Merge pull request #1496 from sever-sever/T4644

sstp: T4644: Check SSTP bind port before commit

1 files changed, 8 insertions, 0 deletions

diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py
index 23e5162ba..2949ab290 100755
--- a/src/conf_mode/vpn_sstp.py
+++ b/src/conf_mode/vpn_sstp.py
@@ -26,7 +26,9 @@ from vyos.pki import wrap_certificate
 from vyos.pki import wrap_private_key
 from vyos.template import render
 from vyos.util import call
+from vyos.util import check_port_availability
 from vyos.util import dict_search
+from vyos.util import is_listen_port_bind_service
 from vyos.util import write_file
 from vyos import ConfigError
 from vyos import airbag
@@ -62,6 +64,12 @@ def verify(sstp):
     if not sstp:
         return None
 
+    port = sstp.get('port')
+    proto = 'tcp'
+    if check_port_availability('0.0.0.0', int(port), proto) is not True and \
+            not is_listen_port_bind_service(int(port), 'accel-pppd'):
+        raise ConfigError(f'"{proto}" port "{port}" is used by another service')
+
     verify_accel_ppp_base_service(sstp)
 
     if 'client_ip_pool' not in sstp and 'client_ipv6_pool' not in sstp: