SSTP sessions disconnected on commit and encrypted local passwords

Hello,

i have noticed that all active SSTP sessions are getting dropped on commit config when there is a change related to SSTP - in my case adding/removing local users.

Is this expected and is there a way to work around this?

Furthermore customers are not happy with cleartext passwords in the config. I’ve seen that accel-pppd supports encrytped passwords in the chap.secrets file, but i dont see a way to do that in VyOS. Is there a way to keep the passwords for local VPN users encrypted, similarly to the admin accounts?

Hi @blazarov,

you could try the following:

edit /usr/libexec/vyos/conf_mode/vpn_sstp.py and replace this line https://github.com/vyos/vyos-1x/blob/current/src/conf_mode/vpn_sstp.py#L141 with reload instead of restart and see if it not drops connections.

The best way would be to file an official bug report at https://phabricator.vyos.net.

About the password hash - if it’s supported by Accel-PPP I see no reason to not also support it from the CLI as we do the same for SNMPv3 or admin passwords.

thanks for pointing out how the process actually works. i can see what is going on. Actually chap secrets is read on the fly so as far as changes in local credentials is concerned neither reload nor restart is needed for accel-pppd. BTW have you seen line 120 of the same file? :slight_smile:

For the encrypted passwords - i did not get you, do you mean that it is doable currently, if you can you give some hints?