debian/0000755000000000000000000000000013352751426007176 5ustar debian/strongswan-plugin-sshkey.install0000644000000000000000000000021412775300022015556 0ustar etc/strongswan.d/charon/sshkey.conf usr/lib/ipsec/plugins/libstrongswan-sshkey.so usr/share/strongswan/templates/config/plugins/sshkey.conf debian/strongswan-tnc-ifmap.install0000644000000000000000000000022512775300022014634 0ustar etc/strongswan.d/charon/tnc-ifmap.conf usr/lib/ipsec/plugins/libstrongswan-tnc-ifmap.so usr/share/strongswan/templates/config/plugins/tnc-ifmap.conf debian/strongswan-plugin-xauth-noauth.install0000644000000000000000000000023612775300022016701 0ustar etc/strongswan.d/charon/xauth-noauth.conf usr/lib/ipsec/plugins/libstrongswan-xauth-noauth.so usr/share/strongswan/templates/config/plugins/xauth-noauth.conf debian/strongswan-plugin-mysql.install0000644000000000000000000000027712775300022015426 0ustar etc/strongswan.d/charon/mysql.conf usr/lib/ipsec/plugins/libstrongswan-mysql.so usr/share/strongswan/templates/database/sql/mysql.sql usr/share/strongswan/templates/config/plugins/mysql.conf debian/usr.lib.ipsec.charon0000644000000000000000000000244012775300022013040 0ustar # ------------------------------------------------------------------ # # Copyright (C) 2013 Canonical Ltd. # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # Author: Jonathan Davies # # ------------------------------------------------------------------ #include /usr/lib/ipsec/charon { #include #include #include #include capability net_admin, capability net_raw, network, network raw, /bin/dash rmPUx, /etc/ipsec.conf r, /etc/ipsec.secrets r, /etc/ipsec.*.secrets r, /etc/ipsec.d/ r, /etc/ipsec.d/** r, /etc/strongswan.conf r, /etc/strongswan.d/ r, /etc/strongswan.d/** r, /etc/tnc_config r, /proc/sys/net/core/xfrm_acq_expires w, /run/charon.* rw, /usr/lib/ipsec/charon rmix, /usr/lib/ipsec/imcvs/ r, /usr/lib/ipsec/imcvs/** rm, # Site-specific additions and overrides. See local/README for details. #include } debian/strongswan-plugin-eap-mschapv2.install0000644000000000000000000000023612775300022016542 0ustar etc/strongswan.d/charon/eap-mschapv2.conf usr/lib/ipsec/plugins/libstrongswan-eap-mschapv2.so usr/share/strongswan/templates/config/plugins/eap-mschapv2.conf debian/strongswan-starter.ipsec.init0000644000000000000000000000675612775300022015060 0ustar #! /bin/sh ### BEGIN INIT INFO # Provides: ipsec # Required-Start: $network $remote_fs # Required-Stop: $network $remote_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Strongswan IPsec services ### END INIT INFO # Author: Rene Mayrhofer # PATH should only include /usr/* if it runs after the mountnfs.sh script PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC="strongswan IPsec services" NAME=ipsec STARTER=/usr/sbin/$NAME PIDFILE=/var/run/charon.pid CHARON=/usr/lib/ipsec/charon SCRIPTNAME=/etc/init.d/$NAME # Exit if the package is not installed [ -x "$STARTER" ] || exit 0 # Read configuration variable file if it is present [ -r /etc/default/$NAME ] && . /etc/default/$NAME # Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh # Define LSB log_* functions. # Depend on lsb-base (>= 3.0-6) to ensure that this file is present. . /lib/lsb/init-functions # Create lock dir mkdir -p /var/lock/subsys # # Function that starts the daemon/service # do_start() { # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started # test if charon is currently running if [ -e $CHARON ]; then start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $CHARON --test > /dev/null \ || return 1 fi $STARTER start || return 2 } # # Function that stops the daemon/service # do_stop() { # Return # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred # give the proper signal to stop $STARTER stop || return 2 RETVAL=0 # but kill if that didn't work if [ -e $PIDFILE ]; then start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 fi # Wait for children to finish too if this is a daemon that forks # and if the daemon is only ever run from this initscript. # If the above conditions are not satisfied then add some other code # that waits for the process to drop all resources that could be # needed by services started subsequently. A last resort is to # sleep for some time. if [ -e $CHARON ]; then start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $CHARON [ "$?" = 2 ] && return 2 fi # strongswan is known to leave PID files behind when something goes wrong, cleanup here rm -f $PIDFILE # and just to make sure they are really really dead at this point... killall -9 $CHARON 2>/dev/null return "$RETVAL" } do_reload() { $STARTER reload return 0 } case "$1" in start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" do_start case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; stop) [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" do_stop case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; status) $STARTER status || exit $? ;; reload|force-reload) log_daemon_msg "Reloading $DESC" "$NAME" do_reload log_end_msg $? ;; restart) log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in 0|1) do_start case "$?" in 0) log_end_msg 0 ;; 1) log_end_msg 1 ;; # Old process is still running *) log_end_msg 1 ;; # Failed to start esac ;; *) # Failed to stop log_end_msg 1 ;; esac ;; *) echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 exit 3 ;; esac : debian/README.Debian0000644000000000000000000001112612775300022011226 0ustar strongswan for Debian ---------------------- 1) General Remarks This package has been created from the openswan package, which was again created from the freeswan package, which was created from scratch with some ideas from the freeswan 1.3 package by Tommi Virtanen and the freeswan 1.5 package by Aaron Johnson merged in. The differences between the strongSwan and the Openswan packages are documented at http://www.strongswan.org/ . 2) Kernel Support Note: This package can make use of the in-kernel IPSec stack, which is available in the stock Debian kernel images (>=2.4.24 and 2.6.x). If you want to use the strongswan utilities, you will need the appropriate kernel modules. The Debian default kernel native IPSec stack (which is included in Linux 2.6 kernels and has been backported to Debian's 2.4 kernels) can be used out-of-the-box with strongswan pluto, the key management daemon. This native Linux IPSec stack is of high quality, has all of the features of the latest Debian freeswan and openswan packages (i.e. support for other ciphers like AES and NAT Traversal support) and is well integrated into the kernel networking subsystem (which is not true for the freeswan kernel modules). This is the recommended kernel support for strongswan. If you do not want to use the in-kernel IPSec stack of newer 2.6 kernels or are building a custom 2.4 kernel, then the KLIPS kernel part can be used. strongswan no longer ships this part, but is instead focussing on the newer native IPSec stack. However, strongswan is interoperable with the KLIPS part shipped with openswan, both for 2.4 and 2.6 series kernels. Please install either the linux-patch-openswan or the openswan-modules-source packages and follow their respective README.Debian files when you want to use KLIPS. 3) Getting Started For connecting two Debian boxes using this strongswan package, the simplest connection block on each side would look something like this: On host A, use conn to_hostb left=%defaultroute right=hostb.example.com leftcert=hosta.pem rightcert=hostb.pem keyexchange=ikev2 type=transport auto=add On host B, use conn to_hosta left=%defaultroute right=hosta.example.com leftcert=hostb.pem rightcert=hosta.pem keyexchange=ikev2 type=transport auto=add This assumes that the respective hostnames hosta.example.com and hostb.example.com can be resolved and that the internal hostnames are hosta and hostb (and thus installing the strongswan package created the certificates hosta.pem and hostb.pem, respectively). Then the certificates (and not the private keys!) need to be exchanged between the hosts, e.g. with scp /etc/ipsec.d/certs/hosta.pem hostb.example.com:/etc/ipsec.d/certs/ scp hostb.example.com:/etc/ipsec.d/certs/hostb.com /etc/ipsec.d/certs/ from host A. The IPSec transport connection (that is, no subnets behind these hosts that should be tunneled) can be started from either side using "ipsec up to_hostb" (e.g. from host A). Note that this example explicitly uses IKEv2 due to its nicer error messages. A more complicated example is to connect a "roadwarrior" (e.g. laptop) to an internal network wbile it is behind another NAT. On the gateway side, i.e. for the internal network the roadwarrior should connect to, the configuration block could look something like this: conn roadwwarrior left=%defaultroute leftcert=gatewayCert.pem rightcert=laptopCert.pem rightrsasigkey=%cert leftrsasigkey=%cert auto=add leftsubnet=10.0.0.0/24 rightsubnetwithin=0.0.0.0/0 right=%any compress=yes type=tunnel dpddelay=30 dpdtimeout=120 dpdaction=clear On the laptop side, you could use something along the lines: conn %default rightrsasigkey=%cert leftrsasigkey=%cert authby=rsasig leftcert=laptopCert.pem leftsendcert=always leftsubnet= dpddelay=30 dpdtimeout=120 dpdaction=clear esp=aes128-sha1 ike=aes128-sha1-modp2048 conn esys left=%defaultroute right=gateway.example.com rightsubnet=10.0.0.0/24 rightcert=gatewayCert.pem auto=add Then load these new configuration blocks on both sides using "ipsec reload" and, on the laptop, start the tunnel with "ipsec up mynetwork". These configuration blocks assume host names "gateway" and "laptop" and an inner subnet of 10.0.0.0/24. -- Rene Mayrhofer , Sun, Jul 09 12:31:00 2006 debian/strongswan-plugin-xauth-eap.install0000644000000000000000000000022512775300022016146 0ustar etc/strongswan.d/charon/xauth-eap.conf usr/lib/ipsec/plugins/libstrongswan-xauth-eap.so usr/share/strongswan/templates/config/plugins/xauth-eap.conf debian/strongswan-plugin-sql.install0000644000000000000000000000020312775300022015045 0ustar etc/strongswan.d/charon/sql.conf usr/lib/ipsec/plugins/libstrongswan-sql.so usr/share/strongswan/templates/config/plugins/sql.conf debian/strongswan-tnc-server.install0000644000000000000000000000077312775300022015056 0ustar etc/strongswan.d/attest.conf etc/strongswan.d/pacman.conf etc/strongswan.d/charon/tnc-imv.conf usr/lib/ipsec/attest usr/lib/ipsec/pacman usr/lib/ipsec/imv_policy_manager usr/lib/ipsec/_imv_policy usr/lib/ipsec/plugins/libstrongswan-tnc-imv.so usr/lib/ipsec/imcvs/imv-*.so usr/share/strongswan/templates/database/imv/*.sql usr/share/strongswan/templates/config/plugins/tnc-imv.conf usr/share/strongswan/templates/config/strongswan.d/attest.conf usr/share/strongswan/templates/config/strongswan.d/pacman.conf debian/strongswan-plugin-eap-aka.install0000644000000000000000000000021712775300022015552 0ustar etc/strongswan.d/charon/eap-aka.conf usr/lib/ipsec/plugins/libstrongswan-eap-aka.so usr/share/strongswan/templates/config/plugins/eap-aka.conf debian/strongswan-plugin-openssl.install0000644000000000000000000000021712775300022015736 0ustar etc/strongswan.d/charon/openssl.conf usr/lib/ipsec/plugins/libstrongswan-openssl.so usr/share/strongswan/templates/config/plugins/openssl.conf debian/rules0000755000000000000000000001411612775300022010247 0ustar #!/usr/bin/make -f export DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed -Wl,-O1 #export DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed -Wl,-O1 -Wl,-z,defs export DEB_BUILD_MAINT_OPTIONS=hardening=+all export DEB_BUILD_OPTIONS=nostrip export TESTS_REDUCED_KEYLENGTHS=1 CONFIGUREARGS := --disable-static \ --libdir=/usr/lib \ --libexecdir=/usr/lib \ --with-tss=trousers \ --enable-addrblock \ --enable-af-alg \ --enable-agent \ --enable-attr-sql \ --enable-ccm \ --enable-certexpire \ --enable-cmd \ --enable-coupling \ --enable-ctr \ --enable-curl \ --enable-dhcp \ --enable-dnscert \ --enable-duplicheck \ --enable-eap-aka \ --enable-eap-aka-3gpp2 \ --enable-eap-dynamic \ --enable-eap-gtc \ --enable-eap-identity \ --enable-eap-md5 \ --enable-eap-mschapv2 \ --enable-eap-peap \ --enable-eap-radius \ --enable-eap-sim \ --enable-eap-sim-file \ --enable-eap-sim-pcsc \ --enable-eap-simaka-pseudonym \ --enable-eap-simaka-reauth \ --enable-eap-simaka-sql \ --enable-eap-tls \ --enable-eap-tnc \ --enable-eap-ttls \ --enable-error-notify \ --enable-farp \ --enable-gcm \ --enable-gcrypt \ --enable-imc-attestation \ --enable-imc-os \ --enable-imc-scanner \ --enable-imc-swid \ --enable-imc-test \ --enable-imv-attestation \ --enable-imv-os \ --enable-imv-scanner \ --enable-imv-swid \ --enable-imv-test \ --enable-integrity-test \ --enable-ipseckey \ --enable-kernel-libipsec \ --enable-ldap \ --enable-led \ --enable-load-tester \ --enable-lookip \ --enable-md4 \ --enable-mysql \ --enable-ntru \ --enable-openssl \ --enable-pkcs11 \ --enable-radattr \ --enable-soup \ --enable-sql \ --enable-sqlite \ --enable-systime-fix \ --enable-test-vectors \ --enable-tnccs-11 \ --enable-tnccs-20 \ --enable-tnccs-dynamic \ --enable-tnc-ifmap \ --enable-tnc-imc \ --enable-tnc-imv \ --enable-tnc-pdp \ --enable-unbound \ --enable-unit-tests \ --enable-unity \ --enable-whitelist \ --enable-xauth-eap \ --enable-xauth-generic \ --enable-xauth-noauth \ --enable-xauth-pam \ --disable-blowfish \ --disable-des # BSD-Young license # the padlock plugin only makes sense on i386 # RdRand only makes sense on i386 and amd64 DEB_BUILD_ARCH_CPU ?=$(shell dpkg-architecture -qDEB_BUILD_ARCH_CPU) ifeq ($(DEB_BUILD_ARCH_CPU),i386) CONFIGUREARGS += --enable-padlock --enable-rdrand endif ifeq ($(DEB_BUILD_ARCH_CPU),amd64) CONFIGUREARGS += --enable-rdrand endif ifeq ($(DEB_BUILD_ARCH_OS),linux) # only enable network-manager and capabilities dropping on linux hosts # some plugins are linux-only too CONFIGUREARGS += --enable-nm \ --with-capabilities=libcap endif ifeq ($(DEB_BUILD_ARCH_OS),kfreebsd) # recommended configure line for FreeBSD # http://wiki.strongswan.org/projects/strongswan/wiki/FreeBSD CONFIGUREARGS += --disable-kernel-netlink \ --enable-kernel-pfkey --enable-kernel-pfroute \ --with-group=wheel endif override_dh_auto_configure: dh_auto_configure -- $(CONFIGUREARGS) override_dh_auto_clean: dh_auto_clean # after a make clean, no binaries _should_ be left, but .... -find $(CURDIR) -name "*.o" | xargs --no-run-if-empty rm # Really clean (#356716) # This is a hack: should be better implemented rm -f lib/libstrongswan/libstrongswan.a || true rm -f lib/libstrongswan/liboswlog.a || true # just in case something went wrong rm -f $(CURDIR)/debian/ipsec.secrets # and make sure that template are up-to-date debconf-updatepo override_dh_install: # first special cases ifeq ($(DEB_BUILD_ARCH_OS),linux) # handle Linux-only plugins dh_install -p libstrongswan usr/lib/ipsec/plugins/libstrongswan-kernel-netlink.so endif ifeq ($(DEB_BUILD_ARCH_OS),kfreebsd) # handle FreeBSD-only plugins dh_install -p libstrongswan usr/lib/ipsec/plugins/libstrongswan-kernel-pfkey.so dh_install -p libstrongswan usr/lib/ipsec/plugins/libstrongswan-kernel-pfroute.so endif ifeq ($(DEB_BUILD_ARCH_CPU),i386) # special handling for padlock, as it is only built on i386 dh_install -p libstrongswan usr/lib/ipsec/plugins/libstrongswan-padlock.so dh_install -p libstrongswan etc/strongswan.d/charon/padlock.conf dh_install -p libstrongswan usr/share/strongswan/templates/config/plugins/padlock.conf endif ifeq ($(DEB_BUILD_ARCH_CPU),amd64) dh_install -p libstrongswan usr/lib/ipsec/plugins/libstrongswan-rdrand.so dh_install -p libstrongswan etc/strongswan.d/charon/rdrand.conf dh_install -p libstrongswan usr/share/strongswan/templates/config/plugins/rdrand.conf endif # then install the rest, ignoring the above dh_install --fail-missing \ -X\.la -X\.a \ -Xman3 \ -Xlibstrongswan-kernel \ -Xlibstrongswan-padlock.so \ -Xpadlock.conf \ -Xlibstrongswan-rdrand.so \ -Xrdrand.conf # AppArmor. dh_apparmor --profile-name=usr.lib.ipsec.charon -p strongswan-ike dh_apparmor --profile-name=usr.lib.ipsec.lookip -p strongswan-plugin-lookip dh_apparmor --profile-name=usr.lib.ipsec.stroke -p strongswan-starter # add additional files not covered by upstream makefile... install --mode=0600 $(CURDIR)/debian/ipsec.secrets.proto $(CURDIR)/debian/strongswan-starter/etc/ipsec.secrets # set permissions on ipsec.secrets chmod 600 $(CURDIR)/debian/strongswan-starter/etc/ipsec.secrets chmod 700 -R $(CURDIR)/debian/strongswan-starter/etc/ipsec.d/private/ chmod 700 -R $(CURDIR)/debian/strongswan-starter/var/lib/strongswan/ # this is handled by update-rc.d rm -rf $(CURDIR)/debian/strongswan-starter/etc/rc?.d # delete var/lock/subsys and var/run to satisfy lintian rm -rf $(CURDIR)/debian/openswan/var/lock rm -rf $(CURDIR)/debian/openswan/var/run # more lintian cleanups find $(CURDIR)/debian/*strongswan*/ -name ".cvsignore" | xargs --no-run-if-empty rm -f find $(CURDIR)/debian/*strongswan*/ -name "/.svn/" | xargs --no-run-if-empty rm -rf override_dh_installinit: dh_installinit -n --name=strongswan override_dh_installchangelogs: dh_installchangelogs NEWS override_dh_strip: dh_strip --dbg-package=strongswan-dbg override_dh_fixperms: dh_fixperms -X etc/ipsec.secrets -X etc/ipsec.d -X var/lib/strongswan override_dh_makeshlibs: dh_makeshlibs -n -X usr/lib/ipsec/plugins override_dh_installlogcheck: dh_installlogcheck --name strongswan %: dh $@ --parallel --with autoreconf debian/strongswan-plugin-coupling.install0000644000000000000000000000022212775300022016067 0ustar etc/strongswan.d/charon/coupling.conf usr/lib/ipsec/plugins/libstrongswan-coupling.so usr/share/strongswan/templates/config/plugins/coupling.conf debian/strongswan-plugin-eap-sim.install0000644000000000000000000000021712775300022015606 0ustar etc/strongswan.d/charon/eap-sim.conf usr/lib/ipsec/plugins/libstrongswan-eap-sim.so usr/share/strongswan/templates/config/plugins/eap-sim.conf debian/ipsec.secrets.proto0000644000000000000000000000050212775300022013020 0ustar # This file holds shared secrets or RSA private keys for authentication. # RSA private key for this host, authenticating it to any other host # which knows the public part. Suitable public keys, for ipsec.conf, DNS, # or configuration of other implementations, can be extracted conveniently # with "ipsec showhostkey". debian/strongswan-tnc-pdp.install0000644000000000000000000000021712775300022014324 0ustar etc/strongswan.d/charon/tnc-pdp.conf usr/lib/ipsec/plugins/libstrongswan-tnc-pdp.so usr/share/strongswan/templates/config/plugins/tnc-pdp.conf debian/strongswan-plugin-load-tester.install0000644000000000000000000000026512775300022016501 0ustar etc/strongswan.d/charon/load-tester.conf usr/lib/ipsec/load-tester usr/lib/ipsec/plugins/libstrongswan-load-tester.so usr/share/strongswan/templates/config/plugins/load-tester.conf debian/strongswan-starter.dirs0000644000000000000000000000021712775300022013736 0ustar /etc /etc/ipsec.d /etc/ipsec.d/cacerts /etc/ipsec.d/ocspcerts /etc/ipsec.d/crls /etc/ipsec.d/private /etc/ipsec.d/policies /var/lib/strongswan debian/control0000644000000000000000000011306513252466643010612 0ustar Source: strongswan Section: net Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: strongSwan Maintainers Uploaders: Rene Mayrhofer , Yves-Alexis Perez Standards-Version: 3.9.5 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-swan/strongswan.git;a=summary Vcs-Git: git://anonscm.debian.org/pkg-swan/strongswan.git Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.16.1), dh-apparmor, libtool, libgmp3-dev, libssl-dev (>= 0.9.8), libldns-dev, libunbound-dev, libcurl4-openssl-dev | libcurl3-dev | libcurl2-dev, libsoup2.4-dev, libpcsclite-dev, libldap2-dev, libpam0g-dev, libkrb5-dev, bison, flex, bzip2, po-debconf, hardening-wrapper, libtspi-dev, libxml2-dev, libsqlite3-dev, libmysqlclient-dev, network-manager-dev (>= 0.7) [linux-any], libnm-glib-vpn-dev (>= 0.7) [linux-any], libnm-util-dev (>= 0.7) [linux-any], gperf, libcap-dev [linux-any], dh-autoreconf Homepage: http://www.strongswan.org Package: strongswan Architecture: all Depends: ${misc:Depends}, strongswan-ike Suggests: network-manager-strongswan Description: IPsec VPN solution metapackage The strongSwan VPN suite is based on the IPsec stack in standard Linux kernels. It supports both the IKEv1 and IKEv2 protocols. . This metapackage installs the packages required to maintain IKEv1 and IKEv2 connections via ipsec.conf or ipsec.secrets. Package: libstrongswan Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, openssl Conflicts: strongswan (<< 4.2.12-1) Breaks: strongswan-ikev2 (<< 4.6.4) Replaces: strongswan-ikev2 (<< 4.6.4) Suggests: strongswan-tnc-imcvs Description: strongSwan utility and crypto library StrongSwan is an IPsec-based VPN solution for the Linux kernel. It uses the native IPsec stack and runs on any recent 2.6 kernel (no patching required). It supports both IKEv1 and the newer IKEv2 protocols. . This package provides the underlying library of charon and other strongSwan components. It is built in a modular way and is extendable through various plugins. Package: strongswan-dbg Architecture: any Section: debug Priority: extra Depends: ${misc:Depends}, strongswan, libstrongswan Description: strongSwan library and binaries - debugging symbols The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the symbols needed for debugging of strongswan. Package: strongswan-starter Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), strongswan-ike, adduser Conflicts: strongswan (<< 4.2.12-1), openswan Description: strongSwan daemon starter and configuration file parser strongSwan is an IPsec-based VPN solution for Linux and other Unixes. It uses the native IPsec stack and runs on any recent kernel (no patching required). It supports both IKEv1 and the newer IKEv2 protocols. . The starter and the associated "ipsec" script control the charon daemon from the command line. It parses ipsec.conf and loads the configurations to the daemon. Package: strongswan-ike Architecture: any Pre-Depends: debconf | debconf-2.0 Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), strongswan-starter | strongswan-nm, strongswan-plugin-openssl | strongswan-plugin-gcrypt | strongswan-plugin-gmp, bsdmainutils, debianutils (>=1.7), host, iproute2 | iproute [linux-any] Suggests: strongswan-plugin-agent, strongswan-plugin-certexpire, strongswan-plugin-coupling, strongswan-plugin-curl, strongswan-plugin-dnscert, strongswan-plugin-dnskey, strongswan-plugin-duplicheck, strongswan-plugin-error-notify, strongswan-plugin-ipseckey, strongswan-plugin-ldap, strongswan-plugin-led, strongswan-plugin-lookip, strongswan-plugin-ntru, strongswan-plugin-pkcs11, strongswan-plugin-radattr, strongswan-plugin-sql, strongswan-plugin-soup, strongswan-plugin-unity, strongswan-plugin-whitelist, strongswan-tnc-client, strongswan-tnc-server Provides: ike-server Conflicts: freeswan (<< 2.04-12), openswan, strongswan (<< 4.2.12-1) Replaces: strongswan-ikev1, strongswan-ikev2 Description: strongSwan Internet Key Exchange (v2) daemon The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . Charon is an IPsec IKEv2 daemon. It is written from scratch using a fully multi-threaded design and a modular architecture. Various plugins provide additional functionality. Package: strongswan-nm Architecture: linux-any Depends: ${shlibs:Depends}, ${misc:Depends}, strongswan-ike Recommends: network-manager-strongswan Description: strongSwan charon for interaction with NetworkManager The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This plugin provides special charon deamon which interfaces with NetworkManager to configure and control the IKEv2 daemon directly through D-Bus. It is designed to work in conjunction with the network-manager-strongswan package, providing a simple graphical frontend to configure IPsec based VPNs. Package: strongswan-plugin-af-alg Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for AF_ALG Linux crypto API interface The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the AF_ALG Linux crypto API interface plugin for strongSwan. It provides ciphers/hashers/hmac/xcbc. Package: strongswan-plugin-agent Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), openssh-client Replaces: strongswan-ike (<< 5.1.1-0ubuntu1) Breaks: strongswan-ike (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for accessing private keys via ssh-agent The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for accessing to private keys via ssh-agent. Package: strongswan-plugin-attr-sql Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), strongswan-plugin-sqlite | strongswan-plugin-mysql Replaces: libstrongswan (<< 5.1.1-0ubuntu1) Breaks: libstrongswan (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for providing IKE attributes from databases The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for providing IKE attributes read from a database to peers. Package: strongswan-plugin-certexpire Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for exporting expiration dates of certificates The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the plugin for exporting expiration dates of used certificates for strongSwan. Package: strongswan-plugin-coupling Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for permanent peer certificate coupling The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the permanent peer certificate coupling plugin for strongSwan. Package: strongswan-plugin-curl Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for the libcurl based HTTP/FTP fetcher The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the libcurl based HTTP/FTP fetcher plugin for strongSwan. Package: strongswan-plugin-dhcp Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Replaces: libstrongswan (<< 5.1.1-0ubuntu1) Breaks: libstrongswan (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for forwarding DHCP request to a server The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for allowing the forwarding of DHCP requests for virtual IP addresses to a DHCP server. Package: strongswan-plugin-dnscert Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), strongswan-plugin-unbound (= ${binary:Version}) Description: strongSwan plugin for authentication via CERT RRs The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for authentication via CERT RRs protected by DNSSEC. Package: strongswan-plugin-dnskey Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for parsing RFC 4034 public keys The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the plugin for parsing RFC 4034 public keys for strongSwan. Package: strongswan-plugin-duplicheck Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for duplicheck functionality The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for the duplicheck functionality. . The duplicheck plugin provides an advanced but very specialized peer identity duplicate checking. It works independent from the ipsec.conf uniqueids feature. . More information may be found at: http://wiki.strongswan.org/projects/strongswan/wiki/Duplicheck Package: strongswan-plugin-eap-aka Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Replaces: strongswan-ike (<< 5.1.1-0ubuntu1) Breaks: strongswan-ike (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for generic EAP-AKA protocol handling The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for generic EAP-AKA protocol handling using different backends. Package: strongswan-plugin-eap-aka-3gpp2 Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), strongswan-plugin-eap-aka (= ${binary:Version}) Description: strongSwan plugin for the 3GPP2-based EAP-AKA backend The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for the EAP-AKA backend implementing the standard 3GPP2 algorithm in software. Package: strongswan-plugin-eap-dynamic Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for dynamic EAP method selection The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for EAP proxying that dynamically selects an EAP method requested/supported by the client. Package: strongswan-plugin-eap-gtc Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), strongswan-plugin-xauth-eap | strongswan-plugin-xauth-generic | strongswan-plugin-xauth-pam Replaces: strongswan-ike (<< 5.1.1-0ubuntu1) Breaks: strongswan-ike (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for EAP-GTC protocol handler The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for EAP-GTC protocol handling while authenticating with XAuth backends. Package: strongswan-plugin-eap-md5 Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Replaces: strongswan-ike (<< 5.1.1-0ubuntu1) Breaks: strongswan-ike (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for EAP-MD5 protocol handler The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for EAP-MD5 protocol handling using passwords. Package: strongswan-plugin-eap-mschapv2 Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Replaces: strongswan-ike (<< 5.1.1-0ubuntu1) Breaks: strongswan-ike (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for EAP-MSCHAPv2 protocol handler The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for EAP-MSCHAPv2 protocol handling using passwords/NT hashes. Package: strongswan-plugin-eap-peap Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for EAP-PEAP protocol handler The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for EAP-PEAP protocol handling, which wraps other EAP methods securely. Package: strongswan-plugin-eap-radius Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Replaces: strongswan-ike (<< 5.1.1-0ubuntu1) Breaks: strongswan-ike (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for EAP interface to a RADIUS server The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for forwarding EAP conversations from an EAP server to a RADIUS server. Package: strongswan-plugin-eap-sim Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for generic EAP-SIM protocol handling The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for generic EAP-SIM protocol handling using different backends. Package: strongswan-plugin-eap-sim-file Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), strongswan-plugin-eap-sim (= ${binary:Version}) Description: strongSwan plugin for EAP-SIM credentials from files The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for the EAP-SIM backend for reading triplets from a file. Package: strongswan-plugin-eap-sim-pcsc Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), strongswan-plugin-eap-sim (= ${binary:Version}) Description: strongSwan plugin for EAP-SIM credentials on smartcards The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for the EAP-SIM backend based on a PC/SC smartcard reader. Package: strongswan-plugin-eap-simaka-pseudonym Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), strongswan-plugin-fips-prf (= ${binary:Version}) Description: strongSwan plugin for the EAP-SIM/AKA identity database The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for the EAP-SIM/AKA in-memory pseudonym identity database. Package: strongswan-plugin-eap-simaka-reauth Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), strongswan-plugin-fips-prf (= ${binary:Version}) Description: strongSwan plugin for the EAP-SIM/AKA reauthentication database The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for the EAP-SIM/AKA in-memory reauthentication identity database. Package: strongswan-plugin-eap-simaka-sql Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), strongswan-plugin-sql (= ${binary:Version}), strongswan-plugin-fips-prf (= ${binary:Version}) Description: strongSwan plugin for SQL-based EAP-SIM/AKA backend reading The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for the EAP-SIM/AKA backend reading triplets/quintuplets from a SQL database. Package: strongswan-plugin-eap-tls Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Replaces: strongswan-ike (<< 5.1.1-0ubuntu1) Breaks: strongswan-ike (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for the EAP-TLS protocol handler The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for EAP-TLS protocol handling, to authenticate with certificates in EAP. Package: strongswan-plugin-eap-tnc Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Replaces: strongswan-ike (<< 5.1.1-0ubuntu1) Breaks: strongswan-ike (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for the EAP-TNC protocol handler The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for EAP-TNC protocol handling, Trusted Network Connect in a TLS tunnel. Package: strongswan-plugin-eap-ttls Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Replaces: strongswan-ike (<< 5.1.1-0ubuntu1) Breaks: strongswan-ike (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for the EAP-TTLS protocol handler The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for EAP-TTLS protocol handling, which wraps other EAP methods securely. Package: strongswan-plugin-error-notify Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for error notifications The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the plugin for error notifications, via UNIX socket, for strongSwan. Package: strongswan-plugin-farp Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Replaces: libstrongswan (<< 5.1.1-0ubuntu1) Breaks: libstrongswan (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for faking ARP responses The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for faking ARP responses for requests to a virtual IP address assigned to a peer. Package: strongswan-plugin-fips-prf Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Replaces: libstrongswan (<< 5.1.1-0ubuntu1) Breaks: libstrongswan (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for PRF specified by FIPS The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for the special pseudo-random-function (PRF) specified by FIPS, used by EAP-SIM/AKA algorithms. Package: strongswan-plugin-gcrypt Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Replaces: libstrongswan (<< 5.1.1-0ubuntu1) Breaks: libstrongswan (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for gcrypt The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the crypto backend based on libgcrypt, which provides a RSA/DH/ciphers/hashers/rng plugin for strongSwan. Package: strongswan-plugin-gmp Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Replaces: libstrongswan (<< 5.1.1-0ubuntu1) Breaks: libstrongswan (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for libgmp based crypto The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the crypto backend based on libgmp, which provides a RSA/DH plugin for strongSwan. Package: strongswan-plugin-ipseckey Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), strongswan-plugin-unbound (= ${binary:Version}) Description: strongSwan plugin for authentication via IPSECKEY RRs The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for authentication via IPSECKEY RRs protected by DNSSEC. Package: strongswan-plugin-kernel-libipsec Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), Description: strongSwan plugin for a IPsec backend that entirely in userland The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin which provides an IPsec backend that works entirely in userland, using TUN devices and strongSwan's own IPsec implementation libipsec. This is useful for when there is no kernel support for IPsec. Package: strongswan-plugin-ldap Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for LDAP CRL fetching The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for fetching CRL from ldap:// URLs. Package: strongswan-plugin-led Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Replaces: libstrongswan (<< 5.1.1-0ubuntu1) Breaks: libstrongswan (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for LEDs blinking on IKE activity The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for letting the Linux LED subsystem blink LEDs on IKE activity. Package: strongswan-plugin-load-tester Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for load testing The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the load testing plugin for strongSwan. . WARNING: Never enable the load-testing plugin on production systems. It provides preconfigured credentials and allows an attacker to authenticate as any user. Package: strongswan-plugin-lookip Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for lookip interface The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin which provides an interface to query information about tunnels via the peer's virtual IP address. Package: strongswan-plugin-mysql Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for MySQL The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the MySQL database backend plugin for strongSwan. Package: strongswan-plugin-ntru Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for NTRU crypto The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the key exchange based on post-quantum computer NTRU encryption plugin for strongSwan. Package: strongswan-plugin-openssl Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Replaces: libstrongswan (<< 5.1.1-0ubuntu1) Breaks: libstrongswan (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for OpenSSL The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the crypto backend based on OpenSSL for strongSwan, providing RSA/ECDSA/DH/ECDH/ciphers/hashers/HMAC/X.509/CRL/RNG. Package: strongswan-plugin-pgp Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Replaces: libstrongswan (<< 5.1.1-0ubuntu1) Breaks: libstrongswan (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for PGP encoding/decoding routines The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for PGP encoding/decoding routines. Package: strongswan-plugin-pkcs11 Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Replaces: libstrongswan (<< 5.1.1-0ubuntu1) Breaks: libstrongswan (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for PKCS#11 smartcard backend The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the PKCS#11 smartcard backend for strongSwan. Package: strongswan-plugin-pubkey Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Replaces: libstrongswan (<< 5.1.1-0ubuntu1) Breaks: libstrongswan (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for raw public keys The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for handling raw public keys as trusted certificates. Package: strongswan-plugin-radattr Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for custom RADIUS attribute processing The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin to inject and process custom RADIUS attributes as IKEv2 client. Package: strongswan-plugin-sql Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), strongswan-plugin-sqlite | strongswan-plugin-mysql Description: strongSwan plugin for SQL configuration and credentials The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the SQL configuration and credentials engine plugin for strongSwan. Using either SQLite or MySQL. Package: strongswan-plugin-sqlite Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for SQLite The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the SQLite database backend plugin for strongSwan. Package: strongswan-plugin-soup Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for the libsoup based HTTP fetcher The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the libsoup based HTTP fetcher plugin for strongSwan. Package: strongswan-plugin-sshkey Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Replaces: libstrongswan (<< 5.1.1-0ubuntu1) Breaks: libstrongswan (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for SSH key decoding routines The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for SSH key decoding routines. Package: strongswan-plugin-systime-fix Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for system time fixing The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . The systime-fix plugin for strongSwan is designed for embedded systems that don't have a valid system time just after boot. It detects if the system time is incorrect and disables certificate lifetime validation during this period. This allows the device to establish tunnels, even if the system time is out of sync, and for example connect to an NTP server. . Once the system time gets corrected, the plugin can detect it and verify the lifetimes of all certificates used for active tunnels. If any certificate in the trust-chain is not valid for the given system time, the tunnel gets either closed or reestablished. Package: strongswan-plugin-unbound Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for DNSSEC-enabled resolver using libunbound The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the DNSSEC enabled resolver, using libunbound for strongSwan. Package: strongswan-plugin-unity Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for IKEv1 Cisco Unity Extensions The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the Unity plugin for strongSwan. It provides support for parts of the IKEv1 Cisco Unity Extensions. Package: strongswan-plugin-whitelist Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for peer-verification against a whitelist The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the plugin for checking authenticated identities against a whitelist for strongSwan. Package: strongswan-plugin-xauth-eap Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Replaces: libstrongswan (<< 5.1.1-0ubuntu1) Breaks: libstrongswan (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for XAuth backend using EAP methods The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for the XAuth backend that uses EAP methods to verify passwords. Package: strongswan-plugin-xauth-generic Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Replaces: libstrongswan (<< 5.1.1-0ubuntu1) Breaks: libstrongswan (<< 5.1.1-0ubuntu1) Description: strongSwan plugin for the generic XAuth backend The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for the generic XAuth backend that provides passwords from ipsec.secrets and other credential sets. Package: strongswan-plugin-xauth-noauth Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for the generic XAuth backend The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for the XAuth backend that does no authentication. Package: strongswan-plugin-xauth-pam Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for XAuth backend using PAM The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the strongSwan plugin for the XAuth backend that uses PAM modules to verify passwords. Package: strongswan-pt-tls-client Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), strongswan-tnc-client (= ${binary:Version}) Description: strongSwan TLS-based Posture Transport (PT) protocol client The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the TLS-based Posture Transport (PT) protocol client for strongSwan. The PT-TLS protocol carries the Network Endpoint Assessment (NEA) message exchange under the protection of a Transport Layer Security (TLS) secured tunnel. Package: strongswan-tnc-ifmap Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Description: strongSwan plugin for Trusted Network Connect's (TNC) IF-MAP client The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides Trusted Network Connect's (TNC) IF-MAP 2.0 client. Package: strongswan-tnc-base Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Suggests: strongswan-tnc-ifmap, strongswan-tnc-pdp Description: strongSwan Trusted Network Connect's (TNC) - base files The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the base files for strongSwan's Trusted Network Connect's (TNC) functionality. . strongSwan's IMC/IMV dynamic libraries can be used by any third party TNC client/server implementation possessing a standard IF-IMC/IMV interface. Package: strongswan-tnc-client Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), strongswan-tnc-base (= ${binary:Version}) Suggests: strongswan-pt-tls-client Description: strongSwan Trusted Network Connect's (TNC) - client files The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the client functionality for strongSwan's Trusted Network Connect's (TNC) features. . It includes the OS, scanner, test, SWID, and attestation IMCs. Package: strongswan-tnc-server Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), strongswan-tnc-base (= ${binary:Version}), strongswan-plugin-sqlite (= ${binary:Version}) Description: strongSwan Trusted Network Connect's (TNC) - server files The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the server functionality for strongSwan's Trusted Network Connect's (TNC) features. Package: strongswan-tnc-pdp Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), strongswan-tnc-server (= ${binary:Version}) Description: strongSwan plugin for Trusted Network Connect's (TNC) PDP The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides Trusted Network Connect's (TNC) Policy Decision Point (PDP) with RADIUS server interface. Package: strongswan-ikev1 Architecture: all Depends: ${misc:Depends}, strongswan-ike Section: oldlibs Priority: extra Description: strongswan IKEv1 daemon, transitional package The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package used to install the pluto daemon, implementing the IKEv1 protocol. It has been replaced by charon in the strongswan-ike package. Package: strongswan-ikev2 Architecture: all Depends: ${misc:Depends}, strongswan-ike Section: oldlibs Priority: extra Description: strongswan IKEv2 daemon, transitional package The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package used to install the charon daemon, implementing the IKEv2 protocol. It has been replaced the strongswan-ike package. debian/strongswan-pt-tls-client.install0000644000000000000000000000003412775300022015453 0ustar usr/lib/ipsec/pt-tls-client debian/watch0000644000000000000000000000014612775300022010216 0ustar version=3 opts=pgpsigurlmangle=s/$/.sig/ http://download.strongswan.org/strongswan-([\d.]+)\.tar\.bz2 debian/strongswan-plugin-eap-md5.install0000644000000000000000000000021712775300022015503 0ustar etc/strongswan.d/charon/eap-md5.conf usr/lib/ipsec/plugins/libstrongswan-eap-md5.so usr/share/strongswan/templates/config/plugins/eap-md5.conf debian/strongswan-plugin-ipseckey.install0000644000000000000000000000022212775300022016063 0ustar etc/strongswan.d/charon/ipseckey.conf usr/lib/ipsec/plugins/libstrongswan-ipseckey.so usr/share/strongswan/templates/config/plugins/ipseckey.conf debian/strongswan-plugin-sqlite.install0000644000000000000000000000030312775300022015550 0ustar etc/strongswan.d/charon/sqlite.conf usr/lib/ipsec/plugins/libstrongswan-sqlite.so usr/share/strongswan/templates/database/sql/sqlite.sql usr/share/strongswan/templates/config/plugins/sqlite.conf debian/strongswan-plugin-eap-radius.install0000644000000000000000000000023012775300022016300 0ustar etc/strongswan.d/charon/eap-radius.conf usr/lib/ipsec/plugins/libstrongswan-eap-radius.so usr/share/strongswan/templates/config/plugins/eap-radius.conf debian/strongswan-starter.postinst0000644000000000000000000001730312775300022014664 0ustar #! /bin/bash # postinst script for strongswan # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-deconfigure' `in-favour' # `removing' # # for details, see /usr/share/doc/packaging-manual/ # # quoting from the policy: # Any necessary prompting should almost always be confined to the # * `abort-deconfigure' `in-favour' # `removing' # # for details, see /usr/share/doc/packaging-manual/ # # quoting from the policy: # Any necessary prompting should almost always be confined to the # post-installation script, and should be protected with a conditional # so that unnecessary prompting doesn't happen if a package's # installation fails and the `postinst' is called with `abort-upgrade', # `abort-remove' or `abort-deconfigure'. SECRETS_FILE=/var/lib/strongswan/ipsec.secrets.inc Warn () { echo "$*" >&2 } Error () { Warn "Error: $*" } insert_private_key_filename() { if ! ( [ -e $SECRETS_INC_FILE ] && egrep -q ": RSA $1" $SECRETS_INC_FILE ); then echo ": RSA $1" >> $SECRETS_INC_FILE fi } make_x509_cert() { if [ $# -ne 12 ]; then echo "Error in creating X.509 certificate" exit 1 fi case $5 in false) certreq=$4.req selfsigned="" ;; true) certreq=$4 selfsigned="-x509" ;; *) echo "Error in creating X.509 certificate" exit 1 ;; esac echo -e "$6\n$7\n$8\n$9\n${10}\n${11}\n${12}\n\n\n" | \ /usr/bin/openssl req -new -outform PEM -out $certreq \ -newkey rsa:$1 -nodes -keyout $3 -keyform PEM \ -days $2 $selfsigned >/dev/null } setup_strongswan_user() { if ! getent passwd strongswan >/dev/null; then adduser --quiet --system --no-create-home --home /var/lib/strongswan --shell /usr/sbin/nologin strongswan fi } . /usr/share/debconf/confmodule case "$1" in configure) db_get strongswan/install_x509_certificate if [ "$RET" = "true" ]; then db_get strongswan/how_to_get_x509_certificate if [ "$RET" = "create" ]; then # extract the key from a (newly created) x509 certificate host=`hostname` newkeyfile="/etc/ipsec.d/private/${host}Key.pem" newcertfile="/etc/ipsec.d/certs/${host}Cert.pem" if [ -e $newcertfile -o -e $newkeyfile ]; then Error "$newcertfile or $newkeyfile already exists." Error "Please remove them first an then re-run dpkg-reconfigure to create a new keypair." else # create a new certificate db_get strongswan/rsa_key_length keylength=$RET db_get strongswan/x509_self_signed selfsigned=$RET db_get strongswan/x509_country_code countrycode=$RET if [ -z "$countrycode" ]; then countrycode="."; fi db_get strongswan/x509_state_name statename=$RET if [ -z "$statename" ]; then statename="."; fi db_get strongswan/x509_locality_name localityname=$RET if [ -z "$localityname" ]; then localityname="."; fi db_get strongswan/x509_organization_name orgname=$RET if [ -z "$orgname" ]; then orgname="."; fi db_get strongswan/x509_organizational_unit orgunit=$RET if [ -z "$orgunit" ]; then orgunit="."; fi db_get strongswan/x509_common_name commonname=$RET if [ -z "$commonname" ]; then commonname="."; fi db_get strongswan/x509_email_address email=$RET if [ -z "$email" ]; then email="."; fi make_x509_cert $keylength 1500 "$newkeyfile" "$newcertfile" "$selfsigned" "$countrycode" "$statename" "$localityname" "$orgname" "$orgunit" "$commonname" "$email" chmod 0600 "$newkeyfile" umask 077 insert_private_key_filename "$newkeyfile" echo "Successfully created x509 certificate." fi elif [ "$RET" = "import" ]; then # existing certificate - use it db_get strongswan/existing_x509_certificate_filename certfile=$RET db_get strongswan/existing_x509_key_filename keyfile=$RET db_get strongswan/existing_x509_rootca_filename cafile=$RET if [ ! "$certfile" ] || [ ! "$keyfile" ]; then Error "Either the certificate or the key filename is not specified." elif ! ( ( [ -f "$certfile" ] || [ -L "$certfile" ] ) && ( [ -f "$keyfile" ] || [ -L "$keyfile" ] ) && ( [ "$cafile" = "" ] || ( [ -f "$cafile" ] || [ -L "$cafile" ] ) ) ); then Error "Either the certificate or the key"${cafile:+ or the rootca}" file is not a regular file or symbolic link." elif [ ! "`grep 'BEGIN CERTIFICATE' $certfile`" ] || [ ! "`grep 'BEGIN RSA PRIVATE KEY' $keyfile`" ] || ( [ "$cafile" != "" ] && [ ! "`grep 'BEGIN CERTIFICATE' $cafile`" ] ); then Error "Either the certificate or the key"${cafile:+ or the rootca}" file is not a valid PEM type file." elif [ "$cafile" ] && ( [ "$certfile" = "$cafile" ] || [ "$keyfile" = "$cafile" ]); then Error "The certificate or the key file contains the rootca - unable to import automatically." elif [ "`grep 'BEGIN CERTIFICATE' $certfile | wc -l`" -gt 1 ]; then Error "The certificate file contains more than one certificate - unable to import automatically." elif [ "`grep 'ENCRYPTED' $keyfile`" ]; then Error "The key file contains an encrypted key - unable to import automatically." else newcertfile="/etc/ipsec.d/certs/$(basename "$certfile")" newkeyfile="/etc/ipsec.d/private/$(basename "$keyfile")" if [ "$cafile" ]; then newcafile="/etc/ipsec.d/private/$(basename "$cafile")" else newcafile="" fi if [ -e "$newcertfile" ] || [ -e "$newkeyfile" ] || ( [ "$newcafile" != "" ] && [ -e "$newcafile" ] ); then Error "$newcertfile or $newkeyfile"${newcafile:+ or $newcafile}" already exists." Error "Please remove them first and then re-run dpkg-reconfigure to extract an existing keypair"${newcafile:+ and a rootca}"." else openssl x509 -in $certfile -out $newcertfile 2>/dev/null umask 077 openssl rsa -passin pass:"" -in $keyfile -out $newkeyfile 2>/dev/null chmod 0600 "$newkeyfile" insert_private_key_filename "$newkeyfile" cp "$cafile" /etc/ipsec.d/cacerts echo "Successfully integrated existing x509 certificate." fi fi fi db_set strongswan/install_x509_certificate false fi # create user for strongswan to change its uid into setup_strongswan_user if [ -z "$2" ]; then # no old configured version - start strongswan now service strongswan start || true else # Remove old init.d scripts if necessary. if [ -f /etc/init.d/ipsec ]; then update-rc.d -f ipsec remove > /dev/null fi # does the user wish strongswan to restart? db_get strongswan/restart if [ "$RET" = "true" ]; then service strongswan restart || true # sure, we'll restart it for you fi fi db_stop ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument '$1'" >&2 exit 0 ;; esac # dh_installdeb will replace this with shell code automatically #DEBHELPER# exit 0 debian/strongswan-plugin-eap-sim-file.install0000644000000000000000000000023612775300022016524 0ustar etc/strongswan.d/charon/eap-sim-file.conf usr/lib/ipsec/plugins/libstrongswan-eap-sim-file.so usr/share/strongswan/templates/config/plugins/eap-sim-file.conf debian/strongswan-starter.install0000644000000000000000000000217212775300022014445 0ustar etc/strongswan.d/pool.conf etc/strongswan.d/starter.conf etc/strongswan.d/tools.conf etc/strongswan.d/charon/stroke.conf etc/strongswan.d/charon/updown.conf #starter usr/lib/ipsec/starter usr/lib/ipsec/_copyright usr/sbin/ipsec etc/ipsec.d etc/ipsec.conf usr/share/man/man8/ipsec.8 usr/share/man/man5/ipsec.conf.5 usr/share/man/man5/ipsec.secrets.5 usr/share/man/man5/strongswan.conf.5 usr/share/man/man1/* #updown usr/lib/ipsec/plugins/libstrongswan-updown.so usr/lib/ipsec/_updown usr/lib/ipsec/_updown_espmark usr/share/man/man8/_updown.8 usr/share/man/man8/_updown_espmark.8 #tools usr/bin/pki usr/lib/ipsec/scepclient usr/lib/ipsec/openac usr/lib/ipsec/pool usr/share/man/man8/scepclient.8 usr/share/man/man8/openac.8 #stroke usr/lib/ipsec/stroke usr/lib/ipsec/plugins/libstrongswan-stroke.so debian/usr.lib.ipsec.stroke /etc/apparmor.d/ usr/share/strongswan/templates/config/plugins/stroke.conf usr/share/strongswan/templates/config/plugins/updown.conf usr/share/strongswan/templates/config/strongswan.d/pool.conf usr/share/strongswan/templates/config/strongswan.d/starter.conf usr/share/strongswan/templates/config/strongswan.d/tools.conf debian/strongswan-plugin-eap-peap.install0000644000000000000000000000022212775300022015737 0ustar etc/strongswan.d/charon/eap-peap.conf usr/lib/ipsec/plugins/libstrongswan-eap-peap.so usr/share/strongswan/templates/config/plugins/eap-peap.conf debian/patches/0000755000000000000000000000000013352751043010620 5ustar debian/patches/01_fix-manpages.patch0000644000000000000000000000241112775300022014511 0ustar --- a/src/_updown/_updown.8 +++ b/src/_updown/_updown.8 @@ -1,6 +1,6 @@ .TH _UPDOWN 8 "27 Apr 2006" .SH NAME -ipsec _updown \- route and firewall manipulation script +ipsec_updown \- route and firewall manipulation script .SH SYNOPSIS .I _updown is invoked by pluto when it has brought up a new connection. This script --- a/src/_updown_espmark/_updown_espmark.8 +++ b/src/_updown_espmark/_updown_espmark.8 @@ -1,6 +1,6 @@ .TH _UPDOWN_ESPMARK 8 "7 Apr 2005" .SH NAME -ipsec _updown_espmark \- manages routes and firewall rules +ipsec_updown_espmark \- manages routes and firewall rules .SH SYNOPSIS .I _updown_espmark is invoked by pluto when it has brought up a new connection. This script --- a/src/openac/openac.8 +++ b/src/openac/openac.8 @@ -1,6 +1,6 @@ .TH IPSEC_OPENAC 8 "22 September 2007" .SH NAME -ipsec openac \- Generation of X.509 attribute certificates +ipsec_openac \- Generation of X.509 attribute certificates .SH SYNOPSIS .B ipsec .B openac --- a/src/scepclient/scepclient.8 +++ b/src/scepclient/scepclient.8 @@ -1,7 +1,7 @@ .\" .TH "IPSEC_SCEPCLIENT" "8" "2012-05-11" "strongSwan" "" .SH "NAME" -ipsec scepclient \- Client for the SCEP protocol +ipsec_scepclient \- Client for the SCEP protocol .SH "SYNOPSIS" .B ipsec scepclient [argument ...] .sp debian/patches/fix_reauth_crash.patch0000644000000000000000000000126612775300625015170 0ustar Description: auth-cfg: Fix crash after several reauthentications with multiple authentication rounds Author: Tobias Brunner Origin: upstream, https://git.strongswan.org/?p=strongswan.git;a=commit;h=8ca9a67f Bug-Ubuntu: https://launchpad.net/bugs/1629241 --- strongswan-5.1.2.orig/src/libstrongswan/credentials/auth_cfg.c +++ strongswan-5.1.2/src/libstrongswan/credentials/auth_cfg.c @@ -989,8 +989,8 @@ METHOD(auth_cfg_t, purge, void, { if (!keep_ca || entry->type != AUTH_RULE_CA_CERT) { - array_remove_at(this->entries, enumerator); destroy_entry_value(entry); + array_remove_at(this->entries, enumerator); } } enumerator->destroy(enumerator); debian/patches/series0000644000000000000000000000063213352751043012036 0ustar 01_fix-manpages.patch CVE-2014-2338.patch CVE-2014-9221.patch CVE-2015-4171.patch CVE-2015-8023.patch fix_reauth_crash.patch CVE-2017-9022.patch CVE-2017-9023.patch CVE-2017-11185.patch strongswan-5.0.1-5.3.0_gmp-pkcs1-verify.patch strongswan-5.0.1-5.4.0_skeyseed_init.patch strongswan-5.1.2-5.6.2_stroke_msg_len.patch chunk_equals_const.patch memeq_const.patch strongswan-4.4.0-5.7.0_gmp-pkcs1-overflow.patch debian/patches/memeq_const.patch0000644000000000000000000000363213350173331014153 0ustar Backport of: From b833963270fbffe3186f5c71c7584c2347a44038 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Sat, 11 Apr 2015 16:44:18 +0200 Subject: [PATCH] utils: Add a constant time memeq() variant for cryptographic purposes --- scripts/timeattack.c | 9 +++++- src/libstrongswan/tests/suites/test_utils.c | 47 +++++++++++++++++++++++++++++ src/libstrongswan/utils/utils.c | 19 ++++++++++++ src/libstrongswan/utils/utils.h | 5 +++ 4 files changed, 79 insertions(+), 1 deletion(-) Index: strongswan-5.1.2/src/libstrongswan/utils/utils.c =================================================================== --- strongswan-5.1.2.orig/src/libstrongswan/utils/utils.c 2018-09-18 14:59:22.208256000 +0200 +++ strongswan-5.1.2/src/libstrongswan/utils/utils.c 2018-09-18 14:59:22.208256000 +0200 @@ -101,6 +101,25 @@ void memwipe_noinline(void *ptr, size_t /** * Described in header. */ +bool memeq_const(const void *x, const void *y, size_t len) +{ + const u_char *a, *b; + u_int bad = 0; + size_t i; + + a = (const u_char*)x; + b = (const u_char*)y; + + for (i = 0; i < len; i++) + { + bad |= a[i] != b[i]; + } + return !bad; +} + +/** + * Described in header. + */ void *memstr(const void *haystack, const char *needle, size_t n) { const u_char *pos = haystack; Index: strongswan-5.1.2/src/libstrongswan/utils/utils.h =================================================================== --- strongswan-5.1.2.orig/src/libstrongswan/utils/utils.h 2018-09-18 14:59:22.208256000 +0200 +++ strongswan-5.1.2/src/libstrongswan/utils/utils.h 2018-09-18 14:59:58.832203998 +0200 @@ -138,6 +138,11 @@ static inline bool memeq(const void *x, } /** + * Same as memeq(), but with a constant runtime, safe for cryptographic use. + */ +bool memeq_const(const void *x, const void *y, size_t len); + +/** * Macro gives back larger of two values. */ #define max(x,y) ({ \ debian/patches/CVE-2014-9221.patch0000644000000000000000000001406312775300075013244 0ustar From a78ecdd47509626711a13481f53696e01d4b8c62 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 1 Dec 2014 17:21:59 +0100 Subject: [PATCH] crypto: Define MODP_CUSTOM outside of IKE DH range Before this fix it was possible to crash charon with an IKE_SA_INIT message containing a KE payload with DH group MODP_CUSTOM(1025). Defining MODP_CUSTOM outside of the two byte IKE DH identifier range prevents it from getting negotiated. Fixes CVE-2014-9221 in version 5.1.2 and newer. --- src/charon-tkm/src/tkm/tkm_diffie_hellman.c | 2 +- src/libstrongswan/crypto/diffie_hellman.c | 11 ++++++----- src/libstrongswan/crypto/diffie_hellman.h | 6 ++++-- src/libstrongswan/plugins/gcrypt/gcrypt_dh.c | 2 +- src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c | 2 +- src/libstrongswan/plugins/ntru/ntru_ke.c | 2 +- src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c | 2 +- src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c | 2 +- src/libstrongswan/plugins/pkcs11/pkcs11_dh.c | 2 +- 9 files changed, 17 insertions(+), 14 deletions(-) diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c index 67db5e6d87d6..836e0b7f088d 100644 --- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c +++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c @@ -41,7 +41,7 @@ struct private_tkm_diffie_hellman_t { /** * Diffie Hellman group number. */ - u_int16_t group; + diffie_hellman_group_t group; /** * Diffie Hellman public value. diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c index bada1c529951..ac106e9c4d45 100644 --- a/src/libstrongswan/crypto/diffie_hellman.c +++ b/src/libstrongswan/crypto/diffie_hellman.c @@ -42,15 +42,16 @@ ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, ECP_512_BP, ECP_521_BIT, "ECP_256_BP", "ECP_384_BP", "ECP_512_BP"); -ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_CUSTOM, ECP_512_BP, - "MODP_NULL", - "MODP_CUSTOM"); -ENUM_NEXT(diffie_hellman_group_names, NTRU_112_BIT, NTRU_256_BIT, MODP_CUSTOM, +ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_NULL, ECP_512_BP, + "MODP_NULL"); +ENUM_NEXT(diffie_hellman_group_names, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL, "NTRU_112", "NTRU_128", "NTRU_192", "NTRU_256"); -ENUM_END(diffie_hellman_group_names, NTRU_256_BIT); +ENUM_NEXT(diffie_hellman_group_names, MODP_CUSTOM, MODP_CUSTOM, NTRU_256_BIT, + "MODP_CUSTOM"); +ENUM_END(diffie_hellman_group_names, MODP_CUSTOM); /** diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h index 105db22f14d4..d5161d077bb2 100644 --- a/src/libstrongswan/crypto/diffie_hellman.h +++ b/src/libstrongswan/crypto/diffie_hellman.h @@ -63,12 +63,14 @@ enum diffie_hellman_group_t { /** insecure NULL diffie hellman group for testing, in PRIVATE USE */ MODP_NULL = 1024, /** MODP group with custom generator/prime */ - MODP_CUSTOM = 1025, /** Parameters defined by IEEE 1363.1, in PRIVATE USE */ NTRU_112_BIT = 1030, NTRU_128_BIT = 1031, NTRU_192_BIT = 1032, - NTRU_256_BIT = 1033 + NTRU_256_BIT = 1033, + /** internally used DH group with additional parameters g and p, outside + * of PRIVATE USE (i.e. IKEv2 DH group range) so it can't be negotiated */ + MODP_CUSTOM = 65536, }; /** diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c index f418b941db86..299865da2e09 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c @@ -35,7 +35,7 @@ struct private_gcrypt_dh_t { /** * Diffie Hellman group number */ - u_int16_t group; + diffie_hellman_group_t group; /* * Generator value diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c index b74d35169f44..9936f7e4518f 100644 --- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c +++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c @@ -42,7 +42,7 @@ struct private_gmp_diffie_hellman_t { /** * Diffie Hellman group number. */ - u_int16_t group; + diffie_hellman_group_t group; /* * Generator value. diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.c b/src/libstrongswan/plugins/ntru/ntru_ke.c index abaa22336221..e64f32b91d0e 100644 --- a/src/libstrongswan/plugins/ntru/ntru_ke.c +++ b/src/libstrongswan/plugins/ntru/ntru_ke.c @@ -77,7 +77,7 @@ struct private_ntru_ke_t { /** * Diffie Hellman group number. */ - u_int16_t group; + diffie_hellman_group_t group; /** * NTRU Parameter Set diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c index ff3382473666..1e68ac59b838 100644 --- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c @@ -38,7 +38,7 @@ struct private_openssl_diffie_hellman_t { /** * Diffie Hellman group number. */ - u_int16_t group; + diffie_hellman_group_t group; /** * Diffie Hellman object diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c index b487d59a59a3..50853d6f0bde 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c @@ -40,7 +40,7 @@ struct private_openssl_ec_diffie_hellman_t { /** * Diffie Hellman group number. */ - u_int16_t group; + diffie_hellman_group_t group; /** * EC private (public) key diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c index 36cc284bf2b5..23b63d2386af 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c @@ -47,7 +47,7 @@ struct private_pkcs11_dh_t { /** * Diffie Hellman group number. */ - u_int16_t group; + diffie_hellman_group_t group; /** * Handle for own private value -- 1.9.1 debian/patches/strongswan-5.0.1-5.4.0_skeyseed_init.patch0000644000000000000000000000304413350162106020061 0ustar From 9cf1f297f9860e92ca369b4431b611e831a10c7d Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Wed, 16 May 2018 15:50:16 +0200 Subject: [PATCH] ikev2: Initialize variable in case set_key() or allocate_bytes() fails In case the PRF's set_key() or allocate_bytes() method failed, skeyseed was not initialized and the chunk_clear() call later caused a crash. This could have happened with OpenSSL in FIPS mode when MD5 was negotiated (and test vectors were not checked, in which case the PRF couldn't be instantiated as the test vectors would have failed). MD5 is not included in the default proposal anymore since 5.6.1, so with recent versions this could only happen with configs that are not valid in FIPS mode anyway. Fixes: CVE-2018-10811 --- src/libcharon/sa/ikev2/keymat_v2.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c index 4d0683f0a09b..ed98ca1f8d2f 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.c +++ b/src/libcharon/sa/ikev2/keymat_v2.c @@ -259,8 +259,8 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id, pseudo_random_function_t rekey_function, chunk_t rekey_skd) { - chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed; - chunk_t spi_i, spi_r; + chunk_t skeyseed = chunk_empty, key, secret, full_nonce, fixed_nonce; + chunk_t prf_plus_seed, spi_i, spi_r; prf_plus_t *prf_plus = NULL; u_int16_t alg, key_size, int_alg; prf_t *rekey_prf = NULL; -- 2.7.4 debian/patches/CVE-2014-2338.patch0000644000000000000000000000254412775300022013237 0ustar From b980ba7757dcfedd756aa055b3271ea58cf85aa6 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 20 Feb 2014 16:08:43 +0100 Subject: [PATCH] ikev2: Reject CREATE_CHILD_SA exchange on unestablished IKE_SAs Prevents a responder peer to trick us into established state by starting IKE_SA rekeying before the IKE_SA has been authenticated during IKE_AUTH. Fixes CVE-2014-2338 for 5.x versions of strongSwan. --- src/libcharon/sa/ikev2/task_manager_v2.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c index ac3be90..a5252ab 100644 --- a/src/libcharon/sa/ikev2/task_manager_v2.c +++ b/src/libcharon/sa/ikev2/task_manager_v2.c @@ -778,6 +778,15 @@ static status_t process_request(private_task_manager_t *this, case CREATE_CHILD_SA: { /* FIXME: we should prevent this on mediation connections */ bool notify_found = FALSE, ts_found = FALSE; + + if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED || + this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING) + { + DBG1(DBG_IKE, "received CREATE_CHILD_SA request for " + "unestablished IKE_SA, rejected"); + return FAILED; + } + enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) { -- 1.8.1.2 debian/patches/strongswan-5.1.2-5.6.2_stroke_msg_len.patch0000644000000000000000000000171113350162125020243 0ustar From 0acd1ab4d08d53d80393b1a37b8781f6e7b2b996 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Tue, 13 Mar 2018 18:54:08 +0100 Subject: [PATCH] stroke: Ensure a minimum message length --- src/libcharon/plugins/stroke/stroke_socket.c | 5 +++++ 1 file changed, 5 insertions(+) Index: strongswan-5.1.2/src/libcharon/plugins/stroke/stroke_socket.c =================================================================== --- strongswan-5.1.2.orig/src/libcharon/plugins/stroke/stroke_socket.c 2018-09-18 13:41:06.873054147 +0200 +++ strongswan-5.1.2/src/libcharon/plugins/stroke/stroke_socket.c 2018-09-18 13:41:06.873054147 +0200 @@ -622,6 +622,11 @@ static bool on_accept(private_stroke_soc } return FALSE; } + if (len < offsetof(stroke_msg_t, buffer)) + { + DBG1(DBG_CFG, "invalid stroke message length %d", len); + return FALSE; + } /* read message (we need an additional byte to terminate the buffer) */ msg = malloc(len + 1); debian/patches/strongswan-5.0.1-5.3.0_gmp-pkcs1-verify.patch0000644000000000000000000002235113350140006020322 0ustar From ee63d05beb5633428efebb8a139d3f851ae72684 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Tue, 28 Aug 2018 11:26:24 +0200 Subject: [PATCH] gmp: Don't parse PKCS1 v1.5 RSA signatures to verify them Instead we generate the expected signature encoding and compare it to the decrypted value. Due to the lenient nature of the previous parsing code (minimum padding length was not enforced, the algorithmIdentifier/OID parser accepts arbitrary data after OIDs and in the parameters field etc.) it was susceptible to Daniel Bleichenbacher's low-exponent attack (from 2006!), which allowed forging signatures for keys that use low public exponents (i.e. e=3). Since the public exponent is usually set to 0x10001 (65537) since quite a while, the flaws in the previous code should not have had that much of a practical impact in recent years. Fixes: CVE-2018-16151, CVE-2018-16152 --- .../plugins/gmp/gmp_rsa_private_key.c | 66 +++++---- src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 157 ++------------------- 2 files changed, 53 insertions(+), 170 deletions(-) Index: strongswan-5.1.2/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c =================================================================== --- strongswan-5.1.2.orig/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c 2018-09-18 11:06:11.388342468 +0200 +++ strongswan-5.1.2/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c 2018-09-18 11:06:11.388342468 +0200 @@ -262,14 +262,15 @@ static chunk_t rsasp1(private_gmp_rsa_pr } /** - * Build a signature using the PKCS#1 EMSA scheme + * Hashes the data and builds the plaintext signature value with EMSA + * PKCS#1 v1.5 padding. + * + * Allocates the signature data. */ -static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, - hash_algorithm_t hash_algorithm, - chunk_t data, chunk_t *signature) +bool gmp_emsa_pkcs1_signature_data(hash_algorithm_t hash_algorithm, + chunk_t data, size_t keylen, chunk_t *em) { chunk_t digestInfo = chunk_empty; - chunk_t em; if (hash_algorithm != HASH_UNKNOWN) { @@ -293,43 +294,56 @@ static bool build_emsa_pkcs1_signature(p /* build DER-encoded digestInfo */ digestInfo = asn1_wrap(ASN1_SEQUENCE, "mm", asn1_algorithmIdentifier(hash_oid), - asn1_simple_object(ASN1_OCTET_STRING, hash) - ); - chunk_free(&hash); + asn1_wrap(ASN1_OCTET_STRING, "m", hash)); + data = digestInfo; } - if (data.len > this->k - 3) + if (data.len > keylen - 11) { - free(digestInfo.ptr); - DBG1(DBG_LIB, "unable to sign %d bytes using a %dbit key", data.len, - mpz_sizeinbase(this->n, 2)); + chunk_free(&digestInfo); + DBG1(DBG_LIB, "signature value of %zu bytes is too long for key of " + "%zu bytes", data.len, keylen); return FALSE; } - /* build chunk to rsa-decrypt: - * EM = 0x00 || 0x01 || PS || 0x00 || T. - * PS = 0xFF padding, with length to fill em + /* EM = 0x00 || 0x01 || PS || 0x00 || T. + * PS = 0xFF padding, with length to fill em (at least 8 bytes) * T = encoded_hash */ - em.len = this->k; - em.ptr = malloc(em.len); + *em = chunk_alloc(keylen); /* fill em with padding */ - memset(em.ptr, 0xFF, em.len); + memset(em->ptr, 0xFF, em->len); /* set magic bytes */ - *(em.ptr) = 0x00; - *(em.ptr+1) = 0x01; - *(em.ptr + em.len - data.len - 1) = 0x00; - /* set DER-encoded hash */ - memcpy(em.ptr + em.len - data.len, data.ptr, data.len); + *(em->ptr) = 0x00; + *(em->ptr+1) = 0x01; + *(em->ptr + em->len - data.len - 1) = 0x00; + /* set encoded hash */ + memcpy(em->ptr + em->len - data.len, data.ptr, data.len); + + chunk_clear(&digestInfo); + return TRUE; +} + +/** + * Build a signature using the PKCS#1 EMSA scheme + */ +static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, + hash_algorithm_t hash_algorithm, + chunk_t data, chunk_t *signature) +{ + chunk_t em; + + if (!gmp_emsa_pkcs1_signature_data(hash_algorithm, data, this->k, &em)) + { + return FALSE; + } /* build signature */ *signature = rsasp1(this, em); - free(digestInfo.ptr); - free(em.ptr); - + chunk_free(&em); return TRUE; } Index: strongswan-5.1.2/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c =================================================================== --- strongswan-5.1.2.orig/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c 2018-09-18 11:06:11.388342468 +0200 +++ strongswan-5.1.2/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c 2018-09-18 11:06:11.388342468 +0200 @@ -68,7 +68,9 @@ struct private_gmp_rsa_public_key_t { /** * Shared functions defined in gmp_rsa_private_key.c */ -extern chunk_t gmp_mpz_to_chunk(const mpz_t value); +chunk_t gmp_mpz_to_chunk(const mpz_t value); +bool gmp_emsa_pkcs1_signature_data(hash_algorithm_t hash_algorithm, + chunk_t data, size_t keylen, chunk_t *em); /** * RSAEP algorithm specified in PKCS#1. @@ -113,26 +115,13 @@ static chunk_t rsavp1(private_gmp_rsa_pu } /** - * ASN.1 definition of digestInfo - */ -static const asn1Object_t digestInfoObjects[] = { - { 0, "digestInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */ - { 1, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 1 */ - { 1, "digest", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define DIGEST_INFO 0 -#define DIGEST_INFO_ALGORITHM 1 -#define DIGEST_INFO_DIGEST 2 - -/** - * Verification of an EMPSA PKCS1 signature described in PKCS#1 + * Verification of an EMSA PKCS1 signature described in PKCS#1 */ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, hash_algorithm_t algorithm, chunk_t data, chunk_t signature) { - chunk_t em_ori, em; + chunk_t em_expected, em; bool success = FALSE; /* remove any preceding 0-bytes from signature */ @@ -146,140 +135,20 @@ static bool verify_emsa_pkcs1_signature( return FALSE; } - /* unpack signature */ - em_ori = em = rsavp1(this, signature); - - /* result should look like this: - * EM = 0x00 || 0x01 || PS || 0x00 || T. - * PS = 0xFF padding, with length to fill em - * T = oid || hash - */ - - /* check magic bytes */ - if (em.len < 2 || *(em.ptr) != 0x00 || *(em.ptr+1) != 0x01) + /* generate expected signature value */ + if (!gmp_emsa_pkcs1_signature_data(algorithm, data, this->k, &em_expected)) { - goto end; + return FALSE; } em = chunk_skip(em, 2); - /* find magic 0x00 */ - while (em.len > 0) - { - if (*em.ptr == 0x00) - { - /* found magic byte, stop */ - em = chunk_skip(em, 1); - break; - } - else if (*em.ptr != 0xFF) - { - /* bad padding, decryption failed ?!*/ - goto end; - } - em = chunk_skip(em, 1); - } - - if (em.len == 0) - { - /* no digestInfo found */ - goto end; - } + /* unpack signature */ + em = rsavp1(this, signature); - if (algorithm == HASH_UNKNOWN) - { /* IKEv1 signatures without digestInfo */ - if (em.len != data.len) - { - DBG1(DBG_LIB, "hash size in signature is %u bytes instead of" - " %u bytes", em.len, data.len); - goto end; - } - success = memeq(em.ptr, data.ptr, data.len); - } - else - { /* IKEv2 and X.509 certificate signatures */ - asn1_parser_t *parser; - chunk_t object; - int objectID; - hash_algorithm_t hash_algorithm = HASH_UNKNOWN; - - DBG2(DBG_LIB, "signature verification:"); - parser = asn1_parser_create(digestInfoObjects, em); - - while (parser->iterate(parser, &objectID, &object)) - { - switch (objectID) - { - case DIGEST_INFO: - { - if (em.len > object.len) - { - DBG1(DBG_LIB, "digestInfo field in signature is" - " followed by %u surplus bytes", - em.len - object.len); - goto end_parser; - } - break; - } - case DIGEST_INFO_ALGORITHM: - { - int hash_oid = asn1_parse_algorithmIdentifier(object, - parser->get_level(parser)+1, NULL); - - hash_algorithm = hasher_algorithm_from_oid(hash_oid); - if (hash_algorithm == HASH_UNKNOWN || hash_algorithm != algorithm) - { - DBG1(DBG_LIB, "expected hash algorithm %N, but found" - " %N (OID: %#B)", hash_algorithm_names, algorithm, - hash_algorithm_names, hash_algorithm, &object); - goto end_parser; - } - break; - } - case DIGEST_INFO_DIGEST: - { - chunk_t hash; - hasher_t *hasher; - - hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm); - if (hasher == NULL) - { - DBG1(DBG_LIB, "hash algorithm %N not supported", - hash_algorithm_names, hash_algorithm); - goto end_parser; - } - - if (object.len != hasher->get_hash_size(hasher)) - { - DBG1(DBG_LIB, "hash size in signature is %u bytes" - " instead of %u bytes", object.len, - hasher->get_hash_size(hasher)); - hasher->destroy(hasher); - goto end_parser; - } - - /* build our own hash and compare */ - if (!hasher->allocate_hash(hasher, data, &hash)) - { - hasher->destroy(hasher); - goto end_parser; - } - hasher->destroy(hasher); - success = memeq(object.ptr, hash.ptr, hash.len); - free(hash.ptr); - break; - } - default: - break; - } - } - -end_parser: - success &= parser->success(parser); - parser->destroy(parser); - } + success = chunk_equals_const(em_expected, em); -end: - free(em_ori.ptr); + chunk_free(&em_expected); + chunk_free(&em); return success; } debian/patches/CVE-2015-8023.patch0000644000000000000000000000203212775300075013235 0ustar From 91762f11e223e33b82182150d7c4cf7c2ec3cefa Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Thu, 29 Oct 2015 11:18:27 +0100 Subject: [PATCH] eap-mschapv2: Only succeed authentication if MSK was established An MSK is only established if the client successfully authenticated itself and only then must we accept an MSCHAPV2_SUCCESS message. Fixes CVE-2015-8023 --- src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) Index: strongswan-5.1.2/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c =================================================================== --- strongswan-5.1.2.orig/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c 2015-11-11 07:57:22.132300446 -0500 +++ strongswan-5.1.2/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c 2015-11-11 07:57:22.132300446 -0500 @@ -1141,7 +1141,11 @@ } case MSCHAPV2_SUCCESS: { - return SUCCESS; + if (this->msk.ptr) + { + return SUCCESS; + } + break; } case MSCHAPV2_FAILURE: { debian/patches/strongswan-4.4.0-5.7.0_gmp-pkcs1-overflow.patch0000644000000000000000000000313613352751043020702 0ustar From 129ab919a8c3abfc17bea776f0774e0ccf33ca09 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Tue, 25 Sep 2018 14:50:08 +0200 Subject: [PATCH] gmp: Fix buffer overflow with very small RSA keys Because `keylen` is unsigned the subtraction results in an integer underflow if the key length is < 11 bytes. This is only a problem when verifying signatures with a public key (for private keys the plugin enforces a minimum modulus length) and to do so we usually only use trusted keys. However, the x509 plugin actually calls issued_by() on a parsed certificate to check if it is self-signed, which is the reason this issue was found by OSS-Fuzz in the first place. So, unfortunately, this can be triggered by sending an invalid client cert to a peer. Fixes: 5955db5b124a ("gmp: Don't parse PKCS1 v1.5 RSA signatures to verify them") Fixes: CVE-2018-17540 --- src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: strongswan-5.3.5/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c =================================================================== --- strongswan-5.3.5.orig/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c 2018-09-26 14:37:58.780418655 -0400 +++ strongswan-5.3.5/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c 2018-09-26 14:37:58.780418655 -0400 @@ -299,7 +299,7 @@ bool gmp_emsa_pkcs1_signature_data(hash_ data = digestInfo; } - if (data.len > keylen - 11) + if (keylen < 11 || data.len > keylen - 11) { chunk_free(&digestInfo); DBG1(DBG_LIB, "signature value of %zu bytes is too long for key of " debian/patches/CVE-2015-4171.patch0000644000000000000000000000566312775300075013252 0ustar From ca1a65cc6aef2e037b529574783b7c571d1d82a9 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 3 Jun 2015 10:52:34 +0200 Subject: [PATCH] ikev2: Enforce remote authentication config before proceeding with own authentication Previously the constraints in the authentication configuration of an initiator were enforced only after all authentication rounds were complete. This posed a problem if an initiator used EAP or PSK authentication while the responder was authenticated with a certificate and if a rogue server was able to authenticate itself with a valid certificate issued by any CA the initiator trusted. Because any constraints for the responder's identity (rightid) or other aspects of the authentication (e.g. rightca) the initiator had were not enforced until the initiator itself finished its authentication such a rogue responder was able to acquire usernames and password hashes from the client. And if a client supported EAP-GTC it was even possible to trick it into sending plaintext passwords. This patch enforces the configured constraints right after the responder's authentication successfully finished for each round and before the initiator starts with its own authentication. Fixes CVE-2015-4171. --- src/libcharon/sa/ikev2/tasks/ike_auth.c | 44 +++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c index bf747a49edde..2554496c1916 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_auth.c +++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c @@ -112,6 +112,11 @@ struct private_ike_auth_t { * received an INITIAL_CONTACT? */ bool initial_contact; + + /** + * Is EAP acceptable, did we strictly authenticate peer? + */ + bool eap_acceptable; }; /** @@ -879,6 +884,37 @@ static void send_auth_failed_informational(private_ike_auth_t *this, message->destroy(message); } +/** + * Check if strict constraint fullfillment required to continue current auth + */ +static bool require_strict(private_ike_auth_t *this, bool mutual_eap) +{ + auth_cfg_t *cfg; + + if (this->eap_acceptable) + { + return FALSE; + } + + cfg = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE); + switch ((uintptr_t)cfg->get(cfg, AUTH_RULE_AUTH_CLASS)) + { + case AUTH_CLASS_EAP: + if (mutual_eap && this->my_auth) + { + this->eap_acceptable = TRUE; + return !this->my_auth->is_mutual(this->my_auth); + } + return TRUE; + case AUTH_CLASS_PSK: + return TRUE; + case AUTH_CLASS_PUBKEY: + case AUTH_CLASS_ANY: + default: + return FALSE; + } +} + METHOD(task_t, process_i, status_t, private_ike_auth_t *this, message_t *message) { @@ -1014,6 +1050,14 @@ METHOD(task_t, process_i, status_t, } } + if (require_strict(this, mutual_eap)) + { + if (!update_cfg_candidates(this, TRUE)) + { + goto peer_auth_failed; + } + } + if (this->my_auth) { switch (this->my_auth->process(this->my_auth, message)) -- 1.9.1 debian/patches/CVE-2017-9023.patch0000644000000000000000000003744713111354470013253 0ustar From e3d4fe2be3bda0d9acc985a6cd67efe249d8326c Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Fri, 5 May 2017 09:01:08 +0200 Subject: [PATCH] asn1-parser: Fix CHOICE parsing Also fixes the application in the x509 plugin and the parsing of nameConstraints, which doesn't require a loop. Fixes: CVE-2017-9023 --- src/libstrongswan/asn1/asn1_parser.c | 70 +++++++++++++++--- src/libstrongswan/asn1/asn1_parser.h | 27 +++---- src/libstrongswan/plugins/x509/x509_cert.c | 115 +++++++++++++++-------------- 3 files changed, 135 insertions(+), 77 deletions(-) Index: strongswan-5.1.2/src/libstrongswan/asn1/asn1_parser.c =================================================================== --- strongswan-5.1.2.orig/src/libstrongswan/asn1/asn1_parser.c 2017-05-24 15:04:21.689019315 -0400 +++ strongswan-5.1.2/src/libstrongswan/asn1/asn1_parser.c 2017-05-24 15:04:21.641018667 -0400 @@ -1,8 +1,7 @@ /* * Copyright (C) 2006 Martin Will - * Copyright (C) 2000-2008 Andreas Steffen - * - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2000-2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -76,12 +75,18 @@ struct private_asn1_parser_t { * Current parsing pointer for each level */ chunk_t blobs[ASN1_MAX_LEVEL + 2]; + + /** + * Parsing a CHOICE on the current level ? + */ + bool choice[ASN1_MAX_LEVEL + 2]; + }; METHOD(asn1_parser_t, iterate, bool, private_asn1_parser_t *this, int *objectID, chunk_t *object) { - chunk_t *blob, *blob1; + chunk_t *blob, *blob1, blob_ori; u_char *start_ptr; u_int level; asn1Object_t obj; @@ -97,7 +102,7 @@ METHOD(asn1_parser_t, iterate, bool, return FALSE; } - if (obj.flags & ASN1_END) /* end of loop or option found */ + if (obj.flags & ASN1_END) /* end of loop or choice or option found */ { if (this->loopAddr[obj.level] && this->blobs[obj.level+1].len > 0) { @@ -106,13 +111,42 @@ METHOD(asn1_parser_t, iterate, bool, } else { - this->loopAddr[obj.level] = 0; /* exit loop or option*/ + this->loopAddr[obj.level] = 0; /* exit loop */ + + if (obj.flags & ASN1_CHOICE) /* end of choices */ + { + if (this->choice[obj.level+1]) + { + DBG1(DBG_ASN, "L%d - %s: incorrect choice encoding", + this->level0 + obj.level, obj.name); + this->success = FALSE; + goto end; + } + } + + if (obj.flags & ASN1_CH) /* end of choice */ + { + /* parsed a valid choice */ + this->choice[obj.level] = FALSE; + + /* advance to end of choices */ + do + { + this->line++; + } + while (!((this->objects[this->line].flags & ASN1_END) && + (this->objects[this->line].flags & ASN1_CHOICE) && + (this->objects[this->line].level == obj.level-1))); + this->line--; + } + goto end; } } level = this->level0 + obj.level; blob = this->blobs + obj.level; + blob_ori = *blob; blob1 = blob + 1; start_ptr = blob->ptr; @@ -129,7 +163,6 @@ METHOD(asn1_parser_t, iterate, bool, } /* handle ASN.1 options */ - if ((obj.flags & ASN1_OPT) && (blob->len == 0 || *start_ptr != obj.type)) { @@ -144,7 +177,6 @@ METHOD(asn1_parser_t, iterate, bool, } /* an ASN.1 object must possess at least a tag and length field */ - if (blob->len < 2) { DBG1(DBG_ASN, "L%d - %s: ASN.1 object smaller than 2 octets", @@ -167,8 +199,16 @@ METHOD(asn1_parser_t, iterate, bool, blob->ptr += blob1->len; blob->len -= blob1->len; - /* return raw ASN.1 object without prior type checking */ + /* handle ASN.1 choice without explicit context encoding */ + if ((obj.flags & ASN1_CHOICE) && obj.type == ASN1_EOC) + { + DBG2(DBG_ASN, "L%d - %s:", level, obj.name); + this->choice[obj.level+1] = TRUE; + *blob1 = blob_ori; + goto end; + } + /* return raw ASN.1 object without prior type checking */ if (obj.flags & ASN1_RAW) { DBG2(DBG_ASN, "L%d - %s:", level, obj.name); @@ -209,6 +249,18 @@ METHOD(asn1_parser_t, iterate, bool, } } + /* In case of a "CHOICE" start to scan for exactly one valid choice */ + if (obj.flags & ASN1_CHOICE) + { + if (blob1->len == 0) + { + DBG1(DBG_ASN, "L%d - %s: contains no choice", level, obj.name); + this->success = FALSE; + goto end; + } + this->choice[obj.level+1] = TRUE; + } + if (obj.flags & ASN1_OBJ) { object->ptr = start_ptr; Index: strongswan-5.1.2/src/libstrongswan/asn1/asn1_parser.h =================================================================== --- strongswan-5.1.2.orig/src/libstrongswan/asn1/asn1_parser.h 2017-05-24 15:04:21.689019315 -0400 +++ strongswan-5.1.2/src/libstrongswan/asn1/asn1_parser.h 2017-05-24 15:04:21.657018883 -0400 @@ -1,8 +1,7 @@ /* * Copyright (C) 2006 Martin Will - * Copyright (C) 2000-2008 Andreas Steffen - * - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2000-2017 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -32,15 +31,17 @@ /** * Definition of ASN.1 flags */ -#define ASN1_NONE 0x00 -#define ASN1_DEF 0x01 -#define ASN1_OPT 0x02 -#define ASN1_LOOP 0x04 -#define ASN1_END 0x08 -#define ASN1_OBJ 0x10 -#define ASN1_BODY 0x20 -#define ASN1_RAW 0x40 -#define ASN1_EXIT 0x80 +#define ASN1_NONE 0x0000 +#define ASN1_DEF 0x0001 +#define ASN1_OPT 0x0002 +#define ASN1_LOOP 0x0004 +#define ASN1_CHOICE 0x0008 +#define ASN1_CH 0x0010 +#define ASN1_END 0x0020 +#define ASN1_OBJ 0x0040 +#define ASN1_BODY 0x0080 +#define ASN1_RAW 0x0100 +#define ASN1_EXIT 0x0200 typedef struct asn1Object_t asn1Object_t; @@ -51,7 +52,7 @@ struct asn1Object_t{ u_int level; const u_char *name; asn1_t type; - u_char flags; + uint16_t flags; }; typedef struct asn1_parser_t asn1_parser_t; Index: strongswan-5.1.2/src/libstrongswan/plugins/x509/x509_cert.c =================================================================== --- strongswan-5.1.2.orig/src/libstrongswan/plugins/x509/x509_cert.c 2017-05-24 15:04:21.689019315 -0400 +++ strongswan-5.1.2/src/libstrongswan/plugins/x509/x509_cert.c 2017-05-24 15:04:21.677019152 -0400 @@ -2,10 +2,10 @@ * Copyright (C) 2000 Andreas Hess, Patric Lichtsteiner, Roger Wegmann * Copyright (C) 2001 Marco Bertossa, Andreas Schleiss * Copyright (C) 2002 Mario Strasser - * Copyright (C) 2000-2006 Andreas Steffen + * Copyright (C) 2000-2017 Andreas Steffen * Copyright (C) 2006-2009 Martin Willi * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -770,20 +770,20 @@ static void parse_extendedKeyUsage(chunk * ASN.1 definition of crlDistributionPoints */ static const asn1Object_t crlDistributionPointsObjects[] = { - { 0, "crlDistributionPoints", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ - { 1, "DistributionPoint", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ - { 2, "distributionPoint", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_LOOP }, /* 2 */ - { 3, "fullName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_OBJ }, /* 3 */ - { 3, "end choice", ASN1_EOC, ASN1_END }, /* 4 */ - { 3, "nameRelToCRLIssuer",ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 5 */ - { 3, "end choice", ASN1_EOC, ASN1_END }, /* 6 */ - { 2, "end opt", ASN1_EOC, ASN1_END }, /* 7 */ - { 2, "reasons", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 8 */ - { 2, "end opt", ASN1_EOC, ASN1_END }, /* 9 */ - { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_OBJ }, /* 10 */ - { 2, "end opt", ASN1_EOC, ASN1_END }, /* 11 */ - { 0, "end loop", ASN1_EOC, ASN1_END }, /* 12 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } + { 0, "crlDistributionPoints", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ + { 1, "DistributionPoint", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ + { 2, "distributionPoint", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_CHOICE }, /* 2 */ + { 3, "fullName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_OBJ }, /* 3 */ + { 3, "end choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 4 */ + { 3, "nameRelToCRLIssuer",ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 5 */ + { 3, "end choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 6 */ + { 2, "end opt/choices", ASN1_EOC, ASN1_END|ASN1_CHOICE }, /* 7 */ + { 2, "reasons", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 8 */ + { 2, "end opt", ASN1_EOC, ASN1_END }, /* 9 */ + { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_OBJ }, /* 10 */ + { 2, "end opt", ASN1_EOC, ASN1_END }, /* 11 */ + { 0, "end loop", ASN1_EOC, ASN1_END }, /* 12 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define CRL_DIST_POINTS 1 #define CRL_DIST_POINTS_FULLNAME 3 @@ -881,14 +881,13 @@ void x509_parse_crlDistributionPoints(ch * ASN.1 definition of nameConstraints */ static const asn1Object_t nameConstraintsObjects[] = { - { 0, "nameConstraints", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ + { 0, "nameConstraints", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ { 1, "permittedSubtrees", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_LOOP }, /* 1 */ { 2, "generalSubtree", ASN1_SEQUENCE, ASN1_BODY }, /* 2 */ { 1, "end loop", ASN1_EOC, ASN1_END }, /* 3 */ { 1, "excludedSubtrees", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_LOOP }, /* 4 */ { 2, "generalSubtree", ASN1_SEQUENCE, ASN1_BODY }, /* 5 */ { 1, "end loop", ASN1_EOC, ASN1_END }, /* 6 */ - { 0, "end loop", ASN1_EOC, ASN1_END }, /* 7 */ { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define NAME_CONSTRAINT_PERMITTED 2 @@ -937,25 +936,27 @@ static void parse_nameConstraints(chunk_ * ASN.1 definition of a certificatePolicies extension */ static const asn1Object_t certificatePoliciesObject[] = { - { 0, "certificatePolicies", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ - { 1, "policyInformation", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ - { 2, "policyId", ASN1_OID, ASN1_BODY }, /* 2 */ - { 2, "qualifiers", ASN1_SEQUENCE, ASN1_OPT|ASN1_LOOP }, /* 3 */ - { 3, "qualifierInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 4 */ - { 4, "qualifierId", ASN1_OID, ASN1_BODY }, /* 5 */ - { 4, "cPSuri", ASN1_IA5STRING, ASN1_OPT|ASN1_BODY }, /* 6 */ - { 4, "end choice", ASN1_EOC, ASN1_END }, /* 7 */ - { 4, "userNotice", ASN1_SEQUENCE, ASN1_OPT|ASN1_BODY }, /* 8 */ - { 5, "explicitText", ASN1_EOC, ASN1_RAW }, /* 9 */ - { 4, "end choice", ASN1_EOC, ASN1_END }, /* 10 */ - { 2, "end opt/loop", ASN1_EOC, ASN1_END }, /* 12 */ - { 0, "end loop", ASN1_EOC, ASN1_END }, /* 13 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } + { 0, "certificatePolicies", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ + { 1, "policyInformation", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ + { 2, "policyId", ASN1_OID, ASN1_BODY }, /* 2 */ + { 2, "qualifiers", ASN1_SEQUENCE, ASN1_OPT|ASN1_LOOP }, /* 3 */ + { 3, "qualifierInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 4 */ + { 4, "qualifierId", ASN1_OID, ASN1_BODY }, /* 5 */ + { 4, "qualifier", ASN1_EOC, ASN1_CHOICE }, /* 6 */ + { 5, "cPSuri", ASN1_IA5STRING, ASN1_OPT|ASN1_BODY }, /* 7 */ + { 5, "end choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 8 */ + { 5, "userNotice", ASN1_SEQUENCE, ASN1_OPT|ASN1_BODY }, /* 9 */ + { 6, "explicitText", ASN1_EOC, ASN1_RAW }, /* 10 */ + { 5, "end choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 11 */ + { 4, "end choices", ASN1_EOC, ASN1_END|ASN1_CHOICE }, /* 12 */ + { 2, "end opt/loop", ASN1_EOC, ASN1_END }, /* 13 */ + { 0, "end loop", ASN1_EOC, ASN1_END }, /* 14 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; -#define CERT_POLICY_ID 2 -#define CERT_POLICY_QUALIFIER_ID 5 -#define CERT_POLICY_CPS_URI 6 -#define CERT_POLICY_EXPLICIT_TEXT 9 +#define CERT_POLICY_ID 2 +#define CERT_POLICY_QUALIFIER_ID 5 +#define CERT_POLICY_CPS_URI 7 +#define CERT_POLICY_EXPLICIT_TEXT 10 /** * Parse certificatePolicies @@ -1108,27 +1109,31 @@ static void parse_policyConstraints(chun * ASN.1 definition of ipAddrBlocks according to RFC 3779 */ static const asn1Object_t ipAddrBlocksObjects[] = { - { 0, "ipAddrBlocks", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ - { 1, "ipAddressFamily", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ - { 2, "addressFamily", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */ - { 2, "inherit", ASN1_NULL, ASN1_OPT|ASN1_NONE }, /* 3 */ - { 2, "end choice", ASN1_EOC, ASN1_END }, /* 4 */ - { 2, "addressesOrRanges", ASN1_SEQUENCE, ASN1_OPT|ASN1_LOOP }, /* 5 */ - { 3, "addressPrefix", ASN1_BIT_STRING, ASN1_OPT|ASN1_BODY }, /* 6 */ - { 3, "end choice", ASN1_EOC, ASN1_END }, /* 7 */ - { 3, "addressRange", ASN1_SEQUENCE, ASN1_OPT|ASN1_NONE }, /* 8 */ - { 4, "min", ASN1_BIT_STRING, ASN1_BODY }, /* 9 */ - { 4, "max", ASN1_BIT_STRING, ASN1_BODY }, /* 10 */ - { 3, "end choice", ASN1_EOC, ASN1_END }, /* 11 */ - { 2, "end opt/loop", ASN1_EOC, ASN1_END }, /* 12 */ - { 0, "end loop", ASN1_EOC, ASN1_END }, /* 13 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } + { 0, "ipAddrBlocks", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ + { 1, "ipAddressFamily", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ + { 2, "addressFamily", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */ + { 2, "ipAddressChoice", ASN1_EOC, ASN1_CHOICE }, /* 3 */ + { 3, "inherit", ASN1_NULL, ASN1_OPT }, /* 4 */ + { 3, "end choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 5 */ + { 3, "addressesOrRanges", ASN1_SEQUENCE, ASN1_OPT|ASN1_LOOP }, /* 6 */ + { 4, "addressOrRange", ASN1_EOC, ASN1_CHOICE }, /* 7 */ + { 5, "addressPrefix", ASN1_BIT_STRING, ASN1_OPT|ASN1_BODY }, /* 8 */ + { 5, "end choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 9 */ + { 5, "addressRange", ASN1_SEQUENCE, ASN1_OPT }, /* 10 */ + { 6, "min", ASN1_BIT_STRING, ASN1_BODY }, /* 11 */ + { 6, "max", ASN1_BIT_STRING, ASN1_BODY }, /* 12 */ + { 5, "end choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 13 */ + { 4, "end choices", ASN1_EOC, ASN1_END|ASN1_CHOICE }, /* 14 */ + { 3, "end loop/choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 15 */ + { 2, "end choices", ASN1_EOC, ASN1_END|ASN1_CHOICE }, /* 16 */ + { 0, "end loop", ASN1_EOC, ASN1_END }, /* 17 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define IP_ADDR_BLOCKS_FAMILY 2 -#define IP_ADDR_BLOCKS_INHERIT 3 -#define IP_ADDR_BLOCKS_PREFIX 6 -#define IP_ADDR_BLOCKS_MIN 9 -#define IP_ADDR_BLOCKS_MAX 10 +#define IP_ADDR_BLOCKS_INHERIT 4 +#define IP_ADDR_BLOCKS_PREFIX 8 +#define IP_ADDR_BLOCKS_MIN 11 +#define IP_ADDR_BLOCKS_MAX 12 static bool check_address_object(ts_type_t ts_type, chunk_t object) { debian/patches/CVE-2017-9022.patch0000644000000000000000000000250513111354420013230 0ustar From 1bf67b900fb4955a0b09f3c1cbe1ce7177adbe2f Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Wed, 29 Mar 2017 11:26:24 +0200 Subject: [PATCH] gmp: Make sure the modulus is odd and the exponent not zero Unlike mpz_powm() its secure replacement mpz_powm_sec() has the additional requirement that the exponent must be > 0 and the modulus has to be odd. Otherwise, it will crash with a floating-point exception. Fixes: CVE-2017-9022 --- src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) Index: strongswan-5.1.2/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c =================================================================== --- strongswan-5.1.2.orig/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c 2017-05-24 15:03:41.868482258 -0400 +++ strongswan-5.1.2/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c 2017-05-24 15:03:41.864482204 -0400 @@ -467,7 +467,7 @@ gmp_rsa_public_key_t *gmp_rsa_public_key } break; } - if (!e.ptr || !n.ptr) + if (!e.len || !n.len || (n.ptr[n.len-1] & 0x01) == 0) { return NULL; } @@ -498,6 +498,11 @@ gmp_rsa_public_key_t *gmp_rsa_public_key this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE; + if (!mpz_sgn(this->e)) + { + destroy(this); + return NULL; + } return &this->public; } debian/patches/CVE-2017-11185.patch0000644000000000000000000000304113144631531013316 0ustar From ed282e9a463c068146c945984fdea7828e663861 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 29 May 2017 11:59:34 +0200 Subject: [PATCH] gmp: Fix RSA signature verification for m >= n By definition, m must be <= n-1, we didn't enforce that and because mpz_export() returns NULL if the passed value is zero a crash could have been triggered with m == n. Fixes CVE-2017-11185. --- src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index 32a72ac9600b..a741f85d4f62 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -78,11 +78,17 @@ static chunk_t rsaep(private_gmp_rsa_public_key_t *this, chunk_t data) mpz_t m, c; chunk_t encrypted; - mpz_init(c); mpz_init(m); - mpz_import(m, data.len, 1, 1, 1, 0, data.ptr); + if (mpz_cmp_ui(m, 0) <= 0 || mpz_cmp(m, this->n) >= 0) + { /* m must be <= n-1, but 0 is a valid value, doesn't really make sense + * here, though */ + mpz_clear(m); + return chunk_empty; + } + + mpz_init(c); mpz_powm(c, m, this->e, this->n); encrypted.len = this->k; @@ -150,7 +156,7 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, */ /* check magic bytes */ - if (*(em.ptr) != 0x00 || *(em.ptr+1) != 0x01) + if (em.len < 2 || *(em.ptr) != 0x00 || *(em.ptr+1) != 0x01) { goto end; } -- 2.7.4 debian/patches/chunk_equals_const.patch0000644000000000000000000000264113350171204015525 0ustar Backport of: From 9d6e952201a1292087dc42b16a3055a99dbee7ba Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Sat, 11 Apr 2015 15:55:26 +0200 Subject: [PATCH] utils: Add a constant time chunk_equals() variant for cryptographic purposes --- scripts/timeattack.c | 48 ++++++++++++++++++++++++++++- src/libstrongswan/tests/suites/test_chunk.c | 27 ++++++++++++++++ src/libstrongswan/utils/chunk.h | 13 ++++++++ 3 files changed, 87 insertions(+), 1 deletion(-) Index: strongswan-5.1.2/src/libstrongswan/utils/chunk.h =================================================================== --- strongswan-5.1.2.orig/src/libstrongswan/utils/chunk.h 2018-09-18 14:41:37.842951047 +0200 +++ strongswan-5.1.2/src/libstrongswan/utils/chunk.h 2018-09-18 14:41:37.842951047 +0200 @@ -308,6 +308,19 @@ static inline bool chunk_equals(chunk_t } /** + * Compare two chunks for equality, constant time for cryptographic purposes. + * + * Note that this function is constant time only for chunks with the same + * length, i.e. it does not protect against guessing the length of one of the + * chunks. + */ +static inline bool chunk_equals_const(chunk_t a, chunk_t b) +{ + return a.ptr != NULL && b.ptr != NULL && + a.len == b.len && memeq_const(a.ptr, b.ptr, a.len); +} + +/** * Compare two chunks (given as pointers) for equality (useful as callback), * NULL chunks are never equal. */ debian/strongswan-plugin-farp.install0000644000000000000000000000020612775300022015201 0ustar etc/strongswan.d/charon/farp.conf usr/lib/ipsec/plugins/libstrongswan-farp.so usr/share/strongswan/templates/config/plugins/farp.conf debian/libstrongswan.install0000644000000000000000000001007212775300022013450 0ustar etc/strongswan.d/charon/addrblock.conf etc/strongswan.d/charon/aes.conf etc/strongswan.d/charon/attr.conf etc/strongswan.d/charon/cmac.conf etc/strongswan.d/charon/ccm.conf etc/strongswan.d/charon/constraints.conf etc/strongswan.d/charon/ctr.conf etc/strongswan.d/charon/eap-identity.conf etc/strongswan.d/charon/gcm.conf etc/strongswan.d/charon/hmac.conf etc/strongswan.d/charon/kernel-netlink.conf etc/strongswan.d/charon/md4.conf etc/strongswan.d/charon/md5.conf etc/strongswan.d/charon/nonce.conf etc/strongswan.d/charon/pem.conf etc/strongswan.d/charon/pkcs1.conf etc/strongswan.d/charon/pkcs7.conf etc/strongswan.d/charon/pkcs8.conf etc/strongswan.d/charon/pkcs12.conf etc/strongswan.d/charon/random.conf etc/strongswan.d/charon/rc2.conf etc/strongswan.d/charon/resolve.conf etc/strongswan.d/charon/revocation.conf etc/strongswan.d/charon/sha1.conf etc/strongswan.d/charon/sha2.conf etc/strongswan.d/charon/test-vectors.conf etc/strongswan.d/charon/x509.conf etc/strongswan.d/charon/xcbc.conf usr/lib/ipsec/libstrongswan.so* usr/lib/ipsec/libhydra.so* usr/lib/ipsec/libchecksum.so* usr/lib/ipsec/libsimaka.so* usr/lib/ipsec/libradius.so* usr/lib/ipsec/libtls.so* usr/lib/ipsec/libpttls.so* usr/lib/ipsec/plugins/libstrongswan-x509.so usr/lib/ipsec/plugins/libstrongswan-pkcs7.so usr/lib/ipsec/plugins/libstrongswan-pem.so usr/lib/ipsec/plugins/libstrongswan-pkcs1.so usr/lib/ipsec/plugins/libstrongswan-hmac.so usr/lib/ipsec/plugins/libstrongswan-xcbc.so usr/lib/ipsec/plugins/libstrongswan-random.so usr/lib/ipsec/plugins/libstrongswan-aes.so usr/lib/ipsec/plugins/libstrongswan-xcbc.so usr/lib/ipsec/plugins/libstrongswan-ctr.so usr/lib/ipsec/plugins/libstrongswan-ccm.so usr/lib/ipsec/plugins/libstrongswan-gcm.so usr/lib/ipsec/plugins/libstrongswan-addrblock.so usr/lib/ipsec/plugins/libstrongswan-md5.so usr/lib/ipsec/plugins/libstrongswan-sha1.so usr/lib/ipsec/plugins/libstrongswan-sha2.so usr/lib/ipsec/plugins/libstrongswan-resolve.so usr/lib/ipsec/plugins/libstrongswan-revocation.so usr/lib/ipsec/plugins/libstrongswan-constraints.so usr/lib/ipsec/plugins/libstrongswan-test-vectors.so usr/lib/ipsec/plugins/libstrongswan-pkcs8.so usr/lib/ipsec/plugins/libstrongswan-cmac.so usr/lib/ipsec/plugins/libstrongswan-attr.so usr/lib/ipsec/plugins/libstrongswan-nonce.so usr/lib/ipsec/plugins/libstrongswan-rc2.so usr/lib/ipsec/plugins/libstrongswan-pkcs12.so usr/lib/ipsec/plugins/libstrongswan-md4.so usr/lib/ipsec/plugins/libstrongswan-eap-identity.so etc/strongswan.conf usr/share/strongswan/templates/config/strongswan.conf usr/share/strongswan/templates/config/plugins/addrblock.conf usr/share/strongswan/templates/config/plugins/aes.conf usr/share/strongswan/templates/config/plugins/attr.conf usr/share/strongswan/templates/config/plugins/cmac.conf usr/share/strongswan/templates/config/plugins/ccm.conf usr/share/strongswan/templates/config/plugins/constraints.conf usr/share/strongswan/templates/config/plugins/ctr.conf usr/share/strongswan/templates/config/plugins/eap-identity.conf usr/share/strongswan/templates/config/plugins/gcm.conf usr/share/strongswan/templates/config/plugins/hmac.conf usr/share/strongswan/templates/config/plugins/kernel-netlink.conf usr/share/strongswan/templates/config/plugins/md4.conf usr/share/strongswan/templates/config/plugins/md5.conf usr/share/strongswan/templates/config/plugins/nonce.conf usr/share/strongswan/templates/config/plugins/pem.conf usr/share/strongswan/templates/config/plugins/pkcs1.conf usr/share/strongswan/templates/config/plugins/pkcs7.conf usr/share/strongswan/templates/config/plugins/pkcs8.conf usr/share/strongswan/templates/config/plugins/pkcs12.conf usr/share/strongswan/templates/config/plugins/random.conf usr/share/strongswan/templates/config/plugins/rc2.conf usr/share/strongswan/templates/config/plugins/resolve.conf usr/share/strongswan/templates/config/plugins/revocation.conf usr/share/strongswan/templates/config/plugins/sha1.conf usr/share/strongswan/templates/config/plugins/sha2.conf usr/share/strongswan/templates/config/plugins/test-vectors.conf usr/share/strongswan/templates/config/plugins/x509.conf usr/share/strongswan/templates/config/plugins/xcbc.conf debian/strongswan-tnc-client.install0000644000000000000000000000045712775300022015025 0ustar etc/strongswan.d/charon/tnc-imc.conf usr/lib/ipsec/plugins/libstrongswan-tnc-imc.so usr/lib/ipsec/imcvs/imc-*.so usr/lib/ipsec/regid.*.strongswan_strongSwan-*.swidtag usr/share/regid.*.org.strongswan/regid.*.org.strongswan_strongSwan-*.swidtag usr/share/strongswan/templates/config/plugins/tnc-imc.conf debian/upstream/0000755000000000000000000000000012775300022011024 5ustar debian/upstream/signing-key.asc0000644000000000000000000004272712775300022013754 0ustar -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1 mQGNBEoycP0BDACzL8ymURD7gnaNbGx2VGieNQr/gNISWhqgHaeUxuSkrInxl89A ClvN7DoF2cD7slEqIMQh/8t6xVzmh9teu5uyeV1eyG/CuFMUqawXqpn/sYa2SkgX C/qHB2hIbFg2K4k5LJHxzqHb1OdtOcU6lHg9yrvYcoO+FTVR+rYaVgYbbbziTB/v hAAzvdTdgwMgoQMSXA7FsJ0mALny4IeiCoi6S6qRVDm4zcu11UFT9g1VmhmeHqtU SQso72bPKKhYvu7ZaQrLhkvY9inWr6m9dxV8Zgb1ivZGhzsNzrhGAsz9jmiB5POF Mfph0hREMiS33ph/YMJducGQHYGEza9mKBdUaaAAEL3fCpde7vRa+c5Gc/Y5RUB7 iUsb2KQY+7xTiSUnCHbsMwhndG0dJspVXcz6X+2S3Ty4GaiqkvxI9KLiwiECNl0I oLX5s/FIW6KW+GnxJTp/3h6vvqm8i0+yIwk+ETM4XfhHMwuPkDyf6km1ag3nIUw6 pSSfnQMPhj5rXIMAEQEAAbQwQW5kcmVhcyBTdGVmZmVuIDxhbmRyZWFzLnN0ZWZm ZW5Ac3Ryb25nc3dhbi5vcmc+iEYEEBECAAYFAkpF88QACgkQF3q9fEkqhHAu/gCe MK30wjslGbZNWhwDqIw9eP35/gUAmwQGDq3htgY+Janap6FB1iEG5hGViEYEEBEC AAYFAkpHR54ACgkQrtMaUngdkk4avACfaY1gM5ZJ034lBf2DeFArc34SttkAn1cZ qX+njDSiAOOU0MZmvYdT81F8iEYEEBECAAYFAkpHXHEACgkQSRB4xVHMaXQWCgCe IkdHv7Ya4QQzkmY9X0w8fkQriBQAn1CLpqfZR6S5loW6ZQzYys63cZ7ZiEYEEBEC AAYFAkpHlEgACgkQbJa6vxmEnbA2iQCdE6UIz6Fymm3SYTXyjFFufgHWTp4AnRuu qBFHHCSfQMBk5usCUfYkMHJpiEYEEBECAAYFAkpHlFEACgkQ1jbYdc10LeSyqACg iXy5VKGWmEzfZN/PZgizgVkQg6oAmQHw1lZhb2V3WYdVZsrSmZoVO0rhiEYEEBEC AAYFAkpHwBYACgkQ7LZ5x4fpqr7hoACgkP2Yg4hx0OOaYQ/+Q5F/iy/dGToAoIrz JZFlvr1xvxMwgCaY1v6tzGnsiEYEEBECAAYFAkpH2FEACgkQxIHfCcnL5ACRqwCg tkAdtC4t8PuIzFPUqGRasGMtKmgAn0HGo8mJtoV5AK+uj3YBYyyJRcxviEYEEBEC AAYFAkpIuAcACgkQO46kH4L2EkBRfgCeMhOEdYE/w8WRYq1S6bCYFzOldNUAnAgb vQ/OWvxLk+u8bUxe+BbUqkE0iEYEEBECAAYFAkpJEUYACgkQ+bsc/f29F/IMJQCe LtrPDs0Wo3AGvcbTHoZPtHzLaJQAnjGY5/j6SX+XIW/dSgdNY04zVZwriEYEEBEC AAYFAkpJFGcACgkQVzc9bUjjZszelgCfYGkK5rcRY548yybHJ7DVeGpp3CkAn0zY q1UGOhWKVfCxuFkLfyoNSZS3iEYEEBECAAYFAkpJIHoACgkQadKmHeJj/NRjygCg l9TQykiqtpndMUR5OpZqVgSbNjIAn2KZ4kdlb8lUeITgJsIbpK0TNPimiEYEEBEC AAYFAkpJKo0ACgkQjh6iDnpWUB0HvQCgtcEat8Ku0Zccm/k2jBv5SWWD6JgAnjDu ujKedxSBSgohQAd1mXHmtraviEYEEBECAAYFAkpKf/UACgkQryDNjGqAEEE1rwCe MbE9awFSsAEaj6XGJ8UaxbCHyJgAoK3xbaGBoFGr5Um4o1PqV2gtC3tniEYEEBEC AAYFAkpKr94ACgkQR7UWzzhrTL9WVQCgtvTMa2R7cfx0onbtBQgGkr75gtIAoN08 gdOYBnh8LGV0irHbfb9hS8WPiEYEEBECAAYFAkpLDLMACgkQzWRwz0BT686RugCd Eloj9w9L9nTyR/BwQ7uNQ/Gr8OQAn3UsjIpEazjP2jjwmJQTngElLLEsiEYEEBEC AAYFAkpLLa0ACgkQeQ6MlGH/2qsrKACeLmabelozki4nGHzvJQN1IRnGmBIAnj4Z alB1OEEsgg6ttnzT/UQptSQsiEYEEBECAAYFAkpLLoQACgkQvl+ScPvxHiIPVQCg mZxoWebrJgp8e0UFLnFrQapwXxoAn3uwfpLI0Q94TRQQ/WN1oClop3XtiEYEEBEC AAYFAkpLRGQACgkQKzt+ucU7M5im5wCeIkCFuNa+Ij771y0ZhbwbXyhZ48AAnRTz rXuClmAqNjG2pJjXGUwS4fwpiEYEEBECAAYFAkpLbsUACgkQowczOzpadH+cpwCd GEbDhuqigR/xldG9A787gKQWuwEAn1vhGKiS48GokSVREMhD/6RzYMM6iEYEEBEC AAYFAkpL894ACgkQecnFg9AIQHJX4wCfbZ24TRoj8jARaent8puW/7VwzjkAn1B6 IygDxuiJyzaTjMc3qeEl4NKliEYEEBECAAYFAkpMErwACgkQiqNir+lyMs0TLwCg nfpQZORxoKNdzF3rb0yM2oDA5hsAn2yW05EBb2w8rpot65E6iiuwg1JfiEYEEBEC AAYFAkpMEsEACgkQp99YcnDUTCPHDwCZAfHNU/2nMW116z9cKiM5LtYiUvMAoIKy +T0mJT11yFePg9y7rY/5WCkHiEYEEBECAAYFAkpMEsQACgkQ4gEcJ5SEGX4B7QCf ZmDVDP+RfLV9B+rL/MV6/TMXFLoAoLjznB/JN10JfN/u5IZWCi+dqsJtiEYEEBEC AAYFAkpMicIACgkQsta551Pt/1VIgwCgnUQFiZ9N4qbhqOiQzfPCnSB/hnsAoIhq ukM9rO0RH1ikGd4VQz0cIgatiEYEEBECAAYFAkpMnwsACgkQN8SUWat0lhnoRwCg p+qTCC79bMlilGKfLYV7Oa6t47MAoIfpyNnCXMNZdSIUdLRiZPE6Ck/NiEYEEBEC AAYFAkpM6UgACgkQaT2DDHtihbfIPwCfbeX7jAuzbiKq5XtuDE1OjNh68cAAoLOh 3nXliAm79mFgbXl8OXOZinThiEYEEBECAAYFAkpPKEQACgkQdns1tqFIBbkNfACd HzblbPJ2vDdm0ya2Ksccwn9u5GcAoJzzX8AULChnHmBqrc8kphR4oRB2iEYEEBEC AAYFAkpRzYEACgkQ6aFpZ+X9qBIKbgCgiDp8DUKtkxOcwoC2z04seh2FwM0AnRmG B/h118ajrYsRglYjT3nkjzTIiEYEEBECAAYFAkpSIt4ACgkQ1R6CjUnlJYMh8ACb BA4fUWIRHZSAz4nAFrXAzKQCnJoAnRxWq3sHkP03qzpZyOIBkeNfKwzkiEYEEBEC AAYFAkpSPaUACgkQPzXj4jNu7sQ4mgCfTwP/zE3chyiYXpuV73jrRRGhIKYAnRUF jjxLvplfo5moUMR2QiK47ga8iEYEEBECAAYFAkpSW2sACgkQ9/DnDzB9Vu2jGQCe MuugKHBTV07TW/+ChrTGk9lxOlgAn0KOdNP3CbTngoklhrCD6OVeO1YziEYEEBEC AAYFAkpU/y8ACgkQ+hT4QImNDmpfGwCeP4wasOPdWp/ZYd+50YirQtogjDoAn04n T+MiIMh9aiQ5naOvg/veZ8oyiEYEEBECAAYFAkpXHsYACgkQbj3LoLfDuD9cPACg y2iM7gVr7z4gRJoEqqHIFl0g8y0AoOUC5MOQP43Apr2vO1iSrsOZgZ7UiEYEEBEC AAYFAkpYhioACgkQEAHIxXV27I9v4ACfXnb16A79Hpg4+6Hb41CyRVl/xBEAniIU npMD0UdFUpP+pxDWC+Kq+aJLiEYEEBECAAYFAkpZg+oACgkQOx7JtKW5uMsdmwCg uQPIL1vZ8RVXYlBIA2pzfOOX1roAn240p5krhDUp79Xh0wEVbh2P8qB4iEYEEBEC AAYFAkpdjx4ACgkQls7o9YEjUnrzjwCeLqBpBk4/1Jamy3LadIeGwPxOeEIAoNDI tPbpm73wu6JmccRzeSOzHqUniEYEEBECAAYFAkpdzc8ACgkQVkEm8inxm9EIbQCf RxHhOqSSLkpENJWRBy0waV91v/kAnR2lEeiMPOQ4NtkiQZ+0tar/HHO2iEYEEBEC AAYFAkpjcCEACgkQbR36slPFltjkYwCeMhatLo23Qo2diWftXI8U+c400jgAn2Ym TTJqGj7GLCYmBA/edCwu9T6WiEYEEBECAAYFAkpm9OMACgkQXjCu8kSU1W2K0ACa A6cVaqZpOCdQk8cYUIO4NZYA2FcAn3m9tqEZ2BDMWPZg4uiIIsD4zK8tiEYEEBEC AAYFAkpzavAACgkQEF0sD5X3mmquSgCg1zHjdAKxf1WbfV2TVfBgVDT2/XEAoOrE KJrkjfzB7QuaDg7lfAWWva92iEYEEBECAAYFAkqDIqYACgkQ9D4zU/gevQPkagCg wiYyNlH/F2+lNMVHlqb1hvon84wAn3Wc+QhEr/WcR10pSqIWw+Hin5vCiEYEExEC AAYFAkpGjCgACgkQePhWFewOlUwncwCgmhwsGQ/+AqmIAPDmWv29NkMwvq0AnAy9 wvRuZicC1AKliorx2MBVxgD4iEYEExECAAYFAkpHLxgACgkQO7/Pd72LBQ1xvQCe P8yw0EU2sFi+uqb+Q5tnfXQjntEAoKdCMeKRmBKWUcB3FaW2XzYMPrRWiEYEExEC AAYFAkpHaKYACgkQcVwuIf1YDMADCwCfbGeq2p2km6QULrgsRZCE3r/TKPwAnRui 4QT5LVCok1JfVxniy4ejpPS7iEYEExECAAYFAkpKkLQACgkQrpwLPnGbxnuU4wCg jqJR1B+O5NrSYTgEJy3zT5mwnKEAn022uXzOocJyFfh3oOHuFuexM9/7iEYEExEC AAYFAkpNCFkACgkQL5UVCKrmAi6I/wCfUP4cGY27+mP1AqLsGZnU4bVtEdQAoIit ueT0lAg1skwv2h1vldV0cfyoiEYEExECAAYFAkpNUAQACgkQtfXMjywV26BLWQCg r0yk6lOtO5fKGLbjxFCCVUG2bckAoLgO+0Nuzwb6vpyC1K1OEuhIEJTgiEYEExEC AAYFAkp8YgoACgkQ26aJnILW8pa9LgCfTN/s9d8BH+mke5x0vEd0XTbIFgQAn0bJ X7dfPPi/75gA09tlyH07U3WBiEYEExECAAYFAkqAZyMACgkQyoukcaP2scQE4QCe OcULnUE4fftMmo79HAS0k7tsN3YAnA6tUWnIg9dBCfjbGSORVRRpa6vSiFYEExEK AAYFAkpFO5sACgkQGOp6XeD8cQ1KWADfRbqErKPsEIVI4IiNTJ+FDQ4oStxUwMYV KQQweADeKEegvlBzGL7eWlcK8ZgHx7QWV9giHsKSdQIZa4hWBBMRCwAGBQJKRy8y AAoJEOasLSK2aDBATmwA3jh9KHEYVx0jvIzKAr18Y9ocCxlc3cN7ykEnLcYA33FH VAkmGAWUbkvld/VWkgQbeEj/oJlFwT4Flm6IdAQSEQIANAUCSkeAXy0aaHR0cDov L3d3dy5hMnguY2gvZGUva29udGFrdC9wZ3AtcG9saWN5Lmh0bWwACgkQVtUpPsl6 BlTzFACgxDfPHvU2uKpo/Trfl3CcY0/kt90AoOtNtHOhcHwV+FiDz5Yr+97ia39y iJwEEAECAAYFAkpI+XAACgkQO30BxOBIP8WV4QP9Gtb/JYUSpina9+fYFYt9DWmQ 2LQJgkouQwhYrZt8+B20xAKc26xBRB39NK5c7vEqvSyJsc67tNkIR4Plp+HSCB/h PSY+h63CKZbl0W7u+4MxcIl98rHaMEnf6eRzXyNzYR6h855xHqClEXkwFVXXOiAj aXTvLIkdvol308SIad+InAQQAQIABgUCSkoQygAKCRDWGw5zQJlTWQ17BAC7Cw5h yA53oNiWjMJl42xyiLX4XLcR+g/FEtvzpctE4dS/JOkzIk2Y14Zydar6QGIBCVcX I58fswKQewfRdZPQLIUNuZex13dY2qId0dOSruJhj2uM7R0f64kJW1u6AtFhcVky uNQyH2jY5TJpS113Yd/cizN0k3Uawpg90I26nYkBCwQTEQIAywUCSkYcNFwUgAAA AAAaADltaWNoYWVsamdydWJlckBmYXN0bWFpbC5mbWh0dHA6Ly9taWNoYWVsamdy dWJlci5mYXN0bWFpbC5mbS9DOTIwQTEyNC1MVDA5Lm5vdGVzLmFzY2caaHR0cDov L21pY2hhZWxqZ3J1YmVyLmZhc3RtYWlsLmZtLzYyODhiZjkyOTY0YmEyYWVkMDk5 YTVhMjBkNmRhNzczMDcyNzAzMzg2MzBiZjIxZmRmYjI1MGVmYzhiZDgyNTYuYXNj AAoJEKyCSx/JIKEkUPIAnjIyTwvNmZ1DmuTuxgzQPSrRvaAYAJ9Qn3DR07NGciAK 4mf/2Itux9jPDYkBDAQTEQIAzAUCSkYSsl0UgAAAAAAbADlncnViZXJAbWF0aC50 dS1jbGF1c3RoYWwuZGVodHRwOi8vbWljaGFlbGpncnViZXIuZmFzdG1haWwuZm0v N0Y3M0Q5Q0MtTFQwOS5ub3Rlcy5hc2NnGmh0dHA6Ly9taWNoYWVsamdydWJlci5m YXN0bWFpbC5mbS80YTE3NjFhMTkxY2RhYzU2ZWM4MTYyNGE2MTg5ZDQ5YjhlOTgx YTlmMWUzZjg1ZjI1OTM5ZWNhYThjMGVlNWVhLmFzYwAKCRCtG95Wf3PZzIS+AJ9R L44Uig1ZdaeXRXl+nOgf4avrfwCcCyfw+nrw6iV4/Gt8RBzbX9lmjZKJARwEEAEC AAYFAkpHoBoACgkQjBSFwK87aXS6tQgAizuHDOgoFLnRrFAatCQK4nF2J2/nxrwE L1dyV4hFKmQaNiULhVD64LHsJC9K9WNWrdWe3jSzZzIbPwGqqvi5F3YcieTLDbvM +5zyX1w9276u1PQIxIJ8hirlh5TXuJhspFOLdDd8pLUpHGwKA5HzuZT1K6tN82J1 SQ4lbqC5nmrNlOMloKkyce39ehdWVxmG0NxoN9qjv8QSY4ZhIkk1a29AYtQ3Em3p oHn92rFgueKYPQDX1c7YMyas87lnsN0r/anB3orHGdk2KfefriGCLn1f1aSkYWvX bFe8eP5SeI9E6GQgouklLDPuSswj6akOOWmcyZ+UKxhrqayxJByKZYkBHAQQAQIA BgUCSkfANwAKCRDhksSyWuqYqX8+B/9uOJFH52T0yEuCAeoNYUUyNkPmw9d8llaI hjhlDM1OpruR4Q9x2wF5+HFgdV/FnGbhviWQfiXzOoukJK4FuJyEoGPrBQH6tDIb ztfWwFLh3zstkzn3i9ycqdujTXn8C5F4WeLZfw6o/Rm8J2ZTqeHONf6sdwpaLTwS 9RNoKcs22T81ndmM4Li/NKqO2c9pUP1ezRhBHu6rq9D8DZhCIvOB0fK47ruSa0hu 9ngMPW+tLIPZaN+ZI6RD/KzgpwIestX9n8sWY+EV4ScoSB4AWO/+VkmbLr0su88l 1ZcpMRsnwWPSbOhWhB5kwjgX3YgmA0mg6iO1Utlo2mCZSeE5+s1SiQEcBBABAgAG BQJKXupgAAoJEBAa7p7BMvTDwhQIAKAKiFO85sFurP6KliGSLA0s4savHfXGHk/q vzzICONh4plIN/nCk9EA26fONaCMohBM/MeeFI9tTDE90NshSzGl3YwCxpK0OaGb qmpD+99xQ6FdqKyY9f/X4QZczPPS8mrZCWXkzvbo+20Jav3FzEkkAW8/1qJ8rwOi Rzs/1m/Bq/zZnApppGcwMD5Mu57VJZB7xngADOBurRwseE2fcRZlKX/81pquX0hL oJKQcggcgmbX/aTgRthrv52NdIwtRj1KVvmtdoiYV+OjzUbHKfjuPrKiAMQ9xknn BUq/BT42k//AuoT5umuQh+j43MtkSJKNcsRJoJxShZv4hYzWe/OJARwEEAECAAYF AkqRpeIACgkQTejfprp/Jq6jFAf8CZhiNE6WMuJfrDDag98AwkhxHhIn1VScpQKd 9cS/zz1Be98GEeHkVgEDvk6ZI3+SHhzNH0HBPb9jGJq8oymWGjuldBWZ6jYfMJOs H5h+DWRVq9JWC6PJZvdcA45LuPvMS4QULOJblB8HkMOQ2Q4wX2Y54Lpxkjo9vLEY 340Ptq04/kMuq+1NQB5KUB5WgXnDMerj1VQr2crdfJPrIGgdS5YN2TWqNjVJMTFQ IVnK0w/xEGGSGsCLw7qJhRL4y/A89NQ938oJV7Y2oEOaisd9i0ypz2dLMXRn6DDs lmCvTcgaXWkyxxPxXxPrX4vFKuYLRtauKGR1nYrH3I4d592bnIkBPwQSAQIAKQUC SkoDUSIaaHR0cDovL2RhdmlkLmJhZWhyZW5zLm5ldC9vcGVucGdwAAoJEIJVX55T hvr4sf8H/1GfCCWxB7W8S9rTEPDi7VAuAyoG1uOmFeo0nQBF0ayXmiyF3u55DvWs 3bhA4xxuXsLt1HNigKMd5A0UpOUkXx/EjOFIO74wu6cQJjpynAwpVpRauam198lm NcFYxe6FG81VIeLF+pGbi9g1FF2HpobpGhYJK9gArOIgJ1UipI1sCW+/psGCfh6c 3Q5tFoc1PfqQVmusM4QZEFGxhef6fE7h4oJPa11ePOIct0fvYNWEmFSx7GD1jeO9 DDKE771zPeg7fyJkqgMCDDugtbAuP6jtmshWsqv3Fxu/mY7U9BDFTT/E8bgRbf+L BMpQ7OQM2h6D62mlvo334aCT7c/+6CuJAbcEEwECACEFAkoycP0CGwMHCwkIBwMC AQQVAggDBBYCAwECHgECF4AACgkQ30LBcLNNune3kAv+OteecYgcufwz2ubKh417 slBQTkAZJXdQVpkeAeaNu8gcD51G+HUw+Ue5ZtpmQdU+1EW8W0SCSxz3jj5dwqg2 gTEoYqvAtBxQTFSJDQjI3AfvS7t/W4U1xtjzk657kBLOb7ACe2eYiU2w34wd7BFY Lp/qBifVofCy+HT1/PQDfi/3B22KbZ6T9WjF7cAgMjDYxM2bAXrWlcSysfTCpica FgtntBu2GcOcdBpR3cg9Jrq4CA46IKgJsoK8/i7+JWbSuZc327Oab+LhjRwTcOik ayqtHkN9ZgmOA/goEKWfQuBa1gjylxhyYDkT6X5+KM1wyJ23NYcxbYyPShlmw77C VFRgsaH+NEBKCrute7FX6gYpwGfhGpIeVnn8FiW+jBTGc0ULi0suWd4eJ1LxO6uN pwzd/BEw/k0yZxLl32xUsbW7GX7+DZxEy2mEeLOLP7v2MNz61LGpE7mWGrIi0APo sLYbEHeILlp+czHj35hbOFRN4v8p+SsP3Df+fs7TSQu0iQIcBBABAgAGBQJKRRsb AAoJEI6IlUTZhQANZ4UP/1z1R1UkXHBiT/SAO8hUK7zAQFbWoV6e5foS0muNAtgv 1NWlYgzTZw7UkVeUCxOuqS3hIbG6WuR0bcUqJvOwSfRy89Gcaes+7rGwnjrzb0so pL2FejjW1uC5XhnwIJGM7iaDzlrDMhUFyyKP9R/ZBLoz0lVTC4DBn2mx/2NNancX APhLTMiAKyBqarXvhe6lVtIQdobxwf8SfE/gWcUobC603/LGda4IBWJiPEpfN6dr o0AI628AtjhrdRNgVAZpLPbVSHoBUwaemNk1rgNDVW2f3WMdfDUUCQd10Rq990ry F/Na+0bxQgm37BXMRfexU7pd9b/vV9BA3eZN/kP5JGqz+16BrK7iDapvNB2bPttx GvF/GgQa9Oz4gR8deAoaYiHnT27trc/G6S+HwiBRnX+w7JLU+VptiHY33AWd9zJH aMMXFmSol34Bywe1HIBb+tv1dwnuCkXVY6lqSVAfQd3waBqn2KQ6S+2qca7sT7pC DN8ZAcM0ugPxCP2G87hq98dXNtEWkvD3RN5iEypwPYLzVLetDtUgrOnYdMkPNOzh Hz4Dc4Q6bSyKWxm23ykczcwj5iyvIF11r5Uow0CkriqsmUWUKyxz1hnKdeBw54qO EsjGAhWkDzPIeo1hTofK1XQUsHLMD7TMGWSh9y7bPF/8VdrA/KtDzlpOVjFJgPrT iQIcBBABAgAGBQJKR+aXAAoJEKc+AFVVj7jdI2kP/A0g9ef142XmMPNZ9NyBJXKO g56L2+/g3o4HAmGkW16Ftini4VURnaPzqZRraDvBBq2ztqqYdYP+pkY6zLSq1jWv v63dd6hIHa9kTWUXM3HvN2xW+V8DQdJXCVnT0d7PxN7BfdCk+ITts7ZdcB1PVblT IH2ZC3yTReWMbwF+/rZAA9Q3z8h0cIdwXNxiPCqeF4JyZmH0IZiZ/Kq+YR29hvQR TdaeZyvTW+QgL/rkWh/WnJjoc4w8djTKQDXc7bzVzCxH2cJLDK5E7Ge3CO4pILNf 1nZ9X29XR5wFYXHGcjEpjFq1Bn0phR8LIdxZskdhl+Vk5cHQP3rcIFFpBLv7FKfz b72YWFUmycnNg8YvaS2PwQf1VDshlhip1Eyhjzlm0Fh6Ead0gReRLydBVUX60Ph1 GpvEBmHcCW9LFptb+D9tSG2c0yk5mGjId33p2Sd8VHar6L1S4g9xO5bznYn3HItS W/yv4VbBxVQ2Idg7PLfywSVRmG1FR3/IczYRFGtyhYVXEAr56oHwQ9/XPv/ruDjT wmMqJWeGwCPO8LNPj7cw2viHs1/eoR8lUNTLAmkJFh9ID5Z4vYYAt/2/Red8G4OH qzYF3jQATsyKPvb1nqBmxPvQaKgUwyEYxJLYtpjGV7I3/W9gVGCucLgi+k7QHR8d IwwDDB6bv9/swM6L6owniQIcBBABAgAGBQJKSQ6LAAoJEMamgupjyC8cAzUP/0pf AfL9aamv2MMA1+b39K5AgtMMKT0owTrY39X8a+g1Gi6w97Ac68cr3Bu3jP4gXkAV s6jhMC4fSwX15jkEeywtKhKqdzUrCkHgy5VQEiNJepzRH55q/UNlerYK0uL3Xc/x impeShraeJ+YHKb55jRYr+ukZKkkt/jXJmQg+VcIauCiIw9s6JY11XI5FU3d82W4 XRYF838MSHW/q40g72Xb+u1cMRYJ6zxqJOEFJLwtKgG6BwoiN6kGQ2lyeMVDqJ2Q jvVfpZE4yiUlfSn6tx/7FG0OgTdqzvS93FkhJkw29dvZ5SEUFv5tqeg3PX0zSDNu zTQ7i4LSxmhoTuf/mUWbgd5SXABWA7yW5ZKfch9JN0sW0UYDlqmIjbvmeWBGUzbE sxZT6x5g5DsTKRi0UJSSzZZOhTEyAFgxtZpvaKMJga9IUCFf3nlkmb8b0Y8+kgay iIKm/HxGnYjjNs3bX7f1QqPTizsPx8K4YW588HpgR+f4dja9nkb8SSBw5P5oaadf yYBDoP1IE7FOQ75nXOxjYuqyOQz6zVT0jfcDw5VhGK0BW9+M0Fsv4ad5kvjeJb5V NoY/uQdaeuSJkX+TAvQ5l9sAIvJSz6/ytDFt09loVyDpRQK/Wx6qGe0aqhJLb3Av Pz2TL5YbsgC4gZrx3u2PoeaoEKQ+Z60Km0MJKpNuiQIcBBABAgAGBQJKTJK1AAoJ EOc596WBW0pqWo8P/iezz8v39iD35EhsTAE0RB4DbULvvXU/EW+iIZo7mS3Gretz 269tBZWJeNw4wvH+U+E7JGg9dxq+D68f6K5AFMytZpbeWc5jiFwe7n2PF64kuV/9 qw1mV6bt0MPbIYn98DRMvEphC2BvVE4z7omw2UapOUvKrOB/56p8G0zm84Nr/axl B5TznxzP6Xs5lBmT4MqXVx0wPEkhMEJTAhqKYt94faoknhRcnL4Oj+weTeyOSwHI 2aC7xj6wAdb+PXWih6qzCFDFiC5Jn+V0qo3D3XPGZ5jOQM0fsr8FDH6qEfWQiH6e 4iknnNYH1LNarfTsi742mcucRbwWGKa9ZUiIGvnMr0E9pn2pZrvpAe+NfNUG7kNP l5A1I9rE8Da9MH6XqFhymB4xxAC0XIb/bKQJ/MnOAxWQPD553WJH71bqdetrR4Uw 1M2BErrgi7w+RDK+l3z9bErCRHMtXhGY382F2jtooxGps3SXQAwycIdFQSXKmtN5 qZ1P73DNnHdozPwbvxHbldiYufIVHqzLhPKMRISQVtZM3czfKmPeGNb4Q8r8yBOw +2wcy2EJAbACcyXPWboowtVvqdb37AiTciyi6Ua/Q0kPBGD/bewucXXWxuD5H2Ax l/a3pxUm72BINNP0ptlinWwHu0e0c3zlNdsipoNTVN7tj9iISwWmyqUOY6kQiQIc BBABAgAGBQJKUc2OAAoJEGacjiM+Hv8PN/0P/RACW24ojji9K2kUqvRCeBzA2SgW fX3KasRWOZB2Z29pgbOZ5+ZVcyqf5P3tEojOvR9oYx7OllK4Yp90jzx0TyHa5iQQ 9NNJm464duYkMD9cemAh0HgLNxoZzmFGTPaOCoq19vdoq1lkilWvGappXjXXYtiR 3Frmpm9G0TR0Knmi1Ah+66G/nIzeoNeIjaHZKKStu1Y3Gy/XuZDG/CsribuX6L2T 2/dBtnCEIyrX7XV2BXosuua6h4KgAKfespv06gzATHxotXN6wAHzq8fkwJNY4Y7U qYtKwG2TX31I0DsCV76ymp2hQ7iCgbZ0LggRwp1fSq2Nh/+4UBh06TV1TmVEWoEd plAnG8ynfOwJBjaGUodgseLzoM1srnR7H3cTFlUNi65UiHevZGxAMe2zKUUsV88k PR4vzaP3hxfuv1xTFuxioxisJSoFwpsVVkffYFyKhqXjYzlCjWg7WAufDsSyXpS3 slWD5hICcJRtpuW/mBObrNLHKqL6hK3x1GlV7QqUEvmwZU2drjlaEDOp2E55NBYJ LedXbbmGemDbXejbjHsXG33/ffVfzFIjJ9qdFkoGLVRGIQaZv+zRlkzmQH5mFZV4 KUxOAYmoAsR1xngXj4Rk1J3NTiAksxC9IWtL9rmBGHObp7nqx2U6MVPFfjis+wYW TRsbHI8M0lABCYLSiQIcBBABCAAGBQJKbLe8AAoJEE5uQpnq57CtVpQP/3xuYUpU dw4CLyxStlO1mBqfXyInpADS14QSAEs9ZaZedyNswJ5g6LLFiahmPfffD1CZbRlF ZqyfwnSnUHdOdPg+o/nVTBrFYfgwBqg+B5gdnNzG1WZejCDc1K365YDJIbfrIFm9 cNW33OgAq0AADpXw10hd49PCOHj5b+HF0NX17eVWDnu3yITybgnfllHqkn8lAM4p vgIeFwGV79TaelagBKuxa74PBPjTA7xjzDI4wYy1EUijNkDpQTOk/5ofHsmomcI1 H4K74JJHuh8vJgjYrg+FD7yI7YhcxLEkDqKMVURf2q7pE7Y7MCv3qVRe3QlLl+rx vTNaxOcC2GSs1XXiWabwa8Bhl/R01QRg5Ph536ihxd9qhhisrW+C5ODq1Cd7n9wB xIZhJgt2CIX5gpeWc23i5riMbKF7kdzyzA/bdHgD7lOFMVBZ7A+TrYclCbeY1F+Q c1Ybp7W4qeasaQcDrhk0Lmd2n7e/FJvxF4oIeETPFN5+0jYWuIwQvxnh2fHRoI8x DZ5Zf29tAfy2mCABa9edAGv/ZqL1TpmdyDDxffkj7gwc8Y34kNK4L4j/TF2Q7rSc pfbHpFe9eIpJJVLaK6td0p4Gme3AHydhLwPWGEe3SZWrLZqEQuDuC7zbD3mb3/zY Jrx85bmBxV93eSac38iKaiTG7c9Ccce5jP4/iQIcBBABCAAGBQJKiSdzAAoJEMBk 12wn2FYBlVoQAJ5RmoS3YB4kzOp2GWXwMB6WBUQM3fBuGen8TLwSgIijV2ml4rp2 hG7KWA429jTN5vlvbXZBXHlSbzzXf6HVNFtiFUNif6uBRNPV94XMcSYT0YnypT4d 3/9Q8vauCeTs7dEIWQLNKsw2DflarPLVW7FWCzq3oH9KCTi7gF9149zPHzLfXkdE AYAVLZqLL7ZrMLz4xZqhaAVJAnC7ATH8qPiF94XnxLWA+MfrPTdLaAMhZvT3sxOt pU/ovwI13xJtaWOzmP4tcUyqU84Ju3MvtQjQsjTFLrqHU2sfWt6w3BE6Et/hz6wu 7FIFqi4rr5PUZdtKBoUmn7hYHior28UTtzZ1Vlx1IlIxHXiQjRAM79cdsnrNykdW 4Nxppoiv+2Ds6piRLRA6bsHeORKKHgAALhhuQLNKW3hwZ7crLsAbV99tT3CpqIZQ ltfoIE8TYJWvpVVyBI3suR+qJvqeQBffNJYhZzHLNYdQzmrfRM5iaY3eltkx4F5d 5Iak/H87NBr4nBNl04hZJKunIO41ODun+qPMn6TfmLfagHLTzRSD95WUs6XGBME3 v+L21o336sCVV86eGo44bmuR2GLlH7UWN3suikU2HRMKaGdLTMomGmUztJQWZUAP 3ZthSbLTa9gVLpJe4BzO9f2mveFBGCAV0Xls+EsUrSmT2TXhL6WHa1ihiQIcBBIB CgAGBQJKT2MTAAoJEPU2qnARHVcWLNcP/2JAi3Tvnc+lLGAcGCdzRVf/w9WYeplC kyD78s/tTedG7BVFi8lUOmAz9oTQaDQh4felYXXTHSetavfcnY02w8VqtNcpTNGa m3R+K5CYH7UTRFvM1q8aUQ29eD7Pgr12I7IQq6d9Qe3bVbe6at/DuK+39+HcbQ3b dAGkc4kuAPuSrxVbvwY/XUuiMhjqG5goohaFp3ug1gl5XWEDJes+nf+MRil5JYSg MxdQsiPiAOqUREOf9RaJ+vLFaNiFZ00h6H+qtD5DM0wY1uT+OLaG7wo7z1cgkrti k5RxehrgbGo5u9FUtVlb3wg6MzLA0LmD/v0H6q8qxbw5VGjXLypuN+JYMRGpLfnU GqshkgeV1rKxsaacXQpSpqEFaK6PGPA1gv2VFks0vRqYy9qs9TWGbQ7SUCD6ECEm 3Ud3Fl1f5bCFeN9glKKMunqbh+uYdq1dR8kI11eKlp3nsmo7WvtrpeHdQlgLBfCY Or6FU0czD1kNFgT3LS2ADITgRGph3InuP2xkLMFquVBEhikX4J3oqumCsO/G8ggg CG3FQaEKoUaO+dErKmK9WSL7FWPAQeMHtvwerraESgZE5KHNEGmG6BeZMAzHHiom LbYX4GaZfMnEMTGc8qzZ6kgqxMgLI9onk0h98Eo8xOAISkGsuAnj9skupdEhvQvN 9lp7u+VgCiWMiQIcBBMBCAAGBQJKUlPwAAoJEKwwh5qrVbMSo48QAIb58aQB0y2s zEn05GgENs1ojmffiXYJFHhgLO4PVwXtTAho85TmkN2aX2nyUKO9659+lgzRKNYI b/GnonUnu3c27ccKt5RLpxdQXD7WgD6MnvahtQoz+dEJvvG1LF9b3HAK9d0KSdLN oHxsX7FWSGJ0GMsjo6Bc4Z87I0LekUnKKa89xu6aDViZDhgzowlu2bqSNmqduyme oTZKaC3wt0EJEzdHKzEi5NXLwc7ucxGou8TypZzV6O4J3QRLgJauZFGL040MnQwf Isv3NBiCv1+k//nEUvQCFFEtCDTAyp62jT7MZ9SpKuZ3IgLxhIB61QCxjvcdOsLM WEIMtizW867clb6KFaxJjSoU06jgr6x2Rp8r/Gk7zmtHOtOOCDg7S153MLGdoHKL ZeGewQZlwL9QesdCkWMXJIz1yyWbVm6LBQAOIHj8SsxrX27XoVmG1onBtohLfZU0 uXipjq7PNjrewnXhbtkLzjFHJOXCuSmDyzP77yh9KdsfJQVJwAe0MqxMGwpZT35F hq0E6YHTU2KQoBJ7dToooQebKryMtwVbYNYWfOgYr+SGRxilBdMgFEn7F1hNDBxg cc1ZOeH6lrFFN3s298dzjsPfuaq38udby+yniVPaWDw4cP9ZeVF7MN04C6ERCiEZ bfCmuqBOg2nk2oyBhLuaqpKWgzmR/ytnuQMNBEqM4cMQDADF2HxbuP9CETcpk2Yk awr9C0nvbNlEZFx1Q8foYb/8ZoAbmFIKMzyr7QxH8b7fW6TfZFvNEiPWwdDx9jTO fE+Zp4PXCjDSEJsNOr4Sncryi5qqiqOU/it34j3g63E19eCaWV/sEM5nqUjBRjxt rxwUI9iy/xm9FejzZd/AVh69D2RMuqQlPnaYzI9kvBjHgM3C6oW1BAQEsqAhVdWC krpITvYwU/y/IWx2svQ5GDGhYjo8gduchFjUqJZTM5KuqKtlQcf0w+7MW4FHT6MQ BqN4qjHJyfQgsszk8EAQVcWAF2000K2yF7V9Hlo+xdwZmxlGNzuZsActGpqlWGTu hffVasaoYeRIz8YCd/doDOycKQ7n5ON7aLK6gbk6FBsey8wE6129CvCeiuXnoSC7 O4rWYYOxzM2y4BhFwqJqwJamyOjK0Mf50YRCYpfJ0P2vTpzE/H6ZaZYoujjD6TiY wLSUVFgqLzdzBOloykc55bj7d3W0l+QJDL6+NTPhpkn9ZJcAAwUMAKqZ5cACXtay weSNVn+/BB8csc0xmwYQS5y9Xso2owXgV7qdFtsToYk67Pq1p4WQkimkGpXGFI06 x/myg5d8anQiBigLfsY8joABvhScbkZVxoAxABdRhzB8MYa5X8Q7mk+sTI+PL74a +OHFwpXceZS4B9yDKFMaEM5U/FTbxGjPf7wSKDTzm/6XKoCyAV24Gt/5lX6UeMg5 JdJaZOJPwRVIDd+k3Xj+qGW252F0Yhn+kJbfTcf0F31zhRz07NiFGvVWk7qWlh9M U17LwpAvjP0qO3RE+xzPaFgM4nVxMVaz/hn72YEk4PCuciI5EuWBXY2U/kRljgxx xUV30rsT849B23dS/r7oGNhGe1jvCxfrXtPlGaPyfoCFumeCZaDYPrBF+btPIjRa 3PmJwKgkgQdDAH/cSEHNCXu0FzRwKXAJibudNhG35Iva1/KVbL0t5qKX5rIzrPAx bSSVXjYTi7wMLL9omvCYSJXC7AZtcvrPjoz0RmC6h/fwxMSYuweWz4kBnwQYAQIA CQUCSozhwwIbDAAKCRDfQsFws026d98GC/9v+/d5ChlNaA4HkydeEiuD8qKRhNhu cQb3BYztchJPxuk/t/9QrIPjgIJUkftJVMYBd7KOCWe5hfLgXBpN0WabpqVbSwKn iueYAOLkEsvNCUJRrknSJn6gBmcAfrQF7NQz4JjP9AFbc0mY/ffbc94zgfgxnS8u /fCBouQWVor94BIGgLsq5lYCe+w050tDb0vgFiBbYnCTX4/GzONPfr0OwxRjeJjq Az2szvUCN3zH3yF3Wvbosgsae0AQRfGz7XcqRrsngYKp/z8n1lHTV0OnxAz4z0Qc Uue2GkDJS5JeblCWCVq+d/u1ToADRIW4DSk/kJdUsbUMtPV8m806qN3M+x+7/jwA zYunGPSAq3XINBzz3QbHCc4vWJnr5cyH3+6NbLtDt0jgzaa2HBgVeV1as9IKYxOh Z+XrYHE91jkUgQJd5HBMg72wjQtBVzZ4AbyUOyB7TmrWckXGj1Yqvt7AB0Vv98wi vtczCgyPZJBLL+1lUIGcNdHkbDkdLFGcgBI= =S3oo -----END PGP PUBLIC KEY BLOCK----- debian/strongswan-plugin-eap-sim-pcsc.install0000644000000000000000000000023612775300022016535 0ustar etc/strongswan.d/charon/eap-sim-pcsc.conf usr/lib/ipsec/plugins/libstrongswan-eap-sim-pcsc.so usr/share/strongswan/templates/config/plugins/eap-sim-pcsc.conf debian/strongswan-plugin-error-notify.install0000644000000000000000000000027112775300022016712 0ustar etc/strongswan.d/charon/error-notify.conf usr/lib/ipsec/error-notify usr/lib/ipsec/plugins/libstrongswan-error-notify.so usr/share/strongswan/templates/config/plugins/error-notify.conf debian/strongswan.docs0000644000000000000000000000000712775300022012240 0ustar README debian/info0000644000000000000000000000000012775300022010030 0ustar debian/libstrongswan.docs0000644000000000000000000000000712775300022012727 0ustar README debian/strongswan-plugin-eap-dynamic.install0000644000000000000000000000023312775300022016440 0ustar etc/strongswan.d/charon/eap-dynamic.conf usr/lib/ipsec/plugins/libstrongswan-eap-dynamic.so usr/share/strongswan/templates/config/plugins/eap-dynamic.conf debian/strongswan-nm.install0000644000000000000000000000003012775300022013362 0ustar usr/lib/ipsec/charon-nm debian/strongswan-plugin-eap-simaka-pseudonym.install0000644000000000000000000000026612775300022020310 0ustar etc/strongswan.d/charon/eap-simaka-pseudonym.conf usr/lib/ipsec/plugins/libstrongswan-eap-simaka-pseudonym.so usr/share/strongswan/templates/config/plugins/eap-simaka-pseudonym.conf debian/libstrongswan.lintian-overrides0000644000000000000000000000244012775300022015440 0ustar libstrongswan: possible-gpl-code-linked-with-openssl # we do pass hardening flags libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/libradius.so.0.0.0 libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/libsimaka.so.0.0.0 libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/libtls.so.0.0.0 libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-ccm.so libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-cmac.so libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-ctr.so libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-farp.so libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-gcm.so libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-gmp.so libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-hmac.so libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-random.so libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-tnc-tnccs.so libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-xcbc.so libstrongswan: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-gcrypt.so debian/compat0000644000000000000000000000000212775300022010362 0ustar 9 debian/strongswan-ike.lintian-overrides0000644000000000000000000000033212775300022015515 0ustar # we do pass hardening flags strongswan-ike: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-agent.so strongswan-ike: hardening-no-fortify-functions usr/lib/ipsec/plugins/libstrongswan-socket-raw.so debian/strongswan-plugin-ntru.install0000644000000000000000000000020612775300022015241 0ustar etc/strongswan.d/charon/ntru.conf usr/lib/ipsec/plugins/libstrongswan-ntru.so usr/share/strongswan/templates/config/plugins/ntru.conf debian/use-bash2.diff0000644000000000000000000000004212775300022011603 0ustar 1c1 < #!/bin/sh --- > #!/bin/bash debian/strongswan-plugin-af-alg.install0000644000000000000000000000021412775300022015377 0ustar etc/strongswan.d/charon/af-alg.conf usr/lib/ipsec/plugins/libstrongswan-af-alg.so usr/share/strongswan/templates/config/plugins/af-alg.conf debian/strongswan-plugin-pkcs11.install0000644000000000000000000000021412775300022015352 0ustar etc/strongswan.d/charon/pkcs11.conf usr/lib/ipsec/plugins/libstrongswan-pkcs11.so usr/share/strongswan/templates/config/plugins/pkcs11.conf debian/strongswan-plugin-eap-simaka-reauth.install0000644000000000000000000000025512775300022017553 0ustar etc/strongswan.d/charon/eap-simaka-reauth.conf usr/lib/ipsec/plugins/libstrongswan-eap-simaka-reauth.so usr/share/strongswan/templates/config/plugins/eap-simaka-reauth.conf debian/strongswan-plugin-dnscert.install0000644000000000000000000000021712775300022015715 0ustar etc/strongswan.d/charon/dnscert.conf usr/lib/ipsec/plugins/libstrongswan-dnscert.so usr/share/strongswan/templates/config/plugins/dnscert.conf debian/copyright0000644000000000000000000026065112775300022011131 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: strongswan Upstream-Contact: http://strongswan.org/ Source: http://strongswan.org/ Files: src/checksum/checksum_builder.c src/dumm/bridge.c src/dumm/bridge.h src/dumm/iface.h src/dumm/irdumm.c src/dumm/main.c src/dumm/mconsole.h src/libcharon/bus/bus.c src/libcharon/bus/bus.h src/libcharon/bus/listeners/file_logger.c src/libcharon/bus/listeners/file_logger.h src/libcharon/bus/listeners/listener.h src/libcharon/bus/listeners/sys_logger.c src/libcharon/bus/listeners/sys_logger.h src/libcharon/config/backend.h src/libcharon/config/backend_manager.c src/libcharon/config/backend_manager.h src/libcharon/config/proposal.h src/libcharon/control/controller.h src/libcharon/plugins/android/android_plugin.h src/libcharon/plugins/eap_aka/eap_aka_peer.c src/libcharon/plugins/eap_aka/eap_aka_peer.h src/libcharon/plugins/eap_aka/eap_aka_plugin.c src/libcharon/plugins/eap_aka/eap_aka_plugin.h src/libcharon/plugins/eap_aka/eap_aka_server.c src/libcharon/plugins/eap_aka/eap_aka_server.h src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h src/libcharon/plugins/eap_gtc/eap_gtc.c src/libcharon/plugins/eap_gtc/eap_gtc.h src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c src/libcharon/plugins/eap_gtc/eap_gtc_plugin.h src/libcharon/plugins/eap_identity/eap_identity.c src/libcharon/plugins/eap_identity/eap_identity.h src/libcharon/plugins/eap_identity/eap_identity_plugin.c src/libcharon/plugins/eap_identity/eap_identity_plugin.h src/libcharon/plugins/eap_md5/eap_md5.c src/libcharon/plugins/eap_md5/eap_md5.h src/libcharon/plugins/eap_md5/eap_md5_plugin.c src/libcharon/plugins/eap_md5/eap_md5_plugin.h src/libcharon/plugins/eap_radius/eap_radius.c src/libcharon/plugins/eap_radius/eap_radius.h src/libcharon/plugins/eap_radius/eap_radius_plugin.c src/libcharon/plugins/eap_radius/eap_radius_plugin.h src/libcharon/plugins/eap_sim/eap_sim_peer.c src/libcharon/plugins/eap_sim/eap_sim_peer.h src/libcharon/plugins/eap_sim/eap_sim_plugin.c src/libcharon/plugins/eap_sim/eap_sim_plugin.h src/libcharon/plugins/eap_sim/eap_sim_server.c src/libcharon/plugins/eap_sim/eap_sim_server.h src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c src/libcharon/plugins/eap_sim_file/eap_sim_file_card.h src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.c src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.h src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.c src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.h src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.h src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h src/libcharon/plugins/ha/ha_child.c src/libcharon/plugins/ha/ha_child.h src/libcharon/plugins/ha/ha_ctl.c src/libcharon/plugins/ha/ha_ctl.h src/libcharon/plugins/ha/ha_dispatcher.c src/libcharon/plugins/ha/ha_dispatcher.h src/libcharon/plugins/ha/ha_ike.c src/libcharon/plugins/ha/ha_ike.h src/libcharon/plugins/ha/ha_kernel.c src/libcharon/plugins/ha/ha_kernel.h src/libcharon/plugins/ha/ha_message.c src/libcharon/plugins/ha/ha_message.h src/libcharon/plugins/ha/ha_plugin.c src/libcharon/plugins/ha/ha_plugin.h src/libcharon/plugins/ha/ha_segments.c src/libcharon/plugins/ha/ha_segments.h src/libcharon/plugins/ha/ha_socket.c src/libcharon/plugins/ha/ha_socket.h src/libcharon/plugins/ha/ha_tunnel.c src/libcharon/plugins/ha/ha_tunnel.h src/libcharon/plugins/load_tester/load_tester_config.c src/libcharon/plugins/load_tester/load_tester_config.h src/libcharon/plugins/load_tester/load_tester_creds.c src/libcharon/plugins/load_tester/load_tester_creds.h src/libcharon/plugins/load_tester/load_tester_diffie_hellman.c src/libcharon/plugins/load_tester/load_tester_diffie_hellman.h src/libcharon/plugins/load_tester/load_tester_ipsec.c src/libcharon/plugins/load_tester/load_tester_ipsec.h src/libcharon/plugins/load_tester/load_tester_listener.c src/libcharon/plugins/load_tester/load_tester_listener.h src/libcharon/plugins/load_tester/load_tester_plugin.c src/libcharon/plugins/load_tester/load_tester_plugin.h src/libcharon/plugins/medcli/medcli_config.c src/libcharon/plugins/medcli/medcli_config.h src/libcharon/plugins/medcli/medcli_creds.c src/libcharon/plugins/medcli/medcli_creds.h src/libcharon/plugins/medcli/medcli_listener.c src/libcharon/plugins/medcli/medcli_listener.h src/libcharon/plugins/medcli/medcli_plugin.c src/libcharon/plugins/medcli/medcli_plugin.h src/libcharon/plugins/medsrv/medsrv_config.c src/libcharon/plugins/medsrv/medsrv_config.h src/libcharon/plugins/medsrv/medsrv_creds.c src/libcharon/plugins/medsrv/medsrv_creds.h src/libcharon/plugins/medsrv/medsrv_plugin.c src/libcharon/plugins/medsrv/medsrv_plugin.h src/libcharon/plugins/nm/nm_creds.c src/libcharon/plugins/nm/nm_creds.h src/libcharon/plugins/nm/nm_handler.c src/libcharon/plugins/nm/nm_handler.h src/libcharon/plugins/nm/nm_plugin.c src/libcharon/plugins/nm/nm_plugin.h src/libcharon/plugins/nm/nm_service.c src/libcharon/plugins/nm/nm_service.h src/libcharon/plugins/smp/smp.c src/libcharon/plugins/smp/smp.h src/libcharon/plugins/sql/sql_config.h src/libcharon/plugins/sql/sql_cred.h src/libcharon/plugins/sql/sql_logger.c src/libcharon/plugins/sql/sql_logger.h src/libcharon/plugins/sql/sql_plugin.c src/libcharon/plugins/sql/sql_plugin.h src/libcharon/plugins/stroke/stroke_attribute.h src/libcharon/plugins/stroke/stroke_control.c src/libcharon/plugins/stroke/stroke_control.h src/libcharon/plugins/stroke/stroke_list.c src/libcharon/plugins/stroke/stroke_list.h src/libcharon/plugins/stroke/stroke_plugin.c src/libcharon/plugins/stroke/stroke_plugin.h src/libcharon/plugins/stroke/stroke_socket.h src/libcharon/plugins/unit_tester/tests.h src/libcharon/plugins/unit_tester/tests/test_agent.c src/libcharon/plugins/unit_tester/tests/test_auth_info.c src/libcharon/plugins/unit_tester/tests/test_cert.c src/libcharon/plugins/unit_tester/tests/test_chunk.c src/libcharon/plugins/unit_tester/tests/test_curl.c src/libcharon/plugins/unit_tester/tests/test_enumerator.c src/libcharon/plugins/unit_tester/tests/test_id.c src/libcharon/plugins/unit_tester/tests/test_med_db.c src/libcharon/plugins/unit_tester/tests/test_mutex.c src/libcharon/plugins/unit_tester/tests/test_mysql.c src/libcharon/plugins/unit_tester/tests/test_pool.c src/libcharon/plugins/unit_tester/tests/test_rsa_gen.c src/libcharon/plugins/unit_tester/tests/test_sqlite.c src/libcharon/plugins/unit_tester/unit_tester.c src/libcharon/plugins/unit_tester/unit_tester.h src/libcharon/plugins/updown/updown_listener.c src/libcharon/plugins/updown/updown_listener.h src/libcharon/plugins/updown/updown_plugin.c src/libcharon/plugins/updown/updown_plugin.h src/libcharon/processing/jobs/acquire_job.c src/libcharon/processing/jobs/acquire_job.h src/libcharon/processing/jobs/delete_child_sa_job.c src/libcharon/processing/jobs/delete_child_sa_job.h src/libcharon/processing/jobs/inactivity_job.c src/libcharon/processing/jobs/inactivity_job.h src/libcharon/processing/jobs/rekey_child_sa_job.c src/libcharon/processing/jobs/rekey_child_sa_job.h src/libcharon/processing/jobs/rekey_ike_sa_job.c src/libcharon/processing/jobs/rekey_ike_sa_job.h src/libcharon/processing/jobs/roam_job.c src/libcharon/processing/jobs/roam_job.h src/libcharon/processing/jobs/update_sa_job.c src/libcharon/processing/jobs/update_sa_job.h src/libcharon/sa/authenticators/eap/eap_manager.c src/libcharon/sa/authenticators/eap/eap_manager.h src/libcharon/sa/authenticators/eap/eap_method.c src/libcharon/sa/authenticators/eap/eap_method.h src/libcharon/sa/authenticators/eap_authenticator.c src/libcharon/sa/authenticators/eap_authenticator.h src/libcharon/sa/authenticators/psk_authenticator.h src/libcharon/sa/keymat.c src/libcharon/sa/keymat.h src/libcharon/sa/task_manager.h src/libcharon/sa/tasks/child_create.h src/libcharon/sa/tasks/child_delete.c src/libcharon/sa/tasks/child_delete.h src/libcharon/sa/tasks/child_rekey.h src/libcharon/sa/tasks/ike_auth.h src/libcharon/sa/tasks/ike_auth_lifetime.c src/libcharon/sa/tasks/ike_auth_lifetime.h src/libcharon/sa/tasks/ike_cert_post.h src/libcharon/sa/tasks/ike_cert_pre.h src/libcharon/sa/tasks/ike_config.h src/libcharon/sa/tasks/ike_delete.c src/libcharon/sa/tasks/ike_delete.h src/libcharon/sa/tasks/ike_dpd.c src/libcharon/sa/tasks/ike_dpd.h src/libcharon/sa/tasks/ike_init.h src/libcharon/sa/tasks/ike_mobike.h src/libcharon/sa/tasks/ike_natd.h src/libcharon/sa/tasks/ike_reauth.c src/libcharon/sa/tasks/ike_reauth.h src/libcharon/sa/tasks/ike_rekey.h src/libcharon/sa/tasks/ike_vendor.c src/libcharon/sa/tasks/ike_vendor.h src/libcharon/sa/trap_manager.h src/libfast/context.h src/libfast/controller.h src/libfast/dispatcher.c src/libfast/dispatcher.h src/libfast/filter.h src/libfast/request.c src/libfast/request.h src/libfast/session.c src/libfast/session.h src/libhydra/attributes/attribute_handler.h src/libhydra/attributes/attribute_manager.c src/libhydra/attributes/attribute_manager.h src/libhydra/attributes/attribute_provider.h src/libhydra/plugins/attr/attr_plugin.c src/libhydra/plugins/attr/attr_plugin.h src/libhydra/plugins/attr/attr_provider.h src/libhydra/plugins/attr_sql/attr_sql_plugin.c src/libhydra/plugins/attr_sql/attr_sql_plugin.h src/libhydra/plugins/attr_sql/pool.c src/libhydra/plugins/attr_sql/sql_attribute.c src/libhydra/plugins/attr_sql/sql_attribute.h src/libhydra/plugins/resolve/resolve_handler.h src/libhydra/plugins/resolve/resolve_plugin.c src/libhydra/plugins/resolve/resolve_plugin.h src/libradius/radius_client.c src/libradius/radius_client.h src/libradius/radius_message.c src/libradius/radius_message.h src/libsimaka/simaka_card.h src/libsimaka/simaka_crypto.c src/libsimaka/simaka_crypto.h src/libsimaka/simaka_hooks.h src/libsimaka/simaka_manager.c src/libsimaka/simaka_manager.h src/libsimaka/simaka_message.c src/libsimaka/simaka_message.h src/libsimaka/simaka_provider.h src/libstrongswan/credentials/builder.c src/libstrongswan/credentials/builder.h src/libstrongswan/credentials/certificates/certificate.c src/libstrongswan/credentials/certificates/certificate.h src/libstrongswan/credentials/certificates/ocsp_request.h src/libstrongswan/credentials/certificates/ocsp_response.c src/libstrongswan/credentials/certificates/ocsp_response.h src/libstrongswan/credentials/certificates/pgp_certificate.h src/libstrongswan/credentials/certificates/x509.h src/libstrongswan/credentials/cred_encoding.c src/libstrongswan/credentials/cred_encoding.h src/libstrongswan/credentials/credential_factory.c src/libstrongswan/credentials/credential_factory.h src/libstrongswan/credentials/credential_manager.c src/libstrongswan/credentials/credential_manager.h src/libstrongswan/credentials/credential_set.h src/libstrongswan/credentials/keys/private_key.c src/libstrongswan/credentials/keys/private_key.h src/libstrongswan/credentials/keys/public_key.c src/libstrongswan/credentials/keys/public_key.h src/libstrongswan/credentials/keys/shared_key.c src/libstrongswan/credentials/keys/shared_key.h src/libstrongswan/credentials/sets/auth_cfg_wrapper.h src/libstrongswan/credentials/sets/cert_cache.c src/libstrongswan/credentials/sets/cert_cache.h src/libstrongswan/credentials/sets/ocsp_response_wrapper.c src/libstrongswan/credentials/sets/ocsp_response_wrapper.h src/libstrongswan/crypto/crypto_factory.c src/libstrongswan/crypto/crypto_factory.h src/libstrongswan/crypto/crypto_tester.h src/libstrongswan/crypto/rngs/rng.c src/libstrongswan/crypto/rngs/rng.h src/libstrongswan/crypto/transform.c src/libstrongswan/crypto/transform.h src/libstrongswan/database/database.h src/libstrongswan/database/database_factory.c src/libstrongswan/database/database_factory.h src/libstrongswan/debug.c src/libstrongswan/debug.h src/libstrongswan/eap/eap.c src/libstrongswan/enum.c src/libstrongswan/fetcher/fetcher_manager.c src/libstrongswan/fetcher/fetcher_manager.h src/libstrongswan/integrity_checker.c src/libstrongswan/integrity_checker.h src/libstrongswan/library.h src/libstrongswan/plugins/aes/aes_plugin.c src/libstrongswan/plugins/aes/aes_plugin.h src/libstrongswan/plugins/agent/agent_plugin.c src/libstrongswan/plugins/agent/agent_plugin.h src/libstrongswan/plugins/agent/agent_private_key.c src/libstrongswan/plugins/agent/agent_private_key.h src/libstrongswan/plugins/curl/curl_fetcher.h src/libstrongswan/plugins/curl/curl_plugin.c src/libstrongswan/plugins/curl/curl_plugin.h src/libstrongswan/plugins/des/des_crypter.h src/libstrongswan/plugins/des/des_plugin.c src/libstrongswan/plugins/des/des_plugin.h src/libstrongswan/plugins/dnskey/dnskey_builder.c src/libstrongswan/plugins/dnskey/dnskey_builder.h src/libstrongswan/plugins/dnskey/dnskey_plugin.c src/libstrongswan/plugins/dnskey/dnskey_plugin.h src/libstrongswan/plugins/fips_prf/fips_prf.c src/libstrongswan/plugins/fips_prf/fips_prf.h src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h src/libstrongswan/plugins/gcrypt/gcrypt_dh.h src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h src/libstrongswan/plugins/gcrypt/gcrypt_rng.c src/libstrongswan/plugins/gcrypt/gcrypt_rng.h src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h src/libstrongswan/plugins/gmp/gmp_plugin.c src/libstrongswan/plugins/gmp/gmp_plugin.h src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h src/libstrongswan/plugins/hmac/hmac_plugin.c src/libstrongswan/plugins/hmac/hmac_plugin.h src/libstrongswan/plugins/ldap/ldap_fetcher.h src/libstrongswan/plugins/ldap/ldap_plugin.c src/libstrongswan/plugins/ldap/ldap_plugin.h src/libstrongswan/plugins/md4/md4_plugin.c src/libstrongswan/plugins/md4/md4_plugin.h src/libstrongswan/plugins/md5/md5_plugin.c src/libstrongswan/plugins/md5/md5_plugin.h src/libstrongswan/plugins/mysql/mysql_database.c src/libstrongswan/plugins/mysql/mysql_database.h src/libstrongswan/plugins/mysql/mysql_plugin.c src/libstrongswan/plugins/mysql/mysql_plugin.h src/libstrongswan/plugins/padlock/padlock_plugin.c src/libstrongswan/plugins/padlock/padlock_plugin.h src/libstrongswan/plugins/padlock/padlock_rng.c src/libstrongswan/plugins/padlock/padlock_rng.h src/libstrongswan/plugins/pem/pem_builder.h src/libstrongswan/plugins/pem/pem_plugin.c src/libstrongswan/plugins/pem/pem_plugin.h src/libstrongswan/plugins/pgp/pgp_builder.h src/libstrongswan/plugins/pgp/pgp_cert.c src/libstrongswan/plugins/pgp/pgp_cert.h src/libstrongswan/plugins/pgp/pgp_encoder.c src/libstrongswan/plugins/pgp/pgp_encoder.h src/libstrongswan/plugins/pgp/pgp_plugin.c src/libstrongswan/plugins/pgp/pgp_plugin.h src/libstrongswan/plugins/pgp/pgp_utils.c src/libstrongswan/plugins/pgp/pgp_utils.h src/libstrongswan/plugins/pkcs1/pkcs1_builder.h src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c src/libstrongswan/plugins/pkcs1/pkcs1_encoder.h src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h src/libstrongswan/plugins/plugin.h src/libstrongswan/plugins/pubkey/pubkey_cert.c src/libstrongswan/plugins/pubkey/pubkey_cert.h src/libstrongswan/plugins/pubkey/pubkey_plugin.c src/libstrongswan/plugins/pubkey/pubkey_plugin.h src/libstrongswan/plugins/random/random_plugin.c src/libstrongswan/plugins/random/random_plugin.h src/libstrongswan/plugins/random/random_rng.h src/libstrongswan/plugins/sha1/sha1_plugin.c src/libstrongswan/plugins/sha1/sha1_plugin.h src/libstrongswan/plugins/sha1/sha1_prf.c src/libstrongswan/plugins/sha1/sha1_prf.h src/libstrongswan/plugins/sha2/sha2_hasher.h src/libstrongswan/plugins/sha2/sha2_plugin.c src/libstrongswan/plugins/sha2/sha2_plugin.h src/libstrongswan/plugins/sqlite/sqlite_database.c src/libstrongswan/plugins/sqlite/sqlite_database.h src/libstrongswan/plugins/sqlite/sqlite_plugin.c src/libstrongswan/plugins/sqlite/sqlite_plugin.h src/libstrongswan/plugins/test_vectors/test_vectors.h src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h src/libstrongswan/plugins/x509/x509_cert.h src/libstrongswan/plugins/x509/x509_crl.c src/libstrongswan/plugins/x509/x509_crl.h src/libstrongswan/plugins/x509/x509_ocsp_request.h src/libstrongswan/plugins/x509/x509_ocsp_response.h src/libstrongswan/plugins/x509/x509_plugin.c src/libstrongswan/plugins/x509/x509_plugin.h src/libstrongswan/plugins/xcbc/xcbc.c src/libstrongswan/plugins/xcbc/xcbc.h src/libstrongswan/plugins/xcbc/xcbc_plugin.c src/libstrongswan/plugins/xcbc/xcbc_plugin.h src/libstrongswan/plugins/xcbc/xcbc_prf.c src/libstrongswan/plugins/xcbc/xcbc_prf.h src/libstrongswan/plugins/xcbc/xcbc_signer.c src/libstrongswan/plugins/xcbc/xcbc_signer.h src/libstrongswan/utils/backtrace.c src/libstrongswan/utils/backtrace.h src/libstrongswan/utils/enumerator.h src/libstrongswan/utils/leak_detective.c src/libstrongswan/utils/leak_detective.h src/manager/controller/auth_controller.c src/manager/controller/auth_controller.h src/manager/controller/config_controller.c src/manager/controller/config_controller.h src/manager/controller/control_controller.c src/manager/controller/control_controller.h src/manager/controller/gateway_controller.c src/manager/controller/gateway_controller.h src/manager/controller/ikesa_controller.c src/manager/controller/ikesa_controller.h src/manager/gateway.c src/manager/gateway.h src/manager/main.c src/manager/manager.c src/manager/manager.h src/manager/storage.c src/manager/storage.h src/manager/xml.c src/manager/xml.h src/medsrv/user.c src/medsrv/user.h src/pki/command.c src/pki/command.h src/pki/commands/gen.c src/pki/commands/issue.c src/pki/commands/keyid.c src/pki/commands/pub.c src/pki/commands/self.c src/pki/commands/verify.c src/pki/pki.c src/pki/pki.h src/pluto/builder.h src/starter/starterstroke.c src/stroke/stroke_msg.h Copyright: 2005-2009, Martin Willi 2006, Martin Willi 2006-2007, Martin Willi 2006-2008, Martin Willi 2006-2009, Martin Willi 2007, Martin Willi 2007-2008, Martin Willi 2007-2009, Martin Willi 2008, Martin Willi 2008-2009, Martin Willi 2008-2011, Martin Willi 2009, Martin Willi 2009-2011, Martin Willi 2010, Martin Willi License: GPL-2+ Files: src/libstrongswan/plugins/openssl/openssl_sha1_prf.c src/libstrongswan/plugins/openssl/openssl_sha1_prf.h Copyright: 2010, Martin Willi License: GPL-2+ with OpenSSL exception Files: scripts/fetch.c scripts/tls_test.c src/conftest/actions.c src/conftest/actions.h src/conftest/config.c src/conftest/config.h src/conftest/conftest.c src/conftest/conftest.h src/conftest/hooks/add_notify.c src/conftest/hooks/add_payload.c src/conftest/hooks/custom_proposal.c src/conftest/hooks/force_cookie.c src/conftest/hooks/hook.h src/conftest/hooks/ignore_message.c src/conftest/hooks/ike_auth_fill.c src/conftest/hooks/log_id.c src/conftest/hooks/log_ke.c src/conftest/hooks/log_proposals.c src/conftest/hooks/log_ts.c src/conftest/hooks/pretend_auth.c src/conftest/hooks/rebuild_auth.c src/conftest/hooks/reset_seq.c src/conftest/hooks/set_critical.c src/conftest/hooks/set_ike_initiator.c src/conftest/hooks/set_ike_request.c src/conftest/hooks/set_ike_spi.c src/conftest/hooks/set_ike_version.c src/conftest/hooks/set_length.c src/conftest/hooks/set_proposal_number.c src/conftest/hooks/set_reserved.c src/conftest/hooks/unencrypted_notify.c src/conftest/hooks/unsort_message.c src/libcharon/control/controller.c src/libcharon/network/socket.c src/libcharon/plugins/addrblock/addrblock_narrow.h src/libcharon/plugins/addrblock/addrblock_plugin.c src/libcharon/plugins/addrblock/addrblock_plugin.h src/libcharon/plugins/addrblock/addrblock_validator.h src/libcharon/plugins/certexpire/certexpire_cron.c src/libcharon/plugins/certexpire/certexpire_cron.h src/libcharon/plugins/certexpire/certexpire_export.c src/libcharon/plugins/certexpire/certexpire_export.h src/libcharon/plugins/certexpire/certexpire_listener.c src/libcharon/plugins/certexpire/certexpire_listener.h src/libcharon/plugins/certexpire/certexpire_plugin.c src/libcharon/plugins/certexpire/certexpire_plugin.h src/libcharon/plugins/coupling/coupling_plugin.c src/libcharon/plugins/coupling/coupling_plugin.h src/libcharon/plugins/coupling/coupling_validator.c src/libcharon/plugins/coupling/coupling_validator.h src/libcharon/plugins/dhcp/dhcp_plugin.c src/libcharon/plugins/dhcp/dhcp_plugin.h src/libcharon/plugins/dhcp/dhcp_provider.c src/libcharon/plugins/dhcp/dhcp_provider.h src/libcharon/plugins/dhcp/dhcp_socket.c src/libcharon/plugins/dhcp/dhcp_socket.h src/libcharon/plugins/dhcp/dhcp_transaction.c src/libcharon/plugins/dhcp/dhcp_transaction.h src/libcharon/plugins/duplicheck/duplicheck.c src/libcharon/plugins/duplicheck/duplicheck_listener.c src/libcharon/plugins/duplicheck/duplicheck_listener.h src/libcharon/plugins/duplicheck/duplicheck_notify.c src/libcharon/plugins/duplicheck/duplicheck_notify.h src/libcharon/plugins/duplicheck/duplicheck_plugin.c src/libcharon/plugins/duplicheck/duplicheck_plugin.h src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_accounting.h src/libcharon/plugins/eap_radius/eap_radius_dae.c src/libcharon/plugins/eap_radius/eap_radius_dae.h src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/eap_radius/eap_radius_forward.h src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_card.c src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_card.h src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_plugin.c src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_plugin.h src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_provider.c src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_provider.h src/libcharon/plugins/eap_tls/eap_tls.c src/libcharon/plugins/eap_tls/eap_tls.h src/libcharon/plugins/eap_tls/eap_tls_plugin.c src/libcharon/plugins/eap_tls/eap_tls_plugin.h src/libcharon/plugins/farp/farp_listener.c src/libcharon/plugins/farp/farp_listener.h src/libcharon/plugins/farp/farp_plugin.c src/libcharon/plugins/farp/farp_plugin.h src/libcharon/plugins/farp/farp_spoofer.c src/libcharon/plugins/farp/farp_spoofer.h src/libcharon/plugins/ha/ha_attribute.c src/libcharon/plugins/ha/ha_attribute.h src/libcharon/plugins/ha/ha_cache.c src/libcharon/plugins/ha/ha_cache.h src/libcharon/plugins/led/led_listener.c src/libcharon/plugins/led/led_listener.h src/libcharon/plugins/led/led_plugin.c src/libcharon/plugins/led/led_plugin.h src/libcharon/plugins/radattr/radattr_listener.c src/libcharon/plugins/radattr/radattr_listener.h src/libcharon/plugins/radattr/radattr_plugin.c src/libcharon/plugins/radattr/radattr_plugin.h src/libcharon/plugins/socket_default/socket_default_plugin.h src/libcharon/plugins/socket_default/socket_default_socket.h src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.h src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.h src/libcharon/plugins/socket_raw/socket_raw_plugin.h src/libcharon/plugins/socket_raw/socket_raw_socket.h src/libcharon/plugins/whitelist/whitelist.c src/libcharon/plugins/whitelist/whitelist_control.c src/libcharon/plugins/whitelist/whitelist_control.h src/libcharon/plugins/whitelist/whitelist_listener.c src/libcharon/plugins/whitelist/whitelist_listener.h src/libcharon/plugins/whitelist/whitelist_msg.h src/libcharon/plugins/whitelist/whitelist_plugin.c src/libcharon/plugins/whitelist/whitelist_plugin.h src/libfast/smtp.c src/libfast/smtp.h src/libhydra/kernel/kernel_net.c src/libradius/radius_config.c src/libradius/radius_config.h src/libradius/radius_socket.c src/libradius/radius_socket.h src/libstrongswan/bio/bio_reader.c src/libstrongswan/bio/bio_reader.h src/libstrongswan/bio/bio_writer.c src/libstrongswan/bio/bio_writer.h src/libstrongswan/credentials/cert_validator.h src/libstrongswan/credentials/sets/callback_cred.c src/libstrongswan/credentials/sets/callback_cred.h src/libstrongswan/crypto/aead.c src/libstrongswan/crypto/aead.h src/libstrongswan/crypto/crypto_tester.c src/libstrongswan/database/database.c src/libstrongswan/eap/eap.h src/libstrongswan/fetcher/fetcher.c src/libstrongswan/fetcher/fetcher.h src/libstrongswan/plugins/af_alg/af_alg_crypter.c src/libstrongswan/plugins/af_alg/af_alg_crypter.h src/libstrongswan/plugins/af_alg/af_alg_hasher.c src/libstrongswan/plugins/af_alg/af_alg_hasher.h src/libstrongswan/plugins/af_alg/af_alg_ops.c src/libstrongswan/plugins/af_alg/af_alg_ops.h src/libstrongswan/plugins/af_alg/af_alg_plugin.c src/libstrongswan/plugins/af_alg/af_alg_plugin.h src/libstrongswan/plugins/af_alg/af_alg_prf.c src/libstrongswan/plugins/af_alg/af_alg_prf.h src/libstrongswan/plugins/af_alg/af_alg_signer.c src/libstrongswan/plugins/af_alg/af_alg_signer.h src/libstrongswan/plugins/ccm/ccm_aead.c src/libstrongswan/plugins/ccm/ccm_aead.h src/libstrongswan/plugins/ccm/ccm_plugin.c src/libstrongswan/plugins/ccm/ccm_plugin.h src/libstrongswan/plugins/constraints/constraints_plugin.c src/libstrongswan/plugins/constraints/constraints_plugin.h src/libstrongswan/plugins/constraints/constraints_validator.c src/libstrongswan/plugins/constraints/constraints_validator.h src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.h src/libstrongswan/plugins/ctr/ctr_plugin.c src/libstrongswan/plugins/ctr/ctr_plugin.h src/libstrongswan/plugins/gcm/gcm_aead.c src/libstrongswan/plugins/gcm/gcm_aead.h src/libstrongswan/plugins/gcm/gcm_plugin.c src/libstrongswan/plugins/gcm/gcm_plugin.h src/libstrongswan/plugins/pkcs11/pkcs11_creds.c src/libstrongswan/plugins/pkcs11/pkcs11_creds.h src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c src/libstrongswan/plugins/pkcs11/pkcs11_hasher.h src/libstrongswan/plugins/pkcs11/pkcs11_manager.c src/libstrongswan/plugins/pkcs11/pkcs11_manager.h src/libstrongswan/plugins/pkcs11/pkcs11_plugin.h src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h src/libstrongswan/plugins/plugin_feature.c src/libstrongswan/plugins/plugin_feature.h src/libstrongswan/plugins/revocation/revocation_plugin.c src/libstrongswan/plugins/revocation/revocation_plugin.h src/libstrongswan/plugins/revocation/revocation_validator.h src/libstrongswan/plugins/soup/soup_fetcher.c src/libstrongswan/plugins/soup/soup_fetcher.h src/libstrongswan/plugins/soup/soup_plugin.c src/libstrongswan/plugins/soup/soup_plugin.h src/libstrongswan/processing/jobs/callback_job.h src/libstrongswan/processing/jobs/job.c src/libtls/tls.c src/libtls/tls.h src/libtls/tls_alert.c src/libtls/tls_alert.h src/libtls/tls_cache.c src/libtls/tls_cache.h src/libtls/tls_compression.c src/libtls/tls_compression.h src/libtls/tls_crypto.c src/libtls/tls_crypto.h src/libtls/tls_eap.c src/libtls/tls_eap.h src/libtls/tls_fragmentation.c src/libtls/tls_fragmentation.h src/libtls/tls_handshake.h src/libtls/tls_peer.c src/libtls/tls_peer.h src/libtls/tls_prf.c src/libtls/tls_prf.h src/libtls/tls_protection.c src/libtls/tls_protection.h src/libtls/tls_server.c src/libtls/tls_server.h src/libtls/tls_socket.c src/libtls/tls_socket.h src/pki/commands/print.c src/pki/commands/signcrl.c Copyright: 2007-2011, Martin Willi 2008-2011, Martin Willi 2009-2010, Martin Willi 2010, Martin Willi 2010, revosec AG 2011, Martin Willi 2011, revosec AG 2012, Martin Willi 2012, revosec AG License: GPL-2+ Files: src/libstrongswan/plugins/openssl/openssl_crl.h src/libstrongswan/plugins/openssl/openssl_x509.h Copyright: 2010, Martin Willi 2010 revosec AG License: GPL-2+ with OpenSSL exception Files: scripts/thread_analysis.c src/libcharon/plugins/eap_tnc/eap_tnc.c src/libcharon/plugins/eap_tnc/eap_tnc.h src/libcharon/plugins/eap_tnc/eap_tnc_plugin.c src/libcharon/plugins/eap_tnc/eap_tnc_plugin.h src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.h src/libcharon/plugins/tnc_ifmap/tnc_ifmap_plugin.c src/libcharon/plugins/tnc_ifmap/tnc_ifmap_plugin.h src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h src/libcharon/plugins/tnc_imc/tnc_imc.h src/libcharon/plugins/tnc_imc/tnc_imc_manager.h src/libcharon/plugins/tnc_imc/tnc_imc_plugin.c src/libcharon/plugins/tnc_imc/tnc_imc_plugin.h src/libcharon/plugins/tnc_imv/tnc_imv.h src/libcharon/plugins/tnc_imv/tnc_imv_manager.h src/libcharon/plugins/tnc_imv/tnc_imv_plugin.c src/libcharon/plugins/tnc_imv/tnc_imv_plugin.h src/libcharon/plugins/tnc_imv/tnc_imv_recommendations.h src/libcharon/plugins/tnc_pdp/tnc_pdp.c src/libcharon/plugins/tnc_pdp/tnc_pdp.h src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.h src/libcharon/plugins/tnc_pdp/tnc_pdp_plugin.c src/libcharon/plugins/tnc_pdp/tnc_pdp_plugin.h src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.c src/libcharon/plugins/tnc_tnccs/tnc_tnccs_manager.h src/libcharon/plugins/tnc_tnccs/tnc_tnccs_plugin.c src/libcharon/plugins/tnc_tnccs/tnc_tnccs_plugin.h src/libcharon/plugins/tnccs_11/batch/tnccs_batch.h src/libcharon/plugins/tnccs_11/messages/imc_imv_msg.h src/libcharon/plugins/tnccs_11/messages/tnccs_error_msg.h src/libcharon/plugins/tnccs_11/messages/tnccs_msg.h src/libcharon/plugins/tnccs_11/messages/tnccs_preferred_language_msg.h src/libcharon/plugins/tnccs_11/messages/tnccs_reason_strings_msg.h src/libcharon/plugins/tnccs_11/messages/tnccs_recommendation_msg.h src/libcharon/plugins/tnccs_11/messages/tnccs_tncs_contact_info_msg.h src/libcharon/plugins/tnccs_11/tnccs_11.c src/libcharon/plugins/tnccs_11/tnccs_11.h src/libcharon/plugins/tnccs_11/tnccs_11_plugin.c src/libcharon/plugins/tnccs_11/tnccs_11_plugin.h src/libcharon/plugins/tnccs_20/batch/pb_tnc_batch.h src/libcharon/plugins/tnccs_20/messages/pb_experimental_msg.c src/libcharon/plugins/tnccs_20/messages/pb_pa_msg.h src/libcharon/plugins/tnccs_20/messages/pb_remediation_parameters_msg.c src/libcharon/plugins/tnccs_20/messages/pb_remediation_parameters_msg.h src/libcharon/plugins/tnccs_20/messages/pb_tnc_msg.c src/libcharon/plugins/tnccs_20/messages/pb_tnc_msg.h src/libcharon/plugins/tnccs_20/state_machine/pb_tnc_state_machine.c src/libcharon/plugins/tnccs_20/state_machine/pb_tnc_state_machine.h src/libcharon/plugins/tnccs_20/tnccs_20.h src/libcharon/plugins/tnccs_20/tnccs_20_plugin.c src/libcharon/plugins/tnccs_20/tnccs_20_plugin.h src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic.c src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic.h src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic_plugin.c src/libcharon/plugins/tnccs_dynamic/tnccs_dynamic_plugin.h src/libcharon/processing/jobs/migrate_job.c src/libcharon/processing/jobs/migrate_job.h src/libcharon/processing/jobs/start_action_job.c src/libcharon/processing/jobs/start_action_job.h src/libcharon/sa/shunt_manager.c src/libcharon/sa/shunt_manager.h src/libhydra/plugins/attr_sql/pool_attributes.c src/libhydra/plugins/attr_sql/pool_attributes.h src/libimcv/ietf/ietf_attr.h src/libimcv/ietf/ietf_attr_pa_tnc_error.h src/libimcv/ietf/ietf_attr_port_filter.h src/libimcv/ietf/ietf_attr_product_info.h src/libimcv/ita/ita_attr.c src/libimcv/ita/ita_attr.h src/libimcv/ita/ita_attr_command.h src/libimcv/pa_tnc/pa_tnc_attr.h src/libimcv/pa_tnc/pa_tnc_attr_manager.c src/libimcv/pa_tnc/pa_tnc_attr_manager.h src/libimcv/pa_tnc/pa_tnc_msg.c src/libimcv/pa_tnc/pa_tnc_msg.h src/libpts/plugins/imv_attestation/attest.c src/libpts/plugins/imv_attestation/attest_db.c src/libpts/plugins/imv_attestation/attest_db.h src/libpts/plugins/imv_attestation/attest_usage.c src/libpts/plugins/imv_attestation/attest_usage.h src/libpts/pts/components/ita/ita_comp_func_name.c src/libpts/pts/components/ita/ita_comp_ima.c src/libpts/pts/components/ita/ita_comp_ima.h src/libpts/pts/components/ita/ita_comp_tboot.c src/libpts/pts/components/ita/ita_comp_tgrub.c src/libpts/pts/components/pts_comp_func_name.c src/libpts/pts/components/pts_component.h src/libpts/pts/components/pts_component_manager.c src/libpts/pts/components/pts_component_manager.h src/libpts/pts/components/tcg/tcg_comp_func_name.c src/libpts/pts/pts_creds.c src/libpts/pts/pts_creds.h src/libpts/pts/pts_database.h src/libpts/pts/pts_file_type.c src/libpts/pts/pts_meas_algo.c src/libpts/tcg/tcg_attr.h src/libradius/radius_mppe.h src/libstrongswan/credentials/certificates/ac.h src/libstrongswan/credentials/certificates/pkcs10.h src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c src/libstrongswan/credentials/ietf_attributes/ietf_attributes.h src/libstrongswan/crypto/pkcs9.c src/libstrongswan/crypto/pkcs9.h src/libstrongswan/crypto/proposal/proposal_keywords.c src/libstrongswan/crypto/proposal/proposal_keywords.h src/libstrongswan/pen/pen.c src/libstrongswan/pen/pen.h src/libstrongswan/plugins/pem/pem_encoder.c src/libstrongswan/plugins/pem/pem_encoder.h src/libstrongswan/utils/lexparser.c src/libstrongswan/utils/lexparser.h src/libstrongswan/utils/optionsfrom.h src/libtnccs/tnc/imc/imc.h src/libtnccs/tnc/imc/imc_manager.h src/libtnccs/tnc/imv/imv.h src/libtnccs/tnc/imv/imv_manager.h src/libtnccs/tnc/imv/imv_recommendations.c src/libtnccs/tnc/imv/imv_recommendations.h src/libtnccs/tnc/tnc.c src/libtnccs/tnc/tnc.h src/libtnccs/tnc/tnccs/tnccs.c src/libtnccs/tnc/tnccs/tnccs.h src/libtnccs/tnc/tnccs/tnccs_manager.c src/libtnccs/tnc/tnccs/tnccs_manager.h src/libtncif/tncif_names.c src/libtncif/tncif_pa_subtypes.c src/pluto/certs.c src/pluto/certs.h src/pluto/crl.c src/pluto/plugin_list.h src/pluto/plugins/xauth/xauth_default_provider.c src/pluto/plugins/xauth/xauth_default_provider.h src/pluto/plugins/xauth/xauth_default_verifier.c src/pluto/plugins/xauth/xauth_default_verifier.h src/pluto/plugins/xauth/xauth_plugin.c src/pluto/plugins/xauth/xauth_plugin.h src/pluto/pluto.c src/pluto/pluto.h src/pluto/xauth/xauth_manager.c src/pluto/xauth/xauth_manager.h src/pluto/xauth/xauth_provider.h src/pluto/xauth/xauth_verifier.h src/starter/args.c src/starter/args.h src/starter/keywords.c src/starter/keywords.h src/stroke/stroke_keywords.c src/stroke/stroke_keywords.h Copyright: 2000-2009, Andreas Steffen 2001-2006, Andreas Steffen 2001-2008, Andreas Steffen 2002-2009, Andreas Steffen 2005, Andreas Steffen 2006, Andreas Steffen 2007-2008, Andreas Steffen 2007-2009, Andreas Steffen 2008, Andreas Steffen 2009, Andreas Steffen 2009-2010, Andreas Steffen 2010, Andreas Steffen 2010-2011, Andreas Steffen 2011, Andreas Steffen 2012, Andreas Steffen License: GPL-2+ Files: src/dumm/ext/lib/dumm.rb src/dumm/ext/lib/dumm/guest.rb src/libcharon/encoding/payloads/endpoint_notify.c src/libcharon/encoding/payloads/endpoint_notify.h src/libcharon/kernel/kernel_handler.c src/libcharon/kernel/kernel_handler.h src/libcharon/plugins/android/android_creds.c src/libcharon/plugins/android/android_creds.h src/libcharon/plugins/android/android_logger.c src/libcharon/plugins/android/android_logger.h src/libcharon/plugins/android/android_service.c src/libcharon/plugins/android/android_service.h src/libcharon/plugins/eap_mschapv2/eap_mschapv2.h src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.c src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.h src/libcharon/plugins/maemo/maemo_plugin.c src/libcharon/plugins/maemo/maemo_plugin.h src/libcharon/plugins/maemo/maemo_service.c src/libcharon/plugins/maemo/maemo_service.h src/libcharon/plugins/unit_tester/tests/test_hashtable.c src/libcharon/processing/jobs/initiate_mediation_job.c src/libcharon/processing/jobs/initiate_mediation_job.h src/libcharon/processing/jobs/mediation_job.c src/libcharon/processing/jobs/mediation_job.h src/libcharon/sa/connect_manager.c src/libcharon/sa/connect_manager.h src/libcharon/sa/mediation_manager.c src/libcharon/sa/mediation_manager.h src/libcharon/sa/tasks/ike_me.c src/libcharon/sa/tasks/ike_me.h src/libhydra/attributes/mem_pool.h src/libhydra/hydra.c src/libhydra/hydra.h src/libhydra/kernel/kernel_ipsec.c src/libhydra/kernel/kernel_listener.h src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.h src/libhydra/plugins/kernel_klips/kernel_klips_plugin.c src/libhydra/plugins/kernel_klips/kernel_klips_plugin.h src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.h src/libhydra/plugins/kernel_netlink/kernel_netlink_net.h src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.c src/libhydra/plugins/kernel_netlink/kernel_netlink_plugin.h src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.h src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.h src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.c src/libhydra/plugins/kernel_pfkey/kernel_pfkey_plugin.h src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.h src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.c src/libhydra/plugins/kernel_pfroute/kernel_pfroute_plugin.h src/libstrongswan/plugins/cmac/cmac.c src/libstrongswan/plugins/cmac/cmac.h src/libstrongswan/plugins/cmac/cmac_plugin.c src/libstrongswan/plugins/cmac/cmac_plugin.h src/libstrongswan/plugins/cmac/cmac_prf.c src/libstrongswan/plugins/cmac/cmac_prf.h src/libstrongswan/plugins/cmac/cmac_signer.c src/libstrongswan/plugins/cmac/cmac_signer.h src/libstrongswan/plugins/pkcs11/pkcs11_dh.c src/libstrongswan/plugins/pkcs11/pkcs11_dh.h src/libstrongswan/plugins/pkcs11/pkcs11_rng.c src/libstrongswan/plugins/pkcs11/pkcs11_rng.h src/libstrongswan/plugins/pkcs8/pkcs8_builder.c src/libstrongswan/plugins/pkcs8/pkcs8_builder.h src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c src/libstrongswan/plugins/pkcs8/pkcs8_plugin.h src/libstrongswan/threading/thread.c src/libstrongswan/threading/thread.h src/libstrongswan/threading/thread_value.c src/libstrongswan/threading/thread_value.h src/libstrongswan/utils/hashtable.c src/libstrongswan/utils/hashtable.h src/pluto/event_queue.c src/pluto/event_queue.h src/pluto/kernel_pfkey.h src/pluto/whack_attribute.h Copyright: 2007, Tobias Brunner 2007-2008, Tobias Brunner 2008, Tobias Brunner 2008-2009, Tobias Brunner 2008-2010, Tobias Brunner 2008-2011, Tobias Brunner 2009, Tobias Brunner 2009-2012, Tobias Brunner 2010, Tobias Brunner 2011, Tobias Brunner 2012, Tobias Brunner License: GPL-2+ Files: src/libstrongswan/plugins/openssl/openssl_crypter.c src/libstrongswan/plugins/openssl/openssl_crypter.h src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h src/libstrongswan/plugins/openssl/openssl_ec_private_key.h src/libstrongswan/plugins/openssl/openssl_ec_public_key.h src/libstrongswan/plugins/openssl/openssl_hasher.c src/libstrongswan/plugins/openssl/openssl_hasher.h src/libstrongswan/plugins/openssl/openssl_plugin.h src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h src/libstrongswan/plugins/openssl/openssl_util.h Copyright: 2008 Tobias Brunner, Hochschule fuer Technik Rapperswil License: GPL-2+ with OpenSSL exception Files: src/libcharon/plugins/tnccs_20/messages/pb_access_recommendation_msg.c src/libcharon/plugins/tnccs_20/messages/pb_access_recommendation_msg.h src/libcharon/plugins/tnccs_20/messages/pb_assessment_result_msg.c src/libcharon/plugins/tnccs_20/messages/pb_assessment_result_msg.h src/libcharon/plugins/tnccs_20/messages/pb_error_msg.c src/libcharon/plugins/tnccs_20/messages/pb_error_msg.h src/libcharon/plugins/tnccs_20/messages/pb_experimental_msg.h src/libcharon/plugins/tnccs_20/messages/pb_language_preference_msg.c src/libcharon/plugins/tnccs_20/messages/pb_language_preference_msg.h src/libcharon/plugins/tnccs_20/messages/pb_reason_string_msg.c src/libcharon/plugins/tnccs_20/messages/pb_reason_string_msg.h src/libpts/plugins/imc_attestation/imc_attestation.c src/libpts/plugins/imc_attestation/imc_attestation_process.c src/libpts/plugins/imc_attestation/imc_attestation_process.h src/libpts/plugins/imc_attestation/imc_attestation_state.c src/libpts/plugins/imc_attestation/imc_attestation_state.h src/libpts/plugins/imv_attestation/imv_attestation.c src/libpts/plugins/imv_attestation/imv_attestation_build.c src/libpts/plugins/imv_attestation/imv_attestation_build.h src/libpts/plugins/imv_attestation/imv_attestation_process.c src/libpts/plugins/imv_attestation/imv_attestation_process.h src/libpts/plugins/imv_attestation/imv_attestation_state.c src/libpts/plugins/imv_attestation/imv_attestation_state.h src/libpts/pts/components/ita/ita_comp_func_name.h src/libpts/pts/components/ita/ita_comp_tboot.h src/libpts/pts/components/ita/ita_comp_tgrub.h src/libpts/pts/components/pts_comp_func_name.h src/libpts/pts/components/tcg/tcg_comp_func_name.h src/libpts/pts/pts.c src/libpts/pts/pts.h src/libpts/pts/pts_database.c src/libpts/pts/pts_dh_group.c src/libpts/pts/pts_dh_group.h src/libpts/pts/pts_error.c src/libpts/pts/pts_error.h src/libpts/pts/pts_file_meas.c src/libpts/pts/pts_file_meas.h src/libpts/pts/pts_file_meta.c src/libpts/pts/pts_file_meta.h src/libpts/pts/pts_file_type.h src/libpts/pts/pts_meas_algo.h src/libpts/pts/pts_proto_caps.h src/libpts/pts/pts_req_func_comp_evid.h src/libpts/pts/pts_simple_evid_final.h src/libpts/tcg/tcg_pts_attr_aik.c src/libpts/tcg/tcg_pts_attr_aik.h src/libpts/tcg/tcg_pts_attr_dh_nonce_finish.c src/libpts/tcg/tcg_pts_attr_dh_nonce_finish.h src/libpts/tcg/tcg_pts_attr_dh_nonce_params_req.c src/libpts/tcg/tcg_pts_attr_dh_nonce_params_req.h src/libpts/tcg/tcg_pts_attr_dh_nonce_params_resp.c src/libpts/tcg/tcg_pts_attr_dh_nonce_params_resp.h src/libpts/tcg/tcg_pts_attr_file_meas.c src/libpts/tcg/tcg_pts_attr_file_meas.h src/libpts/tcg/tcg_pts_attr_gen_attest_evid.c src/libpts/tcg/tcg_pts_attr_gen_attest_evid.h src/libpts/tcg/tcg_pts_attr_get_aik.c src/libpts/tcg/tcg_pts_attr_get_aik.h src/libpts/tcg/tcg_pts_attr_get_tpm_version_info.c src/libpts/tcg/tcg_pts_attr_get_tpm_version_info.h src/libpts/tcg/tcg_pts_attr_meas_algo.c src/libpts/tcg/tcg_pts_attr_meas_algo.h src/libpts/tcg/tcg_pts_attr_proto_caps.c src/libpts/tcg/tcg_pts_attr_proto_caps.h src/libpts/tcg/tcg_pts_attr_req_file_meas.c src/libpts/tcg/tcg_pts_attr_req_file_meas.h src/libpts/tcg/tcg_pts_attr_req_file_meta.c src/libpts/tcg/tcg_pts_attr_req_file_meta.h src/libpts/tcg/tcg_pts_attr_req_func_comp_evid.c src/libpts/tcg/tcg_pts_attr_req_func_comp_evid.h src/libpts/tcg/tcg_pts_attr_simple_comp_evid.c src/libpts/tcg/tcg_pts_attr_simple_comp_evid.h src/libpts/tcg/tcg_pts_attr_simple_evid_final.c src/libpts/tcg/tcg_pts_attr_simple_evid_final.h src/libpts/tcg/tcg_pts_attr_tpm_version_info.c src/libpts/tcg/tcg_pts_attr_tpm_version_info.h src/libpts/tcg/tcg_pts_attr_unix_file_meta.c src/libpts/tcg/tcg_pts_attr_unix_file_meta.h Copyright: 2010, Sansar Choinyambuu 2011, Sansar Choinyambuu License: GPL-2+ Files: src/libcharon/config/ike_cfg.c src/libcharon/config/ike_cfg.h src/libcharon/encoding/generator.c src/libcharon/encoding/generator.h src/libcharon/encoding/parser.c src/libcharon/encoding/parser.h src/libcharon/encoding/payloads/auth_payload.h src/libcharon/encoding/payloads/certreq_payload.h src/libcharon/encoding/payloads/configuration_attribute.h src/libcharon/encoding/payloads/cp_payload.h src/libcharon/encoding/payloads/delete_payload.h src/libcharon/encoding/payloads/eap_payload.c src/libcharon/encoding/payloads/eap_payload.h src/libcharon/encoding/payloads/encodings.c src/libcharon/encoding/payloads/encodings.h src/libcharon/encoding/payloads/ke_payload.h src/libcharon/encoding/payloads/nonce_payload.h src/libcharon/encoding/payloads/proposal_substructure.c src/libcharon/encoding/payloads/proposal_substructure.h src/libcharon/encoding/payloads/sa_payload.c src/libcharon/encoding/payloads/sa_payload.h src/libcharon/encoding/payloads/traffic_selector_substructure.h src/libcharon/encoding/payloads/transform_attribute.h src/libcharon/encoding/payloads/transform_substructure.h src/libcharon/encoding/payloads/ts_payload.h src/libcharon/encoding/payloads/unknown_payload.c src/libcharon/encoding/payloads/unknown_payload.h src/libcharon/encoding/payloads/vendor_id_payload.h src/libcharon/network/packet.c src/libcharon/network/packet.h src/libcharon/network/receiver.h src/libcharon/network/sender.c src/libcharon/network/sender.h src/libcharon/processing/jobs/delete_ike_sa_job.c src/libcharon/processing/jobs/delete_ike_sa_job.h src/libcharon/processing/jobs/process_message_job.c src/libcharon/processing/jobs/process_message_job.h src/libcharon/processing/jobs/retransmit_job.c src/libcharon/processing/jobs/retransmit_job.h src/libcharon/sa/authenticators/psk_authenticator.c src/libcharon/sa/ike_sa_id.c src/libcharon/sa/ike_sa_id.h src/libcharon/sa/tasks/child_rekey.c src/libcharon/sa/tasks/ike_rekey.c src/libhydra/attributes/attributes.c src/libhydra/attributes/attributes.h src/libstrongswan/crypto/crypters/crypter.c src/libstrongswan/crypto/crypters/crypter.h src/libstrongswan/crypto/hashers/hasher.c src/libstrongswan/crypto/hashers/hasher.h src/libstrongswan/crypto/prf_plus.c src/libstrongswan/crypto/prf_plus.h src/libstrongswan/crypto/prfs/prf.c src/libstrongswan/crypto/prfs/prf.h src/libstrongswan/crypto/signers/signer.c src/libstrongswan/crypto/signers/signer.h src/libstrongswan/plugins/aes/aes_crypter.h src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h src/libstrongswan/plugins/hmac/hmac.c src/libstrongswan/plugins/hmac/hmac.h src/libstrongswan/plugins/hmac/hmac_prf.c src/libstrongswan/plugins/hmac/hmac_prf.h src/libstrongswan/plugins/hmac/hmac_signer.c src/libstrongswan/plugins/hmac/hmac_signer.h src/libstrongswan/plugins/md4/md4_hasher.h src/libstrongswan/plugins/md5/md5_hasher.h src/libstrongswan/plugins/random/random_rng.c src/libstrongswan/plugins/sha1/sha1_hasher.c src/libstrongswan/plugins/sha1/sha1_hasher.h src/libstrongswan/processing/jobs/job.h src/libstrongswan/processing/processor.h Copyright: 2005, Jan Hutter 2005-2006, Martin Willi 2005-2007, Martin Willi 2005-2008, Martin Willi 2005-2009, Martin Willi 2005-2010, Martin Willi 2008, Martin Willi License: GPL-2+ Files: src/dumm/cowfs.h src/dumm/dumm.c src/dumm/dumm.h src/dumm/ext/dumm.c src/dumm/guest.c src/dumm/guest.h src/libcharon/config/proposal.c src/libcharon/plugins/android/android_handler.c src/libcharon/plugins/android/android_handler.h src/libcharon/plugins/android/android_plugin.c src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c src/libcharon/plugins/sql/sql_cred.c src/libcharon/plugins/stroke/stroke_attribute.c src/libcharon/plugins/stroke/stroke_ca.c src/libcharon/plugins/stroke/stroke_ca.h src/libcharon/plugins/stroke/stroke_config.c src/libcharon/plugins/stroke/stroke_config.h src/libcharon/plugins/stroke/stroke_cred.c src/libcharon/plugins/stroke/stroke_cred.h src/libcharon/plugins/stroke/stroke_socket.c src/libcharon/sa/authenticators/authenticator.c src/libcharon/sa/authenticators/pubkey_authenticator.h src/libcharon/sa/task_manager.c src/libcharon/sa/tasks/ike_cert_post.c src/libcharon/sa/tasks/ike_cert_pre.c src/libcharon/sa/tasks/ike_mobike.c src/libcharon/sa/tasks/task.c src/libcharon/sa/tasks/task.h src/libcharon/sa/trap_manager.c src/libhydra/attributes/mem_pool.c src/libhydra/kernel/kernel_net.h src/libhydra/plugins/attr/attr_provider.c src/libhydra/plugins/resolve/resolve_handler.c src/libstrongswan/credentials/auth_cfg.c src/libstrongswan/credentials/auth_cfg.h src/libstrongswan/credentials/sets/auth_cfg_wrapper.c src/libstrongswan/enum.h src/libstrongswan/library.c src/libstrongswan/plugins/gcrypt/gcrypt_dh.c src/libstrongswan/plugins/plugin_loader.c src/libstrongswan/plugins/plugin_loader.h src/libstrongswan/printf_hook.c src/libstrongswan/printf_hook.h src/libstrongswan/settings.c src/libstrongswan/settings.h src/libstrongswan/threading/condvar.h src/libstrongswan/threading/lock_profiler.h src/libstrongswan/threading/mutex.c src/libstrongswan/threading/mutex.h src/libstrongswan/threading/rwlock.c src/libstrongswan/threading/rwlock.h src/libstrongswan/utils.c src/libstrongswan/utils.h src/libstrongswan/utils/enumerator.c src/pluto/whack_attribute.c src/stroke/stroke.c Copyright: 2005-2008, Martin Willi 2006, Martin Willi 2006-2008, Martin Willi 2006-2009, Martin Willi 2006-2010, Martin Willi 2007, Martin Willi 2007, Tobias Brunner 2007-2009, Martin Willi 2007-2010, Martin Willi 2007-2012, Tobias Brunner 2008, Martin Willi 2008, Tobias Brunner 2008-2009, Martin Willi 2008-2009, Tobias Brunner 2008-2010, Martin Willi 2008-2010, Tobias Brunner 2008-2011, Tobias Brunner 2008-2012, Tobias Brunner 2009, Martin Willi 2009, Tobias Brunner 2010, Martin Willi 2010, Tobias Brunner 2010-2011, Tobias Brunner 2010-2012, Tobias Brunner 2011, Tobias Brunner 2011-2012, Tobias Brunner 2012, Tobias Brunner License: GPL-2+ Files: src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c Copyright: 2008-2010, Tobias Brunner, 2008, Martin Willi License: GPL-2+ with OpenSSL exception Files: src/libstrongswan/plugins/openssl/openssl_ec_private_key.c src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c src/libstrongswan/plugins/openssl/openssl_util.c Copyright: 2008-2012, Tobias Brunner, 2009, Martin Willi License: GPL-2+ with OpenSSL exception Files: src/libstrongswan/plugins/openssl/openssl_ec_public_key.c Copyright: 2008, Tobias Brunner, 2009, Martin Willi License: GPL-2+ with OpenSSL exception Files: src/libstrongswan/plugins/openssl/openssl_plugin.c Copyright: 2008, Tobias Brunner, 2008, Martin Willi License: GPL-2+ with OpenSSL exception Files: scripts/bin2array.c scripts/bin2sql.c scripts/crypt_burn.c scripts/dh_speed.c scripts/id2sql.c scripts/key2keyid.c scripts/keyid2sql.c scripts/oid2der.c scripts/pubkey_speed.c src/include/linux/ipsec.h src/include/linux/netlink.h src/include/linux/pfkeyv2.h src/include/linux/rtnetlink.h src/include/linux/types.h src/include/linux/xfrm.h src/libstrongswan/AndroidConfigLocal.h src/manager/templates/auth/login.cs src/manager/templates/config/list.cs src/manager/templates/control/result.cs src/manager/templates/error.cs src/manager/templates/footer.cs src/manager/templates/gateway/list.cs src/manager/templates/header.cs src/manager/templates/ikesa/list.cs src/medsrv/templates/footer.cs src/medsrv/templates/header.cs src/medsrv/templates/peer/add.cs src/medsrv/templates/peer/edit.cs src/medsrv/templates/peer/list.cs src/medsrv/templates/user/add.cs src/medsrv/templates/user/edit.cs src/medsrv/templates/user/help.cs src/medsrv/templates/user/login.cs src/pluto/kameipsec.h src/pluto/rsaref/pkcs11.h src/pluto/rsaref/pkcs11f.h src/pluto/rsaref/pkcs11t.h src/pluto/rsaref/unix.h src/starter/lexer.c Copyright: *No copyright* License: GPL-2+ Files: src/libcharon/plugins/tnc_imv/tnc_imv_recommendations.c src/libcharon/plugins/tnccs_11/messages/tnccs_tncs_contact_info_msg.c src/libimcv/ietf/ietf_attr.c src/libimcv/ietf/ietf_attr_pa_tnc_error.c src/libimcv/ietf/ietf_attr_port_filter.c src/libimcv/ietf/ietf_attr_product_info.c src/libimcv/imc/imc_agent.c src/libimcv/imc/imc_agent.h src/libimcv/imc/imc_state.h src/libimcv/imcv.c src/libimcv/imcv.h src/libimcv/imv/imv_agent.c src/libimcv/imv/imv_agent.h src/libimcv/imv/imv_state.h src/libimcv/ita/ita_attr_command.c src/libimcv/plugins/imc_scanner/imc_scanner.c src/libimcv/plugins/imc_scanner/imc_scanner_state.c src/libimcv/plugins/imc_scanner/imc_scanner_state.h src/libimcv/plugins/imc_test/imc_test.c src/libimcv/plugins/imc_test/imc_test_state.c src/libimcv/plugins/imc_test/imc_test_state.h src/libimcv/plugins/imv_scanner/imv_scanner.c src/libimcv/plugins/imv_scanner/imv_scanner_state.c src/libimcv/plugins/imv_scanner/imv_scanner_state.h src/libimcv/plugins/imv_test/imv_test.c src/libimcv/plugins/imv_test/imv_test_state.c src/libimcv/plugins/imv_test/imv_test_state.h src/libpts/libpts.c src/libpts/libpts.h src/libpts/tcg/tcg_attr.c src/libtncif/tncif_names.h src/libtncif/tncif_pa_subtypes.h Copyright: 2010, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil 2011, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil License: GPL-2+ Files: src/libcharon/config/child_cfg.c src/libcharon/config/child_cfg.h src/libcharon/config/peer_cfg.c src/libcharon/config/peer_cfg.h src/libcharon/encoding/payloads/cert_payload.h src/libcharon/encoding/payloads/id_payload.h src/libcharon/encoding/payloads/ike_header.c src/libcharon/encoding/payloads/ike_header.h src/libcharon/encoding/payloads/payload.c src/libcharon/encoding/payloads/payload.h src/libcharon/network/receiver.c src/libcharon/sa/authenticators/authenticator.h src/libcharon/sa/authenticators/pubkey_authenticator.c src/libcharon/sa/ike_sa_manager.h src/libcharon/sa/tasks/child_create.c src/libcharon/sa/tasks/ike_auth.c src/libcharon/sa/tasks/ike_init.c src/libstrongswan/chunk.c src/libstrongswan/chunk.h src/libstrongswan/crypto/diffie_hellman.c src/libstrongswan/crypto/diffie_hellman.h src/libstrongswan/processing/scheduler.c src/libstrongswan/processing/scheduler.h src/libstrongswan/selectors/traffic_selector.c src/libstrongswan/selectors/traffic_selector.h src/libstrongswan/utils/identification.c src/libstrongswan/utils/identification.h src/libstrongswan/utils/linked_list.c src/libstrongswan/utils/linked_list.h Copyright: 2005, Jan Hutter 2005-2006, Martin Willi 2005-2007, Martin Willi 2005-2008, Martin Willi 2005-2009, Martin Willi 2005-2010, Martin Willi 2007, Tobias Brunner 2007-2008, Tobias Brunner 2007-2009, Tobias Brunner 2007-2011, Tobias Brunner 2008, Tobias Brunner 2008-2009, Tobias Brunner 2009, Tobias Brunner 2010, Tobias Brunner 2012, Tobias Brunner License: GPL-2+ Files: src/libfreeswan/addrtoa.c src/libfreeswan/addrtot.c src/libfreeswan/addrtypeof.c src/libfreeswan/anyaddr.c src/libfreeswan/atoaddr.c src/libfreeswan/atoasr.c src/libfreeswan/atosubnet.c src/libfreeswan/atoul.c src/libfreeswan/datatot.c src/libfreeswan/goodmask.c src/libfreeswan/initaddr.c src/libfreeswan/initsaid.c src/libfreeswan/initsubnet.c src/libfreeswan/internal.h src/libfreeswan/portof.c src/libfreeswan/rangetoa.c src/libfreeswan/rangetosubnet.c src/libfreeswan/sameaddr.c src/libfreeswan/satot.c src/libfreeswan/subnetof.c src/libfreeswan/subnettoa.c src/libfreeswan/subnettot.c src/libfreeswan/subnettypeof.c src/libfreeswan/ttodata.c src/libfreeswan/ttosa.c src/libfreeswan/ttosubnet.c src/libfreeswan/ttoul.c src/libfreeswan/ultoa.c src/libfreeswan/ultot.c Copyright: 1998-1999, Henry Spencer 2000, 2002 Henry Spencer 2000, Henry Spencer 2000-2001, Henry Spencer License: LGPL-2+ Files: src/pluto/adns.c src/pluto/adns.h src/pluto/cookie.h src/pluto/defs.c src/pluto/demux.h src/pluto/dnskey.c src/pluto/dnskey.h src/pluto/foodgroups.c src/pluto/foodgroups.h src/pluto/ipsec_doi.h src/pluto/kernel.h src/pluto/lex.c src/pluto/lex.h src/pluto/log.h src/pluto/myid.c src/pluto/myid.h src/pluto/rcv_whack.h src/pluto/server.h src/pluto/spdb.c src/pluto/spdb.h src/pluto/timer.h src/whack/whack.h Copyright: 1998-1999, D. Hugh Redelmeier 1998-2001, D. Hugh Redelmeier 1998-2002, D. Hugh Redelmeier 1999-2001, D. Hugh Redelmeier 2000-2002, D. Hugh Redelmeier 2002, D. Hugh Redelmeier License: GPL-2+ Files: src/pluto/vendor.h src/pluto/virtual.c src/pluto/virtual.h src/starter/cmp.c src/starter/cmp.h src/starter/confread.c src/starter/exec.c src/starter/exec.h src/starter/files.h src/starter/interfaces.c src/starter/interfaces.h src/starter/invokepluto.c src/starter/invokepluto.h src/starter/ipsec-parser.h src/starter/klips.c src/starter/klips.h src/starter/netkey.c src/starter/netkey.h src/starter/starter.c src/starter/starterwhack.c src/starter/starterwhack.h Copyright: 2001-2002, Mathieu Lafon - Arkoon Network Security 2002, Mathieu Lafon - Arkoon Network Security 2002-2003, Mathieu Lafon - Arkoon Network Security License: GPL-2+ Files: src/libcharon/plugins/eap_peap/eap_peap.h src/libcharon/plugins/eap_peap/eap_peap_avp.c src/libcharon/plugins/eap_peap/eap_peap_avp.h src/libcharon/plugins/eap_peap/eap_peap_peer.c src/libcharon/plugins/eap_peap/eap_peap_peer.h src/libcharon/plugins/eap_peap/eap_peap_plugin.c src/libcharon/plugins/eap_peap/eap_peap_plugin.h src/libcharon/plugins/eap_peap/eap_peap_server.c src/libcharon/plugins/eap_peap/eap_peap_server.h src/libcharon/plugins/eap_ttls/eap_ttls.h src/libcharon/plugins/eap_ttls/eap_ttls_avp.c src/libcharon/plugins/eap_ttls/eap_ttls_avp.h src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.h src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c src/libcharon/plugins/eap_ttls/eap_ttls_plugin.h src/libcharon/plugins/eap_ttls/eap_ttls_server.c src/libcharon/plugins/eap_ttls/eap_ttls_server.h src/libtls/tls_application.h Copyright: 2010, Andreas Steffen 2010, HSR Hochschule fuer Technik Rapperswil 2011, Andreas Steffen 2011, HSR Hochschule fuer Technik Rapperswil License: GPL-2+ Files: src/libcharon/plugins/sql/sql_config.c src/libhydra/plugins/attr_sql/pool_usage.c src/libhydra/plugins/attr_sql/pool_usage.h src/libstrongswan/credentials/certificates/crl.c src/libstrongswan/credentials/certificates/crl.h src/libstrongswan/plugins/blowfish/blowfish_crypter.h src/libstrongswan/plugins/blowfish/blowfish_plugin.c src/libstrongswan/plugins/blowfish/blowfish_plugin.h src/libstrongswan/plugins/curl/curl_fetcher.c src/libstrongswan/plugins/ldap/ldap_fetcher.c src/libstrongswan/plugins/pem/pem_builder.c src/libstrongswan/plugins/pgp/pgp_builder.c src/libstrongswan/plugins/x509/x509_pkcs10.h src/pki/commands/req.c src/pluto/builder.c Copyright: 2001-2008, Andreas Steffen 2002-2009, Andreas Steffen 2005-2008, Martin Willi 2006, Andreas Steffen 2006-2008, Martin Willi 2007, Andreas Steffen 2008, Martin Willi 2008-2009, Martin Willi 2009, Andreas Steffen 2009, Martin Willi 2009-2010, Andreas Steffen 2010, Andreas Steffen License: GPL-2+ Files: src/charon/charon.c src/libcharon/daemon.c src/libcharon/daemon.h src/libcharon/encoding/message.h src/libcharon/encoding/payloads/notify_payload.h src/libcharon/network/socket.h src/libcharon/plugins/socket_default/socket_default_socket.c src/libcharon/plugins/socket_raw/socket_raw_socket.c src/libcharon/sa/child_sa.c src/libcharon/sa/ike_sa.c src/libcharon/sa/ike_sa.h src/libhydra/kernel/kernel_interface.h src/libhydra/kernel/kernel_ipsec.h src/libstrongswan/utils/host.c src/libstrongswan/utils/host.h Copyright: 2005, Jan Hutter 2005-2006, Martin Willi 2005-2008, Martin Willi 2005-2009, Martin Willi 2005-2010, Martin Willi 2006, Daniel Roethlisberger 2006-2007, Tobias Brunner 2006-2008, Tobias Brunner 2006-2009, Tobias Brunner 2006-2010, Tobias Brunner 2006-2011, Tobias Brunner 2006-2012, Tobias Brunner License: GPL-2+ Files: src/libcharon/network/socket_manager.c src/libcharon/network/socket_manager.h src/libcharon/plugins/socket_default/socket_default_plugin.c src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c src/libcharon/plugins/socket_raw/socket_raw_plugin.c src/libhydra/kernel/kernel_interface.c src/libstrongswan/credentials/sets/mem_cred.c src/libstrongswan/credentials/sets/mem_cred.h src/libstrongswan/plugins/pkcs11/pkcs11_library.c src/libstrongswan/plugins/pkcs11/pkcs11_library.h src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c src/libstrongswan/processing/jobs/callback_job.c Copyright: 2007-2011, Martin Willi 2008-2011, Tobias Brunner 2009, Tobias Brunner 2010, Martin Willi 2010, Tobias Brunner 2010, revosec AG 2011, Tobias Brunner 2011, revosec AG License: GPL-2+ Files: src/libcharon/encoding/payloads/auth_payload.c src/libcharon/encoding/payloads/certreq_payload.c src/libcharon/encoding/payloads/configuration_attribute.c src/libcharon/encoding/payloads/cp_payload.c src/libcharon/encoding/payloads/delete_payload.c src/libcharon/encoding/payloads/encryption_payload.c src/libcharon/encoding/payloads/encryption_payload.h src/libcharon/encoding/payloads/ke_payload.c src/libcharon/encoding/payloads/nonce_payload.c src/libcharon/encoding/payloads/traffic_selector_substructure.c src/libcharon/encoding/payloads/transform_attribute.c src/libcharon/encoding/payloads/transform_substructure.c src/libcharon/encoding/payloads/ts_payload.c src/libcharon/encoding/payloads/vendor_id_payload.c Copyright: 2005, Jan Hutter 2005-2010, Martin Willi 2010, revosec AG License: GPL-2+ Files: src/libstrongswan/plugins/test_vectors/test_vectors/aes_cbc.c src/libstrongswan/plugins/test_vectors/test_vectors/aes_xcbc.c src/libstrongswan/plugins/test_vectors/test_vectors/fips_prf.c src/libstrongswan/plugins/test_vectors/test_vectors/md2.c src/libstrongswan/plugins/test_vectors/test_vectors/md5.c src/libstrongswan/plugins/test_vectors/test_vectors/md5_hmac.c src/libstrongswan/plugins/test_vectors/test_vectors/rng.c src/libstrongswan/plugins/test_vectors/test_vectors/sha1.c src/libstrongswan/plugins/test_vectors/test_vectors/sha1_hmac.c src/libstrongswan/plugins/test_vectors/test_vectors/sha2.c src/libstrongswan/plugins/test_vectors/test_vectors/sha2_hmac.c Copyright: 2009, Martin Willi License: GPL Files: src/libstrongswan/plugins/test_vectors/test_vectors/3des_cbc.c src/libstrongswan/plugins/test_vectors/test_vectors/camellia_cbc.c src/libstrongswan/plugins/test_vectors/test_vectors/cast.c src/libstrongswan/plugins/test_vectors/test_vectors/des.c src/libstrongswan/plugins/test_vectors/test_vectors/idea.c src/libstrongswan/plugins/test_vectors/test_vectors/md4.c src/libstrongswan/plugins/test_vectors/test_vectors/null.c src/libstrongswan/plugins/test_vectors/test_vectors/rc5.c src/libstrongswan/plugins/test_vectors/test_vectors/serpent_cbc.c src/libstrongswan/plugins/test_vectors/test_vectors/twofish_cbc.c Copyright: 2009, Andreas Steffen License: GPL Files: src/pluto/constants.h src/pluto/defs.h src/pluto/demux.c src/pluto/packet.c src/pluto/packet.h src/pluto/rcv_whack.c src/pluto/server.c src/scepclient/loglite.c src/starter/loglite.c src/whack/whack.c Copyright: 1997, Angelos D. Keromytis 1998-2001, D. Hugh Redelmeier 1998-2002, D. Hugh Redelmeier License: GPL-2+ Files: src/libcharon/plugins/uci/uci_config.h src/libcharon/plugins/uci/uci_control.c src/libcharon/plugins/uci/uci_creds.h src/libcharon/plugins/uci/uci_parser.c src/libcharon/plugins/uci/uci_parser.h src/libcharon/plugins/uci/uci_plugin.h src/libstrongswan/plugins/padlock/padlock_aes_crypter.c src/libstrongswan/plugins/padlock/padlock_aes_crypter.h src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h Copyright: 2008, Martin Willi 2008, Thomas Kallenberg License: GPL-2+ Files: src/pluto/cookie.c src/pluto/ipsec_doi.c src/pluto/log.c src/pluto/plutomain.c src/pluto/state.c src/pluto/state.h src/pluto/timer.c Copyright: 1997, Angelos D. Keromytis 1998-2001, D. Hugh Redelmeier 1998-2002, D. Hugh Redelmeier 2009, Andreas Steffen - Hochschule fuer Technik Rapperswil License: GPL-2+ Files: src/libcharon/plugins/tnccs_11/batch/tnccs_batch.c src/libcharon/plugins/tnccs_11/messages/imc_imv_msg.c src/libcharon/plugins/tnccs_11/messages/tnccs_error_msg.c src/libcharon/plugins/tnccs_11/messages/tnccs_msg.c src/libcharon/plugins/tnccs_11/messages/tnccs_preferred_language_msg.c src/libcharon/plugins/tnccs_11/messages/tnccs_reason_strings_msg.c src/libcharon/plugins/tnccs_11/messages/tnccs_recommendation_msg.c Copyright: 2006, Mike McCauley (mikem@open.com.au) 2010, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil License: GPL-2+ Files: src/medsrv/controller/peer_controller.c src/medsrv/controller/peer_controller.h src/medsrv/controller/user_controller.c src/medsrv/controller/user_controller.h src/medsrv/filter/auth_filter.c src/medsrv/filter/auth_filter.h src/medsrv/main.c Copyright: 2008, Martin Willi 2008, Philip Boetschi, Adrian Doerig License: GPL-2+ Files: src/libstrongswan/plugins/blowfish/bf_enc.c src/libstrongswan/plugins/blowfish/bf_locl.h src/libstrongswan/plugins/blowfish/bf_pi.h src/libstrongswan/plugins/blowfish/bf_skey.c src/libstrongswan/plugins/blowfish/blowfish.h src/libstrongswan/plugins/blowfish/blowfish_crypter.c Copyright: 1995-1997, Eric Young (eay@cryptsoft.com) 1995-1998, Eric Young (eay@cryptsoft.com) License: BSD-Young Comment: not compiled since 4-clause BSD is incompatible with GPL Files: src/include/linux/udp.h Copyright: Fred N. van Kempen, License: GPL-2+ Files: src/pluto/alg_info.h src/pluto/db_ops.c src/pluto/db_ops.h src/pluto/ike_alg.h src/pluto/kernel_alg.h Copyright: JuanJo Ciarlante License: GPL-2+ Files: src/libstrongswan/plugins/test_vectors/test_vectors/aes_ccm.c src/libstrongswan/plugins/test_vectors/test_vectors/aes_ctr.c src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c src/libstrongswan/plugins/test_vectors/test_vectors/camellia_ctr.c src/libstrongswan/plugins/test_vectors/test_vectors/camellia_xcbc.c Copyright: 2010, Martin Willi 2010, revosec AG License: GPL-2+ Files: src/libcharon/plugins/tnc_imc/tnc_imc.c src/libcharon/plugins/tnc_imc/tnc_imc_manager.c src/libcharon/plugins/tnc_imv/tnc_imv.c src/libcharon/plugins/tnc_imv/tnc_imv_bind_function.c src/libcharon/plugins/tnc_imv/tnc_imv_manager.c Copyright: 2006, Mike McCauley 2010-2011, Andreas Steffen License: GPL-2+ Files: src/libstrongswan/asn1/asn1.c src/libstrongswan/asn1/asn1.h src/libstrongswan/asn1/asn1_parser.c src/libstrongswan/asn1/asn1_parser.h Copyright: 2000-2008, Andreas Steffen 2006, Martin Will License: GPL-2+ Files: src/pluto/connections.c src/pluto/connections.h src/pluto/constants.c src/pluto/keys.c Copyright: 1998-2001, D. Hugh Redelmeier 1998-2002, D. Hugh Redelmeier 2009, Andreas Steffen - Hochschule fuer Technik Rapperswil 2009-2010, Andreas Steffen - Hochschule fuer Technik Rapperswil License: GPL-2+ Files: src/libcharon/plugins/addrblock/addrblock_validator.c src/libcharon/plugins/eap_peap/eap_peap.c src/libcharon/plugins/eap_ttls/eap_ttls.c src/pluto/plugin_list.c Copyright: 2009, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil 2010, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil 2010, Martin Willi, revosec AG 2011, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil 2011, Martin Willi, revosec AG License: GPL-2+ Files: src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.c src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.h src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_plugin.c src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_plugin.h Copyright: 2011, Duncan Salerno License: GPL-2+ Files: src/libcharon/encoding/payloads/cert_payload.c src/libcharon/encoding/payloads/id_payload.c src/libcharon/sa/ike_sa_manager.c src/libstrongswan/processing/processor.c Copyright: 2005, Jan Hutter 2005-2010, Martin Willi 2005-2011, Martin Willi 2007, Tobias Brunner 2008, Tobias Brunner 2008-2011, Tobias Brunner 2010, revosec AG 2011, revosec AG License: GPL-2+ Files: src/libfreeswan/pfkey.h src/libfreeswan/pfkey_v2_build.c src/libfreeswan/pfkey_v2_ext_bits.c src/libfreeswan/pfkey_v2_parse.c Copyright: 1999-2001, Richard Guy Briggs License: GPL-2+ Files: src/libcharon/processing/jobs/send_dpd_job.c src/libcharon/processing/jobs/send_dpd_job.h src/libcharon/processing/jobs/send_keepalive_job.c src/libcharon/processing/jobs/send_keepalive_job.h Copyright: 2006, Tobias Brunner, Daniel Roethlisberger License: GPL-2+ Files: src/libtncif/tncif.h src/libtncif/tncifimc.h src/libtncif/tncifimv.h Copyright: 2005-2011, Trusted Computing Group, Inc. License: BSD-3-clause Files: src/libstrongswan/plugins/x509/x509_pkcs10.c src/pluto/pkcs7.c src/pluto/pkcs7.h Copyright: 2002-2009, Andreas Steffen 2005, Jan Hutter, Martin Willi 2009, Andreas Steffen License: GPL-2+ Files: src/libcharon/plugins/tnccs_20/batch/pb_tnc_batch.c src/libcharon/plugins/tnccs_20/messages/pb_pa_msg.c src/libcharon/plugins/tnccs_20/tnccs_20.c Copyright: 2010, Andreas Steffen 2010, Sansar Choinyanbuu 2010-2011, Andreas Steffen License: GPL-2+ Files: src/pluto/alg_info.c src/pluto/ike_alg.c src/pluto/kernel_alg.c Copyright: 2009, Andreas Steffen - Hochschule fuer Technik Rapperswil JuanJo Ciarlante License: GPL-2+ Files: src/pluto/ca.c src/pluto/ca.h src/pluto/crl.h Copyright: 2000-2004, Andreas Steffen, Zuercher Hochschule Winterthur 2002-2004, Andreas Steffen, Zuercher Hochschule Winterthur License: GPL-2+ Files: src/libcharon/encoding/message.c src/libcharon/encoding/payloads/notify_payload.c src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c Copyright: 2005, Jan Hutter 2005-2010, Martin Willi 2006, Daniel Roethlisberger 2006-2007, Tobias Brunner 2006-2008, Tobias Brunner 2006-2010, Tobias Brunner 2010, revosec AG License: GPL-2+ Files: src/scepclient/scep.c src/scepclient/scep.h src/scepclient/scepclient.c Copyright: 2005, Jan Hutter, Martin Willi License: GPL-2+ Files: src/libstrongswan/plugins/x509/x509_ocsp_request.c src/libstrongswan/plugins/x509/x509_ocsp_response.c Copyright: 2003, Christoph Gysin, Simon Zwahlen 2007, Andreas Steffen 2008-2009, Martin Willi License: GPL-2+ Files: src/pluto/crypto.c src/pluto/crypto.h Copyright: 1998-1999, D. Hugh Redelmeier 1998-2001, D. Hugh Redelmeier 2007-2009, Andreas Steffen 2009, Andreas Steffen 2010, Tobias Brunner License: GPL-2+ Files: src/libstrongswan/plugins/x509/x509_ac.c src/libstrongswan/plugins/x509/x509_ac.h Copyright: 2002, Ueli Galizzi, Ariane Seiler 2002-2008, Andreas Steffen 2002-2009, Andreas Steffen 2003, Martin Berner, Lukas Suter 2009, Martin Willi License: GPL-2+ Files: src/pluto/ac.c src/pluto/ac.h Copyright: 2002, Ueli Galizzi, Ariane Seiler 2003, Martin Berner, Lukas Suter 2009, Andreas Steffen License: GPL-2+ Files: src/libcharon/plugins/addrblock/addrblock_narrow.c src/libstrongswan/plugins/revocation/revocation_validator.c Copyright: 2009, Andreas Steffen 2010, Martin Willi 2010, revosec AG License: GPL-2+ Files: src/libcharon/plugins/uci/uci_config.c src/libcharon/plugins/uci/uci_creds.c Copyright: 2008, Martin Willi 2008, Thomas Kallenberg 2008, Tobias Brunner License: GPL-2+ Files: src/starter/invokecharon.c src/starter/invokecharon.h Copyright: 2001-2002, Mathieu Lafon - Arkoon Network Security 2006, Martin Willi - Hochschule fuer Technik Rapperswil License: GPL-2+ Files: src/libfreeswan/ipsec_param.h src/libfreeswan/pfkey_v2_debug.c Copyright: 2001, Richard Guy Briggs License: GPL-2+ Files: src/libpts/pts/components/pts_comp_evidence.c src/libpts/pts/components/pts_comp_evidence.h Copyright: 2011, Sansar Choinyambuu, Andreas Steffen License: GPL-2+ Files: src/libcharon/plugins/uci/uci_control.h src/libcharon/plugins/uci/uci_plugin.c Copyright: 2008, Thomas Kallenberg License: GPL-2+ Files: src/starter/parser.c src/starter/parser.h Copyright: 1984, 1989-1990, 2000-2006 License: GPL-3+ Files: src/libfreeswan/pfkeyv2.h src/libhydra/plugins/kernel_klips/pfkeyv2.h Copyright: *No copyright* License: public-domain This file defines structures and symbols for the PF_KEY Version 2 key management interface. It was written at the U.S. Naval Research Laboratory. This file is in the public domain. The authors ask that you leave this credit intact on any copies of this file. Files: src/libstrongswan/asn1/oid.c src/libstrongswan/asn1/oid.h Copyright: 2003-2008, Andreas Steffen, Hochschule fuer Technik Rapperswil License: GPL-2+ Comment: generated from oid.pl Files: src/libstrongswan/plugins/des/des_crypter.c Copyright: 1995-1997, Eric Young (eay@cryptsoft.com) 2006, Martin Willi 2009, Tobias Brunner License: BSD-Young Comment: not compiled since 4-clause BSD is incompatible with GPL Files: src/include/sys/queue.h Copyright: 1991, 1993 License: BSD-3-clause Files: src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c Copyright: 2009, Andreas Steffen 2009, Martin Willi JuanJo Ciarlante License: GPL-2+ Files: src/libstrongswan/plugins/test_vectors/test_vectors/aes_cmac.c Copyright: 2012, Tobias Brunner License: GPL-2+ Files: src/libstrongswan/plugins/x509/x509_cert.c Copyright: 2000, Andreas Hess, Patric Lichtsteiner, Roger Wegmann 2000-2006, Andreas Steffen 2001, Marco Bertossa, Andreas Schleiss 2002, Mario Strasser 2006-2009, Martin Willi 2008, Tobias Brunner License: GPL-2+ Files: src/pluto/x509.c Copyright: 2000, Andreas Hess, Patric Lichtsteiner, Roger Wegmann 2000-2009, Andreas Steffen - Hochschule fuer Technik Rapperswil 2001, Marco Bertossa, Andreas Schleiss 2002, Mario Strasser License: GPL-2+ Files: src/pluto/x509.h Copyright: 2000, Andreas Hess, Patric Lichtsteiner, Roger Wegmann 2000-2009, Andreas Steffen, Hochschule fuer Technik Rapperswil 2001, Marco Bertossa, Andreas Schleiss 2002, Mario Strasser License: GPL-2+ Files: src/libstrongswan/asn1/oid.pl Copyright: 2003-2008, Andreas Steffen 2003-2008, Andreas Steffen, Hochschule fuer Technik Rapperswil License: GPL-2+ Files: src/pluto/kernel.c Copyright: 1997, Angelos D. Keromytis 1998-2002, D. Hugh Redelmeier 2009, Andreas Steffen 2010, Tobias Brunner License: GPL-2+ Files: src/pluto/smartcard.c Copyright: 2003, Christoph Gysin, Simon Zwahlen 2004, David Buechi, Michael Meier 2005, Andreas Steffen 2005, Michael Joosten License: GPL-2+ Files: src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c Copyright: 2005, Jan Hutter 2005-2009, Martin Willi 2006, Daniel Roethlisberger 2006-2007, Fabian Hartmann, Noah Heusser 2006-2011, Tobias Brunner 2008, Andreas Steffen License: GPL-2+ Files: src/libstrongswan/plugins/pkcs1/pkcs1_builder.c Copyright: 2000-2008, Andreas Steffen 2008, Tobias Brunner 2008-2009, Martin Willi License: GPL-2+ Files: src/pluto/nat_traversal.c Copyright: 2002-2005, Mathieu Lafon 2009, Andreas Steffen 2010, Tobias Brunner License: GPL-2+ Files: src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c Copyright: 2008, Andreas Steffen 2008-2011, Tobias Brunner License: GPL-2+ Files: src/openac/openac.c Copyright: 2002, Ueli Galizzi, Ariane Seiler 2004,2007, Andreas Steffen License: GPL-2+ Files: src/pluto/ocsp.c Copyright: 2003, Christoph Gysin, Simon Zwahlen 2009, Andreas Steffen - Hochschule fuer Technik Rapperswil License: GPL-2+ Files: src/pluto/modecfg.c Copyright: 2001-2002, Colubris Networks 2003, Sean Mathews - Nu Tech Software Solutions, inc 2003-2004, Xelerance Corporation 2006-2010, Andreas Steffen - Hochschule fuer Technik Rapperswil License: GPL-2+ Files: src/pluto/vendor.c Copyright: 2002-2005, Mathieu Lafon - Arkoon Network Security 2009, Andreas Steffen - Hochschule fuer Technik Rapperswil License: GPL-2+ Files: src/pluto/fetch.c Copyright: 2002, Stephane Laroche 2002-2009, Andreas Steffen - Hochschule fuer Technik Rapperswil License: GPL-2+ Files: src/libcharon/plugins/tnc_imc/tnc_imc_bind_function.c Copyright: 2006, Mike McCauley 2010, Andreas Steffen, HSR Hochschule fuer Technik Rapperswil License: GPL-2+ Files: src/pluto/keys.h Copyright: 1998-2002, D. Hugh Redelmeier 2009, Andreas Steffen, Hochschule fuer Technik Rapperswil License: GPL-2+ Files: src/pluto/fetch.h Copyright: 2002, Stephane Laroche 2002-2004, Andreas Steffen, Zuercher Hochschule Winterthur License: GPL-2+ Files: src/pluto/kernel_pfkey.c Copyright: 1997, Angelos D. Keromytis 1998-2002, D. Hugh Redelmeier 2003, Herbert Xu 2010, Tobias Brunner License: GPL-2+ Files: src/pluto/ocsp.h Copyright: 2003, Christoph Gysin, Simon Zwahlen License: GPL-2+ Files: src/pluto/smartcard.h Copyright: 2003, Christoph Gysin, Simon Zwahlen 2004, David Buechi, Michael Meier License: GPL-2+ Files: src/pluto/modecfg.h Copyright: 2001-2002, Colubris Networks 2003-2004, Xelerance Corporation License: GPL-2+ Files: src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c Copyright: 1998-2002, D. Hugh Redelmeier 1999-2001, Henry Spencer 2005, Jan Hutter 2005-2008, Martin Willi 2010, Tobias Brunner License: GPL-2+ Files: src/libcharon/sa/child_sa.h Copyright: 2006, Daniel Roethlisberger 2006-2008, Martin Willi 2006-2008, Tobias Brunner License: GPL-2+ Files: src/libstrongswan/plugins/aes/aes_crypter.c Copyright: 2001, Dr B. R. Gladman 2005, Jan Hutter 2005-2006, Martin Willi License: GPL-2+ Files: testing/scripts/function.sh Copyright: 2004, Eric Marchionni, Patrik Rayo License: GPL-2+ Files: src/libcharon/sa/tasks/ike_config.c Copyright: 2006-2007, Fabian Hartmann, Noah Heusser 2007, Martin Willi License: GPL-2+ Files: ltmain.sh Copyright: 1996-2001, 2003-2007, 2008 Free Software Foundation, Inc License: GPL-2+ Files: src/_copyright/_copyright.c Copyright: 2001, Henry Spencer License: GPL-2+ Files: src/include/linux/if_alg.h Copyright: 2010, Herbert Xu License: GPL-2+ Files: src/libstrongswan/plugins/md4/md4_hasher.c Copyright: 1990-1992, RSA Data Security, Inc. Created 1990, 2005, Jan Hutter 2005-2006, Martin Willi License: GPL-2+ Files: src/libstrongswan/plugins/md5/md5_hasher.c Copyright: 1991-1992, RSA Data Security, Inc. Created 1991, 2005, Jan Hutter 2005-2006, Martin Willi License: GPL-2+ Files: src/libstrongswan/plugins/sha2/sha2_hasher.c Copyright: 2001, Jari Ruusu 2006, Martin Willi License: GPL-2+ Files: src/dumm/mconsole.c Copyright: 2001-2004, Jeff Dike 2007, Martin Willi License: GPL-2+ Files: src/dumm/iface.c Copyright: 2002, Jeff Dike 2007, Martin Willi 2008, Tobias Brunner License: GPL-2+ Files: src/libfreeswan/ttoprotoport.c Copyright: 2002, Mario Strasser License: GPL-2+ Files: src/dumm/cowfs.c Copyright: 2001-2007, Miklos Szeredi 2007, Martin Willi 2009, Tobias Brunner License: GPL-2+ Files: src/libcharon/sa/tasks/ike_natd.c Copyright: 2006, Tobias Brunner, Daniel Roethlisberger 2006-2007, Martin Willi License: GPL-2+ Files: src/starter/starterstroke.h Copyright: 2006, Martin Willi - Hochschule fuer Technik Rapperswil License: GPL-2+ Files: src/starter/confread.h Copyright: 2001-2002, Mathieu Lafon License: GPL-2+ Files: src/pluto/nat_traversal.h Copyright: 2002-2003, Mathieu Lafon 2010, Tobias Brunner License: GPL-2+ Files: src/libfreeswan/ttoaddr.c Copyright: 2000, Henry Spencer License: LGPL-2+ Files: src/libstrongswan/utils/optionsfrom.c Copyright: 2007-2008, Andreas Steffen License: LGPL-2+ Files: src/libfreeswan/copyright.c Copyright: 1999-2009, Henry Spencer, Richard Guy Briggs 2001-2002, Henry Spencer License: LGPL-2+ Files: src/libfreeswan/freeswan.h Copyright: 1998-2000, Henry Spencer 1999-2001, Richard Guy Briggs License: LGPL-2+ Files: src/libstrongswan/plugins/openssl/openssl_x509.c Copyright: 2010, Martin Willi 2010, Thomas Egerer 2010, revosec AG 2010, secunet Security Networks AG 2011, Tobias Brunner License: MIT and GPL-2+ with OpenSSL exception Files: src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c Copyright: 2005-2008, Martin Willi 2008, Tobias Brunner 2010, Thomas Egerer 2010, secunet Security Networks AG License: MIT and GPL-2+ Files: src/libstrongswan/plugins/openssl/openssl_crl.c Copyright: 2010, Martin Willi 2010, Thomas Egerer 2010, revosec AG 2010, secunet Security Networks AG License: Expat and GPL-2+ with OpenSSL exception Files: src/libstrongswan/plugins/pkcs11/pkcs11.h Copyright: 2006, Andreas Jellinghaus 2006-2007, g10 Code GmbH License: MIT License: Expat Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: . The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. . THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. License: MIT This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. . This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. License: GPL On Debian systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL'. License: GPL-2+ On Debian systems, the complete text of the GNU General Public License version 2 can be found in `/usr/share/common-licenses/GPL-2'. License: GPL-3+ On Debian systems, the complete text of the GNU General Public License version 3 can be found in `/usr/share/common-licenses/GPL-3'. License: LGPL-2+ On Debian systems, the complete text of the Lesser GNU General Public License version 2 can be found in `/usr/share/common-licenses/LGPL-2'. License: BSD-3-clause Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: o Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. o Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. o Neither the name of the Trusted Computing Group nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. . THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. License: GPL-2+ with OpenSSL exception This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . In addition, as a special exception, the author of this program gives permission to link the code of its release with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA . On Debian systems, the full text of the GNU General Public License version 2 can be found in the file `/usr/share/common-licenses/GPL-2'. License: BSD-Young This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com). . Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. . Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)" The word 'cryptographic' can be left out if the rouines from the library being used are not cryptographic related :-). 4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" . THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. . The licence and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.] debian/strongswan-starter.prerm0000644000000000000000000000171412775300022014125 0ustar #! /bin/sh # prerm script for strongswan # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `upgrade' # * `failed-upgrade' # * `remove' `in-favour' # * `deconfigure' `in-favour' # `removing' # # for details, see /usr/share/doc/packaging-manual/ case "$1" in upgrade) ;; remove|deconfigure) service strongswan stop || true # install-info --quiet --remove /usr/info/strongswan.info.gz ;; failed-upgrade) ;; *) echo "prerm called with unknown argument \`$1'" >&2 exit 0 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/strongswan-plugin-unity.install0000644000000000000000000000021112775300022015415 0ustar etc/strongswan.d/charon/unity.conf usr/lib/ipsec/plugins/libstrongswan-unity.so usr/share/strongswan/templates/config/plugins/unity.conf debian/usr.lib.ipsec.lookip0000644000000000000000000000105112775300022013060 0ustar # ------------------------------------------------------------------ # # Copyright (C) 2014 Canonical Ltd. # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # Author: Jonathan Davies # # ------------------------------------------------------------------ #include /usr/lib/ipsec/lookip { #include /run/charon.lkp rw, } debian/strongswan-plugin-systime-fix.install0000644000000000000000000000023312775300022016532 0ustar etc/strongswan.d/charon/systime-fix.conf usr/lib/ipsec/plugins/libstrongswan-systime-fix.so usr/share/strongswan/templates/config/plugins/systime-fix.conf debian/strongswan-plugin-eap-gtc.install0000644000000000000000000000021712775300022015573 0ustar etc/strongswan.d/charon/eap-gtc.conf usr/lib/ipsec/plugins/libstrongswan-eap-gtc.so usr/share/strongswan/templates/config/plugins/eap-gtc.conf debian/strongswan-plugin-xauth-generic.install0000644000000000000000000000024112775300022017013 0ustar etc/strongswan.d/charon/xauth-generic.conf usr/lib/ipsec/plugins/libstrongswan-xauth-generic.so usr/share/strongswan/templates/config/plugins/xauth-generic.conf debian/strongswan-starter.templates0000644000000000000000000001760412775300022015003 0ustar # These templates have been reviewed by the debian-l10n-english # team # # If modifications/additions/rewording are needed, please ask # debian-l10n-english@lists.debian.org for advice. # # Even minor modifications require translation updates and such # changes should be coordinated with translators and reviewers. Template: strongswan/runlevel_changes Type: note _Description: Old runlevel management superseded Previous versions of the strongSwan package gave a choice between three different Start/Stop-Levels. Due to changes in the standard system startup procedure, this is no longer necessary or useful. For all new installations as well as old ones running in any of the predefined modes, sane default levels will now be set. If you are upgrading from a previous version and changed your strongSwan startup parameters, then please take a look at NEWS.Debian for instructions on how to modify your setup accordingly. Template: strongswan/restart Type: boolean Default: true _Description: Restart strongSwan now? Restarting strongSwan is recommended, since if there is a security fix, it will not be applied until the daemon restarts. Most people expect the daemon to restart, so this is generally a good idea. However, this might take down existing connections and then bring them back up, so if you are using such a strongSwan tunnel to connect for this update, restarting is not recommended. Template: strongswan/charon Type: boolean Default: true _Description: Start strongSwan's charon daemon? The charon daemon must be running to support the Internet Key Exchange protocol. Template: strongswan/install_x509_certificate Type: boolean Default: false _Description: Use an X.509 certificate for this host? An X.509 certificate for this host can be automatically created or imported. It can be used to authenticate IPsec connections to other hosts and is the preferred way of building up secure IPsec connections. The other possibility would be to use shared secrets (passwords that are the same on both sides of the tunnel) for authenticating a connection, but for a larger number of connections, key based authentication is easier to administer and more secure. . Alternatively you can reject this option and later use the command "dpkg-reconfigure strongswan" to come back. Template: strongswan/how_to_get_x509_certificate Type: select __Choices: create, import Default: create _Description: Methods for using a X.509 certificate to authenticate this host: It is possible to create a new X.509 certificate with user-defined settings or to import an existing public and private key stored in PEM file(s) for authenticating IPsec connections. . If you choose to create a new X.509 certificate you will first be asked a number of questions which must be answered before the creation can start. Please keep in mind that if you want the public key to get signed by an existing Certificate Authority you should not select to create a self-signed certificate and all the answers given must match exactly the requirements of the CA, otherwise the certificate request may be rejected. . If you want to import an existing public and private key you will be prompted for their filenames (which may be identical if both parts are stored together in one file). Optionally you may also specify a filename where the public key(s) of the Certificate Authority are kept, but this file cannot be the same as the former ones. Please also be aware that the format for the X.509 certificates has to be PEM and that the private key must not be encrypted or the import procedure will fail. Template: strongswan/existing_x509_certificate_filename Type: string _Description: File name of your PEM format X.509 certificate: Please enter the location of the file containing your X.509 certificate in PEM format. Template: strongswan/existing_x509_key_filename Type: string _Description: File name of your PEM format X.509 private key: Please enter the location of the file containing the private RSA key matching your X.509 certificate in PEM format. This can be the same file that contains the X.509 certificate. Template: strongswan/existing_x509_rootca_filename Type: string _Description: File name of your PEM format X.509 RootCA: Optionally you can now enter the location of the file containing the X.509 Certificate Authority root used to sign your certificate in PEM format. If you do not have one or do not want to use it please leave the field empty. Please note that it's not possible to store the RootCA in the same file as your X.509 certificate or private key. Template: strongswan/rsa_key_length Type: string Default: 2048 _Description: Please enter which length the created RSA key should have: Please enter the length of the created RSA key. It should not be less than 1024 bits because this should be considered unsecure and you will probably not need anything more than 4096 bits because it only slows the authentication process down and is not needed at the moment. Template: strongswan/x509_self_signed Type: boolean Default: true _Description: Create a self-signed X.509 certificate? Only self-signed X.509 certificates can be created automatically, because otherwise a Certificate Authority is needed to sign the certificate request. If you choose to create a self-signed certificate, you can use it immediately to connect to other IPsec hosts that support X.509 certificate for authentication of IPsec connections. However, using strongSwan's PKI features requires all certificates to be signed by a single Certificate Authority to create a trust path. . If you do not choose to create a self-signed certificate, only the RSA private key and the certificate request will be created, and you will have to sign the certificate request with your Certificate Authority. Template: strongswan/x509_country_code Type: string Default: AT _Description: Country code for the X.509 certificate request: Please enter the two-letter code for the country the server resides in (such as "AT" for Austria). . OpenSSL will refuse to generate a certificate unless this is a valid ISO-3166 country code; an empty field is allowed elsewhere in the X.509 certificate, but not here. Template: strongswan/x509_state_name Type: string Default: _Description: State or province name for the X.509 certificate request: Please enter the full name of the state or province the server resides in (such as "Upper Austria"). Template: strongswan/x509_locality_name Type: string Default: _Description: Locality name for the X.509 certificate request: Please enter the locality the server resides in (often a city, such as "Vienna"). Template: strongswan/x509_organization_name Type: string Default: _Description: Organization name for the X.509 certificate request: Please enter the organization the server belongs to (such as "Debian"). Template: strongswan/x509_organizational_unit Type: string Default: _Description: Organizational unit for the X.509 certificate request: Please enter the organizational unit the server belongs to (such as "security group"). Template: strongswan/x509_common_name Type: string Default: _Description: Common Name for the X.509 certificate request: Please enter the Common Name for this host (such as "gateway.example.org"). Template: strongswan/x509_email_address Type: string Default: _Description: Email address for the X.509 certificate request: Please enter the email address of the person or organization responsible for the X.509 certificate. Template: strongswan/enable-oe Type: boolean Default: false _Description: Enable opportunistic encryption? This version of strongSwan supports opportunistic encryption (OE), which stores IPSec authentication information in DNS records. Until this is widely deployed, activating it will cause a significant delay for every new outgoing connection. . You should only enable opportunistic encryption if you are sure you want it. It may break the Internet connection (default route) as the daemon starts. debian/strongswan-plugin-dhcp.install0000644000000000000000000000020612775300022015167 0ustar etc/strongswan.d/charon/dhcp.conf usr/lib/ipsec/plugins/libstrongswan-dhcp.so usr/share/strongswan/templates/config/plugins/dhcp.conf debian/strongswan-plugin-certexpire.install0000644000000000000000000000023012775300022016420 0ustar etc/strongswan.d/charon/certexpire.conf usr/lib/ipsec/plugins/libstrongswan-certexpire.so usr/share/strongswan/templates/config/plugins/certexpire.conf debian/usr.lib.ipsec.stroke0000644000000000000000000000122712775300022013077 0ustar # ------------------------------------------------------------------ # # Copyright (C) 2014 Canonical Ltd. # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # # Author: Jonathan Davies # # ------------------------------------------------------------------ #include /usr/lib/ipsec/stroke { #include /etc/strongswan.conf r, /etc/strongswan.d/ r, /etc/strongswan.d/** r, /run/charon.ctl rw, } debian/strongswan-plugin-gmp.install0000644000000000000000000000020312775300022015031 0ustar etc/strongswan.d/charon/gmp.conf usr/lib/ipsec/plugins/libstrongswan-gmp.so usr/share/strongswan/templates/config/plugins/gmp.conf debian/strongswan-plugin-eap-aka-3gpp2.install0000644000000000000000000000024112775300022016500 0ustar etc/strongswan.d/charon/eap-aka-3gpp2.conf usr/lib/ipsec/plugins/libstrongswan-eap-aka-3gpp2.so usr/share/strongswan/templates/config/plugins/eap-aka-3gpp2.conf debian/strongswan-plugin-eap-tls.install0000644000000000000000000000021712775300022015620 0ustar etc/strongswan.d/charon/eap-tls.conf usr/lib/ipsec/plugins/libstrongswan-eap-tls.so usr/share/strongswan/templates/config/plugins/eap-tls.conf debian/strongswan-ike.install0000644000000000000000000000075312775300022013534 0ustar etc/strongswan.d/charon.conf etc/strongswan.d/charon-logging.conf etc/strongswan.d/charon/socket-*.conf usr/sbin/charon-cmd usr/share/man/man8/charon-cmd.8 usr/lib/ipsec/libcharon.so* usr/lib/ipsec/charon usr/lib/ipsec/plugins/libstrongswan-socket*.so debian/usr.lib.ipsec.charon /etc/apparmor.d/ usr/share/strongswan/templates/config/strongswan.d/charon.conf usr/share/strongswan/templates/config/strongswan.d/charon-logging.conf usr/share/strongswan/templates/config/plugins/socket-*.conf debian/strongswan-plugin-whitelist.install0000644000000000000000000000025512775300022016271 0ustar etc/strongswan.d/charon/whitelist.conf usr/lib/ipsec/whitelist usr/lib/ipsec/plugins/libstrongswan-whitelist.so usr/share/strongswan/templates/config/plugins/whitelist.conf debian/source/0000755000000000000000000000000012775300022010464 5ustar debian/source/options0000644000000000000000000000010212775300022012073 0ustar extend-diff-ignore = "(^|/)(config\.sub|config\.guess|Makefile)$" debian/source/format0000644000000000000000000000001412775300022011672 0ustar 3.0 (quilt) debian/strongswan-plugin-pgp.install0000644000000000000000000000020312775300022015034 0ustar etc/strongswan.d/charon/pgp.conf usr/lib/ipsec/plugins/libstrongswan-pgp.so usr/share/strongswan/templates/config/plugins/pgp.conf debian/strongswan-plugin-agent.install0000644000000000000000000000021112775300022015343 0ustar etc/strongswan.d/charon/agent.conf usr/lib/ipsec/plugins/libstrongswan-agent.so usr/share/strongswan/templates/config/plugins/agent.conf debian/strongswan-plugin-unbound.install0000644000000000000000000000021712775300022015725 0ustar etc/strongswan.d/charon/unbound.conf usr/lib/ipsec/plugins/libstrongswan-unbound.so usr/share/strongswan/templates/config/plugins/unbound.conf debian/strongswan-plugin-pubkey.install0000644000000000000000000000021412775300022015547 0ustar etc/strongswan.d/charon/pubkey.conf usr/lib/ipsec/plugins/libstrongswan-pubkey.so usr/share/strongswan/templates/config/plugins/pubkey.conf debian/strongswan-plugin-curl.install0000644000000000000000000000020612775300022015216 0ustar etc/strongswan.d/charon/curl.conf usr/lib/ipsec/plugins/libstrongswan-curl.so usr/share/strongswan/templates/config/plugins/curl.conf debian/NEWS0000644000000000000000000001027112775300022007664 0ustar strongswan (5.1.0-1) unstable; urgency=low Starting with strongSwan 5, the IKEv1 daemon (pluto) is gone, and the charon daemon is now able to handle both IKEv1 and IKEv2 protocols. There should be no issue for previous charon users, but for pluto users that means they need to re-configure strongSwan in order to use charon. Some migration help can be found on the strongSwan website at http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1 and in some IKEv1 configuration examples at http://wiki.strongswan.org/projects/strongswan/wiki/IKEv1Examples. -- Yves-Alexis Perez Mon, 30 Sep 2013 20:43:03 +0200 strongswan (4.5.0-1) unstable; urgency=low Starting with strongswan 4.5.0 upstream, the IKEv2 protocol is now the default. This can easily be changed using the keyexchange=ikev1 config option (either in the respective "conn" section or by putting it in the "default" section and therefore applying it to all existing connections). The IKEv2 protocol has less overhead, more features (e.g. NAT-Traversal by default, MOBIKE, Mobile IPv6), and provides better error messages in case the connection can not be established. It is therefore highly recommended to use it when the other side also supports it. Addtionally, strongswan 4.5.0-1 now enables support for NAT Traversal in combination with IPsec transport mode (the support for this has existed for a long time, but was disabled due to security concerns). This is required e.g. to let mobile phone clients (notably Android, iPhone) connect to an L2TP/IPsec gateway using strongswan. The security implications as described in the original README.NAT-Traversal file from the openswan distribution are: * Transport Mode can't be used without NAT in the IPSec layer. Otherwise, all packets for the NAT device (including all hosts behind it) would be sent to the NAT-T Client. This would create a sort of blackhole between the peer which is not behind NAT and the NAT device. * In Tunnel Mode with roadwarriors, we CAN'T accept any IP address, otherwise, an evil roadwarrior could redirect all trafic for one host (including a host on the private network) to himself. That's why, you have to specify the private IP in the configuration file, use virtual IP management, or DHCP-over-IPSec. -- Rene Mayrhofer Sun, 28 Nov 2010 13:16:00 +0200 Local variables: mode: debian-changelog End: strongswan (5.1.0-1) unstable; urgency=low Starting with strongswan 4.5.0 upstream, the IKEv2 protocol is now the default. This can easily be changed using the keyexchange=ikev1 config option (either in the respective "conn" section or by putting it in the "default" section and therefore applying it to all existing connections). The IKEv2 protocol has less overhead, more features (e.g. NAT-Traversal by default, MOBIKE, Mobile IPv6), and provides better error messages in case the connection can not be established. It is therefore highly recommended to use it when the other side also supports it. Addtionally, strongswan 4.5.0-1 now enables support for NAT Traversal in combination with IPsec transport mode (the support for this has existed for a long time, but was disabled due to security concerns). This is required e.g. to let mobile phone clients (notably Android, iPhone) connect to an L2TP/IPsec gateway using strongswan. The security implications as described in the original README.NAT-Traversal file from the openswan distribution are: * Transport Mode can't be used without NAT in the IPSec layer. Otherwise, all packets for the NAT device (including all hosts behind it) would be sent to the NAT-T Client. This would create a sort of blackhole between the peer which is not behind NAT and the NAT device. * In Tunnel Mode with roadwarriors, we CAN'T accept any IP address, otherwise, an evil roadwarrior could redirect all trafic for one host (including a host on the private network) to himself. That's why, you have to specify the private IP in the configuration file, use virtual IP management, or DHCP-over-IPSec. -- Yves-Alexis Perez Mon, 30 Sep 2013 20:43:03 +0200 debian/strongswan-plugin-kernel-libipsec.install0000644000000000000000000000030212775300022017316 0ustar etc/strongswan.d/charon/kernel-libipsec.conf usr/lib/ipsec/libipsec.so* usr/lib/ipsec/plugins/libstrongswan-kernel-libipsec.so usr/share/strongswan/templates/config/plugins/kernel-libipsec.conf debian/strongswan-tnc-base.install0000644000000000000000000000135412775300022014456 0ustar etc/strongswan.d/imcv.conf etc/strongswan.d/tnc.conf etc/strongswan.d/charon/tnc-tnccs.conf etc/strongswan.d/charon/tnccs-11.conf etc/strongswan.d/charon/tnccs-20.conf etc/strongswan.d/charon/tnccs-dynamic.conf usr/lib/ipsec/libimcv.* usr/lib/ipsec/libpts.* usr/lib/ipsec/libtnccs.so* usr/lib/ipsec/plugins/libstrongswan-tnc-tnccs.so usr/lib/ipsec/plugins/libstrongswan-tnccs-*.so usr/share/strongswan/templates/config/strongswan.d/imcv.conf usr/share/strongswan/templates/config/strongswan.d/tnc.conf usr/share/strongswan/templates/config/plugins/tnc-tnccs.conf usr/share/strongswan/templates/config/plugins/tnccs-11.conf usr/share/strongswan/templates/config/plugins/tnccs-20.conf usr/share/strongswan/templates/config/plugins/tnccs-dynamic.conf debian/strongswan-plugin-dnskey.install0000644000000000000000000000021412775300022015545 0ustar etc/strongswan.d/charon/dnskey.conf usr/lib/ipsec/plugins/libstrongswan-dnskey.so usr/share/strongswan/templates/config/plugins/dnskey.conf debian/libstrongswan.dirs0000644000000000000000000000026712775300022012750 0ustar /etc/logcheck/ignore.d.paranoid /etc/logcheck/ignore.d.server /etc/logcheck/ignore.d.workstation /etc/logcheck/violations.ignore.d /usr/share/lintian/overrides /usr/lib/ipsec/plugins debian/strongswan-plugin-xauth-pam.install0000644000000000000000000000022512775300022016156 0ustar etc/strongswan.d/charon/xauth-pam.conf usr/lib/ipsec/plugins/libstrongswan-xauth-pam.so usr/share/strongswan/templates/config/plugins/xauth-pam.conf debian/strongswan-plugin-fips-prf.install0000644000000000000000000000022212775300022015775 0ustar etc/strongswan.d/charon/fips-prf.conf usr/lib/ipsec/plugins/libstrongswan-fips-prf.so usr/share/strongswan/templates/config/plugins/fips-prf.conf debian/svn-deblayout0000644000000000000000000000106312775300022011703 0ustar buildArea=/home/rene/amw/src/packages/build-area origDir=/home/rene/amw/src/packages/tarballs origUrl=svn+ssh://svn.gibraltar.at/srv/svn/debian-packages/trunk/debian/tarballs tagsUrl=svn+ssh://svn.gibraltar.at/srv/svn/debian-packages/tags/strongswan trunkDir=/home/rene/amw/src/packages/strongswan trunkUrl=svn+ssh://svn.gibraltar.at/srv/svn/debian-packages/trunk/debian/strongswan upsCurrentUrl=svn+ssh://svn.gibraltar.at/srv/svn/debian-packages/branches/source-dist/debian/strongswan upsTagUrl=svn+ssh://svn.gibraltar.at/srv/svn/debian-packages/tags/strongswan debian/strongswan-plugin-eap-ttls.install0000644000000000000000000000022212775300022016000 0ustar etc/strongswan.d/charon/eap-ttls.conf usr/lib/ipsec/plugins/libstrongswan-eap-ttls.so usr/share/strongswan/templates/config/plugins/eap-ttls.conf debian/strongswan-plugin-ldap.install0000644000000000000000000000020612775300022015171 0ustar etc/strongswan.d/charon/ldap.conf usr/lib/ipsec/plugins/libstrongswan-ldap.so usr/share/strongswan/templates/config/plugins/ldap.conf debian/use-bash1.diff0000644000000000000000000000004312775300022011603 0ustar 1c1 < #! /bin/sh --- > #!/bin/bash debian/strongswan-starter.config0000644000000000000000000000311512775300022014242 0ustar #!/bin/sh -e . /usr/share/debconf/confmodule # disable for now, until we can deal with the don't-edit-conffiles situation #db_input high strongswan/ikev1 || true #db_input high strongswan/ikev2 || true db_input medium strongswan/restart || true db_input high strongswan/enable-oe || true db_get strongswan/install_x509_certificate if [ "$RET" = "true" ]; then db_input high strongswan/how_to_get_x509_certificate || true db_go || true db_get strongswan/how_to_get_x509_certificate if [ "$RET" = "create" ]; then # create a new certificate db_input medium strongswan/rsa_key_length || true db_input high strongswan/x509_self_signed || true # we can't allow the country code to be empty - openssl will # refuse to create a certificate this way countrycode="" while [ -z "$countrycode" ]; do db_input medium strongswan/x509_country_code || true db_go || true db_get strongswan/x509_country_code countrycode="$RET" done db_input medium strongswan/x509_state_name || true db_input medium strongswan/x509_locality_name || true db_input medium strongswan/x509_organization_name || true db_input medium strongswan/x509_organizational_unit || true db_input medium strongswan/x509_common_name || true db_input medium strongswan/x509_email_address || true db_go || true elif [ "$RET" = "import" ]; then # existing certificate - use it db_input critical strongswan/existing_x509_certificate_filename || true db_input critical strongswan/existing_x509_key_filename || true db_input critical strongswan/existing_x509_rootca_filename || true db_go || true fi fi debian/strongswan-plugin-eap-simaka-sql.install0000644000000000000000000000024412775300022017060 0ustar etc/strongswan.d/charon/eap-simaka-sql.conf usr/lib/ipsec/plugins/libstrongswan-eap-simaka-sql.so usr/share/strongswan/templates/config/plugins/eap-simaka-sql.conf debian/strongswan-plugin-lookip.install0000644000000000000000000000031612775300022015550 0ustar etc/strongswan.d/charon/lookip.conf usr/lib/ipsec/lookip usr/lib/ipsec/plugins/libstrongswan-lookip.so debian/usr.lib.ipsec.lookip /etc/apparmor.d/ usr/share/strongswan/templates/config/plugins/lookip.conf debian/strongswan-plugin-eap-tnc.install0000644000000000000000000000021712775300022015602 0ustar etc/strongswan.d/charon/eap-tnc.conf usr/lib/ipsec/plugins/libstrongswan-eap-tnc.so usr/share/strongswan/templates/config/plugins/eap-tnc.conf debian/po/0000755000000000000000000000000013352751425007613 5ustar debian/po/ru.po0000644000000000000000000005575312775300022010607 0ustar # translation of ru.po to Russian # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the strongswan package. # # Yuri Kozlov , 2009, 2010. msgid "" msgstr "" "Project-Id-Version: strongswan 4.4.0-1\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" "POT-Creation-Date: 2013-02-07 13:28+0100\n" "PO-Revision-Date: 2010-06-25 19:08+0400\n" "Last-Translator: Yuri Kozlov \n" "Language-Team: Russian \n" "Language: ru\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.4\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "Old runlevel management superseded" msgstr "Заменена система управления уровнями выполнения" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "" "Previous versions of the strongSwan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your strongSwan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "В предыдущих версиях пакета strongSwan предлагался выбор между тремя " "уровнями запуска/останова. Из-за изменений стандартной процедуры запуска в " "системе это больше не требуется и ненужно. В новых установках, а также в " "старых, работающих на любом уровне, будут выбраны разумные уровни по " "умолчанию. Если выполнятся обновление предыдущей версии и вы изменяли " "параметры запуска strongSwan, прочитайте инструкции из файла NEWS.Debian о " "том, как изменить соответствующую настройку." #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "Restart strongSwan now?" msgstr "Перезапустить strongSwan прямо сейчас?" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "" "Restarting strongSwan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such a " "strongSwan tunnel to connect for this update, restarting is not recommended." msgstr "" "Рекомендуется перезапустить strongSwan, так как при наличии исправлений " "безопасности они не заработают, пока служба не будет перезапущена. " "Большинство людей всё равно перезапускают службу, поэтому обычно лучше это " "сделать. Однако это может привести к кратковременному разрыву существующих " "соединений, поэтому если вы сейчас используете туннель strongSwan для " "подключения перезапуск не рекомендуется." #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "Start strongSwan's IKEv1 daemon?" msgid "Start strongSwan's charon daemon?" msgstr "Запустить службу strongSwan IKEv1?" #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "" #| "The charon daemon must be running to support version 2 of the Internet " #| "Key Exchange protocol." msgid "" "The charon daemon must be running to support the Internet Key Exchange " "protocol." msgstr "" "Для поддержки 2-й версии протокола обмена ключами Интернет должна быть " "запущена служба charon." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "Use an X.509 certificate for this host?" msgstr "Использовать существующий сертификат X.509 для этого узла?" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Сертификат X.509 для этого узла может быть автоматически создан или " "импортирован. Он может использоваться для аутентификации IPSec соединений с " "другими узлами, и это является предпочтительным способом создания безопасных " "соединений IPSec. Также для аутентификации соединения можно использовать " "общие секреты (одинаковые пароли на обоих концах туннеля), но при большом " "количестве соединений аутентификация по ключам легче в администрировании и " "она более безопасна." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure strongswan\" to come back." msgstr "" "Или же вы можете ответить отрицательно и позже вернуться к этому вопросу " "запустив команду \"dpkg-reconfigure ostrongswan\"." #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "create" msgstr "создать" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "import" msgstr "импортировать" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "Методы, использующие сертификат X.509 для аутентификации данного узла:" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "Возможно создать новый сертификат X.509, заданный пользователем, или " "импортировать существующий открытый и закрытый ключи из файла(ов) PEM для " "аутентификации соединений IPsec." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Если вы выберете создание нового сертификата X.509, то сначала вам будет " "задано несколько вопросов, на которые нужно ответить до начала создания. " "Учтите, что если вы хотите подписать открытый ключ в действующем центре " "сертификации, то вам ненужно выбирать создание самоподписанного сертификата, " "и все ответы должны точно удовлетворять требованиям ЦС, иначе запрос " "сертификата может быть отклонён." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Если вы хотите импортировать существующий открытый и закрытый ключи, то вам " "будет предложено указать имена файлов с ними (которые могут быть одинаковы, " "если обе части хранятся в одном файле). Также вы можете указать имя файла, " "где хранится открытый ключ(и) центра сертификации, но этот файл не может " "совпадать с предыдущими. Заметим, что формат сертификатов X.509 должен быть " "PEM и что закрытый ключ не должен быть зашифрован, иначе процедура импорта " "завершится неудачно." #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "File name of your PEM format X.509 certificate:" msgstr "Имя файла сертификата X.509 в формате PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Введите полный путь к файлу, содержащему ваш сертификат X.509 в формате PEM." #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "File name of your PEM format X.509 private key:" msgstr "Имя файла сертификата X.509 в формате PEM с закрытым ключом:" #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Введите путь к файлу, содержащему закрытый ключ RSA для вашего сертификата " "X.509 в формате PEM. Это может быть тот же файл, что и для сертификата X.509." #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Имя файла сертификата X.509 в формате PEM для RootCA:" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Также вы можете ввести расположение файла с сертификатом корневого центра " "сертификации X.509, используемого для подписи вашего сертификата в формате " "PEM. Если у вас его нет или вы не хотите его использовать, то оставьте поле " "пустым. Заметим, что невозможно хранить RootCA в одном файле с вашим " "открытым или закрытым ключом сертификата X.509." #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "Please enter which length the created RSA key should have:" msgstr "Длина создаваемого ключа RSA:" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "" "Please enter the length of the created RSA key. It should not be less than " "1024 bits because this should be considered unsecure and you will probably " "not need anything more than 4096 bits because it only slows the " "authentication process down and is not needed at the moment." msgstr "" "Введите длину необходимую длину ключа RSA. Она должна быть не менее 1024 " "бит, так как меньшая не считается безопасной, и вам, вероятно, не нужно " "задавать значение более 4096, так как это только замедлит процесс " "аутентификации и, в настоящее время, не очень рационально." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "Create a self-signed X.509 certificate?" msgstr "Создать самоподписанный сертификат X.509?" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using strongSwan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Процесс установки умеет создавать автоматически только самоподписанные " "сертификаты X.509, так как иначе требуется работа центра сертификации для " "подписи запроса сертификата. Созданный самоподписанный сертификат сразу " "можно использовать для подключения к другим машинам с IPSec, которые " "поддерживают сертификаты X.509 для аутентификации соединений IPSec. Однако, " "если вы хотите воспользоваться новыми возможностями PKI из strongSwan, то " "все ваши сертификаты X.509 должны быть подписаны единым сертификационным " "центром для создания доверительного пути." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Если вы ответите отрицательно, то будет создан только закрытый ключ RSA, а " "также запрос для сертификата, который вам нужно подписать в центре " "сертификации." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "Country code for the X.509 certificate request:" msgstr "Код страны для запроса сертификата X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Введите двухбуквенный код страны, где расположен сервер (например, \"RU\" в " "России)." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "Здесь нужно ввести правильный код страны согласно ISO-3166, так как OpenSSL " "откажется генерировать сертификаты в противном случае. Пустое значение " "разрешено для любого поля сертификата X.509 кроме этого." #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "State or province name for the X.509 certificate request:" msgstr "Название области или округа для запроса сертификата X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Укажите полное название области или округа, в котором находится сервер " "(например, \"Moscow region\")." #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "Locality name for the X.509 certificate request:" msgstr "Название места для запроса сертификата X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Укажите название места, где располагается сервер (например город, \"Sergiev " "Posad\")." #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "Organization name for the X.509 certificate request:" msgstr "Название организации для запроса сертификата X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" "Укажите название организации, которой принадлежит сервер (например, \"Debian" "\")." #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "Organizational unit for the X.509 certificate request:" msgstr "" "Название структурной единицы организации для запроса сертификата X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Название структурной единицы организации для запроса сертификата X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "Common Name for the X.509 certificate request:" msgstr "Общеизвестное название для запроса сертификата X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Укажите общеизвестное название (например, имя данного компьютера), например, " "\"gateway.example.org\")." #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "Email address for the X.509 certificate request:" msgstr "Адрес электронной почты для запроса сертификата X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Укажите адрес электронной почты (человека или организации) для включения в " "запрос сертификата." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "Enable opportunistic encryption?" msgstr "Включить поддержку гибкого шифрования?" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "" "This version of strongSwan supports opportunistic encryption (OE), which " "stores IPSec authentication information in DNS records. Until this is widely " "deployed, activating it will cause a significant delay for every new " "outgoing connection." msgstr "" "Эта версия strongSwan поддерживает гибкое шифрование (opportunistic " "encryption, OE), при котором информация об аутентификации IPSec хранится в " "записях DNS. Пока это широко не станет распространено, данная поддержка " "приведёт к значительной задержке при каждом новом исходящем соединении." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 #, fuzzy #| msgid "" #| "You should only enable opportunistic encryption if you are sure you want " #| "it. It may break the Internet connection (default route) as the pluto " #| "daemon starts." msgid "" "You should only enable opportunistic encryption if you are sure you want it. " "It may break the Internet connection (default route) as the daemon starts." msgstr "" "Включайте гибкое шифрование, если вам это действительно нужно. Это может " "прервать соединение с интернетом (маршрут по умолчанию) при запуске службы " "pluto." #~ msgid "" #~ "The pluto daemon must be running to support version 1 of the Internet Key " #~ "Exchange protocol." #~ msgstr "" #~ "Для поддержки 1-й версии протокола обмена ключами Интернет должна быть " #~ "запущена служба pluto." #~ msgid "Start strongSwan's IKEv2 daemon?" #~ msgstr "Запустить службу strongSwan IKEv2?" debian/po/ja.po0000644000000000000000000007021712775300022010543 0ustar # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # # Developers do not need to manually edit POT or PO files. # # msgid "" msgstr "" "Project-Id-Version: strongswan 4.4.1-4\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" "POT-Creation-Date: 2013-02-07 13:28+0100\n" "PO-Revision-Date: 2010-09-27 20:52+0900\n" "Last-Translator: Hideki Yamane \n" "Language-Team: Japanese \n" "Language: ja\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "Old runlevel management superseded" msgstr "以前のランレベル管理は不要になりました" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "" "Previous versions of the strongSwan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your strongSwan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "strongSwan パッケージの以前のバージョンでは、3 つの異なった Start/Stop レベル" "から選べるようになっていました。標準のシステム起動手順が変更されたことによっ" "て、これはもう必要ではなくなったりあるいは役立たなくなったりしています。これ" "まで事前定義されていたモードで動作していたのものと同様に、新規にインストール" "したものは適切なデフォルトのレベルが設定されるようになっています。以前のバー" "ジョンからのアップグレードで strongSwan の起動パラメータを変更していた場合" "は、どのように設定を修正するかは NEWS.Debian の指示を参照してください。" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "Restart strongSwan now?" msgstr "strongSwan を今すぐ再起動しますか?" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "" "Restarting strongSwan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such a " "strongSwan tunnel to connect for this update, restarting is not recommended." msgstr "" "セキュリティ修正があった場合など、デーモンが再起動されるまでは修正が反映され" "ないので、strongSwan の再起動をお勧めします。多くの人はデーモンが再起動するの" "を予期していますので、これは大抵の場合問題ありません。しかし、この作業では現" "在の接続が一旦切断されてから再度繋ぎなおすことになるので、今回のアップデート" "に strongSwan のトンネルを使っているような場合は、再起動はお勧めしません。" #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "Start strongSwan's IKEv1 daemon?" msgid "Start strongSwan's charon daemon?" msgstr "strongSwan の IKEv1 デーモンを起動しますか?" #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "" #| "The charon daemon must be running to support version 2 of the Internet " #| "Key Exchange protocol." msgid "" "The charon daemon must be running to support the Internet Key Exchange " "protocol." msgstr "" "Internet Key Exchange プロトコルバージョン 2 をサポートするには charon デーモ" "ンが実行されている必要があります。" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "Use an X.509 certificate for this host?" msgstr "このホストに対して X.509 証明書を利用しますか?" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "このホスト用に X.509 証明書を自動的に生成あるいはインポートできます。他のホス" "トとの IPSec 通信での認証に利用可能で、セキュアな IPSec 通信を確立する方法と" "して好まれています。他に利用可能な方法としては共通鍵 (PSK、トンネルの双方で同" "じパスワードを利用する) を通信の認証に利用するというのがありますが、多数の接" "続に対しては RSA 認証のほうが管理がより簡単でよりセキュアです。" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure strongswan\" to come back." msgstr "" "または、この選択肢を選ばないでおいて、後ほど「dpkg-reconfigure strongswan」を" "実行して再度呼び出すこともできます。" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "create" msgstr "作成する" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "import" msgstr "インポートする" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "このホストを認証するのに利用する X.509 証明書をどうするか:" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "ユーザが定義した設定で新規に X.509 証明書を作成することも、IPsec 接続認証用の" "既存の PEM ファイル形式で保存されている公開鍵および秘密鍵をインポートすること" "も可能です。" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "新規に X.509 証明書を作るのを選択した場合は、作成を始める前に答える必要がある" "質問をまず大量に尋ねられます。既存の認証局によって署名された公開鍵が必要な場" "合は、自己署名認証を作成するのを選んではならず、回答はすべて認証局 (CA) の要" "求項目に完全に一致している必要があることに留意してください。そうでない場合" "は、証明書要求は拒否されることになるでしょう。" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "既存の公開鍵および秘密鍵をインポートしたい場合は、ファイル名を尋ねられます " "(両方が一つのファイルに保存されている場合は全く同じになるかもしれません)。ど" "こに認証局の公開鍵が保存されているかを指定することも任意で可能ですが、この" "ファイルは先ほどのものと同じにはできません。X.509 証明書は PEM 形式であり、秘" "密鍵は暗号化されていないことが必要なことにも注意ください。さもなくばインポー" "ト作業は失敗します。" #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "File name of your PEM format X.509 certificate:" msgstr "PEM 形式の X.509 証明書のファイル名:" #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "PEM 形式の X.509 証明書を含んでいるファイルの場所を入力してください。" #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "File name of your PEM format X.509 private key:" msgstr "PEM 形式の X.509 秘密鍵のファイル名:" #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "PEM 形式の X.509 証明書に対応する RSA 秘密鍵を含むファイルの場所を入力してく" "ださい。これは X.509 証明書を含んでいるファイルと同じで構いません。" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "File name of your PEM format X.509 RootCA:" msgstr "PEM 形式の X.509 ルート CA のファイル名:" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "X.509 認証局のルートが証明書に署名するのに使った PEM 形式のファイルを含んだ" "ファイルの場所を入力することも任意で可能です。これを持っていない、あるいは利" "用したくないという場合にはこの欄を空のままにしておいてください。ルート CA を " "X.509 証明書や秘密鍵と同じファイルに保存するのはできないことにご注意くださ" "い。" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "Please enter which length the created RSA key should have:" msgstr "作成する RSA 鍵の鍵長を入力してください:" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "" "Please enter the length of the created RSA key. It should not be less than " "1024 bits because this should be considered unsecure and you will probably " "not need anything more than 4096 bits because it only slows the " "authentication process down and is not needed at the moment." msgstr "" "生成する RSA 鍵の長さを入力してください。安全のため、1024 ビット未満にすべき" "ではありません。4096 ビットより大きなものにする必要もないでしょう。認証プロセ" "スが遅くなりますし、現時点ではおそらく必要ありません。" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "Create a self-signed X.509 certificate?" msgstr "自己署名 X.509 証明書を生成しますか?" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using strongSwan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "証明書要求に署名するためには認証局が必要となるので、自動的に行うには自己署名 " "X.509 証明書のみが生成が可能です。自己署名証明書の作成を選んだ場合は、すぐに" "これを利用して、IPSec 接続の認証に X.509 証明書を利用している他の IPSec ホス" "トへの接続が可能になります。しかし、strongSwan の PKI 機能を使いたい場合は、" "trust path を生成するために単一の認証局によってすべての X.509 証明書に署名し" "てもらう必要があります。" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "自己署名証明書を作成したくない場合、RSA 秘密鍵と対応する証明書要求のみが作成" "されるので、認証局に対して証明書要求に署名をしてもらう必要が生じます。" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "Country code for the X.509 certificate request:" msgstr "X.509 証明書要求に記載する国コード:" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "サーバが存在する場所の二文字の国コード (例えば日本の場合は「JP」) を入力して" "ください。" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "OpenSSL は、正規の ISO-3166 国コードが無いと証明書の生成を拒否します。X.509 " "証明書において、他のフィールドについては空でも構いませんが、これについては許" "可されていません。" #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "State or province name for the X.509 certificate request:" msgstr "X.509 証明書要求に記載する都道府県名:" #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "サーバ所在地の都道府県名 (例:「Tokyo」)を入力してください。" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "Locality name for the X.509 certificate request:" msgstr "X.509 証明書要求に記載する地域名:" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "サーバ所在地 (大抵は「Shinjuku」のような市区名)を入力してください。" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "Organization name for the X.509 certificate request:" msgstr "X.509 証明書要求に記載する組織名:" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "サーバが所属する組織 (「Debian」など) を入力してください。" #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "Organizational unit for the X.509 certificate request:" msgstr "X.509 証明書要求に記載する部署名:" #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "サーバが所属する部署名 (「security group」など) を入力してください。" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "Common Name for the X.509 certificate request:" msgstr "X.509 証明書要求に記載するコモンネーム:" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "このホスト用の (「gateway.example.org」のような) コモンネームを入力してくださ" "い。" #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "Email address for the X.509 certificate request:" msgstr "X.509 証明書要求に記載するメールアドレス:" #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "X.509 証明書についての対応を行う、個人あるいは団体のメールアドレスを入力して" "ください。" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "Enable opportunistic encryption?" msgstr "opportunistic encryption を有効にしますか?" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "" "This version of strongSwan supports opportunistic encryption (OE), which " "stores IPSec authentication information in DNS records. Until this is widely " "deployed, activating it will cause a significant delay for every new " "outgoing connection." msgstr "" "このバージョンの strongSwan は opportunistic encryption (OE) をサポートしてい" "ます。OE は IPSec 認証情報を DNS レコードに含めたものです。これが広く適用され" "るようになるまでは、これを有効にすると全ての新規の外部接続に著しい遅延を引き" "起こします。" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 #, fuzzy #| msgid "" #| "You should only enable opportunistic encryption if you are sure you want " #| "it. It may break the Internet connection (default route) as the pluto " #| "daemon starts." msgid "" "You should only enable opportunistic encryption if you are sure you want it. " "It may break the Internet connection (default route) as the daemon starts." msgstr "" "opportunistic encryption を有効にするのは、本当に利用したいと考えた時のみにす" "べきです。この設定は、pluto デーモンの起動などインターネット接続 (デフォルト" "ルート) を切断する可能性があります。" #~ msgid "" #~ "The pluto daemon must be running to support version 1 of the Internet Key " #~ "Exchange protocol." #~ msgstr "" #~ "Internet Key Exchange プロトコルバージョン 1 をサポートするには pluto デー" #~ "モンが実行されている必要があります。" #~ msgid "Start strongSwan's IKEv2 daemon?" #~ msgstr "strongSwan の IKEv2 デーモンを起動しますか?" #~ msgid "" #~ "Please enter the 2 letter country code for your country. This code will " #~ "be placed in the certificate request." #~ msgstr "" #~ "あなたの国の国コードを2文字で入力してください。このコードは証明書要求に記" #~ "載されます。" #~ msgid "Example: AT" #~ msgstr "例: JP" #~ msgid "Example: Upper Austria" #~ msgstr "例: Tokyo" #~ msgid "" #~ "Please enter the locality (e.g. city) where you live. This name will be " #~ "placed in the certificate request." #~ msgstr "" #~ "あなたの在住している地域の名前 (例: 市町村名) を入力してください。これは証" #~ "明書要求に記載されます。" #~ msgid "Example: Vienna" #~ msgstr "例: Shinjuku-ku" #~ msgid "Example: Debian" #~ msgstr "例: Debian" #~ msgid "Example: security group" #~ msgstr "例: security group" #~ msgid "" #~ "Please enter the common name (e.g. the host name of this machine) for " #~ "which the X509 certificate should be created for. This name will be " #~ "placed in the certificate request." #~ msgstr "" #~ "X.509 証明書の生成対象となるべきコモンネーム (例: このマシンのホスト名) を" #~ "入力してください。これは証明書要求に記載されます。" #~ msgid "Example: gateway.debian.org" #~ msgstr "例: gateway.debian.org" #~ msgid "" #~ "If you do not want to create a new public/private keypair, you can choose " #~ "to use an existing one in the next step." #~ msgstr "" #~ "新たな公開鍵・秘密鍵のキーペアを生成したくない場合は、次の段階で既存のキー" #~ "ペアの利用を選択することも可能です。" #~ msgid "" #~ "The required information can automatically be extracted from an existing " #~ "X.509 certificate with a matching RSA private key. Both parts can be in " #~ "one file, if it is in PEM format. You should choose this option if you " #~ "have such an existing certificate and key file and want to use it for " #~ "authenticating IPSec connections." #~ msgstr "" #~ "要求情報は X.509 証明書から RSA 秘密鍵と照らし合わせて必要な情報を自動的に" #~ "展開する事が可能です。 PEM 形式の場合、双方を一つのファイルにまとめること" #~ "も可能です。そのような証明書と鍵のファイルが既にあり、これらを IPSec 通信" #~ "での認証に使用したい場合はこのオプションを有効にしてください。" #~ msgid "earliest, \"after NFS\", \"after PCMCIA\"" #~ msgstr "可能な限り早く, \"NFS 起動後\", \"PCMCIA 起動後\"" #~ msgid "" #~ "There are three possibilities when strongSwan can start: before or after " #~ "the NFS services and after the PCMCIA services. The correct answer " #~ "depends on your specific setup." #~ msgstr "" #~ "strongSwan を起動させるタイミングの選択肢としては3つが考えられます: NFS " #~ "サービスの開始前・開始後・PCMCIA サービスの開始後、です。正解はあなたの設" #~ "定次第です。" #~ msgid "" #~ "If you do not have your /usr tree mounted via NFS (either you only mount " #~ "other, less vital trees via NFS or don't use NFS mounted trees at all) " #~ "and don't use a PCMCIA network card, then it's best to start strongSwan " #~ "at the earliest possible time, thus allowing the NFS mounts to be secured " #~ "by IPSec. In this case (or if you don't understand or care about this " #~ "issue), answer \"earliest\" to this question (the default)." #~ msgstr "" #~ "NFS 経由で /usr をマウントせず (他のパーティションやあまり重要ではないパー" #~ "ティションを NFS 経由でマウントするか、または NFS マウントを全く使わな" #~ "い)、加えて PCMCIA ネットワークカードを利用していない場合、可能な限り早い" #~ "タイミングで strongSwan を起動するのがベストです。この設定によって、NFS で" #~ "のマウントは IPSec で保護されます。この場合 (またはこの問題を理解していな" #~ "いか特に気にしない場合) 、\"可能な限り早く\"と質問に答えてください (標準設" #~ "定です) 。" #~ msgid "" #~ "If you have your /usr tree mounted via NFS and don't use a PCMCIA network " #~ "card, then you will need to start strongSwan after NFS so that all " #~ "necessary files are available. In this case, answer \"after NFS\" to this " #~ "question. Please note that the NFS mount of /usr can not be secured by " #~ "IPSec in this case." #~ msgstr "" #~ "NFS 経由で /usr をマウントしていて PCMCIA ネットワークカードを使用していな" #~ "い場合は、必要なファイルを利用可能にするために strongSwan を NFS の後で起" #~ "動しなければなりません。この場合、\"NFS 起動後\" と答えてください。この時" #~ "に NFS 経由でマウントされる /usr は、IPSec によるセキュアな状態にはならな" #~ "いということに注意してください。" #~ msgid "" #~ "If you use a PCMCIA network card for your IPSec connections, then you " #~ "only have to choose to start it after the PCMCIA services. Answer \"after " #~ "PCMCIA\" in this case. This is also the correct answer if you want to " #~ "fetch keys from a locally running DNS server with DNSSec support." #~ msgstr "" #~ "IPSec 接続に PCMCIA ネットワークカードを利用していた場合、PCMCIA サービス" #~ "の起動後に strongSwan を起動する以外に選択はありません。この場" #~ "合、\"PCMCIA 起動後\" と答えてください。ローカルで動作している DNSSec 機能" #~ "を使用している DNS サーバから鍵を取得したい場合でも、この答えをしてくださ" #~ "い。" #~ msgid "Do you wish to support IKEv1?" #~ msgstr "IKEv1 をサポートしますか?" #~ msgid "" #~ "strongSwan supports both versions of the Internet Key Exchange protocol, " #~ "IKEv1 and IKEv2. Do you want to start the \"pluto\" daemon for IKEv1 " #~ "support when strongSwan is started?" #~ msgstr "" #~ "strongSwan は IKEv1 と IKEv2 の両方のインターネット鍵交換プロトコルをサ" #~ "ポートしています。strongSwan が起動する際、IKEv1 サポートのため \"pluto\" " #~ "デーモンを起動しますか?" #~ msgid "Do you wish to support IKEv2?" #~ msgstr "IKEv2 をサポートしますか?" #~ msgid "" #~ "strongSwan supports both versions of the Internet Key Exchange protocol, " #~ "IKEv1 and IKEv2. Do you want to start the \"charon\" daemon for IKEv2 " #~ "support when strongSwan is started?" #~ msgstr "" #~ "strongSwan は IKEv1 と IKEv2 の両方のインターネット鍵交換プロトコルをサ" #~ "ポートしています。strongSwan が起動する際、IKEv2 サポートのため \"pluto\" " #~ "デーモンを起動しますか?" #~ msgid "" #~ "strongSwan comes with support for opportunistic encryption (OE), which " #~ "stores IPSec authentication information (i.e. RSA public keys) in " #~ "(preferably secure) DNS records. Until this is widely deployed, " #~ "activating it will cause a significant slow-down for every new, outgoing " #~ "connection. Since version 2.0, strongSwan upstream comes with OE enabled " #~ "by default and is thus likely to break your existing connection to the " #~ "Internet (i.e. your default route) as soon as pluto (the strongSwan " #~ "keying daemon) is started." #~ msgstr "" #~ "strongSwan は、IPSec 認証情報 (例: RSA 公開鍵) を (願わくはセキュアな) " #~ "DNS レコード内に保存する opportunistic encryption (OE) をサポートしていま" #~ "す。これは広く利用されるようになるまで、有効にすると外部への新規接続は全て" #~ "格段に遅くなります。バージョン 2.0 より strongSwan の開発元はデフォルトで " #~ "OE を有効にしています。そのため pluto (strongSwan 鍵署名デーモン) が開始す" #~ "るとすぐ、既存のインターネット接続 (つまりデフォルトルート) が中断されるか" #~ "もしれません。" #~ msgid "" #~ "Please choose whether you want to enable support for OE. If unsure, do " #~ "not enable it." #~ msgstr "" #~ "OE のサポートを有効にするかどうかを選んでください。よくわからない場合は、" #~ "有効にはしないでください。" debian/po/pt.po0000644000000000000000000004551012775300022010572 0ustar # translation of strongswan debconf to Portuguese # Copyright (C) 2007 the strongswan's copyright holder # This file is distributed under the same license as the strongswan package. # # Luísa Lourenço , 2007. # Américo Monteiro , 2009, 2010. msgid "" msgstr "" "Project-Id-Version: strongswan 4.4.0-1\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" "POT-Creation-Date: 2013-02-07 13:28+0100\n" "PO-Revision-Date: 2010-06-26 18:47+0100\n" "Last-Translator: Américo Monteiro \n" "Language-Team: Portuguese \n" "Language: pt\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 1.0\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "Old runlevel management superseded" msgstr "Antiga gestão de Runlevels substituída." #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "" "Previous versions of the strongSwan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your strongSwan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Versões anteriores do pacote strongSwan deram uma hipótese entre três Níveis-" "Arranque/Paragem diferentes. Devido a alterações no procedimento standard de " "arranque do sistema, isto não é mais necessário ou útil. Para todas as novas " "instalação assim como para as antigas que correm em qualquer dos modos " "predefinidos, serão agora definidos níveis sãos predefinidos. Se você está a " "actualizar uma versão anterior e alterou os seus parâmetros de arranque do " "strongSwan, então por favor veja NEWS.Debian para instruções sobre como " "modificar a sua configuração apropriadamente." #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "Restart strongSwan now?" msgstr "Reiniciar agora o strongSwan?" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "" "Restarting strongSwan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such a " "strongSwan tunnel to connect for this update, restarting is not recommended." msgstr "" "É recomendado reiniciar o strongSwan, porque se existir uma correcção de " "segurança, esta não será aplicada até que o daemon seja reiniciado. A " "maioria das pessoas espera que o daemon reinicie, portanto isto é geralmente " "uma boa ideia. No entanto isto poderá fechar ligações existentes e depois " "ligá-las de novo, portanto se você está a usar algo como um túnel do " "strongSwan para ligar a esta actualização, o reiniciar não é recomendado." #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "Start strongSwan's IKEv1 daemon?" msgid "Start strongSwan's charon daemon?" msgstr "Iniciar o daemon IKEv1 do strongSwan?" #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "" #| "The charon daemon must be running to support version 2 of the Internet " #| "Key Exchange protocol." msgid "" "The charon daemon must be running to support the Internet Key Exchange " "protocol." msgstr "" "O daemon charon precisa de estar a correr para suportar a versão 2 do " "protocolo Internet Key Exchange." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "Use an X.509 certificate for this host?" msgstr "Usar um certificado X.509 para esta máquina?" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Pode ser criado automaticamente ou importado um certificado X.509 para esta " "máquina. Pode ser usado para autenticar ligações IPsec para outras máquinas " "e é a maneira preferida de construir ligações IPsec seguras. A outra " "possibilidade seria usar segredos partilhados (palavras-passe que são iguais " "em ambos os lados do túnel) para autenticar a ligação, mas para um grande " "número de ligações, a autenticação baseada em chaves é mais fácil de " "administrar e mais segura." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure strongswan\" to come back." msgstr "" "Alternativamente, você pode rejeitar esta opção e mais tarde usar o comando " "\"dpkg-reconfigure strongswan\" para voltar aqui." #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "create" msgstr "criar" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "import" msgstr "importar" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "Métodos de usar um certificado X.509 para autenticar esta máquina:" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "É possível criar um novo certificado X.509 com configurações definidas pelo " "utilizador ou importar uma chave pública e privada existente em ficheiro(s) " "PEM para autenticar ligações IPsec." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Se escolher criar um novo certificado X.509 ser-lhe-à primeiro perguntado um " "número de questões que têm de ser respondidas antes da criação poder " "iniciar. Por favor tenha em mente que se deseja que a chave pública seja " "assinada por uma Autoridade de Certificados existente, você não deve " "seleccionar a criação de um certificado auto-assinado e todas as respostas " "dadas devem corresponder exactamente aos requisitos da AC, caso contrário o " "pedido de certificado pode ser rejeitado." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Se deseja importar uma chave pública e privada existente, ser-lhe-à pedido " "os seus nomes de ficheiros (que podem ser idênticos se ambas as partes " "estiverem armazenadas juntamente no mesmo ficheiro). Opcionalmente você " "também pode especificar um nome de ficheiro onde as chave(s) pública(s) da " "Autoridade de Certificados são mantidas, mas este ficheiro não pode ser o " "mesmo que os anteriores. Por favor tenha também em mente que o formato dos " "certificados X.509 tem de ser PEM e que a chave privada não pode estar " "encriptada ou o procedimento de importação irá falhar." #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "File name of your PEM format X.509 certificate:" msgstr "Nome de ficheiro do seu certificado X.509 em formato PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Por favor insira a localização do ficheiro que contém o seu certificado " "X.509 em formato PEM." #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "File name of your PEM format X.509 private key:" msgstr "Nome do ficheiro da sua chave privada X.509 em formato PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Por favor insira a localização do ficheiro que contém a chave privada RSA " "que coincide com o seu certificado X.509 em formato PEM. Este pode ser o " "mesmo ficheiro que contém o certificado X.509." #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Nome de ficheiro do seu RootCA X.509 em formato PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Opcionalmente você pode agora indicar a localização do ficheiro que contém a " "raiz da Autoridade de Certificados X.509 usada para assinar o seu " "certificado em formato PEM. Se você não tem um ou não o quer usar, por favor " "deixe o campo vazio. Por favor note que não é possível armazenar a RootCA no " "mesmo ficheiro que o seu certificado X.509 ou chave privada." #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "Please enter which length the created RSA key should have:" msgstr "Por favor indique o comprimento que a chave RSA criada deve ter:" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "" "Please enter the length of the created RSA key. It should not be less than " "1024 bits because this should be considered unsecure and you will probably " "not need anything more than 4096 bits because it only slows the " "authentication process down and is not needed at the moment." msgstr "" "Por favor indique o comprimento que a chave RSA criada. Não deve ser menos " "que 1024 bits porque isto seria considerado inseguro e provavelmente você " "não vai precisar de nada maior que 4096 bits porque apenas atrasa o processo " "de autenticação e de momento não é necessário." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "Create a self-signed X.509 certificate?" msgstr "Criar um certificado X.509 auto-assinado?" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using strongSwan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Apenas os certificados X.509 auto-assinados podem ser criados " "automaticamente, porque caso contrário é necessário uma Autoridade de " "Certificados para assinar o pedido de certificado. Se escolher criar um " "certificado auto-assinado, você pode usá-lo imediatamente para ligar a " "outras máquinas IPsec que suportam certificados X.509 para autenticação de " "ligações IPsec. No entanto, usar as funcionalidades PKI do strongSwan requer " "que todos os certificados seja assinados por uma única Autoridade de " "Certificados para criar um caminho de confiança." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Se escolher não criar um certificado auto-assinado, apenas a chave RSA " "privada e o pedido de certificado serão criados, e você tem que assinar o " "pedido de certificado com a sua Autoridade de Certificados." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "Country code for the X.509 certificate request:" msgstr "Código de país para o pedido de certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Por favor indique o código de duas letras para o país onde o servidor reside " "(algo como \"PT\" para Portugal)." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "O OpenSSL irá recusar gerar um certificado a menos que isto seja um código " "ISO-3166 de país válido; um campo vazio é permitido em qualquer parte do " "certificado X.509, mas não aqui." #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "State or province name for the X.509 certificate request:" msgstr "Estado ou nome da província para o pedido do certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Por favor insira o nome completo do estado ou província onde o servidor " "reside (algo como \"Estremadura Portugal\")." #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "Locality name for the X.509 certificate request:" msgstr "Nome da localidade para o pedido de certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Por favor indique a localidade onde o servidor reside (geralmente uma " "cidade, tal como \"Lisboa\")." #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "Organization name for the X.509 certificate request:" msgstr "Nome da organização para o pedido de certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" "Por favor indique a organização a que o servidor pertence (algo como \"Debian" "\")." #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Unidade organizativa para o pedido de certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Por favor indique a unidade organizacional a que o servidor pertence (algo " "como \"Departamento de Segurança\")." #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "Common Name for the X.509 certificate request:" msgstr "Nome comum para o pedido de certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Por favor indique o Nome Comum para esta máquina (algo como \"gateway." "exemplo.org\")." #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "Email address for the X.509 certificate request:" msgstr "Endereço de email para o pedido de certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Por favor insira o endereço de email da pessoa ou organização responsável " "pelo certificado X.509." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "Enable opportunistic encryption?" msgstr "Activar encriptação oportunista?" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "" "This version of strongSwan supports opportunistic encryption (OE), which " "stores IPSec authentication information in DNS records. Until this is widely " "deployed, activating it will cause a significant delay for every new " "outgoing connection." msgstr "" "Esta versão do strongSwan suporta encriptação oportunista (OE), a qual " "guarda informação de autenticação IPSec em registos DNS. Até que isto esteja " "amplamente instalado, a sua activação irá causar um atraso significativo em " "cada nova ligação de saída." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 #, fuzzy #| msgid "" #| "You should only enable opportunistic encryption if you are sure you want " #| "it. It may break the Internet connection (default route) as the pluto " #| "daemon starts." msgid "" "You should only enable opportunistic encryption if you are sure you want it. " "It may break the Internet connection (default route) as the daemon starts." msgstr "" "Você deverá apenas activar a encriptação oportunista se tiver a certeza que " "a quer. Pode quebrar a ligação à Internet (rota predefinida) assim que o " "daemon pluto arrancar." #~ msgid "" #~ "The pluto daemon must be running to support version 1 of the Internet Key " #~ "Exchange protocol." #~ msgstr "" #~ "O daemon pluto precisa de estar a correr para suportar a versão 1 do " #~ "protocolo Internet Key Exchange." #~ msgid "Start strongSwan's IKEv2 daemon?" #~ msgstr "Iniciar o daemon IKEv2 do strongSwan?" debian/po/eu.po0000644000000000000000000004423412775300022010562 0ustar # translation of strongswan_4.4.1-5.1_eu.po to Basque # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Piarres Beobide , 2009. # Iñaki Larrañaga Murgoitio , 2010. msgid "" msgstr "" "Project-Id-Version: strongswan_4.4.1-5.1_eu\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" "POT-Creation-Date: 2013-02-07 13:28+0100\n" "PO-Revision-Date: 2010-11-16 20:23+0100\n" "Last-Translator: Iñaki Larrañaga Murgoitio \n" "Language-Team: Basque \n" "Language: eu\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: KBabel 1.11.4\n" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "Old runlevel management superseded" msgstr "Exekuzio-mailaren kudeaketa zaharra ordeztuta" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "" "Previous versions of the strongSwan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your strongSwan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "strongSwan paketearen aurreko bertsioak hiru Abiarazte-/Gelditzen-maila " "desberdinen arteko aukera eskaintzen zuen. Sistemaren abioaren prozedura " "arruntean aldaketak gertatu direnez, ez dira beharrezkoak edo erabilgarriak. " "Instalazio berri guztientzako, aurredefinitutako moduetako batean " "exekutatzen diren zaharretan ere, zentzuzko maila lehenetsiak ezarriko dira " "orain. Aurreko bertsiotik eguneratzen ari bazara, eta strongSwan-en abioko " "parametroak aldatu bazenituen, irakur ezazu NEWS.Debian fitxategia. " "konfigurazioa modu egokian nola aldatzen den jakiteko." #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "Restart strongSwan now?" msgstr "Berrabiarazi StrongSwan orain?" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "" "Restarting strongSwan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such a " "strongSwan tunnel to connect for this update, restarting is not recommended." msgstr "" "StrongSwan berrabiaraztea gomendatzen da segurtasunezko konponketa bat " "badago ez baita ezarriko daemona berrabiarazi artea. Erabiltzaile gehienek " "daemona berrabiaraztea espero dutenez, burutazio ona da hori. Hala ere, " "honek martxan dauden konexioak itxi eta gero berriz abiaraziko ditu. Hori " "dela eta, eguneraketa honetan strongSwan tunela erabiltzen ari bazara, ez da " "gomendatzen berrabiaraztea." #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "Start strongSwan's IKEv1 daemon?" msgid "Start strongSwan's charon daemon?" msgstr "StrongSwan-ren IKEv1 daemona abiarazi?" #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "" #| "The charon daemon must be running to support version 2 of the Internet " #| "Key Exchange protocol." msgid "" "The charon daemon must be running to support the Internet Key Exchange " "protocol." msgstr "" "'charon' daemona exekutatzen egon behar da Interneteko Gakoen Trukaketa " "(IKE) protokoloaren lehen bertsioa onartzeko." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "Use an X.509 certificate for this host?" msgstr "X.509 ziurtagiria erabili ostalari honentzako?" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Ostalari honentzako X.509 ziurtagiri bat automatikoki sor edo inportatu " "daiteke. Beste ostalariekin IPsec bidez konektatzean autentifikatzeko " "erabili daiteke, eta hobetsitako bidea da IPsec konexio seguruak " "eraikitzeko. Beste aukera bat ezkutukoak (tunelaren bi aldeetan berdinak " "diren pasahitzak) partekatzea litzateke konexio bat autentifikatzeko, baina " "konexio kopuru handi batentzako gakoetan oinarritutako autentifikazioa " "errazagoa eta askoz ere seguruagoa da kudeatzeko." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure strongswan\" to come back." msgstr "" "Bestela, aukera hau ukatu dezakezu eta beranduago itzuli \"dpkg-reconfigure " "strongswan\" komandoa erabiliz." #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "create" msgstr "sortu" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "import" msgstr "inportatu" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "Metodoa ostalari hau X.509 ziurtagiria erabiliz autentifikatzeko:" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "X.509 ziurtagiri berri bat sor daiteke erabiltzaileak definitutako " "ezarpenekin edo PEM fitxategietan gordetako gako publiko eta pribatuak " "inportatu daiteke IPsec konexioak autentifikatzeko." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "X.509 ziurtagiri berri bat sortzea hautatzen baduzu aurrenik, eta sortzeko " "lanak hasi aurretik, erantzun beharreko galdera batzuk egingo zaizkizu. " "Jakin ezazu gako publikoa existitzen den Ziurtagiri-emaile batek sinatzea " "nahi baduzu, ez zenukeela sortu beharko auto-sinatutako sinatzen duen " "ziurtagiririk, eta emandako erantzun guztiak zehatz-meatz ZEren " "eskakizunekin bat etorri beharko dutela, bestela ziurtagiriaren eskaera " "ukatu egingo baita." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Existitzen den gako publiko eta pribatua inportatzea nahi izanez gero, haien " "fitxategi-izenak eskatuko zaizkizu (berdinak izango dira bi zatiak fitxategi " "batean gordeta badaude). Aukeran ziurtagiri-emailearen gako publikoa duen " "fitxategia ere zehaz dezakezu, baina fitxategi hau ezin da aurrekoen berdina " "izan. Kontuz ibili, X.509 ziurtagirien formatua PEM izan behar duelako, eta " "gako pribatua ezin delako enkriptatuta egon, bestela inportatzeko prozesuak " "huts egingo bait luke." #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "File name of your PEM format X.509 certificate:" msgstr "Zure PEM formatuko X.509 ziurtagiriaren fitxategi-izena :" #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Idatzi zure PEM formatuko X.509 ziurtagiria duen fitxategiaren bide-izen " "osoa." #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "File name of your PEM format X.509 private key:" msgstr "PEM formatuko X.509 gako pribatuaren fitxategi-izena :" #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Idatzi dagoen zure PEM formatuko X.509 ziurtagiriaren pareko RSA gako " "pribatua duen fitxategiaren kokapen osoa. Hau X.509 ziurtagiriaren fitxategi " "berdina izan daiteke." #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "File name of your PEM format X.509 RootCA:" msgstr "PEM formatuko X.509 ziurtagiriaren fitxategi-izena:" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Aukeran X.509 Ziurtagiri-emailearen erroa duen fitxategiaren kokalekua idatz " "dezakezu zure ziurtagiria PEM formatuan sinatzeko. Ez badaukazu do ez baduzu " "hori erabiltzerik nahi, utzi eremu hau hutsik. Jakin ezazu ezin dela gorde " "erroko ZE (RootCA) zure X.509 ziurtagiria edo gako pribatua duen fitxategi " "berdinean." #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "Please enter which length the created RSA key should have:" msgstr "Sartu sortutako RSA gakoak edukiko duen luzera:" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "" "Please enter the length of the created RSA key. It should not be less than " "1024 bits because this should be considered unsecure and you will probably " "not need anything more than 4096 bits because it only slows the " "authentication process down and is not needed at the moment." msgstr "" "Sartu sortutako RSA gakoaren luzera. Ez luke 1024 bit baino txikiagoa izan " "behar ez-segurutzat jotzen delako, eta litekeena da 4096 bit baino luzeagoa " "behar ez izatea, autentifikatzeko prozesua soilik moteltzen duelako eta " "unean ez delako behar." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "Create a self-signed X.509 certificate?" msgstr "Sortu auto-sinatutako X.509 ziurtagiria?" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using strongSwan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Soilik auto-sinatutako X.509 ziurtagiriak sor daitezke automatikoki, bestela " "Ziurtagiri-emailea behar delako ziurtagiriaren eskaera sinatzeko. Auto-" "sinatutako ziurtagiria sortzea aukeratzen baduzu, ziurtagiri hori berehala " "erabil dezakezu X.509 ziurtagiria onartzen duten beste IPsec ostalariekin " "IPsec konexioak autentifikatzeko. Hala ere, strongSwan-en PKI eginbidea " "erabiltzeak ziurtagiri guztiak Ziurtagiri-emaile batek sinatuta egotea " "eskatzen du bide fidagarri bat sortzeko." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Ez baduzu auto-sinatutako ziurtagiri bat sortzea aukeratzen, soilik RSAren " "gako pribatua eta ziurtagiriaren eskaera sortuko dira, eta ziurtagiriaren " "eskaera zure Ziurtagiri-emailearekin sinatu beharko duzu." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "Country code for the X.509 certificate request:" msgstr "X.509 ziurtagiriaren eskaeraren herrialdearen kodea:" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Sartu zerbitzaria kokatuta dagoen herrialdeari dagokion bi hizkiko kodea " "(hala nola \"AT\" Austriarentzako)." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "OpenSSL-ek ukatu egingo du ziurtagiri bat sortzea baldin eta herrialdearen " "baliozko ISO-3166 kodea ez bada. X.509 ziurtagiriko beste edozer eremu " "hutsik egon daiteke, baina ez eremu hau." #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "State or province name for the X.509 certificate request:" msgstr "X.509 ziurtagiri eskaeraren estatu edo probintziaren izena:" #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Idatzi zerbitzaria kokatuta dagoen estatu edo probintziaren izen osoa " "(adibidez, \"Goiko Austria\")." #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "Locality name for the X.509 certificate request:" msgstr "X.509 ziurtagiri eskaeraren herriaren izena:" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Idatzi zerbitzaria kokatuta dagoen kokalekua (normalean herria, adibidez, " "\"Bilbo\"). " #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "Organization name for the X.509 certificate request:" msgstr "X.509 ziurtagiri eskaeraren erakundearen izena:" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "Idatzi zerbitzaria duen erakundea (adibidez, \"Debian\")" #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "Organizational unit for the X.509 certificate request:" msgstr "X.509 ziurtagiri eskaeraren saila:" #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "Idatzi zerbitzaria duen saila (adibidez, \"segurtasunaren taldea\")" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "Common Name for the X.509 certificate request:" msgstr "X.509 ziurtagiri eskaeraren izen arrunta:" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Idatzi ostalari honen izen arrunta (adibidez, \"atebidea.adibidea.org\")." #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "Email address for the X.509 certificate request:" msgstr "X.509 ziurtagiri eskaeraren helbide elektronikoa:" #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Idatzi X.509 ziurtagiriaren ardura duen pertsona edo erakundearen helbide " "elektronikoa." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "Enable opportunistic encryption?" msgstr "Gaitu enkriptazio oportunista?" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "" "This version of strongSwan supports opportunistic encryption (OE), which " "stores IPSec authentication information in DNS records. Until this is widely " "deployed, activating it will cause a significant delay for every new " "outgoing connection." msgstr "" "StrongSwan bertsio honek aukerako enkriptazio oportunistaren (OE) euskarria " "du, honek IPSec autentifikazio informazioa DNS erregistroetan gordetzen " "ditu. Hau guztiz garatua ez dagoenez gaitzeak kanporako konexio berri " "guztien atzerapen esanguratsu bat eragin dezake." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 #, fuzzy #| msgid "" #| "You should only enable opportunistic encryption if you are sure you want " #| "it. It may break the Internet connection (default route) as the pluto " #| "daemon starts." msgid "" "You should only enable opportunistic encryption if you are sure you want it. " "It may break the Internet connection (default route) as the daemon starts." msgstr "" "Enkriptazio oportunista behar duzula ziur bazaude bakarrik gaitu beharko " "zenuke. Interneteko konexioak moztuko dira (lehenetsitako atebidea) pluto " "daemona abiaraztean." #~ msgid "" #~ "The pluto daemon must be running to support version 1 of the Internet Key " #~ "Exchange protocol." #~ msgstr "" #~ "'pluto' daemona exekutatzen egon behar da Interneteko Gakoen Trukaketa " #~ "(IKE) protokoloaren lehen bertsioa onartzeko." #~ msgid "Start strongSwan's IKEv2 daemon?" #~ msgstr "StrongSwan-ren IKEv2 daemona abiarazi?" debian/po/nb.po0000644000000000000000000006364012775300022010552 0ustar # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Bjørn Steensrud , 2009, 2012. msgid "" msgstr "" "Project-Id-Version: nb\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" "POT-Creation-Date: 2013-02-07 13:28+0100\n" "PO-Revision-Date: 2012-01-03 15:56+0100\n" "Last-Translator: Bjørn Steensrud \n" "Language-Team: Norwegian Bokmål \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 1.2\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "Old runlevel management superseded" msgstr "Gammel kjørenivåstyring erstattet" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "" "Previous versions of the strongSwan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your strongSwan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Tidligere versjoner av strongSwan-pakka ga et valg mellom tre forskjellige " "nivåer for start/stopp. På grunn av endringer i standard oppstartsprosedyre " "for systemet er dette ikke lenger verken nødvendig eller nyttig. Det blir nå " "satt opp fornuftige standardnivåer både for nye installasjoner og for gamle " "som kjører på en av de forhåndsinnstilte nivåene. Hvis du er i ferd med å " "oppgradere fra en tidligere versjon og har endret oppstartsparametrene for " "strongSwan, kan du lese NEWS.Debian for å finne ut hvordan du kan endre " "oppsettet ditt tilsvarende." #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "Restart strongSwan now?" msgstr " Start strongSwan på nytt nå" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "" "Restarting strongSwan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such a " "strongSwan tunnel to connect for this update, restarting is not recommended." msgstr "" "Det anbefales å starte strongSwan på nytt nå, for om det var en " "sikkerhetsrettelse, så får den ikke effekt før daemonen startes på nytt. " "Imidlertid kan dette lukke eksisterende forbindelser og deretter koble dem " "opp igjen, så hvis du bruker en slik strongSwan-tilkobling for denne " "oppdateringen er det best å ikke starte på nytt." #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "Start strongSwan's IKEv1 daemon?" msgid "Start strongSwan's charon daemon?" msgstr "Skal strongSwans IKEv1-daemon startes?" #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "" #| "The charon daemon must be running to support version 2 of the Internet " #| "Key Exchange protocol." msgid "" "The charon daemon must be running to support the Internet Key Exchange " "protocol." msgstr "" "Charon-daemonen må kjøre for å kunne støtte versjon 2 av Internet Key " "Exchange-protokollen." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "Use an X.509 certificate for this host?" msgstr "Skal et X.509-sertifikat brukes for denne vertsmaskinen?" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Et X.509-sertifikat for denne verten kan importeres eller lages automatisk. " "Det kan brukes til å autentisere IPSec-tilkoblinger til andre verter og er " "den foretrukne måten å bygge opp sikre IPSec-tilkoblinger. Den andre " "muligheten er å bruke felles hemmeligheter (passord som er de samme på begge " "sider av tunnelen) til å autentisere en tilkobling, men for større antall " "tilkoblinger er det lettere å administrere nøkkel-basert autentisering, og " "det er også sikrere." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure strongswan\" to come back." msgstr "" "Du kan også avvise dette valget og senere bruke kommandoen «dpkg -" "reconfigure strongswan» for å komme tilbake hit." #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "create" msgstr "opprett" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "import" msgstr "importer" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "" "Metoder for å bruke et X.509-sertifikat til å autentisere denne verten:" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "Det er mulig å opprette et nytt X.509-sertifikat med brukerdefinerte " "innstillinger, eller å importere en eksisterende offentlig og privat nøkkel " "lagret i PEM-fil(er) til å autentisere IPSec-tilkoblinger." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Hvis du velger å opprette et nytt X.509-sertifikat blir det først stilt noen " "spørsmål som du må svare på før det kan lages et sertifikat. Husk på at hvis " "du vil at en eksisterende sertifikatutsteder (CA) skal signere den " "offentlige nøkkelen, så må du ikke lage et selvsignert sertifikat, og alle " "svarene du gir må stemme nøyaktig overens med CA-ens krav, ellers kan " "sertifikatsøknaden bli avvist." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Hvis du vil importere en eksisterende offentlig og privat nøkkel blir du " "spurt etter filnavnene, som kan være samme navn hvis begge nøklene er lagret " "i én fil. Du kan også om du vil oppgi et filnavn der offentlig(e) nøkkel/" "nøkler for sertifikatutstederen er lagret, men dette kan ikke være samme fil " "som de forrige. Vær også oppmerksom på at formatet for X.509-sertifikatene " "må være PEM og at den private nøkkelen ikke må være kryptert, ellers kan " "nøklene ikke importeres." #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "File name of your PEM format X.509 certificate:" msgstr "Filnavn for ditt X.509-sertifikat i PEM-format:" #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Skriv inn stien til fila som inneholder ditt X.509-sertifikat i PEM-format." #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "File name of your PEM format X.509 private key:" msgstr "Filnavn for din eksisterende private X.509-nøkkel i PEM-format:" #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Skriv inn sti til fila som inneholder den private nøkkelen som tilsvarer " "ditt X.509-sertifikat i PEM-format. Dette kan være den samme fila som X.509-" "sertifikatet." #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Filnavn for ditt rot-sertifikat i PEM-format:" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Om du vil kan du nå skrive inn stien til fila som inneholder rotsertifikatet " "til den sertifikatutstederen som brukes til å signere ditt sertifikat, i PEM-" "format. Hvis du ikke har ett eller ikke vil bruke det, så la det være tomt. " "Merk at det ikke er mulig å lagre rot-sertifikatet (RootCA) i samme fil som " "ditt X.509-sertifikat eller provate nøkkel." #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "Please enter which length the created RSA key should have:" msgstr "Skriv inn hvilken lengde det skal være på den genererte RSA-nøkkelen:" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "" "Please enter the length of the created RSA key. It should not be less than " "1024 bits because this should be considered unsecure and you will probably " "not need anything more than 4096 bits because it only slows the " "authentication process down and is not needed at the moment." msgstr "" "Skriv inn lengden for den RSA-nøkkelen som blir laget. Den bør ikke være " "kortere enn 1024 bit fordi dette blir betraktet som usikkert, og du trenger " "antakelig ikke mer enn 4096 bit fordi det bare forsinker " "autentiseringsprosessen og ikke trengs nå." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "Create a self-signed X.509 certificate?" msgstr "Skal det lages et selvsignert X.509-sertifikat?" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using strongSwan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Bare selvsignerte X.509-sertifikater kan opprettes automatisk, fordi ellers " "må en sertifikatutsteder (CA) signere sertifikatsøknaden. Hvis du velger å " "lage et selvsignert sertifikat, kan du straks bruke det til å koble til " "andre IPSec-verter som støtter X.509-sertifikater for autentisering av IPSec-" "tilkoblinger. Men bruk av strongSwans PKI-funksjoner krever at alle " "sertifikater må være signert av en enkelt sertifikatutsteder for å lage en " "tiltrodd kjede." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Hvis du velger å ikke lage et selvsignert sertifikat, så blir bare en privat " "RSA-nøkkel opprettet, sammen med en sertifikatsøknad som du må signere med " "din CA (Certificate Authority)." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "Country code for the X.509 certificate request:" msgstr "Landskode for X.509-sertifikatsøknaden:" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Skriv inn to-bokstavskoden for landet der tjeneren holder til (slik som «NO» " "for Norge)." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "OpenSSL vil ikke lage et sertifikat hvis dette ikke er en gyldig landskode i " "følge ISO-3166, tomme felter godtas andre steder i X.509-sertifikatet, men " "ikke her." #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "State or province name for the X.509 certificate request:" msgstr "Stat eller provinsnavn for X.509-sertifikatsøknaden:" #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Skriv inn fullt navn på stat eller provins der tjeneren holder til (f.eks. " "«Troms»)" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "Locality name for the X.509 certificate request:" msgstr "Stedsnavn for X.509-sertifikatsøknaden:" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Skriv inn navnet på stedet der tjeneren holder til (ofte en by, slik som " "«Tromsø»)" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "Organization name for the X.509 certificate request:" msgstr "Organisasjonsnavn for X.509-sertifikatsøknaden:" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "Skriv inn organisasjonen som tjeneren tilhører (slik som «Debian»)" #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Organisasjonsenhet for X.509-sertifikatsøknaden:" #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Skriv inn organisasjonsenhet som tjeneren tilhører (slik som " "«sikkerhetsgruppa»)." #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "Common Name for the X.509 certificate request:" msgstr "Entydig navn for X.509-sertifikatsøknaden:" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Skriv inn entydig navn for denne verten (slik som «gateway.example.org»)." #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "Email address for the X.509 certificate request:" msgstr "E-postadresse for X.509-sertifikatsøknaden:" #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Oppgi e-postadressen til person eller organisasjon som er ansvarlig for " "X.509-sertifikatet." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "Enable opportunistic encryption?" msgstr "Slå på opportunistisk kryptering?" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "" "This version of strongSwan supports opportunistic encryption (OE), which " "stores IPSec authentication information in DNS records. Until this is widely " "deployed, activating it will cause a significant delay for every new " "outgoing connection." msgstr "" "Denne versjonen av strongSwan støtter opportunistisk kryptering (OE), som " "lagrer autentiseringsinformasjon for IPSec i DNS-data. Inntil dette er tatt " "i vanlig bruk vil det gi en betydelig forsinkelse for hver ny utgående " "tilkobling hvis dette er aktivert." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 #, fuzzy #| msgid "" #| "You should only enable opportunistic encryption if you are sure you want " #| "it. It may break the Internet connection (default route) as the pluto " #| "daemon starts." msgid "" "You should only enable opportunistic encryption if you are sure you want it. " "It may break the Internet connection (default route) as the daemon starts." msgstr "" "Du bør bare slå på opportunistisk kryptering hvis du er sikker på at du vil " "ha det. Det kan koble ut Internett-forbindelsen (standardruten) når pluto- " "daemonen starter." #~ msgid "" #~ "The pluto daemon must be running to support version 1 of the Internet Key " #~ "Exchange protocol." #~ msgstr "" #~ "Pluto-daemonen må kjøre for å kunne støtte versjon 1 av Internet Key " #~ "Exchange-protokollen." #~ msgid "Start strongSwan's IKEv2 daemon?" #~ msgstr "Skal strongSwans IKEv2-daemon startes?" #, fuzzy #~| msgid "When to start strongSwan:" #~ msgid "Do you wish to restart strongSwan?" #~ msgstr "Når strongSwan skal startes:" #, fuzzy #~| msgid "" #~| "Please enter the full location of the file containing your X.509 " #~| "certificate in PEM format." #~ msgid "Please enter the location of your X509 certificate in PEM format:" #~ msgstr "" #~ "Oppgi full sti til fila som inneholder ditt X.509-sertifikat i PEM-format." #, fuzzy #~| msgid "" #~| "Please enter the full location of the file containing your X.509 " #~| "certificate in PEM format." #~ msgid "Please enter the location of your X509 private key in PEM format:" #~ msgstr "" #~ "Oppgi full sti til fila som inneholder ditt X.509-sertifikat i PEM-format." #, fuzzy #~| msgid "" #~| "Please enter the full location of the file containing your X.509 " #~| "certificate in PEM format." #~ msgid "You may now enter the location of your X509 RootCA in PEM format:" #~ msgstr "" #~ "Oppgi full sti til fila som inneholder ditt X.509-sertifikat i PEM-format." #, fuzzy #~| msgid "" #~| "Please enter the two-letter ISO3166 country code that should be used in " #~| "the certificate request." #~ msgid "" #~ "Please enter the 2 letter country code for your country. This code will " #~ "be placed in the certificate request." #~ msgstr "" #~ "Oppgi tobokstavers ISO3166 landskode som skal brukes i sertifikatsøknaden." #, fuzzy #~| msgid "" #~| "Please enter the locality name (often a city) that should be used in the " #~| "certificate request." #~ msgid "" #~ "Please enter the locality (e.g. city) where you live. This name will be " #~ "placed in the certificate request." #~ msgstr "Oppgi stedsnavn (ofte en by) som skal brukes i sertifikatsøknaden." #, fuzzy #~| msgid "" #~| "Please enter the organization name (often a company) that should be used " #~| "in the certificate request." #~ msgid "" #~ "Please enter the organization (e.g. company) that the X509 certificate " #~ "should be created for. This name will be placed in the certificate " #~ "request." #~ msgstr "" #~ "Oppgi organisasjonsnavn (ofte et firma) som skal brukes i " #~ "sertifikatsøknaden." #, fuzzy #~| msgid "" #~| "Please enter the organizational unit name (often a department) that " #~| "should be used in the certificate request." #~ msgid "" #~ "Please enter the organizational unit (e.g. section) that the X509 " #~ "certificate should be created for. This name will be placed in the " #~ "certificate request." #~ msgstr "" #~ "Oppgi organisasjonsenhet (ofte en avdeling som skal brukes i " #~ "sertifikatsøknaden." #, fuzzy #~| msgid "" #~| "Please enter the common name (such as the host name of this machine) " #~| "that should be used in the certificate request." #~ msgid "" #~ "Please enter the common name (e.g. the host name of this machine) for " #~ "which the X509 certificate should be created for. This name will be " #~ "placed in the certificate request." #~ msgstr "" #~ "Oppgi vanlig navn (slik som vertsnavnet på denne maskinen) som skal " #~ "brukes i sertifikatsøknaden." #~ msgid "earliest" #~ msgstr "tidligst" #~ msgid "after NFS" #~ msgstr "etter NFS" #~ msgid "after PCMCIA" #~ msgstr "etter PCMCIA" #~ msgid "" #~ "StrongSwan starts during system startup so that it can protect " #~ "filesystems that are automatically mounted." #~ msgstr "" #~ "StrongSwan starter under systemoppstart, slik at det kan beskytte " #~ "filsystemer som monteres automatisk." #~ msgid "" #~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" #~ " PCMCIA network card, it is best to start strongSwan as soon as\n" #~ " possible, so that NFS mounts can be secured by IPSec;\n" #~ " * after NFS: recommended when /usr is mounted through NFS and no\n" #~ " PCMCIA network card is used;\n" #~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" #~ " network card or if it needs keys to be fetched from a locally running " #~ "DNS\n" #~ " server with DNSSec support." #~ msgstr "" #~ " * tidligst: hvis /usr ikke monteres via NFS og du ikke bruker et\n" #~ " PCMCIA nettverkskort, så er det best å starte strongSwan\n" #~ " snarest mulig, slik at NFS-montering kan sikres med IPSec;\n" #~ " * etter NFS: anbefales når /usr monteres via NFS og det ikke\n" #~ " brukes noe PCMCIA nettverkskort.\n" #~ " * etter PCMCIA: anbefales hvis IPSec-tilkoblingen bruker et PCMCIA\n" #~ " nettverkskort eller om den trenger å hente nøkler fra en lokal\n" #~ " DNS-tjener med DNSSec-støtte. " #~ msgid "" #~ "If you don't restart strongSwan now, you should do so manually at the " #~ "first opportunity." #~ msgstr "" #~ "Hvis du ikke gjør en omstart på strongSwan nå, så bør du gjøre det " #~ "manuelt ved første anledning." #~ msgid "Create an RSA public/private keypair for this host?" #~ msgstr "Skal det lages et offentlig/privat RSA-nøkkelpar for denne verten?" #~ msgid "" #~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " #~ "authenticate IPSec connections to other hosts. RSA authentication is " #~ "generally considered more secure and is easier to administer. You can use " #~ "PSK and RSA authentication simultaneously." #~ msgstr "" #~ "StrongSwan kan bruke en delt nøkkel (PSK) eller et RSA-nøkkelpar for å " #~ "autentisere IPSec-forbindelser til andre verter. RSA-autentisering " #~ "betraktes for det meste som sikrere og lettere å administrere. Du kan " #~ "bruke PSK og RSA-autentisering samtidig." #~ msgid "" #~ "If you do not want to create a new public/private keypair, you can choose " #~ "to use an existing one in the next step." #~ msgstr "" #~ "Hvis du ikke vil lage et nytt offentlig/privat nøkkelpar, så kan du velge " #~ "å bruke et eksisterende nøkkelpar i neste steg." #~ msgid "" #~ "The required information can automatically be extracted from an existing " #~ "X.509 certificate with a matching RSA private key. Both parts can be in " #~ "one file, if it is in PEM format. You should choose this option if you " #~ "have such an existing certificate and key file and want to use it for " #~ "authenticating IPSec connections." #~ msgstr "" #~ "Den informasjonen som trengs kan hentes automatisk fra et eksisterende " #~ "X.509-sertifikat med tilhørende privat RSA-nøkkel. Begge deler kan være i " #~ "én fil, hvis den er i PEM-format. Du bør velge dette hvis du har et slikt " #~ "sertifikat og vil bruke det til å autentisere IPSec-forbindelser." #~ msgid "RSA key length:" #~ msgstr "RSA nøkkellengde:" #~ msgid "" #~ "Please enter the length of RSA key you wish to generate. A value of less " #~ "than 1024 bits is not considered secure. A value of more than 2048 bits " #~ "will probably affect performance." #~ msgstr "" #~ "Oppgi lengde for RSA-nøkkelen du vil opprette. Kortere nøkler enn 1024 " #~ "bit betraktes ikke som sikre. En nøkkellengde på mer enn 2048 bit vil " #~ "antakelig gå ut over ytelsen." #~ msgid "" #~ "Only self-signed X.509 certificates can be created automatically, because " #~ "otherwise a certificate authority is needed to sign the certificate " #~ "request." #~ msgstr "" #~ "Bare selvsignerte X.509-sertifikater kan lages automatisk, for ellers må " #~ "en sertifikatutsteder signere sertifikatsøknaden." #~ msgid "" #~ "If you accept this option, the certificate created can be used " #~ "immediately to connect to other IPSec hosts that support authentication " #~ "via an X.509 certificate. However, using strongSwan's PKI features " #~ "requires a trust path to be created by having all X.509 certificates " #~ "signed by a single authority." #~ msgstr "" #~ "Hvis du godtar dette, så kan det sertifikatet som lages bli brukt straks " #~ "til å kople til andre IPSec-verter som støtter autentisering via et X.509-" #~ "sertifikat. Men om strongSwans PKI-del skal brukes, må det lages en " #~ "tillitskjede ved at alle X.509-sertifikatene signeres av en enkelt " #~ "utsteder." #~ msgid "" #~ "This field is mandatory; otherwise a certificate cannot be generated." #~ msgstr "" #~ "Dette feltet er obligatorisk, uten det kan det ikke lages et sertifikat." debian/po/POTFILES.in0000644000000000000000000000006712775300022011362 0ustar [type: gettext/rfc822deb] strongswan-starter.templates debian/po/pl.po0000644000000000000000000004616612775300022010572 0ustar # Copyright (C) 2010 # This file is distributed under the same license as the strongswan package. # # Michał Kułach , 2012. msgid "" msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" "POT-Creation-Date: 2013-02-07 13:28+0100\n" "PO-Revision-Date: 2012-01-31 15:36+0100\n" "Last-Translator: Michał Kułach \n" "Language-Team: Polish \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 1.2\n" "Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " "|| n%100>=20) ? 1 : 2);\n" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "Old runlevel management superseded" msgstr "Zastąpiono stare zarządzanie poziomami uruchamiania" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "" "Previous versions of the strongSwan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your strongSwan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Poprzednie wersje pakietu strongSwan umożliwiały wybór pomiędzy trzema " "różnymi Start/Stop-Level. Z powodu zmian w procedurze uruchamiania systemu " "podstawowego nie jest to dłużej ani potrzebne, ani użyteczne. W przypadku " "zarównowszystkich nowych instalacji, jak i starych z którymś z działających " "trybów predefiniowanych, zostaną przyjęte domyślne, rozsądne poziomy. Jeśli " "jest to aktualizacja z poprzedniej wersji i zmieniono parametry uruchamiania " "strongSwan, proszę zapoznać się z plikiem NEWS.Debian, aby dowiedzieć się " "jak odpowiednio zmodyfikować swoją konfigurację." #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "Restart strongSwan now?" msgstr "Zrestartować strongSwan?" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "" "Restarting strongSwan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such a " "strongSwan tunnel to connect for this update, restarting is not recommended." msgstr "" "Restart strongSwan jest zalecany, ponieważ jest to poprawka bezpieczeństwa, " "która nie zostanie uwzględniona przed zrestartowaniem demona. Większość " "użytkowników oczekuje restartu demona, więc jest to z reguły dobry pomysł. Z " "drugiej strony może spowodować zerwanie i ponowne nawiązanie istniejących " "połączeń, więc jeśli aktualizacja jest przeprowadzana przez tunel " "strongSwan, restartowanie nie jest wskazane." #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "Start strongSwan's IKEv1 daemon?" msgid "Start strongSwan's charon daemon?" msgstr "Uruchomić demona IKEv1 strongSwan?" #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "" #| "The charon daemon must be running to support version 2 of the Internet " #| "Key Exchange protocol." msgid "" "The charon daemon must be running to support the Internet Key Exchange " "protocol." msgstr "" "Demon charon musi być uruchomiony, aby obsłużyć 2 wersję protokołu Internet " "Key Exchange." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "Use an X.509 certificate for this host?" msgstr "Użyć certyfikatu X.509 dla tego komputera?" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Certyfikat X.509 dla tego komputera może być automatycznie utworzony lub " "zaimportowany. Może zostać wykorzystany do uwierzytelnienia połączeń IPsec " "do innych hostów i jest zalecaną metodą tworzenia bezpiecznych połączeń " "IPsec. Inną możliwością jest użycie takich samych haseł znanych obu stronom " "tunelu (ang. shared secret) do uwierzytelnienia połączenia, ale przy " "większej liczbie połączeń łatwiej jest zarządzać uwierzytelnieniem za pomocą " "kluczy; jest to również bezpieczniejsze." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure strongswan\" to come back." msgstr "" "Można również wybrać \"nie\" i użyć później polecenia \"dpkg-reconfigure " "strongswan\", aby powrócić do niniejszego wyboru opcji." #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "create" msgstr "utwórz" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "import" msgstr "zaimportuj" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "Metody używające certyfikatu X.509 do uwierzytelniania tego komputera:" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "Istnieje możliwość stworzenia nowego certyfikatu X.509 z ustawieniami " "użytkownika lub zaimportowania istniejącego klucza publicznego i prywatnego " "z pliku/plików PEM do uwierzytelniania połączeń IPsec." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Jeśli zostanie wybrana opcja stworzenia nowego certyfikatu X.509, najpierw " "zostaną zadane pytania, na które będzie trzeba odpowiedzieć przed " "uruchomieniem procesu tworzenia certyfikatu. Proszę wziąć pod uwagę, że aby " "używać klucza publicznego podpisanego przez istniejący ośrodek certyfikacji " "(CA), nie powinno się wybierać opcji tworzenia podpisanego przez siebie " "samego (ang. self-signed) certyfikatu, a wszystkie odpowiedzi muszą idealnie " "spełniać wymagania CA, w innym przypadku bowiem, certyfikat może zostać " "odrzucony." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "W przypadku importowania istniejącego klucza publicznego i prywatnego, " "pojawią się pytania o ich nazwy (mogą być identyczne, jeśli obie części są " "przechowywane w jednym pliku). Opcjonalnie, można również określić nazwę " "pliku, gdzie będzie przechowywany klucz (lub klucze) publiczny ośrodka " "certyfikacji (CA), nie może być jednak taka sama jak dwie poprzednie. Proszę " "zauważyć, że formatem certyfikatów X.509 musi być PEM, a klucz prywatny nie " "może być zaszyfrowany - w przeciwnym wypadku procedura zakończy się " "niepowodzeniem." #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "File name of your PEM format X.509 certificate:" msgstr "Nazwa pliku certyfikatu X.509 użytkownika, w formacie PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Proszę określić położenie pliku zawierającego certyfikat X.509 w formacie " "PEM." #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "File name of your PEM format X.509 private key:" msgstr "Nazwa pliku klucza prywatnego X.509 użytkownika, w formacie PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Proszę określić położenie pliku zawierającego certyfikat klucza publicznego " "RSA użytkownika, odpowiadającego certyfikatowi X.509 użytkownika w formacie " "PEM. Może być to ten sam plik, który zawiera certyfikat X.509." #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Nazwa pliku X.509 RootCA użytkownika, w formacie PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Opcjonalnie, można teraz podać lokalizację pliku zawierającego główny urząd " "certyfikacji użyty do podpisu certyfikatu użytkownika w formacie PEM. W " "przypadku nieposiadania takowego, proszę pozostawić pole puste. Proszę " "zauważyć, że nie można przechowywać RootCA w tym samym pliku co certyfikat " "X.509 lub klucz publiczny." #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "Please enter which length the created RSA key should have:" msgstr "Proszę wprowadzić długość tworzonego klucza RSA:" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "" "Please enter the length of the created RSA key. It should not be less than " "1024 bits because this should be considered unsecure and you will probably " "not need anything more than 4096 bits because it only slows the " "authentication process down and is not needed at the moment." msgstr "" "Proszę wprowadzić długość tworzonego klucza RSA. Nie powinna być ona " "mniejsza niż 1024 bity, ponieważ może być wtedy niebezpieczna; nie ma " "również potrzeby aby była większa niż 4096 bity, ponieważ będzie wtedy tylko " "spowalniać proces uwierzytelnienia, a aktualnie nie ma potrzeby używania tak " "długich kluczy." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "Create a self-signed X.509 certificate?" msgstr "Utworzyć podpisany przez samego siebie certyfikat X.509?" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using strongSwan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Wyłącznie certyfikaty X.509 podpisane przez siebie mogą być tworzone " "automatycznie, ponieważ w przeciwnym wypadku potrzebny jest urząd " "certyfikacji, aby podpisać żądany certyfikat. W przypadku wybrania opcji " "utworzenia podpisanego przez siebie samego certyfikatu, można użyć go od " "razu do połączenia z innymi hostami IPsec, które obsługują certyfikat X.509 " "do uwierzytelniania połączeń IPsec. Jednakże, używanie funkcji PKI " "strongSwan wymaga, aby wszystkie certyfikaty były podpisane przez pojedynczy " "urząd certyfikacji, aby utworzyć zaufaną ścieżkę." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "W przypadku niewybrania opcji tworzenia certyfikatu podpisanego przez siebie " "samego, utworzone zostaną tylko klucz prywatny RSA i żądanie podpisania " "certyfikatu, które będzie musiało zostać podpisane przez odpowiedni urząd " "certyfikacji, już za pośrednictwem użytkownika." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "Country code for the X.509 certificate request:" msgstr "Kod kraju do żądania podpisania certyfikatu X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Proszę wprowadzić dwuliterowy kod kraju, w którym położony jest serwer (np. " "\"PL\" dla Polski)." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "OpenSSL odmówi utworzenia certyfikatu, jeśli nie jest to właściwy kod kraju " "ISO-3166; pozostawienie pustego pola, przy certyfikacie X.509, jest " "dozwolone we wszystkich innych przypadkach, poza tym." #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "State or province name for the X.509 certificate request:" msgstr "Nazwa regionu lub prowincji do żądania podpisania certyfikatu X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Proszę wprowadzić pełną nazwę regionu lub prowincji w której położony jest " "serwer (np. \"Malopolska\")." #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "Locality name for the X.509 certificate request:" msgstr "Nazwa lokalizacji do żądania podpisania certyfikatu X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Proszę wprowadzić nazwę lokalizacji serwera (z reguły miasto, np. \"Krakow" "\")." #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "Organization name for the X.509 certificate request:" msgstr "Nazwa organizacji do żądania podpisania certyfikatu X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" "Proszę wprowadzić nazwę organizacji, do której należy serwer (np. \"Debian" "\")." #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Jednostka organizacyjna do żądania podpisania certyfikatu X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Proszę wprowadzić nazwę jednostki organizacyjnej do której należy serwer " "(np. \"grupa bezpieczeństwa\")." #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "Common Name for the X.509 certificate request:" msgstr "" "Nazwa domeny (ang. Common Name) do żądania podpisania certyfikatu X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Proszę wprowadzić nazwę domeny (ang. Common Name) dla tego komputera (np. " "\"gateway.example.org\")." #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "Email address for the X.509 certificate request:" msgstr "Adres poczty elektronicznej do żądania podpisania certyfikatu X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Proszę wprowadzić adres poczty elektronicznej osoby lub organizacji " "odpowiedzialnej za certyfikat X.509." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "Enable opportunistic encryption?" msgstr "Włączyć szyfrowanie oportunistyczne?" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "" "This version of strongSwan supports opportunistic encryption (OE), which " "stores IPSec authentication information in DNS records. Until this is widely " "deployed, activating it will cause a significant delay for every new " "outgoing connection." msgstr "" "Ta wersja stronSwan obsługuje tzw. szyfrowanie oportunistyczne (ang. " "opportunistic encryption - OE), które przechowuje informacje o " "uwierzytelnieniu IPSec w rekordach DNS. Dopóki nie zostanie ono szeroko " "wdrożone, aktywacja tej opcji spowoduje odczuwalne opóźnienie dla każdego " "nowego połączenia wychodzącego." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 #, fuzzy #| msgid "" #| "You should only enable opportunistic encryption if you are sure you want " #| "it. It may break the Internet connection (default route) as the pluto " #| "daemon starts." msgid "" "You should only enable opportunistic encryption if you are sure you want it. " "It may break the Internet connection (default route) as the daemon starts." msgstr "" "Szyfrowanie oportunistyczne powinno być włączone tylko przez osoby, które go " "potrzebują. Może bowiem doprowadzić do przerwania połączenia internetowego " "(domyślnej trasy), kiedy tylko uruchomi się demon pluto." #~ msgid "" #~ "The pluto daemon must be running to support version 1 of the Internet Key " #~ "Exchange protocol." #~ msgstr "" #~ "Demon pluto musi być uruchomiony, aby obsłużyć 1 wersję protokołu " #~ "Internet Key Exchange." #~ msgid "Start strongSwan's IKEv2 daemon?" #~ msgstr "Uruchomić demona IKEv2 strongSwan?" debian/po/gl.po0000644000000000000000000006026412775300022010554 0ustar # Copyright (C) 2009 THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the strongswan package. # # marce villarino , 2009. msgid "" msgstr "" "Project-Id-Version: templates_[kI6655]\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" "POT-Creation-Date: 2013-02-07 13:28+0100\n" "PO-Revision-Date: 2009-05-25 14:50+0100\n" "Last-Translator: marce villarino \n" "Language-Team: Galician \n" "Language: gl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 0.2\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "Old runlevel management superseded" msgstr "" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "" "Previous versions of the strongSwan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your strongSwan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "Restart strongSwan now?" msgstr "Desexa reiniciar strongSwan agora?" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 #, fuzzy #| msgid "" #| "Restarting strongSwan is recommended, because if there is a security fix, " #| "it will not be applied until the daemon restarts. However, this might " #| "close existing connections and then bring them back up." msgid "" "Restarting strongSwan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such a " "strongSwan tunnel to connect for this update, restarting is not recommended." msgstr "" "Recoméndase reiniciar strongSwan porque se houbese algunha actualización de " "seguridade non se aplicará até que se reinicie o daemon. Porén, pode pechar " "as conexións existentes e logo volver a recuperalas." #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "Start strongSwan's IKEv1 daemon?" msgid "Start strongSwan's charon daemon?" msgstr "Desexa iniciar o daemon IKEv1 de strongSwan?" #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "" #| "The charon daemon must be running to support version 2 of the Internet " #| "Key Exchange protocol." msgid "" "The charon daemon must be running to support the Internet Key Exchange " "protocol." msgstr "" "O daemon charon debe estar en execución para soportar a versión 2 do " "protocolo Internet Key Exchange." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 #, fuzzy #| msgid "Use an existing X.509 certificate for strongSwan?" msgid "Use an X.509 certificate for this host?" msgstr "Desexa empregar un certificado X.509 xa existente para strongSwan?" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure strongswan\" to come back." msgstr "" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "create" msgstr "" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "import" msgstr "" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:7001 #, fuzzy #| msgid "File name of your X.509 certificate in PEM format:" msgid "File name of your PEM format X.509 certificate:" msgstr "Nome do ficheiro do certificado X.509 en formato PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:7001 #, fuzzy #| msgid "" #| "Please enter the full location of the file containing your X.509 " #| "certificate in PEM format." msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Indique a rota completa ao ficheiro que contén o certificado X.509 en " "formato PEM." #. Type: string #. Description #: ../strongswan-starter.templates:8001 #, fuzzy #| msgid "File name of your existing X.509 private key in PEM format:" msgid "File name of your PEM format X.509 private key:" msgstr "Nome do ficheiro coa chave privada X.509 en formato PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:8001 #, fuzzy #| msgid "" #| "Please enter the full location of the file containing the private RSA key " #| "matching your X.509 certificate in PEM format. This can be the same file " #| "as the X.509 certificate." msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Indique a rota completa ao ficheiro que contén a chave privada RSA que se " "corresponde do certificado X.509 en formato PEM. Este pode ser o mesmo " "ficheiro que o do certificado X.509." #. Type: string #. Description #: ../strongswan-starter.templates:9001 #, fuzzy #| msgid "File name of your X.509 certificate in PEM format:" msgid "File name of your PEM format X.509 RootCA:" msgstr "Nome do ficheiro do certificado X.509 en formato PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "Please enter which length the created RSA key should have:" msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "" "Please enter the length of the created RSA key. It should not be less than " "1024 bits because this should be considered unsecure and you will probably " "not need anything more than 4096 bits because it only slows the " "authentication process down and is not needed at the moment." msgstr "" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 #, fuzzy #| msgid "Create a self-signed X.509 certificate?" msgid "Create a self-signed X.509 certificate?" msgstr "Desexa crear un certificado X.509 autoasinado?" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using strongSwan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 #, fuzzy #| msgid "" #| "If you do not accept this option, only the RSA private key will be " #| "created, along with a certificate request which you will need to have " #| "signed by a certificate authority." msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Se non acepta esta opción só se creará a chave privada RSA, xunto cun pedido " "de certificado que precisará que lle asine unha autoridade de certificación." #. Type: string #. Description #: ../strongswan-starter.templates:12001 #, fuzzy #| msgid "Country code for the X.509 certificate request:" msgid "Country code for the X.509 certificate request:" msgstr "Código de país para o pedido do certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:13001 #, fuzzy #| msgid "State or province name for the X.509 certificate request:" msgid "State or province name for the X.509 certificate request:" msgstr "Nome do estado ou provincia para o pedido de certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:13001 #, fuzzy #| msgid "" #| "Please enter the full name of the state or province to include in the " #| "certificate request." msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Indique o nome completo do estado ou provincia a incluír no pedido de " "certificado." #. Type: string #. Description #: ../strongswan-starter.templates:14001 #, fuzzy #| msgid "Locality name for the X.509 certificate request:" msgid "Locality name for the X.509 certificate request:" msgstr "Nome de localidade para o pedido de certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:15001 #, fuzzy #| msgid "Organization name for the X.509 certificate request:" msgid "Organization name for the X.509 certificate request:" msgstr "Nome da organización para o pedido de certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:16001 #, fuzzy #| msgid "Organizational unit for the X.509 certificate request:" msgid "Organizational unit for the X.509 certificate request:" msgstr "Unidade organizacional para o pedido de certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:16001 #, fuzzy #| msgid "Organizational unit for the X.509 certificate request:" msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "Unidade organizacional para o pedido de certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:17001 #, fuzzy #| msgid "Common name for the X.509 certificate request:" msgid "Common Name for the X.509 certificate request:" msgstr "Nome común para o pedido de certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:18001 #, fuzzy #| msgid "Email address for the X.509 certificate request:" msgid "Email address for the X.509 certificate request:" msgstr "Enderezo de correo electrónico para o pedido de certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:18001 #, fuzzy #| msgid "" #| "Please enter the email address (for the individual or organization " #| "responsible) that should be used in the certificate request." msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Indique o enderezo de correo electrónico (do individuo ou do responsábel da " "organización) que se debe empregar no pedido de certificado." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "Enable opportunistic encryption?" msgstr "Desexa activar a cifraxe oportunista?" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "" "This version of strongSwan supports opportunistic encryption (OE), which " "stores IPSec authentication information in DNS records. Until this is widely " "deployed, activating it will cause a significant delay for every new " "outgoing connection." msgstr "" "Esta versión de strongSwan soporta a cifraxe oportunista (OE) que garda a " "información de autenticación de IPSec en rexistros de DNS. Até que estea " "amplamente utilizado activalo provocará un retardo significativo en cada " "nova conexión saínte." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 #, fuzzy #| msgid "" #| "You should only enable opportunistic encryption if you are sure you want " #| "it. It may break the Internet connection (default route) as the pluto " #| "daemon starts." msgid "" "You should only enable opportunistic encryption if you are sure you want it. " "It may break the Internet connection (default route) as the daemon starts." msgstr "" "Só debería activar a cifraxe oportunista se está certo de que a desexa. Pode " "estragar a conexión a Internet (a rota por omisión) segundo se inicie o " "daemon pluto." #~ msgid "" #~ "The pluto daemon must be running to support version 1 of the Internet Key " #~ "Exchange protocol." #~ msgstr "" #~ "O daemon pluto debe estar en execución para soportar a versión 1 do " #~ "protocolo Internet Key Exchange." #~ msgid "Start strongSwan's IKEv2 daemon?" #~ msgstr "Desexa iniciar o IKEv2 de strongSwan?" #, fuzzy #~| msgid "When to start strongSwan:" #~ msgid "Do you wish to restart strongSwan?" #~ msgstr "Cando iniciar strongSwan:" #, fuzzy #~| msgid "" #~| "Please enter the full location of the file containing your X.509 " #~| "certificate in PEM format." #~ msgid "Please enter the location of your X509 certificate in PEM format:" #~ msgstr "" #~ "Indique a rota completa ao ficheiro que contén o certificado X.509 en " #~ "formato PEM." #, fuzzy #~| msgid "" #~| "Please enter the full location of the file containing your X.509 " #~| "certificate in PEM format." #~ msgid "Please enter the location of your X509 private key in PEM format:" #~ msgstr "" #~ "Indique a rota completa ao ficheiro que contén o certificado X.509 en " #~ "formato PEM." #, fuzzy #~| msgid "" #~| "Please enter the full location of the file containing your X.509 " #~| "certificate in PEM format." #~ msgid "You may now enter the location of your X509 RootCA in PEM format:" #~ msgstr "" #~ "Indique a rota completa ao ficheiro que contén o certificado X.509 en " #~ "formato PEM." #, fuzzy #~| msgid "" #~| "Please enter the two-letter ISO3166 country code that should be used in " #~| "the certificate request." #~ msgid "" #~ "Please enter the 2 letter country code for your country. This code will " #~ "be placed in the certificate request." #~ msgstr "" #~ "Indique o código de país ISO3166 de dúas letras que se debe empregar no " #~ "pedido de certificado." #, fuzzy #~| msgid "" #~| "Please enter the locality name (often a city) that should be used in the " #~| "certificate request." #~ msgid "" #~ "Please enter the locality (e.g. city) where you live. This name will be " #~ "placed in the certificate request." #~ msgstr "" #~ "Indique o nome da localidade (xeralmente unha cidade) que se debe " #~ "empregar no pedido de certificado." #, fuzzy #~| msgid "" #~| "Please enter the organization name (often a company) that should be used " #~| "in the certificate request." #~ msgid "" #~ "Please enter the organization (e.g. company) that the X509 certificate " #~ "should be created for. This name will be placed in the certificate " #~ "request." #~ msgstr "" #~ "Indique o nome da organización (xeralmente unha empresa) que se debe " #~ "empregar no pedido de certificado." #, fuzzy #~| msgid "" #~| "Please enter the organizational unit name (often a department) that " #~| "should be used in the certificate request." #~ msgid "" #~ "Please enter the organizational unit (e.g. section) that the X509 " #~ "certificate should be created for. This name will be placed in the " #~ "certificate request." #~ msgstr "" #~ "Indique o nome da unidade organizacional (xeralmente un departamento) que " #~ "debe empregarse no pedido de certificado." #, fuzzy #~| msgid "" #~| "Please enter the common name (such as the host name of this machine) " #~| "that should be used in the certificate request." #~ msgid "" #~ "Please enter the common name (e.g. the host name of this machine) for " #~ "which the X509 certificate should be created for. This name will be " #~ "placed in the certificate request." #~ msgstr "" #~ "Indique o nome común (como o nome desta máquina) que se debe empregar no " #~ "pedido de certificado." #~ msgid "earliest" #~ msgstr "o primeiro" #~ msgid "after NFS" #~ msgstr "despois do NFS" #~ msgid "after PCMCIA" #~ msgstr "despois do PCMCIA" #~ msgid "" #~ "StrongSwan starts during system startup so that it can protect " #~ "filesystems that are automatically mounted." #~ msgstr "" #~ "StrongSwan iniciase durante o arrinque do sistema de maneira que poda " #~ "protexer sistemas de ficheiros que se monten automaticamente." #~ msgid "" #~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" #~ " PCMCIA network card, it is best to start strongSwan as soon as\n" #~ " possible, so that NFS mounts can be secured by IPSec;\n" #~ " * after NFS: recommended when /usr is mounted through NFS and no\n" #~ " PCMCIA network card is used;\n" #~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" #~ " network card or if it needs keys to be fetched from a locally running " #~ "DNS\n" #~ " server with DNSSec support." #~ msgstr "" #~ " * o primeiro: se /usr non se monta mediante NFS e non se emprega unha\n" #~ " tarxeta PCMCIA, é mellor iniciar strongSwan tan axiña como se poda,\n" #~ " para que as montaxes NFS podan asegurarse mediante IPSec,\n" #~ " * despois do NFS: recoméndase cando /usr se monte mediante NFS e non\n" #~ " se empregue ningunha tarxeta PCMCIA,\n" #~ " * despois do PCMCIA: recoméndase se a conexión IPSec emprega unha " #~ "tarxeta\n" #~ " de rede PCMCIA ou se fose preciso que as chaves se obteñan desde un\n" #~ " servidor DNS a executarse localmente con soporte para DNSSec." #~ msgid "" #~ "If you don't restart strongSwan now, you should do so manually at the " #~ "first opportunity." #~ msgstr "" #~ "Se non reinicia agora strongSwan debería facelo manualmente en canto poda." #~ msgid "Create an RSA public/private keypair for this host?" #~ msgstr "" #~ "Desexa crear un par de chaves pública/privada RSA para este servidor?" #~ msgid "" #~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " #~ "authenticate IPSec connections to other hosts. RSA authentication is " #~ "generally considered more secure and is easier to administer. You can use " #~ "PSK and RSA authentication simultaneously." #~ msgstr "" #~ "StrongSwan pode empregar unha chave precompartida (PSK) ou un par de " #~ "chaves RSA para autenticar as conexións IPSec con outros servidores. A " #~ "autenticación RSA xeralmente considérase máis segura e é máis fácil de " #~ "administrar. Pode empregar as autenticacións PSK e RSA á vez." #~ msgid "" #~ "If you do not want to create a new public/private keypair, you can choose " #~ "to use an existing one in the next step." #~ msgstr "" #~ "Se son quer crear un novo par de chaves pública/privada, no seguinte paso " #~ "pode escoller empregar unha xa existente." #~ msgid "" #~ "The required information can automatically be extracted from an existing " #~ "X.509 certificate with a matching RSA private key. Both parts can be in " #~ "one file, if it is in PEM format. You should choose this option if you " #~ "have such an existing certificate and key file and want to use it for " #~ "authenticating IPSec connections." #~ msgstr "" #~ "A información requirida pode extraerse automaticamente a partir dun " #~ "certificado X.509 xa existente coa chave privada RSA que corresponda. " #~ "Ambas as partes poden estar nun ficheiro se este está no formato PEM. " #~ "Debe escoller esta opción se ten tal certificado e chave e quere " #~ "empregalo para autenticar conexións IPSec." #~ msgid "RSA key length:" #~ msgstr "Lonxitude da chave RSA:" #~ msgid "" #~ "Please enter the length of RSA key you wish to generate. A value of less " #~ "than 1024 bits is not considered secure. A value of more than 2048 bits " #~ "will probably affect performance." #~ msgstr "" #~ "Indique a lonxitude da chave RSA que desexe xerar. Os valores menores de " #~ "1024 bits non se consideran seguros, mentres que os maiores de 2048 bits " #~ "posibelmente afecten ao rendemento." #~ msgid "" #~ "Only self-signed X.509 certificates can be created automatically, because " #~ "otherwise a certificate authority is needed to sign the certificate " #~ "request." #~ msgstr "" #~ "Só se poden crear automaticamente certificados X.509 autoasinados, porque " #~ "noutro caso é precisa unha autoridade de certificación para asinar o " #~ "pedido de certificado." #~ msgid "" #~ "If you accept this option, the certificate created can be used " #~ "immediately to connect to other IPSec hosts that support authentication " #~ "via an X.509 certificate. However, using strongSwan's PKI features " #~ "requires a trust path to be created by having all X.509 certificates " #~ "signed by a single authority." #~ msgstr "" #~ "Se acepta esta opción o certificado que se cree pode empregarse " #~ "inmediatamente para conectarse con outros servidores IPSec que soporten a " #~ "autenticación mediante un certificado X.509. Porén, par empregar as " #~ "funcionalidades PKI de strongSwan requírese que se cree unha rota de " #~ "confianza asinando todos os certificados X.509 por unha única autoridade." #~ msgid "" #~ "This field is mandatory; otherwise a certificate cannot be generated." #~ msgstr "" #~ "Este campo é obrigatorio, caso contrario non se poderá xerar un " #~ "certificado." debian/po/pt_BR.po0000644000000000000000000010203512775300022011151 0ustar # Debconf translations for strongswan. # Copyright (C) 2010 THE strongswan'S COPYRIGHT HOLDER # This file is distributed under the same license as the strongswan package. # # André Luís Lopes , 2005. # Adriano Rafael Gomes , 2010. # msgid "" msgstr "" "Project-Id-Version: strongswan\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" "POT-Creation-Date: 2013-02-07 13:28+0100\n" "PO-Revision-Date: 2010-12-12 00:00-0200\n" "Last-Translator: Adriano Rafael Gomes \n" "Language-Team: Brazilian Portuguese \n" "Language: pt_BR\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "pt_BR utf-8\n" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "Old runlevel management superseded" msgstr "Antigo gerenciamento de nível de execução (\"runlevel\") obsoleto" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "" "Previous versions of the strongSwan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your strongSwan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Versões anteriores do pacote strongSwan permitiam escolher entre três " "diferentes Níveis de Início/Parada (\"Start/Stop-Levels\"). Devido a " "mudanças no procedimento padrão de inicialização do sistema, isso não é mais " "necessário ou útil. Para todas as novas instalações, bem como para as " "antigas instalações executando em qualquer dos modos predefinidos, níveis " "padrão adequados serão definidos agora. Se você está atualizando a partir de " "uma versão anterior e alterou seus parâmetros de inicialização do " "strongSwan, então, por favor, veja o arquivo NEWS.Debian para instruções " "sobre como modificar sua configuração de acordo." #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "Restart strongSwan now?" msgstr "Reiniciar o strongSwan agora?" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "" "Restarting strongSwan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such a " "strongSwan tunnel to connect for this update, restarting is not recommended." msgstr "" "Reiniciar o strongSwan é recomendado, uma vez que caso exista uma correção " "para uma falha de segurança, a mesma não será aplicada até que o daemon seja " "reiniciado. A maioria das pessoas espera que o daemon seja reiniciado, " "portanto essa é geralmente uma boa idéia. Porém, isso pode derrubar conexões " "existentes, e então posteriormente trazê-las de volta, assim se você está " "usando um túnel strongSwan para se conectar para fazer esta atualização, não " "é recomendado reiniciar." #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "Start strongSwan's IKEv1 daemon?" msgid "Start strongSwan's charon daemon?" msgstr "Iniciar o daemon IKEv1 do strongSwan?" #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "" #| "The charon daemon must be running to support version 2 of the Internet " #| "Key Exchange protocol." msgid "" "The charon daemon must be running to support the Internet Key Exchange " "protocol." msgstr "" "O daemon \"charon\" deve estar em execução para suportar a versão 2 do " "protocolo Internet Key Exchange." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "Use an X.509 certificate for this host?" msgstr "Usar um certificado X.509 para este host?" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Um certificado X.509 para este host pode ser automaticamente criado ou " "importado. Ele pode ser usado para autenticar conexões IPsec para outros " "hosts e é a maneira preferida para construir conexões IPsec seguras. A outra " "possibilidade seria usar segredos compartilhados (senhas que são iguais em " "ambos os lados do túnel) para autenticar uma conexão, mas para um grande " "número de conexões, a autenticação baseada em chaves é mais fácil de " "administrar e mais segura." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure strongswan\" to come back." msgstr "" "Alternativamente, você pode rejeitar esta opção e mais tarde usar o comando " "\"dpkg-reconfigure strongswan\" para voltar atrás." #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "create" msgstr "criar" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "import" msgstr "importar" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "Métodos para usar um certificado X.509 para autenticar este host:" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "É possível criar um novo certificado X.509 com configurações definidas pelo " "usuário ou importar um par de chaves pública e privada existente armazenado " "em arquivo(s) PEM para autenticar conexões IPsec." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Se você escolher criar um novo certificado X.509, você primeiro será " "perguntado sobre uma série de questões que devem ser respondidas antes que a " "criação possa iniciar. Por favor, tenha em mente que se você quer que a " "chave pública seja assinada por uma Autoridade Certificadora existente, você " "não deve selecionar a criação de um certificado auto-assinado, e todas as " "respostas dadas devem atender exatamente os requisitos da CA, ou a " "requisição do certificado pode ser rejeitada." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Se você quiser importar um par de chaves pública e privada existente, você " "será perguntado pelos seus nomes de arquivo (que podem ser idênticos se " "ambas as partes estão armazenadas juntas em um arquivo único). " "Opcionalmente, você pode também especificar um nome de arquivo onde a(s) " "chave(s) pública(s) da Autoridade Certificadora é(são) mantida(s), mas este " "arquivo não pode ser o mesmo que os anteriores. Por favor, também esteja " "ciente de que os certificados X.509 devem estar no formato PEM, e de que a " "chave privada não deve estar criptografada, ou o procedimento de importação " "falhará." #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "File name of your PEM format X.509 certificate:" msgstr "Nome de arquivo do seu certificado X.509 no formato PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Por favor, informe a localização do arquivo contendo seu certificado X.509 " "no formato PEM." #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "File name of your PEM format X.509 private key:" msgstr "Nome de arquivo da sua chave privada X.509 no formato PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Por favor, informe a localização do arquivo contendo a chave privada RSA que " "casa com seu certificado X.509 no formato PEM. Este pode ser o mesmo arquivo " "que contém o certificado X.509." #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Nome de arquivo da sua RootCA X.509 no formato PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Opcionalmente, você pode informar a localização do arquivo contendo a " "Autoridade Certificadora X.509 raiz usada para assinar seu certificado no " "formato PEM. Se você não tem uma, ou não quer usá-la, por favor, deixe o " "campo vazio. Por favor, note que não é possível armazenar a RootCA no mesmo " "arquivo do seu certificado X.509 ou chave privada." #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "Please enter which length the created RSA key should have:" msgstr "Por favor, informe que tamanho a chave RSA a ser criada deve ter:" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "" "Please enter the length of the created RSA key. It should not be less than " "1024 bits because this should be considered unsecure and you will probably " "not need anything more than 4096 bits because it only slows the " "authentication process down and is not needed at the moment." msgstr "" "Por favor, informe o tamanho da chave RSA a ser criada. A mesma não deve ser " "menor que 1024 bits devido a uma chave de tamanho menor que esse ser " "considerada insegura. Você também não precisará de nada maior que 4096 " "porque isso somente deixaria o processo de autenticação mais lento e não " "seria necessário no momento." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "Create a self-signed X.509 certificate?" msgstr "Criar um certificado X.509 auto-assinado?" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using strongSwan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Somente certificados X.509 auto-assinados podem ser criados automaticamente, " "devido a uma Autoridade Certificadora ser necessária para assinar a " "requisição de certificado. Caso você queira criar um certificado auto-" "assinado, você poderá usá-lo imediatamente para conectar a outros hosts " "IPsec que suportem certificados X.509 para autenticação de conexões IPsec. " "Porém, usar os novos recursos PKI do strongSwan requer que todos seus " "certificados sejam assinados por uma única Autoridade Certificadora para " "criar um caminho de confiança." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Caso você não queira criar um certificado auto-assinado, somente a chave " "privada RSA e a requisição de certificado serão criadas, e você terá que " "assinar a requisição de certificado junto a sua Autoridade Certificadora." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "Country code for the X.509 certificate request:" msgstr "Código de país para a requisição de certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Por favor, informe o código de duas letras do país onde o servidor reside " "(como \"BR\" para Brasil)." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "O OpenSSL se recusará a gerar um certificado a menos que este valor seja um " "código de país ISO-3166 válido; um valor vazio é permitido em qualquer outro " "campo do certificado X.509, mas não aqui." #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "State or province name for the X.509 certificate request:" msgstr "Estado ou nome de província para a requisição de certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Por favor, informe o nome completo do estado ou província em que o servidor " "reside (como \"São Paulo\")." #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "Locality name for the X.509 certificate request:" msgstr "Nome da localidade para a requisição de certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Por favor, informe a localidade em que o servidor reside (como \"São Paulo" "\")." #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "Organization name for the X.509 certificate request:" msgstr "Nome da organização para a requisição de certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" "Por favor, informe a organização à qual o servidor pertence (como \"Debian" "\")." #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Unidade organizacional para a requisição de certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Por favor, informe a unidade organizacional à qual o servidor pertence (como " "\"grupo de segurança\")." #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "Common Name for the X.509 certificate request:" msgstr "Nome Comum para a requisição de certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Por favor, informe o Nome Comum (\"Common Name\") para este host (como " "\"gateway.example.org\")." #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "Email address for the X.509 certificate request:" msgstr "Endereço de e-mail para a requisição de certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Por favor, informe o endereço de e-mail da pessoa ou organização responsável " "pelo certificado X.509." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "Enable opportunistic encryption?" msgstr "Habilitar encriptação oportunista?" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "" "This version of strongSwan supports opportunistic encryption (OE), which " "stores IPSec authentication information in DNS records. Until this is widely " "deployed, activating it will cause a significant delay for every new " "outgoing connection." msgstr "" "Esta versão do strongSwan suporta encriptação oportunista (OE), a qual " "armazena informação de autenticação IPsec em registros DNS. Até que isso " "seja amplamente difundido, ativá-la causará uma demora significante para " "cada nova conexão de saída." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 #, fuzzy #| msgid "" #| "You should only enable opportunistic encryption if you are sure you want " #| "it. It may break the Internet connection (default route) as the pluto " #| "daemon starts." msgid "" "You should only enable opportunistic encryption if you are sure you want it. " "It may break the Internet connection (default route) as the daemon starts." msgstr "" "Você deve habilitar a encriptação oportunista somente se você tiver certeza " "de querê-la. Ela pode quebrar a conexão à Internet (rota padrão) quando o " "daemon \"pluto\" iniciar." #~ msgid "" #~ "The pluto daemon must be running to support version 1 of the Internet Key " #~ "Exchange protocol." #~ msgstr "" #~ "O daemon \"pluto\" deve estar em execução para suportar a versão 1 do " #~ "protocolo Internet Key Exchange." #~ msgid "Start strongSwan's IKEv2 daemon?" #~ msgstr "Iniciar o daemon IKEv2 do strongSwan?" #, fuzzy #~ msgid "Do you wish to restart strongSwan?" #~ msgstr "Você deseja reiniciar o Openswan ?" #, fuzzy #~ msgid "Please enter the location of your X509 certificate in PEM format:" #~ msgstr "" #~ "Por favor, informe a localização do arquivo contendo seu certificado X509 " #~ "no formato PEM." #, fuzzy #~ msgid "Please enter the location of your X509 private key in PEM format:" #~ msgstr "" #~ "Por favor, informe a localização do arquivo contendo seu certificado X509 " #~ "no formato PEM." #, fuzzy #~ msgid "You may now enter the location of your X509 RootCA in PEM format:" #~ msgstr "" #~ "Por favor, informe a localização do arquivo contendo seu certificado X509 " #~ "no formato PEM." #, fuzzy #~| msgid "" #~| "Please enter the 2 letter country code for your country. This code will " #~| "be placed in the certificate request." #~ msgid "" #~ "Please enter the 2 letter country code for your country. This code will " #~ "be placed in the certificate request." #~ msgstr "" #~ "Por favor, informe o códifo de país de duas letras para seu país. Esse " #~ "código será inserido na requisição de certificado." #~ msgid "Example: AT" #~ msgstr "Exemplo: BR" #~ msgid "Example: Upper Austria" #~ msgstr "Exemplo : Sao Paulo" #, fuzzy #~| msgid "" #~| "Please enter the organization (e.g. company) that the X509 certificate " #~| "should be created for. This name will be placed in the certificate " #~| "request." #~ msgid "" #~ "Please enter the locality (e.g. city) where you live. This name will be " #~ "placed in the certificate request." #~ msgstr "" #~ "Por favor, informe a organização (ou seja, a empresa) para a qual este " #~ "certificado X509 deverá ser criado. Esse nome será inserido na requisição " #~ "de certificado." #~ msgid "Example: Vienna" #~ msgstr "Exemplo : Sao Paulo" #, fuzzy #~| msgid "" #~| "Please enter the organization (e.g. company) that the X509 certificate " #~| "should be created for. This name will be placed in the certificate " #~| "request." #~ msgid "" #~ "Please enter the organization (e.g. company) that the X509 certificate " #~ "should be created for. This name will be placed in the certificate " #~ "request." #~ msgstr "" #~ "Por favor, informe a organização (ou seja, a empresa) para a qual este " #~ "certificado X509 deverá ser criado. Esse nome será inserido na requisição " #~ "de certificado." #~ msgid "Example: Debian" #~ msgstr "Exemplo : Debian" #, fuzzy #~| msgid "" #~| "Please enter the organization (e.g. company) that the X509 certificate " #~| "should be created for. This name will be placed in the certificate " #~| "request." #~ msgid "" #~ "Please enter the organizational unit (e.g. section) that the X509 " #~ "certificate should be created for. This name will be placed in the " #~ "certificate request." #~ msgstr "" #~ "Por favor, informe a organização (ou seja, a empresa) para a qual este " #~ "certificado X509 deverá ser criado. Esse nome será inserido na requisição " #~ "de certificado." #~ msgid "Example: security group" #~ msgstr "Exemplo : Grupo de Segurança" #, fuzzy #~| msgid "" #~| "Please enter the organization (e.g. company) that the X509 certificate " #~| "should be created for. This name will be placed in the certificate " #~| "request." #~ msgid "" #~ "Please enter the common name (e.g. the host name of this machine) for " #~ "which the X509 certificate should be created for. This name will be " #~ "placed in the certificate request." #~ msgstr "" #~ "Por favor, informe a organização (ou seja, a empresa) para a qual este " #~ "certificado X509 deverá ser criado. Esse nome será inserido na requisição " #~ "de certificado." #~ msgid "Example: gateway.debian.org" #~ msgstr "Exemplo : gateway.debian.org" #, fuzzy #~ msgid "When to start strongSwan:" #~ msgstr "Você deseja reiniciar o Openswan ?" #, fuzzy #~ msgid "Create an RSA public/private keypair for this host?" #~ msgstr "" #~ "Você deseja criar um par de chaves RSA pública/privada para este host ?" #, fuzzy #~ msgid "" #~ "If you do not want to create a new public/private keypair, you can choose " #~ "to use an existing one in the next step." #~ msgstr "" #~ "Você deseja criar um par de chaves RSA pública/privada para este host ?" #, fuzzy #~ msgid "" #~ "The required information can automatically be extracted from an existing " #~ "X.509 certificate with a matching RSA private key. Both parts can be in " #~ "one file, if it is in PEM format. You should choose this option if you " #~ "have such an existing certificate and key file and want to use it for " #~ "authenticating IPSec connections." #~ msgstr "" #~ "Este instalador pode extrair automaticamente a informação necessária de " #~ "um certificado X509 existente com uma chave RSA privada adequada. Ambas " #~ "as partes podem estar em um arquivo, caso estejam no formato PEM. Você " #~ "possui um certificado existente e um arquivo de chave e quer usá-los para " #~ "autenticar conexões IPSec ?" #, fuzzy #~| msgid "" #~| "Please enter the locality (e.g. city) where you live. This name will be " #~| "placed in the certificate request." #~ msgid "" #~ "Please enter the locality name (often a city) that should be used in the " #~ "certificate request." #~ msgstr "" #~ "Por favor, informe a localidade (ou seja, cidade) onde você mora. Esse " #~ "nome será inserido na requisição de certificado." #, fuzzy #~| msgid "" #~| "Please enter the organizational unit (e.g. section) that the X509 " #~| "certificate should be created for. This name will be placed in the " #~| "certificate request." #~ msgid "" #~ "Please enter the organization name (often a company) that should be used " #~ "in the certificate request." #~ msgstr "" #~ "Por favor, informe a unidade organizacional (ou seja, seção ou " #~ "departamento) para a qual este certificado deverá ser criado. Esse nome " #~ "será inserido na requisição de certificado." #, fuzzy #~| msgid "" #~| "Please enter the organizational unit (e.g. section) that the X509 " #~| "certificate should be created for. This name will be placed in the " #~| "certificate request." #~ msgid "" #~ "Please enter the organizational unit name (often a department) that " #~ "should be used in the certificate request." #~ msgstr "" #~ "Por favor, informe a unidade organizacional (ou seja, seção ou " #~ "departamento) para a qual este certificado deverá ser criado. Esse nome " #~ "será inserido na requisição de certificado." #, fuzzy #~| msgid "" #~| "Please enter the common name (e.g. the host name of this machine) for " #~| "which the X509 certificate should be created for. This name will be " #~| "placed in the certificate request." #~ msgid "" #~ "Please enter the common name (such as the host name of this machine) that " #~ "should be used in the certificate request." #~ msgstr "" #~ "Por favor, informe o nome comum (ou seja, o nome do host dessa máquina) " #~ "para o qual o certificado X509 deverá ser criado. Esse nome será inserido " #~ "na requisição de certificado." #~ msgid "earliest, \"after NFS\", \"after PCMCIA\"" #~ msgstr "o quando antes, \"depois do NFS\", \"depois do PCMCIA\"" #, fuzzy #~ msgid "" #~ "There are three possibilities when strongSwan can start: before or after " #~ "the NFS services and after the PCMCIA services. The correct answer " #~ "depends on your specific setup." #~ msgstr "" #~ "Com os níveis de inicialização atuais do Debian (quase todos os serviços " #~ "iniciando no nível 20) é impossível para o Openswan sempre iniciar no " #~ "momento correto. Existem três possibilidades para quando iniciar o " #~ "Openswan : antes ou depois dos serviços NFS e depois dos serviços PCMCIA. " #~ "A resposta correta depende se sua configuração específica." #, fuzzy #~ msgid "" #~ "If you do not have your /usr tree mounted via NFS (either you only mount " #~ "other, less vital trees via NFS or don't use NFS mounted trees at all) " #~ "and don't use a PCMCIA network card, then it's best to start strongSwan " #~ "at the earliest possible time, thus allowing the NFS mounts to be secured " #~ "by IPSec. In this case (or if you don't understand or care about this " #~ "issue), answer \"earliest\" to this question (the default)." #~ msgstr "" #~ "Caso você não possua sua àrvore /usr montada via NFS (você somente monta " #~ "outras àrvores não vitais via NFS ou não usa àrvores montadas via NFS) e " #~ "não use um cartão de rede PCMCIA, a melhor opção é iniciar o Openswan o " #~ "quando antes, permitindo dessa forma que os pontos de montagem NFS " #~ "estejam protegidos por IPSec. Nesse caso (ou caso você não compreenda ou " #~ "não se importe com esse problema), responda \"o quando antes\" para esta " #~ "pergunta (o que é o padrão)." #, fuzzy #~ msgid "" #~ "If you have your /usr tree mounted via NFS and don't use a PCMCIA network " #~ "card, then you will need to start strongSwan after NFS so that all " #~ "necessary files are available. In this case, answer \"after NFS\" to this " #~ "question. Please note that the NFS mount of /usr can not be secured by " #~ "IPSec in this case." #~ msgstr "" #~ "Caso você possua sua àrvore /usr montada via NFS e não use um cartão de " #~ "rede PCMCIA, você precisará iniciar o Openswan depois do NFS de modo que " #~ "todos os arquivos necessários estejam disponíveis. Nesse caso, responda " #~ "\"depois do NFS\" para esta pergunta. Por favor, note que a montagem NFS " #~ "de /usr não poderá ser protegida pelo IPSec nesse caso." #~ msgid "" #~ "If you use a PCMCIA network card for your IPSec connections, then you " #~ "only have to choose to start it after the PCMCIA services. Answer \"after " #~ "PCMCIA\" in this case. This is also the correct answer if you want to " #~ "fetch keys from a locally running DNS server with DNSSec support." #~ msgstr "" #~ "Caso você use um cartão de rede PCMCIA para suas conexões IPSec você " #~ "precisará somente optar por iniciar o Opensan depois dos serviços PCMCIA. " #~ "Responda \"depois do PCMCIA\" nesse caso. Esta é também a maneira correta " #~ "de obter chaves de um servidor DNS sendo executado localmente e com " #~ "suporte a DNSSec." #, fuzzy #~ msgid "Do you wish to support IKEv1?" #~ msgstr "Você deseja reiniciar o Openswan ?" #, fuzzy #~ msgid "Do you wish to support IKEv2?" #~ msgstr "Você deseja reiniciar o Openswan ?" #, fuzzy #~ msgid "" #~ "strongSwan comes with support for opportunistic encryption (OE), which " #~ "stores IPSec authentication information (i.e. RSA public keys) in " #~ "(preferably secure) DNS records. Until this is widely deployed, " #~ "activating it will cause a significant slow-down for every new, outgoing " #~ "connection. Since version 2.0, strongSwan upstream comes with OE enabled " #~ "by default and is thus likely to break your existing connection to the " #~ "Internet (i.e. your default route) as soon as pluto (the strongSwan " #~ "keying daemon) is started." #~ msgstr "" #~ "O Openswan suporta encriptação oportunística (OE), a qual armazena " #~ "informações de autenticação IPSec (por exemplo, chaves públicas RSA) em " #~ "registros DNS (preferivelmente seguros). Até que esse suporte esteja " #~ "largamento sendo utilizado, ativá-lo irá causar uma signficante lentidão " #~ "para cada nova conexão de saída. Iniciando a partir da versão 2.0, o " #~ "Openswan, da forma como é distribuído pelos desenvolvedores oficiais, é " #~ "fornecido com o suporte a OE habilitado por padrão e, portanto, " #~ "provavelmente irá quebrar suas conexões existentes com a Internet (por " #~ "exemplo, sua rota padrão) tão logo o pluto (o daemon de troca de chaves " #~ "do Openswan) seja iniciado." #~ msgid "" #~ "Please choose whether you want to enable support for OE. If unsure, do " #~ "not enable it." #~ msgstr "" #~ "Por favor, informe se você deseja habilitar o suporte a OE. Em caso de " #~ "dúvidas, não habilite esse suporte." #~ msgid "x509, plain" #~ msgstr "x509, pura" #, fuzzy #~ msgid "The type of RSA keypair to create:" #~ msgstr "Qual tipo de par de chaves RSA você deseja criar ?" #, fuzzy #~ msgid "" #~ "It is possible to create a plain RSA public/private keypair for use with " #~ "strongSwan or to create a X509 certificate file which contains the RSA " #~ "public key and additionally stores the corresponding private key." #~ msgstr "" #~ "É possível criar um par de chaves RSA pública/privada pura (plain) para " #~ "uso com o Openswan ou para criar um arquivo de certificado X509 que irá " #~ "conter a chave RSA pública e adicionalmente armazenar a chave privada " #~ "correspondente." #, fuzzy #~ msgid "" #~ "If you only want to build up IPSec connections to hosts also running " #~ "strongSwan, it might be a bit easier using plain RSA keypairs. But if you " #~ "want to connect to other IPSec implementations, you will need a X509 " #~ "certificate. It is also possible to create a X509 certificate here and " #~ "extract the RSA public key in plain format if the other side runs " #~ "strongSwan without X509 certificate support." #~ msgstr "" #~ "Caso você queira somente construir conexões IPsec para hosts e também " #~ "executar o Openswan, pode ser um pouco mais fácil usar pares de chaves " #~ "RSA puros (plain). Mas caso você queira se conectar a outras " #~ "implementações IPSec, você precisará de um certificado X509. É também " #~ "possível criar um certificado X509 aqui e extrair a chave pública em " #~ "formato puro (plain) caso o outro lado execute o Openswan sem suporte a " #~ "certificados X509." #, fuzzy #~ msgid "" #~ "Therefore a X509 certificate is recommended since it is more flexible and " #~ "this installer should be able to hide the complex creation of the X509 " #~ "certificate and its use in strongSwan anyway." #~ msgstr "" #~ "Um certificado X509 é recomendado, uma vez que o mesmo é mais flexível e " #~ "este instalador é capaz de simplificar a complexa criação do certificado " #~ "X509 e seu uso com o Openswan." #, fuzzy #~ msgid "Please choose the when to start strongSwan:" #~ msgstr "Você deseja reiniciar o Openswan ?" #, fuzzy #~ msgid "At which level do you wish to start strongSwan ?" #~ msgstr "Em que nível você deseja iniciar o Openswan ?" #~ msgid "2048" #~ msgstr "2048" debian/po/es.po0000644000000000000000000006453612775300022010567 0ustar # strongswan po-debconf translation to Spanish # Copyright (C) 2010 Software in the Public Interest # This file is distributed under the same license as the strongswan package. # # Changes: # - Initial translation # Francisco Javier Cuadrado , 2010 # # Traductores, si no conocen el formato PO, merece la pena leer la # documentación de gettext, especialmente las secciones dedicadas a este # formato, por ejemplo ejecutando: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Equipo de traducción al español, por favor lean antes de traducir # los siguientes documentos: # # - El proyecto de traducción de Debian al español # http://www.debian.org/intl/spanish/ # especialmente las notas y normas de traducción en # http://www.debian.org/intl/spanish/notas # # - La guía de traducción de po's de debconf: # /usr/share/doc/po-debconf/README-trans # o http://www.debian.org/intl/l10n/po-debconf/README-trans # msgid "" msgstr "" "Project-Id-Version: strongswan 4.4.1-5\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" "POT-Creation-Date: 2013-02-07 13:28+0100\n" "PO-Revision-Date: 2010-10-09 20:45+0100\n" "Last-Translator: Francisco Javier Cuadrado \n" "Language-Team: Debian l10n Spanish \n" "Language: es\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "Old runlevel management superseded" msgstr "Se ha sustituido la antigua gestión del nivel de ejecución" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "" "Previous versions of the strongSwan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your strongSwan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Las versiones previas del paquete de StrongSwan daban la opción de elegir " "entre tres niveles diferentes de Inicio/Parada. Debido a los cambios en el " "procedimiento del sistema estándar de arranque, esto ya no es necesario ni " "útil. Para todas las instalaciones nuevas, así como para las antiguas que " "ejecuten cualquiera de los modos predefinidos, se configurarán unos niveles " "predeterminado válidos. Si está actualizando de una versión antigua y ha " "cambiado los parámetros de arranque de StrongSwan, eche un vistazo al " "archivo «NEWS.Debian» para leer las instrucciones sobre cómo modificar su " "configuración apropiadamente." #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "Restart strongSwan now?" msgstr "¿Desea reiniciar StrongSwan ahora mismo?" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "" "Restarting strongSwan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such a " "strongSwan tunnel to connect for this update, restarting is not recommended." msgstr "" "Se recomienda reiniciar StrongSwan, porque si hay un parche de seguridad, " "éste no se aplicará hasta que el demonio se reinicie. La mayoría de la gente " "espera que el demonio se reinicie, así que generalmente es una buena idea. " "Sin embargo, esto puede cerrar las conexiones existentes y después volverlas " "a abrir, de modo que si está utilizando un túnel de StrongSwan en la " "conexión de esta actualización, no se recomienda reiniciar." #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "Start strongSwan's IKEv1 daemon?" msgid "Start strongSwan's charon daemon?" msgstr "¿Desea iniciar el demonio IKEv1 de StrongSwan?" #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "" #| "The charon daemon must be running to support version 2 of the Internet " #| "Key Exchange protocol." msgid "" "The charon daemon must be running to support the Internet Key Exchange " "protocol." msgstr "" "El demonio charon se debe ejecutar para permitir utilizar la versión 2 del " "protocolo de intercambio de claves por internet («Internet Key Exchange»)." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "Use an X.509 certificate for this host?" msgstr "¿Desea utilizar un certificado X.509 para esta máquina?" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Se puede crear automáticamente o importar un certificado X.509 para esta " "máquina. Esto se puede utilizar para autenticar conexiones IPsec de otras " "máquinas y es la forma preferida para construir conexiones IPsec seguras. La " "otra posibilidad sería utilizar secretos compartidos (contraseñas que son la " "misma en ambos lados del túnel) para autenticar una conexión, pero para un " "gran número de conexiones, la autenticación basada en claves es más sencilla " "de administrar y más segura." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure strongswan\" to come back." msgstr "" "También puede rechazar esta opción y utilizar más tarde la orden «dpkg-" "reconfigure strongswan» para volver a este proceso." #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "create" msgstr "crear" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "import" msgstr "importar" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "" "Métodos para utilizar un certificado X.509 para autenticar esta máquina:" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "Es posible crear un certificado X.509 nuevo con la configuración definida " "por el usuario o importar una clave pública/privada almacenada en archivo/s " "PEM para autenticar las conexiones IPsec." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Si escoge crear un certificado X.509 nuevo, primero se le realizarán unas " "cuantas preguntas que deberá contestar antes de que la creación comience. " "Por favor, tenga en cuenta que si quiere que una Autoridad de Certificación " "(CA) firme la clave pública no debería escoger crear un certificado auto-" "firmado y todas las respuestas deberán coincidir exactamente con los " "requisitos de la CA, de otro modo puede que se rechace la petición del " "certificado." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Si quiere importar una clave pública/privada, se le preguntará por los " "nombres de los archivos (que deberán ser idénticos si ambas partes se " "almacenan en un único archivo). Opcionalmente, puede indicar el nombre de un " "archivo dónde las clave/s pública/s de la Autoridad de Certificación se " "almacenen, pero este archivo no puede ser el mismo que los anteriores. Por " "favor, tenga en cuenta que el formato para los certificados X.509 tiene que " "ser PEM y que la clave privada no debe estar cifrada o el proceso de " "importación fallará." #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "File name of your PEM format X.509 certificate:" msgstr "Nombre del archivo del certificado X.509 en el formato PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Introduzca la ubicación completa del archivo que contiene el certificado " "X.509 en el formato PEM." #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "File name of your PEM format X.509 private key:" msgstr "" "Nombre del archivo de la clave privada del certificado X.509 en el formato " "PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Introduzca la ubicación del archivo que contiene la clave privada RSA del " "certificado X.509 en el formato PEM. Puede ser el mismo archivo que contiene " "el del certificado X.509." #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "File name of your PEM format X.509 RootCA:" msgstr "" "Nombre del archivo del certificado X.509 de la raíz de la Autoridad de " "Certificación (CA) en el formato PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Opcionalmente, ahora puede introducir la ubicación del archivo que contiene " "el certificado X.509 de la raíz de la Autoridad de Certificación (CA) " "utilizado para firmar su certificado en formato PEM. Si no tiene uno o no " "quiere utilizarlo, deje este campo en blanco. Por favor, tenga en cuenta que " "no es posible almacenar la raíz de la CA en el mismo archivo que su " "certificado X.509 o la clave privada." #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "Please enter which length the created RSA key should have:" msgstr "Introduzca la longitud que debería tener la clave RSA creada:" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "" "Please enter the length of the created RSA key. It should not be less than " "1024 bits because this should be considered unsecure and you will probably " "not need anything more than 4096 bits because it only slows the " "authentication process down and is not needed at the moment." msgstr "" "Introduzca la longitud de la clave RSA creada. No debería ser menor de 1024 " "bits porque se considera inseguro, además probablemente no necesite más de " "4096 bits porque sólo ralentiza el proceso de autenticación y no es " "necesario en estos momentos." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "Create a self-signed X.509 certificate?" msgstr "¿Desea crear un certificado X.509 auto-firmado?" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using strongSwan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Sólo los certificados X.509 se pueden crear automáticamente, porque de otro " "modo la Autoridad de Certificación (CA) se necesitará para firmar la " "petición del certificado. Si escoge crear un certificado auto-firmado, puede " "utilizarlo inmediatamente para conectar a otras máquinas IPsec que permitan " "la autenticación de conexiones IPsec con certificados X.509. Sin embargo, si " "se utilizan las funcionalidades PKI de StrongSwan se necesita que todos los " "certificados estén firmados por una única Autoridad de Certificación para " "crear una ruta segura." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Si no escoge crear un certificado auto-firmado, sólo se crearán las " "peticiones de la clave privada y la petición del certificado, y tendrá que " "firmar la petición del certificado con su Autoridad de Certificación." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "Country code for the X.509 certificate request:" msgstr "Código del país para la petición del certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Introduzca el código de dos letras para el país en el que el servidor está " "ubicado (por ejemplo «ES» para España)." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "OpenSSL rechazará generar un certificado a menos que este campo sea un " "código de país ISO-3166 válido, además no se permite que este campo se deje " "en blanco." #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "State or province name for the X.509 certificate request:" msgstr "Estado o provincia para la petición del certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Introduzca el nombre completo del estado o la provincia en la que el " "servidor está ubicado (por ejemplo «Comunidad de Madrid»)." #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "Locality name for the X.509 certificate request:" msgstr "Localidad para la petición del certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Introduzca la localidad en la que el servidor está ubicado (normalmente una " "ciudad, por ejemplo «Madrid»)." #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "Organization name for the X.509 certificate request:" msgstr "Nombre de la organización para la petición del certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" "Introduzca la organización a la que el servidor pertenece (por ejemplo " "«Debian»)." #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Unidad de la organización para la petición del certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Introduzca el nombre de la unidad de la organización (o departamento) a la " "que el servidor pertenece (por ejemplo «departamento de seguridad»)." #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "Common Name for the X.509 certificate request:" msgstr "Nombre Común (CN) para la petición del certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Introduzca el Nombre Común (CN) de esta máquina (por ejemplo «gateway." "example.org»)." #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "Email address for the X.509 certificate request:" msgstr "" "Dirección de correo electrónico para la petición del certificado X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Introduzca la dirección de correo electrónico del responsable individual o " "de la organización del certificado X.509." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "Enable opportunistic encryption?" msgstr "¿Desea activar el cifrado oportunístico?" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "" "This version of strongSwan supports opportunistic encryption (OE), which " "stores IPSec authentication information in DNS records. Until this is widely " "deployed, activating it will cause a significant delay for every new " "outgoing connection." msgstr "" "Esta versión de StrongSwan permite utilizar cifrado oportunístico " "(«Opportunistic Encryption», OE), que almacena la información de la " "autenticación de IPSec en los registros del DNS. Hasta que esto esté " "ampliamente difundido, activarlo puede causar un gran retraso para cada " "conexión saliente." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 #, fuzzy #| msgid "" #| "You should only enable opportunistic encryption if you are sure you want " #| "it. It may break the Internet connection (default route) as the pluto " #| "daemon starts." msgid "" "You should only enable opportunistic encryption if you are sure you want it. " "It may break the Internet connection (default route) as the daemon starts." msgstr "" "Sólo debería activar el cifrado oportunístico si está seguro que lo quiere. " "Esto puede romper la conexión a internet (la ruta predeterminada) cuando el " "demonio pluto se inicie." #~ msgid "" #~ "The pluto daemon must be running to support version 1 of the Internet Key " #~ "Exchange protocol." #~ msgstr "" #~ "El demonio pluto se debe ejecutar para poder utilizar la versión 1 del " #~ "protocolo de intercambio de claves por internet («Internet Key Exchange»)." #~ msgid "Start strongSwan's IKEv2 daemon?" #~ msgstr "¿Desea iniciar el demonio IKEv2 de StrongSwan?" #~ msgid "earliest" #~ msgstr "lo más pronto posible" #~ msgid "after NFS" #~ msgstr "después de NFS" #~ msgid "after PCMCIA" #~ msgstr "después de PCMCIA" #~ msgid "When to start strongSwan:" #~ msgstr "Cuando se iniciará strongSwan:" #~ msgid "" #~ "StrongSwan starts during system startup so that it can protect " #~ "filesystems that are automatically mounted." #~ msgstr "" #~ "StrongSwan se inicia durante el arranque del sistema, de modo que pueda " #~ "proteger los sistemas de archivos que se montan automáticamente." #~ msgid "" #~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" #~ " PCMCIA network card, it is best to start strongSwan as soon as\n" #~ " possible, so that NFS mounts can be secured by IPSec;\n" #~ " * after NFS: recommended when /usr is mounted through NFS and no\n" #~ " PCMCIA network card is used;\n" #~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" #~ " network card or if it needs keys to be fetched from a locally running " #~ "DNS\n" #~ " server with DNSSec support." #~ msgstr "" #~ " * lo más pronto posible: si «/usr» no está montado mediante NFS y no usa " #~ "una\n" #~ " tarjeta de red PCMCIA, es mejor iniciar strongSwan lo más pronto " #~ "posible,\n" #~ " de modo que el montaje de NFS se pueda asegurar mediante IPSec.\n" #~ " * después de NFS: se recomienda cuando «/usr» se monta mediante NFS y " #~ "no\n" #~ " se usa una tarjeta de red PCMCIA.\n" #~ " * después de PCMCIA: se recomienda si la conexión IPSec usa una tarjeta\n" #~ " de red PCMCIA o si necesita obtener las claves desde un servidor de " #~ "DNS local\n" #~ " compatible con DNSSec." #~ msgid "" #~ "If you don't restart strongSwan now, you should do so manually at the " #~ "first opportunity." #~ msgstr "" #~ "Si no quiere reiniciar strongSwan ahora mismo, debería realizarlo " #~ "manualmente cuando considere oportuno." #~ msgid "Create an RSA public/private keypair for this host?" #~ msgstr "" #~ "¿Desea crear un par de claves (pública/privada) RSA para este equipo?" #~ msgid "" #~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " #~ "authenticate IPSec connections to other hosts. RSA authentication is " #~ "generally considered more secure and is easier to administer. You can use " #~ "PSK and RSA authentication simultaneously." #~ msgstr "" #~ "StrongSwan puede utilizar una clave pre-compartida («Pre-Shared Key», " #~ "PSK) o un par de claves RSA para autenticarse en las conexiones IPSec con " #~ "otras máquinas. La autenticación con RSA se considera, generalmente, más " #~ "segura y más fácil de administrar. Puede utilizar la autenticación con " #~ "PSK y con RSA de forma simultánea." #~ msgid "" #~ "If you do not want to create a new public/private keypair, you can choose " #~ "to use an existing one in the next step." #~ msgstr "" #~ "Si no quiere crear un nuevo par de claves, puede escoger utilizar un par " #~ "existente en el siguiente paso." #~ msgid "" #~ "The required information can automatically be extracted from an existing " #~ "X.509 certificate with a matching RSA private key. Both parts can be in " #~ "one file, if it is in PEM format. You should choose this option if you " #~ "have such an existing certificate and key file and want to use it for " #~ "authenticating IPSec connections." #~ msgstr "" #~ "La información necesaria se puede extraer automáticamente desde un " #~ "certificado X.509 con una clave privada RSA correspondiente. Ambas partes " #~ "pueden estar en un único archivo, si está en el formato PEM. Debería " #~ "escoger esta opción si tiene un certificado y un archivo de clave, y " #~ "quiere utilizarlo para autenticar las conexiones IPSec." #~ msgid "RSA key length:" #~ msgstr "Longitud de la clave RSA:" #~ msgid "" #~ "Please enter the length of RSA key you wish to generate. A value of less " #~ "than 1024 bits is not considered secure. A value of more than 2048 bits " #~ "will probably affect performance." #~ msgstr "" #~ "Introduzca la longitud de la clave RSA que quiere generar. Un valor menor " #~ "de 1024 bits no se considera seguro. Un valor de más de 2048 bits puede " #~ "afectar al rendimiento." #~ msgid "" #~ "Only self-signed X.509 certificates can be created automatically, because " #~ "otherwise a certificate authority is needed to sign the certificate " #~ "request." #~ msgstr "" #~ "Sólo se pueden crear automáticamente certificados X.509 auto-firmados, " #~ "porque de otro modo se necesitaría una autoridad de certificación para " #~ "firmar la petición del certificado." #~ msgid "" #~ "If you accept this option, the certificate created can be used " #~ "immediately to connect to other IPSec hosts that support authentication " #~ "via an X.509 certificate. However, using strongSwan's PKI features " #~ "requires a trust path to be created by having all X.509 certificates " #~ "signed by a single authority." #~ msgstr "" #~ "Si acepta esta opción, el certificado creado se puede utilizar " #~ "inmediatamente para conectar a otras máquinas de IPSec que permitan la " #~ "autenticación mediante un certificado X.509. Sin embargo, si se utilizan " #~ "las funcionalidades PKI de strongSwan se requiere crear una ruta de " #~ "confianza para tener todos los certificados X.509 firmados por una única " #~ "autoridad." #~ msgid "" #~ "Please enter the two-letter ISO3166 country code that should be used in " #~ "the certificate request." #~ msgstr "" #~ "Introduzca el código ISO3166 de dos letras del país que se debería " #~ "utilizar en la petición del certificado." #~ msgid "" #~ "This field is mandatory; otherwise a certificate cannot be generated." #~ msgstr "" #~ "Este campo es obligatorio, de otro modo no se podría generar un " #~ "certificado." #~ msgid "" #~ "Please enter the locality name (often a city) that should be used in the " #~ "certificate request." #~ msgstr "" #~ "Introduzca el nombre de la localidad (normalmente una ciudad) que se " #~ "debería usar en la petición del certificado." #~ msgid "" #~ "Please enter the organization name (often a company) that should be used " #~ "in the certificate request." #~ msgstr "" #~ "Introduzca el nombre de la organización (normalmente una compañía) que se " #~ "debería usar en la petición del certificado." #~ msgid "" #~ "Please enter the common name (such as the host name of this machine) that " #~ "should be used in the certificate request." #~ msgstr "" #~ "Introduzca el nombre común (como el nombre de la máquina) que se debería " #~ "usar en la petición del certificado." debian/po/da.po0000644000000000000000000004500612775300022010533 0ustar # Danish translation strongswan. # Copyright (C) 2010 strongswan & nedenstående oversættere. # This file is distributed under the same license as the strongswan package. # Joe Hansen (joedalton2@yahoo.dk), 2010. # msgid "" msgstr "" "Project-Id-Version: strongswan\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" "POT-Creation-Date: 2013-02-07 13:28+0100\n" "PO-Revision-Date: 2010-11-04 12:42+0000\n" "Last-Translator: Joe Hansen \n" "Language-Team: Danish \n" "Language: da\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "Old runlevel management superseded" msgstr "Erstattede tidligere kørselsniveauhåndtering" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "" "Previous versions of the strongSwan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your strongSwan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Tidligere versioner af pakken strongSwan havde et valg mellem tre " "forskellige start-/stopniveauer. På grund af ændringer i den normale " "procedure for systemopstart, er dette ikke længere nødvendigt eller " "brugbart. For alle nye installationer samt ældre installationer der kører i " "en af de prædefinerede tilstande, vil standardniveauer for sane ikke blive " "angivet. Hvis du opgraderer fra en tidligere version og ændrede dine " "opstartsparametre i strongSwan, så kig venligst i NEWS.Debian for " "instruktioner om hvordan du ændrer din opsætning, så den passer." #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "Restart strongSwan now?" msgstr "Genstart strongSwan nu?" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "" "Restarting strongSwan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such a " "strongSwan tunnel to connect for this update, restarting is not recommended." msgstr "" "Genstart af strongSwan anbefales, da det er en sikkerhedsrettelse, rettelsen " "vil ikke træde i kraft før dæmonen genstartes. De fleste forventer at " "dæmonen genstartes, så dette er generelt en god ide. Det kan dog lægge " "eksisterende forbindelser ned og så få dem op igen, så hvis du bruger sådan " "en strongSwan-tunneltil at forbinde for denne opdatering, anbefales en " "genstart ikke." #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "Start strongSwan's IKEv1 daemon?" msgid "Start strongSwan's charon daemon?" msgstr "Start strongSwans IKEv1-dæmon?" #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "" #| "The charon daemon must be running to support version 2 of the Internet " #| "Key Exchange protocol." msgid "" "The charon daemon must be running to support the Internet Key Exchange " "protocol." msgstr "" "Dæmonen charon skal køre for at understøtte version 2 af Internet Key " "Exchange-protokollen." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "Use an X.509 certificate for this host?" msgstr "Brug et X.509-certifikat for denne vært?" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Et X.509-certifikat for denne vært kan oprettes automatisk eller importeres. " "Det kan bruges til at godkende IPsec-forbindelser til andre værter og er den " "foretrukne måde at opbygge sikre IPsec-forbindelser. Den anden mulighed " "ville være at bruge delte hemmeligheder (adgangskoder der er de samme på " "begge sider af tunnelen) til godkendelse af en forbindelse, men for et " "større antal forbindelser, er nøglebaseret godkendelse nemmere at " "administrere og mere sikkert." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure strongswan\" to come back." msgstr "" "Alternativt kan du afvise denne indstilling og senere bruge kommandoen »dpkg-" "reconfigure strongswan«." #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "create" msgstr "opret" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "import" msgstr "importer" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "" "Metoder hvormed et X.509-certifikat kan bruges til at godkende denne vært:" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "Det er muligt at oprette et nyt X.509-certifikat med brugerdefineret " "opsætning eller at importere en eksisterende offentlig og privat nøgle gemt " "i PEM-filer for godkendelse af IPsec-forbindelser." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Hvis du vælger at oprette et nyt X.509-certifikat, vil du først blive spurgt " "om et antal spørgsmål, som skal besvares før oprettelsen kan begynde. Husk " "venligst at hvis du ønsker at den offentlige nøgle skal underskrives af et " "eksisterende Certificate Authority, så bør du ikke vælge at oprette et " "certifikat underskrevet af dig selv og alle svarene skal svare præcis til " "krævene i CA'en, ellers vil certifikatanmodningen blive afvist." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Hvis du ønsker at importere en eksisterende offentlig og privat nøgle, vil " "du blive spurgt om deres filnavne (som kan være identiske, hvis begge er " "gemt sammen i en fil). Du kan valgfrit angive et filnavn hvor de offentlige " "nøgler fra Certificate Authority opbevares, men denne fil kan ikke være den " "samme som den tidligere. Vær venligst også opmærksom på at formatet for " "X.509-certifikatet skal være PEM, og at den private nøgle ikke må være " "krypteret, ellers vil importproceduren fejle." #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "File name of your PEM format X.509 certificate:" msgstr "Filnavn på dit PEM-formateret X.509-certifikat:" #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Indtast venligst placeringen på filen der indeholder dit X.509-certifikat i " "PEM-format." #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "File name of your PEM format X.509 private key:" msgstr "Filnavn på din private PEM-formateret X.509-nøgle:" #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Indtast venligst placeringen på filen, der indeholder den private RSA-nøgle " "der svarer til dit X.509-certifikat i PEM-format. Dette kan være den samme " "fil som indeholder X.509-certifikatet." #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Filnavn på dit PEM-formaterede X.509-RootCA:" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Du kan nu valgfrit indtaste placeringen på filen, der indeholder X.509 " "Certificate Authority-root brugt til at underskrive dit certifikat i PEM-" "format. Hvis du ikke har et eller ikke ønsker at bruge det så efterlad dette " "felt tomt. Bemærk venligst at det ikke er muligt at gemme RootCA'en i den " "samme fil som dit X.509-certifikat eller din private nøgle." #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "Please enter which length the created RSA key should have:" msgstr "Indtast venligst hvilken længde den oprettede RSA-nøgle skal have:" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "" "Please enter the length of the created RSA key. It should not be less than " "1024 bits because this should be considered unsecure and you will probably " "not need anything more than 4096 bits because it only slows the " "authentication process down and is not needed at the moment." msgstr "" "Indtast venligst længden på den oprettede RSA-nøgle. Den bør ike være mindre " "end 1024 bit, da dette er usikkert, og du vil sikkert ikke have brug for " "mere end 4096 bit, da det kun sløver godkendelsesprocessen ned og behovet " "ikke er der i øjeblikket." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "Create a self-signed X.509 certificate?" msgstr "Opret et X.509-certifikat du selv har underskrevet?" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using strongSwan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Kun X.509-certifikater du selv har underskrevet kan oprettes automatisk, da " "en Certifikat Authority ellers er nødvendig for at certifikatforespørgslen " "biver underskrevet. Hvis du vælger at oprette et certifikat, du selv " "underskriver, kan du umiddelbart bruge det efterfølgende til at forbinde til " "andre IPsec-værter som understøtter X.509-certifikater til godkendelse af " "IPsec-forbindelser. Brug af strongSwans PKI-funktioner kræver dog at alle " "certifikater skal være underskrevet af en Certificate Authority for at " "oprette en troværdighed." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Hvis du vælger ikke at oprette et certifikat, du selv har underskrevet, vil " "kun den private RSA-nøgle og certifikatforespørgslen blive oprettet, og du " "vil skulle underskrive certifikatforespørgslen med dit Certificate Authority." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "Country code for the X.509 certificate request:" msgstr "Landekode for X.509-certifikatforespørgslen:" # hvad er det for en tobogstavskode de henviser til her? DA eller DK. # ISO 3166 som de nævner efterfølgende er trecifret (DNK), men underdelen af # 3166 er tocifret og DK for Danmark, men det dækker områderne i Danmark # som Midtjylland DK-82 med flere. #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Indtast venligst koden, der består af to bogstaver, for landet hvor serveren " "befinder sig (såsom »DK« for Danmark)." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "OpenSSL vil nægte at oprette et certifikat med mindre dette er en gyldig " "ISO-3166 landekode. Et tomt felt er tilladt andre steder i X.509-" "certifikatet men ikke her." #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "State or province name for the X.509 certificate request:" msgstr "Stat eller provinsnavn for X.509-certifikatforespørgslen:" #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Indtast venligst det fulde navn på staten eller provinsen som serveren " "befinder sig i (såsom »Nordjylland«)." #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "Locality name for the X.509 certificate request:" msgstr "Lokalitetsnavn for X.509-certifikatforespørgslen:" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Indtast venligst lokaliteten hvor serveren befinder sig (ofte en by, såsom " "»Århus«)." #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "Organization name for the X.509 certificate request:" msgstr "Organisationsnavn for X.509-certifikatforespørglsen:" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" "Indtast venligst organisationen som serveren tilhører (såsom »Debian«)." #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Organisationsgruppe for X.509-certifikatforespørgslen:" #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Indtast venligst organisationsgruppen som serveren tilhører (såsom " "»sikkerhedsafdelingen«)." #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "Common Name for the X.509 certificate request:" msgstr "Betegnelsen for X.509-certifikatforespørgslen:" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Indtast venligst betegnelsen (navnet) for denne vært (såsom »gateway." "eksempel.org«)." #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "Email address for the X.509 certificate request:" msgstr "E-post-adresse for X.509-certifikatforespørgslen:" #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Indtast venligst e-post-adressen på personen eller organisationen der er " "ansvarlig for X.509-certifikatet." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "Enable opportunistic encryption?" msgstr "Aktiver opportunistisk kryptering?" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "" "This version of strongSwan supports opportunistic encryption (OE), which " "stores IPSec authentication information in DNS records. Until this is widely " "deployed, activating it will cause a significant delay for every new " "outgoing connection." msgstr "" "Denne version af strongSwan understøtter opportunistisk kryptering (OE), som " "gemmer IPSec-godkendelsesinformation i DNS-punkter. Indtil dette er udbredt, " "vil aktivering medføre en væsentlig forsinkelse for hver ny udgående " "forbindelse." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 #, fuzzy #| msgid "" #| "You should only enable opportunistic encryption if you are sure you want " #| "it. It may break the Internet connection (default route) as the pluto " #| "daemon starts." msgid "" "You should only enable opportunistic encryption if you are sure you want it. " "It may break the Internet connection (default route) as the daemon starts." msgstr "" "Du skal kun aktivere opportunistisk kryptering, hvis du er sikker på, at du " "ønsker det. Det kan få internetforbindelsen til at gå ned (standardrute), " "når plutodæmonen starter op." #~ msgid "" #~ "The pluto daemon must be running to support version 1 of the Internet Key " #~ "Exchange protocol." #~ msgstr "" #~ "Dæmonen pluto skal køre for at understøtte version 1 af Internet Key " #~ "Exchange-protokollen." #~ msgid "Start strongSwan's IKEv2 daemon?" #~ msgstr "Start streongSwans IKEv2-dæmon?" debian/po/templates.pot0000644000000000000000000002551512775300022012334 0ustar # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: strongswan\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" "POT-Creation-Date: 2013-02-07 13:28+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "Old runlevel management superseded" msgstr "" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "" "Previous versions of the strongSwan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your strongSwan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "Restart strongSwan now?" msgstr "" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "" "Restarting strongSwan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such a " "strongSwan tunnel to connect for this update, restarting is not recommended." msgstr "" #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 msgid "Start strongSwan's charon daemon?" msgstr "" #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 msgid "" "The charon daemon must be running to support the Internet Key Exchange " "protocol." msgstr "" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "Use an X.509 certificate for this host?" msgstr "" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure strongswan\" to come back." msgstr "" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "create" msgstr "" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "import" msgstr "" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "File name of your PEM format X.509 certificate:" msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "File name of your PEM format X.509 private key:" msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "File name of your PEM format X.509 RootCA:" msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "Please enter which length the created RSA key should have:" msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "" "Please enter the length of the created RSA key. It should not be less than " "1024 bits because this should be considered unsecure and you will probably " "not need anything more than 4096 bits because it only slows the " "authentication process down and is not needed at the moment." msgstr "" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "Create a self-signed X.509 certificate?" msgstr "" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using strongSwan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "Country code for the X.509 certificate request:" msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "State or province name for the X.509 certificate request:" msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "Locality name for the X.509 certificate request:" msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "Organization name for the X.509 certificate request:" msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "Organizational unit for the X.509 certificate request:" msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "Common Name for the X.509 certificate request:" msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "Email address for the X.509 certificate request:" msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "Enable opportunistic encryption?" msgstr "" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "" "This version of strongSwan supports opportunistic encryption (OE), which " "stores IPSec authentication information in DNS records. Until this is widely " "deployed, activating it will cause a significant delay for every new " "outgoing connection." msgstr "" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "" "You should only enable opportunistic encryption if you are sure you want it. " "It may break the Internet connection (default route) as the daemon starts." msgstr "" debian/po/fi.po0000644000000000000000000005757312775300022010561 0ustar # Copyright (C) 2009 # This file is distributed under the same license as the strongswan package. # # Esko Arajärvi , 2009. msgid "" msgstr "" "Project-Id-Version: strongswan\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" "POT-Creation-Date: 2013-02-07 13:28+0100\n" "PO-Revision-Date: 2009-05-25 14:49+0100\n" "Last-Translator: Esko Arajärvi \n" "Language-Team: Finnish \n" "Language: fi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 0.3\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "Old runlevel management superseded" msgstr "" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "" "Previous versions of the strongSwan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your strongSwan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "Restart strongSwan now?" msgstr "Käynnistetäänkö strongSwan uudelleen nyt?" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 #, fuzzy #| msgid "" #| "Restarting strongSwan is recommended, because if there is a security fix, " #| "it will not be applied until the daemon restarts. However, this might " #| "close existing connections and then bring them back up." msgid "" "Restarting strongSwan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such a " "strongSwan tunnel to connect for this update, restarting is not recommended." msgstr "" "On suositeltavaa käynnistää strongSwan-taustaohjelma uudelleen, koska " "mahdolliset tietoturvapäivitykset eivät tule käyttöön ennen tätä. Tämä " "saattaa kuitenkin katkaista olemassa olevat yhteydet ja avata ne sitten " "uudelleen." #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "Start strongSwan's IKEv1 daemon?" msgid "Start strongSwan's charon daemon?" msgstr "Käynnistetäänkö strongSwanin IKEv1-taustaohjelma?" #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "" #| "The charon daemon must be running to support version 2 of the Internet " #| "Key Exchange protocol." msgid "" "The charon daemon must be running to support the Internet Key Exchange " "protocol." msgstr "" "Internet Key Exchange -protokollan version 2 tuki vaatii, että charon-" "taustaohjelma on käynnissä." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 #, fuzzy #| msgid "Use an existing X.509 certificate for strongSwan?" msgid "Use an X.509 certificate for this host?" msgstr "Tulisiko strongSwanin käyttää olemassa olevaa X.509-varmennetiedostoa?" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure strongswan\" to come back." msgstr "" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "create" msgstr "" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "import" msgstr "" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:7001 #, fuzzy #| msgid "File name of your X.509 certificate in PEM format:" msgid "File name of your PEM format X.509 certificate:" msgstr "PEM-muodossa olevan X.509-varmennetiedoston nimi:" #. Type: string #. Description #: ../strongswan-starter.templates:7001 #, fuzzy #| msgid "" #| "Please enter the full location of the file containing your X.509 " #| "certificate in PEM format." msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Anna PEM-muodossa olevan, X.509-varmenteen sisältävän tiedoston täydellinen " "polku." #. Type: string #. Description #: ../strongswan-starter.templates:8001 #, fuzzy #| msgid "File name of your existing X.509 private key in PEM format:" msgid "File name of your PEM format X.509 private key:" msgstr "PEM-muotoisen, olemassa olevan, salaisen X.509-avaimen tiedostonimi:" #. Type: string #. Description #: ../strongswan-starter.templates:8001 #, fuzzy #| msgid "" #| "Please enter the full location of the file containing the private RSA key " #| "matching your X.509 certificate in PEM format. This can be the same file " #| "as the X.509 certificate." msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Anna PEM-muodossa olevaan X.509-varmenteeseen täsmäävän salaisen RSA-avaimen " "täydellinen polku. Tämä voi olla sama tiedosto kuin X.509-varmenteen " "sisältävä." #. Type: string #. Description #: ../strongswan-starter.templates:9001 #, fuzzy #| msgid "File name of your X.509 certificate in PEM format:" msgid "File name of your PEM format X.509 RootCA:" msgstr "PEM-muodossa olevan X.509-varmennetiedoston nimi:" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "Please enter which length the created RSA key should have:" msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "" "Please enter the length of the created RSA key. It should not be less than " "1024 bits because this should be considered unsecure and you will probably " "not need anything more than 4096 bits because it only slows the " "authentication process down and is not needed at the moment." msgstr "" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 #, fuzzy #| msgid "Create a self-signed X.509 certificate?" msgid "Create a self-signed X.509 certificate?" msgstr "Luodaanko itseallekirjoitettu X.509-varmenne?" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using strongSwan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 #, fuzzy #| msgid "" #| "If you do not accept this option, only the RSA private key will be " #| "created, along with a certificate request which you will need to have " #| "signed by a certificate authority." msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Jos et valitse tätä vaihtoehtoa, luodaan vain salainen RSA-avain ja " "varmennepyyntö, joka pitää lähettää ulkoisen varmentajan " "allekirjoitettavaksi." #. Type: string #. Description #: ../strongswan-starter.templates:12001 #, fuzzy #| msgid "Country code for the X.509 certificate request:" msgid "Country code for the X.509 certificate request:" msgstr "X.509-varmennepyynnön maakoodi:" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:13001 #, fuzzy #| msgid "State or province name for the X.509 certificate request:" msgid "State or province name for the X.509 certificate request:" msgstr "X.509-varmennepyynnön osavaltio, lääni tai maakunta:" #. Type: string #. Description #: ../strongswan-starter.templates:13001 #, fuzzy #| msgid "" #| "Please enter the full name of the state or province to include in the " #| "certificate request." msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Anna varmennepyyntöön sisällytettävä osavaltion, läänin tai maakunnan koko " "nimi." #. Type: string #. Description #: ../strongswan-starter.templates:14001 #, fuzzy #| msgid "Locality name for the X.509 certificate request:" msgid "Locality name for the X.509 certificate request:" msgstr "X.509-varmennepyynnön paikkakunta:" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:15001 #, fuzzy #| msgid "Organization name for the X.509 certificate request:" msgid "Organization name for the X.509 certificate request:" msgstr "X.509-varmennepyynnön järjestön nimi:" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:16001 #, fuzzy #| msgid "Organizational unit for the X.509 certificate request:" msgid "Organizational unit for the X.509 certificate request:" msgstr "X.509-varmennepyynnön järjestön yksikkö:" #. Type: string #. Description #: ../strongswan-starter.templates:16001 #, fuzzy #| msgid "Organizational unit for the X.509 certificate request:" msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "X.509-varmennepyynnön järjestön yksikkö:" #. Type: string #. Description #: ../strongswan-starter.templates:17001 #, fuzzy #| msgid "Common name for the X.509 certificate request:" msgid "Common Name for the X.509 certificate request:" msgstr "X.509-varmennepyynnön yleinen nimi:" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" #. Type: string #. Description #: ../strongswan-starter.templates:18001 #, fuzzy #| msgid "Email address for the X.509 certificate request:" msgid "Email address for the X.509 certificate request:" msgstr "X.509-varmennepyynnön sähköpostiosoite:" #. Type: string #. Description #: ../strongswan-starter.templates:18001 #, fuzzy #| msgid "" #| "Please enter the email address (for the individual or organization " #| "responsible) that should be used in the certificate request." msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Anna varmennepyynnössä käytettävä sähköpostiosoite (yksityinen ja järjestön)." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "Enable opportunistic encryption?" msgstr "Käytetäänkö opportunistista salausta?" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "" "This version of strongSwan supports opportunistic encryption (OE), which " "stores IPSec authentication information in DNS records. Until this is widely " "deployed, activating it will cause a significant delay for every new " "outgoing connection." msgstr "" "StrongSwanin tämä versio tukee opportunistista salausta (opportunistic " "encryption, OE), joka tallentaa IPSec-varmennustietoja DNS-tietueisiin. " "Ennen kuin tämä käytäntö yleistyy laajalti, sen käyttö aiheuttaa merkittävän " "viiveen jokaiseen uuteen ulospäin otettavaan yhteyteen." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 #, fuzzy #| msgid "" #| "You should only enable opportunistic encryption if you are sure you want " #| "it. It may break the Internet connection (default route) as the pluto " #| "daemon starts." msgid "" "You should only enable opportunistic encryption if you are sure you want it. " "It may break the Internet connection (default route) as the daemon starts." msgstr "" "Valitse opportunistinen salaus vain, jos olet varma, että haluat sen " "käyttöön. Se saattaa rikkoa Internet-yhteyden (oletusreitityksen), kun pluto-" "taustaohjelma käynnistyy." #~ msgid "" #~ "The pluto daemon must be running to support version 1 of the Internet Key " #~ "Exchange protocol." #~ msgstr "" #~ "Internet Key Exchange -protokollan version 1 tuki vaatii, että pluto-" #~ "taustaohjelma on käynnissä." #~ msgid "Start strongSwan's IKEv2 daemon?" #~ msgstr "Käynnistetäänkö strongSwanin IKEv2-taustaohjelma?" #, fuzzy #~| msgid "When to start strongSwan:" #~ msgid "Do you wish to restart strongSwan?" #~ msgstr "Koska strongSwan käynnistetään:" #, fuzzy #~| msgid "" #~| "Please enter the full location of the file containing your X.509 " #~| "certificate in PEM format." #~ msgid "Please enter the location of your X509 certificate in PEM format:" #~ msgstr "" #~ "Anna PEM-muodossa olevan, X.509-varmenteen sisältävän tiedoston " #~ "täydellinen polku." #, fuzzy #~| msgid "" #~| "Please enter the full location of the file containing your X.509 " #~| "certificate in PEM format." #~ msgid "Please enter the location of your X509 private key in PEM format:" #~ msgstr "" #~ "Anna PEM-muodossa olevan, X.509-varmenteen sisältävän tiedoston " #~ "täydellinen polku." #, fuzzy #~| msgid "" #~| "Please enter the full location of the file containing your X.509 " #~| "certificate in PEM format." #~ msgid "You may now enter the location of your X509 RootCA in PEM format:" #~ msgstr "" #~ "Anna PEM-muodossa olevan, X.509-varmenteen sisältävän tiedoston " #~ "täydellinen polku." #, fuzzy #~| msgid "" #~| "Please enter the two-letter ISO3166 country code that should be used in " #~| "the certificate request." #~ msgid "" #~ "Please enter the 2 letter country code for your country. This code will " #~ "be placed in the certificate request." #~ msgstr "" #~ "Anna varmennepyynnössä käytettävä kaksikirjaiminen ISO-3166-maakoodi." #, fuzzy #~| msgid "" #~| "Please enter the locality name (often a city) that should be used in the " #~| "certificate request." #~ msgid "" #~ "Please enter the locality (e.g. city) where you live. This name will be " #~ "placed in the certificate request." #~ msgstr "" #~ "Anna varmennepyynnössä käytettävä paikkakunnan nimi (usein kaupunki)." #, fuzzy #~| msgid "" #~| "Please enter the organization name (often a company) that should be used " #~| "in the certificate request." #~ msgid "" #~ "Please enter the organization (e.g. company) that the X509 certificate " #~ "should be created for. This name will be placed in the certificate " #~ "request." #~ msgstr "Anna varmennepyynnössä käytettävä järjestön nimi (usein yritys)." #, fuzzy #~| msgid "" #~| "Please enter the organizational unit name (often a department) that " #~| "should be used in the certificate request." #~ msgid "" #~ "Please enter the organizational unit (e.g. section) that the X509 " #~ "certificate should be created for. This name will be placed in the " #~ "certificate request." #~ msgstr "" #~ "Valitse varmennepyynnössä käytettävä järjestön yksikkö (usein osasto)." #, fuzzy #~| msgid "" #~| "Please enter the common name (such as the host name of this machine) " #~| "that should be used in the certificate request." #~ msgid "" #~ "Please enter the common name (e.g. the host name of this machine) for " #~ "which the X509 certificate should be created for. This name will be " #~ "placed in the certificate request." #~ msgstr "" #~ "Anna varmennepyynnössä käytettävä yleinen nimi (kuten tämän koneen " #~ "verkkonimi)." #~ msgid "earliest" #~ msgstr "mahdollisimman aikaisin" #~ msgid "after NFS" #~ msgstr "NFS:n jälkeen" #~ msgid "after PCMCIA" #~ msgstr "PCMCIA:n jälkeen" #~ msgid "" #~ "StrongSwan starts during system startup so that it can protect " #~ "filesystems that are automatically mounted." #~ msgstr "" #~ "StrongSwan käynnistetään järjestelmän käynnistyessä, jotta se voi " #~ "suojella automaattisesti liitettäviä levyjärjestelmiä." #~ msgid "" #~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" #~ " PCMCIA network card, it is best to start strongSwan as soon as\n" #~ " possible, so that NFS mounts can be secured by IPSec;\n" #~ " * after NFS: recommended when /usr is mounted through NFS and no\n" #~ " PCMCIA network card is used;\n" #~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" #~ " network card or if it needs keys to be fetched from a locally running " #~ "DNS\n" #~ " server with DNSSec support." #~ msgstr "" #~ "* mahdollisimman aikaisin: Jos hakemistoa /usr ei liitetä NFS:n avulla,\n" #~ " eikä käytössä ole PCMCIA-verkkokortteja, strongSwan kannattaa\n" #~ " käynnistää mahdollisimman aikaisin, jotta liitettävät NFS-järjestelmät\n" #~ " voidaan suojata IPSecillä.\n" #~ "* NFS:n jälkeen: suositeltava, kun käytössä ei ole PCMCIA-verkkokortteja\n" #~ " ja /usr liitetään NFS:n avulla.\n" #~ "* PCMCIA:n jälkeen: suositeltava, jos IPSec-yhteys käyttää\n" #~ " PCMCIA-verkkokorttia tai hakee avaimia paikalliselta DNS-palvelimelta\n" #~ " DNSSec-tuen avulla." #~ msgid "" #~ "If you don't restart strongSwan now, you should do so manually at the " #~ "first opportunity." #~ msgstr "" #~ "Jos et käynnistä strongSwania nyt uudelleen, tee se käsin mahdollisimman " #~ "pian." #~ msgid "Create an RSA public/private keypair for this host?" #~ msgstr "" #~ "Luodaanko tälle koneelle julkisesta ja salaisesta avaimesta koostuva RSA-" #~ "avainpari?" #~ msgid "" #~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " #~ "authenticate IPSec connections to other hosts. RSA authentication is " #~ "generally considered more secure and is easier to administer. You can use " #~ "PSK and RSA authentication simultaneously." #~ msgstr "" #~ "StrongSwan voi käyttää ennalta vaihdettua avainta (Pre-Shared Key, PSK) " #~ "tai RSA-avainparia varmentaessaan IPSec-yhteyksiä toisiin koneisiin. RSA-" #~ "varmennusta pidetään yleisesti turvallisempana ja helpommin " #~ "ylläpidettävänä. PSK- ja RSA-varmennuksia voidaan käyttää yhtä aikaa." #~ msgid "" #~ "If you do not want to create a new public/private keypair, you can choose " #~ "to use an existing one in the next step." #~ msgstr "" #~ "Jos et halua luoda uutta avainparia, voi valita olemassa olevan parin " #~ "seuraavassa vaiheessa." #~ msgid "" #~ "The required information can automatically be extracted from an existing " #~ "X.509 certificate with a matching RSA private key. Both parts can be in " #~ "one file, if it is in PEM format. You should choose this option if you " #~ "have such an existing certificate and key file and want to use it for " #~ "authenticating IPSec connections." #~ msgstr "" #~ "Vaadittavat tiedot voidaan automaattisesti erottaa olemassa olevasta " #~ "X.509-varmennetiedostosta täsmäävällä salaisella RSA-avaimella. Avaimen " #~ "molemmat osat voivat olla samassa tiedostossa, jos se on PEM-muodossa. " #~ "Valitse tämä vaihtoehto, jos tällaiset varmenne- ja avaintiedostot ovat " #~ "olemassa ja haluat käyttää niitä IPSec-yhteyksien varmentamiseen." #~ msgid "RSA key length:" #~ msgstr "RSA-avaimen pituus:" #~ msgid "" #~ "Please enter the length of RSA key you wish to generate. A value of less " #~ "than 1024 bits is not considered secure. A value of more than 2048 bits " #~ "will probably affect performance." #~ msgstr "" #~ "Anna luotavan RSA-avaimen pituus. 1024 bittiä lyhyempiä avaimia ei pidetä " #~ "turvallisina. 2048 bittiä pidemmät avaimet luultavasti heikentävät " #~ "suorituskykyä." #~ msgid "" #~ "Only self-signed X.509 certificates can be created automatically, because " #~ "otherwise a certificate authority is needed to sign the certificate " #~ "request." #~ msgstr "" #~ "Vain itseallekirjoitettu X.509-varmenne voidaan luoda automaattisesti, " #~ "koska muussa tapauksessa tarvitaan ulkoinen varmentaja allekirjoittamaan " #~ "varmennepyyntö." #~ msgid "" #~ "If you accept this option, the certificate created can be used " #~ "immediately to connect to other IPSec hosts that support authentication " #~ "via an X.509 certificate. However, using strongSwan's PKI features " #~ "requires a trust path to be created by having all X.509 certificates " #~ "signed by a single authority." #~ msgstr "" #~ "Jos valitset tämän vaihtoehdon, luotua varmennetta voidaan heti käyttää " #~ "yhteyksien ottamiseen toisiin IPSEc-koneisiin, jotka tukevat " #~ "varmentamista X.509-varmenteilla. StrongSwanin PKI-ominaisuuksien käyttö " #~ "kuitenkin vaatii varmennuspolun, jossa sama varmentaja on " #~ "allekirjoittanut kaikki X.509-varmenteet." #~ msgid "" #~ "This field is mandatory; otherwise a certificate cannot be generated." #~ msgstr "Tämä kenttä on pakollinen. Ilman sitä varmennetta ei voida luoda." debian/po/sv.po0000644000000000000000000004470612775300022010605 0ustar # translation of strongswan_sv.po to Swedish # # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # # Developers do not need to manually edit POT or PO files. # # Martin gren , 2008, 2009, 2010. msgid "" msgstr "" "Project-Id-Version: strongswan_sv\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" "POT-Creation-Date: 2013-02-07 13:28+0100\n" "PO-Revision-Date: 2010-06-26 16:51+0200\n" "Last-Translator: Martin gren \n" "Language-Team: Swedish \n" "Language: sv\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=ISO-8859-1\n" "Content-Transfer-Encoding: 8bit\n" "X-Poedit-Language: swe\n" "X-Poedit-Country: swe\n" "X-Generator: KBabel 1.11.4\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "Old runlevel management superseded" msgstr "Gammal krnivhantering har ersatts" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "" "Previous versions of the strongSwan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your strongSwan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Tidigare versioner av paketet strongswan erbjd ett val mellan tre olika " "start-/stoppniver. P grund av ndringar i systemuppstartproceduren r " "detta inte lngre ndvndigt eller anvndbart. Fr alla nya installationer, " "svl som gamla installationer som kr i ngot av de frdefinierade lgena, " "kommer rimliga standardvrden nu sttas. Om du uppgraderar frn en tidigare " "version och ndrade dina uppstartsparametrar fr strongSwan, br du ta en " "titt p NEWS.Debian fr instruktioner om hur du kan ndra din installation " "p motsvarande stt." #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "Restart strongSwan now?" msgstr "Starta om strongSwan nu?" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "" "Restarting strongSwan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such a " "strongSwan tunnel to connect for this update, restarting is not recommended." msgstr "" "Att starta om strongSwan rekommenderas eftersom en eventuell " "skerhetsrttning inte kommer anvndas frrn demonen startas om. De flesta " "frvntar att servern startas om, s detta r normalt en bra ide. Detta kan " "dock stnga existerande anslutningar och sedan ta upp dem igen, s om du " "anvnder en strongSwan-tunnel fr att genomfra den hr uppdateringen r en " "omstart inte rekommenderad." #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "Start strongSwan's IKEv1 daemon?" msgid "Start strongSwan's charon daemon?" msgstr "Starta strongSwans IKEv1-demon?" #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "" #| "The charon daemon must be running to support version 2 of the Internet " #| "Key Exchange protocol." msgid "" "The charon daemon must be running to support the Internet Key Exchange " "protocol." msgstr "" "Charon-demonen mste kras fr att stdja version 2 av Internet Key Exchange-" "protokollet." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "Use an X.509 certificate for this host?" msgstr "Vill du anvnda ett X.509-certifikat fr den hr vrden?" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Ett X.509-certifikat fr den hr vrden kan skapas eller importeras " "automatiskt. Det kan anvndas fr att autentisera IPsec-anslutningar till " "andra vrdar och r det rekommenderade sttet fr att bygga upp skra IPsec-" "anslutningar. Den andra mjligheten skulle vara att anvnda delade " "skerheter (lsenord som r samma p bda sidor av tunneln) fr " "autentisering av en anslutning, men fr ett strre antal anslutningar r " "nyckelbaserad autentisering lttare att administrera och skrare." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure strongswan\" to come back." msgstr "" "Alternativt kan du avfrda det hr valet och anvnda kommandot \"dpkg-" "reconfigure strongswan\" fr att komma tillbaka vid ett senare tillflle." #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "create" msgstr "skapa" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "import" msgstr "importera" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "" "Metoder fr anvndning av ett X.509-certifikat fr autentisering av den hr " "vrden:" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "Det r mjligt att skapa ett nytt X.509-certifikat med anvndar-definierade " "instllningar eller att importera existerande publika och privata nycklar " "lagrade i PEM-fil(er) fr autentisering av IPsec-anslutningar." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Om du vljer att skapa ett nytt X.509-certifikat kommer du frst f svara p " "ngra frgor innan genereringen kan startas. Kom ihg att du, om du vill att " "den publika nyckeln ska signeras av existerande certifikatsutstllare (CA), " "inte ska vlja att skapa ett sjlvsignerat certifikat och att alla svar " "precis mste motsvara de krav CA:n stller. Annars kan certifikatsfrfrgan " "komma att avsls." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Om du vill importera existerande publika och privata nycklar kommer du " "ombeds ange deras filnamn (som kan vara identiska om bda delarna sparas " "tillsammans i en fil). Du kan ven ange ett filnamn dr CA:n publika nyckel " "finns, men denna fil kan inte vara samma som de tidigare. Notera ocks att " "formatet fr X.509-certifikaten mste vara PEM och att den privata nyckeln " "inte fr vara krypterad fr att den ska kunna importeras." #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "File name of your PEM format X.509 certificate:" msgstr "Namn p filen med ditt X.509-certifikat i PEM-format:" #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Ange platsen fr den fil som innehller ditt X.509-certifikat i PEM-format." #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "File name of your PEM format X.509 private key:" msgstr "Namn p filen med din privata X.509-nyckel i PEM-format:" #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Ange platsen fr den fil som innehller den privata RSA-nyckel som matchar " "ditt X.509-certifikat i PEM-format. Detta kan vara samma fil som innehller " "X.509-certifikatet." #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Namn p filen med rot-CA:ns X.509-certifikat i PEM-format:" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Du kan nu, om du vill, ange platsen fr den fil som innehller ett X.509-" "certifikat fr den rot-CA som anvnts fr att signera ditt certifikat i PEM-" "format. Lmna fltet tomt om du inte har ngot sdant certifikat eller om du " "inte vill anvnda det. Observera att det inte r mjligt att lagra rot-CA:n " "i samma fil som ditt X.509-certifikat eller den privata nyckeln." #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "Please enter which length the created RSA key should have:" msgstr "Ange vilken lngd den skapade RSA-nyckeln ska ha:" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "" "Please enter the length of the created RSA key. It should not be less than " "1024 bits because this should be considered unsecure and you will probably " "not need anything more than 4096 bits because it only slows the " "authentication process down and is not needed at the moment." msgstr "" "Ange lngden p den skapade RSA-nyckeln. Den br inte vara kortare n 1024 " "bitar eftersom det anses oskert. Du behver troligtvis inte mer n 4096 " "bitar eftersom det gr autentiseringen lngsammare och anses innebra en " "ondigt stor skerhetsmarginal fr tillfllet." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "Create a self-signed X.509 certificate?" msgstr "Vill du skapa ett sjlvsignerat X.509-certifikat?" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using strongSwan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Endast sjlvsignerade X.509-certifikat kan skapas automatiskt eftersom det " "annars krvs en CA fr att signera certifikatsfrfrgan. Om du vljer att " "skapa ett sjlvsignerat certifikat, kan du genast anvnda det fr att " "ansluta till andra IPsec-vrdar som stdjer X.509-certifikat fr " "autentisering av IPsec-anslutningar. Anvndning av strongSwans PKI-" "funktioner krver dock att alla certifikat har signerats av en och samma CA " "fr att skapa en tillitskedja." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Om du inte vljer att skapa ett sjlvsignerat certifikta, kommer endast den " "privata RSA-nyckeln och certifikatsfrfrgan att skapas. Du mste df " "certifikatsfrfrn signerad av din certifikatsutstllare." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "Country code for the X.509 certificate request:" msgstr "Landskod fr X.509-certifikatsfrfrgan:" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Ange den kod om tv bokstver som identifierar landet som servern str i " "(exempelvis \"SE\" fr Sverige)." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "OpenSSL kommer vgra generera ett certifikat svida det hr vrdet inte r " "en giltig landskod enligt ISO-3166; ett tomt flt r giltigt p andra " "stllen i X.509-certifikat, men inte hr." #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "State or province name for the X.509 certificate request:" msgstr "Region eller ln fr X.509-certifikatsfrfrgan:" #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Ange namnet p den region eller den stat som servern str i (exempelvis " "\"Skne ln\")." #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "Locality name for the X.509 certificate request:" msgstr "Lokaliteten fr X.509-certifikatsfrfrgan:" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "Ange den lokalitet servern str i (ofta en stad, ssom \"Malm\")." #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "Organization name for the X.509 certificate request:" msgstr "Organisationsnamn fr X.509-certifikatsfrfrgan:" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" "Ange namnet p den organisation servern tillhr (exempelvis \"Debian\")." #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Organisationsenhet fr X.509-certifikatsfrfrgan:" #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Ange den organisationsenhet servern tillhr (exempelvis \"skerhetsgruppen" "\")." #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "Common Name for the X.509 certificate request:" msgstr "Namn p X.509-certifikatsfrfrgan:" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "Ange namnet p den hr vrden (exempelvis \"gateway.example.org\")." #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "Email address for the X.509 certificate request:" msgstr "E-postadress fr X.509-certifikatsfrfrgan:" #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Ange e-postadressen till den person eller organisation som r ansvarig fr " "X.509-certifikatet." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "Enable opportunistic encryption?" msgstr "Vill du aktivera opportunistisk kryptering?" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "" "This version of strongSwan supports opportunistic encryption (OE), which " "stores IPSec authentication information in DNS records. Until this is widely " "deployed, activating it will cause a significant delay for every new " "outgoing connection." msgstr "" "Denna version av strongSwan stdjer opportunistisk kryptering (OE), som " "lagrar IPSec-autentiseringsinformation i DNS-registret. Till dess detta " "anvnds i stor utstrckning, kommer aktivering av det att orsaka betydande " "frdrjningar fr varje ny utgende anslutning." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 #, fuzzy #| msgid "" #| "You should only enable opportunistic encryption if you are sure you want " #| "it. It may break the Internet connection (default route) as the pluto " #| "daemon starts." msgid "" "You should only enable opportunistic encryption if you are sure you want it. " "It may break the Internet connection (default route) as the daemon starts." msgstr "" "Du ska bara aktivera opportunistisk kryptering om du r sker p att du vill " "ha det. Det kan bryta internetanslutningen (standardvgen) nr pluto-demonen " "startas." #~ msgid "" #~ "The pluto daemon must be running to support version 1 of the Internet Key " #~ "Exchange protocol." #~ msgstr "" #~ "Pluto-demonen mste kras fr att stdja version 1 av Internet Key " #~ "Exchange-protokollet." #~ msgid "Start strongSwan's IKEv2 daemon?" #~ msgstr "Starta strongSwans IKEv2-demon?" debian/po/vi.po0000644000000000000000000004625712775300022010576 0ustar # Vietnamese translation for StrongSwan. # Copyright © 2010 Free Software Foundation, Inc. # Clytie Siddall , 2005-2010. # msgid "" msgstr "" "Project-Id-Version: strongswan 4.4.0-1\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" "POT-Creation-Date: 2013-02-07 13:28+0100\n" "PO-Revision-Date: 2010-10-03 19:22+1030\n" "Last-Translator: Clytie Siddall \n" "Language-Team: Vietnamese \n" "Language: vi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: LocFactoryEditor 1.8\n" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "Old runlevel management superseded" msgstr "Quản lý cấp chạy cũ đã được thay thế" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "" "Previous versions of the strongSwan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your strongSwan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Các phiên bản trước của gói strongSwan đã cho phép chọn trong ba cấp Chạy/" "Dừng. Do thay đổi trong thủ tục khởi chạy tiêu chuẩn, không còn có thể làm " "như thế, nó cũng không còn có ích. Cho mọi bản cài đặt mới, cũng như bản cài " "đặt cũ nào đang chạy trong một của những chế độ xác định sẵn này, một cấp " "mặc định thích hợp sắp được lập. Nếu bạn đang nâng cấp từ một phiên bản " "trước và đã sửa đổi tham số khởi chạy nào của strongSwan, hãy xem tập tin " "tin tức « NEWS.Debian » để tìm hướng dẫn về cách sửa đổi thiết lập cho phù " "hợp." #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "Restart strongSwan now?" msgstr "Khởi chạy lại strongSwan ngay bây giờ ?" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "" "Restarting strongSwan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such a " "strongSwan tunnel to connect for this update, restarting is not recommended." msgstr "" "Khuyên bạn khởi chạy lại strongSwan, vì sự sửa chữa bảo mật nào không phải " "được áp dụng đến khi trình nền khởi chạy. Phần lớn các người trông đợi trình " "nền khởi chạy thì nói chung nó là một ý kiến tốt. Tuy nhiên nó có thể tắt " "rồi bật lại kết nối đã có, vì thế nếu bạn đang sử dụng (v.d.) một đường hầm " "strongSwan để kết nối đến bản cập nhật này, không nên khởi chạy lại vào lúc " "này." #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "Start strongSwan's IKEv1 daemon?" msgid "Start strongSwan's charon daemon?" msgstr "Khởi chạy trình nền IKEv1 của strongSwan ?" #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "" #| "The charon daemon must be running to support version 2 of the Internet " #| "Key Exchange protocol." msgid "" "The charon daemon must be running to support the Internet Key Exchange " "protocol." msgstr "" "Đồng thời cũng cần phải chạy trình nền charon, để hỗ trợ phiên bản 2 của " "giao thức Trao Đổi Khoá Internet (IKE)." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "Use an X.509 certificate for this host?" msgstr "Dùng chứng nhận X.509 cho máy này ?" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Một chứng nhận X.509 có thể được tự động tạo hoặc nhập cho máy này. Chứng " "nhận này có thể được sử dụng để xác thực kết nối IPsec đến máy khác: nó là " "phương pháp ưa thích để xây dựng kết nối IPsec bảo mật. Tuỳ chọn khác là sử " "dụng điều bí mật chia sẻ (cùng một mật khẩu ở hai bên đường hầm) để xác thực " "kết nối, nhưng mà cho nhiều kết nối dễ hơn quản lý sự xác thức dựa vào khoá, " "và phương pháp này bảo mật hơn." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure strongswan\" to come back." msgstr "" "Hoặc bạn có thể từ chối tuỳ chọn này, và chạy câu lệnh « dpkg-reconfigure " "strongswan » về sau để trở về tiến trình cấu hình này." #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "create" msgstr "tạo" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "import" msgstr "nhập" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "Phương pháp sử dụng chứng nhận X.509 để xác thực máy này:" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "Có thể tạo một chứng nhận X.509 mới với thiết lập được người dùng xác định, " "hoặc có thể nhập một cặp khoá (công và riêng) đã có theo tập tin PEM, để xác " "thực kết nối IPsec." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Nếu bạn chọn tạo một chứng nhận X.509 mới thì đầu tiên bạn được hỏi một số " "câu bắt buộc phải trả lời trước khi có thể bắt đầu tạo chứng nhận. Ghi nhớ " "rằng nếu bạn muốn có khoá công được ký bởi một CA (nhà cầm quyền cấp chứng " "nhận) đã tồn tại, bạn không nên chọn tạo một chứng nhận tự ký, và tất cả các " "đáp ứng bạn làm phải tương ứng chính xác với yêu cầu của CA, không thì yêu " "cầu chứng nhận có thể bị từ chối." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Nếu bạn muốn nhập một cặp khoá công và riêng đã có, bạn sẽ được nhắc nhập " "(các) tên tập tin (mà có thể là trùng nếu cả hai khoá được giữ trong cùng " "một tập tin). Tuỳ chọn bạn cũng có thể ghi rõ một tên tập tin chứa (các) " "khoá công của CA, nhưng mà tập tin này phải khác với tập tin nhập trước. " "Cũng ghi nhớ rằng định dạng của chứng nhận X.509 phải là PEM, và khoá riêng " "không thể được mật mã, không thì tiến trình nhập không thành công." #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "File name of your PEM format X.509 certificate:" msgstr "Tên tập tin của chứng nhận X.509 dạng PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "Hãy nhập vị trí của tập tin chứa chứng nhận X.509 dạng PEM của bạn." #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "File name of your PEM format X.509 private key:" msgstr "Tên tập tin cỳa khoá riêng X.509 dạng PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Hãy nhập vị trí của tập tin chứa khoá RSA riêng tương ứng với chứng nhận " "X.509, cả hai theo định dạng PEM. (Đây có thể là cùng một tập tin với tập " "tin chứa chứng nhận X.509.)" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Tên tập tin của RootCA X.509 dạng PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Tuỳ chọn bạn bây giờ có thể nhập vị trí của tập tin chứa gốc nhà cầm quyền " "cấp chứng nhận X.509 được dùng để ký chứng nhận theo định dạng PEM của bạn. " "Không có hoặc không muốn sử dụng nó thì bỏ trống trường này. Ghi chú rằng " "không thể giữ RootCA trong cùng một tập tin với chứng nhận X.509 hoặc khoá " "riêng của bạn." #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "Please enter which length the created RSA key should have:" msgstr "Gõ chiều dài dự định của khoá RSA cần tạo :" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "" "Please enter the length of the created RSA key. It should not be less than " "1024 bits because this should be considered unsecure and you will probably " "not need anything more than 4096 bits because it only slows the " "authentication process down and is not needed at the moment." msgstr "" "Hãy nhập chiều dài của khoá RSA cần tạo. Ít hơn 1024 bit được thấy là không " "an toàn, và lớn hơn 4096 bit chỉ làm chậm tiến trình xác thực và chưa cần " "thiết." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "Create a self-signed X.509 certificate?" msgstr "Tạo một chứng nhận X.509 tự ký ?" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using strongSwan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Chỉ chứng nhận X.509 tự ký có thể được tự động tạo, vì bằng cách khác một CA " "cần thiết để ký yêu cầu chứng nhận. Nếu bạn chọn tạo một chứng nhận tự ký, " "bạn có thể sử dụng nó ngay lập tức để kết nối tới máy IPsec khác có hỗ trợ " "chứng nhận X.509 để xác thực kết nối IPsec. Tuy nhiên, tính năng PKI của " "strongSwan yêu cầu tất cả các chứng nhận được ký bởi cùng một CA, để tạo một " "đường dẫn tin cậy." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Nếu bạn không chọn tạo một chứng nhận tự ký thì chỉ khoá riêng RSA và yêu " "cầu chứng nhận sẽ được tạo, và bạn cần phải ký yêu cầu chứng nhận bằng CA." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "Country code for the X.509 certificate request:" msgstr "Mã quốc gia cho yêu cầu chứng nhận X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Hãy nhập mã hai chữ cho quốc gia chứa máy phục vụ (v.d. « VI » cho Việt Nam)." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "Không có mã quốc gia ISO-3166 đúng thì OpenSSL từ chối tạo chứng nhận. Có " "thể bỏ trống trường ở một số nơi khác trong chứng nhận X.509 mà không phải ở " "đây." #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "State or province name for the X.509 certificate request:" msgstr "Tên của bảng hay tỉnh cho yêu cầu chứng nhận X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Hãy nhập tên đầy đủ của bang hay tỉnh chứa máy phục vụ (v.d. « Nghệ An »)." #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "Locality name for the X.509 certificate request:" msgstr "Tên vùng cho yêu cầu chứng nhận X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Hãy nhập vùng chứa máy phục vụ (thường là một thành phố, v.d. « Nhà Trắng »)." #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "Organization name for the X.509 certificate request:" msgstr "Tên tổ chức cho yêu cầu chứng nhận X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" "Hãy nhập tổ chức sở hữu máy phục vụ (v.d. « Debian » hoặc « Dự án MOST »)." #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Tên đơn vị tổ chức cho yêu cầu chứng nhận X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Hãy nhập tên đơn vị của tổ chức sở hữu máy phục vụ (v.d. « nhóm địa phương " "hoá »)." #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "Common Name for the X.509 certificate request:" msgstr "Tên chung cho yêu cầu chứng nhận X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "Hãy nhập Tên Chung cho máy này (v.d. « cổng_ra.vị_dụ.org »)." #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "Email address for the X.509 certificate request:" msgstr "Địa chỉ thư cho yêu cầu chứng nhận X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Hãy nhập địa chỉ thư điện tử của người hoặc tổ chức chịu trách nhiệm về yêu " "cầu chứng nhận này." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "Enable opportunistic encryption?" msgstr "Bật mật mã cơ hội chủ nghĩa ?" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "" "This version of strongSwan supports opportunistic encryption (OE), which " "stores IPSec authentication information in DNS records. Until this is widely " "deployed, activating it will cause a significant delay for every new " "outgoing connection." msgstr "" "Phiên bản strongSwan này hỗ trợ mật mã cơ hội chủ nghĩa (OE) mà cất giữ " "thông tin xác thực IPSec trong mục ghi DNS. Chức năng này chưa phổ biến thì " "vẫn còn làm trễ mỗi kết nối mới gửi đi." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 #, fuzzy #| msgid "" #| "You should only enable opportunistic encryption if you are sure you want " #| "it. It may break the Internet connection (default route) as the pluto " #| "daemon starts." msgid "" "You should only enable opportunistic encryption if you are sure you want it. " "It may break the Internet connection (default route) as the daemon starts." msgstr "" "Chưa chắc thì không nên hiệu lực chức năng mật mã cơ hội chủ nghĩa. Nó cũng " "có thể đóng kết nối Internet (đường dẫn mặc định) do trình nền pluto khởi " "chạy." #~ msgid "" #~ "The pluto daemon must be running to support version 1 of the Internet Key " #~ "Exchange protocol." #~ msgstr "" #~ "Đồng thời cũng cần phải chạy trình nền pluto, để hỗ trợ phiên bản 1 của " #~ "giao thức Trao Đổi Khoá Internet (IKE)." #~ msgid "Start strongSwan's IKEv2 daemon?" #~ msgstr "Khởi chạy trình nền IKEv2 của strongSwan ?" debian/po/it.po0000644000000000000000000004524012775300022010563 0ustar # ITALIAN TRANSLATION OF STRONGSWAN'S PO-DEBCONF FILE. # COPYRIGHT (C) YEAR THE STRONGSWAN'S COPYRIGHT HOLDER # This file is distributed under the same license as the strongswan package. # # Vincenzo Campanella , 2010. # msgid "" msgstr "" "Project-Id-Version: strongswan\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" "POT-Creation-Date: 2013-02-07 13:28+0100\n" "PO-Revision-Date: 2010-11-13 16:03+0100\n" "Last-Translator: Vincenzo Campanella \n" "Language-Team: Italian \n" "Language: it\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "Old runlevel management superseded" msgstr "Vecchia gestione del runlevel sostituita" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "" "Previous versions of the strongSwan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your strongSwan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Le versioni precedenti di strongSwan lasciavano la scelta fra tre diversi " "livelli di avvio/arresto. A seguito dei cambiamenti nella procedura standard " "di avvio, questo non è più necessario né utile. Per tutte le nuove " "installazioni e per quelle già esistenti che vengono eseguite in qualsiasi " "modalità predefinita vengono ora impostati dei livelli predefiniti " "ragionevoli. Se si sta aggiornando da una versione precedente e si sono " "modificati i parametri di strongSwan, consultare le NEWS.Debian su come " "modificare le impostazioni." #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "Restart strongSwan now?" msgstr "Riavviare strongSwan adesso?" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "" "Restarting strongSwan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such a " "strongSwan tunnel to connect for this update, restarting is not recommended." msgstr "" "È raccomandato il riavvio di strongSwan, in quanto un'eventuale correzione " "di sicurezza non verrà applicata fino al riavvio del demone. La maggior " "parte degli utenti si attende che il demone si riavvii, per cui in genere è " "una buona scelta. Il riavvio potrebbe però interrompere e riavviare le " "connessioni esistenti, per cui se si sta utilizzando un tunnel strongSwan " "per l'aggiornamento il riavvio non è raccomandabile." #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "Start strongSwan's IKEv1 daemon?" msgid "Start strongSwan's charon daemon?" msgstr "Avviare il demone di strongSwan IKEv1?" #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "" #| "The charon daemon must be running to support version 2 of the Internet " #| "Key Exchange protocol." msgid "" "The charon daemon must be running to support the Internet Key Exchange " "protocol." msgstr "" "Per il supporto alla versione 2 del protocollo IKE (Internet Key Exchange) è " "necessario che il demone charon sia in esecuzione." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "Use an X.509 certificate for this host?" msgstr "Utilizzare un certificato X.509 per questo host?" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Per questo host è possibile la creazione o la creazione automatica di un " "certificato X.509 per l'autenticazione di connessioni IPsec ad altri host; è " "la modalità preferita per la creazione di connessioni IPsec sicure. L'altra " "possibilità è l'utilizzo di password segrete condivise e identiche fra le " "due estremità del tunnel, ma il funzionamento tramite chiavi è più agevole " "da amministrare e più sicuro per un elevato numero di connessioni." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure strongswan\" to come back." msgstr "" "In alternativa è possibile rifiutare questa opzione e ritornare sulla scelta " "in un secondo tempo, eseguendo «dpkg-reconfigure strongswan»." #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "create" msgstr "creare" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "import" msgstr "importare" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "" "Metodi per l'utilizzo di un certificato X.509 per autenticare questo host:" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "È possibile creare un nuovo certificato X.509 con impostazioni definite " "dall'utente, oppure importare una chiave esistente pubblica e privata " "memorizzata in file PEM per l'autenticazione di connessioni IPsec." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Se si sceglie di creare un nuovo certificato X.509 verranno poste alcune " "domande cui è necessario rispondere prima che la creazione venga avviata. È " "da ricordare che, se si desidera che la chiave pubblica venga firmata da " "un'autorità di certificazione (CA) esistente, non si dovrebbe creare un " "certificato auto-firmato e inoltre tutte le risposte fornite devono " "adempiere esattamente i requisiti della CA, in quanto altrimenti la " "richiesta di certificato potrebbe essere rifiutata." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Se si desidera importare una chiave esistente pubblica e privata verrà " "richiesto il loro nome file, che può essere identico se entrambe le parti " "sono memorizzate insieme in un solo file. Opzionalmente si può specificare " "un nome file in cui vengono mantenute le chiavi pubbliche dell'autorità di " "certificazione, ma in questo caso il file non può essere il medesimo dei " "precedenti. Si presti attenzione anche al fatto che il formato dei " "certificati X.509 deve essere PEM e che la chiave privata non deve essere " "cifrata, altrimenti la procedura d'importazione fallirà." #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "File name of your PEM format X.509 certificate:" msgstr "Nome file del proprio certificato X.509 formato PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Inserire la posizione del file che contiene il proprio certificato X.509 in " "formato PEM." #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "File name of your PEM format X.509 private key:" msgstr "Nome file della propria chiave privata X.509 formato PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Inserire la posizione del file che contiene la chiave privata RSA " "corrispondente al proprio certificato X.509 in formato PEM. Può essere il " "medesimo file che contiene il certificato X.509." #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Nome file del proprio RootCA X.509 formato PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Opzionalmente è possibile inserire la posizione del file che contiene " "l'autorità di certificazione root (RootCA) utilizzata per la firma del " "proprio certificato in formato PEM. Se non se ne possiede uno o non si " "desidera utilizzarlo lasciare il campo vuoto. Notare che non è possibile " "memorizzare il RootCA nello stesso file del proprio certificato o chiave " "privata X.509." #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "Please enter which length the created RSA key should have:" msgstr "Inserire la lunghezza che la chiave RSA creata dovrà avere:" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "" "Please enter the length of the created RSA key. It should not be less than " "1024 bits because this should be considered unsecure and you will probably " "not need anything more than 4096 bits because it only slows the " "authentication process down and is not needed at the moment." msgstr "" "Inserire la lunghezza della chiave RSA creata. Non dovrebbe essere minore di " "1024 bit, in quanto altrimenti potrebbe essere considerata insicura, né " "superiore a 4096 bit, in quanto altrimenti rallenterebbe il processo di " "autenticazione e al momento attuale non è una misura necessaria." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "Create a self-signed X.509 certificate?" msgstr "Creare un certificato X.509 auto-firmato?" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using strongSwan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "È possibile creare automaticamente solo certificati X.509 auto-firmati, in " "quanto altrimenti è necessario l'intervento di un'autorità di certificazione " "per firmare la richiesta di certificato. Se si sceglie di creare un " "certificato auto-firmato è possibile utilizzarlo immediatamente per " "collegarsi ad altri host IPsec che supportano il certificato X.509 per " "l'autenticazione di connessioni IPsec. L'utilizzo delle funzionalità PKI di " "strongSwan richiede però che tutti i certificati vengano firmati da una " "singola autorità di certificazione per creare un percorso fidato." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Se non si sceglie di creare un certificato auto-firmato verranno creati solo " "la chiave privata RSA e la richiesta di certificato che andrà poi firmata " "con l'autorità di certificazione scelta." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "Country code for the X.509 certificate request:" msgstr "Codice paese per la richiesta di certificato X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Inserire il codice a due lettere corrispondente al paese in cui il server " "risiede (per esempio, «IT» per l'Italia)." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "OpenSSL rifiuterà di generare un certificato se il codice paese non è valido " "e conforme a ISO-3166. È permesso un campo vuoto altrove nel certificato " "X.509, ma non in questo campo." #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "State or province name for the X.509 certificate request:" msgstr "" "Nome dello stato o della provincia per la richiesta di certificato X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Inserire il nome completo dello stato o della provincia il in cui il server " "risiede (per esempio, «Milano»)." #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "Locality name for the X.509 certificate request:" msgstr "Nome della località per la richiesta di certificato X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Inserire il nome della località in cui il server risiede (spesso una città, " "per esempio «Milano»)." #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "Organization name for the X.509 certificate request:" msgstr "Nome dell'organizzazione per la richiesta di certificato X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" "Inserire il nome dell'organizzazione cui il server appartiene (per esempio, " "«Debian»)." #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Unità organizzativa per la richiesta di certificato X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Inserire l'unità organizzativa cui il server appartiene (per esempio, " "«gruppo sicurezza»)." #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "Common Name for the X.509 certificate request:" msgstr "Nome comune host per la richiesta di certificato X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Inserire il nome comune di questo host (per esempio, «gateway.esempio.it»)." #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "Email address for the X.509 certificate request:" msgstr "Indirizzo e-mail per la richiesta di certificato X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Inserire l'indirizzo di posta elettronica della persona o " "dell'organizzazione responsabile per il certificato X.509." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "Enable opportunistic encryption?" msgstr "Abilitare la cifratura opportunistica?" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "" "This version of strongSwan supports opportunistic encryption (OE), which " "stores IPSec authentication information in DNS records. Until this is widely " "deployed, activating it will cause a significant delay for every new " "outgoing connection." msgstr "" "Questa versione di strongSwan supporta la cifratura opportunistica (OE), la " "quale memorizza le informazioni di autenticazione IPsec in record DNS. " "Finché non sarà una soluzione largamente applicata, l'attivazione dell'OE " "causerà un ritardo significativo per ogni connessione in uscita." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 #, fuzzy #| msgid "" #| "You should only enable opportunistic encryption if you are sure you want " #| "it. It may break the Internet connection (default route) as the pluto " #| "daemon starts." msgid "" "You should only enable opportunistic encryption if you are sure you want it. " "It may break the Internet connection (default route) as the daemon starts." msgstr "" "Si dovrebbe abilitare l'OE solo se lo si desidera veramente. Potrebbe " "interrompere la connessione Internet (route predefinita) durante l'avvio del " "demone pluto." #~ msgid "" #~ "The pluto daemon must be running to support version 1 of the Internet Key " #~ "Exchange protocol." #~ msgstr "" #~ "Per il supporto alla versione 1 del protocollo IKE (Internet Key " #~ "Exchange) è necessario che il demone pluto sia in esecuzione." #~ msgid "Start strongSwan's IKEv2 daemon?" #~ msgstr "Avviare il demone di strongSwan IKEv2?" debian/po/cs.po0000644000000000000000000010476412775300022010563 0ustar # Translators, if you are not familiar with the PO format, gettext # documentation is worth reading, especially sections dedicated to # this format, e.g. by running: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # Some information specific to po-debconf are available at # /usr/share/doc/po-debconf/README-trans # or http://www.debian.org/intl/l10n/po-debconf/README-trans # Developers do not need to manually edit POT or PO files. # # msgid "" msgstr "" "Project-Id-Version: strongswan\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" "POT-Creation-Date: 2013-02-07 13:28+0100\n" "PO-Revision-Date: 2010-10-16 13:09+0200\n" "Last-Translator: Miroslav Kure \n" "Language-Team: Czech \n" "Language: cs\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "Old runlevel management superseded" msgstr "Stará správa běhových úrovní je překonána." #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "" "Previous versions of the strongSwan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your strongSwan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Dřívější verze balíku strongSwan dávaly na výběr mezi třemi různými Start/" "Stop úrovněmi. Díky změnám ve způsobu zavádění systému to již není nutné a " "ani užitečné. Novým i stávajícím instalacím používajícím některou ze tří " "předefinovaných úrovní budou nyní automaticky nastaveny rozumné výchozí " "úrovně. Přecházíte-li z dřívější verze strongSwanu, u které jste si " "upravovali startovací parametry, podívejte se prosím do souboru NEWS.Debian, " "kde naleznete pokyny, jak si příslušně upravit nastavení." #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "Restart strongSwan now?" msgstr "Restartovat nyní strongSwan?" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "" "Restarting strongSwan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such a " "strongSwan tunnel to connect for this update, restarting is not recommended." msgstr "" "Restartování strongSwan je dobrý nápad, protože v případě, že aktualizace " "obsahuje bezpečnostní záplatu, nebude tato funkční, dokud se démon " "nerestartuje. Většina lidí s restartem daemona počítá, nicméně je možné, že " "tím budou existující spojení ukončena a následně znovu nahozena. Pokud tuto " "aktualizaci provádíte přes takovýto strongSwan tunel, restart nedoporučujeme." #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "Start strongSwan's IKEv1 daemon?" msgid "Start strongSwan's charon daemon?" msgstr "Spustit strongSwan daemon IKEv1?" #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "" #| "The charon daemon must be running to support version 2 of the Internet " #| "Key Exchange protocol." msgid "" "The charon daemon must be running to support the Internet Key Exchange " "protocol." msgstr "" "Pro podporu 2. verze protokolu Internet Key Exchange musí běžet daemon " "charon." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "Use an X.509 certificate for this host?" msgstr "Použít pro tento počítač certifikát X.509?" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Pro tento počítač můžete automaticky vytvořit nebo importovat certifikát " "X.509. Certifikát může být využit k autentizaci IPsec spojení na další " "počítače a je upřednostňovaným způsobem pro sestavování bezpečných IPsec " "spojení. Další možností autentizace je využití sdílených tajemství (hesel, " "která jsou stejná na obou stranách tunelu), ale pro větší počet spojení je " "RSA autentizace snazší na správu a mnohem bezpečnější." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure strongswan\" to come back." msgstr "" "Alternativně můžete tuto nabídku zamítnout a později se k ní vrátit příkazem " "„dpkg-reconfigure strongswan“." #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "create" msgstr "vytvořit" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "import" msgstr "importovat" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "Získání certifikátu X.509 pro autentizaci tohoto počítače:" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "Pro autentizaci IPsec spojení můžete buď vytvořit nový certifikát X.509 na " "základě zadaných parametrů, nebo můžete naimportovat veřejný/soukromý pár " "klíčů uložený v PEM souboru." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Rozhodnete-li se pro vytvoření nového certifikátu X.509, budete nejprve " "dotázáni na řadu otázek. Pokud chcete podepsat veřejný klíč stávající " "certifikační autoritou, nesmíte zvolit certifikát podepsaný sám sebou a také " "zadané odpovědi musí splňovat požadavky dané certifikační autority. " "Nesplnění požadavků může vést k zamítnutí požadavku na certifikát." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Zvolíte-li import stávajícího veřejného/soukromého páru klíčů, budete " "dotázáni na názvy souborů, ve kterých se klíče nachází (může se také jednat " "o jediný soubor, protože obě části mohou ležet v jednom souboru). Volitelně " "můžete také zadat jméno souboru s veřejným klíčem certifikační autority, ale " "zde to již musí být jiný soubor. Mějte prosím na paměti, že certifikát X.509 " "musí být ve formátu PEM a že soukromý klíč nesmí být zašifrován, jinak " "import selže." #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "File name of your PEM format X.509 certificate:" msgstr "Jméno souboru s certifikátem X.509 ve formátu PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Zadejte cestu k souboru obsahujícímu váš certifikát X.509 ve formátu PEM." #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "File name of your PEM format X.509 private key:" msgstr "Jméno souboru se soukromým klíčem X.509 ve formátu PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Zadejte cestu k souboru obsahujícímu soukromý RSA klíč odpovídající vašemu " "certifikátu X.509 ve formátu PEM. Může to být stejný soubor jako ten, ve " "kterém se nachází certifikát X.509." #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Jméno souboru s kořenovou certifikační autoritou X.509 ve formátu PEM:" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Nyní můžete zadat cestu k souboru obsahujícímu certifikační autoritu X.509, " "kterou používáte pro podpis svých certifikátů ve formátu PEM. Pokud takovou " "certifikační autoritu nemáte, nebo ji nechcete použít, ponechte prázdné. " "Kořenovou certifikační autoritu nelze uchovávat ve stejném souboru se " "soukromým klíčem nebo certifikátem X.509." #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "Please enter which length the created RSA key should have:" msgstr "Zadejte délku vytvářeného RSA klíče:" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "" "Please enter the length of the created RSA key. It should not be less than " "1024 bits because this should be considered unsecure and you will probably " "not need anything more than 4096 bits because it only slows the " "authentication process down and is not needed at the moment." msgstr "" "Zadejte délku vytvářeného RSA klíče. Kvůli bezpečnosti by neměla být menší " "než 1024 bitů a pravděpodobně nepotřebujete víc než 4096 bitů, protože to " "již jen zpomaluje proces autentizace." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "Create a self-signed X.509 certificate?" msgstr "Vytvořit certifikát X.509 podepsaný sám sebou?" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using strongSwan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Tento instalátor může automaticky vytvořit pouze certifikát X509 podepsaný " "sám sebou, jelikož v opačném případě je k podpisu certifikátu potřeba " "certifikační autorita. Tento certifikát můžete ihned použít k připojení na " "další počítače s IPsec, které podporují autentizaci pomocí certifikátu X509. " "Nicméně chcete-li využít PKI možností strongSwanu, budete k vytvoření " "důvěryhodných cest potřebovat podepsat všechny certifikáty X509 jedinou " "certifikační autoritou." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Jestliže nechcete vytvořit certifikát podepsaný sebou samým, vytvoří se " "pouze soukromý RSA klíč a požadavek na certifikát. Vy potom musíte podepsat " "požadavek svou certifikační autoritou." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "Country code for the X.509 certificate request:" msgstr "Kód státu pro požadavek na certifikát X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Zadejte dvojpísmenný kód státu, ve kterém se server nachází (například „CZ“ " "pro Českou republiku)." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "Nezadáte-li platný kód země dle ISO-3166, OpenSSL odmítne certifikát " "vygenerovat. Prázdné pole je dovoleno ve všech ostatních polích certifikátu " "X.509 kromě tohoto." #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "State or province name for the X.509 certificate request:" msgstr "Jméno země nebo oblasti pro požadavek na certifikát X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Zadejte celé jméno země nebo oblasti, ve které se server nachází (například " "„Morava“)." #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "Locality name for the X.509 certificate request:" msgstr "Jméno lokality pro požadavek na certifikát X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Zadejte jméno lokality, ve které se server nachází (často město, například " "„Olomouc“)." #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "Organization name for the X.509 certificate request:" msgstr "Název organizace pro požadavek na certifikát X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "Zadejte název organizace, které server patří (například „Debian“)." #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Název organizační jednotky pro požadavek na certifikát X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Zadejte název organizační jednotky, které server patří (například „oddělení " "pro odhalování daňových úniků“)." #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "Common Name for the X.509 certificate request:" msgstr "Obecné jméno pro požadavek na certifikát X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Zadejte obecné jméno (CN) tohoto počítače (například „cloud.example.org“)." #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "Email address for the X.509 certificate request:" msgstr "Emailová adresa pro požadavek na certifikát X.509:" #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Zadejte emailovou adresu osoby nebo organizace zodpovědné za certifikát " "X.509." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "Enable opportunistic encryption?" msgstr "Povolit oportunistické šifrování?" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "" "This version of strongSwan supports opportunistic encryption (OE), which " "stores IPSec authentication information in DNS records. Until this is widely " "deployed, activating it will cause a significant delay for every new " "outgoing connection." msgstr "" "Tato verze strongSwan podporuje oportunistické šifrování (OE), které " "uchovává autentizační informace IPsecu (např. veřejné RSA klíče) v DNS " "záznamech. Dokud nebude tato schopnost více rozšířena, způsobí její aktivace " "výrazné zpomalení každého nového odchozího spojení." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 #, fuzzy #| msgid "" #| "You should only enable opportunistic encryption if you are sure you want " #| "it. It may break the Internet connection (default route) as the pluto " #| "daemon starts." msgid "" "You should only enable opportunistic encryption if you are sure you want it. " "It may break the Internet connection (default route) as the daemon starts." msgstr "" "Oportunistické šifrování byste měli povolit pouze v případě, že ho opravdu " "chcete. Při startu daemona pluto je možné, že se vaše probíhající spojení do " "Internetu přeruší (přesněji přestane fungovat výchozí cesta)." #~ msgid "" #~ "The pluto daemon must be running to support version 1 of the Internet Key " #~ "Exchange protocol." #~ msgstr "" #~ "Pro podporu 1. verze protokolu Internet Key Exchange musí běžet daemon " #~ "pluto." #~ msgid "Start strongSwan's IKEv2 daemon?" #~ msgstr "Spustit strongSwan daemon IKEv2?" #~ msgid "Do you wish to restart strongSwan?" #~ msgstr "Přejete si restartovat strongSwan?" #~ msgid "Please enter the location of your X509 certificate in PEM format:" #~ msgstr "" #~ "Zadejte cestu k souboru obsahujícímu váš certifikát X.509 ve formátu PEM." #~ msgid "Please enter the location of your X509 private key in PEM format:" #~ msgstr "" #~ "Zadejte cestu k souboru obsahujícímu váš certifikát X.509 ve formátu PEM." #, fuzzy #~| msgid "" #~| "Please enter the full location of the file containing your X.509 " #~| "certificate in PEM format." #~ msgid "You may now enter the location of your X509 RootCA in PEM format:" #~ msgstr "" #~ "Zadejte celou cestu k souboru obsahujícímu váš certifikát X.509 ve " #~ "formátu PEM." #~ msgid "" #~ "Please enter the 2 letter country code for your country. This code will " #~ "be placed in the certificate request." #~ msgstr "" #~ "Zadejte dvoumístný ISO3166 kód své země. Tento kód bude umístěn do " #~ "požadavku na certifikát." #~ msgid "Example: AT" #~ msgstr "Příklad: CZ" #~ msgid "Example: Upper Austria" #~ msgstr "Příklad: Morava" #, fuzzy #~| msgid "" #~| "Please enter the organization (e.g. company) that the X509 certificate " #~| "should be created for. This name will be placed in the certificate " #~| "request." #~ msgid "" #~ "Please enter the locality (e.g. city) where you live. This name will be " #~ "placed in the certificate request." #~ msgstr "" #~ "Zadejte prosím organizaci pro kterou je certifikát vytvářen. Toto jméno " #~ "bude umístěno do požadavku na certifikát." #~ msgid "Example: Vienna" #~ msgstr "Příklad: Olomouc" #~ msgid "" #~ "Please enter the organization (e.g. company) that the X509 certificate " #~ "should be created for. This name will be placed in the certificate " #~ "request." #~ msgstr "" #~ "Zadejte prosím organizaci pro kterou je certifikát vytvářen. Toto jméno " #~ "bude umístěno do požadavku na certifikát." #~ msgid "Example: Debian" #~ msgstr "Příklad: Debian" #, fuzzy #~| msgid "" #~| "Please enter the organization (e.g. company) that the X509 certificate " #~| "should be created for. This name will be placed in the certificate " #~| "request." #~ msgid "" #~ "Please enter the organizational unit (e.g. section) that the X509 " #~ "certificate should be created for. This name will be placed in the " #~ "certificate request." #~ msgstr "" #~ "Zadejte prosím organizaci pro kterou je certifikát vytvářen. Toto jméno " #~ "bude umístěno do požadavku na certifikát." #~ msgid "Example: security group" #~ msgstr "Příklad: bezpečnostní oddělení" #~ msgid "Example: gateway.debian.org" #~ msgstr "Příklad: gateway.debian.org" #~ msgid "earliest" #~ msgstr "co nejdříve" #~ msgid "after NFS" #~ msgstr "po NFS" #~ msgid "after PCMCIA" #~ msgstr "po PCMCIA" #~ msgid "When to start strongSwan:" #~ msgstr "Kdy spustit strongSwan:" #~ msgid "" #~ "StrongSwan starts during system startup so that it can protect " #~ "filesystems that are automatically mounted." #~ msgstr "" #~ "strongSwan se spouští při zavádění systému, takže může chránit " #~ "automaticky připojované souborové systémy." #~ msgid "" #~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" #~ " PCMCIA network card, it is best to start strongSwan as soon as\n" #~ " possible, so that NFS mounts can be secured by IPSec;\n" #~ " * after NFS: recommended when /usr is mounted through NFS and no\n" #~ " PCMCIA network card is used;\n" #~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" #~ " network card or if it needs keys to be fetched from a locally running " #~ "DNS\n" #~ " server with DNSSec support." #~ msgstr "" #~ " * co nejdříve: pokud není /usr připojeno přes NFS a nepoužíváte\n" #~ " síťovou kartu PCMCIA, je lepší spustit strongSwan co nejdříve,\n" #~ " aby bylo NFS chráněno pomocí IPSec;\n" #~ " * po NFS: doporučeno, pokud je /usr připojeno přes NFS a pokud\n" #~ " nepoužíváte síťovou kartu PCMCIA;\n" #~ " * po PCMCIA: doporučeno pokud IPSec spojení používá síťovou kartu\n" #~ " PCMCIA, nebo pokud vyžaduje stažení klíčů z lokálně běžícího DNS\n" #~ " serveru s podporou DNSSec." #~ msgid "" #~ "If you don't restart strongSwan now, you should do so manually at the " #~ "first opportunity." #~ msgstr "" #~ "Pokud nerestartujete strongSwan nyní, měli byste to provést při nejbližší " #~ "příležitosti." #~ msgid "Create an RSA public/private keypair for this host?" #~ msgstr "Vytvořit veřejný/soukromý pár RSA klíčů pro tento počítač?" #~ msgid "" #~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " #~ "authenticate IPSec connections to other hosts. RSA authentication is " #~ "generally considered more secure and is easier to administer. You can use " #~ "PSK and RSA authentication simultaneously." #~ msgstr "" #~ "strongSwan může pro autentizaci IPSec spojení s jinými počítači používat " #~ "předsdílený klíč (PSK), nebo veřejný/soukromý pár RSA klíčů. RSA " #~ "autentizace se považuje za bezpečnější a jednodušší na správu. " #~ "Autentizace PSK a RSA můžete používat současně." #~ msgid "" #~ "If you do not want to create a new public/private keypair, you can choose " #~ "to use an existing one in the next step." #~ msgstr "" #~ "Jestliže si nepřejete vytvořit nový pár klíčů pro tento počítač, můžete " #~ "si v příštím kroku zvolit existující klíče." #~ msgid "" #~ "The required information can automatically be extracted from an existing " #~ "X.509 certificate with a matching RSA private key. Both parts can be in " #~ "one file, if it is in PEM format. You should choose this option if you " #~ "have such an existing certificate and key file and want to use it for " #~ "authenticating IPSec connections." #~ msgstr "" #~ "Potřebné informace lze získat automaticky z existujícího certifikátu " #~ "X.509 s odpovídajícím soukromým RSA klíčem. Jedná-li se o formát PEM, " #~ "mohou být obě části v jednom souboru. Vlastníte-li takový certifikát a " #~ "soubor s klíčem a chcete-li je použít pro autentizaci IPSec spojení, " #~ "odpovězte kladně." #~ msgid "RSA key length:" #~ msgstr "Délka RSA klíče:" #~ msgid "" #~ "Please enter the length of RSA key you wish to generate. A value of less " #~ "than 1024 bits is not considered secure. A value of more than 2048 bits " #~ "will probably affect performance." #~ msgstr "" #~ "Zadejte prosím délku vytvářeného RSA klíče. Z důvodu bezpečnosti by " #~ "neměla být menší než 1024 bitů. Hodnota větší než 2048 bitů může ovlivnit " #~ "výkon." #~ msgid "" #~ "Only self-signed X.509 certificates can be created automatically, because " #~ "otherwise a certificate authority is needed to sign the certificate " #~ "request." #~ msgstr "" #~ "Automaticky lze vytvořit pouze certifikát podepsaný sám sebou, protože " #~ "jinak je zapotřebí certifikační autorita, která by podepsala požadavek na " #~ "certifikát." #~ msgid "" #~ "If you accept this option, the certificate created can be used " #~ "immediately to connect to other IPSec hosts that support authentication " #~ "via an X.509 certificate. However, using strongSwan's PKI features " #~ "requires a trust path to be created by having all X.509 certificates " #~ "signed by a single authority." #~ msgstr "" #~ "Odpovíte-li kladně, můžete nový certifikát ihned použít k připojení na " #~ "další počítače s IPSec, které podporují autentizaci pomocí certifikátu " #~ "X.509. Nicméně pro využití PKI možností ve strongSwanu je nutné, aby byly " #~ "všechny certifikáty v cestě důvěry podepsány stejnou autoritou." #~ msgid "" #~ "This field is mandatory; otherwise a certificate cannot be generated." #~ msgstr "Toto pole je povinné, bez něj není možné certifikát vytvořit." #~ msgid "" #~ "Please enter the locality name (often a city) that should be used in the " #~ "certificate request." #~ msgstr "" #~ "Zadejte jméno lokality (např. města), které se má použít v požadavku na " #~ "certifikát." #~ msgid "" #~ "Please enter the organization name (often a company) that should be used " #~ "in the certificate request." #~ msgstr "" #~ "Zadejte název organizace (firmy), který se má použít v požadavku na " #~ "certifikát." #~ msgid "" #~ "Please enter the organizational unit name (often a department) that " #~ "should be used in the certificate request." #~ msgstr "" #~ "Zadejte název organizační jednotky (např. oddělení), který se má použít v " #~ "požadavku na certifikát." #~ msgid "" #~ "Please enter the common name (such as the host name of this machine) that " #~ "should be used in the certificate request." #~ msgstr "" #~ "Zadejte běžné jméno (např. jméno počítače), které se má použít v " #~ "požadavku na certifikát." #~ msgid "earliest, \"after NFS\", \"after PCMCIA\"" #~ msgstr "\"co nejdříve\", \"po NFS\", \"po PCMCIA\"" #~ msgid "" #~ "There are three possibilities when strongSwan can start: before or after " #~ "the NFS services and after the PCMCIA services. The correct answer " #~ "depends on your specific setup." #~ msgstr "" #~ "Existují tři možnosti, kdy se dá strongSwan spouštět: před NFS službami, " #~ "po NFS službách nebo po PCMCIA službách. Správná odpověď závisí na vašem " #~ "konkrétním nastavení." #~ msgid "" #~ "If you do not have your /usr tree mounted via NFS (either you only mount " #~ "other, less vital trees via NFS or don't use NFS mounted trees at all) " #~ "and don't use a PCMCIA network card, then it's best to start strongSwan " #~ "at the earliest possible time, thus allowing the NFS mounts to be secured " #~ "by IPSec. In this case (or if you don't understand or care about this " #~ "issue), answer \"earliest\" to this question (the default)." #~ msgstr "" #~ "Jestliže nemáte svůj strom /usr připojen skrz NFS (buď přes NFS " #~ "připojujete jiné, ne tak důležité stromy, nebo NFS vůbec nepoužíváte) a " #~ "nepoužíváte síťovou kartu PCMCIA, je nejlepší spouštět strongSwan co " #~ "nejdříve, čímž umožníte aby byly NFS svazky chráněny pomocí IPSec. V " #~ "takovém případě (nebo pokud si nejste jisti, nebo pokud vám na tom " #~ "nezáleží) na otázku odpovězte „co nejdříve“ (výchozí)." #~ msgid "" #~ "If you have your /usr tree mounted via NFS and don't use a PCMCIA network " #~ "card, then you will need to start strongSwan after NFS so that all " #~ "necessary files are available. In this case, answer \"after NFS\" to this " #~ "question. Please note that the NFS mount of /usr can not be secured by " #~ "IPSec in this case." #~ msgstr "" #~ "Jestliže máte strom /usr připojen skrz NFS a nepoužíváte síťovou kartu " #~ "PCMCIA, musíte spustit strongSwan po NFS, aby byly všechny potřebné " #~ "soubory dostupné. V tomto případě na otázku odpovězte „po NFS“. Uvědomte " #~ "si prosím, že v tomto případě nemůže být NFS svazek /usr chráněn pomocí " #~ "IPSec." #~ msgid "" #~ "If you use a PCMCIA network card for your IPSec connections, then you " #~ "only have to choose to start it after the PCMCIA services. Answer \"after " #~ "PCMCIA\" in this case. This is also the correct answer if you want to " #~ "fetch keys from a locally running DNS server with DNSSec support." #~ msgstr "" #~ "Jestliže používáte PCMCIA síťovou kartu pro vaše IPSec připojení, pak je " #~ "jedinou možností jej spustit po PCMCIA službách. V tom případě odpovězte " #~ "„po PCMCIA“. Toto je také správná odpověď, pokud chcete získat klíče z " #~ "lokálního DNS serveru s podporou DNSSec." #~ msgid "Do you wish to support IKEv1?" #~ msgstr "Přejete si podporu IKEv1?" #~ msgid "" #~ "strongSwan supports both versions of the Internet Key Exchange protocol, " #~ "IKEv1 and IKEv2. Do you want to start the \"pluto\" daemon for IKEv1 " #~ "support when strongSwan is started?" #~ msgstr "" #~ "strongSwan podporuje protokol Internet Key Exchange ve verzích 1 a 2 " #~ "(IKEv1, IKEv2). Přejete si při startu strongSwanu spustit daemona „pluto“ " #~ "podporujícího IKEv1?" #~ msgid "Do you wish to support IKEv2?" #~ msgstr "Přejete si podporu IKEv2?" #~ msgid "" #~ "strongSwan supports both versions of the Internet Key Exchange protocol, " #~ "IKEv1 and IKEv2. Do you want to start the \"charon\" daemon for IKEv2 " #~ "support when strongSwan is started?" #~ msgstr "" #~ "strongSwan podporuje protokol Internet Key Exchange ve verzích 1 a 2 " #~ "(IKEv1, IKEv2). Přejete si při startu strongSwanu spustit daemona " #~ "„charon“ podporujícího IKEv2?" #~ msgid "" #~ "strongSwan comes with support for opportunistic encryption (OE), which " #~ "stores IPSec authentication information (i.e. RSA public keys) in " #~ "(preferably secure) DNS records. Until this is widely deployed, " #~ "activating it will cause a significant slow-down for every new, outgoing " #~ "connection. Since version 2.0, strongSwan upstream comes with OE enabled " #~ "by default and is thus likely to break your existing connection to the " #~ "Internet (i.e. your default route) as soon as pluto (the strongSwan " #~ "keying daemon) is started." #~ msgstr "" #~ "strongSwan přichází s podporou pro oportunistické šifrování (OE), které " #~ "uchovává autentizační informace IPSecu (např. veřejné RSA klíče) v " #~ "(nejlépe zabezpečených) DNS záznamech. Dokud nebude tato schopnost více " #~ "rozšířena, způsobí její aktivace výrazné zpomalení každého nového " #~ "odchozího spojení. Od verze 2.0 přichází strongSwan s implicitně zapnutou " #~ "podporou OE čímž pravděpodobně zruší vaše probíhající spojení do " #~ "Internetu (tj. vaši výchozí cestu - default route) v okamžiku, kdy " #~ "spustíte pluto (strongSwan keying démon)." #~ msgid "" #~ "Please choose whether you want to enable support for OE. If unsure, do " #~ "not enable it." #~ msgstr "" #~ "Prosím vyberte si zda chcete povolit podporu pro OE. Nejste-li si jisti, " #~ "podporu nepovolujte." #~ msgid "x509, plain" #~ msgstr "x509, prostý" #~ msgid "The type of RSA keypair to create:" #~ msgstr "Typ páru RSA klíčů, který se vytvoří:" #~ msgid "" #~ "It is possible to create a plain RSA public/private keypair for use with " #~ "strongSwan or to create a X509 certificate file which contains the RSA " #~ "public key and additionally stores the corresponding private key." #~ msgstr "" #~ "Je možné vytvořit prostý pár RSA klíčů pro použití se strongSwanem, nebo " #~ "vytvořit soubor s certifikátem X509, který obsahuje veřejný RSA klíč a " #~ "dodatečně uchovává odpovídající soukromý klíč." #~ msgid "" #~ "If you only want to build up IPSec connections to hosts also running " #~ "strongSwan, it might be a bit easier using plain RSA keypairs. But if you " #~ "want to connect to other IPSec implementations, you will need a X509 " #~ "certificate. It is also possible to create a X509 certificate here and " #~ "extract the RSA public key in plain format if the other side runs " #~ "strongSwan without X509 certificate support." #~ msgstr "" #~ "Pokud chcete vytvořit IPSec spojení jen k počítačům, na kterých taktéž " #~ "běží strongSwan, může být mnohem jednodušší použít pár prostých RSA " #~ "klíčů. Pokud se ale chcete připojit k jiným implementacím IPSec, budete " #~ "potřebovat certifikát X509. Také je možné zde vytvořit certifikát X509 a " #~ "později, pokud druhá strana používá strongSwan bez podpory certifikátů " #~ "X509, z něj získat veřejný RSA klíč v prostém formátu." #~ msgid "" #~ "Therefore a X509 certificate is recommended since it is more flexible and " #~ "this installer should be able to hide the complex creation of the X509 " #~ "certificate and its use in strongSwan anyway." #~ msgstr "" #~ "Certifikát X509 je proto doporučován zejména díky své flexibilitě. Tento " #~ "instalátor by v měl být schopen skrýt komplexnost vytváření a používání " #~ "certifikátu ve strongSwanu." debian/po/de.po0000644000000000000000000010410212775300022010530 0ustar # German translation of strongswan templates # Matthias Julius , 2007. # Martin Eberhard Schauer , 2010. # Helge Kreutzmann , 2007, 2010. # This file is distributed under the same license as the strongswan package. # msgid "" msgstr "" "Project-Id-Version: strongswan 4.4.0-1\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" "POT-Creation-Date: 2013-02-07 13:28+0100\n" "PO-Revision-Date: 2010-06-29 21:55+0200\n" "Last-Translator: Helge Kreutzmann \n" "Language-Team: German \n" "Language: de\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" # (mes) andere Übersetzungen für supersede: etw.Akk. ersetzen, für etw.Akk. Ersatz sein, an die Stelle von etw. Dat. treten, etw.Akk. überflüssig machen, etw.Akk. verdrängen #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "Old runlevel management superseded" msgstr "Alte Verwaltung der Runlevel abgelöst" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "" "Previous versions of the strongSwan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your strongSwan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Frühere Versionen von strongSwan ermöglichten eine Wahl zwischen drei " "verschiedenen Start/Stop-Modi. Aufgrund von Änderungen des standardmäßigen " "Systemstarts ist dies nicht mehr notwendig oder nützlich. Sowohl für alle " "neuen als auch bestehende Installationen, die in einem der vordefinierten " "Modi betrieben wurden, werden jetzt vernünftige Standardwerte gesetzt. Wenn " "Sie jetzt ein Upgrade von einer früheren Version durchführen und Sie die " "strongSwan-Startparameter angepasst haben, werfen Sie bitte einen Blick auf " "NEWS.Debian. Die Datei enthält Anweisungen, wie Sie Ihren Installation " "entsprechend ändern." #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "Restart strongSwan now?" msgstr "StrongSwan jetzt starten?" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "" "Restarting strongSwan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such a " "strongSwan tunnel to connect for this update, restarting is not recommended." msgstr "" "Es wird empfohlen, strongSwan neuzustarten, da eine Sicherheitskorrektur " "erst nach dem Neustart des Daemons greift. Die meisten Leute erwarten, dass " "der Daemon neu startet, daher ist diese Wahl eine gute Idee. Er kann " "allerdings existierende Verbindungen beenden und erneut aufbauen. Falls Sie " "solch eine Verbindung für diese Aktualisierung verwenden, wird der Neustart " "nicht empfohlen." #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "Start strongSwan's IKEv1 daemon?" msgid "Start strongSwan's charon daemon?" msgstr "strongSwans IKEv1-Daemon starten?" #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "" #| "The charon daemon must be running to support version 2 of the Internet " #| "Key Exchange protocol." msgid "" "The charon daemon must be running to support the Internet Key Exchange " "protocol." msgstr "" "Der Charon-Daemon muss laufen, um Version 2 des Internet Key Exchange-" "Protokolls zu unterstützen." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "Use an X.509 certificate for this host?" msgstr "Für diesen Rechner ein X.509-Zertifikat verwenden?" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Für diesen Rechner kann ein X.509-Zertifikat automatisch erstellt oder " "importiert werden, das zur Authentifizierung von IPSec-Verbindungen zu " "anderen Rechnern verwendet werden kann. Dieses Vorgehen ist für den Aufbau " "gesicherter IPSec-Verbindungen vorzuziehen. Die andere Möglichkeit ist die " "Verwendung von gemeinsamen Geheimnissen (engl.: shared secrets, gleiche " "Passwörter an beiden Enden des Tunnels) zur Authentifizierung einer " "Verbindung. Für eine größere Anzahl von Verbindungen ist aber die RSA-" "Authentifizierung einfacher zu verwalten und sicherer." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure strongswan\" to come back." msgstr "" "Alternativ können Sie diese Option ablehnen und später den Befehl »dpkg-" "reconfigure strongswan« zur Rückkehr zu dieser Option verwenden." #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "create" msgstr "erstellen" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "import" msgstr "importieren" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "" "Methoden für die Authentifizierung dieses Rechners mittels eines X.509-" "Zertifikats:" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "Es ist möglich, mit benutzerdefinierten Einstellungen ein neues X.509-" "Zertifikat zu erstellen oder einen vorhandenen, in PEM-Datei(en) " "gespeicherten, öffentlichen und privaten Schlüssel für die Authentifizierung " "von IPSec-Verbindungen zu verwenden." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Wenn Sie sich für die Erstellung eines neuen X.509-Zertifikats entscheiden, " "wird Ihnen zunächst eine Reihe von Fragen gestellt. Diese Fragen müssen " "beantwortet werden, damit das Zertifikat erstellt werden kann. Bitte " "beachten Sie: Wenn der öffentliche Schlüssel von einer bestehenden " "Zertifizierungsstelle (Certificate Authority, CA) bestätigen lassen wollen, " "sollten Sie nicht wählen, ein selbstsigniertes Zertifikat zu erstellen. " "Außerdem müssen dann alle gegebenen Antworten exakt den Anforderungen der CA " "entsprechen, da sonst der Antrag auf Zertifizierung zurückgewiesen werden " "kann." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Wenn Sie bestehende öffentliche und private Schlüssel importieren wollen, " "werden Sie nach deren Dateinamen gefragt. (Die Namen können übereinstimmen, " "wenn beide Teile zusammen in einer Datei gespeichert werden.) Optional " "können Sie auch den Namen einer Datei angeben, die den/die öffentlichen " "Schlüssel Ihrer Zertifizierungsstelle enthält. Dieser Name muss von den " "Erstgenannten verschieden sein. Bitte beachten Sie auch, dass Sie für die " "X.509-Zertifikate das Format PEM verwenden und dass der private Schlüssel " "nicht verschlüsselt sein darf, weil sonst der Import-Vorgang fehlschlagen " "wird." #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "File name of your PEM format X.509 certificate:" msgstr "Dateiname Ihres X.509-Zertifikats im PEM-Format:" #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Bitte geben Sie den Speicherort der Datei ein, die Ihr X.509-Zertifikat im " "PEM-Format enthält." #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "File name of your PEM format X.509 private key:" msgstr "Dateiname des privaten X.509-Schlüssels im PEM-Format:" #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Bitte geben Sie den Speicherort der Datei ein, die den zu Ihrem X.509-" "Zertifikat passenden privaten RSA-Schlüssel im PEM-Format enthält. Dies kann " "dieselbe Datei sein, die das X.509-Zertifikat enthält." #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Dateinamen Ihrer PEM-Format-X.509-RootCA:" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Optional können Sie nun den Speicherort der Datei mit dem »X.509 Certificate " "Authority Root« angeben, mit dem Ihr Zertifikat im PEM-Format unterzeichnet " "wurde. Wenn Sie keine haben oder diese nicht verwenden wollen, lassen Sie " "dieses Feld bitte leer. Bitte beachten Sie, dass es nicht möglich ist, die " "RootCA in der gleichen Datei wie Ihr X.509-Zertifikat oder den privaten " "Schlüssel zu speichern." #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "Please enter which length the created RSA key should have:" msgstr "" "Bitte geben Sie ein, welche Länge der erstellte RSA-Schlüssels haben soll:" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "" "Please enter the length of the created RSA key. It should not be less than " "1024 bits because this should be considered unsecure and you will probably " "not need anything more than 4096 bits because it only slows the " "authentication process down and is not needed at the moment." msgstr "" "Bitte geben Sie die Länge des erstellten RSA-Schlüssels an. Er sollte nicht " "kürzer als 1024 Bits sein, da dies als unsicher betrachtet werden könnte und " "Sie benötigen nicht mehr als 4096 Bits, da dies nur den Authentifizierungs-" "Prozess verlangsamt und derzeit nicht benötigt wird." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "Create a self-signed X.509 certificate?" msgstr "Selbstsigniertes X.509-Zertifikat erstellen?" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using strongSwan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Nur selbstsignierte X.509-Zertifikate können automatisch erstellt werden, da " "da andernfalls eine Zertifizierungsstelle zur Signatur der " "Zertifikatsanfrage benötigt wird. Falls Sie sich entscheiden, ein " "selbstsigniertes Zertifikat zu erstellen, können Sie es sofort zur " "Verbindung mit anderen IPSec-Rechnern verwenden, die X.509-Zertifikate zur " "Authentifizierung von IPSec-Verbindungen verwenden. Die Verwendung der PKI-" "Funktionalität von strongSwan verlangt allerdings, dass alle Zertifikate von " "einer Zertifizierungsstelle signiert sind, um einen Vertrauenspfad zu " "erstellen." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Falls Sie kein selbstsigniertes Zertifikat erstellen möchten, wird nur der " "private RSA-Schlüssel und die Zertifikatsanforderung erstellt. Sie müssen " "diese Zertifikatsanforderung von Ihrer Zertifizierungsstelle signieren " "lassen." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "Country code for the X.509 certificate request:" msgstr "Ländercode für die X.509-Zertifikatsanforderung:" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Geben Sie den Ländercode (zwei Zeichen) für das Land ein, in dem der Server " "steht (z. B. »AT« für Österreich)." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "Ohne einen gültigen Ländercode nach ISO-3166 wird es OpenSSL ablehnen, ein " "Zertifikat zu generieren. Ein leeres Feld ist für andere Elemente des X.509-" "Zertifikats zulässig, aber nicht für dieses." #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "State or province name for the X.509 certificate request:" msgstr "Name des Landes oder der Provinz für diese X.509-Zertifikatsanfrage:" #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Bitte geben Sie den kompletten Namen des Landes oder der Provinz ein, in der " "sich der Server befindet (wie »Oberösterreich«)." #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "Locality name for the X.509 certificate request:" msgstr "Ort für die X.509-Zertifikatsanforderung:" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Geben Sie bitte den Ort an, an dem der Server steht (oft ist das eine Stadt " "wie beispielsweise »Wien«)." #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "Organization name for the X.509 certificate request:" msgstr "Organisationsname für die X.509-Zertifikatsanforderung:" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" "Bitte geben Sie die Organisation an, zu der der Server gehört (wie z.B. " "»Debian«)." #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Organisationseinheit für die X.509-Zertifikatsanforderung:" #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Bitte geben Sie die Organisationseinheit für die X.509-" "Zertifikatsanforderung ein (z.B. »Sicherheitsgruppe«)." #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "Common Name for the X.509 certificate request:" msgstr "»Common Name« für die X.509-Zertifikatsanforderung:" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Bitte geben Sie den »Common Name« für diesen Rechner ein (wie z.B. »gateway." "example.org«)." #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "Email address for the X.509 certificate request:" msgstr "E-Mail-Adresse für die X.509-Zertifikatsanforderung:" #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Bitte geben Sie die E-Mail-Adresse der für das X.509-Zertifikat " "verantwortlichen Person oder Organisation ein." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "Enable opportunistic encryption?" msgstr "Opportunistische Verschlüsselung aktivieren?" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "" "This version of strongSwan supports opportunistic encryption (OE), which " "stores IPSec authentication information in DNS records. Until this is widely " "deployed, activating it will cause a significant delay for every new " "outgoing connection." msgstr "" "Diese Version von strongSwan unterstützt opportunistische Verschlüsselung " "(OE), die IPSec-Authentifizierungsinformationen in DNS-Einträgen speichert. " "Bis dies weit verbreitet ist, führt die Verwendung zu einer deutlichen " "Verzögerung bei jeder ausgehenden Verbindung." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 #, fuzzy #| msgid "" #| "You should only enable opportunistic encryption if you are sure you want " #| "it. It may break the Internet connection (default route) as the pluto " #| "daemon starts." msgid "" "You should only enable opportunistic encryption if you are sure you want it. " "It may break the Internet connection (default route) as the daemon starts." msgstr "" "Sie sollten opportunistische Verschlüsselung nur verwenden, falls Sie sich " "sicher sind, dass Sie sie verwenden möchten. Beim Starten des Pluto-Daemons " "könnte die Internetverbindung (Default Route) unterbrochen werden." #~ msgid "" #~ "The pluto daemon must be running to support version 1 of the Internet Key " #~ "Exchange protocol." #~ msgstr "" #~ "Der Pluto-Daemon muss laufen, um Version 1 des Internet Key Exchange-" #~ "Protokolls zu unterstützen." #~ msgid "Start strongSwan's IKEv2 daemon?" #~ msgstr "strongSwans IKEv2-Daemon starten?" #~ msgid "" #~ "Previous versions of the Openswan package gave a choice between three " #~ "different Start/Stop-Levels. Due to changes in the standard system " #~ "startup procedure, this is no longer necessary or useful. For all new " #~ "installations as well as old ones running in any of the predefined modes, " #~ "sane default levels will now be set. If you are upgrading from a previous " #~ "version and changed your Openswan startup parameters, then please take a " #~ "look at NEWS.Debian for instructions on how to modify your setup " #~ "accordingly." #~ msgstr "" #~ "Frühere Versionen von Openswan ermöglichten eine Wahl zwischen drei " #~ "verschiedenen Start/Stop-Ebenen. Aufgrund von Änderungen des " #~ "standardmäßigen Systemstarts ist dies nicht mehr notwendig oder nützlich. " #~ "Sowohl für alle neuen als auch bestehende Installationen, die in einem " #~ "der vordefinierten Modi betrieben wurden, werden jetzt vernünftige " #~ "Standardwerte gesetzt. Wenn Sie jetzt ein Upgrade von einer früheren " #~ "Version durchführen und Sie die Openswan-Startparameter angepasst haben, " #~ "werfen Sie bitte einen Blick auf NEWS.Debian. Die Datei enthält " #~ "Anweisungen, wie Sie Ihren Setup entsprechend ändern." #~ msgid "Restart Openswan now?" #~ msgstr "Möchten Sie jetzt Openswan neu starten?" #~ msgid "" #~ "Restarting Openswan is recommended, since if there is a security fix, it " #~ "will not be applied until the daemon restarts. Most people expect the " #~ "daemon to restart, so this is generally a good idea. However, this might " #~ "take down existing connections and then bring them back up, so if you are " #~ "using such an Openswan tunnel to connect for this update, restarting is " #~ "not recommended." #~ msgstr "" #~ "Der Neustart von Openswan wird empfohlen. Wenn mit dieser Version ein " #~ "Sicherheitsproblem beseitigt wurde, wird dies erst nach dem Neustart des " #~ "Daemons wirksam. Da die meisten Anwender einen Neustart des Daemons " #~ "erwarten, ist dies grundsätzlich eine gute Idee. Der Neustart kann aber " #~ "bestehende Verbindungen schließen und anschließend wiederherstellen. Wenn " #~ "Sie einen solchen Openswan-Tunnel für die Verbindung bei dieser " #~ "Aktualisierung verwenden, wird von einem Neustart abgeraten." #~ msgid "" #~ "Alternatively you can reject this option and later use the command \"dpkg-" #~ "reconfigure openswan\" to come back." #~ msgstr "" #~ " Alternativ können Sie diese Option ablehnen und später mit dem Befehl " #~ "»dpkg-reconfigure openswan« zurückzukommen." #~ msgid "Length of RSA key to be created:" #~ msgstr "Länge des zu erstellenden RSA-Schlüssels:" #~ msgid "" #~ "Please enter the required RSA key-length. Anything under 1024 bits should " #~ "be considered insecure; anything more than 4096 bits slows down the " #~ "authentication process and is not useful at present." #~ msgstr "" #~ "Bitte geben Sie die Länge des zu erstellenden RSA-Schlüssels ein. Sie " #~ "sollte nicht weniger als 1024 Bit sein, da dies als unsicher betrachtet " #~ "wird. Alles über 4098 Bit verlangsamt den Authentifizierungs-Prozess und " #~ "ist zur Zeit nicht nützlich." #~ msgid "" #~ "Only self-signed X.509 certificates can be created automatically, because " #~ "otherwise a Certificate Authority is needed to sign the certificate " #~ "request. If you choose to create a self-signed certificate, you can use " #~ "it immediately to connect to other IPsec hosts that support X.509 " #~ "certificate for authentication of IPsec connections. However, using " #~ "Openswan's PKI features requires all certificates to be signed by a " #~ "single Certificate Authority to create a trust path." #~ msgstr "" #~ "Nur selbstsignierte X.509-Zertifikate können automatisch erstellt werden, " #~ "da anderenfalls für die Unterzeichnung der Zertifikatsanforderung eine " #~ "Zertifizierungsstelle benötigt wird. Falls Sie ein selbstsigniertes " #~ "Zertifikat erstellen, können Sie dieses sofort verwenden, um sich mit " #~ "anderen IPSec-Rechnern zu verbinden, die X.509-Zertifikate zur " #~ "Authentifizierung von IPsec-Verbindungen benutzen. Falls Sie jedoch die " #~ "PKI-Funktionen von Openswan verwenden möchten, müssen alle X.509-" #~ "Zertifikate von einer einzigen Zertifizierungsstelle signiert sein, um " #~ "einen Vertrauenspfad zu schaffen." #~ msgid "Modification of /etc/ipsec.conf" #~ msgstr "Veränderung von /etc/ipsec.conf" #~ msgid "" #~ "Due to a change in upstream Openswan, opportunistic encryption is no " #~ "longer enabled by default. The no_oe.conf file that was shipped in " #~ "earlier versions to explicitly disable it can therefore no longer be " #~ "included by ipsec.conf. Any such include paragraph will now be " #~ "automatically removed to ensure that Openswan can start correctly." #~ msgstr "" #~ "Aufgrund einer Änderung im Quelltext von Openswan ist opportunistische " #~ "Verschlüsselung nicht mehr standardmäßig aktiviert. Ältere Versionen von " #~ "Openswan enthielten die Datei no_oe.conf, die zur expliziten " #~ "Deaktivierung der opportunistischen Verschlüsselung diente. Diese kann " #~ "jetzt nicht mehr mittels ipsec.conf aufgenommen werden. Jeder " #~ "entsprechende Absatz wird jetzt automatisch entfernt, um einen korrekten " #~ "Start von Openswan sicherzustellen." #~ msgid "Do you wish to restart strongSwan?" #~ msgstr "Möchten Sie strongSwan neustarten?" #~ msgid "Please enter the location of your X509 certificate in PEM format:" #~ msgstr "" #~ "Bitte geben Sie den Ort der Datei an, der Ihr X509-Zertifikat im PEM-" #~ "Format enthält." #~ msgid "Please enter the location of your X509 private key in PEM format:" #~ msgstr "" #~ "Bitte geben Sie den Ort der Datei an, der Ihr X509-Zertifikat im PEM-" #~ "Format enthält." #~ msgid "" #~ "Please enter the 2 letter country code for your country. This code will " #~ "be placed in the certificate request." #~ msgstr "" #~ "Bitte geben Sie den zweibuchstabigen Ländercode für Ihr Land ein. Dieser " #~ "Code wird in der Zertifikatsanfrage verwendet." #~ msgid "Example: AT" #~ msgstr "Beispiel: AT" #~ msgid "Example: Upper Austria" #~ msgstr "Beispiel: Oberösterreich" #~ msgid "Example: Vienna" #~ msgstr "Beispiel: Wien" #~ msgid "" #~ "Please enter the organization (e.g. company) that the X509 certificate " #~ "should be created for. This name will be placed in the certificate " #~ "request." #~ msgstr "" #~ "Bitte geben Sie die Organisation (z.B. Firma) ein, für die das X509-" #~ "Zertifikat erstellt werden soll. Dieser Name wird in der " #~ "Zertifikatsanfrage verwandt." #~ msgid "Example: Debian" #~ msgstr "Beispiel: Debian" #~ msgid "Example: security group" #~ msgstr "Beispiel: Sicherheitsgruppe" #~ msgid "Example: gateway.debian.org" #~ msgstr "Beispiel: gateway.debian.org" #~ msgid "When to start strongSwan:" #~ msgstr "Wann soll strongSwan gestartet werden:" #~ msgid "" #~ "If you do not want to create a new public/private keypair, you can choose " #~ "to use an existing one in the next step." #~ msgstr "" #~ "Falls Sie kein neues öffentliches/privates Schlüsselpaar erstellen " #~ "wollen, können Sie im nächsten Schritt ein existierendes auswählen." #~ msgid "earliest, \"after NFS\", \"after PCMCIA\"" #~ msgstr "frühestmöglich, »nach NFS«, »nach PCMCIA«" #~ msgid "" #~ "There are three possibilities when strongSwan can start: before or after " #~ "the NFS services and after the PCMCIA services. The correct answer " #~ "depends on your specific setup." #~ msgstr "" #~ "Es gibt drei Möglichkeiten, wann strongSwan starten kann: vor oder nach " #~ "den NFS-Diensten und nach den PCMCIA-Diensten. Die richtige Antwort hängt " #~ "von Ihrer spezifischen Einrichtung ab." #~ msgid "" #~ "If you do not have your /usr tree mounted via NFS (either you only mount " #~ "other, less vital trees via NFS or don't use NFS mounted trees at all) " #~ "and don't use a PCMCIA network card, then it's best to start strongSwan " #~ "at the earliest possible time, thus allowing the NFS mounts to be secured " #~ "by IPSec. In this case (or if you don't understand or care about this " #~ "issue), answer \"earliest\" to this question (the default)." #~ msgstr "" #~ "Falls Sie Ihren /usr-Baum nicht über NFS eingehängt haben (entweder weil " #~ "Sie nur andere, weniger lebenswichtige Bäume über NFS einhängen, oder " #~ "falls Sie NFS überhaupt nicht verwenden) und keine PCMCIA-Netzwerkkarte " #~ "benutzen, ist es am besten, strongSwan so früh wie möglich zu starten und " #~ "damit durch IPSec gesicherte NFS-Einhängungen zu erlauben. In diesem Fall " #~ "(oder falls Sie dieses Problem nicht verstehen oder es Ihnen egal ist), " #~ "antworten Sie »frühestmöglich« (Standardwert) auf diese Frage." #~ msgid "" #~ "If you have your /usr tree mounted via NFS and don't use a PCMCIA network " #~ "card, then you will need to start strongSwan after NFS so that all " #~ "necessary files are available. In this case, answer \"after NFS\" to this " #~ "question. Please note that the NFS mount of /usr can not be secured by " #~ "IPSec in this case." #~ msgstr "" #~ "Falls Sie Ihren /usr-Baum über NFS eingehängt haben und keine PCMCIA-" #~ "Netzwerkkarte benutzen, müssen Sie strongSwan nach NFS starten, so dass " #~ "alle benötigten Dateien verfügbar sind. In diesem Fall antworten Sie " #~ "»nach NFS« auf diese Frage. Bitte beachten Sie, dass NFS-Einhängungen " #~ "von /usr in diesem Fall nicht über IPSec gesichert werden können." #~ msgid "" #~ "If you use a PCMCIA network card for your IPSec connections, then you " #~ "only have to choose to start it after the PCMCIA services. Answer \"after " #~ "PCMCIA\" in this case. This is also the correct answer if you want to " #~ "fetch keys from a locally running DNS server with DNSSec support." #~ msgstr "" #~ "Falls Sie eine PCMCIA-Netzwerkkarte für Ihre IPSec-Verbindungen benutzen, " #~ "dann müssen Sie nur auswählen, dass er nach den PCMCIA-Diensten startet. " #~ "Antworten Sie in diesem Fall »nach PCMCIA«. Dies ist auch die richtige " #~ "Antwort, falls Sie Schlüssel von einem lokal laufenden DNS-Server mit " #~ "DNSSec-Unterstützung abholen wollen." #~ msgid "Do you wish to support IKEv1?" #~ msgstr "Möchten Sie IKEv1 unterstützen?" #~ msgid "" #~ "strongSwan supports both versions of the Internet Key Exchange protocol, " #~ "IKEv1 and IKEv2. Do you want to start the \"pluto\" daemon for IKEv1 " #~ "support when strongSwan is started?" #~ msgstr "" #~ "strongSwan unterstützt beide Versionen des »Internet Key Exchange«-" #~ "Protokolls (Schlüsselaustausch über Internet), IKEv1 und IKEv2. Möchten " #~ "Sie den »pluto«-Daemon für IKEv1-Unterstützung starten, wenn strongSwan " #~ "gestartet wird." #~ msgid "Do you wish to support IKEv2?" #~ msgstr "Möchten Sie IKEv2 unterstützen?" #~ msgid "" #~ "strongSwan supports both versions of the Internet Key Exchange protocol, " #~ "IKEv1 and IKEv2. Do you want to start the \"charon\" daemon for IKEv2 " #~ "support when strongSwan is started?" #~ msgstr "" #~ "strongSwan unterstützt beide Versionen des »Internet Key Exchange«-" #~ "Protokolls (Schlüsselaustausch über Internet), IKEv1 und IKEv2. Möchten " #~ "Sie den »charon«-Daemon für IKEv2-Unterstützung starten, wenn strongSwan " #~ "gestartet wird." #~ msgid "" #~ "strongSwan comes with support for opportunistic encryption (OE), which " #~ "stores IPSec authentication information (i.e. RSA public keys) in " #~ "(preferably secure) DNS records. Until this is widely deployed, " #~ "activating it will cause a significant slow-down for every new, outgoing " #~ "connection. Since version 2.0, strongSwan upstream comes with OE enabled " #~ "by default and is thus likely to break your existing connection to the " #~ "Internet (i.e. your default route) as soon as pluto (the strongSwan " #~ "keying daemon) is started." #~ msgstr "" #~ "strongSwan enthält Unterstützung für opportunistische Verschlüsselung " #~ "(OV), die Authentifizierungsinformationen von IPSec (z.B. öffentliche RSA-" #~ "Schlüssel) in DNS-Datensätzen speichert. Solange dies nicht weit " #~ "verbreitet ist, wird jede neue ausgehende Verbindung signifikant " #~ "verlangsamt, falls diese Option aktiviert ist. Seit Version 2.0 wird " #~ "strongSwan von den Autoren mit aktiviertem OV ausgeliefert und wird daher " #~ "wahrscheinlich Ihre existierenden Verbindungen ins Internet (d.h. Ihre " #~ "Standard-Route) stören, sobald Pluto (der strongSwan Schlüssel-Daemon) " #~ "gestartet wird." #~ msgid "" #~ "Please choose whether you want to enable support for OE. If unsure, do " #~ "not enable it." #~ msgstr "" #~ "Bitte wählen Sie aus, ob Sie OV aktivieren möchten. Falls Sie unsicher " #~ "sind, aktivieren Sie es nicht." #~ msgid "x509, plain" #~ msgstr "x509, einfach" #~ msgid "The type of RSA keypair to create:" #~ msgstr "Die Art des RSA-Schlüsselpaars, das erstellt werden soll:" #~ msgid "" #~ "It is possible to create a plain RSA public/private keypair for use with " #~ "strongSwan or to create a X509 certificate file which contains the RSA " #~ "public key and additionally stores the corresponding private key." #~ msgstr "" #~ "Es besteht die Möglichkeit, ein einfaches öffentliches/privates " #~ "Schlüsselpaar für den Einsatz mit strongSwan oder eine X509-" #~ "Zertifikatsdatei zu erstellen, die den öffentlichen Schlüssel und " #~ "zusätzlich den zugehörigen privaten Schlüssel enthält." #~ msgid "" #~ "If you only want to build up IPSec connections to hosts also running " #~ "strongSwan, it might be a bit easier using plain RSA keypairs. But if you " #~ "want to connect to other IPSec implementations, you will need a X509 " #~ "certificate. It is also possible to create a X509 certificate here and " #~ "extract the RSA public key in plain format if the other side runs " #~ "strongSwan without X509 certificate support." #~ msgstr "" #~ "Falls Sie nur IPSec-Verbindungen zu Rechnern aufbauen wollen, auf denen " #~ "auch strongSwan läuft, könnte es etwas einfacher sein, einfache RSA-" #~ "Schlüsselpaare zu verwenden. Falls Sie aber mit anderen IPSec-" #~ "Implementierungen Verbindungen aufnehmen wollen, benötigen Sie ein X509-" #~ "Zertifikat. Es besteht auch die Möglichkeit, hier ein X509-Zertifikat zu " #~ "erstellen und den öffentlichen RSA-Schlüssel im einfachen Format zu " #~ "extrahieren, falls die andere Seite strongSwan ohne X509-" #~ "Zertifikatsunterstützung betreibt." #~ msgid "" #~ "Therefore a X509 certificate is recommended since it is more flexible and " #~ "this installer should be able to hide the complex creation of the X509 " #~ "certificate and its use in strongSwan anyway." #~ msgstr "" #~ "Daher wird ein X509-Zertifikat empfohlen, da es flexibler ist und dieses " #~ "Installationsprogramm in der Lage sein sollte, die komplexe Erstellung " #~ "des X509-Zertifikates und seinen Einsatz in strongSwan zu verstecken." debian/po/nl.po0000644000000000000000000004524212775300022010562 0ustar # Dutch translation of strongswan debconf templates. # Copyright (C) 2005-2011 THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the strongswan package. # Luk Claes , 2005 # Kurt De Bree , 2006. # Jeroen Schot , 2011. # msgid "" msgstr "" "Project-Id-Version: strongswan 4.5.0-1\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" "POT-Creation-Date: 2013-02-07 13:28+0100\n" "PO-Revision-Date: 2011-06-17 12:00+0200\n" "Last-Translator: Jeroen Schot \n" "Language-Team: Debian l10n Dutch \n" "Language: nl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "Old runlevel management superseded" msgstr "Het oude runlevel-beheer is vervangen" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "" "Previous versions of the strongSwan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your strongSwan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Vorige versies van het strongSwan-pakket gaven de keuze tussen drie " "verschillende Start/Stop-niveaus. Vanwege veranderingen aan de standaard " "opstartprocedure van het systeem is dit niet langer nodig of nuttig. Er " "worden nu logische standaardwaardes ingesteld voor zowel nieuwe installaties " "als oude waarvoor één van de keuzes is gemaakt. Als u opwaardeert van een " "vorige versie en uw strongSwan-opstartparameters heeft aangepast vindt u in " "NEWS.Debian instructies over het aanpassen van uw opstelling." #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "Restart strongSwan now?" msgstr "StrongSwan nu herstarten?" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "" "Restarting strongSwan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such a " "strongSwan tunnel to connect for this update, restarting is not recommended." msgstr "" "U wordt aanbevolen om strongSwan te herstarten, want indien deze nieuwe " "versie veiligheidsproblemen verhelpt worden deze pas echt opgelost bij een " "herstart van de achtergronddienst. De meeste mensen verwachten dat de " "achtergronddienst herstart, dus dit is meestal een goed idee. Hoewel, dit " "kan bestaande verbindingen verbreken en ze dan opnieuw herstellen. Dus als u " "een strongSwan-tunnel gebruikt voor deze verbinding kunt u beter niet " "herstarten." #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "Start strongSwan's IKEv1 daemon?" msgid "Start strongSwan's charon daemon?" msgstr "IKEv1-achtergronddienst van strongSwan starten?" #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "" #| "The charon daemon must be running to support version 2 of the Internet " #| "Key Exchange protocol." msgid "" "The charon daemon must be running to support the Internet Key Exchange " "protocol." msgstr "" "De charon-achtergronddienst moet actief zijn om versie 2 van het Internet " "Key Exchange protocol te ondersteunen." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "Use an X.509 certificate for this host?" msgstr "Moet er een X.509-certificaat voor deze computer gebruikt worden?" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Een X.509-certificaat voor deze computer kan automatisch worden aangemaakt " "of geïmporteerd. Deze kan worden gebruikt voor het authenticeren van IPsec-" "verbindingen naar andere computers en is de beste manier om veilige IPsec-" "verbindingen op te bouwen. Een andere mogelijkheid is om het gebruik van " "shared secrets (wachtwoorden die hetzelfde zijn aan beide kanten van de " "tunnel) voor het authenticeren van een verbinding, maar voor een groter " "aantal verbindingen is authenticatie gebaseerd op sleutels makkelijker om te " "beheren en veiliger." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure strongswan\" to come back." msgstr "" "U kunt deze optie ook weigeren en op een later moment hier terug komen met " "het commando \"dpkg-reconfigure strongswan\"." #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "create" msgstr "aanmaken" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "import" msgstr "importeren" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "" "Methodes bij het gebruik van een X.509-certificaat voor authenticatie van " "deze computer:" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "U kunt een nieuw X.509-certificaat aanmaken met eigen instellingen of een " "bestaand sleutelpaar in PEM-indeling importeren voor de authenticatie van " "IPsec-verbindingen." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Als u ervoor kiest om een nieuw X.509-certificaat te maken zal u antwoord " "moeten geven op een aantal vragen voordat het aanmaken kan beginnen. Wanneer " "u uw publieke sleutel door een bestaande certificaat-autoriteit wilt laten " "ondertekenen moet u niet voor een door uzelf getekend certificaat kiezen. " "Ook moet u er op letten dat al uw antwoorden voldoen aan de eisen van deze " "CA om te voorkomen dat deze uw ondertekeningsaanvraag zal weigeren." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Als u een bestaand sleutelpaar wilt importeren zal u gevraagd worden naar " "hun bestandsnamen (deze kunnen hetzelfde zijn als beide delen in één bestand " "zijn opgeslagen). U krijgt daarna ook de mogelijkheid om de bestandsnaam van " "de publieke sleutel(s) van de certificaat-autoriteit op te geven. Dit moet " "wel een ander bestand zijn. Let er ook op dat de X.509-certificaten in PEM-" "indeling moeten zijn en dat de geheime sleutel niet versleuteld mag zijn, " "anders zal de import-procedure mislukken." #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "File name of your PEM format X.509 certificate:" msgstr "Bestandsnaam van uw X.509-certificaat in PEM-indeling:" #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Geef de volledige locatie van het bestand dat uw X.509-certificaat in PEM-" "indeling bevat." #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "File name of your PEM format X.509 private key:" msgstr "Bestandsnaam van uw geheime X.509-sleutel in PEM-indeling:" #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Geef de volledige locatie van het bestand dat uw geheime RSA-sleutel bevat " "die behoort bij uw X.509-certificaat in PEM-indeling. Dit kan hetzelfde " "bestand zijn als dat wat uw X.509-certificaat bevat." #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "File name of your PEM format X.509 RootCA:" msgstr "Bestandsnaam van uw X.509-RootCA in PEM-indeling:" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "U heeft nu de mogelijkheid om de locatie van het bestand (in PEM-indeling) " "dat het X.509-certificaat van de certificaat-autoriteit op te geven waarmee " "uw certificaat wordt ondertekend. Als u deze niet heeft of als u geen " "gebruik wilt maken van deze mogelijkheid dient u het veld leeg te laten. Let " "op: Het is niet mogelijk om de RootCA in hetzelfde bestand te bewaren als uw " "X.509-certificaat of geheime sleutel." #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "Please enter which length the created RSA key should have:" msgstr "Geef de lengte voor de aan te maken RSA-sleutel:" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "" "Please enter the length of the created RSA key. It should not be less than " "1024 bits because this should be considered unsecure and you will probably " "not need anything more than 4096 bits because it only slows the " "authentication process down and is not needed at the moment." msgstr "" "Geef de lengte van de aan te maken RSA-sleutel. Het mag niet minder dan 1024 " "bits zijn omdat dit als onveilig wordt beschouwd en u zult waarschijnlijk " "niet meer dan 4096 bits nodig hebben omdat het enkel het authenticatieproces " "vertraagt en op dit moment niet nodig is." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "Create a self-signed X.509 certificate?" msgstr "Wilt u een door uzelf getekend X.509-certificaat aanmaken?" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using strongSwan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Deze installatie kan enkel een door uzelf getekend X.509-certificaat " "automatisch aanmaken omdat anders een certificaat-autoriteit nodig is om de " "certificaataanvraag te tekenen. Als u een door uzelf getekend certificaat " "wilt aanmaken, dan kunt u het onmiddellijk gebruiken om een verbinding te " "leggen met andere IPsec-hosts die X.509-certificaten ondersteunen voor IPSec-" "verbindingen. Als u echter strongSwan's PKI-mogelijkheden wilt gebruiken, " "dan zult u alle X.509-certificaten moeten laten tekenen door één enkele " "certificaat-autoriteit om een vertrouwenspad aan te maken." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Als u geen door uzelf getekend certificaat wilt aanmaken, dan zullen enkel " "de geheime RSA-sleutel en de certificaataanvraag worden aangemaakt en zult " "ude certificaataanvraag moeten laten tekenen door uw certificaat-autoriteit." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "Country code for the X.509 certificate request:" msgstr "Landcode van de X.509-certificaataanvraag:" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Geef de tweeletterige code voor het land waarin de server staat (zoals \"NL" "\" voor Nederland)." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "OpenSSL zal geen certificaat genereren als dit niet een geldige landcode uit " "ISO-3166 is. Voor andere velden van het X.509-certificaat is het toegestaan " "om ze leeg te laten, maar niet voor dit veld." #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "State or province name for the X.509 certificate request:" msgstr "Staat of provincie voor de X.509-certificaataanvraag:" #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Geef de volledige naam van de staat of provincie waarin de server staat " "(zoals \"Noord-Holland\")." #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "Locality name for the X.509 certificate request:" msgstr "Plaatsnaam voor de X.509-certificaataanvraag:" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Geef de plaats waar de server staat (vaak een stad zoals \"Amsterdam\")." #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "Organization name for the X.509 certificate request:" msgstr "Naam van de organisatie voor de X.509-certificaataanvraag:" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" "Geef op van welke organisatie deze server deel uitmaakt (zoals \"Debian\")." #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Organisatie-eenheid voor de X.509-certificaataanvraag:" #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Geef op van welke organisatie-eenheid deze server deel uitmaakt (zoals " "\"Afdeling beveiliging\")." #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "Common Name for the X.509 certificate request:" msgstr "Naam (Common Name) voor de X.509-certificaataanvraag:" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Geef de naam (Common Name) voor deze computer op (zoals \"gateway.example.org" "\")." #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "Email address for the X.509 certificate request:" msgstr "E-mailadres voor de X.509-certificaataanvraag:" #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Geef het e-mailadres van de persoon of organisatie die verantwoordelijk is " "voor het X.509-certificaat." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "Enable opportunistic encryption?" msgstr "Wilt u opportunistische encryptie inschakelen?" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "" "This version of strongSwan supports opportunistic encryption (OE), which " "stores IPSec authentication information in DNS records. Until this is widely " "deployed, activating it will cause a significant delay for every new " "outgoing connection." msgstr "" "Deze versie van strongSwan ondersteunt opportunistische versleuteling (OE), " "welke IPsec-authenticatie-informatie opslaat in DNS-velden. Totdat dit op " "grote schaal wordt toegepast zal het inschakelen hiervan voor een " "significante vertraging zorgen voor nieuwe verbindingen." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 #, fuzzy #| msgid "" #| "You should only enable opportunistic encryption if you are sure you want " #| "it. It may break the Internet connection (default route) as the pluto " #| "daemon starts." msgid "" "You should only enable opportunistic encryption if you are sure you want it. " "It may break the Internet connection (default route) as the daemon starts." msgstr "" "Schakel opportunistische versleuteling alleen in als u er zeker van bent dat " "u dit wilt. Het kan er voor zorgen dat uw internetverbinding " "(standaardroute) niet meer werkt zodra de pluto-achtergronddienst opstart." #~ msgid "" #~ "The pluto daemon must be running to support version 1 of the Internet Key " #~ "Exchange protocol." #~ msgstr "" #~ "De pluto-achtergronddienst moet actief zijn om versie 1 van het Internet " #~ "Key Exchange protocol te ondersteunen." #~ msgid "Start strongSwan's IKEv2 daemon?" #~ msgstr "IKEv2-achtergronddienst van strongSwan starten?" debian/po/tr.po0000644000000000000000000004454112775300022010577 0ustar # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Atila KOÇ , 2012. # msgid "" msgstr "" "Project-Id-Version: strongswan\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" "POT-Creation-Date: 2013-02-07 13:28+0100\n" "PO-Revision-Date: 2012-02-11 21:17+0200\n" "Last-Translator: Atila KOÇ \n" "Language-Team: Türkçe \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "Old runlevel management superseded" msgstr "Eski çalışma düzeyi yönetimi yerine yenisi geçti" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "" "Previous versions of the strongSwan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your strongSwan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "strongSwan paketinin önceki sürümleri üç farklı Başlama/Durma-Seviyesi " "arasında seçim şansı tanırdı. Bu, olağan sistem başlatma yordamındaki " "değişiklikler nedeni ile artık gerekli ya da faydalı değildir. Şimdi tüm " "yeni kurulumlar ve herhangi bir öntanımlı kipte çalışan eskiler için aynı " "öntanımlı seviyeler ayarlanacaktır. Eğer eski bir sürümü yükseltiyorsanız ya " "da strongSwan başlatma değişkenlerinizi değiştirdiyseniz, kurulumunuzu nasıl " "uyumlandıracağınızı anlamak için NEWS.Debian'a göz atınız." #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "Restart strongSwan now?" msgstr "strongSwan şimdi yeniden başlatılsın mı?" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "" "Restarting strongSwan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such a " "strongSwan tunnel to connect for this update, restarting is not recommended." msgstr "" "Yapılan güvenlik iyileştirmesi artalan süreci yeniden başlatılmadan " "uygulanamayacağından, strongSwan'ı yeniden başlatmanız önerilir. Çoğu kişi " "artalan sürecinin tekrar başlayacağını düşünür ve bu genellikle aldatıcıdır. " "Oysa, yeniden başlatma, varolan bağlantıları koparıp yeniden yapar ki, eğer " "bu güncellemeyi bir strongSwan tüneli bağlantısını kullanarak yapıyorsanız " "yeniden başlatma önerilmez." #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "Start strongSwan's IKEv1 daemon?" msgid "Start strongSwan's charon daemon?" msgstr "strongSwan'ın IKEv1 artalan süreci başlatılsın mı?" #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "" #| "The charon daemon must be running to support version 2 of the Internet " #| "Key Exchange protocol." msgid "" "The charon daemon must be running to support the Internet Key Exchange " "protocol." msgstr "" "Internet Anahtar Değişimi (IKE) protokolü 2. sürümünün desteklenmesi için " "'charon' artalan süreci çalışıyor olmalıdır." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "Use an X.509 certificate for this host?" msgstr "Bu makine için bir X.509 sertifikası kullanılsın mı?" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Bu makine için bir X.509 sertifikası kendiliğinden yaratılabilir ya da içe " "aktarılabilir. Bu sertifika diğer makinelerle IPsec bağlantılarını " "yetkilendirmek için kullanılacaktır ve bu yöntem güvenli IPsec bağlantıları " "için yeğlenen seçenektir. Başka bir seçenek de bağlantıyı yetkilendirmek " "için paylaşılan gizlerin (tünelin her iki tarafında da aynı olan parolalar) " "kullanılmasıdır, fakat çoğu bağlantılarda anahtar tabanlı yetkilendirme daha " "kolay yönetilir ve daha güvenlidir." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure strongswan\" to come back." msgstr "" "Dilerseniz bu öneriyi geri çevirir ve daha sonra \"dpkg-reconfigure " "strongswan\" komutu ile yeniden değerlendirebilirisiniz." #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "create" msgstr "yarat" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "import" msgstr "içe aktar" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "Bu makineyi yetkilendirmek için X.509 sertifika kullanım yöntemleri:" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "IPsec bağlantılarını yetkilendirmek için kullanıcı tanımlı ayarlar ile yeni " "bir X.509 sertifikası yaratmak ya da PEM dosyası içinde varolan bir anahtarı " "içe aktarmak olasıdır." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Eğer yeni bir X.509 sertifikası yaratma seçeneğini seçerseniz, sertifika " "yaratılmadan önce bir takım soruları yanıtlamanız gerekecektir. Unutmayın, " "eğer ortak anahtarın varolan bir Sertifika Yetkilisi (CA) tarafından " "imzalanmasını istiyorsanız, kendiliğinden imzalı bir sertifika yaratmayı " "seçmemeli ve vereceğiniz tüm yanıtların Sertifika Yetkilisinin koşullarını " "bütünüyle karşıladığından emin olmalısınız, tersi durumda sertifika " "isteğiniz geri çevirilebilir." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Eğer varolan bir özel ve genel anahtarı içe aktarmak istiyorsanız, onların " "dosya adlarını girmeniz istenecektir (eğer anahtarların ikisi de aynı " "dosyada ise dosya adları da aynı olacaktır). İsteğe bağlı olarak, Sertifika " "Yetkilisinin genel anahtarını barındıran dosya adını belirtebilirsiniz, " "fakat bu dosya öncekilerle aynı olamaz. X.509 sertifikalarının biçiminin PEM " "ve özel anahtarın şifrelenmemiş olması gerektiğini unutmayın yoksa içe " "aktarma süreci başarısız olacaktır." #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "File name of your PEM format X.509 certificate:" msgstr "PEM biçimindeki X.509 sertifikanızın dosya adı:" #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "PEM biçimindeki X.509 sertifikanızı barındıran dosyanın yolunu giriniz." #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "File name of your PEM format X.509 private key:" msgstr "PEM biçimindeki X.509 özel anahtarınızın dosya adı:" #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "X.509 sertifikanıza karşılık gelen özel RSA anahtarınızı barındıran PEM " "biçimindeki dosyanın yolunu giriniz. Bu dosya, X.509 sertifikasını " "barındıran dosya ile aynı olabilir." #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "File name of your PEM format X.509 RootCA:" msgstr "PEM biçimindeki X.509 KökSY (RootCA) dosya adı:" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Şimdi, isteğe bağlı olarak, sertifikanızı imzalamak için kullanılan X.509 " "Sertifika Yetkilisi kökünü barındıran dosyanın yolunu girebilirsiniz. Eğer " "yoksa ya da kullanmak istemiyorsanız bu alanı boş bırakınız. Unutmayın, " "KökSY (RootCA) ile X.509 sertifikanızı ya da özel anahtarınızı aynı dosyada " "tutamazsınız." #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "Please enter which length the created RSA key should have:" msgstr "" "Lütfen yaratılacak RSA anahtarının sahip olması gereken uzunluğu girin:" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "" "Please enter the length of the created RSA key. It should not be less than " "1024 bits because this should be considered unsecure and you will probably " "not need anything more than 4096 bits because it only slows the " "authentication process down and is not needed at the moment." msgstr "" "Yaratılacak RSA anahtar uzunluğunu giriniz. Anahtar uzunluğu, yeterince " "güvenli olması için, 1024 bit'ten kısa olmamalı; doğrulama sürecini " "yavaşlatmaması için de 4096 bit'ten fazla olmamalıdır ve zaten şu anda daha " "fazlasına da gerek yoktur." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "Create a self-signed X.509 certificate?" msgstr "Öz imzalı bir sertifika yaratılsın mı?" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using strongSwan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Yalnızca öz imzalı X.509 sertifikaları kendiliğinden yaratılabilir, çünkü " "öteki durumda sertifika isteğini imzalaması için bir Sertifika Yetkilisi " "gereklidir. Eğer öz imzalı bir sertifika yaratmayı seçerseniz, onu hemen " "X.509 sertifikaları ile yetkilendirmeyi destekleyen diğer IPsec makineleri " "ile bağlanmak için kullanabilirsiniz. Öte yandan, strongSwan'ın PKI " "özellikleri, güven yolu oluşturmak için tüm sertifikaların aynı Sertifika " "Yetkilisi tarafından imzalanmış olmasını gerektirir." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Eğer öz imzalı bir sertifika yaratmayı seçmezseniz, yalnızca RSA özel " "anahtarı ve sertifika isteği yaratılacaktır ve sizin bu isteği Sertifika " "Yetkilinize imzalatmanız gerekecektedir." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "Country code for the X.509 certificate request:" msgstr "X.509 sertifika isteği için ülke kodu:" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Sunucunun bulunduğu ülke için iki harfli ülke kodunu giriniz (Türkiye için " "\"TR\" gibi)." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "Bu geçerli bir ISO-3166 ülke kodu olmadığı sürece OpenSSL sertifika üretmeyi " "geri çevirecektir; X.509 sertifikasının başka bir yerinde boş alan kabul " "edilir ama burada değil." #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "State or province name for the X.509 certificate request:" msgstr "X.509 sertifika isteği için şehir adı:" #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "Sunucunun bulunduğu şehrin tam adını giriniz (örneğin \"Ankara\")." #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "Locality name for the X.509 certificate request:" msgstr "X.509 sertifika isteği için ilçe adı:" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "Sunucunun bulunduğu ilçeyi girin (örneğin \"Yenimahalle\" gibi):" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "Organization name for the X.509 certificate request:" msgstr "X.509 sertifika isteği için örgüt adı:" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "Sunucunuzun bağlı olduğu örgütü giriniz (örneğin \"Debian\")." #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "Organizational unit for the X.509 certificate request:" msgstr "X.509 sertifika isteği için örgütsel birim:" #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Sunucunuzun bağlı olduğu örgütsel birimi giriniz (örneğin \"Çeviri Birimi\")." #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "Common Name for the X.509 certificate request:" msgstr "X.509 sertifika isteği için Genel Ad:" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "Bu makine için Genel Ad giriniz (örneğin \"gumruk.example.org\")." #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "Email address for the X.509 certificate request:" msgstr "X.509 sertifika isteği için e-posta adresi:" #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "X.509 sertifikasından sorumlu kişinin ya da örgütün e-posta adresini giriniz." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "Enable opportunistic encryption?" msgstr "Fırsatçı şifrelemeye izin verilsin mi?" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "" "This version of strongSwan supports opportunistic encryption (OE), which " "stores IPSec authentication information in DNS records. Until this is widely " "deployed, activating it will cause a significant delay for every new " "outgoing connection." msgstr "" "strongSwan'ın bu sürümü IPsec doğrulama bilgisini DNS kayıtlarında tutan " "fırsatçı şifrelemeyi (OE) desteklemektedir. Kullanımı yaygınlaşmadan " "etkinleştirilirse her yeni çıkış bağlantısında ciddi gecikmelere neden " "olacaktır." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 #, fuzzy #| msgid "" #| "You should only enable opportunistic encryption if you are sure you want " #| "it. It may break the Internet connection (default route) as the pluto " #| "daemon starts." msgid "" "You should only enable opportunistic encryption if you are sure you want it. " "It may break the Internet connection (default route) as the daemon starts." msgstr "" "Fırsatçı şifrelemeyi onu kullanmak istediğinizden eminseniz " "etkinleştirmelisiniz. Bu, pluto artalan süreci başladığında Internet " "bağlantısını (varsayılan rota) koparabilir." #~ msgid "" #~ "The pluto daemon must be running to support version 1 of the Internet Key " #~ "Exchange protocol." #~ msgstr "" #~ "Internet Anahtar Değişimi (IKE) protokolü 1. sürümünün desteklenmesi için " #~ "'pluto' artalan süreci çalışıyor olmalıdır." #~ msgid "Start strongSwan's IKEv2 daemon?" #~ msgstr "strongSwan'ın IKEv2 artalan süreci başlatılsın mı?" debian/po/fr.po0000644000000000000000000013533412775300022010562 0ustar # Translation of strongswan debconf templates to French # Copyright (C) 2005-2007 Christian Perrier # This file is distributed under the same license as the strongswan package. # # Christian Perrier , 2005-2007, 2009, 2010. msgid "" msgstr "" "Project-Id-Version: strongswan\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" "POT-Creation-Date: 2013-02-07 13:28+0100\n" "PO-Revision-Date: 2010-06-24 22:17+0200\n" "Last-Translator: Christian Perrier \n" "Language-Team: French \n" "Language: fr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 1.0\n" "Plural-Forms: Plural-Forms: nplurals=2; plural=n>1;\n" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "Old runlevel management superseded" msgstr "Abandon de l'ancien système de lancement" #. Type: note #. Description #: ../strongswan-starter.templates:2001 msgid "" "Previous versions of the strongSwan package gave a choice between three " "different Start/Stop-Levels. Due to changes in the standard system startup " "procedure, this is no longer necessary or useful. For all new installations " "as well as old ones running in any of the predefined modes, sane default " "levels will now be set. If you are upgrading from a previous version and " "changed your strongSwan startup parameters, then please take a look at NEWS." "Debian for instructions on how to modify your setup accordingly." msgstr "" "Les versions précédentes du paquet de stronSwan permettaient de choisir " "entre trois séquences possibles de lancement au démarrage de la machine. " "Comme l'organisation générale des scripts de lancement a été profondément " "modifiée dans le système, cela n'est désormais plus utile. Pour toutes les " "nouvelles installations, ainsi que pour les anciennes qui fonctionnaient " "selon un des trois modes prédéfinis, une séquence de lancement sûre va être " "mise en place. Si vous effectuez une mise à jour et aviez modifié les " "paramètres de lancement de strongSwan, veuillez consulter le fichier NEWS." "Debian pour trouver les informations qui vous permettront d'adapter vos " "réglages." #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "Restart strongSwan now?" msgstr "Faut-il redémarrer StrongSwan maintenant ?" #. Type: boolean #. Description #: ../strongswan-starter.templates:3001 msgid "" "Restarting strongSwan is recommended, since if there is a security fix, it " "will not be applied until the daemon restarts. Most people expect the daemon " "to restart, so this is generally a good idea. However, this might take down " "existing connections and then bring them back up, so if you are using such a " "strongSwan tunnel to connect for this update, restarting is not recommended." msgstr "" "Redémarrer strongSwan est préférable car un éventuel correctif de sécurité " "ne prendra effet que si le démon est redémarré. La plupart des utilisateurs " "s'attendent à ce que le démon redémarre et c'est donc le plus souvent le " "meilleur choix. Cependant, cela pourrait interrompre provisoirement des " "connexions en cours, y compris la connexion utilisée actuellement pour cette " "mise à jour. En conséquence, il est déconseillé de redémarrer si le tunnel " "est utilisé pour l'administration du système." #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "Start strongSwan's IKEv1 daemon?" msgid "Start strongSwan's charon daemon?" msgstr "Faut-il démarrer le démon IKEv1 de StrongSwan ?" #. Type: boolean #. Description #: ../strongswan-starter.templates:4001 #, fuzzy #| msgid "" #| "The charon daemon must be running to support version 2 of the Internet " #| "Key Exchange protocol." msgid "" "The charon daemon must be running to support the Internet Key Exchange " "protocol." msgstr "" "Le démon « charon » doit fonctionner pour que la version 2 du protocole IKE " "(Internet Key Exchange) puisse être gérée." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "Use an X.509 certificate for this host?" msgstr "Faut-il utiliser un certificat X.509 existant avec cet hôte ?" #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "An X.509 certificate for this host can be automatically created or imported. " "It can be used to authenticate IPsec connections to other hosts and is the " "preferred way of building up secure IPsec connections. The other possibility " "would be to use shared secrets (passwords that are the same on both sides of " "the tunnel) for authenticating a connection, but for a larger number of " "connections, key based authentication is easier to administer and more " "secure." msgstr "" "Un certificat X.509 peut être créé automatiquement ou importé, pour cet " "hôte. Il peut servir à authentifier des connexions IPSec vers d'autres " "hôtes, ce qui est la méthode conseillée pour l'établissement de liaisons " "IPSec sûres. L'autre possibilité d'authentification à la connexion est " "l'utilisation d'un secret partagé (« pre-shared key » : des mots de passe " "identiques aux deux extrémités du tunnel). Toutefois, pour de nombreuses " "connexions, l'authentification à base de clés est plus simple à administrer " "et plus sûre." #. Type: boolean #. Description #: ../strongswan-starter.templates:5001 msgid "" "Alternatively you can reject this option and later use the command \"dpkg-" "reconfigure strongswan\" to come back." msgstr "" "Vous pouvez ne pas choisir cette option et y revenir plus tard avec la " "commande « dpkg-reconfigure strongswan »." #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "create" msgstr "Créer" #. Type: select #. Choices #: ../strongswan-starter.templates:6001 msgid "import" msgstr "Importer" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "Methods for using a X.509 certificate to authenticate this host:" msgstr "" "Méthode de mise en place d'un certificat X.509 pour l'authentification de " "cet hôte :" #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "It is possible to create a new X.509 certificate with user-defined settings " "or to import an existing public and private key stored in PEM file(s) for " "authenticating IPsec connections." msgstr "" "Pour l'authentification des connexions IPsec, il est possible de créer un " "nouveau certificat X.509 avec des réglages personnalisés ou importer une " "paire de clés publique et privée depuis un ou plusieurs fichiers PEM." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you choose to create a new X.509 certificate you will first be asked a " "number of questions which must be answered before the creation can start. " "Please keep in mind that if you want the public key to get signed by an " "existing Certificate Authority you should not select to create a self-signed " "certificate and all the answers given must match exactly the requirements of " "the CA, otherwise the certificate request may be rejected." msgstr "" "Si vous choisissez de créer un nouveau certificat X.509, vous devrez fournir " "plusieurs informations avant la création. Veuillez noter que si vous " "souhaitez utiliser un certificat signé par une autorité de certification, " "vous ne devez pas choisir de créer un certificat auto-signé et devrez donner " "exactement les réponses souhaitées par l'autorité de certification sinon la " "requête de certificat risquerait d'être rejetée." #. Type: select #. Description #: ../strongswan-starter.templates:6002 msgid "" "If you want to import an existing public and private key you will be " "prompted for their filenames (which may be identical if both parts are " "stored together in one file). Optionally you may also specify a filename " "where the public key(s) of the Certificate Authority are kept, but this file " "cannot be the same as the former ones. Please also be aware that the format " "for the X.509 certificates has to be PEM and that the private key must not " "be encrypted or the import procedure will fail." msgstr "" "Si vous souhaitez importer une paire de clés, vous devrez en fournir les " "noms de fichiers (qui peuvent être identiques si les parties privée et " "publique sont dans le même fichier). Vous pourrez facultativement fournir le " "nom d'un fichier contenant la ou les clés publiques de l'autorité de " "certification. Ce fichier devra être différent des précédents. Le format des " "certificats X.509 doit être PEM et la clé privée ne doit pas être chiffrée. " "Dans le cas contraire, l'importation échouera." #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "File name of your PEM format X.509 certificate:" msgstr "Nom du fichier PEM contenant le certificat X.509 :" #. Type: string #. Description #: ../strongswan-starter.templates:7001 msgid "" "Please enter the location of the file containing your X.509 certificate in " "PEM format." msgstr "" "Veuillez indiquer l'emplacement du fichier contenant votre certificat X.509 " "au format PEM." #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "File name of your PEM format X.509 private key:" msgstr "Nom du fichier PEM contenant la clé privée X.509 :" #. Type: string #. Description #: ../strongswan-starter.templates:8001 msgid "" "Please enter the location of the file containing the private RSA key " "matching your X.509 certificate in PEM format. This can be the same file " "that contains the X.509 certificate." msgstr "" "Veuillez indiquer l'emplacement du fichier contenant la clé privée RSA " "correspondant au certificat X.509 au format PEM. Cela peut être le fichier " "qui contient le certificat X.509." #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "File name of your PEM format X.509 RootCA:" msgstr "" "Nom du fichier PEM contenant le certificat X.509 de l'autorité de " "certification :" #. Type: string #. Description #: ../strongswan-starter.templates:9001 msgid "" "Optionally you can now enter the location of the file containing the X.509 " "Certificate Authority root used to sign your certificate in PEM format. If " "you do not have one or do not want to use it please leave the field empty. " "Please note that it's not possible to store the RootCA in the same file as " "your X.509 certificate or private key." msgstr "" "Veuillez indiquer facultativement l'emplacement du fichier (au format PEM) " "contenant le certificat X.509 de l'autorité de certification qui a signé le " "certificat que vous avez fourni. Si vous n'utilisez pas d'autorité de " "certification, vous pouvez laisser ce champ vide. Veuillez noter que ce " "fichier doit être différent du fichier de certificat X.509 et de la clé " "privée que vous utilisez." #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "Please enter which length the created RSA key should have:" msgstr "Longueur de la clé RSA à créer :" #. Type: string #. Description #: ../strongswan-starter.templates:10001 msgid "" "Please enter the length of the created RSA key. It should not be less than " "1024 bits because this should be considered unsecure and you will probably " "not need anything more than 4096 bits because it only slows the " "authentication process down and is not needed at the moment." msgstr "" "Veuillez indiquer la longueur de la clé RSA qui sera créée. Elle ne doit pas " "être inférieure à 1024 bits car cela serait considéré comme insuffisamment " "sûr. Un choix excédant 4096 bits est probablement inutile car cela ne fait " "essentiellement que ralentir le processus d'authentification sans avoir " "d'intérêt actuellement." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "Create a self-signed X.509 certificate?" msgstr "Souhaitez-vous créer un certificat X.509 auto-signé ?" #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "Only self-signed X.509 certificates can be created automatically, because " "otherwise a Certificate Authority is needed to sign the certificate request. " "If you choose to create a self-signed certificate, you can use it " "immediately to connect to other IPsec hosts that support X.509 certificate " "for authentication of IPsec connections. However, using strongSwan's PKI " "features requires all certificates to be signed by a single Certificate " "Authority to create a trust path." msgstr "" "Seuls des certificats X.509 auto-signés peuvent être créés automatiquement " "puisqu'une autorité de certification est indispensable pour signer la " "demande de certificat. Si vous choisissez de créer un certificat auto-signé, " "vous pourrez vous en servir immédiatement pour vous connecter aux hôtes qui " "authentifient les connexions IPsec avec des certificats X.509. Cependant, si " "vous souhaitez utiliser les nouvelles fonctionnalités PKI de strongSwan, " "vous aurez besoin que tous les certificats soient signés par la même " "autorité de certification afin de créer un chemin de confiance." #. Type: boolean #. Description #: ../strongswan-starter.templates:11001 msgid "" "If you do not choose to create a self-signed certificate, only the RSA " "private key and the certificate request will be created, and you will have " "to sign the certificate request with your Certificate Authority." msgstr "" "Si vous ne voulez pas créer de certificat auto-signé, seules la clé privée " "RSA et la demande de certificat seront créées et vous devrez ensuite faire " "signer la demande de certificat par votre autorité de certification." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "Country code for the X.509 certificate request:" msgstr "Code du pays pour la demande de certificat X.509 :" #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "Please enter the two-letter code for the country the server resides in (such " "as \"AT\" for Austria)." msgstr "" "Veuillez indiquer le code à deux lettres du pays où est situé le serveur " "(p. ex. « FR » pour la France)." #. Type: string #. Description #: ../strongswan-starter.templates:12001 msgid "" "OpenSSL will refuse to generate a certificate unless this is a valid " "ISO-3166 country code; an empty field is allowed elsewhere in the X.509 " "certificate, but not here." msgstr "" "Il est impératif de choisir ici un code de pays ISO-3166 valable sinon " "OpenSSL refusera de créer les certificats. Tous les autres champs d'un " "certificat X.509 peuvent être vides, sauf celui-ci." #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "State or province name for the X.509 certificate request:" msgstr "État ou province pour la demande de certificat X.509 :" #. Type: string #. Description #: ../strongswan-starter.templates:13001 msgid "" "Please enter the full name of the state or province the server resides in " "(such as \"Upper Austria\")." msgstr "" "Veuillez indiquer le nom complet de l'état ou de la province qui sera inclus " "dans la demande de certificat (p. ex. « Québec »)." #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "Locality name for the X.509 certificate request:" msgstr "Localité pour la demande de certificat X.509 :" #. Type: string #. Description #: ../strongswan-starter.templates:14001 msgid "" "Please enter the locality the server resides in (often a city, such as " "\"Vienna\")." msgstr "" "Veuillez indiquer la localité où est situé le serveur (ce sera souvent une " "ville, comme « Montcuq »)." #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "Organization name for the X.509 certificate request:" msgstr "Organisme pour la demande de certificat X.509 :" #. Type: string #. Description #: ../strongswan-starter.templates:15001 msgid "" "Please enter the organization the server belongs to (such as \"Debian\")." msgstr "" "Veuillez indiquer l'organisme propriétaire du serveur (p. ex. « Debian »)." #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "Organizational unit for the X.509 certificate request:" msgstr "Unité d'organisation pour la demande de certificat X.509 :" #. Type: string #. Description #: ../strongswan-starter.templates:16001 msgid "" "Please enter the organizational unit the server belongs to (such as " "\"security group\")." msgstr "" "Veuillez indiquer l'unité d'organisation pour la demande de certificat X.509 " "(p. ex. « Équipe sécurité »)." #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "Common Name for the X.509 certificate request:" msgstr "Nom ordinaire pour la demande de certification X.509 :" #. Type: string #. Description #: ../strongswan-starter.templates:17001 msgid "" "Please enter the Common Name for this host (such as \"gateway.example.org\")." msgstr "" "Veuillez indiquer le nom ordinaire de ce serveur (ce sera souvent son nom " "réseau)." #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "Email address for the X.509 certificate request:" msgstr "Adresse électronique pour la demande de certificat X.509 :" #. Type: string #. Description #: ../strongswan-starter.templates:18001 msgid "" "Please enter the email address of the person or organization responsible for " "the X.509 certificate." msgstr "" "Veuillez indiquer l'adresse électronique de la personne ou de l'organisme " "responsable du certificat X.509." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "Enable opportunistic encryption?" msgstr "Faut-il activer le chiffrement opportuniste ?" #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 msgid "" "This version of strongSwan supports opportunistic encryption (OE), which " "stores IPSec authentication information in DNS records. Until this is widely " "deployed, activating it will cause a significant delay for every new " "outgoing connection." msgstr "" "Cette version de strongSwan gère le chiffrement opportuniste (OE) qui " "conserve les informations d'authentification IPSec dans des enregistrements " "DNS. Tant que cette fonctionnalité n'est pas déployée largement, l'activer " "augmentera notablement la durée d'établissement des connexions sortantes." #. Type: boolean #. Description #: ../strongswan-starter.templates:19001 #, fuzzy #| msgid "" #| "You should only enable opportunistic encryption if you are sure you want " #| "it. It may break the Internet connection (default route) as the pluto " #| "daemon starts." msgid "" "You should only enable opportunistic encryption if you are sure you want it. " "It may break the Internet connection (default route) as the daemon starts." msgstr "" "Vous ne devriez l'activer que s'il est indispensable de l'utiliser. Il est " "possible que cela coupe la connexion Internet (la route par défaut) au " "moment où le démon « pluto » démarre." #~ msgid "" #~ "The pluto daemon must be running to support version 1 of the Internet Key " #~ "Exchange protocol." #~ msgstr "" #~ "Le démon « pluto » doit fonctionner pour que la version 1 du protocole " #~ "IKE (Internet Key Exchange) puisse être gérée." #~ msgid "Start strongSwan's IKEv2 daemon?" #~ msgstr "Faut-il démarrer le démon IKEv2 de StrongSwan ?" #, fuzzy #~ msgid "Do you wish to restart strongSwan?" #~ msgstr "Moment de démarrage de strongSwan :" #~ msgid "Please enter the location of your X509 certificate in PEM format:" #~ msgstr "Emplacement du certificat X509 :" #~ msgid "Please enter the location of your X509 private key in PEM format:" #~ msgstr "Emplacement de la clé privée X509 :" #~ msgid "You may now enter the location of your X509 RootCA in PEM format:" #~ msgstr "Emplacement du certificat X509 de l'autorité de certification :" #~ msgid "" #~ "Please enter the 2 letter country code for your country. This code will " #~ "be placed in the certificate request." #~ msgstr "" #~ "Veuillez indiquer le code à deux lettres de votre pays. Ce code sera " #~ "inclus dans la demande de certificat." #~ msgid "" #~ "Please enter the locality (e.g. city) where you live. This name will be " #~ "placed in the certificate request." #~ msgstr "" #~ "Veuillez indiquer la localité (p. ex. la ville) où vous résidez. Ce nom " #~ "sera inclus dans la demande de certificat." #~ msgid "" #~ "Please enter the organization (e.g. company) that the X509 certificate " #~ "should be created for. This name will be placed in the certificate " #~ "request." #~ msgstr "" #~ "Veuillez indiquer l'organisme (p. ex. l'entreprise) pour qui sera créé le " #~ "certificat X509. Ce nom sera inclus dans la demande de certificat." #~ msgid "" #~ "Please enter the organizational unit (e.g. section) that the X509 " #~ "certificate should be created for. This name will be placed in the " #~ "certificate request." #~ msgstr "" #~ "Veuillez indiquer l'unité d'organisation (p. ex. département, division, " #~ "etc.) pour qui sera créé le certificat X509. Ce nom sera inclus dans la " #~ "demande de certificat." #~ msgid "" #~ "Please enter the common name (e.g. the host name of this machine) for " #~ "which the X509 certificate should be created for. This name will be " #~ "placed in the certificate request." #~ msgstr "" #~ "Veuillez indiquer le nom ordinaire (p. ex. le nom réseau de cette " #~ "machine) pour qui sera créé le certificat X509. Ce nom sera inclus dans " #~ "la demande de certificat." #~ msgid "earliest" #~ msgstr "Le plus tôt possible" #~ msgid "after NFS" #~ msgstr "Après NFS" #~ msgid "after PCMCIA" #~ msgstr "Après PCMCIA" #~ msgid "" #~ "StrongSwan starts during system startup so that it can protect " #~ "filesystems that are automatically mounted." #~ msgstr "" #~ "StrongSwan est lancé au démarrage du système afin de pouvoir protéger les " #~ "systèmes de fichiers qui sont montés automatiquement." #~ msgid "" #~ " * earliest: if /usr is not mounted through NFS and you don't use a\n" #~ " PCMCIA network card, it is best to start strongSwan as soon as\n" #~ " possible, so that NFS mounts can be secured by IPSec;\n" #~ " * after NFS: recommended when /usr is mounted through NFS and no\n" #~ " PCMCIA network card is used;\n" #~ " * after PCMCIA: recommended if the IPSec connection uses a PCMCIA\n" #~ " network card or if it needs keys to be fetched from a locally running " #~ "DNS\n" #~ " server with DNSSec support." #~ msgstr "" #~ " - Le plus tôt possible : conseillé si /usr n'est pas monté par NFS\n" #~ " et que vous n'utilisez pas de carte réseau PCMCIA ;\n" #~ " - Après NFS : recommandé si /usr est un montage NFS et qu'aucune\n" #~ " carte réseau PCMCIA n'est utilisée ;\n" #~ " - après PCMCIA : recommandé si la connexion IPSec utilise une carte\n" #~ " réseau PCMCIA ou s'il est nécessaire de récupérer des clés\n" #~ " depuis un serveur DNS qui gère DNSSec." #~ msgid "" #~ "If you don't restart strongSwan now, you should do so manually at the " #~ "first opportunity." #~ msgstr "" #~ "Si vous ne redémarrez pas StrongSwan maintenant, il est conseillé de le " #~ "faire manuellement dès que possible." #~ msgid "Create an RSA public/private keypair for this host?" #~ msgstr "" #~ "Faut-il créer une paire de clés RSA publique et privée pour cet hôte ?" #~ msgid "" #~ "StrongSwan can use a Pre-Shared Key (PSK) or an RSA keypair to " #~ "authenticate IPSec connections to other hosts. RSA authentication is " #~ "generally considered more secure and is easier to administer. You can use " #~ "PSK and RSA authentication simultaneously." #~ msgstr "" #~ "StrongSwan peut utiliser une clé secrète partagée (PSK : « Pre-Shared " #~ "Key ») ou une paire de clés RSA pour gérer l'authentification des " #~ "connexions IPSec vers d'autres hôtes. L'authentification RSA est en " #~ "général considérée comme plus sûre et plus simple à administrer. Les deux " #~ "modes d'authentification peuvent être utilisés en même temps." #~ msgid "" #~ "If you do not want to create a new public/private keypair, you can choose " #~ "to use an existing one in the next step." #~ msgstr "" #~ "Si vous ne souhaitez pas créer une paire de clés publique et privée, vous " #~ "pouvez choisir d'en utiliser une existante." #~ msgid "" #~ "The required information can automatically be extracted from an existing " #~ "X.509 certificate with a matching RSA private key. Both parts can be in " #~ "one file, if it is in PEM format. You should choose this option if you " #~ "have such an existing certificate and key file and want to use it for " #~ "authenticating IPSec connections." #~ msgstr "" #~ "L'information nécessaire peut être récupérée depuis un fichier de " #~ "certificat X.509 existant, avec la clé privée RSA correspondante. Les " #~ "deux parties peuvent se trouver dans un seul fichier, s'il est en format " #~ "PEM. Vous devriez choisir cette option si vous possédez un tel certificat " #~ "ainsi que la clé privée, et si vous souhaitez vous en servir pour " #~ "l'authentification des connexions IPSec." #~ msgid "RSA key length:" #~ msgstr "Taille de la clé RSA :" #~ msgid "" #~ "Please enter the length of RSA key you wish to generate. A value of less " #~ "than 1024 bits is not considered secure. A value of more than 2048 bits " #~ "will probably affect performance." #~ msgstr "" #~ "Veuillez indiquer la taille de la clé RSA que vous souhaitez créer. Une " #~ "valeur inférieure à 1024 bits n'est pas considérée comme sûre. Une valeur " #~ "supérieure à 2048 bits risque d'altérer les performances." #~ msgid "" #~ "Only self-signed X.509 certificates can be created automatically, because " #~ "otherwise a certificate authority is needed to sign the certificate " #~ "request." #~ msgstr "" #~ "Seuls les certificats X.509 auto-signés peuvent être créés " #~ "automatiquement car, pour les autres certificats, une autorité de " #~ "certification est indispensable." #~ msgid "" #~ "If you accept this option, the certificate created can be used " #~ "immediately to connect to other IPSec hosts that support authentication " #~ "via an X.509 certificate. However, using strongSwan's PKI features " #~ "requires a trust path to be created by having all X.509 certificates " #~ "signed by a single authority." #~ msgstr "" #~ "Si vous choisissez cette option, le certificat qui sera créé pourra être " #~ "utilisé immédiatement pour la connexion à d'autres hôtes IPSec qui gèrent " #~ "l'authentification par certificat X.509. Cependant l'utilisation des " #~ "fonctionnalités PKI (« Public Key Infrastructure » : infrastructure " #~ "publique de clés) de strongSwan impose la création d'un chemin de " #~ "confiance avec tous les certificats X.509 signés par la même autorité de " #~ "certification." #~ msgid "" #~ "This field is mandatory; otherwise a certificate cannot be generated." #~ msgstr "" #~ "Ce champ est obligatoire, sinon le certificat ne pourra pas être créé." #~| msgid "" #~| "Previous versions of the Openswan package allowed the user to choose " #~| "between three different Start/Stop-Levels. Due to changes in the " #~| "standard system startup procedure, this is no longer necessary and " #~| "useful. For all new installations as well as old ones running in any of " #~| "the predefined modes, sane default levels set will now be set. If you " #~| "are upgrading from a previous version and changed your Openswan startup " #~| "parameters, then please take a look at NEWS.Debian for instructions on " #~| "how to modify your setup accordingly." #~ msgid "" #~ "Previous versions of the Openswan package gave a choice between three " #~ "different Start/Stop-Levels. Due to changes in the standard system " #~ "startup procedure, this is no longer necessary or useful. For all new " #~ "installations as well as old ones running in any of the predefined modes, " #~ "sane default levels will now be set. If you are upgrading from a previous " #~ "version and changed your Openswan startup parameters, then please take a " #~ "look at NEWS.Debian for instructions on how to modify your setup " #~ "accordingly." #~ msgstr "" #~ "Les versions précédentes du paquet d'Openswan permettaient de choisir " #~ "entre trois séquences possibles de lancement au démarrage de la machine. " #~ "Comme l'organisation générale des scripts de lancement a été profondément " #~ "modifiée dans le système, cela n'est désormais plus utile. Pour toutes " #~ "les nouvelles installations, ainsi que pour les anciennes qui " #~ "fonctionnaient selon un des trois modes prédéfinis, une séquence de " #~ "lancement sûre va être mise en place. Si vous effectuez une mise à jour " #~ "et aviez modifié les paramètres de lancement d'Openswan, veuillez " #~ "consulter le fichier NEWS.Debian pour trouver les informations qui vous " #~ "permettront d'adapter vos réglages." #~| msgid "Do you wish to restart Openswan?" #~ msgid "Restart Openswan now?" #~ msgstr "Souhaitez-vous redémarrer Openswan ?" #~| msgid "" #~| "Restarting Openswan is a good idea, since if there is a security fix, it " #~| "will not be fixed until the daemon restarts. Most people expect the " #~| "daemon to restart, so this is generally a good idea. However, this might " #~| "take down existing connections and then bring them back up (including " #~| "the connection currently used for this update, so it is recommended not " #~| "to restart if you are using any of the tunnel for administration)." #~ msgid "" #~ "Restarting Openswan is recommended, since if there is a security fix, it " #~ "will not be applied until the daemon restarts. Most people expect the " #~ "daemon to restart, so this is generally a good idea. However, this might " #~ "take down existing connections and then bring them back up, so if you are " #~ "using such an Openswan tunnel to connect for this update, restarting is " #~ "not recommended." #~ msgstr "" #~ "Redémarrer Openswan est préférable car un éventuel correctif de sécurité " #~ "ne sera actif que si le démon est redémarré. La plupart des utilisateurs " #~ "s'attendent à ce que le démon redémarre et c'est donc le plus souvent le " #~ "meilleur choix. Cependant, cela pourrait interrompre provisoirement des " #~ "connexions en cours, y compris la connexion utilisée actuellement pour " #~ "cette mise à jour. En conséquence, il est déconseillé de redémarrer si le " #~ "tunnel est utilisé pour l'administration du système." #~| msgid "" #~| "If you do not want to this now you can answer \"No\" and later use the " #~| "command \"dpkg-reconfigure openswan\" to come back." #~ msgid "" #~ "Alternatively you can reject this option and later use the command \"dpkg-" #~ "reconfigure openswan\" to come back." #~ msgstr "" #~ "Vous pouvez ne pas choisir cette option et y revenir plus tard avec la " #~ "commande « dpkg-reconfigure openswan »." #~ msgid "Length of RSA key to be created:" #~ msgstr "Longueur de la clé RSA à créer :" #~| msgid "" #~| "Please enter the length of the created RSA key. It should not be less " #~| "than 1024 bits because this should be considered unsecure and you will " #~| "probably not need anything more than 4096 bits because it only slows the " #~| "authentication process down and is not needed at the moment." #~ msgid "" #~ "Please enter the required RSA key-length. Anything under 1024 bits should " #~ "be considered insecure; anything more than 4096 bits slows down the " #~ "authentication process and is not useful at present." #~ msgstr "" #~ "Veuillez indiquer la longueur de la clé RSA qui sera créée. Elle ne doit " #~ "pas être inférieure à 1024 bits car cela serait considéré comme " #~ "insuffisamment sûr. Un choix excédant 4096 bits est probablement inutile " #~ "car cela ne fait essentiellement que ralentir le processus " #~ "d'authentification sans avoir d'intérêt actuellement." #~| msgid "" #~| "This installer can only create self-signed X509 certificates " #~| "automatically, because otherwise a certificate authority is needed to " #~| "sign the certificate request. If you want to create a self-signed " #~| "certificate, you can use it immediately to connect to other IPsec hosts " #~| "that support X509 certificate for authentication of IPsec connections. " #~| "However, if you want to use the new PKI features of Openswan >= 1.91, " #~| "you will need to have all X509 certificates signed by a single " #~| "certificate authority to create a trust path." #~ msgid "" #~ "Only self-signed X.509 certificates can be created automatically, because " #~ "otherwise a Certificate Authority is needed to sign the certificate " #~ "request. If you choose to create a self-signed certificate, you can use " #~ "it immediately to connect to other IPsec hosts that support X.509 " #~ "certificate for authentication of IPsec connections. However, using " #~ "Openswan's PKI features requires all certificates to be signed by a " #~ "single Certificate Authority to create a trust path." #~ msgstr "" #~ "Seuls des certificats X.509 auto-signés peuvent être créés " #~ "automatiquement puisqu'une autorité de certification est indispensable " #~ "pour signer la demande de certificat. Si vous choisissez de créer un " #~ "certificat auto-signé, vous pourrez vous en servir immédiatement pour " #~ "vous connecter aux hôtes qui authentifient les connexions IPsec avec des " #~ "certificats X.509. Cependant, si vous souhaitez utiliser les nouvelles " #~ "fonctionnalités PKI d'Openswan, vous aurez besoin que tous les " #~ "certificats soient signés par la même autorité de certification afin de " #~ "créer un chemin de confiance." #~ msgid "Modification of /etc/ipsec.conf" #~ msgstr "Modification de /etc/ipsec.conf" #~| msgid "" #~| "Due to a change in upstream Openswan, opportunistic encryption is no " #~| "longer enabled by default. The no_oe.conf file that was shipped in " #~| "earlier versions to explicitly disable it can therefore no longer be " #~| "included by ipsec.conf. A respective include paragraph will now be " #~| "automatically removed to ensure that Openswan can start correctly." #~ msgid "" #~ "Due to a change in upstream Openswan, opportunistic encryption is no " #~ "longer enabled by default. The no_oe.conf file that was shipped in " #~ "earlier versions to explicitly disable it can therefore no longer be " #~ "included by ipsec.conf. Any such include paragraph will now be " #~ "automatically removed to ensure that Openswan can start correctly." #~ msgstr "" #~ "En raison de modifications dans la version amont d'Openswan, le " #~ "chiffrement opportuniste n'est plus activé par défaut. Le fichier no_oe." #~ "conf qui était fourni avec les versions précédentes pour le désactiver " #~ "explicitement ne peut donc plus être inclus dans ipsec.conf. Toute " #~ "instruction d'inclusion de ce fichier sera automatiquement retirée afin " #~ "qu'Openswan puisse démarrer correctement." #~ msgid "Example: AT" #~ msgstr "Exemple : FR" #~ msgid "" #~ "Please enter the state or province name for the X509 certificate request:" #~ msgstr "État, province ou région :" #~ msgid "" #~ "Please enter the full name of the state or province you live in. This " #~ "name will be placed in the certificate request." #~ msgstr "" #~ "Veuillez indiquer le nom complet de l'état, de la province ou de la " #~ "région où vous résidez. Ce nom sera inclus dans la demande de certificat." #~ msgid "Example: Upper Austria" #~ msgstr "" #~ "Exemples : Rhône-Alpes, Brabant Wallon, Bouches du Rhône, Québec, Canton " #~ "de Vaud" #~ msgid "Example: Vienna" #~ msgstr "Exemple : Saint-Étienne" #~ msgid "Example: Debian" #~ msgstr "Exemple : Debian" #~ msgid "Example: security group" #~ msgstr "Exemple : Département Réseaux et Informatique Scientifique" #~ msgid "Example: gateway.debian.org" #~ msgstr "Exemple : gateway.debian.org" #~ msgid "Do you want to create a RSA public/private keypair for this host?" #~ msgstr "" #~ "Souhaitez-vous créer une paire de clés RSA publique et privée pour cet " #~ "hÃŽte ?" #~ msgid "" #~ "If you do not want to create a new public/private keypair, you can choose " #~ "to use an existing one." #~ msgstr "" #~ "Si vous ne souhaitez pas créer une paire de clés publique et privée, " #~ "vous pouvez choisir d'en utiliser une existante." #~ msgid "x509" #~ msgstr "X509" #~ msgid "plain" #~ msgstr "Simple paire" #~ msgid "" #~ "It is possible to create a plain RSA public/private keypair for use with " #~ "Openswan or to create a X509 certificate file which contains the RSA " #~ "public key and additionally stores the corresponding private key." #~ msgstr "" #~ "Il est possible de créer une simple paire de clés destinée à être " #~ "utilisée avec Openswan ou de créer un fichier de certificat X509 qui " #~ "contient la clé publique RSA et de conserver la clé privée " #~ "correspondante par ailleurs." #, fuzzy #~| msgid "" #~| "If you only want to build up IPSec connections to hosts also running " #~| "Openswan, it might be a bit easier using plain RSA keypairs. But if you " #~| "want to connect to other IPSec implementations, you will need a X509 " #~| "certificate. It is also possible to create a X509 certificate here and " #~| "extract the RSA public key in plain format if the other side runs " #~| "Openswan without X509 certificate support." #~ msgid "" #~ "If you only want to create IPsec connections to hosts also running " #~ "Openswan, it might be a bit easier using plain RSA keypairs. But if you " #~ "want to connect to other IPsec implementations, you will need a X509 " #~ "certificate. It is also possible to create a X509 certificate here and " #~ "extract the RSA public key in plain format if the other side runs " #~ "Openswan without X509 certificate support." #~ msgstr "" #~ "Si vous ne prévoyez d'établir des connexions IPSec qu'avec des hÃŽtes " #~ "utilisant Openswan, il sera probablement plus facile d'utiliser des clés " #~ "RSA simples. Mais si vous souhaitez vous connecter à des hÃŽtes " #~ "utilisant d'autres implémentations d'IPSec, vous aurez besoin d'un " #~ "certificat X509. Il est également possible de créer un certificat X509 " #~ "puis d'en extraire une simple clé publique RSA, si l'autre extrémité " #~ "de la connexion utilise Openswan sans la gestion des certificats X509." #, fuzzy #~| msgid "" #~| "Therefore a X509 certificate is recommended since it is more flexible " #~| "and this installer should be able to hide the complex creation of the " #~| "X509 certificate and its use in Openswan anyway." #~ msgid "" #~ "Therefore a X509 certificate is recommended since it is more flexible and " #~ "this installer should be able to hide the complex creation of the X509 " #~ "certificate and its use in Openswan." #~ msgstr "" #~ "Ainsi, il vous est conseillé d'utiliser un certificat X509 car cette " #~ "méthode est plus souple. Cet outil d'installation devrait vous " #~ "simplifier la tâche de création et d'utilisation de ce certificat X509." #, fuzzy #~| msgid "" #~| "This installer can automatically extract the needed information from an " #~| "existing X509 certificate with a matching RSA private key. Both parts " #~| "can be in one file, if it is in PEM format. Do you have such an existing " #~| "certificate and key file and want to use it for authenticating IPSec " #~| "connections?" #~ msgid "" #~ "This installer can automatically extract the needed information from an " #~ "existing X509 certificate with a matching RSA private key. Both parts can " #~ "be in one file, if it is in PEM format. If you have such an existing " #~ "certificate and key file please select if want to use it for " #~ "authenticating IPSec connections." #~ msgstr "" #~ "Cet outil d'installation est capable d'extraire automatiquement " #~ "l'information nécessaire d'un fichier de certificat X509 existant, avec " #~ "la clé privée RSA correspondante. Les deux parties peuvent se trouver " #~ "dans un seul fichier, s'il est en format PEM. Indiquez si vous possédez " #~ "un tel certificat ainsi que la clé privée, et si vous souhaitez vous en " #~ "servir pour l'authentification des connexions IPSec." #~ msgid "x509, plain" #~ msgstr "X509, Simple paire" #, fuzzy #~| msgid "earliest, \"after NFS\", \"after PCMCIA\"" #~ msgid "earliest, after NFS, after PCMCIA" #~ msgstr "Le plus tÃŽt possible, AprÚs NFS, AprÚs PCMCIA" #, fuzzy #~| msgid "" #~| "With the current Debian startup levels (nearly everything starting in " #~| "level 20), it is impossible for Openswan to always start at the correct " #~| "time. There are three possibilities when Openswan can start: before or " #~| "after the NFS services and after the PCMCIA services. The correct answer " #~| "depends on your specific setup." #~ msgid "" #~ "With the default system startup levels (nearly everything starting in " #~ "level 20), it is impossible for Openswan to always start at the correct " #~ "time. There are three possibilities when Openswan can start: before or " #~ "after the NFS services and after the PCMCIA services. The correct answer " #~ "depends on your specific setup." #~ msgstr "" #~ "Avec les niveaux de démarrage actuellement utilisés par Debian (presque " #~ "tout démarre au niveau 20), il est impossible de faire en sorte " #~ "qu'Openswan démarre toujours au moment approprié. Il existe trois " #~ "moments où il est opportun de le démarrer : avant ou aprÚs les " #~ "services NFS, ou aprÚs les services PCMCIA. La réponse appropriée " #~ "dépend de vos réglages spécifiques." #, fuzzy #~| msgid "" #~| "If you do not have your /usr tree mounted via NFS (either you only mount " #~| "other, less vital trees via NFS or don't use NFS mounted trees at all) " #~| "and don't use a PCMCIA network card, then it's best to start Openswan at " #~| "the earliest possible time, thus allowing the NFS mounts to be secured " #~| "by IPSec. In this case (or if you don't understand or care about this " #~| "issue), answer \"earliest\" to this question (the default)." #~ msgid "" #~ "If the /usr tree of this system is not mounted via NFS (either you only " #~ "mount other, less vital trees via NFS or don't use NFS mounted trees at " #~ "all) and no PCMCIA network card is used, then it's best to start Openswan " #~ "at the earliest possible time, thus allowing the NFS mounts to be secured " #~ "by IPSec. In this case (or if you don't understand or care about this " #~ "issue), answer \"earliest\" to this question (the default)." #~ msgstr "" #~ "Si votre arborescence /usr n'est pas un montage NFS (soit parce que vos " #~ "montages NFS sont à d'autres endroits, moins critiques, soit parce que " #~ "vous n'utilisez pas du tout de montage NFS) et si vous n'utilisez pas de " #~ "carte réseau PCMCIA, il est préférable de démarrer Openswan le plus " #~ "tÃŽt possible, ce qui permettra de sécuriser les montages NFS avec " #~ "IPSec. Dans ce cas (ou bien si vous ne comprenez pas l'objet de la " #~ "question ou qu'elle ne vous concerne pas), choisissez « le plus tÃŽt " #~ "possible », qui est le choix par défaut." #, fuzzy #~| msgid "" #~| "If you have your /usr tree mounted via NFS and don't use a PCMCIA " #~| "network card, then you will need to start Openswan after NFS so that all " #~| "necessary files are available. In this case, answer \"after NFS\" to " #~| "this question. Please note that the NFS mount of /usr can not be secured " #~| "by IPSec in this case." #~ msgid "" #~ "If the /usr tree is mounted via NFS and no PCMCIA network card is used, " #~ "then you will need to start Openswan after NFS so that all necessary " #~ "files are available. In this case, answer \"after NFS\" to this question. " #~ "Please note that the NFS mount of /usr can not be secured by IPSec in " #~ "this case." #~ msgstr "" #~ "Si /usr est un montage NFS et que vous n'utilisez pas de carte réseau " #~ "PCMCIA, vous devrez alors démarrer Openswan aprÚs les services NFS afin " #~ "que tous les fichiers nécessaires soient disponibles. Dans ce cas, " #~ "choisissez « AprÚs NFS ». Veuillez noter que le montage NFS de /usr " #~ "n'est alors pas sécurisé par IPSec." #~ msgid "" #~ "If you use a PCMCIA network card for your IPSec connections, then you " #~ "only have to choose to start it after the PCMCIA services. Answer \"after " #~ "PCMCIA\" in this case. This is also the correct answer if you want to " #~ "fetch keys from a locally running DNS server with DNSSec support." #~ msgstr "" #~ "Si vous utilisez une carte PCMCIA pour vos connexions IPSec, votre seul " #~ "choix possible est le démarrage aprÚs les services PCMCIA. Choisissez " #~ "alors « AprÚs PCMCIA ». Faites également ce choix si vous souhaitez " #~ "récupérer les clés d'authentification sur un serveur DNS reconnaissant " #~ "DNSSec." #, fuzzy #~| msgid "At which level do you wish to start Openswan?" #~ msgid "Please select the level at which you wish to start Openswan:" #~ msgstr "Étape de lancement d'Openswan :" #, fuzzy #~| msgid "Which type of RSA keypair do you want to create?" #~ msgid "Please select which type of RSA keypair you want to create:" #~ msgstr "Type de paire de clés RSA à créer :" #~ msgid "Do you wish to enable opportunistic encryption in Openswan?" #~ msgstr "Souhaitez-vous activer le chiffrement opportuniste dans Openswan ?" #~ msgid "" #~ "Openswan comes with support for opportunistic encryption (OE), which " #~ "stores IPSec authentication information (i.e. RSA public keys) in " #~ "(preferably secure) DNS records. Until this is widely deployed, " #~ "activating it will cause a significant slow-down for every new, outgoing " #~ "connection. Since version 2.0, Openswan upstream comes with OE enabled by " #~ "default and is thus likely to break your existing connection to the " #~ "Internet (i.e. your default route) as soon as pluto (the Openswan keying " #~ "daemon) is started." #~ msgstr "" #~ "Openswan gÚre le chiffrement opportuniste (« opportunistic " #~ "encryption » : OE) qui permet de conserver les informations " #~ "d'authentification IPSec (c'est-à-dire les clés publiques RSA) dans des " #~ "enregistrements DNS, de préférence sécurisés. Tant que cette " #~ "fonctionnalité ne sera pas déployée largement, son activation " #~ "provoquera un ralentissement significatif pour toute nouvelle connexion " #~ "sortante. À partir de la version 2.0, cette fonctionnalité est activée " #~ "par défaut dans Openswan, ce qui peut interrompre le fonctionnement de " #~ "votre connexion à l'Internet (c'est-à-dire votre route par défaut) " #~ "dÚs le démarrage de pluto, le démon de gestion de clés d'Openswan." #~ msgid "" #~ "Please choose whether you want to enable support for OE. If unsure, do " #~ "not enable it." #~ msgstr "" #~ "Veuillez choisir si vous souhaitez activer la gestion du chiffrement " #~ "opportuniste. Ne l'activez pas si vous n'êtes pas certain d'en avoir " #~ "besoin." debian/strongswan-plugin-soup.install0000644000000000000000000000020612775300022015237 0ustar etc/strongswan.d/charon/soup.conf usr/lib/ipsec/plugins/libstrongswan-soup.so usr/share/strongswan/templates/config/plugins/soup.conf debian/strongswan-plugin-radattr.install0000644000000000000000000000021712775300022015714 0ustar etc/strongswan.d/charon/radattr.conf usr/lib/ipsec/plugins/libstrongswan-radattr.so usr/share/strongswan/templates/config/plugins/radattr.conf debian/strongswan-starter.lintian-overrides0000644000000000000000000000043512775300022016435 0ustar # as here private data is stored we need tighter perms here strongswan-starter: non-standard-dir-perm etc/ipsec.d/private/ 0700 != 0755 strongswan-starter: non-standard-file-perm etc/ipsec.secrets 0600 != 0644 strongswan-starter: non-standard-dir-perm var/lib/strongswan/ 0700 != 0755 debian/changelog0000644000000000000000000015727313352751047011066 0ustar strongswan (5.1.2-0ubuntu2.11) trusty-security; urgency=medium * SECURITY UPDATE: Insufficient input validation in gmp plugin - debian/patches/strongswan-4.4.0-5.7.0_gmp-pkcs1-overflow.patch: fix buffer overflow with very small RSA keys in src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c. - CVE-2018-17540 -- Marc Deslauriers Wed, 26 Sep 2018 14:38:31 -0400 strongswan (5.1.2-0ubuntu2.10) trusty-security; urgency=medium * SECURITY UPDATE: Insufficient input validation in gmp plugin - debian/patches/strongswan-5.0.1-5.3.0_gmp-pkcs1-verify.patch: don't parse PKCS1 v1.5 RSA signatures to verify them in src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c, src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c. - debian/patches/chunk_equals_const.patch: backport required function to src/libstrongswan/utils/chunk.h. - debian/patches/memeq_const.patch: backport required function to src/libstrongswan/utils/utils.*. - CVE-2018-16151 - CVE-2018-16152 * SECURITY UPDATE: remote denial of service - debian/patches/strongswan-5.0.1-5.4.0_skeyseed_init.patch: properly initialize variable in src/libcharon/sa/ikev2/keymat_v2.c. - CVE-2018-10811 * SECURITY UPDATE: DoS in stroke plugin - debian/patches/strongswan-5.1.2-5.6.2_stroke_msg_len.patch: ensure a minimum message length in src/libcharon/plugins/stroke/stroke_socket.c. - CVE-2018-5388 -- Marc Deslauriers Tue, 18 Sep 2018 11:06:16 +0200 strongswan (5.1.2-0ubuntu2.8) trusty; urgency=medium * d/control: Add Conflicts from strongswan-starter to openswan to avoid file conflict on upgrade. (LP: #1755693) -- Trent Lloyd Wed, 14 Mar 2018 14:50:05 +0800 strongswan (5.1.2-0ubuntu2.7) trusty-security; urgency=medium * SECURITY UPDATE: Fix RSA signature verification - debian/patches/CVE-2017-11185.patch: does some verifications in order to avoid null-point dereference in src/libstrongswan/gmp/gmp_rsa_public_key.c - CVE-2017-11185 -- Leonidas S. Barbosa Tue, 15 Aug 2017 14:58:11 -0300 strongswan (5.1.2-0ubuntu2.6) trusty-security; urgency=medium * SECURITY UPDATE: Insufficient Input Validation in gmp Plugin - debian/patches/CVE-2017-9022.patch: make sure the modulus is odd and the exponent not zero in src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c. - CVE-2017-9022 * SECURITY UPDATE: Incorrect Handling of CHOICE types in ASN.1 parser and x509 plugin - debian/patches/CVE-2017-9023.patch: fix CHOICE parsing in src/libstrongswan/asn1/asn1_parser.*, src/libstrongswan/plugins/x509/x509_cert.c. - CVE-2017-9023 -- Marc Deslauriers Wed, 24 May 2017 15:04:26 -0400 strongswan (5.1.2-0ubuntu2.5) trusty; urgency=medium * debian/patches/fix_reauth_crash.patch: auth-cfg: Fix crash after several reauthentications with multiple authentication rounds. Thanks to Tobias Brunner . Closes LP: #1629241. -- Nishanth Aravamudan Wed, 05 Oct 2016 15:43:30 -0700 strongswan (5.1.2-0ubuntu2.4) trusty-security; urgency=medium * SECURITY UPDATE: authentication bypass in eap-mschapv2 plugin - debian/patches/CVE-2015-8023.patch: only succeed authentication if MSK was established in src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c. - CVE-2015-8023 -- Marc Deslauriers Wed, 11 Nov 2015 08:00:11 -0500 strongswan (5.1.2-0ubuntu2.3) trusty-security; urgency=medium * SECURITY UPDATE: user credential disclosure to rogue servers - debian/patches/CVE-2015-4171.patch: enforce remote authentication config before proceeding with own authentication in src/libcharon/sa/ikev2/tasks/ike_auth.c. - CVE-2015-4171 -- Marc Deslauriers Thu, 04 Jun 2015 07:29:42 -0400 strongswan (5.1.2-0ubuntu2.2) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via DH group 1025 - debian/patches/CVE-2014-9221.patch: define MODP_CUSTOM outside of IKE DH range in src/libstrongswan/crypto/diffie_hellman.c, src/libstrongswan/crypto/diffie_hellman.h. - CVE-2014-9221 -- Tyler Hicks Fri, 19 Dec 2014 13:18:30 -0600 strongswan (5.1.2-0ubuntu2) trusty; urgency=medium * SECURITY UPDATE: remote authentication bypass - debian/patches/CVE-2014-2338.patch: reject CREATE_CHILD_SA exchange on unestablished IKE_SAs in src/libcharon/sa/ikev2/task_manager_v2.c. - CVE-2014-2338 -- Marc Deslauriers Mon, 14 Apr 2014 11:24:34 -0400 strongswan (5.1.2-0ubuntu1) trusty; urgency=low * New upstream release. -- Jonathan Davies Sat, 01 Mar 2014 08:53:17 +0000 strongswan (5.1.2~rc2-0ubuntu2) trusty; urgency=low * debian/ipsec.secrets.proto: Removed ipsec.secrets.inc reference. * debian/usr.lib.ipsec.charon: Allow read access to /run/charon. -- Jonathan Davies Wed, 19 Feb 2014 13:07:16 +0000 strongswan (5.1.2~rc2-0ubuntu1) trusty; urgency=low * New upstream release candidate. -- Jonathan Davies Wed, 19 Feb 2014 12:59:21 +0000 strongswan (5.1.2~rc1-0ubuntu4) trusty; urgency=medium * debian/strongswan-tnc-*.install: Fixed files so libraries go into correct packages. * debian/usr.lib.ipsec.stroke: Allow access to strongswan.d directories. -- Jonathan Davies Mon, 17 Feb 2014 18:12:38 +0000 strongswan (5.1.2~rc1-0ubuntu3) trusty; urgency=low * debian/rules: Exclude rdrand.conf in dh_install's --fail-missing. -- Jonathan Davies Sat, 15 Feb 2014 15:46:46 +0000 strongswan (5.1.2~rc1-0ubuntu2) trusty; urgency=low * debian/libstrongswan.install: Moved rdrand plugin configuration to rules as it's only useful on amd64. * debian/watch: Added opts=pgpsigurlmangle option. * debian/upstream/signing-key.asc: Added key: 0xB34DBA77. -- Jonathan Davies Sat, 15 Feb 2014 15:32:10 +0000 strongswan (5.1.2~rc1-0ubuntu1) trusty; urgency=medium * New upstream release candidate. * debian/*.install - include new configuration files for plugins in appropiate packages. -- Jonathan Davies Sat, 15 Feb 2014 15:03:14 +0000 strongswan (5.1.2~dr3+git20130120-0ubuntu3) trusty; urgency=low * debian/control: - Added Breaks/Replaces for all library files which have been moved about (LP: #1278176). - Removed build-dependency on check and added one on dh-apparmor. * debian/strongswan-starter.postinst: Removed further out-dated code and entire section on opportunistic encryption - this was never in strongSwan. * debian/rules: Removed pieces on 'patching ipsec.conf' on build. -- Jonathan Davies Sun, 09 Feb 2014 23:53:23 +0000 strongswan (5.1.2~dr3+git20130120-0ubuntu2) trusty; urgency=low * debian/control: Fixed references to plugin-fips-prf. -- Jonathan Davies Wed, 22 Jan 2014 11:22:14 +0000 strongswan (5.1.2~dr3+git20130120-0ubuntu1) trusty; urgency=low * Upstream Git snapshot for build fixes with regards to entropy. * debian/rules: - Enforcing DEB_BUILD_OPTIONS=nostrip for library integrity checking. - Set TESTS_REDUCED_KEYLENGTHS to one generate smallest key-lengths in tests. -- Jonathan Davies Mon, 20 Jan 2014 19:00:59 +0000 strongswan (5.1.2~dr3-0ubuntu1) trusty; urgency=low * New upstream developer release. * Made changes to packaging per upstream suggestions. - Dropped medcli and medsrv packages - not recommended by upstream at this time. - Dropped ha plugin - needs special kernel. - Improved all package descriptions in general. - Drop build-dep on clearsilver-dev and libfcgi-dev - no longer needed. - Removed debian/*logcheck* files - not relevant to strongSwan. - Split dhcp and farp packages into sub-packages. - Build kernel-libipsec, ntru, systime-fix, and xauth-noauth plugins. - Changes to TNC-related packages. * Created AppArmor profiles for lookip and stroke. -- Jonathan Davies Wed, 15 Jan 2014 22:52:53 +0000 strongswan (5.1.2~dr2+git20130106-0ubuntu2) trusty; urgency=low * libstrongswan.install: Removed lingering unit-tester.so reference. -- Jonathan Davies Mon, 06 Jan 2014 20:29:59 +0000 strongswan (5.1.2~dr2+git20130106-0ubuntu1) trusty; urgency=low * Git snapshot of commit 94e10f15e51ead788d9947e966878ebfdc95b7ce. Incorporates upstream fixes for: - Integrity testing. - Unit test failures on little endian systems. * Dropped debian/patches/02_test_asn1_fix_32bit_time_test.patch - fixed upstream. * debian/rules: - Stop using CK_TIMEOUT_MULTIPLIER. - Stop enabling the test suite only on non-powerpc arches (it runs anyway). -- Jonathan Davies Mon, 06 Jan 2014 20:17:20 +0000 strongswan (5.1.2~dr2-0ubuntu3) trusty; urgency=low * debian/control: Reinstate missing comma in dependencies. -- Jonathan Davies Fri, 03 Jan 2014 05:39:13 +0000 strongswan (5.1.2~dr2-0ubuntu2) trusty; urgency=low * Added debian/patches/02_test_asn1_fix_32bit_time_test.patch - fixes issue where test for >2038 tests on 32-bit platforms is broken. - Reported upstream: https://wiki.strongswan.org/issues/477 * debian/control: Added strongswan-plugin-ntru to strongswan-ike Suggests. -- Jonathan Davies Fri, 03 Jan 2014 05:02:32 +0000 strongswan (5.1.2~dr2-0ubuntu1) trusty; urgency=low * New upstream developer release. * debian/rules: Configure with: --enable-af-alg, --enable-ntru, --enable-soup, and --enable-unity. * debian/control: - New plugin packages created for the above - Split fips-prf into its own package. - Added build-dependency on libsoup2.4-dev. -- Jonathan Davies Thu, 02 Jan 2014 17:37:33 +0000 strongswan (5.1.1-0ubuntu17) trusty; urgency=low * debian/control: - Make strongswan-ike depend on iproute2. - Added xauth plugin dependency on strongswan-plugin-eap-gtc. - Created strongswan-libfast package. -- Jonathan Davies Wed, 01 Jan 2014 17:04:45 +0000 strongswan (5.1.1-0ubuntu16) trusty; urgency=low * debian/control: - Further splitting of plugins into subpackages (such as all EAP plugins to their own packages). - Added libpcsclite-dev to build-dependencies. * debian/rules: - Sort configure options in alphabetical order. - Added configure option of --enable-eap-aka-3gpp2, --enable-eap-dynamic, --enable-eap-sim-file, --enable-eap-sim-pcsc, --enable-eap-simaka-pseudonym, --enable-eap-simaka-reauth and --enable-eap-simaka-sql. - Don't exclude medsrv from install. * Moved eap-identity.so to libstrongswan package as it's used by all the other EAP plugins. -- Jonathan Davies Tue, 31 Dec 2013 21:25:50 +0000 strongswan (5.1.1-0ubuntu15) trusty; urgency=low * debian/control: - Split plugins from libstrongswan package into modular subpackages. - Added libmysqlclient-dev to build-dependencies. - strongswan-ike: Set to depend on either strongswan-plugins-openssl or strongswan-plugins-gcrypt. - strongswan-ike: All other plugins added to Suggests. - Created two new TNC packages: strongswan-tnc-ifmap and strongswan-tnc-pdp and added to tnc-imcvs Suggests. * debian/rules: Added to CONFIGUREARGS: --enable-certexpire, --enable-error-notify, --enable-mysql, --enable-load-tester, --enable-radattr, --enable-tnc-pdp, and --enable-whitelist. * debian/strongswan-ike.install: Moved eap-identity.so to -tnc-imcvs package. -- Jonathan Davies Tue, 31 Dec 2013 16:15:32 +0000 strongswan (5.1.1-0ubuntu14) trusty; urgency=low * debian/rules: - CK_TIMEOUT_MULTIPLIER back down to 6. - Disable unit tests on powerpc. -- Jonathan Davies Tue, 31 Dec 2013 07:39:48 +0000 strongswan (5.1.1-0ubuntu13) trusty; urgency=low * debian/rules: CK_TIMEOUT_MULTIPLIER to 10 as just powerppc is being stubborn. -- Jonathan Davies Tue, 31 Dec 2013 07:23:42 +0000 strongswan (5.1.1-0ubuntu12) trusty; urgency=low * debian/rules: Bring CK_TIMEOUT_MULTIPLIER up to 6 to fix powerppc and armhf. -- Jonathan Davies Tue, 31 Dec 2013 07:03:40 +0000 strongswan (5.1.1-0ubuntu11) trusty; urgency=low * 02_increase-test_rsa_generate-timeout.patch: Removed - only fixed build on one extra arch. * debian/rules: Set CK_TIMEOUT_MULTIPLIER to 4. -- Jonathan Davies Tue, 31 Dec 2013 06:51:47 +0000 strongswan (5.1.1-0ubuntu10) trusty; urgency=low * debian/patches: Added patch 02_increase-test_rsa_generate-timeout.patch - - Increases RSA key generate test timeout to 30 seconds so that it doesn't fail on armhf, arm64, and powerppc. * Contrary to what the last changelog entry says, we are still running strongswan as root (with AppArmor protection). -- Jonathan Davies Tue, 31 Dec 2013 06:06:47 +0000 strongswan (5.1.1-0ubuntu9) trusty; urgency=low * debian/rules: Added to configure options: - --enable-tnc-ifmap: enable TNC IF-MAP module. - --enable-duplicheck: enable duplicheck plugin. - --enable-imv-swid, --enable-imc-swid: Added. - Run strongswan as it's own user. * debian/strongswan-starter.install: Install duplicheck. * debian/strongswan-tnc-imcvs.install: Install swidtags. -- Jonathan Davies Mon, 30 Dec 2013 19:33:27 +0000 strongswan (5.1.1-0ubuntu8) trusty; urgency=low * debian/rules: Added to configure options: - --enable-unit-tests: check unit testing on build. - --enable-unbound: for validating DNS lookups. - --enable-dnscert: for DNSCERT peer authentication. - --enable-ipseckey: for IPSEC key authentication. - --enable-lookip: for LookIP functionality. - --enable-coupling: certificate coupling functionality. * debian/control: Added check, libldns-dev, libunbound-dev to build-dependencies. * debian/libstrongswan.install: Install new plugin .so's. * debian/strongswan-starter.install: Added lookip. -- Jonathan Davies Mon, 30 Dec 2013 17:52:07 +0000 strongswan (5.1.1-0ubuntu7) trusty; urgency=low * strongswan-starter.install: Moved pt-tls-client to tnc-imcvs (to prevent the former from depending on the latter). -- Jonathan Davies Mon, 30 Dec 2013 17:30:19 +0000 strongswan (5.1.1-0ubuntu6) trusty; urgency=low * debian/strongswan-starter.prerm: Stop strongswan service on package removal (as opposed to using the old init.d script). -- Jonathan Davies Mon, 30 Dec 2013 17:22:10 +0000 strongswan (5.1.1-0ubuntu5) trusty; urgency=low * debian/rules: - CONFIGUREARGS: Merged Debian and RPM options. - Brings in TNC functionality. * debian/control: - Added build-dependency on libtspi-dev. - Created strongswan-tnc-imcvs binary package for TNC components. - Added strongswan-tnc-imcvs to libstrongswan's Suggests. * debian/libstrongswan.install: - Included newly built MD4 and SQLite libraries. - Removed 'tnc' references (moved to TNC package). * debian/strongswan-tnc-imcvs.install: Created - handle new TNC libraries and binaries. * debian/usr.lib.ipsec.charon: Allow access to TNC modules. -- Jonathan Davies Mon, 30 Dec 2013 14:05:43 +0000 strongswan (5.1.1-0ubuntu4) trusty; urgency=low * debian/usr.lib.ipsec.charon: Added - AppArmor profile for charon. * debian/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call. * debian/control: strongswan-ike - Stop depending on ipsec-tools. -- Jonathan Davies Mon, 30 Dec 2013 05:35:17 +0000 strongswan (5.1.1-0ubuntu3) trusty; urgency=low * strongswan-starter.strongswan.upstart - Only start strongSwan when a network connection is available. * debian/control: Downgrade build-dep version of dpkg-dev from 1.16.2 to 1.16.1 - to make precise backporting easier. -- Jonathan Davies Thu, 12 Dec 2013 10:43:15 +0000 strongswan (5.1.1-0ubuntu2) trusty; urgency=low * strongswan-starter.strongswan.upstart - Created Upstart job for strongSwan. * debian/rules: Set dh_installinit to install above file. * debian/strongswan-starter.postinit: - Removed section about runlevel changes, it's almost 2014. - Adapted service restart section for Upstart. - Remove old symlinks to init.d files is necessary. * debian/strongswan-starter.dirs: Don't touch /etc/init.d. -- Jonathan Davies Wed, 11 Dec 2013 23:10:28 +0000 strongswan (5.1.1-0ubuntu1) trusty; urgency=low * New upstream release. * Removed: debian/patches/CVE-2013-6075, CVE-2013-6076.patch - upsteamed. * debian/control: Updated Standards-Version to 3.9.5 and applied XSBC-Original-Maintainer policy. * strongswan-starter.install: - pki tool is now in /usr/bin. - Install pt-tls-client. - Install manpages (LP: #1206263). -- Jonathan Davies Sun, 01 Dec 2013 17:43:59 +0000 strongswan (5.1.0-3) unstable; urgency=high * urgency=high for the security fixes. * debian/patches - CVE-2013-6075 added, fix remote denial of service and authorization bypass. - CVE-2013-6076 added, fix remote denial of service in IKEv1 code. -- Yves-Alexis Perez Tue, 29 Oct 2013 21:07:04 +0100 strongswan (5.1.0-2) unstable; urgency=medium * urgency=medium since we already spent 16 days in unstable and the fix is trivial * debian/control: - strongswan-ike: only depends on iproute on linux arches. -- Yves-Alexis Perez Thu, 17 Oct 2013 21:40:35 +0200 strongswan (5.1.0-1) unstable; urgency=low * New upstream release. * debian/libstrongswan.install: - install new rc2, pkcs12 and sshkey plugins. * debian/control: - update standards version to 3.9.4. - add build-dep on dh-autoreconf. * debian/rules: - use autoreconf addon to refresh autotools helper files and gain support for ARM64. - enable charon-cmd command line tool. * debian/source/options: ignore files regenerated by autoreconf addon. * debian/strongswan-ike.install: - install charon-cmd command and manpage. * debian/NEWS: - warn users about charon replacing pluto as IKEv1 daemon and provide some migration pointers. -- Yves-Alexis Perez Mon, 30 Sep 2013 20:59:04 +0200 strongswan (5.0.4-3) experimental; urgency=low * debian/rules, debian/libstrongswan.install: - only install rdrand plugin on i386 and amd64. -- Yves-Alexis Perez Sat, 18 May 2013 09:26:22 +0200 strongswan (5.0.4-2) experimental; urgency=low * debian/rules: - only enable RdRand on i386 and amd64. -- Yves-Alexis Perez Mon, 06 May 2013 13:14:03 +0200 strongswan (5.0.4-1) experimental; urgency=low * New upstream release. - Fix for ECDSA signature verification vulnerability (CVE-2013-2944). * debian/patches: - 01_fix-manpages refreshed. - 02_add-LICENSE dropped, included upstream. - 03_Pass-lo-as-faked-tundev-to-NM-as-it-now-needs-a-vali removed, included upstream. - 04-Fixed-IPv6-source-address-lookup dropped, included upstream. * debian/rules: - --enable-smartcard, --with-default-pkcs11 and --enable-nat-transport not valid anymore for ./configure, remove them. - add --enable-xauth-eap and --enable-xauth-pam. - remove pluto handling since it's gone - don't special-case XAuth on kFreeBSD anymore. - add --enable-attr-sql and --enable-rdrand. - build using all hardening flags. - use -Wl,--as-needed -Wl,-O1 for LDFLAGS. * debian/control: - drop strongswan-ikev1 package - rename strongswan-ikev2 package to strongswan-ike for now and makes it replace strongswan-ikev1 and strongswan-ikev2. - rephrase long description to remove references to pluto. - provide transition -ikev{1,2} packages for upgrades. * debian/strongswan-ikev1.install removed. * debian/strongswan-ikev2.* renamed to strongswan-ike. * debian/strongswan-nm.install: - NetworkManager plugin is now a separate executable. * debian/libstrongswan.install: - install new pkcs7, xauth-eap, xauth-generic, xauth-pam and nonce plugins. - install libpttls files (experimental implementation of PT-TLS, RFC 6876) - install rdrand plugin. * debian/strongswan.docs: CREDITS file is gone. * debian/ipsec.secrets.proto: remove reference to pluto. * debian/strongswan-starter.* remove references to pluto. * debian/po: update potfiles for new phrasing. -- Yves-Alexis Perez Sun, 05 May 2013 11:06:20 +0200 strongswan (4.6.4-6) unstable; urgency=low * debian/rules: - revert dropping privileges, it breaks too many setups for now and it's not possible to disable it. reopens #529854 and closes: #680722 * debian/control: - add Breaks/Replaces strongswan-ikev2 on libstrongswan because of moved plugins. closes: #681312 -- Yves-Alexis Perez Sat, 01 Dec 2012 14:24:49 +0100 strongswan (4.6.4-5) unstable; urgency=low [ Yves-Alexis Perez ] * debian/control: - and finally make libcap-dev linux-any too... - make -ikev1 linux-any since pluto can't be build on FreeBSD. * debian/rules: - stop installing logcheck rules manually. closes: #679745 - handle non kFreeBSD more carefully closes: #640928 + don't enable NM and Linux capabilities drop; + disable pluto (and xauth plugin); + don't enable farp and dhcp, enable kernel-pf{key,route} plugins * Handle logcheck files from dh_installlogcheck and thus name them correctly so they are not installed in the wrong package. closes: #679745 * debian/po - add turkish translation, thanks Atila KOÇ. closes: #659879 * debian/patches: - 04-Fixed-IPv6-source-address-lookup added, backported from upstream. Fix IPv6 tunnels, broken because of bad handling of source routing. [ Laurent Bigonville ] * Do not use multi-arch paths, this makes no sense as only one instance of the daemon can be run and all libraries are private. * d/p/03_Pass-lo-as-faked-tundev-to-NM-as-it-now-needs-a-vali.patch: NM now requires a tundev, pass the loopback interface to make it happy (thanks to Martin Willi) * debian/control: Fix Vcs-Browser URL -- Yves-Alexis Perez Sat, 07 Jul 2012 14:21:03 +0200 strongswan (4.6.4-4) unstable; urgency=low * debian/control: - libnm-glib-vpn-dev also is linux-any, fix build-deps. -- Yves-Alexis Perez Sat, 30 Jun 2012 18:54:00 +0200 strongswan (4.6.4-3) unstable; urgency=low * debian/strongswan-starter.postrm - remove strongswan user on purge. * debian/rules: - enable gcrypt plugin. closes: #600326 * debian/libstrongswan.install: - ship gcrypt plugin. -- Yves-Alexis Perez Sat, 30 Jun 2012 17:08:08 +0200 strongswan (4.6.4-2) unstable; urgency=low * Upload to unstable. * debian/rules: - use the strongswan user. closes: #529854 * debian/control: - fix libnm-glib-vpn-dev build-dep, it's linux-any. -- Yves-Alexis Perez Sat, 30 Jun 2012 15:37:58 +0200 strongswan (4.6.4-1) experimental; urgency=low * New upstream release. closes: #664190 - stop including individual glib headers. closes: #665612 * debian/patches: - drop all patches, they're all included upstream now. * debian/*.install: - drop destination path - libs are in ipsec folder now - add libradius, libtls, libtnccs and libsimaka to libstrongswan. - add tnc-tnccs, pkcs8 and cmac plugins to libstrongswan. - use multiarch paths - move ldap, curl, kernel-netlink and attr* plugins to libstrongswan, since they are used by pluto too. closes: #611846 * debian/control: - add myself to uploaders, in hope that some others will join. - update standards version to 3.9.3. - add depend on adduser to strongswan-starter for use in maintainer scripts. - update debhelper build-dep to 9 and add dpkg-dev 1.16.2 build-dep for hardening support. - make strongswan-nm linux-any and adjust network-manager-dev build-dep to only happen on linux arches. closes: #640928 * debian/compat bumped to 9. * debian/rules: - enable hardening flags with PIE and bindnow. - use multiarch paths. - inconditionnally enable network-manager. - switch to dh. - ignore plugins in dh_makeshlibs. - don't generate maintainer scripts snippets for init scripts, it's already handled (atlhough we might want to change that later) - stop bypassing dh_installdocs. - disable DES and Blowfish plugin as they are under a 4 clauses BSD-like license. * debian/libstrongswan.lintian-overrides, debian/libstrongswan-ikev2.lintian-overrides: - override warning for hardening flags, we do use them. * debian/patches: - 01_fix-manpages added, fix space in NAME section. - 02_add-LICENSE added, add the license file from upstream not yet present in tarball. * debian/copyright completely rewritten. -- Yves-Alexis Perez Fri, 29 Jun 2012 21:24:37 +0200 strongswan (4.5.2-1.5) unstable; urgency=low * Non-maintainer upload. * Fix "package must not include /var/lock/subsys": don't ship /var/lock/subsys but create it in the init script. (Closes: #667764) -- gregor herrmann Fri, 15 Jun 2012 16:21:27 +0200 strongswan (4.5.2-1.4) unstable; urgency=high * Non-maintainer upload by the Security Team. * debian/patches: - 0001-Fix-boolean-return-value-if-an-empty-RSA-signature-i added, backported from upstream. Fix CVE-2012-2388 (when using gmp plugin, zero length RSA signatures are considered valid). - 0001-Added-support-for-the-resolvconf-framework-in-resolv added, correctly handle resolvconf-managed /etc/resolv.conf. closes: #664873 -- Yves-Alexis Perez Thu, 24 May 2012 17:55:51 +0200 strongswan (4.5.2-1.3) unstable; urgency=low * Non-maintainer upload. * Fix pending l10n issues. Debconf translations: - Dutch; (Jeroen Schot). Closes: #631502 - Norwegian Bokmål, (Bjørn Steensrud). Closes: #654411 - Polish (Michał Kułach). Closes: #658125 -- Christian Perrier Wed, 08 Feb 2012 07:22:07 +0100 strongswan (4.5.2-1.2) unstable; urgency=low * Non-maintainer upload. * Drop libopensc2-dev from Build-Depends; that library is now private to opensc and is not required at build time as it's loaded by dlopen() anyway. (Closes: #635890) -- Laurent Bigonville Thu, 08 Sep 2011 16:50:11 +0200 strongswan (4.5.2-1.1) unstable; urgency=low * Non-maintainer upload. * debian/strongswan-starter.ipsec.init: Init script should depends on remote_fs instead of local_fs, also provide ipsec instead of vpn as the other ipsec implementations (Closes: #629675) * debian/patches/0001-fix-fprintf-format.patch: Fix FTBFS with gcc 4.6, taken from upstream (Closes: #614486) * debian/control: Tighten dependency version against libstrongswan (Closes: #626170) * debian/strongswan-starter.lintian-overrides, debian/rules: Correctly set restricted permissions on /etc/ipsec.d/private/ and /var/lib/strongswan (Closes: #598827) -- Laurent Bigonville Mon, 04 Jul 2011 10:58:59 +0200 strongswan (4.5.2-1) unstable; urgency=low * New upstream version 4.5.2. This removes a lot of old manpages that were not properly updated since freeswan. Closes: #616482: strongswan-ikev1: virtual ips not released if xauth name does not match id Closes: #626169: strongswan: ipsec tunnels fail because charon segfaults Closes: #625228: strongswan-starter: left-/rightnexthop options are broken Closes: #614105: strongswan-ikev2: charon continually respawns * Fix typo in debian/rules that precluded --enable-nm from being passed to configure (LP: #771778). Closes: #627775: strongswan-nm package is missing nm module * Make sure to install all newly added plugins (and generally files created by make install) by calling dh_install with --fail-missing. Install some newly enabled crypto plugins in the libstrongswan package. Closes: #627783: Please disable modules that are not installed in package at build time -- Rene Mayrhofer Thu, 19 May 2011 13:42:21 +0200 strongswan (4.5.1-1) unstable; urgency=low * New upstream version -- Rene Mayrhofer Sat, 05 Mar 2011 09:27:49 +0100 strongswan (4.5.0-1) unstable; urgency=low * New upstream version 4.5.0 * Enabled new configure options for additional libstrongswan plugins: --enable-ctr --enable-ccm --enable-gcm --enable-addrblock --enable-led --enable-pkcs11 --enable-eap-tls --enable-eap-ttls --enable-eap-tnc * Enable NAT-Traversal with transport mode support so that strongswan can be used for an L2TP/IPsec gateway (e.g. for Windows or mobile phone clients). * Special handling for strongswan-nm package during build time: only build and install if headers are really available. This supports easier backporting by simply ignoring build-deps and therefore to build all packages except the strongswan-nm without any changes to the source package. * Install test-vectors and revocation plugins for libstrongswan. Closes: #600996: strongswan-starter: plugin 'revocation' failed to load * Acknowledge translations NMU. Closes: #598925: Intent to NMU or help for an l10n upload of strongswan to fix pending po-debconf l10n bugs Closes: #598925 #599888 #600354 #600409 #602449 #603723 #603779 * Update Brazilian Portugese debconf translation. Closes: #607404: strongswan: [INTL:pt_BR] Brazilian Portuguese debconf templates translation -- Rene Mayrhofer Sun, 28 Nov 2010 13:09:42 +0100 strongswan (4.4.1-5.1) unstable; urgency=low * Non-maintainer upload. - Fix pending l10n issues. Debconf translations: - Vietnamese (Clytie Siddall). Closes: #598925 - Japanese (Hideki Yamane). Closes: #599888 - Czech (Miroslav Kure). Closes: #600354 - Spanish (Francisco Javier Cuadrado). Closes: #600409 - Danish (Joe Hansen). Closes: #602449 - Basque (Iñaki Larrañaga Murgoitio). Closes: #603723 - Italian (Vincenzo Campanella). Closes: #603779 -- Christian Perrier Wed, 17 Nov 2010 20:21:21 +0100 strongswan (4.4.1-5) unstable; urgency=medium * Fixed init script for restart to work when either pluto or charon are not installed. Closes: #598074: init script doesn't re-start the service on restart * Enable built-in crypto test vectors. Closes: #598136: strongswan: Please enable --enable-test-vectors configure option * Install libchecksum.so into correct directory (/usr/lib/ipsec instead of /usr/lib). It still doesn't fix #598138 because of the size mismatch. -- Rene Mayrhofer Sun, 26 Sep 2010 13:48:00 +0200 strongswan (4.4.1-4) unstable; urgency=medium * dh_clean should not be called by the install target. This caused the arch: all package strongswan to be built but not included in the changes file. Closes: #593768: strongswan: 4.4.1 unavailable in testing notwhistanding a freeze-exception request * Rewrote parts of the init.d script to make stop/restart more robust when pluto or charon fail. * Closes: #595885: strongswan: FTBFS in squeeze: No package 'libnm_glib_vpn' found This bug was actually closed in 4.4.0 with changed dependencies. -- Rene Mayrhofer Thu, 19 Sep 2010 13:08:36 +0200 strongswan (4.4.1-3) unstable; urgency=low * Change make clean to make distclean to make package building idempotent. Really closes: Bug#593313: strongswan: FTBFS because clean rule fails -- Rene Mayrhofer Sun, 22 Aug 2010 21:39:03 +0200 strongswan (4.4.1-2) unstable; urgency=low * Recompiled with dpkg-buildpackage instead of svn-buildpackage to make the clean target work. I am still looking for the root cause of this quilt 3.0 format and svn-buildpackage incompatibility. Closes: Bug#593313: strongswan: FTBFS because clean rule fails * Removed the --enable-socket-* configure options again. Having multiple socket variants for charon would force to explicitly enable one (in case of pluto co-existance the socket-raw) in strongswan.conf. Disabling the other variants for now at build-time relieves us from changing the default config file and might be more future-proof concerning future upstream changes to configure options. Really closes: #587583 -- Rene Mayrhofer Sat, 21 Aug 2010 23:28:47 +0200 strongswan (4.4.1-1) unstable; urgency=low * New upstream release. Closes: #587583: strongswan 4.4.0-2 does not work here: charon seems not to ignore all incoming requests/answers Closes: #506320: strongswan: include directives error and ikev2 * Fix typo in debconf templates. Closes: #587564: strongswan: Minor typos in Debconf template * Updated debconf translations. Closes: #587562: strongswan: [INTL:de] updated German debconf translation Closes: #580954: [INTL:es] Spanish debconf template translation for strongswan -- Rene Mayrhofer Mon, 09 Aug 2010 11:37:25 +0200 strongswan (4.4.0-3) unstable; urgency=low * Updated debconf translations. Closes: #587562: strongswan: [INTL:de] updated German debconf translation -- Rene Mayrhofer Wed, 30 Jun 2010 09:50:31 +0200 strongswan (4.4.0-2) unstable; urgency=low * Force enable-socket-raw configure option and enable list-missing option for dh_install to make sure that all required plugins get built and installed. Closes: #587282: plugins missing * Updated debconf translations. Closes: #587052: strongswan: [INTL:fr] French debconf templates translation update Closes: #587159: strongswan: [INTL:ru] Russian debconf templates translation update Closes: #587255: strongswan: [INTL:pt] Updated Portuguese translation for debconf messages Closes: #587241: [INTL:sv] po-debconf file for strongswan * Disabled cisco-quirks configure option, as it causes pluto to emit a bogus Cicso vendor ID attribute. Some Cicso VPN clients might not work without this, but it is less confusing for standards-compliant remote gateways. * Removed leftover attribute plugin source caused by incomplete svn-upgrade call. -- Rene Mayrhofer Thu, 24 Jun 2010 22:32:18 +0200 strongswan (4.4.0-1) unstable; urgency=HIGH * New upstream release, now with a high-availability plugin. * Added patch to fix snprintf bug. * Enable building of ha, dhcp, and farp plugins. * Enable capability dropping (now depends on libcap). Switching user to new system user strongswan (with nogroup) after startup is still disabled until the iptables updown script can be made to work. -- Rene Mayrhofer Tue, 25 May 2010 21:03:52 +0200 strongswan (4.3.6-1) unstable; urgency=low * UNRELEASED * New upstream release, now build-depends on gperf. Closes: #577855: New upstream release 4.3.6 Closes: #569553: strongswan: Certificates CNs containing email address OIDs are not correctly parsed Closes: #557635: strongswan charon does not rekey forever Closes: #569299: Please update configure check to use new nm-glib pkgconfig file name * Switch to dpkg-source 3.0 (quilt) format * Synchronize debconf handling with current openswan 2.6.25 package to keep X509 certificate handling etc. similar. Thanks to Harald Jenny for implementing these changes in openswan, which I just converted to strongswan. * Now also build a strongswan-dbg package to ship debugging symbols. * Include attr plugin in strongswan-ikev2 package. Thanks to Christoph Lukas for pointing out that this was missing. Closes: #569550: strongswan: Please include attr plugin -- Rene Mayrhofer Tue, 23 Feb 2010 10:39:21 +0000 strongswan (4.3.4-1) unstable; urgency=low * New upstream release. * This release supports integrity checking of libraries, which is now enabled at build-time and can be enabled at run-time using libstrongswan { integrity_test = yes } in /etc/strongswan.conf. * Don't disable internal crypto libraries for pluto. They might be required when working with older ipsec.conf files. * charon now supports "include" directives in ipsec.secrets for compatibility with how the maintainer script includes RSA private keys. * Patched starter to also look at routing table "default" when table "main" doesn't have a default entry. This makes dealing with "%defaulroute" in ipsec.conf more flexible. Update: It seems Astaro was quicker then me sending a patch with exactly that aim to upstream. Now applied this one, which will be part of future upstream releases and uses netlink to read routing tables. -- Rene Mayrhofer Wed, 21 Oct 2009 11:14:56 +0000 strongswan (4.3.2-1) unstable; urgency=HIGH Urgency high because of security issue and FTBFS. * New upstream release, fixes security bug. * Fix padlock handling for i386 in debian/rules. Closes: #525652 (FTBFS on i386) * Acknowledge NMUs by security team. Closes: #533837, #531612 * Add "Conflicts: strongswan (< 4.2.12-1)" to libstrongswan, strongswan-starter, strongswan-ikev1, and strongswan-ikev2 to force update of the strongswan package on installation and avoid conflicts caused by package restructuring. Closes: #526037: strongswan-ikev2 and strongswan: error when trying to install together Closes: #526486: strongswan and libstrongswan: error when trying to install together Closes: #526487: strongswan-ikev1 and strongswan: error when trying to install together Closes: #526488: strongswan-starter and strongswan: error when trying to install together * Debconf templates and debian/control reviewed by the debian-l10n- english team as part of the Smith review project. Closes: #528073 * Debconf translation updates: Closes: #525234: [INTL:ja] Update po-debconf template translation (ja.po) Closes: #528323: [INTL:sv] po-debconf file for strongswan Closes: #528370: [INTL:vi] Vietnamese debconf templates translation update Closes: #529027: [INTL:pt] Updated Portuguese translation for debconf messages Closes: #529071: [INTL:fr] French debconf templates translation update Closes: #529592: nb translation of debconf PO for strongSWAN Closes: #529638: [INTL:ru] Russian debconf templates translation Closes: #529661: Updated Czech translation of strongswan debconf messages Closes: #529742: [INTL:eu] strongswan debconf basque translation Closes: #530273: [INTL:fi] Finnish translation of the debconf templates Closes: #529063: [INTL:gl] strongswan 4.2.14-2 debconf translation update -- Rene Mayrhofer Sat, 18 Apr 2009 20:28:51 +0200 strongswan (4.2.14-1.2) unstable; urgency=high * Non-maintainer upload. * Fix build on i386 Closes: #525652: FTBFS on i386: libstrongswan-padlock.so*': No such file or directory * Fix Two Denial of Service Vulnerabilities Closes: #533837: strongSwan Two Denial of Service Vulnerabilities -- Ruben Puettmann Sun, 21 Jun 2009 17:50:02 +0200 strongswan (4.2.14-1.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix two possible null pointer dereferences leading to denial of service via crafted IKE_SA_INIT, CREATE_CHILD_SA or IKE_AUTH request (CVE-2009-1957; CVE-2009-1958; Closes: #531612). -- Nico Golde Mon, 15 Jun 2009 13:06:05 +0200 strongswan (4.2.14-1) unstable; urgency=low * New upstream release, which incorporates the fix. Removed dpatch for it. Closes: #521950: CVE-2009-0790: DoS * New support for EAP RADIUS authentication, enabled for this package. -- Rene Mayrhofer Wed, 01 Apr 2009 22:17:52 +0200 strongswan (4.2.13-2) unstable; urgency=low * Fix DoS issue via malicious Dead Peer Detection packet. Thanks to the security team for providing the patch. Closes: #521950: CVE-2009-0790: DoS Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone to a denial of service attack via a malicious packet. -- Rene Mayrhofer Tue, 31 Mar 2009 12:00:51 +0200 strongswan (4.2.13-1) unstable; urgency=low * New upstream release. This is now compatible with network-manager 0.7 in Debian, so start building the strongswan-side support. The actual plugin will need to be another source package. -- Rene Mayrhofer Sun, 22 Mar 2009 10:59:31 +0100 strongswan (4.2.12-1) unstable; urgency=low * New upstream release. Starting with this version, the strongswan packages is modularized and includes support for plugins like the NetworkManager plugin. Many details were adopted from Martin Willi's packages. * Dropping support for raw RSA public/private keypairs, as charon does not support it. * Explicitly remove directories /etc/ipsec.d and /var/run/pluto on purge. -- Rene Mayrhofer Sun, 01 Mar 2009 10:46:08 +0000 strongswan (4.2.9-1) unstable; urgency=low * New upstream release, fixes a MOBIKE issue. Closes: #507542: strongswan: endless loop * Explicitly enable compilation with libcurl for CRL fetching Closes: #497756: strongswan: not compiled with curl support; crl fetching not available * Enable compilation with SSH agent support. -- Rene Mayrhofer Fri, 05 Dec 2008 17:21:42 +0100 strongswan (4.2.4-5) unstable; urgency=high Reason for urgency high: this is potentially security relevant. * Patch backported from 4.2.7 to fix a potential DoS issue. Thanks to Thomas Kallenberg for the patch. -- Rene Mayrhofer Mon, 29 Sep 2008 10:35:30 +0200 strongswan (4.2.4-4) unstable; urgency=low * Tweaked configure options for lenny to remove somewhat experimental, incomplete, or unnecessary features. Removed --enable-xml, --enable-padlock, and --enable-manager and added --disable-aes, --disable-des, --disable-fips-prf, --disable-gmp, --disable-md5, --disable-sha1, and --disable-sha2 because openssl already contains this code, we depend on it and thus don't need it twice. Padlock support does not do much, because the bulk encryption uses it anyway (being done internally in the kernel) and using padlock for IKEv2 key agreement adds complexity for little gain. Thanks to Thomas Kallenberg of strongswan upstream team for suggesting these changes. The package is now noticable smaller. * Also remove dbus dependency, which is no longer necessary. -- Rene Mayrhofer Mon, 01 Sep 2008 08:59:10 +0200 strongswan (4.2.4-3) unstable; urgency=low * Changed configure option to build peer-to-peer service again. Closes: #494678: strongswan: configure option --enable-p2p changed to --enable-mediation -- Rene Mayrhofer Tue, 12 Aug 2008 20:08:26 +0200 strongswan (4.2.4-2) unstable; urgency=medium Urgency medium because this fixes an FTFBS bug on non-i386. * Only compile padlock crypto acceleration support for i386. Thanks for the patch! Closes: #492455: strongswan: FTBFS: Uses i386 assembler on non-i386 arches. * Updated Swedish debconf translation. Closes: #492902: [INTL:sv] po-debconf file for strongswan -- Rene Mayrhofer Thu, 07 Aug 2008 13:02:54 +0200 strongswan (4.2.4-1) unstable; urgency=medium Urgency medium because this new upstream versions no longer uses dbus and thus fixed the grave bug from the last Debian package. This version should transit to testing. * New upstream release. Starting with version 4.2.0, crypto algorithms have beeen modularized with existing code ported over. Among other improvments, this version now supports AES-CCM (e.g. with esp=aes128ccm12) and AES-GCM (e.g. with esp=aes256gcm16) starting with kernel 2.6.25 and enables dead peer detection by default. Note that charon (IKEv2) now uses the new /etc/strongswan.conf. * Enabled building of VIA Padlock and openssl crypto plugins. * Drop patch to rename AES_cbc_encrypt so as not to conflict with an openssl method of the same name. This has been applied upstream. * This new upstream version no longer uses dbus. Closes: #475098: charon needs dbus but strongswan does not depend on dbus Closes: #475099: charon does not work any more * This new upstream version no longer prints error messages in its init script. Closes: #465718: strongswan: startup on booting returns error messages * Apply patch to ipsec init script to fix bashism. Closes: #473703: strongswan: bashism in /bin/sh script * Updated Czech debconf translation. Closes: #480928: [l10n] Updated Czech translation of strongswan debconf messages -- Rene Mayrhofer Thu, 10 Jul 2008 14:40:43 +0200 strongswan (4.1.11-1) unstable; urgency=low * New upstream release. * DBUS support now interacts with network-manager, so need to build-depend on network-manager-dev. * The web interface has been improved and now requires libfcgi-dev and clearsilver-dev to compile, so build-depend on them. Also build-depend on libxml2-dev, libdbus-1-dev, libtool, and libsqlite3-dev (which were all build-deps before but were not listed explicitly so far - fix that). * Add patch to rename internal AES_cbc_encrypt function and thus avoid conflict with the openssl function. Closes: #470721: pluto segfaults when using pkcs11 library linked with OpenSSL -- Rene Mayrhofer Sun, 30 Mar 2008 10:35:16 +0200 strongswan (4.1.10-2) unstable; urgency=low * Enable new configure options: dbus, xml, nonblocking, thread, peer- to-peer NAT-traversal and the manager interface support. * Also set the default path to the opensc-pkcs11 engine explicitly. -- Rene Mayrhofer Fri, 15 Feb 2008 10:25:49 +0100 strongswan (4.1.10-1) unstable; urgency=low * New upstream release. Closes: #455711: New upstream version 4.1.9 * Updated Japanese debconf translation. Closes: #463321: strongswan: [INTL:ja] Update po-debconf template translation (ja.po) -- Rene Mayrhofer Thu, 07 Feb 2008 15:15:14 +0100 strongswan (4.1.8-3) unstable; urgency=low * Force use of hardening-wrapper when building the package by setting a Build-Dep to it and setting export DEB_BUILD_HARDENING=1 in debian/rules. -- Rene Mayrhofer Thu, 07 Feb 2008 14:14:48 +0100 strongswan (4.1.8-2) unstable; urgency=medium * Ship our own init script, since upstream no longer does. This is still installed as /etc/init.d/ipsec (and not /etc/init.d/strongswan) to be backwards compatible. Really closes: #442880: strongswan: postinst failure (missing /etc/init.d/ipsec) * Actually, need to be smarter with ipsec.conf and ipsec.secrets. Not marking them as conffiles isn't the right thing either. Instead, now use the includes feature to pull in config snippets that are modified by debconf. It's not perfect, though, as the IKEv1/IKEv2 protocols can't be enabled/disabled with includes. Therefore don't support this option in debconf for the time being, but default to enabled for both IKE versions. The files edited with debconf are kept under /var/lib/strongswan. * Cleanup debian/rules: no longer need to remove leftover files from patching, as currently there are no Debian-specific patches (fortunately). * More cleanup: drop debconf translations hack for woody compatibility, depend on build-stamp instead of build in the install-strongswan target, and remove the now unnecessary dh_clean -k call in install-strongswan so that configure shouldn't run twice during building the package. * Update French debconf translation. Closes: #448327: strongswan: [INTL:fr] French debconf templates translation update -- Rene Mayrhofer Fri, 02 Nov 2007 21:55:29 +0100 strongswan (4.1.8-1) unstable; urgency=low The "I'm back from my long semi-vacation, and strongswan is now bug-free again" release. * New upstream release. Closes: #442880: strongswan: postinst failure (missing /etc/init.d/ipsec) Closes: #431874: strongswan - FTBFS: cannot create regular file `/etc/ipsec.conf': Permission denied * Explicitly use debhalper compatbility version 5m now using debian/compat instead of DH_COMPAT. * Since there's no configurability in dh_installdeb's mania to flag everything below /etc as a conffile, now hack DEBIAN/conffiles directly to remove ipsec.conf and ipsec.secrets. Closes: #442929: strongswan: Maintainer script modifies conffiles * Add/update debconf translations. Closes: #432189: strongswan: [INTL:de] updated German debconf translation Closes: #432212: [l10n] Updated Czech translation of strongswan debconf messages Closes: #432642: strongswan: [INTL:fr] French debconf templates translation update Closes: #444710: strongswan: [INTL:pt] Updated Portuguese translation for debconf messages -- Rene Mayrhofer Fri, 26 Oct 2007 16:16:51 +0200 strongswan (4.1.4-1) unstable; urgency=low * New upstream release. * Fixed debconf descriptions. Closes: #431157: strongswan: Minor errors in Debconf template * Include Portugese and Closes: #415178: strongswan: [INTL:pt] Portuguese translation for debconf messages Closes: #431154: strongswan: [INTL:de] initial German debconf translation -- Rene Mayrhofer Thu, 05 Jul 2007 00:53:01 +0100 strongswan (4.1.3-1) unreleased; urgency=low * New upstream release. -- Rene Mayrhofer Sun, 03 Jun 2007 18:39:11 +0100 strongswan (4.1.1-1) unreleased; urgency=low Major new upstream release: * IKEv2 support with the new "charon" daemon in addition to the old "pluto" which is still used for IKEv1. * Switches to auto* tools build system. * The postinst script is still not quite as complete in updating the 2.8.x config automatically to a new 4.x config, but I don't want to wait any longer with the upload. It can be improved later on. -- Rene Mayrhofer Thu, 12 Apr 2007 21:33:56 +0100 strongswan (2.8.3-1) unstable; urgency=low * New upstream release with fixes for the SHA-512-HMAC function and added SHA-384 and SHA-2 implementations. -- Rene Mayrhofer Thu, 22 Feb 2007 20:19:45 +0000 strongswan (2.8.2-1) unstable; urgency=low * New upstream release with interoperability fixes for some VPN clients. -- Rene Mayrhofer Tue, 30 Jan 2007 12:21:20 +0000 strongswan (2.8.1+dfsg-1) unstable; urgency=low * New upstream release, now with XAUTH support. * Explicitly enable smartcard and vendorid options as well as a few more in debian/rules. Closes: #407449: strongswan: smartcard support is disabled -- Rene Mayrhofer Sun, 28 Jan 2007 21:06:25 +0000 strongswan (2.8.1-1) UNRELEASED; urgency=low * New upstream release. -- Rene Mayrhofer Sun, 28 Jan 2007 20:59:11 +0000 strongswan (2.8.0+dfsg-1) unstable; urgency=low * New upstream release. * Update debconf templates. Closes: #388672: strongswan: [INTL:fr] French debconf templates translation update Closes: #389253: [l10n] Updated Czech translation of strongswan debconf messages Closes: #391457: [INTL:nl] Updated dutch po-debconf translation Closes: #396179: strongswan: [INTL:ja] Updated Japanese po-debconf template translation (ja.po) * Fix broken reference to a now non-existing config file. no_oe.conf has been replaced by oe.conf, with the opposite meaning. Changed postinst to deal with it correctly now, and also try to convert older config file lines to newer (e.g. when updating from openswan to strongswan). Closes: #391565: fails to start : /etc/ipsec.conf:46: include files found no matches [/etc/ipsec.d/examples/no_oe.conf] -- Rene Mayrhofer Mon, 6 Nov 2006 19:01:58 +0000 strongswan (2.7.3+dfsg-1) unstable; urgency=low * New upstream release. Another try on getting it into unstable. Closes: #372267: ITP: strongswan -- second fork of freeswan. * Call debian-updatepo in the clean target, in line with the openswan change for its version 2.4.6+dfsg-1. * Remove man2html, htmldoc, and lynx from the Build-Deps because we no longer rebuild the documentation tree. * Starting shipping a lintian overrides file to finally silence the warnings about non-standard-(file|dir)-perms (they are intentional). * Clean up /usr/lib/ipsec somehow, again owing to lintian warnings. * Add po-debconf to build dependencies. -- Rene Mayrhofer Wed, 23 Aug 2006 21:23:36 +0100 strongswan (2.7.2+dfsg-1) unstable; urgency=low * First upload to the main Debian archive. This does no longer build the linux-patch-strongswan and strongswan-modules-source packages, as KLIPS will be removed from the strongswan upstream source anyway for the next major release. However, the openswan KLIPS could should be interoperable with strongswan user space. Closes: #372267: ITP: strongswan -- second fork of freeswan. * This upload removes the draft RFCs, as they are not considered free under the DFSG. -- Rene Mayrhofer Sun, 9 Jul 2006 12:40:34 +0100 strongswan (2.7.2-1) unstable; urgency=low * New upstream release. This release fixes a potential DoS problem. -- Rene Mayrhofer Mon, 26 Jun 2006 12:34:43 +0100 strongswan (2.7.0-1) unstable; urgency=low * Initial Debian packaging of strongswan. This is directly based on my Debian package of openswan 2.4.5-3. * Do not compile and ship fswcert right now, because it is not included in strongswan upstream. If it turns out to be necessary for supporting easy-to-use OE in the future (i.e. for generating the DNS format for the public keys from generated X.509 certificates), I will re-add it to the Debian package. * Also disabled my patches to use /etc/default instead of /etc/sysconfig for now. Something like that will be necessary in the future, but those parts of strongswan differ significanty from openswan. -- Rene Mayrhofer Mon, 22 May 2006 07:37:00 +0100 Local variables: mode: debian-changelog End: debian/strongswan-starter.postrm0000644000000000000000000000237212775300022014325 0ustar #! /bin/sh # postrm script for strongswan # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `purge' # * `upgrade' # * `failed-upgrade' # * `abort-install' # * `abort-install' # * `abort-upgrade' # * `disappear' overwrit>r> # for details, see /usr/share/doc/packaging-manual/ case "$1" in purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) # update the menu system # if [ -x /usr/bin/update-menus ]; then update-menus; fi ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 0 esac if [ "$1" = "purge" ] ; then if getent passwd strongswan>/dev/null; then if [ -x /usr/sbin/deluser ]; then deluser --system strongswan fi fi rm -rf /etc/ipsec.d/ rm -rf /var/run/pluto/ fi # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# debian/strongswan-plugin-gcrypt.install0000644000000000000000000000021412775300022015560 0ustar etc/strongswan.d/charon/gcrypt.conf usr/lib/ipsec/plugins/libstrongswan-gcrypt.so usr/share/strongswan/templates/config/plugins/gcrypt.conf debian/strongswan-plugin-attr-sql.install0000644000000000000000000000022212775300022016016 0ustar etc/strongswan.d/charon/attr-sql.conf usr/lib/ipsec/plugins/libstrongswan-attr-sql.so usr/share/strongswan/templates/config/plugins/attr-sql.conf debian/strongswan-plugin-led.install0000644000000000000000000000020312775300022015012 0ustar etc/strongswan.d/charon/led.conf usr/lib/ipsec/plugins/libstrongswan-led.so usr/share/strongswan/templates/config/plugins/led.conf debian/strongswan-starter.strongswan.upstart0000644000000000000000000000101612775300022016701 0ustar # Upstart job for strongSwan. description "strongSwan IPsec services" author "Jonathan Davies " start on (runlevel [2345] and net-device-up IFACE!=lo) stop on runlevel [!2345] expect fork respawn pre-start script # Create lock directory. mkdir -p /var/lock/subsys/ end script post-stop script rm -f /var/run/charon.pid /var/run/starter.charon.pid end script env PIDFILE=/var/run/charon.pid pre-start exec /usr/sbin/ipsec start post-stop exec /usr/sbin/ipsec stop debian/strongswan-plugin-duplicheck.install0000644000000000000000000000026112775300022016365 0ustar etc/strongswan.d/charon/duplicheck.conf usr/lib/ipsec/duplicheck usr/lib/ipsec/plugins/libstrongswan-duplicheck.so usr/share/strongswan/templates/config/plugins/duplicheck.conf