Mayrhofer Wed, 04 Jul 2007 20:59:35 +0100 openswan (1:2.4.6+dfsg.2-1) unstable; urgency=low * Acknowledge our-priority-are-the-users-thus-remove-docs NMU (nothing personal, but documentation usually tends to be useful). Closes: #390656 * Recommend linux-source instead of kernel-source. Closes: #394664: Recommends unavailable kernel-source * Update Japanese debconf translation. Closes: #393176: openswan: [INTL:ja] Updated Japanese po-debconf template translation (ja.po) * Build-depend on po-debconf. * Stop invoking /etc/init.d/ipsec directly in prerm. Use invoke-rc.d. -- Rene Mayrhofer Mon, 6 Nov 2006 19:07:36 +0000 openswan (1:2.4.6+dfsg.2-0.1) unstable; urgency=low * NMU * Remove additional non-free draft RFCs from upstream tarball. Closes: #390656 -- Joey Hess Sun, 15 Oct 2006 17:52:57 -0400 openswan (1:2.4.6+dfsg-1) unstable; urgency=low * New upstream release. * Acknowledge the last 2 NMUs: Closes: #370752: diff for 1:2.4.5+dfsg-0.1 NMU Closes: #363375: kernel-patch-openswan: Patched linux-source-2.6.16 fails to compile Closes: #365196: [NONFREE-DOC] Package contains IETF RFC/I-D Thanks to Steinar for his NMUs! * Add a call to debconf-updatepo to the clean target of debian/rules, as suggested in the bug report. Closes: #372917: openswan: debconf-updatepo has not been launched * Update the Dutch debconf translation. Closes: #378415: [INTL:nl] Updated dutch po-debconf translation * Removed the 01-ipcomp_hippi.dpatch again, this has been incorporated upstrean. -- Rene Mayrhofer Wed, 23 Aug 2006 22:06:52 +0100 openswan (1:2.4.5-4) unstable; urgency=low * Removed the dependency on MAKEDEV, it does not seem to be used any more. Thanks to Marco d'Itri for pointing it out. -- Rene Mayrhofer Sat, 3 Jun 2006 21:11:44 +0100 openswan (1:2.4.5+dfsg-0.2) unstable; urgency=low * Non-maintainer upload. * debian/patches/01-ipcomp_hippi.dpatch: Fix net/ipsec/ipcomp.c so it no longer attempts to copy the "private" field of a struct_skbuff when CONFIG_HIPPI is enabled; it was removed after 2.6.13, and this broke compilation with 2.6.16, linux-patch-openswan and CONFIG_HIPPI. (Closes: #363375) -- Steinar H. Gunderson Fri, 9 Jun 2006 19:52:22 +0200 openswan (1:2.4.5+dfsg-0.1) unstable; urgency=low * Non-maintainer upload. * Remove doc/rfc394[78].txt and doc/draft-*.txt from upstream tarball to get rid of non-DFSG free documentation. (Closes: #365196) -- Steinar H. Gunderson Tue, 6 Jun 2006 18:42:09 +0200 openswan (1:2.4.5-3) unstable; urgency=low * Renamed kernel-patch-openswan to linux-patch-openswan. * Removed the remarks in the package descriptions that linux-patch-openswan and openswan-modules-source will only work with 2.4 series kernels. This is no longer true. * Use updated French translation. Thanks to Christian Perrier and sorry for not giving time to update the translations before the last upload. I felt that the FTBFS should be corrected quickly. Closes: #364399: openswan: [INTL:fr] French debconf templates translation -- Rene Mayrhofer Sun, 23 Apr 2006 21:47:53 +0100 openswan (1:2.4.5-2) unstable; urgency=low * The NMU patch doesn't seem to have applied to debian/control, because the dependency was still on libopensc1-dev. Fixed that now by adding libopensc2-dev. Closes: #363073: openswan_1:2.4.5-1: FTBFS: Build depends on libopensc1-dev * Added the patch to fix alignment issues on Sparc, as upstream acknowledged it and applied it to their development tree. Closes: #341630: openswan: Pluto crypto helper gets SIGBUS on SPARC due to request memory alignment issue -- Rene Mayrhofer Mon, 17 Apr 2006 14:53:37 +0100 openswan (1:2.4.5-1) unstable; urgency=low * New upstream release. This release adds support for patching newer kernel versions. Verified that the patched kernel tree compiles with Debian kernel sources 2.6.15-8 and 2.6.16-6. Closes: #361800: kernel-patch-openswan: Fails to patch Debian 2.6.15 kernel It also adds the patches for an IPSec/L2TP server behind a NAT. Closes: #307529: More patches for openswan server behind NAT Closes: #353792: openswan nat-t failure And additionally there are (according to upstream changelogs) fixes for running on SMP systems. If the following bug still persists (can not test myself), then please reopen. Closes: #343603: kernel-patch-openswan: Starting IPSEC makes system freeze The patch to fix the snmpd crash is also in this upstream version (just checked linux/net/ipsec/ipsec_tunnel.c). It was probably in older versions as well, so this might have been closed earlier. It's not mentioned in upstream changelog, so I don't know exactly when it has been fixed. Closes: #318298: kernel-patch-openswan: Kernel Oops - Null Dereference when using snmpd The ipsec.conf manual page has been updated to document connaddrfamily. Closes: #296611: openswan: "man -S 5 ipsec.conf" fails to mention the parameter "connaddrfamily" * Acknowledge fixes in last NMU - thanks to Christian. Closes: #352050: openswan: FTBFS: Package libopensc1-dev has no installation candidate Closes: #356716: openswan: Incomplete clean when building Closes: #316693: openswan_1/2.2.0-10 Closes: #339390: openswan: [INTL:sv] Swedish debconf templates translation * Enable building of XAUTH support. * Import override files from /etc/default instead of /etc/sysconfig. This uses dpatch, so now Build-Depend on it. Closes: #354965: openswan: /usr/lib/ipsec/_updown uses /etc/sysconfig/, please change to /etc/default/ * Only ask if an existing certificate/private key pair should be used when the user chose not to create a new key pair. Also mention, when asking to create a new key pair, that an existing one can be used alternatively. Closes: #298250: confusing debconf question about certificate creation * Move the USE_LDAP, USE_LIBCURL, and HAVE_THREADS options from the "make install" to the "make programs" call where it belongs. Closes: #292838: openswan: Dynamic CRL fetching not supported * Remove /usr/share/doc/openswan/index.html, because it is a duplicate of /usr/share/doc/openswan/doc/index.html, and only the latter one has links to existing files. Closes: #311613: openswan: html documentation links to the wrong place Closes: #357719: broken links in file:///usr/share/doc/openswan/index.html Closes: #357698: broken links in file:///usr/share/doc/openswan/index.html * Add #ifdef to linux/net/ipsec/ipsec_init.c to branch between Debian and vanilla 2.4 kernels. For Debian kernels with the XFRM (26sec) backport, a second option is necessary for inet_(add|del)_protocol. This should allow KLIPS to compile on both Debian and vanilla 2.4 kernels. Verified that it compiles with Debian 2.4.27-12 and vanilla 2.4.32. Closes: #340294: openswan-modules-source: fails to build with 2.4.27 on sarge Closes: #342844: kernel-patch-openswan: FTBS with kernel-source-2.4.27 2.4.27-11 * Document in README.Debian that KLIPS for 2.4 kernels will not compile with newer GCC versions and give a hint on how to use older versions with make-kpkg. * Kernel 2.6.8 is not properly supported and is horribly outdated by now. If you really need to use 2.6.8, then please use the native 26sec IPSec stack. For KLIPS support, use at least 2.6.12, or better 2.6.15. Closes: #318136: kernel-patch-openswan: Problem applying kernel-openswan-patch to kernel-source-2.6.8 * Compress the modules source tree with bzip2 instead of gzip and thus reduce the size of the openswan-modules-source package. -- Rene Mayrhofer Sat, 15 Apr 2006 21:36:36 +0100 openswan (1:2.4.4-3.1) unstable; urgency=high * Non-maintainer upload with maintainer's agreement * Fix FTBFS by replacing the build dependency on libopensc1-dev to libopensc2-dev. Closes: #352050 * Really clean when building Closes: #356716 * Correct typos and English errors in templates Unfuzzy translations Closes: #316693 * Swedish debconf templates translation added Closes: #339390 -- Christian Perrier Thu, 16 Mar 2006 06:10:05 +0100 openswan (1:2.4.4-3) unstable; urgency=low * Corrected PATCHNAME in the kernel-patch-openswan unpatch script. Closes: #344852: kernel-patch-openswan: PATCHNAME=openswan in apply script but =freeswan in unpatch -- Rene Mayrhofer Tue, 27 Dec 2005 10:38:33 +0000 openswan (1:2.4.4-2) unstable; urgency=low * Build-depend on libkrb5-dev. Closes: #344612: openswan: pluto has shared library dependency on libkrb5support.so -- Rene Mayrhofer Mon, 26 Dec 2005 11:22:17 +0000 openswan (1:2.4.4-1) unstable; urgency=high Reasoning for urgency high: DoS security issues. * New upstream version. This is supposed to fix the other part of the DoS problem. -- Rene Mayrhofer Fri, 18 Nov 2005 19:23:49 +0000 openswan (1:2.4.3-1) unstable; urgency=high Reasoning for urgency high: DoS security issues. * New upstream version. Closes: Bug#339082: kernel-patch-openswan: ISAKMP implementation problems / DoS -- Rene Mayrhofer Tue, 15 Nov 2005 15:49:44 +0000 openswan (1:2.4.0-3) unstable; urgency=low * Doh. Forgot to merge the new debconf depends from my openswan 2.2.0 package branch. Now again change the debconf depends to debconf | debconf-2.0. Closes: #332055: openswan depends on debconf without | debconf-2.0 alternate; blocks cdebconf transition * Also build-depend on the new libssl (>= 0.9.8-1) now to help the transition. If you recompile this package for woody/sarge, you can safely ignore this versioned build-dependency. No new API is needed this is just for the ABI transition. -- Rene Mayrhofer Mon, 10 Oct 2005 11:22:12 +0100 openswan (1:2.4.0-2) unstable; urgency=low * Module building has changed a bit for the new openswan upstream releases (need additional files). Adapt the openswan-modules-source package to that and also fix pfkey_v2.c to compile with kernel 2.4 (patches sent to upstream for future inclusion). Closes: #291274: Fails to build with 2.4.29: missing Makefile Closes: #273443: openswan-modules-source: doesn't build with 2.6.8 - different from #273144 (?) * Fix the postinst script (must have been a bash update that broke it). Closes: #330864: openswan: postinst fails with "`make-x509-cert': not a valid identifier" -- Rene Mayrhofer Fri, 30 Sep 2005 18:11:28 +0100 openswan (1:2.4.0-1) unstable; urgency=low * New upstream release. This finally allows the Debian packages to be updated since the regression from 2.2.X to 2.3.X has been fixed (pluto crash with roadwarriors). Please be aware that pluto daemons from 2.2 or 2.3 openswan release will still crash, so please update all your installations as soon as possible. Closes: #292132: openswan: OpenSwan 2.2.0 crashes when a road-warrior comes in using 2.3.0 This release also supports KLIPS with 2.6 kernels now. Closes: #301801: kernel-patch-openswan: Fails to build with Debian 2.6.10 source #273443: openswan-modules-source: doesn't build with 2.6.8 - different from #273144 (?) #318136: kernel-patch-openswan: Problem applying kernel-openswan-patch to kernel-source-2.6.8 * Fixed gcc 4 compile for fswcert (patch will be forwarded to upstream). * Added Vietnamese debconf translation. Closes: #316692: INTL:vi * Introduced the epoch in this branch to allow automatic updates from the previously downgraded 2.2 release. * Edited the debian/copyright file to mention the shared GPL path and removed old licenses (only refer to CREDITS now). -- Rene Mayrhofer Mon, 19 Sep 2005 13:40:30 +0100 openswan (2.3.1-1) unstable; urgency=high Urgency HIGH because openswan is an important package for testing (at least in my opinion...). * New upstream version. This update should fix the various crashes that openswan 2.3.0 pluto was causing on other openswan boxes (occured in the wild with 2.2.0 and 2.3.0, but might also happen with others) in some cases. Closes: #292132: openswan: OpenSwan 2.2.0 crashes when a road-warrior comes in using 2.3.0 * Adapt to the new way of building modules (which changed between upstream version 2.2.0 and 2.3.0). openswan-modules-source should now build with 2.4 and with 2.6 kernels (using make-kpkg). Closes: #291274: Fails to build with 2.4.29: missing Makefile Closes: #276521: openswan-modules-source: ipsec_aes.o & ipsec_cryptoapi.o not kernel modules * Also enable building of 2.6 kernel modules in openswan-modules-source. Closes: #273443: openswan-modules-source: doesn't build with 2.6.8 - different from #273144 (?) * kernel-patch-openswan also needed some changes due to the new tree layout (specifically the new Makefile.top). Now kernel-patch-openswan has been enabled to work with kernel 2.6, so you can now get ipsecX interfaces with kernel 2.6 (tested with vanilla 2.6.10)! Closes: #301801 kernel-patch-openswan: Fails to build with Debian 2.6.10 source * There was no reply by the original bug submitter, so this really seemed to be a toolchain problem. I can't reproduce this bug. Closes: #283387: openswan: Fails to build on testing (Sarge) * The build-dependency has already been updated from libcurl2-dev to libcurl3-dev in package 2.3.0-1. Now updated it to libcurl3-dev | libcurl2-dev so that backporting to woody is easier. Closes: #298468 openswan fails to build on sarge due to missing libcurl2-dev dependancy * The same goes for libopensc*-dev. * Fixed typos in the logcheck ignore files. Closes: #298693: openswan: logcheck files - typo * Updated debconf translations. Closes: #290847: openswan: [INTL:fr] French debconf templates translation Closes: #292077: [INTL:pt_BR] Please apply the attached patch in order to update openswan's pt_BR debconf translation Closes: #294202: [l10n] Czech po-debconf template translation (cs.po) * Removed the source code for the fswcert utility from the debian/ dir in the source package - it is now included in the upstream source under programs/. * Removed the conflicts with ike-server (still providing it though). Closes: #297186: openswan: Remove conflict on ike-server * Don't conflict with freeswan generally, but only with versions < 2.04-12. (This is in preparation of the freeswan transition package that I am working on.) * Explicitly remove the execute permissions from /etc/ipsec.d/policies/*. Closes: #298245: wrong permissions in /etc * No longer need gawk for openswan scripts to work. This allows to finally removed the awk-to-gawk hack in debian/rules and means that openswan no longer depends on gawk. * Enable the building of pluto code for dynamic URL fetching (which needs libldap2-dev and libcurl3-dev) and the XAUTH PAM support. Therefore, we now build-depend on libpam0g-dev. Closes: #292838: openswan: Dynamic CRL fetching not supported -- Rene Mayrhofer Sat, 9 Apr 2005 17:56:16 +0200 openswan (2.3.0-2) unstable; urgency=HIGH Urgency HIGH due to security issue and problems with build-deps in sarge. * Fix the security issue. Please see http://www.idefense.com/application/poi/display?id=190&type=vulnerabilities&flashstatus=false or CAN-2005-0162 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0162 for more details. Thanks to Martin Schulze for informing me about this issue. Closes: #292458: Openswan XAUTH/PAM Buffer Overflow Vulnerability * Added a Build-Dependency to lynx. Closes: #291143: openswan: FTBFS: Missing build dependency. -- Rene Mayrhofer Thu, 27 Jan 2005 16:10:11 +0100 openswan (2.3.0-1) unstable; urgency=low * New upstream release. Important change: aes-sha1 is now the default proposal (but 3des-md5 is still supported if the other side requests it). Please look at /usr/share/doc/openswan/docs/RELEASE-NOTES for details. * Includes KLIPS support for kernel 2.6 for the first time, but I have not yet modified openswan-modules-source to cope with that. If somebody wants to lend me a hand to address #273443, it would be more than welcome. * This release includes a fix for the reported snmpd crash (in ipsec_tunnel.c). Many thanks to Nate Carlson for pointing this out. Closes: #261892: openswan: System crashes when snmpd runs at the same time * Update Build-Depends from libopensc0-dev to libopensc1-dev. Closes: #289600: openswan: can't fulfill the build dependencies * Update Build-Depends from libcurl2-dev to libcurl3-dev. * Include Japanese debconf translation and fix a typo in the master. Closes: #288996: openswan: Japanese po-debconf template translation (ja.po) and typo in template.pot * Auto-apply the NAT Traversal patch with kernel-patch-openswan again. This was changed by openswan (the freeswan version included the NAT-T patch automatically). Thus, the patch is now applied before inserting the KLIPS part. * Include a ready-to-use NAT-T diff in the openswan-modules-source package so that anybody who uses this package still has the option of using NAT Traversal (though this means patching the kernel anyway, and kind of makes the out-of-tree compilation senseless). However, Debian 2.4 series kernels should already have NAT-T applied. * Document the above two changes in the package descriptions and README.Debian. -- Rene Mayrhofer Thu, 13 Jan 2005 09:30:45 +0100 openswan (2.2.0-5) unstable; urgency=low * Added more explanations to README.Debian on how to build the kernel modules with either openswan-modules-source or kernel-patch-openswan. -- Rene Mayrhofer Sat, 16 Oct 2004 13:11:48 +0200 openswan (2.2.0-4) unstable; urgency=medium Urgency medium to get this version into sarge - it fixes a bug that turned up on some machines and prevented openswan from starting. * no_oe.conf will work when there are spaces at the end, many thanks to Hans Fugal for figuring that out! Closes: #270012: openswan: Fails to start after Installation (/etc/ipsec.d/examples/no_oe.conf problem?) I am now sending this towards upstream so that it should hopefully get fixed for the next release - it's a bit awkward for a config file. * Fixed a minor aesthetical issue in openswan.postinst: when a plain RSA key is already present in ipsec.secrets and a new one is being created, a needless line was printed. Silenced by adding -q to egrep. -- Rene Mayrhofer Sun, 3 Oct 2004 20:57:22 +0200 openswan (2.2.0-3) unstable; urgency=low * Also added flex to Build-Depends, the new starter (replacement for the init scripts, but not yet active) needs it to build. Closes: #272935: openswan_2.2.0-1(ia64/unstable): FTBFS: missing build-depends Closes: #273241: openswan: FTBFS: Missing Build-Depends on 'flex' * Adapted the rules file of openswan-modules-source to cope with the new upstream source code - need to generate a C file from a template before the ipsec module can be built. Closes: #273144: openswan-modules-source: linux/net/ipsec/version.c neither created nor compiled * Enabled the building of modular extensions (AES and cryptoapi) by default for openswan-modules-source. Also enabled the AES cipher in addition to 3DES (this is directly in the ipsec.o kernel module, the modular extensions version is an alternative to this). -- Rene Mayrhofer Fri, 24 Sep 2004 12:38:47 +0200 openswan (2.2.0-2) unstable; urgency=low * Added bison to Build-Depends. -- Rene Mayrhofer Thu, 23 Sep 2004 15:18:51 +0200 openswan (2.2.0-1) unstable; urgency=medium * New upstream version: - Introduces AES support, which is the reason for urgency medium. AES should definitly go into sarge. - Adds RFC 3706 DPD (dead peer detection) support, see /usr/share/doc/openswan/docs/README.DPD for details. This adds the last missing piece (AES) to replace the freeswan package completely. As of now, freeswan is officially unsupported and will soon be removed from Debian. Please upgrade to openswan, which should not cause any issues. Configuration files and certificates are completely compatible. Closes: #270012: openswan: Fails to start after Installation (/etc/ipsec.d/examples/no_oe.conf problem?) I can no longer reproduce this problem on a fresh install of 2.2.0-1. Closes: #260120: openswan: Patch fixing #256391 breaks the autogenerated certificate The new X.509 patch included in this upstream release (no longer patched by the Debian package) should fix this too. Closes: #246828: /etc/ipsec.conf refers to invalid URLs The default ipsec.conf file distributed by upstream no longer refers to an URL. * Fixed a thinko in the postinst script that prevented the correct insertion of plain RSA keys into /etc/ipsec.secrets (i.e. not using X.509 certificates). Fixed now. Closes: #268742: openswan: Plain RSA key not successfully written to ipsec.secrets * Adapt to the new way of openswan handling the disabling of opportunistic encryption. In the default ipsec.conf distributed with upstream openswan, OE is now disabled (which changes the previous default). Adapted the postinst script so that it can now enable and disable OE support based on the debconf option. Closes: #268743: openswan: fails to respect debconf OE setting * Updated the French and Brazilian Portugese debconf translations. Closes: #256457: openswan: [INTL:fr] French debconf templates translation Closes: #264246: openswan: [INTL:pt_BR] Please use the attached Brazilian Portuguese debconf template translation * Patched debian/fswcert/fswcert.c to compile cleanly with gcc-3.4. Thanks to Andreas Jochens for the patch! Closes: #262663: openswan: FTBFS with gcc-3.4: label at end of compound statement * Documented how to build the KLIPS kernel part with either the kernel-patch-openswan or the openswan-modules-source packages. Closes: #246819: Needs documentation on how to build the kernel modules * Bump Standards-Version to 3.6.1.0, no changes necessary. -- Rene Mayrhofer Tue, 21 Sep 2004 18:13:52 +0200 openswan (2.1.5-1) unstable; urgency=medium * New upstream release, which fixes another potential security issue. -- Rene Mayrhofer Sun, 5 Sep 2004 18:00:40 +0200 openswan (2.1.3-1) unstable; urgency=HIGH Urgency high because of a possibly security issue. * New upstream version. This includes the CRL fix form 2.1.1-5 and the proper activation of NAT traversal in Makefile.inc. Closes: #253457: Openswan: new upstream available that includes xauth Closes: #253458: Openswan: new upstream available that includes xauth Closes: #253461: Openswan: new upstream available Closes: #253782: openswan: Should automatically load kernel module xfrm_user But I have currently not explicitly enabled xaut support in Makefile.inc, quoting from there: "off by default, since XAUTH is tricky, and you can get into security trouble". If it needs to be enabled to work, please tell me and I will need to take a far closer look on it (and the involved problems). This new upstream version also fixes a possible security issue in the X.509 certificate authentication. * The last upload didn't seem to have hit the archives, strange... However, the bugs are still fixed, closing them now. Closes: #245450: openswan should not depend on kernel-image-2.4 || kernel-image-2.6 Closes: #246847: openswan: shouldn't conflict with ike-server Closes: #246373: openswan: [INTL:fr] French debconf templates translation -- Rene Mayrhofer Thu, 17 June 2004 12:22:45 +0200 openswan (2.1.1-5) unstable; urgency=low * Applied a patch from openswan CVS to fix CRL related crashes. * Drop the dependency on kernels it works with - the package description already says that it will need kernel support to work. This allows people to easily use self-compiled kernels with the right support (e.g. 2.6.5). Closes: #245450: openswan should not depend on kernel-image-2.4 || kernel-image-2.6 * While I'm at it, also replace the various Suggests: *freeswan* with openswan. Oops. * openswan conflicts with ike-server because only one ike-server can be active at any given time (it will listen on UDP port 500). This policy has been agreed to by all Debian IPSec package maintainers and implemented in all ike-server providing packages. Closes: #246847: openswan: shouldn't conflict with ike-server * Took the debconf translations from the freeswan package and "ported" them via debconf-updatepo. Thanks to Christian Perrier for mentioning that it was this easy. The templates should now be correct (all instances of FreeS/wan replaced by Openswan). Closes: #246373: openswan: [INTL:fr] French debconf templates translation -- Rene Mayrhofer Tue, 18 May 2004 19:46:24 +0200 openswan (2.1.1-4) unstable; urgency=low * Fixed the kernel-patch-openswan apply script. * Warning: Due to an upstream bug, pluto from this version will dump core on certain CRLs. If you are hit by this bug, please report it directly to upstream, they are still tracking the issue down. -- Rene Mayrhofer Thu, 15 Apr 2004 09:50:32 +0200 openswan (2.1.1-3) unstable; urgency=low * Also build the openswan-modules-source and kernel-patch-openswan packages now. * Fixed _startklips in combination with the native IPSec stack - many thanks to Nate Carlson for the patch. -- Rene Mayrhofer Wed, 31 Mar 2004 19:33:49 +0200 openswan (2.1.1-2) unstable; urgency=low * Took the package as official maintainer. * Updated all relevant packaging stuff to the level of freeswan 2.04-9, including auto-generation of X.509 certificates and insertion in ipsec.secrets. This also corrects the libexec path in some scripts. -- Rene Mayrhofer Wed, 31 Mar 2004 11:23:46 +0200 openswan (2.1.1-1) unstable; urgency=low * Initial version - packaging based on Rene Mayrhofer's FreeS/WAN packaging -- Alexander List Sun, 21 Mar 2004 21:47:53 +0100 Local variables: mode: debian-changelog End: debian/openswan-modules-dkms.docs0000664000000000000000000000003512010653511014266 0ustar CREDITS debian/README.Debian debian/openswan.postrm0000664000000000000000000000222512010653511012263 0ustar #! /bin/sh # postrm script for openswan # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `purge' # * `upgrade' # * `failed-upgrade' # * `abort-install' # * `abort-install' # * `abort-upgrade' # * `disappear' overwrit>r> # for details, see /usr/share/doc/packaging-manual/ case "$1" in purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 0 esac if [ "$1" = "purge" ] ; then update-rc.d ipsec remove >/dev/null rm -rf /etc/ipsec.d/ rm -rf /var/lib/openswan/ rm -rf /var/run/pluto/ if [ -e /usr/share/debconf/confmodule ]; then # Source debconf library. . /usr/share/debconf/confmodule # Remove my changes to the db. db_purge fi fi # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# debian/openswan-modules-dkms.dirs0000664000000000000000000000001212010653511014272 0ustar /usr/src/ debian/README.Debian0000664000000000000000000002135112010653511011225 0ustar openswan for Debian ---------------------- 1) General Remarks This package has been created from scratch with some ideas from the freeswan 1.3 package by Tommi Virtanen and the freeswan 1.5 package by Aaron Johnson merged in. Most of the (already removed) code in debian/rules for creating the linux-patch-openswan package was initially taken from Tommi Virtanen's package, but had been mostly rewritten to fit the needs of different kernel versions (since version 1.9-1). After the decision of the FreeS/WAN project to cease the development of FreeS/WAN, the Debian package team decided to switch over to the Openswan fork. This code base included all the patches that had to be applied manually before, which made packaging simple. Alexander List prepared the first preliminary openswan package based on Rene Mayrhofer's freeswan packaging, who in turn updated to the relevant parts of the last freeswan package. 2) Plain RSA key creation Note: Usage of such keys is deprecated in favour of newer X.509 certificates. If you still want to create an old style plain RSA key, you can create it with ipsec rsasigkey $KEYLENGTH > $TMPFILE where $KEYLENGTH should be >= 2048. The resulting private key must be inserted into /etc/ipsec.secrets and enclosed with a ": RSA { .... }" marker. The following commands can be used to create a correctly formatted block: echo -e ': RSA\t{' >> /etc/ipsec.secrets; cat $TMPFILE >> /etc/ipsec.secrets; echo -e '\t}' >> /etc/ipsec.secrets; Afterwards, it is recommended to remove $TMPFILE in a secure manner (using something line srm, shred, wipe...) and create a public key line for insertation into the "conn" section of ipsec.conf with ipsec showhostkey --left (or "--right" depending on which side you want to use it). For further information please take a closer look at the manpages ipsec_rsasigkey, ipsec.secrets, ipsec_showhostkey and ipsec.conf. 3) IPsec Kernel Support Note: This package per default uses the in-kernel IPsec stack, which is available in all recent stock Debian kernel images. The advantage of this in-kernel stack is that it is well supported and does not require external modules to be built. The disadvantage is that it no longer uses virtual ipsecX network interfaces and therefore makes debugging IPsec connections slightly harder (e.g., tcpdump can not be used separately on encrypted and unencrypted traffic). If you want to use the openswan utilities, you will need the appropriate kernel modules. The Debian default kernel native IPsec stack can be used out-of-the-box with openswan pluto, the key management daemon. This native Linux IPsec stack is of high quality, has all of the features of the latest Debian freeswan and openswan packages (i.e. support for other ciphers like AES and NAT Traversal support) and is well integrated into the kernel networking subsystem (which is not true for the openswan kernel modules). The easiest way to get IPsec support in Debian is to use the default kernels (or recompile from the Debian kernel sources). If you do not want to use the in-kernel IPsec stack, then the openswan kernel part can be compiled as stand-alone module. Starting with kernel >= 2.6.23 and openswan >= 2.6.22, NAT Traversal will work without patching the kernel, also with KLIPS compiled as a module. Therefore, the linux-patch-openswan package and the NAT Traversal patches have both been dropped. On the other hand, please note that there are two packages available, each gearing towards a different group of users: * openswan-modules-dkms is suitable for end users to use KLIPS on on the same machine where the package is being installed. The module will be built automatically upon installing a new kernel and its respective headers package. No further documentation is necessary, as the build and installation process is fully automatic when this package and the kernel headers are installed. * openswan-modules-source targets the system administrators wishing to distribute pre-built KLIPS modules to multiple machines as a standard Debian package. This approach takes more work but is also a lot more flexible. 4) Building KLIPS from openswan-modules-source For building modules with openswan-modules-source three different approaches can be used: * The easiest way consists of installing module-assistant and the needed linux-headers packages, then simply issuing module-assistant build openswan to build the package. Please note that when compiling modules for a kernel version which differs from the one running on the compilation host then the option --kvers-list must be supplied to the module-assistant command. * When invoking make-kpkg from kernel-package to do the module compilation the linux-source package has to be installed and the openswan-modules.tar.gz from openswan-modules-source needs to be extracted under /usr/src. Keep in mind that it is not enough to just put the the linux source tree in place, but it also needs to be configured and a successful kernel build process must be completed before the command make-kpkg --added_modules openswan modules_image can be used to actually compile and package the module. Note that, in order to work with a specific kernel version, it's likely that also the options --append_to_version and --revision will need to be set. For getting example values of the running kernel, issue the command uname -r | sed 's/.*\.[0-9]*-/-/' to retrieve the --append_to_version parameter and look at the Version column in the output of the line dpkg --list linux-image-`uname -r` which provides the --revision argument. * Invoking debian/rules directly is the third and most flexible approach to compile and package the module, but this method also leaves the task of cleaning up to the administrator. After extracting openswan-modules.tar.gz change to /usr/src/modules/openswan and issue the command debian/rules binary-modules to start building the module. Some variables that might need to be set in order to make the process run correctly: KVERS: the complete kernel version (as retrieved by 'uname -r') KDREV: the kernel revision (equal --revision argument) KSRC: the location of the kernel tree (/usr/src/linux-headers-`uname -r` for example) KMAINT: the binary package maintainer (defaults to Rene Mayrhofer) KEMAIL: the maintainer's mailaddress (defaults to rmayr@debian.org) Please remember to clean up completely after building the binary package by calling debian/rules kdist_clean Otherwise, future build processes might lead to incorrect results. 5) Using Openswan with SAref In order to use the SAref feature allowing users to connect multiple clients from behind the same NAT device and multiple clients using the same internal IP behind different NAT devices, the Linux kernel needs to be patched. At the time of this writing there are patches available for kernel version 2.6.32 from Lenny/Sid and 2.6.35-rc6 from experimental which are shipped in the openswan-modules.tar.bz2 file from openswan-modules-source. The recommended method for creating a patched kernel is using the make-kpkg approach which is documented in the above section. After extracting the linux and the openswan source in /usr/src change to the to the kernel source directory and patch the source code by issuing the commands patch -p1 < /usr/src/modules/openswan/patches/kernel/$VERSION/0001-SAREF-add-support-for-SA-selection-through-sendmsg.patch patch -p1 < /usr/src/modules/openswan/patches/kernel/$VERSION/0002-SAREF-implement-IP_IPSEC_BINDREF.patch where $VERSION is the base kernel version (without the --append_to_version suffix). To enable the new feature in the kernel config, compile the kernel and the openswan module, you may also want to install libncurses5-dev and then call make-kpkg this way: make-kpkg --append_to_version APPEND_PARAM --revision REVISION_PARAM \ --added_modules openswan --initrd --config menuconfig configure kernel_\ image modules_image In the displayed menu first enter "Networking support", then proceed to "Networking options", there select "IP: IPsec SAref interface (KLIPS)". When exiting answer yes to save your new kernel configuration so that make-kpkg uses it when compiling the new kernel. Afterwards install the newly created linux-image and openswan-modules packages and then reboot the computer. To finally activate the SAref feature the ipsec.conf file must be modified: In the config setup section protostack=mast has to be specified and overlapip=yes needs to be added to the affected conn descriptions. Also note that the MAST stack does not use "eroutes", so the ipsec eroute command no longer returns tunnel information, at the moment please issue ipsec auto --status to retrieve connection details. debian/control0000664000000000000000000000757012010653511010576 0ustar Source: openswan Section: net Priority: optional Maintainer: Rene Mayrhofer Uploaders: Harald Jenny Standards-Version: 3.9.3 Vcs-Browser: http://git.debian.org/?p=pkg-swan/openswan.git;a=summary Vcs-Git: git://git.debian.org/git/pkg-swan/openswan.git Build-Depends: dpkg-dev (>= 1.16.1~), debhelper (>= 7.1), libgmp3-dev, libssl-dev (>= 0.9.8), libcurl4-openssl-dev, libldap2-dev, libpam0g-dev, libkrb5-dev, bison, flex, bzip2, po-debconf Homepage: http://www.openswan.org/ Package: openswan Architecture: linux-any Pre-Depends: debconf | debconf-2.0 Depends: ${shlibs:Depends}, ${misc:Depends}, bsdmainutils, openssl, host, iproute, iproute (>=20041019-0.1) | ipsec-tools Suggests: openswan-modules-source | openswan-modules-dkms, openswan-doc, curl Provides: ike-server Conflicts: ike-server Replaces: ike-server Description: Internet Key Exchange daemon Openswan is an IPsec based VPN solution for the Linux kernel. It can use the native IPsec stack as well as the KLIPS kernel module. Both IKEv1 and IKEv2 protocols are supported. . The Openswan IKE daemon is named pluto. It was inherited from the FreeS/WAN project, but provides improved X.509 certificate support and other features. . In order to use the KLIPS IPsec code instead of the native version, you will need to either install openswan-modules-source and build the appropriate module for your kernel or use openswan-modules-dkms which automates this task. Package: openswan-dbg Architecture: linux-any Section: debug Priority: extra Depends: ${misc:Depends}, openswan (= ${binary:Version}) Description: Internet Key Exchange daemon - debugging symbols Openswan is an IPsec based VPN solution for the Linux kernel. It can use the native IPsec stack as well as the KLIPS kernel module. Both IKEv1 and IKEv2 protocols are supported. . This package provides the symbols needed for debugging of openswan binaries. Package: openswan-doc Architecture: all Section: doc Depends: ${misc:Depends} Description: Internet Key Exchange daemon - documentation Openswan is an IPsec based VPN solution for the Linux kernel. It can use the native IPsec stack as well as the KLIPS kernel module. Both IKEv1 and IKEv2 protocols are supported. . This package provides the free parts of the documentation for Openswan. Package: openswan-modules-source Architecture: all Section: kernel Depends: ${misc:Depends}, debhelper, bzip2 Recommends: module-assistant | kernel-package, linux-headers | linux-source Suggests: openswan Description: Internet Key Exchange daemon - kernel module source Openswan is an IPsec based VPN solution for the Linux kernel. It can use the native IPsec stack as well as the KLIPS kernel module. Both IKEv1 and IKEv2 protocols are supported. . For support of the old-style KLIPS ipsecX network interfaces a custom kernel module is needed. . This package contains source code for the Openswan IPsec kernel module, which can be used with tools like module-assistant or kernel-package for manual building of local kernel images. . Kernel versions >= 2.6.23 no longer need to be patched to provide NAT Traversal support for KLIPS. Package: openswan-modules-dkms Architecture: linux-any Section: kernel Depends: ${misc:Depends}, dkms, openswan Description: Internet Key Exchange daemon - DKMS source Openswan is an IPsec based VPN solution for the Linux kernel. It can use the native IPsec stack as well as the KLIPS kernel module. Both IKEv1 and IKEv2 protocols are supported. . For support of the old-style KLIPS ipsecX network interfaces a custom kernel module is needed. . This package contains source code for the Openswan IPsec kernel module, which can be used with DKMS so that local kernel images are automatically built and installed every time relevant kernel packages are upgraded. . Kernel versions >= 2.6.23 no longer need to be patched to provide NAT Traversal support for KLIPS. debian/openswan-modules-source.rules0000775000000000000000000000713612010653511015046 0ustar #!/usr/bin/make -f # Sample debian/rules that uses debhelper. # GNU copyright 1997 to 1999 by Joey Hess. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 VERS = $(shell sed -ne '1s/.*(\(.*\)).*/\1/p' debian/changelog) # KSRC is the location of the kernel source. This is the default value, # when make-kpkg is used it will supply to real value KSRC = /usr/src/linux # KDREV is the package-revision, as given to make-kpkg by the user. # Just put a simply default value in here which we use when we test # the packagebuilding without make-kpkg KDREV = "Custom.1.00" # Separate the epoch from the normal revision number in KDREV # for use with dh_gencontrol KDREV_EPOCH = $(shell echo $(KDREV) | sed -ne '1s/\([^:]*:\)\?\(.*\)/\1/p') KDREV_REV = $(shell echo $(KDREV) | sed -ne '1s/\([^:]*:\)\?\(.*\)/\2/p') # Now we need to get the kernel-version somehow if test -d $(KSRC); then \ KVERS=`sed -n -e '/UTS_RELEASE/s/^[^"]*"\([^"]*\)".*$$/\1/p' $(KSRC)/include/linux/version.h`; \ fi # KMAINT and KEMAIL should be set but in case they are not we specify # sane default values ifeq ($(KMAINT),) KMAINT = Rene Mayrhofer endif ifeq ($(KEMAIL),) KEMAIL = rmayr@debian.org endif SED_SCRIPT=s!\$$KVERS!$(KVERS)!g; \ s!\$$KEMAIL!$(KEMAIL)!; \ s!\$$KMAINT!$(KMAINT)!; \ s!\$$KDREV!$(KDREV)! ifeq ($(DEB_DEST),) DEB_DEST=$(KSRC)/.. endif # Clear root command if already root ifeq ($(shell id -u),0) ROOT_CMD= endif # export these variables as they are necessary for building export KERNELSRC=${KSRC} export OPENSWANSRCDIR=$(CURDIR) # this primarily sets ARCH, we may be able to do that in another way # but it also defines IPSECVERSION, which is needed below include Makefile.inc debian/control: debian/control.in if ! test -f $@; then \ sed -e "$(SED_SCRIPT)" debian/control.in > $@; \ fi .PHONY: debian/control debian/docs: cp debian/docs.in debian/openswan-modules-$(KVERS).docs debian/lintian-overrides: sed -e "$(SED_SCRIPT)" debian/lintian-overrides.in > debian/openswan-modules-$(KVERS).lintian-overrides configure: configure-stamp configure-stamp: dh_testdir # Add here commands to configure the package. touch configure-stamp build: debian/control debian/docs debian/lintian-overrides configure-stamp build-stamp build-stamp: dh_testdir $(MAKE) module26 touch build-stamp clean: dh_testdir dh_testroot rm -f build-stamp configure-stamp $(MAKE) module26clean rm -rf OBJ.* || true dh_clean rm -f debian/control || true rm -f debian/openswan-modules-*.docs || true rm -f debian/openswan-modules-*.lintian-overrides || true MODDESTDIR=$(CURDIR)/debian/openswan-modules-$(KVERS)/lib/modules/$(KVERS)/kernel/net/ipsec install: install: build dh_testdir dh_testroot dh_prep dh_installdirs mkdir -p $(MODDESTDIR) cp modobj26/ipsec.ko $(MODDESTDIR) # Build architecture-independent files here. binary-indep: build install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: build install dh_testdir dh_testroot dh_installdocs dh_installmodules dh_installchangelogs CHANGES dh_compress dh_fixperms dh_lintian dh_installdeb dh_gencontrol -- -v$(KDREV_EPOCH)$(VERS)+$(KDREV_REV) dh_md5sums dh_builddeb --destdir=$(DEB_DEST) binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install configure binary-modules: binary kdist_image: $(ROOT_CMD) $(MAKE) -f debian/rules binary-modules $(ROOT_CMD) $(MAKE) -f debian/rules clean kdist_clean: debian/control clean kdist: $(ROOT_CMD) $(MAKE) -f debian/rules binary-modules kdist_configure: configure-stamp .PHONY: binary-modules kdist_image debian/openswan.docs0000664000000000000000000000001012010653511011655 0ustar CREDITS debian/logcheck.violations.ignore0000664000000000000000000000004012010653511014326 0ustar ipsec_setup: KLIPS debug `none' debian/patches/0000775000000000000000000000000012010653511010611 5ustar debian/patches/series0000664000000000000000000000040012010653511012020 0ustar initd-header pluto.8-linebreak eroute.8-linebreak auto.8-linebreak ipsec.conf.5_confread-linebreak updown.mast-scriptfix should_be_zero-field cisco-issues-fix plutostderrlogtime coding-fixes cryptographic_overload-fix transport-trafsel startklips-ip_route debian/patches/updown.mast-scriptfix0000664000000000000000000000153712010653511015032 0ustar Description: Fix a scripting error Author: Harald Jenny Origin: upstream git Last-Update: 2012-06-21 Index: openswan-debian/programs/_updown.mast/_updown.mast.in =================================================================== --- openswan-debian.orig/programs/_updown.mast/_updown.mast.in 2012-06-29 19:15:42.169617434 +0200 +++ openswan-debian/programs/_updown.mast/_updown.mast.in 2012-06-29 19:16:30.837617459 +0200 @@ -350,10 +350,11 @@ restoreresolvconf() { if [ -n "`pidof unbound`" ]; then - if [ -n "$PLUTO_CISCO_DNS_INFO" ] + if [ -n "$PLUTO_CISCO_DNS_INFO" ]; then echo "flushing local nameserver of $PLUTO_CISCO_DOMAIN_INFO" /usr/sbin/unbound-control forward_remove $PLUTO_CISCO_DOMAIN_INFO /usr/sbin/unbound-control flush_zone $PLUTO_CISCO_DOMAIN_INFO + fi return fi debian/patches/cryptographic_overload-fix0000664000000000000000000000570012010653511016073 0ustar Description: Fix ikev2 state engine Author: Paul Wouters Origin: upstream git Last-Update: 2012-06-21 Index: openswan-debian/programs/pluto/ikev2.c =================================================================== --- openswan-debian.orig/programs/pluto/ikev2.c 2012-06-29 19:15:39.245617496 +0200 +++ openswan-debian/programs/pluto/ikev2.c 2012-06-29 19:16:45.285617533 +0200 @@ -906,7 +906,27 @@ cur_state = st = md->st; /* might have changed */ - passert(st); /* apparently on STF_TOOMUCH_CRYPTO we have no state? Needs fixing */ + /* passert(st); // apparently on STF_TOOMUCH_CRYPTO we have no state? Needs fixing */ + /* + * XXX/SML: There is no need to abort here in all cases if state is + * null, so moved this precondition to where it's needed. Some previous + * logic appears to have been tooled to handle null state, and state might + * be null legitimately in certain failure cases (STF_FAIL + xxx). + * + * One condition for null state is when a new connection request packet + * arrives and there is no suitable matching configuration. For example, + * ikev2parent_inI1outR1() will return (STF_FAIL + NO_PROPOSAL_CHOSEN) but + * no state in this case. While other failures may be better caught before + * this function is called, we should be graceful here. And for this + * particular case, and similar failure cases, we want SEND_NOTIFICATION + * (below) to let the peer know why we've rejected the request. + */ + if(st) { + from_state_name = enum_name(&state_names, st->st_state); + from_state = st->st_state; + } else { + from_state_name = "no-state"; + } md->result = result; TCLCALLOUT("v2AdjustFailure", st, (st ? st->st_connection : NULL), md); @@ -938,6 +958,7 @@ case STF_OK: /* advance the state */ + passert(st); success_v2_state_transition(mdp); break; @@ -949,20 +970,22 @@ /* well, this should never happen during a whack, since * a whack will always force crypto. */ + passert(st); set_suspended(st, NULL); pexpect(st->st_calculating == FALSE); - from_state = st->st_state; - openswan_log("message in state %s ignored due to cryptographic overload" - , enum_name(&state_names, from_state)); + openswan_log("message in state %s ignored due to " + "cryptographic overload" + , from_state_name); break; case STF_FATAL: /* update the previous packet history */ /* update_retransmit_history(st, md); */ + passert(st); whack_log(RC_FATAL , "encountered fatal error in state %s" - , enum_name(&state_names, st->st_state)); + , from_state_name); delete_event(st); { struct state *pst; @@ -983,11 +1006,6 @@ /* FALL THROUGH ... */ case STF_FAIL: - if(st) { - from_state_name = enum_name(&state_names, st->st_state); - } else { - from_state_name = "no-state"; - } whack_log(RC_NOTIFICATION + md->note , "%s: %s" debian/patches/transport-trafsel0000664000000000000000000001021212010653511014222 0ustar Description: Fix traffic selectors passing in Transport Mode Author: Avesh Agarwal Origin: upstream git Last-Update: 2012-06-28 Index: openswan-debian/programs/pluto/kernel.c =================================================================== --- openswan-debian.orig/programs/pluto/kernel.c 2012-06-29 19:15:38.633617434 +0200 +++ openswan-debian/programs/pluto/kernel.c 2012-06-29 19:16:46.829617481 +0200 @@ -1438,6 +1438,7 @@ said_next->dst = &dst.addr; said_next->src_client = &src_client; said_next->dst_client = &dst_client; + said_next->transport_proto = c->spd.this.protocol; said_next->spi = ipip_spi; said_next->esatype = ET_IPIP; said_next->text_said = text_said; @@ -1530,6 +1531,7 @@ said_next->dst = &dst.addr; said_next->src_client = &src_client; said_next->dst_client = &dst_client; + said_next->transport_proto = c->spd.this.protocol; said_next->spi = ipcomp_spi; said_next->esatype = ET_IPCOMP; said_next->encalg = compalg; @@ -1742,6 +1744,7 @@ said_next->dst = &dst.addr; said_next->src_client = &src_client; said_next->dst_client = &dst_client; + said_next->transport_proto = c->spd.this.protocol; said_next->spi = esp_spi; said_next->esatype = ET_ESP; said_next->replay_window = kernel_ops->replay_window; @@ -1882,6 +1885,7 @@ said_next->dst = &dst.addr; said_next->src_client = &src_client; said_next->dst_client = &dst_client; + said_next->transport_proto = c->spd.this.protocol; said_next->spi = ah_spi; said_next->esatype = ET_AH; said_next->replay_window = kernel_ops->replay_window; Index: openswan-debian/programs/pluto/kernel.h =================================================================== --- openswan-debian.orig/programs/pluto/kernel.h 2012-06-29 19:15:38.633617434 +0200 +++ openswan-debian/programs/pluto/kernel.h 2012-06-29 19:16:46.829617481 +0200 @@ -79,6 +79,7 @@ ipsec_spi_t spi; unsigned proto; + unsigned int transport_proto; enum eroute_type esatype; unsigned replay_window; unsigned reqid; Index: openswan-debian/programs/pluto/kernel_netlink.c =================================================================== --- openswan-debian.orig/programs/pluto/kernel_netlink.c 2012-06-29 19:16:40.513617529 +0200 +++ openswan-debian/programs/pluto/kernel_netlink.c 2012-06-29 19:16:46.829617481 +0200 @@ -817,6 +817,44 @@ else { req.p.mode = XFRM_MODE_TRANSPORT; + + req.p.sel.sport = portof(&sa->src_client->addr); + req.p.sel.dport = portof(&sa->dst_client->addr); + + /* As per RFC 4301/5996, icmp type is put in the most significant 8 bits + * and icmp code is in the least significant 8 bits of port field. + * Although Openswan does not have any configuration options for + * icmp type/code values, it is possible to specify icmp type and code + * using protoport option. For example, icmp echo request (type 8/code 0) + * needs to be encoded as 0x0800 in the port field and can be specified + * as left/rightprotoport=icmp/2048. Now with NETKEY, icmp type and code + * need to be passed as source and destination ports, respectively. + * therefore, this code extracts upper 8 bits and lower 8 bits and puts + * into source and destination ports before passing to NETKEY. */ + + + if( 1 == sa->transport_proto /*icmp*/ || 58 == sa->transport_proto /*ipv6-icmp*/) { + + u_int16_t icmp_type; + u_int16_t icmp_code; + + icmp_type = ntohs(req.p.sel.sport) >> 8; + icmp_code = ntohs(req.p.sel.sport) & 0xFF; + + req.p.sel.sport = htons(icmp_type); + req.p.sel.dport = htons(icmp_code); + + } + + req.p.sel.sport_mask = (req.p.sel.sport) ? ~0:0; + req.p.sel.dport_mask = (req.p.sel.dport) ? ~0:0; + ip2xfrm(&sa->src_client->addr, &req.p.sel.saddr); + ip2xfrm(&sa->dst_client->addr, &req.p.sel.daddr); + req.p.sel.prefixlen_s = sa->src_client->maskbits; + req.p.sel.prefixlen_d = sa->dst_client->maskbits; + req.p.sel.proto = sa->transport_proto; + req.p.sel.family = sa->src_client->addr.u.v4.sin_family; + } req.p.replay_window = sa->replay_window > 32 ? 32 : sa->replay_window; debian/patches/coding-fixes0000664000000000000000000006117512010653511013125 0ustar Description: Fix some possible problems in code Author: Paul Wouters Origin: upstream git Last-Update: 2012-06-29 Index: openswan-debian/include/alg_info.h =================================================================== --- openswan-debian.orig/include/alg_info.h 2012-06-29 19:15:39.869617493 +0200 +++ openswan-debian/include/alg_info.h 2012-06-29 19:16:40.509617514 +0200 @@ -140,8 +140,7 @@ int alg_info_snprint(char *buf, int buflen , struct alg_info *alg_info, bool permitike); -int alg_info_snprint_esp(char *buf, int buflen, struct alg_info_esp *alg_info); -int alg_info_snprint_ike(char *buf, int buflen, struct alg_info_ike *alg_info); +void alg_info_snprint_ike(char *buf, size_t buflen, struct alg_info_ike *alg_info); #define ALG_INFO_ESP_FOREACH(ai, ai_esp, i) \ for (i=(ai)->alg_info_cnt,ai_esp=(ai)->esp; i--; ai_esp++) #define ALG_INFO_IKE_FOREACH(ai, ai_ike, i) \ Index: openswan-debian/include/ipsecconf/confread.h =================================================================== --- openswan-debian.orig/include/ipsecconf/confread.h 2012-06-29 19:15:39.869617493 +0200 +++ openswan-debian/include/ipsecconf/confread.h 2012-06-29 19:16:40.509617514 +0200 @@ -149,17 +149,6 @@ , bool setuponly); extern struct starter_conn *alloc_add_conn(struct starter_config *cfg , char *name, err_t *perr); -extern int init_load_conn(struct starter_config *cfg - , struct config_parsed *cfgp - , struct section_list *sconn - , bool alsoprocessing - , bool defaultconn - , bool resolvip - , err_t *perr); -extern bool translate_conn (struct starter_conn *conn - , struct section_list *sl - , enum keyword_set assigned_value - , err_t *error); void confread_free(struct starter_config *cfg); Index: openswan-debian/include/ipsecconf/keywords.h =================================================================== --- openswan-debian.orig/include/ipsecconf/keywords.h 2012-06-29 19:16:39.229617823 +0200 +++ openswan-debian/include/ipsecconf/keywords.h 2012-06-29 19:16:40.509617514 +0200 @@ -266,8 +266,6 @@ }; TAILQ_HEAD(starter_comments_list, starter_comments); -extern void move_comment_list(struct starter_comments_list *to, - struct starter_comments_list *from); struct section_list { TAILQ_ENTRY(section_list) link; Index: openswan-debian/lib/libipsecconf/confread.c =================================================================== --- openswan-debian.orig/lib/libipsecconf/confread.c 2012-06-29 19:16:39.229617823 +0200 +++ openswan-debian/lib/libipsecconf/confread.c 2012-06-29 19:16:40.509617514 +0200 @@ -575,6 +575,7 @@ * value is considered acceptable. * @return bool 0 if successfull */ +static bool translate_conn (struct starter_conn *conn , struct section_list *sl , enum keyword_set assigned_value @@ -794,7 +795,7 @@ return err; } - +static void move_comment_list(struct starter_comments_list *to, struct starter_comments_list *from) { @@ -1196,6 +1197,7 @@ return conn; } +static int init_load_conn(struct starter_config *cfg , struct config_parsed *cfgp , struct section_list *sconn Index: openswan-debian/lib/libipsecconf/virtif.c =================================================================== --- openswan-debian.orig/lib/libipsecconf/virtif.c 2012-06-29 19:15:39.869617493 +0200 +++ openswan-debian/lib/libipsecconf/virtif.c 2012-06-29 19:16:40.509617514 +0200 @@ -252,6 +252,9 @@ for (i=0; iip_addr)) { + passert(dstlen > sizeof("%any")); dst[0]='\0'; - strncat(dst, "%any", dstlen); + strncat(dst, "%any", dstlen -1); n = strlen(dst); } else { n = (int)addrtot(&id->ip_addr, 0, dst, dstlen) - 1; Index: openswan-debian/lib/libopenswan/oswlog.c =================================================================== --- openswan-debian.orig/lib/libopenswan/oswlog.c 2012-06-29 19:15:39.869617493 +0200 +++ openswan-debian/lib/libopenswan/oswlog.c 2012-06-29 19:16:40.509617514 +0200 @@ -82,11 +82,11 @@ buf[0] = '\0'; if (reproc) fmt++; /* ~ at start of format suppresses this prefix */ - else if (progname != NULL) + else if (progname != NULL && (strlen(progname)+1+1) < buf_len) { /* start with name of connection */ - strncat(buf, progname, buf_len); - strncat(buf, " ", buf_len); + strncat(buf, progname, buf_len - 1); + strncat(buf, " ", buf_len - 1); } ps = strlen(buf); Index: openswan-debian/lib/libopenswan/x509dn.c =================================================================== --- openswan-debian.orig/lib/libopenswan/x509dn.c 2012-06-29 19:15:39.869617493 +0200 +++ openswan-debian/lib/libopenswan/x509dn.c 2012-06-29 19:16:40.509617514 +0200 @@ -36,7 +36,6 @@ #include "constants.h" #include "oswlog.h" #include "oswalloc.h" -#include "oswlog.h" #include "oswtime.h" #include "mpzfuncs.h" #include "id.h" @@ -1300,7 +1299,7 @@ PRArenaPool *arena; SECStatus retVal = SECSuccess; SECItem nss_n, nss_e, dsig; - SECItem signature, data; + SECItem signature; mpz_t e; mpz_t n; mpz_t s; @@ -1379,10 +1378,6 @@ signature.data = sc.ptr; signature.len = (unsigned int)sc.len; - data.type = siBuffer; - data.data = digest->ptr; - data.len = (unsigned int)digest->len; - dsigc.len = (unsigned int)sc.len; dsigc.ptr = alloc_bytes(dsigc.len, "NSS decrypted signature"); dsig.type = siBuffer; Index: openswan-debian/linux/net/ipsec/addrtot.c =================================================================== --- openswan-debian.orig/linux/net/ipsec/addrtot.c 2012-06-29 19:15:39.869617493 +0200 +++ openswan-debian/linux/net/ipsec/addrtot.c 2012-06-29 19:16:40.509617514 +0200 @@ -81,9 +81,8 @@ n = addrbytesptr(src, &b); if (n == 0) { - bad: dst[0]='\0'; - strncat(dst, "", dstlen); + strncat(dst, "", dstlen -1); /* we hope possible truncation does not cause problems */ return sizeof(""); } @@ -107,7 +106,9 @@ n = reverse6(b, n, buf, &p); break; default: /* including (AF_INET, 'R') */ - goto bad; + dst[0]='\0'; + strncat(dst, "", dstlen - 1); /* we hope possible truncation does not cause problems */ + return sizeof(""); } if (dstlen > 0) { @@ -132,15 +133,15 @@ size_t n; char buf[1+ADDRTOT_BUF+1]; /* :address: */ char *p; + # define TF(t, f) (((t)<<8) | (f)) switch (t) { case AF_INET: n = IP4BYTES; break; case AF_INET6: n = IP6BYTES; break; default: - bad: dst[0]='\0'; - strncat(dst, "", dstlen); + strncat(dst, "", dstlen - 1); /* we hope possible truncation does not cause problems */ return sizeof(""); } @@ -164,7 +165,9 @@ n = reverse6(src, n, buf, &p); break; default: /* including (AF_INET, 'R') */ - goto bad; + dst[0]='\0'; + strncat(dst, "", dstlen - 1); /* we hope possible truncation does not cause problems */ + return sizeof(""); } if (dstlen > 0) { @@ -190,6 +193,7 @@ struct sockaddr_in sin; struct sockaddr_in6 sin6; } *sinp = (const union SINSIN6 *) src; + switch (sinp->sin.sin_family) { case AF_INET: return inet_addrtot(AF_INET,&sinp->sin.sin_addr,format,dst,dstlen); @@ -197,7 +201,7 @@ return inet_addrtot(AF_INET6,&sinp->sin6.sin6_addr,format,dst,dstlen); default: dst[0]='\0'; - strncat(dst, "", dstlen); + strncat(dst, "", dstlen - 1); /* we hope possible truncation does not cause problems */ return sizeof(""); } } Index: openswan-debian/programs/pluto/connections.c =================================================================== --- openswan-debian.orig/programs/pluto/connections.c 2012-06-29 19:16:32.205617479 +0200 +++ openswan-debian/programs/pluto/connections.c 2012-06-29 19:16:40.509617514 +0200 @@ -533,8 +533,7 @@ if (isanyaddr(&this->host_addr)) { if(this->host_type == KH_IPHOSTNAME) { - host=host_space; - strcpy(host_space, "%dns"); + host = strcpy(host_space, "%dns"); dohost_name=TRUE; } else { switch (policy & (POLICY_GROUP | POLICY_OPPO)) @@ -596,13 +595,16 @@ if(dohost_name) { if(this->host_addr_name) { - strncat(host_space, "<", sizeof(host_space)-1); - strncat(host_space, this->host_addr_name, sizeof(host_space)-1); - strncat(host_space, ">", sizeof(host_space)); + size_t icl = strlen(host_space); + int room = sizeof(host_space) - icl - 1; + int needed = snprintf(host_space + icl, room, "<%s>", this->host_addr_name); + + if (needed > room) { + loglog(RC_BADID, "format_end: buffer too small for dohost_name - should not happen\n"); + } } } - host_port[0] = '\0'; if (this->host_port_specific) snprintf(host_port, sizeof(host_port), ":%u" @@ -1138,6 +1140,7 @@ } while (reqid != start); exit_log("unable to allocate reqid"); + return 0; /* never reached, here to make compiler happy */ } void Index: openswan-debian/programs/pluto/crypt_dh.c =================================================================== --- openswan-debian.orig/programs/pluto/crypt_dh.c 2012-06-29 19:15:39.869617493 +0200 +++ openswan-debian/programs/pluto/crypt_dh.c 2012-06-29 19:16:40.509617514 +0200 @@ -165,7 +165,7 @@ dhshared_len = PK11_GetKeyLength(dhshared); if( group->bytes > dhshared_len ) { - DBG(DBG_CRYPT, DBG_log("Dropped %d leading zeros", group->bytes-dhshared_len)); + DBG(DBG_CRYPT, DBG_log("Dropped %lu leading zeros", group->bytes-dhshared_len)); chunk_t zeros; PK11SymKey *newdhshared = NULL; CK_KEY_DERIVATION_STRING_DATA string_params; @@ -1334,7 +1334,7 @@ for(;;) { - PK11SymKey *tkey11,*tkey3;; + PK11SymKey *tkey11,*tkey3; if(vpss.counter[0]== 0x01) { PK11SymKey *tkey2 = pk11_derive_wrapper_osw(tkey1, CKM_XOR_BASE_AND_DATA Index: openswan-debian/programs/pluto/crypt_ke.c =================================================================== --- openswan-debian.orig/programs/pluto/crypt_ke.c 2012-06-29 19:15:39.869617493 +0200 +++ openswan-debian/programs/pluto/crypt_ke.c 2012-06-29 19:16:40.509617514 +0200 @@ -57,6 +57,7 @@ # include # include # include +# include # include "oswconf.h" #endif Index: openswan-debian/programs/pluto/crypto.c =================================================================== --- openswan-debian.orig/programs/pluto/crypto.c 2012-06-29 19:15:39.869617493 +0200 +++ openswan-debian/programs/pluto/crypto.c 2012-06-29 19:16:40.513617529 +0200 @@ -354,13 +354,12 @@ do_3des(u_int8_t *buf, size_t buf_len , u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc) { - des_key_schedule ks[3]; - passert(key != NULL); #ifdef HAVE_LIBNSS do_3des_nss(buf, buf_len, key, key_size, iv, enc); #else + des_key_schedule ks[3]; passert(key_size==(DES_CBC_BLOCK_SIZE * 3)); Index: openswan-debian/programs/pluto/fetch.c =================================================================== --- openswan-debian.orig/programs/pluto/fetch.c 2012-06-29 19:15:39.869617493 +0200 +++ openswan-debian/programs/pluto/fetch.c 2012-06-29 19:16:40.513617529 +0200 @@ -710,7 +710,7 @@ unlock_ocsp_fetch_list("fetch_ocsp"); } -static void* +static void fetch_thread(void *arg UNUSED) { struct timespec wait_interval; Index: openswan-debian/programs/pluto/ike_alg_status.c =================================================================== --- openswan-debian.orig/programs/pluto/ike_alg_status.c 2012-06-29 19:15:39.869617493 +0200 +++ openswan-debian/programs/pluto/ike_alg_status.c 2012-06-29 19:16:40.513617529 +0200 @@ -104,7 +104,7 @@ , instance , buf); - alg_info_snprint_ike(buf, sizeof(buf)-1, c->alg_info_ike); + alg_info_snprint_ike(buf, sizeof(buf), c->alg_info_ike); whack_log(RC_COMMENT , "\"%s\"%s: IKE algorithms found: %s" , c->name Index: openswan-debian/programs/pluto/ikev2_child.c =================================================================== --- openswan-debian.orig/programs/pluto/ikev2_child.c 2012-06-29 19:15:39.869617493 +0200 +++ openswan-debian/programs/pluto/ikev2_child.c 2012-06-29 19:16:40.513617529 +0200 @@ -64,6 +64,7 @@ #include "virtual.h" #include "hostpair.h" +#if 0 static void print_ikev2_ts(struct traffic_selector *ts){ char lbx[ADDRTOT_BUF]; char hbx[ADDRTOT_BUF]; @@ -79,6 +80,7 @@ DBG_log("ip high: %s", hbx); DBG_log("PAUL marker ------------------------"); } +#endif void ikev2_print_ts(struct traffic_selector *ts){ char lbx[ADDRTOT_BUF]; @@ -495,7 +497,6 @@ { unsigned int tsi_ni, tsr_ni; int bestfit = -1; - int best_tsr, best_tsi; struct end *ei, *er; if(role == INITIATOR) { @@ -595,8 +596,6 @@ ); if(fitbits > bestfit) { - best_tsi = tsi_ni; - best_tsr = tsr_ni; bestfit = fitbits; } } Index: openswan-debian/programs/pluto/ikev2_parent.c =================================================================== --- openswan-debian.orig/programs/pluto/ikev2_parent.c 2012-06-29 19:15:39.869617493 +0200 +++ openswan-debian/programs/pluto/ikev2_parent.c 2012-06-29 19:16:40.513617529 +0200 @@ -2100,7 +2100,6 @@ struct payload_digest *const tsi_pd = md->chain[ISAKMP_NEXT_v2TSi]; struct payload_digest *const tsr_pd = md->chain[ISAKMP_NEXT_v2TSr]; struct traffic_selector tsi[16], tsr[16]; - int tsc=0; #if 0 bool instantiate = FALSE; ip_subnet tsi_subnet, tsr_subnet; @@ -2317,7 +2316,7 @@ n_hdr.isa_np = ISAKMP_NEXT_v2N; n_hdr.isa_flags &= ~ISAKMP_FLAGS_I; n_hdr.isa_flags |= ISAKMP_FLAGS_R; -#warning check msgid code here + // PAUL: shouldn't we set n_hdr.isa_msgid = [htonl](p1st->st_msgid); if (!out_struct(&n_hdr, &isakmp_hdr_desc, &reply, &rbody)) { Index: openswan-debian/programs/pluto/kernel_netlink.c =================================================================== --- openswan-debian.orig/programs/pluto/kernel_netlink.c 2012-06-29 19:15:39.869617493 +0200 +++ openswan-debian/programs/pluto/kernel_netlink.c 2012-06-29 19:16:40.513617529 +0200 @@ -1117,6 +1117,8 @@ { struct sadb_alg alg; + alg.sadb_alg_reserved = 0; + alg.sadb_alg_ivlen = 8; alg.sadb_alg_minbits = 128; alg.sadb_alg_maxbits = 256; Index: openswan-debian/programs/pluto/ocsp.c =================================================================== --- openswan-debian.orig/programs/pluto/ocsp.c 2012-06-29 19:15:39.869617493 +0200 +++ openswan-debian/programs/pluto/ocsp.c 2012-06-29 19:16:40.513617529 +0200 @@ -1652,7 +1652,8 @@ plog("ocsp response contains no nonce, replay attack possible"); } /* check if the nonce is identical */ - if (res.nonce.ptr != NULL && !same_chunk(res.nonce, location->nonce)) + if (location->nonce.ptr != NULL && res.nonce.ptr != NULL + && !same_chunk(res.nonce, location->nonce)) { plog("invalid nonce in ocsp response"); return; Index: openswan-debian/programs/pluto/plutoalg.c =================================================================== --- openswan-debian.orig/programs/pluto/plutoalg.c 2012-06-29 19:15:39.869617493 +0200 +++ openswan-debian/programs/pluto/plutoalg.c 2012-06-29 19:16:40.513617529 +0200 @@ -186,8 +186,8 @@ * print which ESP algorithm has actually been selected, based upon which * ones are actually loaded. */ -int -alg_info_snprint_esp(char *buf, int buflen, struct alg_info_esp *alg_info) +static void +alg_info_snprint_esp(char *buf, size_t buflen, struct alg_info_esp *alg_info) { char *ptr=buf; int ret; @@ -196,9 +196,11 @@ int eklen, aklen; const char *sep=""; - ptr=buf; + passert(buflen >= sizeof("none")); - buf[0]=0; strncat(buf, "none", buflen); + ptr=buf; + buf[0]=0; + strncat(buf, "none", buflen - 1); ALG_INFO_ESP_FOREACH(alg_info, esp_info, cnt) { if (kernel_alg_esp_enc_ok(esp_info->esp_ealg_id, 0, NULL)) { @@ -224,21 +226,23 @@ , esp_info->esp_ealg_id, eklen , enum_name(&auth_alg_names, esp_info->esp_aalg_id) + (esp_info->esp_aalg_id ? sizeof("AUTH_ALGORITHM_HMAC") : sizeof("AUTH_ALGORITHM")) , esp_info->esp_aalg_id, aklen); + + if ( ret < 0 || (size_t)ret >= buflen) { + DBG_log("alg_info_snprint_esp: buffer too short for snprintf"); + break; + } ptr+=ret; buflen-=ret; - if (buflen<0) break; - sep = ", "; } - return ptr-buf; } /* * print which AH algorithm has actually been selected, based upon which * ones are actually loaded. */ -int -alg_info_snprint_ah(char *buf, int buflen, struct alg_info_esp *alg_info) +static void +alg_info_snprint_ah(char *buf, size_t buflen, struct alg_info_esp *alg_info) { char *ptr=buf; int ret; @@ -247,9 +251,11 @@ int aklen; const char *sep=""; + passert(buflen >= sizeof("none")); ptr=buf; - buf[0]=0; strncat(buf, "none", buflen); + buf[0]=0; + strncat(buf, "none", buflen - 1); ALG_INFO_ESP_FOREACH(alg_info, esp_info, cnt) { @@ -266,23 +272,27 @@ , sep , enum_name(&auth_alg_names, esp_info->esp_aalg_id)+sizeof("AUTH_ALGORITHM_HMAC") , esp_info->esp_aalg_id, aklen); + + if ( ret < 0 || (size_t)ret >= buflen) { + DBG_log("alg_info_snprint_ah: buffer too short for snprintf"); + break; + } ptr+=ret; buflen-=ret; - if (buflen<0) break; - sep = ", "; } - return ptr-buf; } -int -alg_info_snprint_phase2(char *buf, int buflen, struct alg_info_esp *alg_info) +void +alg_info_snprint_phase2(char *buf, size_t buflen, struct alg_info_esp *alg_info) { switch(alg_info->alg_info_protoid) { case PROTO_IPSEC_ESP: - return alg_info_snprint_esp(buf, buflen, alg_info); + alg_info_snprint_esp(buf, buflen, alg_info); + return; case PROTO_IPSEC_AH: - return alg_info_snprint_ah(buf, buflen, alg_info); + alg_info_snprint_ah(buf, buflen, alg_info); + return; default: bad_case(alg_info->alg_info_protoid); } @@ -304,8 +314,8 @@ return buf; } -int -alg_info_snprint_ike(char *buf, int buflen, struct alg_info_ike *alg_info) +void +alg_info_snprint_ike(char *buf, size_t buflen, struct alg_info_ike *alg_info) { char *ptr=buf; int ret; @@ -316,6 +326,7 @@ struct encrypt_desc *enc_desc; struct hash_desc *hash_desc; + ALG_INFO_IKE_FOREACH(alg_info, ike_info, cnt) { if (ike_alg_enc_present(ike_info->ike_ealg) && (ike_alg_hash_present(ike_info->ike_halg)) @@ -340,14 +351,14 @@ , ike_info->ike_halg, aklen , enum_name(&oakley_group_names, ike_info->ike_modp)+sizeof("OAKLEY_GROUP") , ike_info->ike_modp); + if ( ret < 0 || (size_t)ret >= buflen) { + DBG_log("alg_info_snprint_ike: buffer too short for snprintf"); + break; + } ptr+=ret; buflen-=ret; - if (buflen<0) break; - - sep = ", "; } } - return ptr-buf; } /* Index: openswan-debian/programs/pluto/plutoalg.h =================================================================== --- openswan-debian.orig/programs/pluto/plutoalg.h 2012-06-29 19:15:39.869617493 +0200 +++ openswan-debian/programs/pluto/plutoalg.h 2012-06-29 19:16:40.513617529 +0200 @@ -13,9 +13,6 @@ extern struct alg_info_ike * alg_info_ike_create_from_str (const char *alg_str, const char **err_p); -extern int alg_info_snprint_ah(char *buf, int buflen - , struct alg_info_esp *alg_info); - -extern int alg_info_snprint_phase2(char *buf, int buflen +extern void alg_info_snprint_phase2(char *buf, size_t buflen , struct alg_info_esp *alg_info); Index: openswan-debian/programs/pluto/pluto_crypt.c =================================================================== --- openswan-debian.orig/programs/pluto/pluto_crypt.c 2012-06-29 19:15:39.869617493 +0200 +++ openswan-debian/programs/pluto/pluto_crypt.c 2012-06-29 19:16:40.513617529 +0200 @@ -739,7 +739,7 @@ r = &reqbuf[0]; if(r->pcr_len > sizeof(reqbuf)) { - loglog(RC_LOG_SERIOUS, "helper(%d) pid=%d screwed up length: %lu > %lu, killing it" + loglog(RC_LOG_SERIOUS, "helper(%d) pid=%lu screwed up length: %lu > %lu, killing it" , w->pcw_helpernum , w->pcw_pid, (unsigned long)r->pcr_len , (unsigned long)sizeof(reqbuf)); @@ -994,7 +972,7 @@ , int status) { if(w->pcw_pipe) { - loglog(RC_LOG_SERIOUS, "closing helper(%u) pid=%d fd=%d exit=%d" + loglog(RC_LOG_SERIOUS, "closing helper(%u) pid=%lu fd=%d exit=%d" , w->pcw_helpernum, w->pcw_pid, w->pcw_pipe, status); close(w->pcw_pipe); } Index: openswan-debian/programs/pluto/xauth.c =================================================================== --- openswan-debian.orig/programs/pluto/xauth.c 2012-06-29 19:16:32.205617479 +0200 +++ openswan-debian/programs/pluto/xauth.c 2012-06-29 19:16:40.513617529 +0200 @@ -2307,8 +2307,12 @@ break; case XAUTH_MESSAGE: - if(len > 80) len=80; - memcpy(msgbuf, dat, len); + if(len > 80) { + len=80; + } + if(dat) { + memcpy(msgbuf, dat, len); + } msgbuf[len]='\0'; loglog(RC_LOG_SERIOUS, "XAUTH: Bad Message: %s", msgbuf); break; Index: openswan-debian/lib/libipsecconf/starterwhack.c =================================================================== --- openswan-debian.orig/lib/libipsecconf/starterwhack.c 2012-06-29 19:15:39.869617493 +0200 +++ openswan-debian/lib/libipsecconf/starterwhack.c 2012-06-29 19:16:40.513617529 +0200 @@ -74,8 +74,8 @@ } int starter_whack_read_reply(int sock, - char xauthname[128], - char xauthpass[128], + char xauthname[XAUTH_MAX_NAME_LENGTH], + char xauthpass[XAUTH_MAX_PASS_LENGTH], int xauthnamelen, int xauthpasslen) { @@ -144,7 +144,11 @@ case RC_ENTERSECRET: if(xauthpasslen==0) { xauthpasslen = whack_get_secret(xauthpass - , sizeof(xauthpass)); + , XAUTH_MAX_PASS_LENGTH); + } + if (xauthpasslen > XAUTH_MAX_PASS_LENGTH) { /* for input >= 128, xauthpasslen would be 129 */ + xauthpasslen = XAUTH_MAX_PASS_LENGTH; + starter_log(LOG_LEVEL_ERR, "xauth password cannot be >= %d chars", XAUTH_MAX_PASS_LENGTH); } ret=send_reply(sock, xauthpass, xauthpasslen); if(ret!=0) return ret; @@ -153,7 +157,11 @@ case RC_XAUTHPROMPT: if(xauthnamelen==0) { xauthnamelen = whack_get_value(xauthname - , sizeof(xauthname)); + , XAUTH_MAX_NAME_LENGTH); + } + if (xauthnamelen > XAUTH_MAX_NAME_LENGTH) { /* for input >= 128, xauthnamelen would be 129 */ + xauthnamelen = XAUTH_MAX_NAME_LENGTH; + starter_log(LOG_LEVEL_ERR, "xauth name cannot be >= %s chars", XAUTH_MAX_NAME_LENGTH); } ret=send_reply(sock, xauthname, xauthnamelen); if(ret!=0) return ret; @@ -232,8 +240,8 @@ * read reply */ { - char xauthname[128]; - char xauthpass[128]; + char xauthname[XAUTH_MAX_NAME_LENGTH]; + char xauthpass[XAUTH_MAX_PASS_LENGTH]; ret = starter_whack_read_reply(sock, xauthname,xauthpass,0,0); close(sock); Index: openswan-debian/include/pluto_constants.h =================================================================== --- openswan-debian.orig/include/pluto_constants.h 2012-06-29 19:15:39.869617493 +0200 +++ openswan-debian/include/pluto_constants.h 2012-06-29 19:16:40.513617529 +0200 @@ -666,5 +666,8 @@ PPK_XAUTH=5, }; +#define XAUTH_PROMPT_TRIES 3 +#define XAUTH_MAX_NAME_LENGTH 128 +#define XAUTH_MAX_PASS_LENGTH 128 Index: openswan-debian/programs/pluto/xauth.h =================================================================== --- openswan-debian.orig/programs/pluto/xauth.h 2012-06-29 19:15:39.869617493 +0200 +++ openswan-debian/programs/pluto/xauth.h 2012-06-29 19:16:40.513617529 +0200 @@ -55,6 +55,3 @@ extern oakley_auth_t xauth_calcbaseauth(oakley_auth_t baseauth); extern stf_status modecfg_send_request(struct state *st); -/* How many times can remote users try to login ? */ -#define XAUTH_PROMPT_TRIES 3 - debian/patches/plutostderrlogtime0000664000000000000000000002674712010653511014524 0ustar Description: Add plutostderrlogtime to options Author: Paul Wouters Origin: upstream git Last-Update: 2012-06-27 Index: openswan-debian/include/ipsecconf/keywords.h =================================================================== --- openswan-debian.orig/include/ipsecconf/keywords.h 2012-06-29 19:15:40.605617489 +0200 +++ openswan-debian/include/ipsecconf/keywords.h 2012-06-29 19:16:39.229617823 +0200 @@ -67,6 +67,7 @@ KBF_HIDETOS, KBF_UNIQUEIDS, KBF_PLUTOWAIT, + KBF_PLUTOSTDERRLOGTIME, KBF_OVERRIDEMTU, KBF_CONNMTU, KBF_STRICTCRLPOLICY, Index: openswan-debian/lib/libipsecconf/confread.c =================================================================== --- openswan-debian.orig/lib/libipsecconf/confread.c 2012-06-29 19:15:40.605617489 +0200 +++ openswan-debian/lib/libipsecconf/confread.c 2012-06-29 19:16:39.229617823 +0200 @@ -65,6 +65,7 @@ cfg->setup.options[KBF_FRAGICMP] = TRUE; cfg->setup.options[KBF_HIDETOS] = TRUE; cfg->setup.options[KBF_PLUTORESTARTONCRASH] = TRUE; + cfg->setup.options[KBF_PLUTOSTDERRLOGTIME] = FALSE; cfg->setup.options[KBF_UNIQUEIDS]= TRUE; #ifdef NAT_TRAVERSAL cfg->setup.options[KBF_DISABLEPORTFLOATING]= FALSE; Index: openswan-debian/lib/libipsecconf/keywords.c =================================================================== --- openswan-debian.orig/lib/libipsecconf/keywords.c 2012-06-29 19:15:40.605617489 +0200 +++ openswan-debian/lib/libipsecconf/keywords.c 2012-06-29 19:16:39.229617823 +0200 @@ -339,6 +339,7 @@ #endif {"plutoopts", kv_config, kt_string, KSF_PLUTOOPTS,NOT_ENUM}, {"plutostderrlog", kv_config, kt_filename, KSF_PLUTOSTDERRLOG,NOT_ENUM}, + {"plutostderrlogtime", kv_config, kt_bool, KBF_PLUTOSTDERRLOGTIME,NOT_ENUM}, {"plutorestartoncrash", kv_config, kt_bool, KBF_PLUTORESTARTONCRASH,NOT_ENUM}, {"dumpdir", kv_config, kt_dirname, KSF_DUMPDIR,NOT_ENUM}, {"manualstart", kv_config, kt_string, KSF_MANUALSTART,NOT_ENUM}, Index: openswan-debian/programs/_confread/d.ipsec.conf/order.txt =================================================================== --- openswan-debian.orig/programs/_confread/d.ipsec.conf/order.txt 2012-06-29 19:15:40.605617489 +0200 +++ openswan-debian/programs/_confread/d.ipsec.conf/order.txt 2012-06-29 19:16:39.229617823 +0200 @@ -84,6 +84,7 @@ d.ipsec.conf/plutorestartoncrash.xml d.ipsec.conf/plutoopts.xml d.ipsec.conf/plutostderrlog.xml +d.ipsec.conf/plutostderrlogtime.xml d.ipsec.conf/pluto.xml d.ipsec.conf/plutowait.xml d.ipsec.conf/prepluto.xml Index: openswan-debian/programs/_confread/d.ipsec.conf/plutostderrlogtime.xml =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ openswan-debian/programs/_confread/d.ipsec.conf/plutostderrlogtime.xml 2012-06-29 19:16:39.229617823 +0200 @@ -0,0 +1,15 @@ + + plutostderrlogtime + +Whether pluto logs messages with the current timestamp as prefix. This +might be desired when using plutostderrlog=, +which per default does not log timestamps, as the output is used for +the test suite and would have to be filtered out. +Values are +no(the default) +or +yes +. + + + Index: openswan-debian/programs/_plutorun/_plutorun.in =================================================================== --- openswan-debian.orig/programs/_plutorun/_plutorun.in 2012-06-29 19:15:40.605617489 +0200 +++ openswan-debian/programs/_plutorun/_plutorun.in 2012-06-29 19:16:39.229617823 +0200 @@ -19,6 +19,7 @@ popts= stderrlog= +plutostderrlogtime= showonly= plutorestartoncrash=true @@ -47,6 +48,7 @@ --dump) dumpdir="$2" ; shift ;; --opts) popts="$2" ; shift ;; --stderrlog) stderrlog="$2" ; shift ;; + --plutostderrlogtime) plutostderrlogtime="$2" ; shift ;; --wait) plutowait="$2" ; shift ;; --show) show="--show" ; shift ;; --showonly) showonly="true" ;; @@ -124,6 +126,11 @@ no|'') ;; *) echo "unknown disable_port_floating (not yes/no) \`$disable_port_floating'" ;; esac +case "$plutostderrlogtime" in +yes) popts="$popts --plutostderrlogtime" ;; +no|'') ;; +*) echo "unknown plutostderrlogtime (not yes/no) \`$plutostderrlogtime'" ;; +esac [ -n "$virtual_private" ] && popts="$popts --virtual_private $virtual_private" [ -n "$listen" ] && popts="$popts --listen $listen" Index: openswan-debian/programs/_realsetup.bsd/_realsetup.in =================================================================== --- openswan-debian.orig/programs/_realsetup.bsd/_realsetup.in 2012-06-29 19:15:40.605617489 +0200 +++ openswan-debian/programs/_realsetup.bsd/_realsetup.in 2012-06-29 19:16:39.229617823 +0200 @@ -241,6 +241,7 @@ --dump "\"$IPSECdumpdir\"" \ --opts "\"$IPSECplutoopts\"" \ --stderrlog "\"$IPSECplutostderrlog\"" \ + --plutostderrlogtime "\"$IPSECplutostderrlogtime\"" \ --wait "\"$IPSECplutowait\"" \ --pre "\"$IPSECprepluto\"" \ --post "\"$IPSECpostpluto\"" \ Index: openswan-debian/programs/_realsetup/_realsetup.in =================================================================== --- openswan-debian.orig/programs/_realsetup/_realsetup.in 2012-06-29 19:15:40.605617489 +0200 +++ openswan-debian/programs/_realsetup/_realsetup.in 2012-06-29 19:16:39.229617823 +0200 @@ -72,6 +72,7 @@ IPSECdisable_port_floating=${IPSECdisable_port_floating:-no} IPSECcrlcheckinterval=${IPSECcrlcheckinterval:-0} IPSECprotostack=${IPSECprotostack:-auto} +IPSECplutostderrlogtime=${IPSECplutostderrlogtime:-no} # IPSECoverridemtu "" # set defaults @@ -330,6 +331,7 @@ --opts "\"$IPSECplutoopts\"" \ --stderrlog "\"$IPSECplutostderrlog\"" \ --wait "\"$IPSECplutowait\"" \ + --plutostderrlogtime "\"$IPSECplutostderrlogtime\"" \ --pre "\"$IPSECprepluto\"" \ --post "\"$IPSECpostpluto\"" \ --log "\"$IPSECsyslog\"" $plutorestartoncrash \ Index: openswan-debian/programs/pluto/log.c =================================================================== --- openswan-debian.orig/programs/pluto/log.c 2012-06-29 19:15:40.605617489 +0200 +++ openswan-debian/programs/pluto/log.c 2012-06-29 19:16:39.229617823 +0200 @@ -3,7 +3,7 @@ * Copyright (C) 1998-2001 D. Hugh Redelmeier. * Copyright (C) 2005-2007 Michael Richardson * Copyright (C) 2006-2010 Bart Trojanowski - * Copyright (C) 2008-2010 Paul Wouters + * Copyright (C) 2008-2012 Paul Wouters * Copyright (C) 2008-2010 David McCullough. * * This program is free software; you can redistribute it and/or modify it @@ -71,7 +71,9 @@ log_to_stderr = TRUE, /* should log go to stderr? */ log_to_syslog = TRUE, /* should log go to syslog? */ log_to_perpeer= FALSE, /* should log go to per-IP file? */ - log_did_something=TRUE; /* set if we wrote something recently */ + log_did_something=TRUE, /* set if we wrote something recently */ + log_with_timestamp= FALSE; /* some people want timestamps, but we + don't want those in our test output */ bool @@ -421,8 +423,19 @@ log_did_something=TRUE; - if (log_to_stderr) - fprintf(stderr, "%s\n", m); + if (log_to_stderr) { + if (log_with_timestamp) { + struct tm *timeinfo; + char fmt[32]; + time_t rtime; + time(&rtime); + timeinfo = localtime (&rtime); + strftime (fmt,sizeof(fmt),"%b %e %T",timeinfo); + fprintf(stderr, "%s: %s\n", fmt, m); + } else { + fprintf(stderr, "%s\n", m); + } + } if (log_to_syslog) syslog(LOG_WARNING, "%s", m); if (log_to_perpeer) @@ -445,8 +458,19 @@ log_did_something=TRUE; - if (log_to_stderr) - fprintf(stderr, "%s\n", m); + if (log_to_stderr) { + if (log_with_timestamp) { + struct tm *timeinfo; + char fmt[32]; + time_t rtime; + time(&rtime); + timeinfo = localtime (&rtime); + strftime (fmt,sizeof(fmt),"%b %e %T",timeinfo); + fprintf(stderr, "%s: %s\n", fmt, m); + } else { + fprintf(stderr, "%s\n", m); + } + } if (log_to_syslog) syslog(LOG_WARNING, "%s", m); if (log_to_perpeer) @@ -701,8 +725,19 @@ /* then sanitize anything else that is left. */ (void)sanitize_string(m, sizeof(m)); - if (log_to_stderr) - fprintf(stderr, "%c %s\n", debug_prefix, m); + if (log_to_stderr) { + if (log_with_timestamp) { + struct tm *timeinfo; + char fmt[32]; + time_t rtime; + time(&rtime); + timeinfo = localtime (&rtime); + strftime (fmt,sizeof(fmt),"%b %e %T",timeinfo); + fprintf(stderr, "%c %s: %s\n", debug_prefix, fmt, m); + } else { + fprintf(stderr, "%c %s\n", debug_prefix, m); + } + } if (log_to_syslog) syslog(LOG_DEBUG, "%c %s", debug_prefix, m); if (log_to_perpeer) { Index: openswan-debian/programs/pluto/log.h =================================================================== --- openswan-debian.orig/programs/pluto/log.h 2012-06-29 19:15:40.605617489 +0200 +++ openswan-debian/programs/pluto/log.h 2012-06-29 19:16:39.229617823 +0200 @@ -27,7 +27,8 @@ extern bool log_to_stderr, /* should log go to stderr? */ log_to_syslog, /* should log go to syslog? */ - log_to_perpeer; /* should log go to per-IP file? */ + log_to_perpeer, /* should log go to per-IP file? */ + log_with_timestamp; /* prefix timestamp */ extern bool log_did_something; /* set if we should log time again to debug*/ Index: openswan-debian/programs/pluto/plutomain.c =================================================================== --- openswan-debian.orig/programs/pluto/plutomain.c 2012-06-29 19:15:40.605617489 +0200 +++ openswan-debian/programs/pluto/plutomain.c 2012-06-29 19:16:39.229617823 +0200 @@ -140,6 +140,7 @@ " \\\n\t" "[--nofork]" " [--stderrlog]" + " [--plutostderrlogtime]" " [--force_busy]" " [--nocrsend]" " [--strictcrlpolicy]" @@ -306,6 +307,7 @@ char **global_argv; int global_argc; bool log_to_stderr_desired = FALSE; +bool log_with_timestamp_desired = FALSE; #ifdef HAVE_LABELED_IPSEC u_int16_t secctx_attr_value=SECCTX; @@ -374,6 +376,7 @@ { "optionsfrom", required_argument, NULL, '+' }, { "nofork", no_argument, NULL, 'd' }, { "stderrlog", no_argument, NULL, 'e' }, + { "plutostderrlogtime", no_argument, NULL, 't' }, { "noklips", no_argument, NULL, 'n' }, { "use-nostack", no_argument, NULL, 'n' }, { "use-none", no_argument, NULL, 'n' }, @@ -544,6 +547,10 @@ log_to_stderr_desired = TRUE; continue; + case 't': /* --plutostderrlogtime */ + log_with_timestamp_desired = TRUE; + continue; + case 'G': /* --use-auto */ kern_interface = AUTO_PICK; continue; @@ -749,9 +756,12 @@ /* select between logging methods */ - if (log_to_stderr_desired) + if (log_to_stderr_desired) { log_to_syslog = FALSE; - else + if (log_with_timestamp_desired) + log_with_timestamp = TRUE; + } + else log_to_stderr = FALSE; #ifdef DEBUG Index: openswan-debian/programs/pluto/server.h =================================================================== --- openswan-debian.orig/programs/pluto/server.h 2012-06-29 19:15:40.605617489 +0200 +++ openswan-debian/programs/pluto/server.h 2012-06-29 19:16:39.229617823 +0200 @@ -19,6 +19,7 @@ extern bool no_retransmits; extern bool log_to_stderr_desired; +extern bool log_with_timestamp_desired; extern int ctl_fd; /* file descriptor of control (whack) socket */ extern struct sockaddr_un ctl_addr; /* address of control (whack) socket */ debian/patches/ipsec.conf.5_confread-linebreak0000664000000000000000000000366612010653511016534 0ustar Description: Fix manpage to allow line break Author: Harald Jenny Forwarded: no Last-Update: 2012-01-01 Index: openswan-debian/programs/_confread/ipsec.conf.5 =================================================================== --- openswan-debian.orig/programs/_confread/ipsec.conf.5 2012-06-29 19:15:42.673617523 +0200 +++ openswan-debian/programs/_confread/ipsec.conf.5 2012-06-29 19:16:30.145617488 +0200 @@ -1070,7 +1070,7 @@ and IPv6 is denoted as \fI%v6:aaaa::bbbb:cccc:dddd:eeee/mm\fR\&. One can exclude subnets by using the \fB!\fR\&. For example, if the VPN server is giving access to 192\&.168\&.1\&.0/24, this option should be set to: -\fIvirtual_private=%v4:10\&.0\&.0\&.0/8,%v4:192\&.168\&.0\&.0/16,%v4:172\&.16\&.0\&.0/12,%v4:!192\&.168\&.1\&.0/24\fR\&. This parameter is only needed on the server side and not on the client side that resides behind the NAT router, as the client will just use its IP address for the inner IP setting\&. This parameter may eventually become per\-connection\&. See also +\fIvirtual_private=\:%v4:10\&.0\&.0\&.0/8,\:%v4:192\&.168\&.0\&.0/16,\:%v4:172\&.16\&.0\&.0/12,\:%v4:!192\&.168\&.1\&.0/24\fR\&. This parameter is only needed on the server side and not on the client side that resides behind the NAT router, as the client will just use its IP address for the inner IP setting\&. This parameter may eventually become per\-connection\&. See also \fBleftsubnet=\fR .sp Note: It seems that T\-Mobile in the US and Rogers/Fido in Canada have started using 25\&.0\&.0\&.0/8 as their pre\-NAT range\&. This range technically belows to the Defence Interoperable Network Services Authority (DINSA), an agency of the Ministry of Defence of the United Kingdom\&. The network range seems to not have been announced for decades, which is probably why these organisasions "borrowed" this range\&. To support roadwarriors on these 3G networks, you might have to add it to the virtual_private= line\&. debian/patches/cisco-issues-fix0000664000000000000000000001245112010653511013734 0ustar Description: Fix problems with Cisco peers Author: Paul Wouters Origin: upstream git Last-Update: 2012-06-21 Index: openswan-debian/programs/pluto/connections.c =================================================================== --- openswan-debian.orig/programs/pluto/connections.c 2012-06-29 19:15:41.205617489 +0200 +++ openswan-debian/programs/pluto/connections.c 2012-06-29 19:16:32.205617479 +0200 @@ -222,7 +222,7 @@ pfreeany(e->host_addr_name); } -static void +void delete_sr(struct connection *c, struct spd_route *sr) { delete_end(c, sr, &sr->this); Index: openswan-debian/programs/pluto/connections.h =================================================================== --- openswan-debian.orig/programs/pluto/connections.h 2012-06-29 19:15:41.205617489 +0200 +++ openswan-debian/programs/pluto/connections.h 2012-06-29 19:16:32.205617479 +0200 @@ -321,6 +321,7 @@ extern void delete_connection(struct connection *c, bool relations); extern void delete_connections_by_name(const char *name, bool strict); extern void delete_every_connection(void); +extern void delete_sr(struct connection *c, struct spd_route *sr); extern char *add_group_instance(struct connection *group, const ip_subnet *target); extern void remove_group_instance(const struct connection *group, const char *name); extern void release_dead_interfaces(void); Index: openswan-debian/programs/pluto/xauth.c =================================================================== --- openswan-debian.orig/programs/pluto/xauth.c 2012-06-29 19:15:41.205617489 +0200 +++ openswan-debian/programs/pluto/xauth.c 2012-06-29 19:16:32.205617479 +0200 @@ -1785,7 +1785,9 @@ , caddr); if(addrbytesptr(&c->spd.this.host_srcip, NULL) == 0 - || isanyaddr(&c->spd.this.host_srcip)) { + || isanyaddr(&c->spd.this.host_srcip) + || c->remotepeertype == CISCO ) { + /*with remotepeertype == CISCO, overwrite the previous address with the new received address*/ openswan_log("setting ip source address to %s" , caddr); c->spd.this.host_srcip = a; @@ -1835,7 +1837,11 @@ { /* concatenate new IP address string on end of * existing string, separated by ' '. + * concatenate only if the received DNS is not + * already present in the current string. */ + + if( !strstr(c->cisco_dns_info, caddr) ) { size_t sz_old = strlen(old); size_t sz_added = strlen(caddr) + 1; char *new = alloc_bytes(sz_old + 1 + sz_added, "cisco_dns_info+"); @@ -1847,6 +1853,7 @@ pfree(old); } } + } DBG_log("Cisco DNS info: %s, len=%zd", st->st_connection->cisco_dns_info, strlen(st->st_connection->cisco_dns_info)); } @@ -1860,18 +1867,22 @@ break; case CISCO_BANNER: + /*if received again, free the previous and create the new one*/ + pfreeany(st->st_connection->cisco_banner); st->st_connection->cisco_banner = cisco_stringify(&strattr,"Cisco Banner"); resp |= LELEM(attr.isaat_af_type); break; case CISCO_DEF_DOMAIN: + /*if received again, free the previous one and create the new one*/ + pfreeany(st->st_connection->cisco_domain_info); st->st_connection->cisco_domain_info = cisco_stringify(&strattr,"Cisco Domain"); resp |= LELEM(attr.isaat_af_type); break; case CISCO_SPLIT_INC: { - struct spd_route *tmp_spd; + struct spd_route *tmp_spd, *tmp_spd1; ip_address a; char caddr[SUBNETTOT_BUF]; size_t len = pbs_left(&strattr); @@ -1884,6 +1895,18 @@ tmp_spd2->that.has_client_wildcard = FALSE; } + /* receiving remote subnets information again + * free the previous ones before proceeding. + */ + tmp_spd = tmp_spd2->next; + tmp_spd2->next = NULL; + while(tmp_spd ) { + delete_sr(c, tmp_spd); + tmp_spd1 = tmp_spd->next; + pfree(tmp_spd); + tmp_spd = tmp_spd1; + } + while (len > 0) { u_int32_t *ap; tmp_spd = clone_thing(c->spd, "remote subnets policies"); Index: openswan-debian/programs/_updown.netkey/_updown.netkey.in =================================================================== --- openswan-debian.orig/programs/_updown.netkey/_updown.netkey.in 2012-06-29 19:15:41.205617489 +0200 +++ openswan-debian/programs/_updown.netkey/_updown.netkey.in 2012-06-29 19:16:32.205617479 +0200 @@ -188,6 +188,14 @@ ip route flush cache } +downrule() { + if [ -n "$PLUTO_MY_SOURCEIP" ] + then + doroute del + ip route flush cache + fi +} + updateresolvconf() { if [ -n "$PLUTO_CISCO_DNS_INFO" ]; then if [ -n "`pidof unbound`" -a -n "$PLUTO_CISCO_DOMAIN_INFO" ]; then @@ -457,6 +465,7 @@ ;; down-host) # connection to me going down + downrule # If you are doing a custom version, firewall commands go here. ;; up-client) @@ -465,6 +474,7 @@ ;; down-client) # connection to my client subnet going down + downrule # If you are doing a custom version, firewall commands go here. ;; updateresolvconf-host|updateresolvconf-client) debian/patches/pluto.8-linebreak0000664000000000000000000000440712010653511014004 0ustar Description: Fix manpage to allow line break Author: Jari Aalto Forwarded: no Last-Update: 2012-01-01 Index: openswan-debian/programs/pluto/pluto.8 =================================================================== --- openswan-debian.orig/programs/pluto/pluto.8 2012-06-29 19:15:44.105617493 +0200 +++ openswan-debian/programs/pluto/pluto.8 2012-06-29 19:16:27.733617434 +0200 @@ -44,7 +44,7 @@ .br .br -[\-\-tunnel] [\-\-psk] [\-\-rsasig] [\-\-encrypt] [\-\-authenticate] [\-\-compress] [\-\-pfs] [\-\-pfsgroup\ [modp1024]\ |\ [modp1536]\ |\ [modp2048]\ |\ [modp3072]\ |\ [modp4096]\ |\ [modp6144]\ |\ [modp8192]] [\-\-disablearrivalcheck] [\-\-ikelifetime\ \fIseconds\fR] [\-\-ipseclifetime\ \fIseconds\fR] [\-\-rekeymargin\ \fIseconds\fR] [\-\-rekeyfuzz\ \fIpercentage\fR] [\-\-keyingtries\ \fIcount\fR] [\-\-esp\ \fIesp\-algos\fR] [\-\-dontrekey] [\-\-aggrmode] [\-\-modecfgpull] [[\-\-dpddelay\ \fIseconds\fR] | [\-\-dpdtimeout\ \fIseconds\fR]] [\-\-dpdaction\ [clear]\ |\ [hold]\ |\ [restart]] [\-\-forceencaps] [[\-\-initiateontraffic]\ |\ [\-\-pass]\ |\ [\-\-drop]\ |\ [\-\-reject]] [[\-\-failnone]\ |\ [\-\-failpass]\ |\ [\-\-faildrop]\ |\ [\-\-failreject]] [\-\-ctlbase\ \fIpath\fR] [\-\-optionsfrom\ \fIfilename\fR] [\-\-label\ \fIstring\fR] +[\-\-tunnel] [\-\-psk] [\-\-rsasig] [\-\-encrypt] [\-\-authenticate] [\-\-compress] [\-\-pfs] [\-\-pfsgroup [modp1024] | [modp1536] | [modp2048] | [modp3072] | [modp4096] | [modp6144] | [modp8192]] [\-\-disablearrivalcheck] [\-\-ikelifetime \fIseconds\fR] [\-\-ipseclifetime \fIseconds\fR] [\-\-rekeymargin \fIseconds\fR] [\-\-rekeyfuzz \fIpercentage\fR] [\-\-keyingtries \fIcount\fR] [\-\-esp \fIesp\-algos\fR] [\-\-dontrekey] [\-\-aggrmode] [\-\-modecfgpull] [[\-\-dpddelay \fIseconds\fR] | [\-\-dpdtimeout \fIseconds\fR]] [\-\-dpdaction [clear] | [hold] | [restart]] [\-\-forceencaps] [[\-\-initiateontraffic] | [\-\-pass] | [\-\-drop] | [\-\-reject]] [[\-\-failnone] | [\-\-failpass] | [\-\-faildrop] | [\-\-failreject]] [\-\-ctlbase \fIpath\fR] [\-\-optionsfrom \fIfilename\fR] [\-\-label \fIstring\fR] .HP \w'\fBipsec\fR\ 'u \fBipsec\fR \fIwhack\fR \-\-keyid\ \fIid\fR [\-\-addkey] [\-\-pubkeyrsa\ \fIkey\fR] [\-\-ctlbase\ \fIpath\fR] [\-\-optionsfrom\ \fIfilename\fR] [\-\-label\ \fIstring\fR] .HP \w'\fBipsec\fR\ 'u debian/patches/auto.8-linebreak0000664000000000000000000000254612010653511013613 0ustar Description: Fix manpage to allow line break Author: Jari Aalto Forwarded: no Last-Update: 2012-01-01 Index: openswan-debian/programs/auto/auto.8 =================================================================== --- openswan-debian.orig/programs/auto/auto.8 2012-06-29 19:15:43.181617475 +0200 +++ openswan-debian/programs/auto/auto.8 2012-06-29 19:16:29.357617568 +0200 @@ -41,7 +41,7 @@ .HP \w'\fBipsec\fR\ 'u \fBipsec\fR \fIauto\fR {\ \-\-route\ |\ \-\-unroute\ } \fIconnection\fR .HP \w'\fBipsec\fR\ 'u -\fBipsec\fR \fIauto\fR [\-\-utc] [\-\-listall\ |\ \-\-rereadall] [\-\-rereadsecrets] [\-\-listcerts] [\-\-listpubkeys] [\-\-checkpubkeys] [\-\-listcacerts\ |\ \-\-rereadcacerts] [\-\-listcrls\ |\ \-\-rereadcrls] [[\-\-listocspcerts\ |\ \-\-rereadocspcerts\ ]\ [\-\-listocsp\ |\ \-\-purgeocsp\ ]] [\-\-listacerts\ |\ \-\-rereadacerts] [\-\-listaacerts\ |\ \-\-rereadaacerts] [\-\-listgroups\ |\ \-\-rereadgroups] +\fBipsec\fR \fIauto\fR [\-\-utc] [\-\-listall | \-\-rereadall] [\-\-rereadsecrets] [\-\-listcerts] [\-\-listpubkeys] [\-\-checkpubkeys] [\-\-listcacerts | \-\-rereadcacerts] [\-\-listcrls | \-\-rereadcrls] [[\-\-listocspcerts | \-\-rereadocspcerts\ ]\ [\-\-listocsp | \-\-purgeocsp\ ]] [\-\-listacerts | \-\-rereadacerts] [\-\-listaacerts | \-\-rereadaacerts] [\-\-listgroups | \-\-rereadgroups] .SH "DESCRIPTION" .PP \fIAuto\fR debian/patches/startklips-ip_route0000664000000000000000000000146512010653511014566 0ustar Description: Use ip route instead of netstat Author: Harald Jenny Origin: upstream git Last-Update: 2012-06-29 Index: openswan-debian/programs/_startklips/_startklips.in =================================================================== --- openswan-debian.orig/programs/_startklips/_startklips.in 2012-06-29 09:49:44.111928762 +0200 +++ openswan-debian/programs/_startklips/_startklips.in 2012-06-29 20:20:49.739688311 +0200 @@ -183,7 +183,7 @@ # get default route info getdefaultrouteinfo() { - netstat -nr | awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print "phys=" $NF; print "next=" $2; exit 0 }' + ip route list 0.0.0.0/0 | awk '$2 == "via" { print "phys=" $5; print "next=" $3; exit 0 } { print "phys=" $3; print "next=0.0.0.0"; exit 0 }' } # set up a Klips interface debian/patches/eroute.8-linebreak0000664000000000000000000000517312010653511014145 0ustar Description: Fix manpage to allow line break Author: Jari Aalto Forwarded: no Last-Update: 2012-01-01 Index: openswan-debian/programs/eroute/eroute.8 =================================================================== --- openswan-debian.orig/programs/eroute/eroute.8 2012-06-29 19:15:43.645617491 +0200 +++ openswan-debian/programs/eroute/eroute.8 2012-06-29 19:16:28.577617764 +0200 @@ -22,11 +22,11 @@ ipsec_eroute \- manipulate IPSEC extended routing tables .SH "SYNOPSIS" .HP \w'\fBipsec\ eroute\fR\ 'u -\fBipsec eroute\fR \fB\fI\-\-add\fR\fR\ \fB\-\-eraf\fR\ \fI(inet\ |\ inet6)\fR\ \fB\-\-src\fR\ \fIsrc/srcmaskbits|srcmask\fR\ \fB\-\-dst\fR\ \fIdst/dstmaskbits|dstmask\fR\ [[\fB\-\-transport\-proto\fR\ \fItransport\-protocol\fR]]\ [\fB\-\-src\-port\ \fR\fB\fIsource\-port\fR\fR]\ [\fB\-\-dst\-port\ \fR\fB\fIdest\-port\fR\fR]\ [] +\fBipsec eroute\fR \fB\fI\-\-add\fR\fR \fB\-\-eraf\fR \fI(inet | inet6)\fR \fB\-\-src\fR \fIsrc/srcmaskbits|srcmask\fR \fB\-\-dst\fR \fIdst/dstmaskbits|dstmask\fR [[\fB\-\-transport\-proto\fR \fItransport\-protocol\fR]] [\fB\-\-src\-port \fR\fB\fIsource\-port\fR\fR] [\fB\-\-dst\-port \fR\fB\fIdest\-port\fR\fR] [] .HP \w'\fBipsec\ eroute\fR\ 'u -\fBipsec eroute\fR \fB\fI\-\-replace\fR\fR\ \fB\-\-eraf\fR\ \fI(inet\ |\ inet6)\fR\ \fB\-\-src\fR\ \fIsrc/srcmaskbits|srcmask\fR\ \fB\-\-dst\fR\ \fIdst/dstmaskbits|dstmask\fR\ [[\fB\-\-transport\-proto\fR\ \fItransport\-protocol\fR]]\ [\fB\-\-src\-port\ \fR\fB\fIsource\-port\fR\fR]\ [\fB\-\-dst\-port\ \fR\fB\fIdest\-port\fR\fR]\ [] +\fBipsec eroute\fR \fB\fI\-\-replace\fR\fR \fB\-\-eraf\fR \fI(inet | inet6)\fR \fB\-\-src\fR \fIsrc/srcmaskbits|srcmask\fR \fB\-\-dst\fR \fIdst/dstmaskbits|dstmask\fR [[\fB\-\-transport\-proto\fR \fItransport\-protocol\fR]] [\fB\-\-src\-port \fR\fB\fIsource\-port\fR\fR] [\fB\-\-dst\-port \fR\fB\fIdest\-port\fR\fR] [] .HP \w'\fBipsec\ eroute\fR\ 'u -\fBipsec eroute\fR \fB\fI\-\-del\fR\fR\-\-del\fB\-\-eraf\fR\ \fI(inet\ |\ inet6)\fR\ \fB\-\-src\fR\fIsrc/srcmaskbits|srcmask\fR\fB\-\-dst\fR\fIdst/dstmaskbits|dstmask\fR\ [[\fB\-\-transport\-proto\fR\ \fItransport\-protocol\fR]]\ [\fB\-\-src\-port\ \fR\fB\fIsource\-port\fR\fR]\ [\fB\-\-dst\-port\ \fR\fB\fIdest\-port\fR\fR]\ [] +\fBipsec eroute\fR \fB\fI\-\-del\fR\fR\-\-del\fB\-\-eraf\fR \fI(inet | inet6)\fR \fB\-\-src\fR\fIsrc/srcmaskbits|srcmask\fR\fB\-\-dst\fR\fIdst/dstmaskbits|dstmask\fR [[\fB\-\-transport\-proto\fR \fItransport\-protocol\fR]] [\fB\-\-src\-port \fR\fB\fIsource\-port\fR\fR] [\fB\-\-dst\-port \fR\fB\fIdest\-port\fR\fR] [] .HP \w'\fBipsec\ eroute\fR\ 'u \fBipsec eroute\fR \-\-clear .HP \w'\fBipsec\ eroute\fR\ 'u debian/patches/should_be_zero-field0000664000000000000000000001251312010653511014622 0ustar Description: Add should be zero field to pluto code Author: Paul Wouters Origin: upstream git Last-Update: 2012-06-28 Index: openswan-debian/include/packet.h =================================================================== --- openswan-debian.orig/include/packet.h 2012-06-29 19:15:41.689617541 +0200 +++ openswan-debian/include/packet.h 2012-06-29 19:16:31.537617499 +0200 @@ -38,7 +38,7 @@ */ enum field_type { - ft_mbz, /* must be zero */ + ft_mbz, /* must be zero, abort */ ft_nat, /* natural number (may be 0) */ ft_len, /* length of this struct and any following crud */ ft_lv, /* length/value field of attribute */ @@ -48,6 +48,7 @@ ft_af_loose_enum, /* Attribute Format + enumeration, some names known */ ft_set, /* bits representing set */ ft_raw, /* bytes to be left in network-order */ + ft_zig, /* should be zero, ignore if not. Continue */ ft_end, /* end of field list */ }; Index: openswan-debian/lib/libpluto/packet.c =================================================================== --- openswan-debian.orig/lib/libpluto/packet.c 2012-06-29 19:15:41.689617541 +0200 +++ openswan-debian/lib/libpluto/packet.c 2012-06-29 19:16:31.537617499 +0200 @@ -597,10 +597,10 @@ */ static field_desc isanat_oa_fields[] = { { ft_enum, 8/BITS_PER_BYTE, "next payload type", &payload_names }, - { ft_mbz, 8/BITS_PER_BYTE, NULL, NULL }, + { ft_zig, 8/BITS_PER_BYTE, NULL, NULL }, /* Need ft_zig because ipsec-tools bug used in Android ICS */ { ft_len, 16/BITS_PER_BYTE, "length", NULL }, { ft_enum, 8/BITS_PER_BYTE, "ID type", &ident_names }, - { ft_mbz, 24/BITS_PER_BYTE, NULL, NULL }, + { ft_zig, 24/BITS_PER_BYTE, NULL, NULL }, /* Need ft_zig because ipsec-tools bug used in Android ICS */ { ft_end, 0, NULL, NULL } }; @@ -664,7 +664,7 @@ */ static field_desc ikev2prop_fields[] = { { ft_enum, 8/BITS_PER_BYTE, "next payload type", &payload_names }, - { ft_mbz, 8/BITS_PER_BYTE, NULL, NULL }, + { ft_zig, 8/BITS_PER_BYTE, NULL, NULL }, { ft_len, 16/BITS_PER_BYTE, "length", NULL }, { ft_nat, 8/BITS_PER_BYTE, "prop #", NULL }, { ft_nat, 8/BITS_PER_BYTE, "proto ID", NULL }, @@ -695,10 +695,10 @@ */ static field_desc ikev2trans_fields[] = { { ft_enum, 8/BITS_PER_BYTE, "next payload type", &payload_names }, - { ft_mbz, 8/BITS_PER_BYTE, NULL, NULL }, + { ft_zig, 8/BITS_PER_BYTE, NULL, NULL }, { ft_len, 16/BITS_PER_BYTE, "length", NULL }, { ft_nat, 8/BITS_PER_BYTE, "transform type", &trans_type_names }, - { ft_mbz, 8/BITS_PER_BYTE, NULL, NULL }, + { ft_zig, 8/BITS_PER_BYTE, NULL, NULL }, { ft_nat, 16/BITS_PER_BYTE, "transform ID", NULL }, { ft_end, 0, NULL, NULL } }; @@ -757,7 +757,7 @@ { ft_set, 8/BITS_PER_BYTE, "critical bit", critical_names}, { ft_len, 16/BITS_PER_BYTE, "length", NULL }, { ft_nat, 16/BITS_PER_BYTE, "transform type", &oakley_group_names }, - { ft_mbz, 16/BITS_PER_BYTE, NULL, NULL }, + { ft_zig, 16/BITS_PER_BYTE, NULL, NULL }, { ft_end, 0, NULL, NULL } }; @@ -800,8 +800,8 @@ { ft_set, 8/BITS_PER_BYTE, "critical bit", critical_names}, { ft_len, 16/BITS_PER_BYTE, "length", NULL }, { ft_enum, 8/BITS_PER_BYTE, "id_type", &ident_names }, - { ft_mbz, 8/BITS_PER_BYTE, NULL, NULL }, - { ft_mbz, 16/BITS_PER_BYTE, NULL, NULL }, + { ft_zig, 8/BITS_PER_BYTE, NULL, NULL }, + { ft_zig, 16/BITS_PER_BYTE, NULL, NULL }, { ft_end, 0, NULL, NULL } }; @@ -883,8 +883,8 @@ { ft_set, 8/BITS_PER_BYTE, "critical bit", critical_names}, { ft_len, 16/BITS_PER_BYTE, "length", NULL }, { ft_enum, 8/BITS_PER_BYTE, "auth method", &ikev2_auth_names }, - { ft_mbz, 8/BITS_PER_BYTE, NULL, NULL }, - { ft_mbz, 16/BITS_PER_BYTE, NULL, NULL }, + { ft_zig, 8/BITS_PER_BYTE, NULL, NULL }, + { ft_zig, 16/BITS_PER_BYTE, NULL, NULL }, { ft_end, 0, NULL, NULL } }; @@ -1029,8 +1029,8 @@ { ft_set, 8/BITS_PER_BYTE, "critical bit", critical_names}, { ft_len, 16/BITS_PER_BYTE, "length", NULL }, { ft_nat, 8/BITS_PER_BYTE, "number of TS", NULL}, - { ft_mbz, 8/BITS_PER_BYTE, NULL, NULL }, - { ft_mbz, 16/BITS_PER_BYTE, NULL, NULL }, + { ft_zig, 8/BITS_PER_BYTE, NULL, NULL }, + { ft_zig, 16/BITS_PER_BYTE, NULL, NULL }, { ft_end, 0, NULL, NULL } }; struct_desc ikev2_ts_desc = { "IKEv2 Traffic Selector Payload", @@ -1184,6 +1184,7 @@ switch (fp->field_type) { case ft_mbz: /* must be zero */ + case ft_zig: inp += i; break; case ft_nat: /* natural number (may be 0) */ @@ -1351,6 +1352,21 @@ *outp++ = '\0'; /* probably redundant */ } break; + case ft_zig: /* should be zero, ignore if not */ + for (; i != 0; i--) + { + if (*cur++ != 0) + { + openswan_log("byte %d of %s should have been zero, but was not" + , (int) (cur - ins->cur), sd->name); + /* + * We cannot zeroize it, it would break our hash calculation + * *cur = '\0'; + */ + } + *outp++ = '\0'; /* probably redundant */ + } + break; case ft_nat: /* natural number (may be 0) */ case ft_len: /* length of this struct and any following crud */ @@ -1565,6 +1581,7 @@ switch (fp->field_type) { case ft_mbz: /* must be zero */ + case ft_zig: /* should be zero, but we'll let it go */ inp += i; for (; i != 0; i--) *cur++ = '\0'; debian/patches/initd-header0000664000000000000000000000140112010653511013065 0ustar Description: Populate Default-Start line Author: Harald Jenny Forwarded: no Last-Update: 2012-01-01 Index: openswan-debian/programs/setup/setup.in =================================================================== --- openswan-debian.orig/programs/setup/setup.in 2012-06-29 19:15:44.573617501 +0200 +++ openswan-debian/programs/setup/setup.in 2012-06-29 19:16:26.725617355 +0200 @@ -5,7 +5,7 @@ # Provides: ipsec # Required-Start: $network $remote_fs $syslog $named # Required-Stop: $syslog $remote_fs -# Default-Start: +# Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start Openswan IPsec at boot time # Description: Enable automatic key management for IPsec (KLIPS and NETKEY) debian/openswan.preinst0000775000000000000000000000156512010653511012434 0ustar #! /bin/sh # preinst script for openswan # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `install' # * `install' # * `upgrade' # * `abort-upgrade' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in install|upgrade) # To fix Bug #532348 completely we need to remove the duplicate # init script on upgrade if [ "`dpkg -S /etc/init.d/setup 2>/dev/null | grep \"^openswan:\"`" ]; then rm -f /etc/init.d/setup fi ;; abort-upgrade) ;; *) echo "preinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically #DEBHELPER# exit 0 debian/ipsec.secrets.proto0000664000000000000000000000101112010653511013012 0ustar # This file holds shared secrets or RSA private keys for inter-Pluto # authentication. See ipsec_pluto(8) manpage, and HTML documentation. # RSA private key for this host, authenticating it to any other host # which knows the public part. Suitable public keys, for ipsec.conf, DNS, # or configuration of other implementations, can be extracted conveniently # with "ipsec showhostkey". # this file is managed with debconf and will contain the automatically created RSA keys include /var/lib/openswan/ipsec.secrets.inc debian/watch0000664000000000000000000000015612010653511010215 0ustar version=3 opts=dversionmangle=s/\+dfsg\+?\d?$// \ http://www.openswan.org/download/openswan-([\d.]+)\.tar\.gz debian/README.source0000664000000000000000000000031012010653511011333 0ustar Sources for Debian ------------------ This package uses dpatch. See more information at /usr/share/doc/dpatch/README.source.gz -- Jari Aalto , Wed, 10 Mar 2010 18:52:01 +0200 debian/openswan-modules-source.control.in0000664000000000000000000000167212010653511015775 0ustar Source: openswan Section: net Priority: optional Maintainer: $KMAINT <$KEMAIL> Standards-Version: 3.9.3 Vcs-Browser: http://git.debian.org/?p=pkg-swan/openswan.git;a=summary Vcs-Git: git://git.debian.org/git/pkg-swan/openswan.git Build-Depends: debhelper Homepage: http://www.openswan.org/ Package: openswan-modules-$KVERS Architecture: linux-any Section: kernel Recommends: linux-image-$KVERS (= $KDREV) Description: Internet Key Exchange daemon - binary kernel module Openswan is an IPsec based VPN solution for the Linux kernel. It can use the native IPsec stack as well as the KLIPS kernel module. Both IKEv1 and IKEv2 protocols are supported. . For support of the old-style KLIPS ipsecX network interfaces a custom kernel module is needed. . This package contains the Openswan binary kernel module for the Linux kernel version $KVERS. . Kernel versions >= 2.6.23 no longer need to be patched to provide NAT Traversal support for KLIPS. debian/openswan.postinst0000664000000000000000000002177712010653511012637 0ustar #! /bin/bash # postinst script for openswan # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-deconfigure' `in-favour' # `removing' # # for details, see /usr/share/doc/packaging-manual/ # # quoting from the policy: # Any necessary prompting should almost always be confined to the # * `abort-deconfigure' `in-favour' # `removing' # # for details, see /usr/share/doc/packaging-manual/ # # quoting from the policy: # Any necessary prompting should almost always be confined to the # post-installation script, and should be protected with a conditional # so that unnecessary prompting doesn't happen if a package's # installation fails and the `postinst' is called with `abort-upgrade', # `abort-remove' or `abort-deconfigure'. SECRETS_INC_DIR=/var/lib/openswan SECRETS_INC_FILE="$SECRETS_INC_DIR"/ipsec.secrets.inc Warn () { echo "$*" >&2 } Error () { Warn "Error: $*" } insert_private_key_filename() { if ! ( [ -e $SECRETS_INC_FILE ] && egrep -q ": RSA $1" $SECRETS_INC_FILE ); then echo ": RSA $1" >> $SECRETS_INC_FILE fi } make_x509_cert() { if [ $# -ne 12 ]; then echo "Error in creating X.509 certificate" exit 1 fi case $5 in false) certreq=$4.req selfsigned="" ;; true) certreq=$4 selfsigned="-x509" ;; *) echo "Error in creating X.509 certificate" exit 1 ;; esac echo -e "$6\n$7\n$8\n$9\n${10}\n${11}\n${12}\n\n\n" | \ /usr/bin/openssl req -new -outform PEM -out $certreq \ -newkey rsa:$1 -nodes -keyout $3 -keyform PEM \ -days $2 $selfsigned >/dev/null } . /usr/share/debconf/confmodule case "$1" in configure) # if SECRETS_INC_FILE is not there we touch it to avoid error messages if [ ! -f "$SECRETS_INC_FILE" ]; then touch $SECRETS_INC_FILE fi # now we fix permissions of SECRETS_INC_DIR and SECRETS_INC_FILE (if the admin did not specify different ones) if [ "`dpkg-statoverride --list $SECRETS_INC_DIR`" ] || [ "`find $SECRETS_INC_DIR ! -perm 0700`" ]; then chmod 0700 $SECRETS_INC_DIR fi if [ "`dpkg-statoverride --list $SECRETS_INC_FILE`" ] || [ "`find $SECRETS_INC_FILE ! -perm 0700`" ]; then chmod 0600 $SECRETS_INC_FILE fi db_get openswan/install_x509_certificate if [ "$RET" = "true" ]; then db_get openswan/how_to_get_x509_certificate if [ "$RET" = "create" ]; then # extract the key from a (newly created) x509 certificate host=`hostname` newkeyfile="/etc/ipsec.d/private/${host}Key.pem" newcertfile="/etc/ipsec.d/certs/${host}Cert.pem" if [ -e $newcertfile -o -e $newkeyfile ]; then Error "$newcertfile or $newkeyfile already exists." Error "Please remove them first an then re-run dpkg-reconfigure to create a new keypair." else # create a new certificate db_get openswan/rsa_key_length keylength=$RET db_get openswan/x509_self_signed selfsigned=$RET db_get openswan/x509_country_code countrycode=$RET if [ -z "$countrycode" ]; then countrycode="."; fi db_get openswan/x509_state_name statename=$RET if [ -z "$statename" ]; then statename="."; fi db_get openswan/x509_locality_name localityname=$RET if [ -z "$localityname" ]; then localityname="."; fi db_get openswan/x509_organization_name orgname=$RET if [ -z "$orgname" ]; then orgname="."; fi db_get openswan/x509_organizational_unit orgunit=$RET if [ -z "$orgunit" ]; then orgunit="."; fi db_get openswan/x509_common_name commonname=$RET if [ -z "$commonname" ]; then commonname="."; fi db_get openswan/x509_email_address email=$RET if [ -z "$email" ]; then email="."; fi make_x509_cert $keylength 1500 "$newkeyfile" "$newcertfile" "$selfsigned" "$countrycode" "$statename" "$localityname" "$orgname" "$orgunit" "$commonname" "$email" chmod 0600 "$newkeyfile" insert_private_key_filename "$newkeyfile" echo "Successfully created x509 certificate." fi elif [ "$RET" = "import" ]; then # existing certificate - use it db_get openswan/existing_x509_certificate_filename certfile=$RET db_get openswan/existing_x509_key_filename keyfile=$RET db_get openswan/existing_x509_rootca_filename cafile=$RET if [ ! "$certfile" ] || [ ! "$keyfile" ]; then Error "Either the certificate or the key filename is not specified." elif ! ( ( [ -f "$certfile" ] || [ -L "$certfile" ] ) && ( [ -f "$keyfile" ] || [ -L "$keyfile" ] ) && ( [ "$cafile" = "" ] || ( [ -f "$cafile" ] || [ -L "$cafile" ] ) ) ); then Error "Either the certificate or the key"${cafile:+ or the rootca}" file is not a regular file or symbolic link." elif [ ! "`grep 'BEGIN CERTIFICATE' $certfile`" ] || [ ! "`grep 'BEGIN RSA PRIVATE KEY' $keyfile`" ] || ( [ "$cafile" != "" ] && [ ! "`grep 'BEGIN CERTIFICATE' $cafile`" ] ); then Error "Either the certificate or the key"${cafile:+ or the rootca}" file is not a valid PEM type file." elif [ "$cafile" ] && ( [ "$certfile" = "$cafile" ] || [ "$keyfile" = "$cafile" ]); then Error "The certificate or the key file contains the rootca - unable to import automatically." elif [ "`grep 'BEGIN CERTIFICATE' $certfile | wc -l`" -gt 1 ]; then Error "The certificate file contains more than one certificate - unable to import automatically." elif [ "`grep 'ENCRYPTED' $keyfile`" ]; then Error "The key file contains an encrypted key - unable to import automatically." else newcertfile="/etc/ipsec.d/certs/$(basename "$certfile")" newkeyfile="/etc/ipsec.d/private/$(basename "$keyfile")" if [ "$cafile" ]; then newcafile="/etc/ipsec.d/private/$(basename "$cafile")" else newcafile="" fi if [ -e "$newcertfile" ] || [ -e "$newkeyfile" ] || ( [ "$newcafile" != "" ] && [ -e "$newcafile" ] ); then Error "$newcertfile or $newkeyfile"${newcafile:+ or $newcafile}" already exists." Error "Please remove them first and then re-run dpkg-reconfigure to extract an existing keypair"${newcafile:+ and a rootca}"." else openssl x509 -in $certfile -out $newcertfile 2>/dev/null openssl rsa -passin pass:"" -in $keyfile -out $newkeyfile 2>/dev/null chmod 0600 "$newkeyfile" insert_private_key_filename "$newkeyfile" cp "$cafile" /etc/ipsec.d/cacerts echo "Successfully integrated existing x509 certificate." fi fi fi db_set openswan/install_x509_certificate false fi # scheduled for removal 2012-02 if egrep -q "^include /etc/ipsec.d/examples/no_oe.conf$" /etc/ipsec.conf; then db_fset openswan/no-oe_include_file seen false db_input high openswan/no-oe_include_file || true db_go cat /etc/ipsec.conf | grep -v "^#Disable Opportunistic Encryption$" | grep -v "^include /etc/ipsec.d/examples/no_oe.conf$" > /etc/ipsec.conf.tmp mv /etc/ipsec.conf.tmp /etc/ipsec.conf fi # scheduled for removal 2011-03 runlevels=`find /etc/rc*.d -type l -a -name "*ipsec" -a -lname "../init.d/ipsec" -print0 | sed 's/\/etc\/rc//g' | sed 's/\.d\///g' | sed 's/ipsec//g'` # lets see if we are already using dependency based booting or the correct runlevel parameters if ! ( [ "`find /etc/init.d/ -name '.depend.*'`" ] || [ "$runlevels" = "0K841K842S163S164S165S166K84" ] ); then db_fset openswan/runlevel_changes seen false db_input high openswan/runlevel_changes || true db_go # if the admin did not change the runlevels which got installed by older packages we can modify them if [ "$runlevels" = "0K346K34SS41" ] || [ "$runlevels" = "0K301K302S153S154S155S156K30" ] || [ "$runlevels" = "0K191K192S213S214S215S216K19" ]; then update-rc.d -f ipsec remove fi update-rc.d ipsec defaults 16 84 > /dev/null fi if [ -z "$2" ]; then # no old configured version - start openswan now invoke-rc.d ipsec start || true else # does the user wish openswan to restart? db_get openswan/restart if [ "$RET" = "true" ]; then invoke-rc.d ipsec restart || true # sure, we'll restart it for you fi fi db_stop ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument '$1'" >&2 exit 0 ;; esac # dh_installdeb will replace this with shell code automatically #DEBHELPER# exit 0 debian/openswan.lintian-overrides0000664000000000000000000000055212010653511014376 0ustar # as here private data is stored we need tighter perms here openswan: non-standard-dir-perm etc/ipsec.d/private/ 0700 != 0755 openswan: non-standard-file-perm etc/ipsec.secrets 0600 != 0644 openswan: non-standard-dir-perm var/lib/openswan/ 0700 != 0755 # we have a right link in it too openswan: copyright-refers-to-symlink-license usr/share/common-licenses/GPL debian/logcheck.ignore.server0000664000000000000000000000141612010653511013455 0ustar ipsec_setup: KLIPS debug \`none\' ipsec_setup: Stopping FreeS/WAN IPsec\.\.\. ipsec_setup: stop ordered ipsec_setup: doing cleanup anywan... ipsec_setup: \.\.\.FreeS/WAN IPsec stopped ipsec_setup: Starting FreeS/WAN IPsec ipsec_setup: \.\.\.FreeS/WAN IPsec started ipsec_plutorun: .*: initiate pluto.*: deleting state pluto.*: forgetting secrets pluto.*: shutting down pluto.*: \| pluto.*: .* bytes loaded pluto.*: including X\.509 patch pluto.*: Loading my X\.509 certificate pluto.*: Starting pluto pluto.*: added connection description pluto.*: adding interface pluto.*: listening for IKE messages pluto.*: loading secrets pluto.*: .* SA established pluto.*: .* SA expired pluto.*: replacing stale .* SA pluto.*: initiating Quick Mode pluto.*: regenerating DH private secret debian/compat0000664000000000000000000000000212010653511010360 0ustar 7 debian/openswan-modules-source.kernel-config0000664000000000000000000000510012010653511016421 0ustar #ifndef _CONFIG_ALL_H_ /* * Copyright (C) 2002 Michael Richardson * * This kernel module is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . * * This kernel module is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public * License for more details. * * RCSID $Id: openswan-modules-source.kernel-config,v 1.3.6.1 2005/09/28 13:59:14 paul Exp $ */ #define _CONFIG_ALL_H_ /* seen it, no need to see it again */ #define CONFIG_IPSEC 1 #ifndef CONFIG_IPSEC_AH #define CONFIG_IPSEC_AH 1 #endif #ifndef CONFIG_IPSEC_DEBUG #define CONFIG_IPSEC_DEBUG 1 #endif #ifndef CONFIG_IPSEC_ESP #define CONFIG_IPSEC_ESP 1 #endif #ifndef CONFIG_IPSEC_IPCOMP #define CONFIG_IPSEC_IPCOMP 1 #endif #ifndef CONFIG_IPSEC_IPIP #define CONFIG_IPSEC_IPIP 1 #endif #ifndef CONFIG_IPSEC_AUTH_HMAC_MD5 #define CONFIG_IPSEC_AUTH_HMAC_MD5 1 #endif #ifndef CONFIG_IPSEC_AUTH_HMAC_SHA1 #define CONFIG_IPSEC_AUTH_HMAC_SHA1 1 #endif #ifndef CONFIG_IPSEC_DYNDEV #define CONFIG_IPSEC_DYNDEV 1 #endif #ifndef CONFIG_IPSEC_ENC_3DES #define CONFIG_IPSEC_ENC_3DES 1 #endif #ifndef CONFIG_IPSEC_ENC_AES #define CONFIG_IPSEC_ENC_AES 1 #endif #ifndef CONFIG_IPSEC_REGRESS #define CONFIG_IPSEC_REGRESS 0 #endif #ifndef CONFIG_IPSEC_NAT_TRAVERSAL #define CONFIG_IPSEC_NAT_TRAVERSAL 1 #endif #ifndef CONFIG_IPSEC_ALG #define CONFIG_IPSEC_ALG 1 #endif #ifndef CONFIG_IPSEC_ALG_AES #define CONFIG_IPSEC_ALG_AES 1 #endif #ifndef CONFIG_IPSEC_ALG_TWOFISH #define CONFIG_IPSEC_ALG_TWOFISH 1 #endif #ifndef CONFIG_IPSEC_ALG_BLOWFISH #define CONFIG_IPSEC_ALG_BLOWFISH 1 #endif #ifndef CONFIG_IPSEC_ALG_SERPENT #define CONFIG_IPSEC_ALG_SERPENT 1 #endif #ifndef CONFIG_IPSEC_ALG_3DES #define CONFIG_IPSEC_ALG_3DES 1 #endif #ifndef CONFIG_IPSEC_ALG_CAST #define CONFIG_IPSEC_ALG_CAST 1 #endif #ifndef CONFIG_IPSEC_ALG_MD5 #define CONFIG_IPSEC_ALG_MD5 1 #endif #ifndef CONFIG_IPSEC_ALG_NULL #define CONFIG_IPSEC_ALG_NULL 1 #endif #ifndef CONFIG_IPSEC_ALG_SHA1 #define CONFIG_IPSEC_ALG_SHA1 1 #endif #ifndef CONFIG_IPSEC_ALG_SHA2 #define CONFIG_IPSEC_ALG_SHA2 1 #endif #ifndef CONFIG_IPSEC_ALG_CRYPTOAPI #define CONFIG_IPSEC_ALG_CRYPTOAPI 1 #endif #ifndef CONFIG_IPSEC_ALG_NON_LIBRE #define CONFIG_IPSEC_ALG_NON_LIBRE 1 #endif #endif /* _CONFIG_ALL_H */ debian/openswan-modules-dkms.dkms.conf.in0000664000000000000000000000063712010653511015635 0ustar PACKAGE_NAME="openswan" PACKAGE_VERSION="#VERSION#" BUILT_MODULE_NAME[0]="ipsec" BUILT_MODULE_LOCATION[0]="modobj26" DEST_MODULE_LOCATION[0]="/kernel/net/ipsec" AUTOINSTALL=yes MAKE[0]="make KERNELSRC=$kernel_source_dir -C ${dkms_tree}/openswan/#VERSION#/build module26" CLEAN="make -C ${dkms_tree}/openswan/#VERSION#/build mod26clean; rm -rf ${dkms_tree}/openswan/#VERSION#/build/{Module.*,modules.order,OBJ.*}" debian/openswan-dbg.links0000664000000000000000000000006212010653511012606 0ustar usr/share/doc/openswan usr/share/doc/openswan-dbg debian/copyright0000664000000000000000000005440012010653511011120 0ustar This package was debianized by Rene Mayrhofer on Thu, 10 Aug 2000 10:50:33 +0200. The Debian package was created from scratch with some hints taken from previous freeswan packages by Tommi Virtanen and Aaron Johnson. The upstream software was originally downloaded from http://www.freeswan.org while newer versions use the fork from http://www.openswan.org. Debian packaging is Copyright © 2000-2010 Rene Mayrhofer. Openswan derives its copyright from FreeS/WAN: Richard Guy Briggs (KLIPS), D. Hugh Redelmeier (Pluto), Michael Richardson (technical lead, KLIPS, testing, etc.), Henry Spencer (past technical lead, scripts, libraries, packaging, etc.), Sandy Harris (documentation), Claudia Schmeing (support, documentation), and Sam Sgro (support, releases). After forking into Openswan, it is now Copyright © 2003-2008 Xelerance, please see the file CREDITS for details. However, all of the code is DFSG-free. The contents of this LICENSE file are: ------------------------------------------------------------------------------ GNU GPL License =============== This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA On Debian systems, a copy of the GNU General Public License, version 2, can be found in the file /usr/share/common-licenses/GPL-2. The symlink /usr/share/common-licenses/GPL points to the latest version of the GPL. Files with different copyrights/licenses: * lib/libcrypto/libserpent/serpent.c, lib/libipsecpolicy/version.in.c, lib/libopenswan/atoaddr.c, lib/libopenswan/atoasr.c, lib/libopenswan/atosubnet.c, lib/libopenswan/atoul.c, lib/libopenswan/biglset.c, lib/libopenswan/copyright.c, lib/libopenswan/initsaid.c, lib/libopenswan/initsubnet.c, lib/libopenswan/internal.h, lib/libopenswan/iprange.c, lib/libopenswan/keyblobtoid.c, lib/libopenswan/optionsfrom.c, lib/libopenswan/pfkey_error.c, lib/libopenswan/pfkey_sock.c, lib/libopenswan/portof.c, lib/libopenswan/rangetosubnet.c, lib/libopenswan/sameaddr.c, lib/libopenswan/sanitizestring.c, lib/libopenswan/satoa.c, lib/libopenswan/subnettot.c, lib/libopenswan/subnettypeof.c, lib/libopenswan/ttoaddr.c, lib/libopenswan/ttodata.c, lib/libopenswan/ttosa.c, lib/libopenswan/ttosubnet.c, lib/libopenswan/ttoul.c, lib/libopenswan/udpfromto.c, lib/libopenswan/version.in.c, linux/include/openswan.h, linux/include/openswan/ipsec_kversion.h, linux/include/openswan/ipsec_param2.h, linux/include/openswan/ipsec_policy.h, linux/include/openswan/passert.h, linux/include/openswan/pfkey_debug.h, linux/net/ipsec/addrtoa.c, linux/net/ipsec/addrtot.c, linux/net/ipsec/addrtypeof.c, linux/net/ipsec/anyaddr.c, linux/net/ipsec/datatot.c, linux/net/ipsec/goodmask.c, linux/net/ipsec/initaddr.c, linux/net/ipsec/prng.c, linux/net/ipsec/rangetoa.c, linux/net/ipsec/satot.c, linux/net/ipsec/subnetof.c, linux/net/ipsec/subnettoa.c, linux/net/ipsec/ultoa.c, linux/net/ipsec/ultot.c, linux/net/ipsec/version.in.c, testing/kunit/libkern/version.in.c, testing/utils/ike-scan/getopt.c, testing/utils/ike-scan/getopt.h, testing/utils/ike-scan/getopt1.c Copyright: 1998-2001 Henry Spencer Copyright: 1999-2001 Richard Guy Briggs Copyright: 2003, 2005-2007, 2009 Michael Richardson Copyright: 2003-2009 Paul Wouters Copyright: 1998-2002 D. Hugh Redelmeier Copyright: 2008-2009 David McCullough Copyright: 2002 Miquel van Smoorenburg This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with Foobar; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA On Debian systems, a copy of the GNU Lesser General Public License, version 2, can be found in the file /usr/share/common-licenses/LGPL-2. The symlink /usr/share/common-licenses/LGPL points to the latest version of the LGPL. * linux/include/zlib/*, linux/net/ipsec/zutil.c, linux/net/ipsec/infutil.c, linux/net/ipsec/infutil.h, linux/net/ipsec/inflate.c, linux/net/ipsec/infcodes.c, linux/net/ipsec/infcodes.h, linux/net/ipsec/deflate.c, linux/net/ipsec/deflate.h, linux/net/ipsec/trees.c, linux/net/ipsec/infblock.c, linux/net/ipsec/inffast.c, linux/net/ipsec/infblock.h, linux/net/ipsec/inffast.h, linux/net/ipsec/inftrees.c, linux/net/ipsec/inftrees.h, linux/net/ipsec/adler32.c testing/utils/ike-scan/md5.c, testing/utils/ike-scan/md5.h Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: 1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required. 2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. 3. This notice may not be removed or altered from any source distribution. Jean-loup Gailly Mark Adler jloup@gzip.org madler@alumni.caltech.edu * include/arpa/nameser.h, lib/libdns/*, lib/libisc/*, lib/liblwres/* (except lib/liblwres/include/lwres/async.h) Copyright: 2004-2007 by Internet Systems Consortium, Inc. ("ISC") 1995-2003 by Internet Software Consortium * lib/liblwres/async.c, lib/liblwres/include/lwres/async.h Copyright: 2003 Michael Richardson License: Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. Internet Systems Consortium, Inc. 950 Charter Street Redwood City, CA 94063 http://www.isc.org/ * include/arpa/nameser.h, include/sysqueue.h, lib/libisc/inet_aton.c, lib/liblwres/herror.c, lib/liblwres/lwinetaton.c, linux/include/openswan/radij.h, linux/net/ipsec/radij.c, testing/utils/uml_netjig/getopt_long.c Copyright (c) 1983, 1987, 1988, 1989, 1990, 1991, 1993, 1994, 1996 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the University of California, Berkeley and its contributors. 4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * lib/libdns/dst_internal.h Portions Copyright (C) 1995-2000 by Network Associates, Inc. Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * lib/libisc/inet_aton.c, lib/liblwres/lwinetaton.c Portions Copyright (c) 1993 by Digital Equipment Corporation. Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies, and that the name of Digital Equipment Corporation not be used in advertising or publicity pertaining to distribution of the document or software without specific, written prior permission. THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * include/libbsdkame/libpfkey.h, lib/libbsdpfkey/*, lib/liblwres/getnameinfo.c Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the project nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * lib/libcrypto/libdes/speed.c, lib/libcrypto/libdes/fcrypt_b.c, lib/libcrypto/libdes/destest.c, lib/libcrypto/libblowfish/bf_skey.c, lib/libcrypto/libblowfish/blowfish.h, lib/libcrypto/libblowfish/bf_pi.h, lib/libcrypto/libblowfish/bf_locl.h, lib/libcrypto/libblowfish/bf_enc.c, linux/include/des/*, linux/include/klips-crypto/des.h, linux/net/ipsec/des/cbc_enc.c, linux/net/ipsec/des/des_enc.c, linux/net/ipsec/des/des_opts.c, linux/net/ipsec/des/ecb_enc.c, linux/net/ipsec/des/set_key.c Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved. This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). The implementation was written so as to conform with Netscapes SSL. This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com). Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)" The word 'cryptographic' can be left out if the rouines from the library being used are not cryptographic related :-). 4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The licence and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.] * include/crypto/cryptodev.h Copyright (C) 2006-2007 David McCullough Copyright (C) 2004-2005 Intel Corporation. The license and original author are listed below. The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) Copyright (c) 2002-2006 Sam Leffler, Errno Consulting This code was written by Angelos D. Keromytis in Athens, Greece, in February 2000. Network Security Technologies Inc. (NSTI) kindly supported the development of this code. Copyright (c) 2000 Angelos D. Keromytis Permission to use, copy, and modify this software with or without fee is hereby granted, provided that this entire notice is included in all source code copies of any software which is or includes a copy or modification of this software. THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE. Copyright (c) 2001 Theo de Raadt Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Effort sponsored in part by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537. * lib/libcrypto/liboswcrypto/cryptodev.c Copyright (C) 2008 David McCullough Daniel Djamaludin Copyright (C) 2004-2005 Intel Corporation. All Rights Reserved. The code was developed with source from the file: hw_cryptodev.c in the openssl package, and the file: ipsec_doi.c from the openswan package. hw_cryptodev.c, openssl package: Copyright (c) 2002 Bob Beck Copyright (c) 2002 Theo de Raadt Copyright (c) 2002 Markus Friedl All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ipsec_doi.c, openswan package: Copyright (C) 1997 Angelos D. Keromytis. Copyright (C) 1998-2002 D. Hugh Redelmeier. Copyright (C) 2003 Michael Richardson This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. See . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. * linux/include/openswan/pfkeyv2.h This file defines structures and symbols for the PF_KEY Version 2 key management interface. It was written at the U.S. Naval Research Laboratory. This file is in the public domain. The authors ask that you leave this credit intact on any copies of this file. ------------------------------------------------------------------------------ Harald Jenny and Rene Mayrhofer, 2010-03-27 debian/openswan.config0000664000000000000000000000266012010653511012207 0ustar #!/bin/sh -e set -e . /usr/share/debconf/confmodule db_input medium openswan/restart || true db_input high openswan/install_x509_certificate || true db_go || true db_get openswan/install_x509_certificate if [ "$RET" = "true" ]; then db_input high openswan/how_to_get_x509_certificate || true db_go || true db_get openswan/how_to_get_x509_certificate if [ "$RET" = "create" ]; then # create a new certificate db_input medium openswan/rsa_key_length || true db_input high openswan/x509_self_signed || true # we can't allow the country code to be empty - openssl will # refuse to create a certificate this way countrycode="" while [ -z "$countrycode" ]; do db_input medium openswan/x509_country_code || true db_go || true db_get openswan/x509_country_code countrycode="$RET" done db_input medium openswan/x509_state_name || true db_input medium openswan/x509_locality_name || true db_input medium openswan/x509_organization_name || true db_input medium openswan/x509_organizational_unit || true db_input medium openswan/x509_common_name || true db_input medium openswan/x509_email_address || true db_go || true elif [ "$RET" = "import" ]; then # existing certificate - use it db_input critical openswan/existing_x509_certificate_filename || true db_input critical openswan/existing_x509_key_filename || true db_input critical openswan/existing_x509_rootca_filename || true db_go || true fi fi debian/openswan.templates0000664000000000000000000001625212010653511012742 0ustar Template: openswan/runlevel_changes Type: note _Description: Old runlevel management superseded Previous versions of the Openswan package gave a choice between three different Start/Stop-Levels. Due to changes in the standard system startup procedure, this is no longer necessary or useful. For all new installations as well as old ones running in any of the predefined modes, sane default levels will now be set. If you are upgrading from a previous version and changed your Openswan startup parameters, then please take a look at NEWS.Debian for instructions on how to modify your setup accordingly. Template: openswan/restart Type: boolean Default: true _Description: Restart Openswan now? Restarting Openswan is recommended, since if there is a security fix, it will not be applied until the daemon restarts. Most people expect the daemon to restart, so this is generally a good idea. However, this might take down existing connections and then bring them back up, so if you are using such an Openswan tunnel to connect for this update, restarting is not recommended. Template: openswan/install_x509_certificate Type: boolean Default: false _Description: Use an X.509 certificate for this host? An X.509 certificate for this host can be automatically created or imported. It can be used to authenticate IPsec connections to other hosts and is the preferred way of building up secure IPsec connections. The other possibility would be to use shared secrets (passwords that are the same on both sides of the tunnel) for authenticating a connection, but for a larger number of connections, key based authentication is easier to administer and more secure. . Alternatively you can reject this option and later use the command "dpkg-reconfigure openswan" to come back. Template: openswan/how_to_get_x509_certificate Type: select __Choices: create, import Default: create _Description: Methods for using a X.509 certificate to authenticate this host: It is possible to create a new X.509 certificate with user-defined settings or to import an existing public and private key stored in PEM file(s) for authenticating IPsec connections. . If you choose to create a new X.509 certificate you will first be asked a number of questions which must be answered before the creation can start. Please keep in mind that if you want the public key to get signed by an existing Certificate Authority you should not select to create a self-signed certificate and all the answers given must match exactly the requirements of the CA, otherwise the certificate request may be rejected. . If you want to import an existing public and private key you will be prompted for their filenames (which may be identical if both parts are stored together in one file). Optionally you may also specify a filename where the public key(s) of the Certificate Authority are kept, but this file cannot be the same as the former ones. Please also be aware that the format for the X.509 certificates has to be PEM and that the private key must not be encrypted or the import procedure will fail. Template: openswan/existing_x509_certificate_filename Type: string _Description: File name of your PEM format X.509 certificate: Please enter the location of the file containing your X.509 certificate in PEM format. Template: openswan/existing_x509_key_filename Type: string _Description: File name of your PEM format X.509 private key: Please enter the location of the file containing the private RSA key matching your X.509 certificate in PEM format. This can be the same file that contains the X.509 certificate. Template: openswan/existing_x509_rootca_filename Type: string _Description: File name of your PEM format X.509 RootCA: Optionally you can now enter the location of the file containing the X.509 Certificate Authority root used to sign your certificate in PEM format. If you do not have one or do not want to use it please leave the field empty. Please note that it's not possible to store the RootCA in the same file as your X.509 certificate or private key. Template: openswan/rsa_key_length Type: string Default: 2048 _Description: Length of RSA key to be created: Please enter the required RSA key-length. Anything under 1024 bits should be considered insecure; anything more than 4096 bits slows down the authentication process and is not useful at present. Template: openswan/x509_self_signed Type: boolean Default: true _Description: Create a self-signed X.509 certificate? Only self-signed X.509 certificates can be created automatically, because otherwise a Certificate Authority is needed to sign the certificate request. If you choose to create a self-signed certificate, you can use it immediately to connect to other IPsec hosts that support X.509 certificate for authentication of IPsec connections. However, using Openswan's PKI features requires all certificates to be signed by a single Certificate Authority to create a trust path. . If you do not choose to create a self-signed certificate, only the RSA private key and the certificate request will be created, and you will have to sign the certificate request with your Certificate Authority. Template: openswan/x509_country_code Type: string Default: AT _Description: Country code for the X.509 certificate request: Please enter the two-letter code for the country the server resides in (such as "AT" for Austria). . OpenSSL will refuse to generate a certificate unless this is a valid ISO-3166 country code; an empty field is allowed elsewhere in the X.509 certificate, but not here. Template: openswan/x509_state_name Type: string Default: _Description: State or province name for the X.509 certificate request: Please enter the full name of the state or province the server resides in (such as "Upper Austria"). Template: openswan/x509_locality_name Type: string Default: _Description: Locality name for the X.509 certificate request: Please enter the locality the server resides in (often a city, such as "Vienna"). Template: openswan/x509_organization_name Type: string Default: _Description: Organization name for the X.509 certificate request: Please enter the organization the server belongs to (such as "Debian"). Template: openswan/x509_organizational_unit Type: string Default: _Description: Organizational unit for the X.509 certificate request: Please enter the organizational unit the server belongs to (such as "security group"). Template: openswan/x509_common_name Type: string Default: _Description: Common Name for the X.509 certificate request: Please enter the Common Name for this host (such as "gateway.example.org"). Template: openswan/x509_email_address Type: string Default: _Description: Email address for the X.509 certificate request: Please enter the email address of the person or organization responsible for the X.509 certificate. Template: openswan/no-oe_include_file Type: note _Description: Modification of /etc/ipsec.conf Due to a change in upstream Openswan, opportunistic encryption is no longer enabled by default. The no_oe.conf file that was shipped in earlier versions to explicitly disable it can therefore no longer be included by ipsec.conf. Any such include paragraph will now be automatically removed to ensure that Openswan can start correctly. debian/info0000664000000000000000000000000012010653511010026 0ustar debian/openswan-modules-dkms.prerm0000664000000000000000000000050312010653511014463 0ustar #!/bin/sh set -e #DEBHELPER# VERSION=$(dpkg-query -W -f='${Version}' openswan-modules-dkms | sed -e 's/.*:\(.*\)-.*/\1/') case "$1" in remove|upgrade) if [ -x /usr/sbin/dkms ]; then echo "Removing all DKMS Modules" dkms remove -m openswan -v $VERSION --all > /dev/null echo "Done." fi ;; esac debian/openswan-modules-source.docs0000664000000000000000000000003512010653511014630 0ustar CREDITS debian/README.Debian debian/openswan-doc.doc-base0000664000000000000000000000062312010653511013157 0ustar Document: openswan Title: Openswan documentation Author: The Openswan project Abstract: This is a comprehensive document which describes what IPSEC is, how it works, and the Openswan IPSEC implementation. Section: System/Security Format: HTML Index: /usr/share/doc/openswan-doc/docs/html-old-need-merge-with-wiki/intro.html Files: /usr/share/doc/openswan-doc/docs/html-old-need-merge-with-wiki/*.html debian/openswan-modules-dkms.postinst0000664000000000000000000000143512010653511015226 0ustar #!/bin/sh set -e VERSION=$(dpkg-query -W -f='${Version}' openswan-modules-dkms | sed -e 's/.*:\(.*\)-.*/\1/') ARCH=`dpkg --print-architecture` . /usr/share/debconf/confmodule case "$1" in configure) if [ -x /usr/lib/dkms/common.postinst ]; then /usr/lib/dkms/common.postinst openswan $VERSION /usr/share/openswan-modules-dkms $ARCH $2 if [ "`ipsec setup --status | grep 'IPsec running'`" ]; then db_get openswan/restart if [ "$RET" = "true" ]; then invoke-rc.d ipsec stop || true modprobe -r ipsec modprobe ipsec 2>/dev/null || true invoke-rc.d ipsec start || true fi else if grep -q ipsec /proc/modules 2>/dev/null ; then modprobe -r ipsec modprobe ipsec 2>/dev/null || true fi fi fi db_stop ;; esac #DEBHELPER# debian/source/0000775000000000000000000000000012010653511010462 5ustar debian/source/format0000664000000000000000000000001412010653511011670 0ustar 3.0 (quilt)