Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Customize your package ? #29

Open
smallhumans opened this issue May 29, 2019 · 11 comments
Open

Customize your package ? #29

smallhumans opened this issue May 29, 2019 · 11 comments

Comments

@smallhumans
Copy link

Hi :) Thx for your package, i have a request.

Which Syntax?:

IOS classic

New Feature Description:

I'm newbie in GitHub but is-it possible to customize your package and re-build it ? There are a lot of commands that are not highlighted. I wanted to highlight the missing commands myself, then this work if you want.

Example Syntax

Like Crypto command :
crypto isakmp
crypto ipsec
crypto map

Thx for reading, have a nice day :)
@heyglen
Copy link
Owner

heyglen commented May 29, 2019

Hi,

Your contribution would be very welcome. Please make a push request.

Take a look at the contribution guide

@netify-gmail
Copy link

netify-gmail commented Jul 30, 2019
edited

Would like to augment highlighting of 'crypto map' syntax:
(literal IPs replaced with [ip addr])

crypto map outside_map 1 match address outside_cryptomap_3
crypto map outside_map 1 set peer [ip addr]
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 2 match address outside_cryptomap_1
crypto map outside_map 2 set peer [ip addr] 
crypto map outside_map 2 set ikev1 transform-set ESP-AES-256-SHA
crypto map outside_map 3 match address outside_cryptomap_2
crypto map outside_map 3 set peer [ip addr]
crypto map outside_map 3 set ikev1 transform-set ESP-AES-256-SHA
crypto map outside_map interface outside
crypto map outside2_map 4 match address outside_cryptomap_1
crypto map outside2_map 4 set peer [ip addr]
crypto map outside2_map 4 set ikev1 transform-set ESP-AES-256-SHA
crypto map outside2_map 5 match address outside_cryptomap_2
crypto map outside2_map 5 set peer [ip addr]
crypto map outside2_map 5 set ikev1 transform-set ESP-AES-256-SHA
crypto map outside2_map interface outside2
crypto ca trustpool policy`

```

@netify-gmail
Copy link

netify-gmail commented Jul 30, 2019
edited

Code sample for other 'crypto ikev1' or 'crypto ikev2' syntax:

crypto ikev2 policy 1
 encryption aes-256
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 10
 encryption aes-192
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 20
 encryption aes
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 enable outside2
crypto ikev1 policy 50
 authentication pre-share
 encryption aes-256
 hash sha
 group 2
 lifetime 86400

The 'enable outside' (or other interface value) are important to highlight

I wouldn't highlight the sub-entries under (for example) the '... ikev1 policy 50' section in this sample

@netify-gmail
Copy link

DHCP code blocks should highlight:

dhcpd auto_config outside
!
dhcpd address [start ip addr] - [end ip addr]  GuestWireless
dhcpd dns [ip addr] interface GuestWireless
dhcpd lease 300 interface GuestWireless
dhcpd domain [domain name] interface GuestWireless
dhcpd option 3 ip [ip addr] interface GuestWireless
dhcpd enable GuestWireless

@netify-gmail
Copy link

netify-gmail commented Jul 30, 2019
edited

NTP server IP addresses:

ntp server [ip addr] source outside2 prefer

Group-policy applied:

 vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
dynamic-access-policy-record DfltAccessPolicy

Username entry:
```username [username] password [pw] encrypted````

Tunnel-group values:

tunnel-group [ip addr] ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group [ip addr] type ipsec-l2l
tunnel-group [ip addr] ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group [ip addr] type ipsec-l2l
tunnel-group [ip addr] ipsec-attributes
 ikev1 pre-shared-key *****

@netify-gmail
Copy link

Service-object entries:

This line is currently highlighted:
object-group service H323

These are not highlighted:

 service-object object h323_2 
 service-object tcp destination eq h323 
 service-object object h323_1

@netify-gmail
Copy link

netify-gmail commented Jul 30, 2019
edited

This entry is highlighted:
network-object host [ip addr]

This entry is NOT highlighted after the word 'network-object':
network-object [ip addr] 255.244.0.0

Again, this entry is highlighted:
network-object [ip addr] 255.255.0.0

@netify-gmail
Copy link

netify-gmail commented Jul 30, 2019
edited

A few inconsistencies with varying syntax:

Highlighted:
icmp permit [ip addr] 255.255.255.0 outside

Missed:
icmp permit host [ip addr] outside

@netify-gmail
Copy link

Flow-Export targets:

flow-export destination inside [ip addr] 2055

@netify-gmail
Copy link

netify-gmail commented Jul 30, 2019
edited

NAT statements without IP addresses:

Highlighted:
object network [obj name]
nat (inside,outside2) static [ip addr]

Highlighted:
object network spwwup

Missed:
nat (inside,outside2) static interface service tcp ssh 22222

@heyglen
Copy link
Owner

heyglen commented Aug 6, 2019

Hi netify,

I've pushed some of these in v2.31.0.

In the future, please open new issues per request and specify which syntax the commands should be a part of.

/Glen

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@heyglen @netify-gmail @smallhumans