From 92b468b9a0d5eee8484601568227f7c56e71b119 Mon Sep 17 00:00:00 2001 From: Nataliia Solomko Date: Thu, 9 May 2024 16:35:48 +0300 Subject: sstp: T4393: Add support to configure host-name (SNI) --- data/templates/accel-ppp/sstp.config.j2 | 3 +++ interface-definitions/vpn_sstp.xml.in | 9 +++++++++ smoketest/scripts/cli/test_vpn_sstp.py | 10 ++++++++++ 3 files changed, 22 insertions(+) diff --git a/data/templates/accel-ppp/sstp.config.j2 b/data/templates/accel-ppp/sstp.config.j2 index b624f83a3..22fb55506 100644 --- a/data/templates/accel-ppp/sstp.config.j2 +++ b/data/templates/accel-ppp/sstp.config.j2 @@ -42,6 +42,9 @@ accept=ssl ssl-ca-file=/run/accel-pppd/sstp-ca.pem ssl-pemfile=/run/accel-pppd/sstp-cert.pem ssl-keyfile=/run/accel-pppd/sstp-cert.key +{% if host_name is vyos_defined %} +host-name={{ host_name }} +{% endif %} {% if default_pool is vyos_defined %} ip-pool={{ default_pool }} {% endif %} diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in index d23a001d5..d9ed1c040 100644 --- a/interface-definitions/vpn_sstp.xml.in +++ b/interface-definitions/vpn_sstp.xml.in @@ -53,6 +53,15 @@ #include #include #include + + + Only allow connection to specified host with the same TLS SNI + + #include + + Host-name must be alphanumeric and can contain hyphens + + diff --git a/smoketest/scripts/cli/test_vpn_sstp.py b/smoketest/scripts/cli/test_vpn_sstp.py index f0695d577..1a3e1df6e 100755 --- a/smoketest/scripts/cli/test_vpn_sstp.py +++ b/smoketest/scripts/cli/test_vpn_sstp.py @@ -75,6 +75,16 @@ class TestVPNSSTPServer(BasicAccelPPPTest.TestCase): config = read_file(self._config_file) self.assertIn(f'port={port}', config) + def test_sstp_host_name(self): + host_name = 'test.vyos.io' + self.set(['host-name', host_name]) + + self.basic_config() + self.cli_commit() + + config = read_file(self._config_file) + self.assertIn(f'host-name={host_name}', config) + if __name__ == '__main__': unittest.main(verbosity=2) -- cgit v1.2.3