Check that the bind vpn sstp (default 443) port is not bound to another service
We have done a similar check for http api and openconnect T4597`
To reproduce ad service HTTP commit and then add sstp:
set service https api gql set service https api keys id KID key 'foo' set service https api socket commit
Ports:
vyos@r14# sudo netstat -tulpn | grep 443 tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 6347/nginx: master tcp6 0 0 :::443 :::* LISTEN 6347/nginx: master [edit] vyos@r14#
Add sstp and recheck ports (expecting service accel-pppd but we see nginx)
set vpn sstp authentication local-users username test password 'test' set vpn sstp authentication mode 'local' set vpn sstp client-ip-pool subnet '192.168.170.0/24' set vpn sstp gateway-address '192.0.2.1' set vpn sstp ssl ca-certificate 'ca-ocserv' set vpn sstp ssl certificate 'srv-ocserv' commit vyos@r14# sudo netstat -tulpn | grep 443 tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 6347/nginx: master tcp6 0 0 :::443 :::* LISTEN 6347/nginx: master [edit] vyos@r14#
So we should check that port is not bonded to another service before commit. as expecting service for sstp accel-pppd
vyos@r14# sudo netstat -tulpn | grep 443 tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 7174/accel-pppd [edit] vyos@r14#