summaryrefslogtreecommitdiff
path: root/src/conf_mode/vpn_sstp.py
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2022-08-25 10:18:08 +0000
committerViacheslav Hletenko <v.gletenko@vyos.io>2022-08-25 10:18:08 +0000
commitac885f3e0912acebf0e3bc62582cc767dc9d5a6d (patch)
tree7c74858136466bcd8b2f903211444b82124a8527 /src/conf_mode/vpn_sstp.py
parent20090229009d0aa783560c74207dbccb1014ebe0 (diff)
downloadvyos-1x-ac885f3e0912acebf0e3bc62582cc767dc9d5a6d.tar.gz
vyos-1x-ac885f3e0912acebf0e3bc62582cc767dc9d5a6d.zip
sstp: T4644: Check SSTP bind port before commit
By default SSTP bind port '443' and this port can be used by another service like 'service https' or 'vpn openconnect' Check if port bound to another service
Diffstat (limited to 'src/conf_mode/vpn_sstp.py')
-rwxr-xr-xsrc/conf_mode/vpn_sstp.py8
1 files changed, 8 insertions, 0 deletions
diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py
index 23e5162ba..2949ab290 100755
--- a/src/conf_mode/vpn_sstp.py
+++ b/src/conf_mode/vpn_sstp.py
@@ -26,7 +26,9 @@ from vyos.pki import wrap_certificate
from vyos.pki import wrap_private_key
from vyos.template import render
from vyos.util import call
+from vyos.util import check_port_availability
from vyos.util import dict_search
+from vyos.util import is_listen_port_bind_service
from vyos.util import write_file
from vyos import ConfigError
from vyos import airbag
@@ -62,6 +64,12 @@ def verify(sstp):
if not sstp:
return None
+ port = sstp.get('port')
+ proto = 'tcp'
+ if check_port_availability('0.0.0.0', int(port), proto) is not True and \
+ not is_listen_port_bind_service(int(port), 'accel-pppd'):
+ raise ConfigError(f'"{proto}" port "{port}" is used by another service')
+
verify_accel_ppp_base_service(sstp)
if 'client_ip_pool' not in sstp and 'client_ipv6_pool' not in sstp: