diff options
author | Nataliia Solomko <natalirs1985@gmail.com> | 2024-05-09 16:35:48 +0300 |
---|---|---|
committer | Nataliia Solomko <natalirs1985@gmail.com> | 2024-05-09 18:10:33 +0300 |
commit | 92b468b9a0d5eee8484601568227f7c56e71b119 (patch) | |
tree | 271444d4ff4deea1f081d0b1f371c4427f418ff8 | |
parent | 52efc39691737fd0be965cad955758ca8b8e40e9 (diff) | |
download | vyos-1x-92b468b9a0d5eee8484601568227f7c56e71b119.tar.gz vyos-1x-92b468b9a0d5eee8484601568227f7c56e71b119.zip |
sstp: T4393: Add support to configure host-name (SNI)
-rw-r--r-- | data/templates/accel-ppp/sstp.config.j2 | 3 | ||||
-rw-r--r-- | interface-definitions/vpn_sstp.xml.in | 9 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_vpn_sstp.py | 10 |
3 files changed, 22 insertions, 0 deletions
diff --git a/data/templates/accel-ppp/sstp.config.j2 b/data/templates/accel-ppp/sstp.config.j2 index b624f83a3..22fb55506 100644 --- a/data/templates/accel-ppp/sstp.config.j2 +++ b/data/templates/accel-ppp/sstp.config.j2 @@ -42,6 +42,9 @@ accept=ssl ssl-ca-file=/run/accel-pppd/sstp-ca.pem ssl-pemfile=/run/accel-pppd/sstp-cert.pem ssl-keyfile=/run/accel-pppd/sstp-cert.key +{% if host_name is vyos_defined %} +host-name={{ host_name }} +{% endif %} {% if default_pool is vyos_defined %} ip-pool={{ default_pool }} {% endif %} diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in index d23a001d5..d9ed1c040 100644 --- a/interface-definitions/vpn_sstp.xml.in +++ b/interface-definitions/vpn_sstp.xml.in @@ -53,6 +53,15 @@ #include <include/accel-ppp/wins-server.xml.i> #include <include/generic-description.xml.i> #include <include/name-server-ipv4-ipv6.xml.i> + <leafNode name="host-name"> + <properties> + <help>Only allow connection to specified host with the same TLS SNI</help> + <constraint> + #include <include/constraint/host-name.xml.i> + </constraint> + <constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage> + </properties> + </leafNode> </children> </node> </children> diff --git a/smoketest/scripts/cli/test_vpn_sstp.py b/smoketest/scripts/cli/test_vpn_sstp.py index f0695d577..1a3e1df6e 100755 --- a/smoketest/scripts/cli/test_vpn_sstp.py +++ b/smoketest/scripts/cli/test_vpn_sstp.py @@ -75,6 +75,16 @@ class TestVPNSSTPServer(BasicAccelPPPTest.TestCase): config = read_file(self._config_file) self.assertIn(f'port={port}', config) + def test_sstp_host_name(self): + host_name = 'test.vyos.io' + self.set(['host-name', host_name]) + + self.basic_config() + self.cli_commit() + + config = read_file(self._config_file) + self.assertIn(f'host-name={host_name}', config) + if __name__ == '__main__': unittest.main(verbosity=2) |