Translations by EAdam
EAdam has submitted the following strings to this translation. Contributions are visually coded: currently used translations, unreviewed suggestions, rejected suggestions.
| 512. |
source vars
|
|
| 2011-05-07 |
原始变量
|
|
| 513. |
./clean-all
|
|
| 2011-05-07 |
./clean-all
|
|
| 514. |
./build-dh
|
|
| 2011-05-07 |
./build-dh
|
|
| 515. |
./pkitool --initca
|
|
| 2011-05-07 |
./pkitool --initca
|
|
| 516. |
./pkitool --server server
|
|
| 2011-05-07 |
./pkitool --server server
|
|
| 517. |
cd keys
|
|
| 2011-05-07 |
cd keys
|
|
| 518. |
openvpn --genkey --secret ta.key
|
|
| 2011-05-07 |
openvpn --genkey --secret ta.key
|
|
| 519. |
sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/
|
|
| 2011-05-07 |
sudo cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/
|
|
| 520. |
Client Certificates
|
|
| 2011-05-07 |
客户端证书
|
|
| 521. |
The VPN client will also need a certificate to authenticate itself to the server. To create the certificate, enter the following in a terminal:
|
|
| 2011-05-07 |
VPN客户端也需要一个证书用来向服务器认证自己。要创建证书,请在终端输入:
|
|
| 522. |
./pkitool hostname
|
|
| 2011-05-07 |
./pkitool hostname
|
|
| 523. |
Replace <emphasis>hostname</emphasis> with the actual hostname of the machine connecting to the VPN.
|
|
| 2011-05-07 |
将<emphasis>hostname</emphasis>替换成要连接到VPN的实际主机名。
|
|
| 524. |
Copy the following files to the client:
|
|
| 2011-05-07 |
将如下文件复制到客户端:
|
|
| 529. |
Remember to adjust the above file names for your client machine's <emphasis>hostname</emphasis>.
|
|
| 2011-05-07 |
记得要将你的客户端机器的<emphasis>主机名</emphasis>的以上文件做相应调整。
|
|
| 530. |
It is best to use a secure method to copy the certificate and key files. The <application>scp</application> utility is a good choice, but copying the files to removable media then to the client, also works well.
|
|
| 2011-05-07 |
最好是使用安全的方法来复制证书和钥匙文件。<application>scp</application>工具是个不错的选择,但将文件复制到可移除介质再复制到客户端也是可以的。
|
|
| 532. |
Now configure the <application>openvpn</application> server by creating <filename>/etc/openvpn/server.conf</filename> from the example file. In a terminal enter:
|
|
| 2011-05-07 |
现在可以通过编辑示例文件中的<filename>/etc/openvpn/server.conf</filename>来配置<application>openvpn</application>。在终端中输入:
|
|
| 533. |
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
|
|
| 2011-05-07 |
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
|
|
| 534. |
sudo gzip -d /etc/openvpn/server.conf.gz
|
|
| 2011-05-07 |
sudo gzip -d /etc/openvpn/server.conf.gz
|
|
| 537. |
<emphasis>local</emphasis>: is the IP address of the bridge interface.
|
|
| 2011-05-07 |
<emphasis>local</emphasis>:是桥接界面的IP地址。
|
|
| 538. |
<emphasis>server-bridge</emphasis>: needed when the configuration uses bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is the bridge interface and mask. The IP range <emphasis>172.18.100.105 172.18.100.200</emphasis> is the range of IP addresses that will be assigned to clients.
|
|
| 2011-05-07 |
<emphasis>server-bridge</emphasis>:在配置用户桥接时需要此项。<emphasis>172.18.100.101 255.255.255.0</emphasis>是桥接界面和掩码。IP范围<emphasis>172.18.100.105 172.18.100.200</emphasis>是将分配给客户端的IP地址范围。
|
|
| 539. |
<emphasis>push</emphasis>: are directives to add networking options for clients.
|
|
| 2011-05-07 |
<emphasis>push</emphasis>: 是为客户端添加网络选项的命令。
|
|
| 540. |
<emphasis>user and group</emphasis>: configure which user and group the <application>openvpn</application> daemon executes as.
|
|
| 2011-05-07 |
<emphasis>user and group</emphasis>: 配置<application>openvpn</application>程序执行时所使用的用户名和组名。
|
|
| 541. |
Replace all IP addresses and domain names above with those of your network.
|
|
| 2011-05-07 |
用你自己网络相应的IP地址和域名来做替换。
|
|
| 542. |
Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:
|
|
| 2011-05-07 |
接下来,创建两个帮助脚本将<emphasis>tap</emphasis>界面添加至桥接。创建<filename>/etc/openvpn/up.sh</filename>:
|
|
| 543. |
#!/bin/sh
BR=$1
DEV=$2
MTU=$3
/sbin/ifconfig $DEV mtu $MTU promisc up
/usr/sbin/brctl addif $BR $DEV
|
|
| 2011-05-07 |
#!/bin/sh
BR=$1
DEV=$2
MTU=$3
/sbin/ifconfig $DEV mtu $MTU promisc up
/usr/sbin/brctl addif $BR $DEV
|
|
| 544. |
And <filename>/etc/openvpn/down.sh</filename>:
|
|
| 2011-05-07 |
和<filename>/etc/openvpn/down.sh</filename>:
|
|
| 545. |
#!/bin/sh
BR=$1
DEV=$2
/usr/sbin/brctl delif $BR $DEV
/sbin/ifconfig $DEV down
|
|
| 2011-05-07 |
#!/bin/sh
BR=$1
DEV=$2
/usr/sbin/brctl delif $BR $DEV
/sbin/ifconfig $DEV down
|
|
| 546. |
Then make them executable:
|
|
| 2011-05-07 |
然后让他们可执行:
|
|
| 547. |
sudo chmod 755 /etc/openvpn/down.sh
|
|
| 2011-05-07 |
sudo chmod 755 /etc/openvpn/down.sh
|
|
| 548. |
sudo chmod 755 /etc/openvpn/up.sh
|
|
| 2011-05-07 |
sudo chmod 755 /etc/openvpn/up.sh
|
|
| 549. |
After configuring the server, restart <application>openvpn</application> by entering:
|
|
| 2011-05-07 |
配置完服务器之后,使用以下命令来重启<application>openvpn</application>:
|
|
| 550. |
sudo /etc/init.d/openvpn restart
|
|
| 2011-05-07 |
sudo /etc/init.d/openvpn restart
|
|
| 551. |
Client Configuration
|
|
| 2011-05-07 |
客户端配置
|
|
| 554. |
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn
|
|
| 2011-05-07 |
sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn
|
|
| 555. |
Now edit <filename>/etc/openvpn/client.conf</filename> changing the following options:
|
|
| 2011-05-07 |
现在编辑<filename>/etc/openvpn/client.conf</filename>,更改以下选项:
|
|
| 556. |
dev tap
remote vpn.example.com 1194
cert hostname.crt
key hostname.key
tls-auth ta.key 1
|
|
| 2011-05-07 |
dev tap
remote vpn.example.com 1194
cert hostname.crt
key hostname.key
tls-auth ta.key 1
|
|
| 557. |
Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN server, and <emphasis>hostname.*</emphasis> with the actual certificate and key filenames.
|
|
| 2011-05-07 |
用您的VPN服务器的主机名替换<emphasis>vpn.example.com</emphasis>,并用实际的证书和钥匙文件名替换<emphasis>hostname.*</emphasis>。
|
|
| 558. |
Finally, restart <application>openvpn</application>:
|
|
| 2011-05-07 |
最后,重启<application>openvpn</application>:
|
|
| 559. |
You should now be able to connect to the remote LAN through the VPN.
|
|
| 2011-05-07 |
您现在应该可以通过VPN连接到远程LAN。
|
|
| 560. |
See the <ulink url="http://openvpn.net/">OpenVPN</ulink> website for additional information.
|
|
| 2011-05-07 |
请查看<ulink url="http://openvpn.net/">OpenVPN</ulink>网站以获取更多信息。
|
|
| 561. |
Also, Pakt's <ulink url="http://www.packtpub.com/openvpn/book">OpenVPN: Building and Integrating Virtual Private Networks</ulink> is a good resource.
|
|
| 2011-05-07 |
还有,Pakt的<ulink url="http://www.packtpub.com/openvpn/book">OpenVPN: Building and Integrating Virtual Private Networks</ulink>也是个不错的信息源。
|
|
| 580. |
You are now ready to install a <emphasis>Guest</emphasis> operating system. Installing a virtual machine follows the same process as installing the operating system directly on the hardware. You either need a way to automate the installation, or a keyboard and monitor will need to be attached to the physical machine.
|
|
| 2008-08-26 |
您现在正准备安装一个GUEST操作系统。依据与安装操作系统相同的步骤在电脑上安装虚拟机软件。您可以让安装自动进行,也可以将键盘及显示器连接到电脑来完成安装。
|
|
| 792. |
Here is the command with all the options discussed above:
|
|
| 2011-05-07 |
这是使用了上面所有涉及到选项的命令:
|
|
| 1110. |
Accessing Subversion repository via WebDAV protocol with SSL encryption (https://) is similar to http:// except that you must install and configure the digital certificate in your Apache2 web server. To use SSL with Subversion add the above Apache2 configuration to <filename>/etc/apache2/sites-available/default-ssl</filename>. For more information on setting up Apache2 with SSL see <xref linkend="https-configuration"/>.
|
|
| 2011-05-07 |
使用带有SSL加密的(https://)WebDAV协议访问Subversion仓库跟 http://... 的方式相似,除了你必须在你的Apache2中安装配置数字证书。 你可以向<filename>/etc/apache2/sites-available/default-ssl</filename>文件添加以上Apache2配置来使用带有SSL的Subversion。关于配置Apache2 SSL的更多信息请看<xref linkend="https-configuration"/>。
|
|
| 1111. |
You can install a digital certificate issued by a signing authority. Alternatively, you can install your own self-signed certificate.
|
|
| 2011-05-07 |
您可以安装一个权威机构发行的数字证书。当然,您也可以安装一个自定义的证书。
|
|
| 1298. |
Applications that open ports can include an <application>ufw</application> profile, which details the ports needed for the application to function properly. The profiles are kept in <filename role="directory">/etc/ufw/applications.d</filename>, and can be edited if the default ports have been changed.
|
|
| 2009-10-20 |
可以打开端口的应用程序可以被包含在<application>ufw</application>的预设文件中,这里根据功能适当的包含了应用程序所需的端口。这个预设文件包含在<filename role="directory">/etc/ufw/applications.d</filename>,在默认端口发生改变的时候可以进行编辑。
|
|
| 1318. |
net/ipv4/ip_forward=1
|
|
| 2011-05-07 |
net/ipv4/ip_forward=1
|
|
| 1320. |
net/ipv6/conf/default/forwarding=1
|
|
| 2011-05-07 |
net/ipv6/conf/default/forwarding=1
|
|
| 1332. |
Similar to <application>ufw</application>, the first step is to enable IPv4 packet forwarding by editing <filename>/etc/sysctl.conf</filename> and uncomment the following line
|
|
| 2009-04-10 |
类似于<application>ufw</application>,激活IPv4包投递的第一步是编辑<filename>/etc/sysctl.conf</filename>并注释掉以下行:
|
|
| 2787. |
The Exim4 does not use the above aliases to forward mails to Mailman, as it uses a <emphasis>discover</emphasis> approach. To suppress the aliases while creating the list, you can add <emphasis>MTA=None</emphasis> line in Mailman configuration file, <filename>/etc/mailman/mm_cfg.py</filename>.
|
|
| 2011-05-07 |
因为Exim4使用<emphasis>发现</emphasis> 机制,所以它不使用以上的别名将邮件转发给Mailman。要在创建列表时禁止别名,你可以将<emphasis>MTA=None</emphasis>添加到Mailman的配置文件<filename>/etc/mailman/mm_cfg.py</filename>中。
|
|
