blob: 480c9a421772c4cc5f2f223901b20a5ded277837 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
.. _sstp:
[sstp]
======
Configuration options of sstp module.
Configuration of SSTP module.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
**bind=x.x.x.x|ipv6address|unix:pathname|unix:@abstract**
If this option is given then sstp server will bind to specified IP address or unix pathname/abstract socket.
**port=n**
If this option is given then sstp server will bind to specified port. Default is 443.
**verbose=n**
If this option is given and n is greater of zero then sstp module will produce verbose logging.
**timeout=n**
Timeout waiting reply from client in seconds. Default is 60.
**hello-interval=n**
If this option is given and greater then zero then sstp will send echo-request every n seconds and drop connection without a reply. Default is 60.
**accept=ssl,proxy**
Specifies incoming connection acceptance mode.
* **ssl** - enable SSL/TLS support.
* **proxy** - enable PROXY protocol 1 & 2 support.
**ssl-dhparam=pemfile**
Specifies a file with DH parameters for DHE ciphers.
**ssl-ecdh-curve=string**
Specifies a curves for ECDHE ciphers. Value is specified in the format understood by the OpenSSL library.
**ssl-ciphers=string**
Specifies the enabled ciphers. The ciphers are specified in the format understood by the OpenSSL library.
**ssl-prefer-server-ciphers=n**
If this option is given and n is greater of zero then server ciphers should be preferred over client ciphers. Default is 0.
**ssl-pemfile=pemfile**
Specifies a file with the certificate in the PEM format for sstp server. Certificate is also used to compute initial SHA1 and SHA256 certificate hash.
**ssl-keyfile=keyfile**
Specifies a file with the secret key in the PEM format for sstp server. If not set, secret key will be loaded from the pemfile certificate.
**cert-hash-proto=sha1,sha256**
Specifies hashing methods that can be used to compute the Compound MAC in the Crypto Binding attribute. Default is sha1 and sha256 both.
**cert-hash-sha1=hexstring**
Given hexadecimal value overrides SHA1 hash computed from the pemfile certificate or used directly for non-ssl mode.
**cert-hash-sha256=hexstring**
Given hexadecimal value overrides SHA256 hash computed from the pemfile certificate or used directly for non-ssl mode.
**host-name=string**
If this option is given, only sstp connection to specified host and with the same TLS SNI will be allowed.
**http-error=deny|allow|http[s]://host.tld[/path]**
Specify http layer error behavior for non-sstp requests.
* **deny** - reset connection without any error response.
* **allow** - respond with http-specific status codes.
* **http[s]://host.tld[/path]** - respond with http redirect to the specified location. If /path is not specified, requested uri will be appended automatically
Default value is allow.
**ifname=ifname**
If this option is given ppp interface will be renamed using ifname as a template, i.e `sstp%d => sstp0`.
**ppp-max-mtu=n**
Set the maximun MTU value that can be negociated for PPP over SSTP sessions. Default value is 1452, maximum is 4087.
|
