summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNataliia Solomko <natalirs1985@gmail.com>2024-05-09 16:35:48 +0300
committerNataliia Solomko <natalirs1985@gmail.com>2024-05-09 18:10:33 +0300
commit92b468b9a0d5eee8484601568227f7c56e71b119 (patch)
tree271444d4ff4deea1f081d0b1f371c4427f418ff8
parent52efc39691737fd0be965cad955758ca8b8e40e9 (diff)
downloadvyos-1x-92b468b9a0d5eee8484601568227f7c56e71b119.tar.gz
vyos-1x-92b468b9a0d5eee8484601568227f7c56e71b119.zip
sstp: T4393: Add support to configure host-name (SNI)
-rw-r--r--data/templates/accel-ppp/sstp.config.j23
-rw-r--r--interface-definitions/vpn_sstp.xml.in9
-rwxr-xr-xsmoketest/scripts/cli/test_vpn_sstp.py10
3 files changed, 22 insertions, 0 deletions
diff --git a/data/templates/accel-ppp/sstp.config.j2 b/data/templates/accel-ppp/sstp.config.j2
index b624f83a3..22fb55506 100644
--- a/data/templates/accel-ppp/sstp.config.j2
+++ b/data/templates/accel-ppp/sstp.config.j2
@@ -42,6 +42,9 @@ accept=ssl
ssl-ca-file=/run/accel-pppd/sstp-ca.pem
ssl-pemfile=/run/accel-pppd/sstp-cert.pem
ssl-keyfile=/run/accel-pppd/sstp-cert.key
+{% if host_name is vyos_defined %}
+host-name={{ host_name }}
+{% endif %}
{% if default_pool is vyos_defined %}
ip-pool={{ default_pool }}
{% endif %}
diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in
index d23a001d5..d9ed1c040 100644
--- a/interface-definitions/vpn_sstp.xml.in
+++ b/interface-definitions/vpn_sstp.xml.in
@@ -53,6 +53,15 @@
#include <include/accel-ppp/wins-server.xml.i>
#include <include/generic-description.xml.i>
#include <include/name-server-ipv4-ipv6.xml.i>
+ <leafNode name="host-name">
+ <properties>
+ <help>Only allow connection to specified host with the same TLS SNI</help>
+ <constraint>
+ #include <include/constraint/host-name.xml.i>
+ </constraint>
+ <constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage>
+ </properties>
+ </leafNode>
</children>
</node>
</children>
diff --git a/smoketest/scripts/cli/test_vpn_sstp.py b/smoketest/scripts/cli/test_vpn_sstp.py
index f0695d577..1a3e1df6e 100755
--- a/smoketest/scripts/cli/test_vpn_sstp.py
+++ b/smoketest/scripts/cli/test_vpn_sstp.py
@@ -75,6 +75,16 @@ class TestVPNSSTPServer(BasicAccelPPPTest.TestCase):
config = read_file(self._config_file)
self.assertIn(f'port={port}', config)
+ def test_sstp_host_name(self):
+ host_name = 'test.vyos.io'
+ self.set(['host-name', host_name])
+
+ self.basic_config()
+ self.cli_commit()
+
+ config = read_file(self._config_file)
+ self.assertIn(f'host-name={host_name}', config)
+
if __name__ == '__main__':
unittest.main(verbosity=2)