Add help completions for VPN configuration

31 files changed, 139 insertions, 39 deletions

diff --git a/templates/vpn/ipsec/copy-tos/node.def b/templates/vpn/ipsec/copy-tos/node.def
index cf675c6..adac7a4 100644
--- a/templates/vpn/ipsec/copy-tos/node.def
+++ b/templates/vpn/ipsec/copy-tos/node.def
@@ -2,3 +2,6 @@ help: "copy TOS configuration"
 type:  txt 
 default:  "disable"
 syntax: $(@) in "enable", "disable"; "must be enable or disable"
+#comp_help: possible completions
+# enable             Set copy TOS enabled
+# disable            Set copy TOS disabled (default)
diff --git a/templates/vpn/ipsec/esp-group/node.def b/templates/vpn/ipsec/esp-group/node.def
index 4aae745..a137a77 100644
--- a/templates/vpn/ipsec/esp-group/node.def
+++ b/templates/vpn/ipsec/esp-group/node.def
@@ -2,3 +2,5 @@ tag:
 type: txt
 help: "Encapsulating Security Payload configuration"
 syntax: pattern $(@) "^[-_a-zA-Z0-9.]+$" ; "invalid ESP group name \"$(@)\""
+#comp_help: possible completions
+# <text>             Set the name of an ESP group
diff --git a/templates/vpn/ipsec/esp-group/node.tag/compression/node.def b/templates/vpn/ipsec/esp-group/node.tag/compression/node.def
index 81409ba..3ba2efd 100644
--- a/templates/vpn/ipsec/esp-group/node.tag/compression/node.def
+++ b/templates/vpn/ipsec/esp-group/node.tag/compression/node.def
@@ -2,3 +2,6 @@ help: "ESP compression configuration"
 type:  txt 
 default:  "disable"
 syntax: $(@) in "enable", "disable"; "must be enable or disable"
+#comp_help: possible completions
+# enable             Set ESP compression enabled
+# disable            Set ESP compression disabled (default)
diff --git a/templates/vpn/ipsec/esp-group/node.tag/lifetime/node.def b/templates/vpn/ipsec/esp-group/node.tag/lifetime/node.def
index 43bf9d3..aa1fb17 100644
--- a/templates/vpn/ipsec/esp-group/node.tag/lifetime/node.def
+++ b/templates/vpn/ipsec/esp-group/node.tag/lifetime/node.def
@@ -1,4 +1,6 @@
 help: "ESP lifetime configuration"
-type:  u32 
-default:  3600
-syntax: ($(@) >= 30 && $(@) <= 86400) ; "must be in the range 30 to 86400 seconds inclusive"
+type: u32 
+default: 3600
+syntax: ($(@) >= 30 && $(@) <= 86400) ; "must be in the range 30 to 86400 seconds"
+#comp_help: possible completions
+# <30-86400>         Set ESP lifetime in seconds (default 3600)
diff --git a/templates/vpn/ipsec/esp-group/node.tag/mode/node.def b/templates/vpn/ipsec/esp-group/node.tag/mode/node.def
index e288d81..24197bc 100644
--- a/templates/vpn/ipsec/esp-group/node.tag/mode/node.def
+++ b/templates/vpn/ipsec/esp-group/node.tag/mode/node.def
@@ -1,4 +1,7 @@
 help: "ESP mode configuration"
-type:  txt 
-default:  "tunnel"
+type: txt 
+default: "tunnel"
 syntax: $(@) in "tunnel", "transport"; "must be tunnel or transport"
+#comp_help: possible completions
+# tunnel             Set tunnel mode (default)
+# transport          Set transport mode
diff --git a/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def b/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def
index f180a61..437a329 100644
--- a/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def
+++ b/templates/vpn/ipsec/esp-group/node.tag/pfs/node.def
@@ -1,4 +1,7 @@
 help: "ESP PFS configuration"
-type:  txt 
-default:  "enable"
+type: txt 
+default: "enable"
 syntax: $(@) in "enable", "disable"; "must be enable or disable"
+#comp_help: possible completions
+# enable    	     Set Perfect Forward Secrecy enabled (default)
+# disable	     Set Perfect Forward Secrecy disabled
diff --git a/templates/vpn/ipsec/esp-group/node.tag/proposal/node.def b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.def
index 7fa4bdf..cf9c1c4 100644
--- a/templates/vpn/ipsec/esp-group/node.tag/proposal/node.def
+++ b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.def
@@ -1,4 +1,7 @@
 tag:
 type: u32
 help: "Configure a esp-group proposal"
-syntax: ($(@) >= 1 && $(@) <= 65535) ; "must be in the range 1 to 65535 inclusive"
+syntax: ($(@) >= 1 && $(@) <= 65535) ; "must be between 1-65535"
+#comp_help: possible completions
+# <1-65535> 	     Set the esp-group proposal number
+
diff --git a/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def
index f345008..65f3b65 100644
--- a/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def
+++ b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def
@@ -2,3 +2,7 @@ help: "Set encryption"
 type: txt
 default: "aes128"
 syntax: $(@) in "aes128", "aes256", "3des"; "must be aes128, or aes256, or 3des"
+#comp_help: possible completions
+# aes128             Set aes128 encryption (default)
+# aes256             Set aes256 encryption
+# 3des               Set 3des encryption
diff --git a/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/hash/node.def b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/hash/node.def
index 7cdd3f4..1b278df 100644
--- a/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/hash/node.def
+++ b/templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/hash/node.def
@@ -2,3 +2,6 @@ help: "Set hash algorithm"
 type: txt
 default: "sha1"
 syntax: $(@) in "md5", "sha1"; "must be md5 or sha1"
+#comp_help: possible completions
+# md5                Set md5 hash
+# sha1               Set sha1 hash (default)
diff --git a/templates/vpn/ipsec/ike-group/node.def b/templates/vpn/ipsec/ike-group/node.def
index 19dfb49..fa3865e 100644
--- a/templates/vpn/ipsec/ike-group/node.def
+++ b/templates/vpn/ipsec/ike-group/node.def
@@ -2,3 +2,5 @@ tag:
 type: txt
 help: "Internet Key Exchange configuration"
 syntax: pattern $(@) "^[-_a-zA-Z0-9.]+$" ; "invalid IKE group name \"$(@)\""
+#comp_help: possible completions
+# <text>    	     Set the name of an IKE group
diff --git a/templates/vpn/ipsec/ike-group/node.tag/aggressive-mode/node.def b/templates/vpn/ipsec/ike-group/node.tag/aggressive-mode/node.def
index b462e61..5a1bf61 100644
--- a/templates/vpn/ipsec/ike-group/node.tag/aggressive-mode/node.def
+++ b/templates/vpn/ipsec/ike-group/node.tag/aggressive-mode/node.def
@@ -1,4 +1,7 @@
 help: "IKE aggressive-mode configuration"
-type:  txt 
-default:  "disable"
+type: txt 
+default: "disable"
 syntax: $(@) in "enable", "disable"; "enable or disable"
+#comp_help: possible completions
+# enable    	     Set aggressive-mode enable 
+# disable	     Set aggressive-mode disable (default)
diff --git a/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/action/node.def b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/action/node.def
index fbc1aef..cc34eac 100644
--- a/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/action/node.def
+++ b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/action/node.def
@@ -2,3 +2,7 @@ help: "Set keep-alive failure action"
 type:  txt 
 default:  "hold"
 syntax: $(@) in "hold", "clear", "restart"; "must be hold, or clear, or restart"
+#comp_help: possible completions
+# hold	    	     Set action to hold (default)
+# clear		     Set action to clear
+# restart	     Set action to restart
diff --git a/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/interval/node.def b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/interval/node.def
index 241edf0..476e4ff 100644
--- a/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/interval/node.def
+++ b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/interval/node.def
@@ -1,4 +1,6 @@
 help: "Set keep-alive interval"
-type:  u32 
-default:  30
-syntax: ($(@) >= 15 && $(@) <= 86400) ; "must be in the range 15 to 86400 seconds inclusive"
+type: u32 
+default: 30
+syntax: ($(@) >= 15 && $(@) <= 86400) ; "must be between 15-86400 seconds"
+#comp_help: possible completions
+# <15-86400>	     Set keep-alive interval in seconds (default 30)
diff --git a/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/timeout/node.def b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/timeout/node.def
index 8b46cbb..fa83244 100644
--- a/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/timeout/node.def
+++ b/templates/vpn/ipsec/ike-group/node.tag/dead-peer-detection/timeout/node.def
@@ -1,4 +1,8 @@
 help: "Set keep-alive timeout"
-type:  u32 
-default:  120
-syntax: ($(@) >= 30 && $(@) <= 86400) ; "must be in the range 30 to 86400 seconds inclusive"
+type: u32 
+default: 120
+syntax: ($(@) >= 30 && $(@) <= 86400) ; "must be between 30-86400 seconds"
+#comp_help: possible completions
+# <30-86400>	     Set keep-alive timeout in seconds (default 120)
+
+
diff --git a/templates/vpn/ipsec/ike-group/node.tag/lifetime/node.def b/templates/vpn/ipsec/ike-group/node.tag/lifetime/node.def
index 2a1500a..e5ba8ee 100644
--- a/templates/vpn/ipsec/ike-group/node.tag/lifetime/node.def
+++ b/templates/vpn/ipsec/ike-group/node.tag/lifetime/node.def
@@ -1,4 +1,6 @@
 help: "IKE lifetime configuration"
-type:  u32 
-default:  28800
-syntax: ($(@) >= 30 && $(@) <= 86400) ; "must be in the range 30 to 86400 seconds inclusive"
+type: u32 
+default: 28800
+syntax: ($(@) >= 30 && $(@) <= 86400) ; "must between 30-86400 seconds"
+#comp_help: possible completions
+# <30-86400>	     Set IKE lifetime (default 28800)
diff --git a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.def b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.def
index b61a016..247a383 100644
--- a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.def
+++ b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.def
@@ -1,4 +1,7 @@
 tag:
 help: "Configure a ike-group proposal"
 type: u32
-syntax: ($(@) >= 1 && $(@) <= 65535) ; "must be in the range 1 to 65535 inclusive"
+syntax: ($(@) >= 1 && $(@) <= 65535) ; "must be between 1-65535"
+#comp_help: possible completions
+# <1-65535> 	     Set ike-group proposal
+
diff --git a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def
index 58c800b..1d82b67 100644
--- a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def
+++ b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/dh-group/node.def
@@ -1,3 +1,6 @@
 help: "Set Diffie-Hellman key exchange"
 type: u32
 syntax: ($(@) == 2 || $(@) == 5); "must be 2 or 5"
+#comp_help: possible completions
+# 2	    	     Set dh2
+# 5		     Set dh5
diff --git a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def
index f345008..65f3b65 100644
--- a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def
+++ b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def
@@ -2,3 +2,7 @@ help: "Set encryption"
 type: txt
 default: "aes128"
 syntax: $(@) in "aes128", "aes256", "3des"; "must be aes128, or aes256, or 3des"
+#comp_help: possible completions
+# aes128             Set aes128 encryption (default)
+# aes256             Set aes256 encryption
+# 3des               Set 3des encryption
diff --git a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/hash/node.def b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/hash/node.def
index 7cdd3f4..d9079a9 100644
--- a/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/hash/node.def
+++ b/templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/hash/node.def
@@ -2,3 +2,6 @@ help: "Set hash algorithm"
 type: txt
 default: "sha1"
 syntax: $(@) in "md5", "sha1"; "must be md5 or sha1"
+#comp_help: possible completions
+# md5	    	     Set md5 hash
+# sha1		     Set sha1 hash (default)
diff --git a/templates/vpn/ipsec/ipsec-interfaces/interface/node.def b/templates/vpn/ipsec/ipsec-interfaces/interface/node.def
index c1c8d56..4399d62 100644
--- a/templates/vpn/ipsec/ipsec-interfaces/interface/node.def
+++ b/templates/vpn/ipsec/ipsec-interfaces/interface/node.def
@@ -1,3 +1,6 @@
 multi:
 type: txt
 help: "ipsec interfaces"
+#allowed: local -a array ;
+# array=( /sys/class/net/* ) ;
+# echo -n ${array[@]##*/}
diff --git a/templates/vpn/ipsec/logging/facility/node.def b/templates/vpn/ipsec/logging/facility/node.def
index 7b12da1..209ef53 100644
--- a/templates/vpn/ipsec/logging/facility/node.def
+++ b/templates/vpn/ipsec/logging/facility/node.def
@@ -1,6 +1,13 @@
-type:txt
-syntax: $(@)in "daemon", "local0", "local1", "local2", "local3",\
-        "local4", "local5", "local6", "local7" ;"Value \"$(@)\" not in the list: daemon, local0, local1, local2, local3,\
-        local4, local5, local6, local7"
-help:"IKE lifetime configuration"
-
+type: txt
+help: "Set logging facility"
+syntax: $(@)in "daemon", "local0", "local1", "local2", "local3", "local4", "local5", "local6", "local7" ; "Value \"$(@)\" not in the list: daemon, local0, local1, local2, local3, local4, local5, local6, local7"
+#comp_help: Available logging facilities:
+# daemon               System daemons
+# local0               Local facility 0
+# local1               Local facility 1
+# local2               Local facility 2
+# local3               Local facility 3
+# local4               Local facility 4
+# local5               Local facility 5
+# local6               Local facility 6
+# local7               Local facility 7
diff --git a/templates/vpn/ipsec/logging/level/node.def b/templates/vpn/ipsec/logging/level/node.def
index 287d9cc..53b80ff 100644
--- a/templates/vpn/ipsec/logging/level/node.def
+++ b/templates/vpn/ipsec/logging/level/node.def
@@ -1,3 +1,12 @@
-help: "Set log level"
-type:txt
-syntax: $(@) in "alert", "crit", "debug", "emerg", "err", "info", "notice", "warning"; "must be one of the following: crit, debug, emerg, err, info, notice, warning"
+help: "Set logging level"
+type: txt
+syntax: $(@) in "alert", "crit", "debug", "emerg", "err", "info", "notice", "warning" ; "must be one of the following: crit, debug, emerg, err, info, notice, warning"
+#comp_help: Logging levels in descending order of severity:
+# emerg		           Emergency messages
+# alert        		   Urgent messages
+# crit         		   Critical messages 
+# err          		   Error messages
+# warning      		   Warning messages
+# notice       		   Messages for further investigation
+# info         		   Informational messages
+# debug        		   Debug messages
diff --git a/templates/vpn/ipsec/logging/log-modes/node.def b/templates/vpn/ipsec/logging/log-modes/node.def
index 4b89387..3ed7f47 100644
--- a/templates/vpn/ipsec/logging/log-modes/node.def
+++ b/templates/vpn/ipsec/logging/log-modes/node.def
@@ -1,4 +1,12 @@
 multi:
 help: "Set log mode"
-type:txt
-syntax: $(@) in "raw", "crypt", "parsing", "emitting", "control", "all", "private"; "must be one of the following: raw, crypt, parsing, emitting, control, all, private"
+type: txt
+syntax: $(@) in "raw", "crypt", "parsing", "emitting", "control", "all", "private" ; "must be one of the following: raw, crypt, parsing, emitting, control, all, private"
+#comp_help: Additional pluto debug log options:
+# raw
+# crypt
+# parsing
+# emitting
+# control
+# all
+# private
diff --git a/templates/vpn/ipsec/logging/node.def b/templates/vpn/ipsec/logging/node.def
index 1ca0fd3..02a883f 100644
--- a/templates/vpn/ipsec/logging/node.def
+++ b/templates/vpn/ipsec/logging/node.def
@@ -1 +1,2 @@
+help: "Configure ipsec logging"
 activate: "echo activating logging"
diff --git a/templates/vpn/ipsec/nat-traversal/node.def b/templates/vpn/ipsec/nat-traversal/node.def
index ec08aa6..a1d58cc 100644
--- a/templates/vpn/ipsec/nat-traversal/node.def
+++ b/templates/vpn/ipsec/nat-traversal/node.def
@@ -1,3 +1,6 @@
 help: "NAT traversal configuration"
 type: txt
 syntax: $(@) in "enable", "disable"; "must be enable or disable"
+#comp_help: possible completions:
+# enable             Set NAT-T enabled
+# disable            Set NAT-T disabled
diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/mode/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/mode/node.def
index 5412926..19c710b 100644
--- a/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/mode/node.def
+++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/mode/node.def
@@ -1,4 +1,7 @@
 help: "Configure authentication mode"
-type:  txt 
-default:  "pre-shared-secret"
+type: txt 
+default: "pre-shared-secret"
 syntax: $(@) in "pre-shared-secret", "rsa"; "must be pre-shared-secret or rsa"
+#comp_help: possible completions:
+# pre-shared-secret   Set authentication mode to use pre shared secret key
+# rsa                 Set authentication mode to use RSA key
diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/pre-shared-secret/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/pre-shared-secret/node.def
index db096e4..15c74ce 100644
--- a/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/pre-shared-secret/node.def
+++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/authentication/pre-shared-secret/node.def
@@ -1,3 +1,3 @@
 help: "Set pre-shared secret key"
-type:  txt
-syntax: pattern $(@) "^[-_a-zA-Z0-9.]+$" ; "invalid pre-shared secret key \"$(@)\""
+type: txt
+syntax: pattern $(@) "^[\!\@\#\$\%\^\&\*\(\)-_a-zA-Z0-9.]+$" ; "invalid pre-shared secret key \"$(@)\""
diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-nat-networks/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-nat-networks/node.def
index b8e6454..9c29c2e 100644
--- a/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-nat-networks/node.def
+++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-nat-networks/node.def
@@ -1,4 +1,7 @@
 help: "Set NAT networks"
-type:  txt 
-default:  "disable"
+type: txt 
+default: "disable"
 syntax: $(@) in "enable", "disable"; "must be enable or disable"
+#comp_help: possible completions:
+# enable             Set NAT networks enabled
+# disable            Set NAT networks disabled (default)
diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-public-networks/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-public-networks/node.def
index 7c18e68..5883048 100644
--- a/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-public-networks/node.def
+++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/allow-public-networks/node.def
@@ -1,4 +1,7 @@
 help: "Set public networks"
-type:  txt 
-default:  "disable"
+type: txt 
+default: "disable"
 syntax: $(@) in "enable", "disable"; "must be enable or disable"
+#comp_help: possible completions:
+# enable             Set public networks enabled
+# disable            Set public networks disabled (default)
diff --git a/templates/vpn/rsa-keys/rsa-key-name/node.def b/templates/vpn/rsa-keys/rsa-key-name/node.def
index af47ad3..c659bd8 100644
--- a/templates/vpn/rsa-keys/rsa-key-name/node.def
+++ b/templates/vpn/rsa-keys/rsa-key-name/node.def
@@ -1,3 +1,5 @@
 tag:
 type: txt
 help: "Set remote RSA key"
+#comp_help: possible completions:
+# <text>    	     Set name of RSA key
diff --git a/templates/vpn/rsa-keys/rsa-key-name/node.tag/rsa-key/node.def b/templates/vpn/rsa-keys/rsa-key-name/node.tag/rsa-key/node.def
index 0098ccc..84ecf48 100644
--- a/templates/vpn/rsa-keys/rsa-key-name/node.tag/rsa-key/node.def
+++ b/templates/vpn/rsa-keys/rsa-key-name/node.tag/rsa-key/node.def
@@ -1,2 +1,4 @@
 help: "Set remote RSA key"
 type:  txt
+#comp_help: possible completions:
+# <text>    	     Set the actual RSA key