hi,
I tried a minimal sstp config and commit. I got the error message that an ipv4 network for the clients is required.
Why can' I run it with ipv6 only?
Description
Description
Details
Details
- Difficulty level
- Unknown (require assessment)
- Version
- VyOS 1.3-rolling-202006070117
- Why the issue appeared?
- Will be filled on close
- Is it a breaking change?
- Unspecified (possibly destroys the router)
- Issue type
- Bug (incorrect behavior)
Related Objects
Related Objects
- Mentioned Here
- T3931: SSTP doesn't work after rewriting to PKI
Event Timeline
Comment Actions
To reproduce:
[edit vpn sstp] [email protected]# compare [edit vpn sstp] +authentication { + local-users { + username foo { + password bar + } + } + mode local +} +client-ipv6-pool { + prefix 2001:db8::/48 { + } +} +gateway-address 192.168.122.14 +ssl { + ca-cert-file /config/user-data/sstp/ca.crt + cert-file /config/user-data/sstp/server.crt + key-file /config/user-data/sstp/server.key +} [edit vpn sstp] [email protected]# commit [ vpn ] Note: the IPsec process will not start until you configure some tunnels, profiles, or L2TP/IPsec settings [ vpn sstp ] VyOS had an issue completing a command. Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/vpn_sstp.py", line 109, in <module> verify(c) File "/usr/libexec/vyos/conf_mode/vpn_sstp.py", line 53, in verify if not sstp['client_ip_pool']: KeyError: 'client_ip_pool'
Comment Actions
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1039
set vpn sstp authentication local-users username foo password 'bar' set vpn sstp authentication mode 'local' set vpn sstp client-ipv6-pool prefix 2001:db8::/48 set vpn sstp gateway-address '192.168.122.14' set vpn sstp ssl ca-cert-file '/config/user-data/sstp/ca.crt' set vpn sstp ssl cert-file '/config/user-data/sstp/server.crt' set vpn sstp ssl key-file '/config/user-data/sstp/server.key'
Chekc service:
[email protected]# commit [edit] [email protected]# ps ax | grep sstp 5863 ? Ssl 0:00 /usr/sbin/accel-pppd -d -p /run/accel-pppd/sstp.pid -c /run/accel-pppd/sstp.conf 5901 pts/0 S+ 0:00 grep sstp [edit] [email protected]#
Comment Actions
To enable IPv6 only it is required some new options in CLI, which are not presented in 1.3 yet
set vpn sstp ppp-options ipv4 allow(default)|deny set vpn sstp ppp-options ipv6 allow|deny|prefer|require
Also, it is required to load additional modules to sstp.conf:
[modules] ... ipv6_nd ipv6_dhcp ipv6pool [PPP] ... ipv4=deny
It is impossible to check this behavior in 1.4 as it not working after rewriting certificates to PKI T3931
Comment Actions
PR for 1.3 https://github.com/vyos/vyos-1x/pull/1060
set vpn sstp authentication local-users username foo password 'bar' set vpn sstp authentication local-users username foo2 password 'bar2' set vpn sstp authentication mode 'local' set vpn sstp client-ipv6-pool prefix 2001:db8::/48 set vpn sstp gateway-address '192.168.122.14' set vpn sstp ppp-options ipv4 'deny' set vpn sstp ppp-options ipv6 'allow' set vpn sstp ssl ca-cert-file '/config/user-data/sstp/ca.crt' set vpn sstp ssl cert-file '/config/user-data/sstp/server.crt' set vpn sstp ssl key-file '/config/user-data/sstp/server.key'
Check sessions:
[email protected]:~$ show sstp-server s sessions statistics [email protected]:~$ show sstp-server sessions ifname | username | ip | ip6 | ip6-dp | calling-sid | rate-limit | state | uptime | rx-bytes | tx-bytes --------+----------+-----------------------+-----------------------+--------+-----------------+------------+--------+----------+----------+---------- sstp0 | foo2 | 2001:db8:0:0:200::/64 | 2001:db8:0:0:200::/64 | | 192.168.122.222 | | active | 00:00:09 | 735 B | 506 B [email protected]:~$