Please add an option to the sstp client that allows to specify the SNI extension in the tls client hello message. This would be very useful when using haproxy for example, and will increase the effectiveness of the protocol when passing through various firewalls and dpi.
Thank you!
Re: Feature Request: SSTP Client TLS SNI Extension
This issue of sni in sstp is very important and adding it is not difficult at all, with the situation that governments have taken to suppress the internet, network tools need to be equipped with such things, but unfortunately, Mikrotik has no interest in updating these things. does not have
Re: Feature Request: SSTP Client TLS SNI Extension
Never thought about this, but I can see how SNI be useful with SSTP.
But it still HTTPS, so you theoretically use NGNIX in a container as reverse proxy for SSTP . As NGNIX could deal with the TLS SNI, and then proxy to real Mikrotik SSTP server without it. More work, but be one solution.
But it still HTTPS, so you theoretically use NGNIX in a container as reverse proxy for SSTP . As NGNIX could deal with the TLS SNI, and then proxy to real Mikrotik SSTP server without it. More work, but be one solution.
Re: Feature Request: SSTP Client TLS SNI Extension
I'd like to support this request.
Please add possibility to specify SNI in SSTP protocol
Please add possibility to specify SNI in SSTP protocol
Re: Feature Request: SSTP Client TLS SNI Extension
Feature added, will be available within next testing version, 7.15beta10
Re: Feature Request: SSTP Client TLS SNI Extension
HoorayFeature added, will be available within next testing version, 7.15beta10
Re: Feature Request: SSTP Client TLS SNI Extension
Hi, this feature has only 2 option (yes/no)
Is there a way to put the specific TLS SNI address?
or this option does not exist in Mikrotik OS yet?
I tried in terminal too, this feature only has that 2 option that the GUI shows(yes/no)
Is there a way to put the specific TLS SNI address?
or this option does not exist in Mikrotik OS yet?
I tried in terminal too, this feature only has that 2 option that the GUI shows(yes/no)
-
-
vecernik87
Forum Veteran
- Posts: 891
- Joined:
Re: Feature Request: SSTP Client TLS SNI Extension
The SNI value is implied by server address. If my client connects to vpn.example.com, then SNI value should be vpn.example.com
What use case is for having specific SNI, which would be different from server's address?
What use case is for having specific SNI, which would be different from server's address?
Re: Feature Request: SSTP Client TLS SNI Extension
Some SSTP clients In android devices like "open sstp client" & "vpn client pro" give this option. you try to connect to your vpn server like "vpn.example.com" but you use the SNI value "somthingelse.somthingelse.com" In those guide I studied some of the SNI they used was "yahoo.com" or "cdn.appflyer.com" I don't really know the fundamental of the using SNI but these custom SNI option helps to bypass some restriction for connecting to SSTP server in my location.
That's why i need to use custom SNI and not the one my vpn server provides.
That's why i need to use custom SNI and not the one my vpn server provides.