<lexicon lang="zh-cn">
    <entry>
        <base>FORM_TITLE</base>
        <trans>站到站的OpenVPN配置</trans>
    </entry>
    <entry>
        <base>DESC_MAIN_PAGE</base>
        <trans><![CDATA[This page lets you manage site to site OpenVPN tunnels.<br>]]></trans>
    </entry>
    <entry>
        <base>LABEL_CLIENTS</base>
        <trans>客户端列表</trans>
    </entry>
    <entry>
        <base>ADD_CLIENT</base>
        <trans>添加新的客户端</trans>
    </entry>
    <entry>
        <base>LABEL_SERVERS</base>
        <trans>服务器后台列表</trans>
    </entry>
    <entry>
        <base>ADD_SERVER</base>
        <trans>Add a new server</trans>
    </entry>
    <entry>
        <base>DESC_ADD_CLIENT_PAGE</base>
        <trans>This page lets you configure a new daemon acting as a client</trans>
    </entry>
    <entry>
        <base>DESC_COMMENT</base>
        <trans>Enter a description for this daemon</trans>
    </entry>
    <entry>
        <base>LABEL_COMMENT</base>
        <trans>描述</trans>
    </entry>
    <entry>
        <base>DESC_STATUS</base>
        <trans>Enable or disable this daemon</trans>
    </entry>
    <entry>
        <base>LABEL_STATUS</base>
        <trans>状态</trans>
    </entry>
    <entry>
        <base>DESC_AUTH</base>
        <trans><![CDATA[Choose the authentication mechanism.<br> Shared Key is simple to configure because you don't need to create and manage a PKI. You just need to create a secret key, and configure it on both side.<br> TLS authentication is a bit harder to configure, as you'll need to manage a PKI, but provide a better level of security (like the Perfect Forward Secrecy).<br> If you don't care about the extra security provided by TLS, you should choose Shared Key here.]]></trans>
    </entry>
    <entry>
        <base>LABEL_AUTH</base>
        <trans>Authentication mechanism</trans>
    </entry>
    <entry>
        <base>SHARED_KEY</base>
        <trans>共享密钥</trans>
    </entry>
    <entry>
        <base>TLS</base>
        <trans>TLS</trans>
    </entry>
    <entry>
        <base>DESC_CONFIGURE_CERT</base>
        <trans>This page lets you configure the authentication of this daemon</trans>
    </entry>
    <entry>
        <base>DESC_CRL_URL</base>
        <trans>You can enter an URL where the CRL can be find. Your SME Server will update the CRL every hour and check if the certificate of the remote endpoint is not revoked. If you don't wan't to use the CRL verification , just let this field emtpy.</trans>
    </entry>
    <entry>
        <base>LABEL_CRL_URL</base>
        <trans>CRL update URL</trans>
    </entry>
    <entry>
        <base>DESC_CA_PEM</base>
        <trans>Enter the authoritative certificate in pem format</trans>
    </entry>
    <entry>
        <base>LABEL_CA_PEM</base>
        <trans>Authoritative certificate</trans>
    </entry>
    <entry>
        <base>DESC_CRT_PEM</base>
        <trans>Enter the certificate in pem format</trans>
    </entry>
    <entry>
        <base>LABEL_CRT_PEM</base>
        <trans>Enter the certificate in pem format</trans>
    </entry>
    <entry>
        <base>DESC_REMOTE_HOST</base>
        <trans>Enter the hostname or IP address of the remote host</trans>
    </entry>
    <entry>
        <base>DESC_KEY_PEM</base>
        <trans>使用PEM格式输入私钥</trans>
    </entry>
    <entry>
        <base>LABEL_KEY_PEM</base>
        <trans>私钥</trans>
    </entry>
    <entry>
        <base>DESC_DH_PEM</base>
        <trans>Enter Diffie-Hellman parameters</trans>
    </entry>
    <entry>
        <base>LABEL_DH_PEM</base>
        <trans>Diffie-Hellman parameters</trans>
    </entry>
    <entry>
        <base>LABEL_REMOTE_HOST</base>
        <trans>远程主机</trans>
    </entry>
    <entry>
        <base>DESC_REMOTE_PORT</base>
        <trans>输入远程服务器使用的端口</trans>
    </entry>
    <entry>
        <base>LABEL_REMOTE_PORT</base>
        <trans>远程端口</trans>
    </entry>
    <entry>
        <base>DESC_LOCAL_IP</base>
        <trans><![CDATA[Enter here the IP used by the tunnel on this host. You should choose an IP outside of any local network. Local and remote IP should be reversed between client and server. eg:<br> On the server side, you configure Local IP: 10.2.0.1 and remote IP: 10.2.0.2<br> On the client side, you have to configure Local IP: 10.2.0.2 and remote IP: 10.2.0.1<br>]]></trans>
    </entry>
    <entry>
        <base>LABEL_LOCAL_IP</base>
        <trans>本地虚拟IP</trans>
    </entry>
    <entry>
        <base>DESC_REMOTE_IP</base>
        <trans>Enter here the IP used by the tunnel on the remote host.</trans>
    </entry>
    <entry>
        <base>LABEL_REMOTE_IP</base>
        <trans>远程虚拟IP</trans>
    </entry>
    <entry>
        <base>DESC_REMOTE_NET</base>
        <trans>Enter here networks reachable through the remote host. Eg: 192.168.25.0/255.255.255.0. You can enter multiple networks separated with a comma. Up to 20 networks are supported. Communication with these networks will be tunnelled through the VPN.</trans>
    </entry>
    <entry>
        <base>LABEL_REMOTE_NET</base>
        <trans>远程网络</trans>
    </entry>
    <entry>
        <base>DESC_SHARED_KEY</base>
        <trans><![CDATA[Enter the secret key. You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server. You should use different secret keys for each client/server pair.]]></trans>
    </entry>
    <entry>
        <base>DESC_SHARED_KEY_TLS</base>
        <trans><![CDATA[You can enter here a optional secret key.<br> It will provide an extra security layer to your server.<br> You can create keys using this command: openvpn --genkey --secret /dev/stdout<br> This key should be kept secret, and only be stored on the client and the server.]]></trans>
    </entry>
    <entry>
        <base>LABEL_SHARED_KEY</base>
        <trans>共享密钥</trans>
    </entry>

    <entry>
        <base>DESC_ADD_SERVER_PAGE</base>
        <trans>This page lets you configure a new daemon acting as a server</trans>
    </entry>
    <entry>
        <base>DESC_LOCAL_PORT</base>
        <trans>请选择一个本地端口。您必须选择一个空闲的端口。（即未被其它服务占用的端口。）</trans>
    </entry>
    <entry>
        <base>LABEL_LOCAL_PORT</base>
        <trans>本地端口</trans>
    </entry>
    <entry>
        <base>DESC_REMOVE_CONF</base>
        <trans><![CDATA[You are about to remove the configuration of this daemon. All the networks routed through it won't be accessible anymore.<br> Are you sure you want to continue ?<br>]]></trans>
    </entry>
    <entry>
        <base>CONF_CONFLICT</base>
        <trans>另一个后台已经使用了这个名字</trans>
    </entry>
    <entry>
        <base>ERROR_OPENING_KEY_FILE</base>
        <trans>打开密钥文件时出错</trans>
    </entry>
    <entry>
        <base>CONF_NAME</base>
        <trans>后台ID</trans>
    </entry>
    <entry>
        <base>NO_CONF</base>
        <trans><![CDATA[<br>There is no daemon configured yet.]]></trans>
    </entry>
    <entry>
        <base>MODIFY</base>
        <trans>修改</trans>
    </entry>
    <entry>
        <base>STATUS</base>
        <trans>状态</trans>
    </entry>
    <entry>
        <base>REMOVE</base>
        <trans>移除</trans>
    </entry>
    <entry>
        <base>DESC_CONF_NAME</base>
        <trans>Enter a unique identifier for this configuration. This field should contain only lower-case letters, numbers, periods, hyphens and underscores, and should start with a lower-case letter.</trans>
    </entry>
    <entry>
        <base>INVALID_SHARED_KEY</base>
        <trans>Invalid data, please check all the fileds again</trans>
    </entry>
    <entry>
        <base>INVALID_NET</base>
        <trans>无效的网络列表</trans>
    </entry>
    <entry>
        <base>NET_IS_LOCAL</base>
        <trans>其中一个网络已经在本地网络</trans>
    </entry>
    <entry>
        <base>INVALID_CHARS</base>
        <trans>{$string} 包含无效的字符</trans>
    </entry>
    <entry>
        <base>NOT_A_VALID_PORT</base>
        <trans>无效的端口号</trans>
    </entry>
    <entry>
        <base>PORT_ALREAY_USED</base>
        <trans>这个端口已经被另外一个服务使用。</trans>
    </entry>
    <entry>
        <base>NOT_A_VALID_IP_NUMBER</base>
        <trans>This is not a valid IP address in the form x.x.x.x</trans>
    </entry>
    <entry>
        <base>IP_ALREADY_IN_USED</base>
        <trans>这个IP地址已被使用。</trans>
    </entry>
    <entry>
        <base>RESERVED_NET</base>
        <trans>You can't use an IP in this network because it's reserved</trans>
    </entry>
    <entry>
        <base>IP_IN_LOCAL_NET</base>
        <trans>这个IP地址是您的本地网络地址。</trans>
    </entry>

    <entry>
        <base>INSECURE</base>
        <trans>Insecure parameter</trans>
    </entry>
    <entry>
        <base>SUGGESTED</base>
        <trans>当前值</trans>
    </entry>
    <entry>
        <base>DEFAULT</base>
        <trans>默认</trans>
    </entry>
    <entry>
        <base>DOWN</base>
        <trans>下载</trans>
    </entry>
    <entry>
        <base>UP</base>
        <trans>Up</trans>
    </entry>
    <entry>
        <base>SUCCESS_RELOAD</base>
        <trans>VPN connection reloaded with success</trans>
    </entry>
    <entry>
        <base>DESC_RELOAD</base>
        <trans>Do you really want to reload this vpn connection?</trans>
    </entry>
    <entry>
        <base>RELOAD</base>
        <trans>载入</trans>
    </entry>
    <entry>
        <base>DESC_HMAC</base>
        <trans>HMAC is part of the encryption of the data channel for openvpn (where your data travel) after encryption with the cipher. Default is the insecure SHA1, we suggest you to at least use SHA256. This setting should match on both the server and the client</trans>
    </entry>
    <entry>
        <base>LABEL_HMAC</base>
        <trans>HMAC algorithm</trans>
    </entry>
    <entry>
        <base>DESC_CIPHER</base>
        <trans>The cipher used for your data channel for openvpn. The default is to use the insecure BlowFish algorithm. We suggest you the AES-128-CBC or higher. This setting should match on both the server and the client.</trans>
    </entry>
    <entry>
        <base>LABEL_CIPHER</base>
        <trans>Cipher encryption algorithm</trans>
    </entry>
    <entry>
        <base>DESC_SNAT</base>
        <trans>SNAT Outbound can be enabled or disabled (default is enabled). When enabled, connections initiated by the server itself will be SNATed so they will appear to come from the internal IP. If disabled, connections from the server itself will have the virtual IP as source.</trans>
    </entry>
    <entry>
        <base>LABEL_SNAT</base>
        <trans>SNAT Outbound</trans>
    </entry>
    <entry>
        <base>CIPHER</base>
        <trans>Cipher</trans>
    </entry>
    <entry>
        <base>LINK</base>
        <trans>mailman状态</trans>
    </entry>


</lexicon>
