diff options
| -rw-r--r-- | data/templates/accel-ppp/sstp.config.j2 | 1 | ||||
| -rw-r--r-- | interface-definitions/vpn_sstp.xml.in | 14 | ||||
| -rwxr-xr-x | src/conf_mode/vpn_sstp.py | 10 |
3 files changed, 23 insertions, 2 deletions
diff --git a/data/templates/accel-ppp/sstp.config.j2 b/data/templates/accel-ppp/sstp.config.j2 index 5c6f19306..7ee28dd21 100644 --- a/data/templates/accel-ppp/sstp.config.j2 +++ b/data/templates/accel-ppp/sstp.config.j2 @@ -28,6 +28,7 @@ disable [sstp] verbose=1 ifname=sstp%d +port={{ port }} accept=ssl ssl-ca-file=/run/accel-pppd/sstp-ca.pem ssl-pemfile=/run/accel-pppd/sstp-cert.pem diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in index fe2fea9f8..c85cab7dc 100644 --- a/interface-definitions/vpn_sstp.xml.in +++ b/interface-definitions/vpn_sstp.xml.in @@ -37,6 +37,20 @@ </children> </node> #include <include/accel-ppp/client-ipv6-pool.xml.i> + <leafNode name="port"> + <properties> + <help>SSTP server listening port</help> + <valueHelp> + <format>u32:1-65535</format> + <description>SSTP server listening port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + <constraintErrorMessage>SSTP server listening port must be between 1 and 65535</constraintErrorMessage> + </properties> + <defaultValue>443</defaultValue> + </leafNode> <node name="ppp-options"> <properties> <help>PPP (Point-to-Point Protocol) settings</help> diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py index db53463cf..c2dc97caf 100755 --- a/src/conf_mode/vpn_sstp.py +++ b/src/conf_mode/vpn_sstp.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018-2020 VyOS maintainers and contributors +# Copyright (C) 2018-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -20,6 +20,7 @@ from sys import exit from vyos.config import Config from vyos.configdict import get_accel_dict +from vyos.configdict import dict_merge from vyos.configverify import verify_accel_ppp_base_service from vyos.pki import wrap_certificate from vyos.pki import wrap_private_key @@ -27,6 +28,7 @@ from vyos.template import render from vyos.util import call from vyos.util import dict_search from vyos.util import write_file +from vyos.xml import defaults from vyos import ConfigError from vyos import airbag airbag.enable() @@ -51,6 +53,11 @@ def get_config(config=None): # retrieve common dictionary keys sstp = get_accel_dict(conf, base, sstp_chap_secrets) + default_values = defaults(base) + sstp = dict_merge(default_values, sstp) + # workaround a "know limitation" - https://phabricator.vyos.net/T2665 + del sstp['authentication']['local_users']['username']['static_ip'] + if sstp: sstp['pki'] = conf.get_config_dict(['pki'], key_mangling=('-', '_'), get_first_key=True, no_tag_node_value_mangle=True) @@ -121,7 +128,6 @@ def generate(sstp): ca_cert_name = sstp['ssl']['ca_certificate'] pki_ca = sstp['pki']['ca'][ca_cert_name] - write_file(cert_file_path, wrap_certificate(pki_cert['certificate'])) write_file(cert_key_path, wrap_private_key(pki_cert['private']['key'])) write_file(ca_cert_file_path, wrap_certificate(pki_ca['certificate'])) |