summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-05-09 17:29:36 +0200
committerGitHub <noreply@github.com>2024-05-09 17:29:36 +0200
commit0999a75da918485a26b3fbcd1be79711bfba1244 (patch)
treed69e4bea4fc31ea89e0498f939e53c9675234eba
parentc38795e317cd314c21e594467df3eea86ad188ab (diff)
parentfaf450705d464bf2a87bcd989c0e1f031a54c03e (diff)
downloadvyos-1x-0999a75da918485a26b3fbcd1be79711bfba1244.tar.gz
vyos-1x-0999a75da918485a26b3fbcd1be79711bfba1244.zip
Merge pull request #3438 from vyos/mergify/bp/sagitta/pr-3436
sstp: T4393: Add support to configure host-name (SNI) (backport #3436)
-rw-r--r--data/templates/accel-ppp/sstp.config.j23
-rw-r--r--interface-definitions/vpn_sstp.xml.in9
-rwxr-xr-xsmoketest/scripts/cli/test_vpn_sstp.py10
3 files changed, 22 insertions, 0 deletions
diff --git a/data/templates/accel-ppp/sstp.config.j2 b/data/templates/accel-ppp/sstp.config.j2
index b624f83a3..22fb55506 100644
--- a/data/templates/accel-ppp/sstp.config.j2
+++ b/data/templates/accel-ppp/sstp.config.j2
@@ -42,6 +42,9 @@ accept=ssl
ssl-ca-file=/run/accel-pppd/sstp-ca.pem
ssl-pemfile=/run/accel-pppd/sstp-cert.pem
ssl-keyfile=/run/accel-pppd/sstp-cert.key
+{% if host_name is vyos_defined %}
+host-name={{ host_name }}
+{% endif %}
{% if default_pool is vyos_defined %}
ip-pool={{ default_pool }}
{% endif %}
diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in
index d23a001d5..d9ed1c040 100644
--- a/interface-definitions/vpn_sstp.xml.in
+++ b/interface-definitions/vpn_sstp.xml.in
@@ -53,6 +53,15 @@
#include <include/accel-ppp/wins-server.xml.i>
#include <include/generic-description.xml.i>
#include <include/name-server-ipv4-ipv6.xml.i>
+ <leafNode name="host-name">
+ <properties>
+ <help>Only allow connection to specified host with the same TLS SNI</help>
+ <constraint>
+ #include <include/constraint/host-name.xml.i>
+ </constraint>
+ <constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage>
+ </properties>
+ </leafNode>
</children>
</node>
</children>
diff --git a/smoketest/scripts/cli/test_vpn_sstp.py b/smoketest/scripts/cli/test_vpn_sstp.py
index f0695d577..1a3e1df6e 100755
--- a/smoketest/scripts/cli/test_vpn_sstp.py
+++ b/smoketest/scripts/cli/test_vpn_sstp.py
@@ -75,6 +75,16 @@ class TestVPNSSTPServer(BasicAccelPPPTest.TestCase):
config = read_file(self._config_file)
self.assertIn(f'port={port}', config)
+ def test_sstp_host_name(self):
+ host_name = 'test.vyos.io'
+ self.set(['host-name', host_name])
+
+ self.basic_config()
+ self.cli_commit()
+
+ config = read_file(self._config_file)
+ self.assertIn(f'host-name={host_name}', config)
+
if __name__ == '__main__':
unittest.main(verbosity=2)