Merge pull request #3438 from vyos/mergify/bp/sagitta/pr-3436

sstp: T4393: Add support to configure host-name (SNI) (backport #3436)
vyos · May 9, 2024 · 0999a75 · 0999a75
2 parents c38795e + faf4507
commit 0999a75
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 0 deletions.
diff --git a/data/templates/accel-ppp/sstp.config.j2 b/data/templates/accel-ppp/sstp.config.j2
@@ -42,6 +42,9 @@ accept=ssl
 ssl-ca-file=/run/accel-pppd/sstp-ca.pem
 ssl-pemfile=/run/accel-pppd/sstp-cert.pem
 ssl-keyfile=/run/accel-pppd/sstp-cert.key
+{% if host_name is vyos_defined %}
+host-name={{ host_name }}
+{% endif %}
 {% if default_pool is vyos_defined %}
 ip-pool={{ default_pool }}
 {% endif %}

diff --git a/interface-definitions/vpn_sstp.xml.in b/interface-definitions/vpn_sstp.xml.in
@@ -53,6 +53,15 @@
           #include <include/accel-ppp/wins-server.xml.i>
           #include <include/generic-description.xml.i>
           #include <include/name-server-ipv4-ipv6.xml.i>
+          <leafNode name="host-name">
+            <properties>
+              <help>Only allow connection to specified host with the same TLS SNI</help>
+              <constraint>
+                #include <include/constraint/host-name.xml.i>
+              </constraint>
+              <constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage>
+            </properties>
+          </leafNode>
         </children>
       </node>
     </children>

diff --git a/smoketest/scripts/cli/test_vpn_sstp.py b/smoketest/scripts/cli/test_vpn_sstp.py
@@ -75,6 +75,16 @@ def test_accel_local_authentication(self):
         config = read_file(self._config_file)
         self.assertIn(f'port={port}', config)
 
+    def test_sstp_host_name(self):
+        host_name = 'test.vyos.io'
+        self.set(['host-name', host_name])
+
+        self.basic_config()
+        self.cli_commit()
+
+        config = read_file(self._config_file)
+        self.assertIn(f'host-name={host_name}', config)
+
 
 if __name__ == '__main__':
     unittest.main(verbosity=2)