diff options
author | Christian Breunig <christian@breunig.cc> | 2024-05-09 17:29:36 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-05-09 17:29:36 +0200 |
commit | 0999a75da918485a26b3fbcd1be79711bfba1244 (patch) | |
tree | d69e4bea4fc31ea89e0498f939e53c9675234eba | |
parent | c38795e317cd314c21e594467df3eea86ad188ab (diff) | |
parent | faf450705d464bf2a87bcd989c0e1f031a54c03e (diff) | |
download | vyos-1x-0999a75da918485a26b3fbcd1be79711bfba1244.tar.gz vyos-1x-0999a75da918485a26b3fbcd1be79711bfba1244.zip |
Merge pull request #3438 from vyos/mergify/bp/sagitta/pr-3436
sstp: T4393: Add support to configure host-name (SNI) (backport #3436)
-rw-r--r-- | data/templates/accel-ppp/sstp.config.j2 | 3 | ||||
-rw-r--r-- | interface-definitions/vpn_sstp.xml.in | 9 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_vpn_sstp.py | 10 |
3 files changed, 22 insertions, 0 deletions
diff --git a/data/templates/accel-ppp/sstp.config.j2 b/data/templates/accel-ppp/sstp.config.j2 index b624f83a3..22fb55506 100644 --- a/data/templates/accel-ppp/sstp.config.j2 +++ b/data/templates/accel-ppp/sstp.config.j2 @@ -42,6 +42,9 @@ accept=ssl ssl-ca-file=/run/accel-pppd/sstp-ca.pem ssl-pemfile=/run/accel-pppd/sstp-cert.pem ssl-keyfile=/run/accel-pppd/sstp-cert.key +{% if host_name is vyos_defined %} +host-name={{ host_name }} +{% endif %} {% if default_pool is vyos_defined %} ip-pool={{ default_pool }} {% endif %} diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in index d23a001d5..d9ed1c040 100644 --- a/interface-definitions/vpn_sstp.xml.in +++ b/interface-definitions/vpn_sstp.xml.in @@ -53,6 +53,15 @@ #include <include/accel-ppp/wins-server.xml.i> #include <include/generic-description.xml.i> #include <include/name-server-ipv4-ipv6.xml.i> + <leafNode name="host-name"> + <properties> + <help>Only allow connection to specified host with the same TLS SNI</help> + <constraint> + #include <include/constraint/host-name.xml.i> + </constraint> + <constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage> + </properties> + </leafNode> </children> </node> </children> diff --git a/smoketest/scripts/cli/test_vpn_sstp.py b/smoketest/scripts/cli/test_vpn_sstp.py index f0695d577..1a3e1df6e 100755 --- a/smoketest/scripts/cli/test_vpn_sstp.py +++ b/smoketest/scripts/cli/test_vpn_sstp.py @@ -75,6 +75,16 @@ class TestVPNSSTPServer(BasicAccelPPPTest.TestCase): config = read_file(self._config_file) self.assertIn(f'port={port}', config) + def test_sstp_host_name(self): + host_name = 'test.vyos.io' + self.set(['host-name', host_name]) + + self.basic_config() + self.cli_commit() + + config = read_file(self._config_file) + self.assertIn(f'host-name={host_name}', config) + if __name__ == '__main__': unittest.main(verbosity=2) |