Page 1 of 1
Feature Request: SSTP Client TLS SNI Extension
Posted: Wed Sep 08, 2021 8:15 am
by kve
Please add an option to the sstp client that allows to specify the SNI extension in the tls client hello message. This would be very useful when using haproxy for example, and will increase the effectiveness of the protocol when passing through various firewalls and dpi.
Thank you!
Re: Feature Request: SSTP Client TLS SNI Extension
Posted: Thu Aug 10, 2023 10:36 pm
by soheilsh
This issue of sni in sstp is very important and adding it is not difficult at all, with the situation that governments have taken to suppress the internet, network tools need to be equipped with such things, but unfortunately, Mikrotik has no interest in updating these things. does not have
Re: Feature Request: SSTP Client TLS SNI Extension
Posted: Fri Aug 11, 2023 5:57 am
by Amm0
Never thought about this, but I can see how SNI be useful with SSTP.
But it still HTTPS, so you theoretically use NGNIX in a container as reverse proxy for SSTP . As NGNIX could deal with the TLS SNI, and then proxy to real Mikrotik SSTP server without it. More work, but be one solution.
Re: Feature Request: SSTP Client TLS SNI Extension
Posted: Tue Nov 21, 2023 11:45 am
by Eugenn
I'd like to support this request.
Please add possibility to specify SNI in SSTP protocol
Re: Feature Request: SSTP Client TLS SNI Extension
Posted: Tue Apr 16, 2024 5:06 pm
by oskarsk
Feature added, will be available within next testing version, 7.15beta10
Re: Feature Request: SSTP Client TLS SNI Extension
Posted: Tue Apr 16, 2024 8:44 pm
by own3r1138
Feature added, will be available within next testing version, 7.15beta10
Hooray
Re: Feature Request: SSTP Client TLS SNI Extension
Posted: Tue Sep 24, 2024 10:27 pm
by Student99
Hi, this feature has only 2 option (yes/no)
Is there a way to put the specific TLS SNI address?
or this option does not exist in Mikrotik OS yet?
I tried in terminal too, this feature only has that 2 option that the GUI shows(yes/no)
Re: Feature Request: SSTP Client TLS SNI Extension
Posted: Wed Sep 25, 2024 4:18 am
by vecernik87
The SNI value is implied by server address. If my client connects to vpn.example.com, then SNI value should be vpn.example.com
What use case is for having specific SNI, which would be different from server's address?
Re: Feature Request: SSTP Client TLS SNI Extension
Posted: Fri Sep 27, 2024 1:45 pm
by Student99
Some SSTP clients In android devices like "open sstp client" & "vpn client pro" give this option. you try to connect to your vpn server like "vpn.example.com" but you use the SNI value "somthingelse.somthingelse.com" In those guide I studied some of the SNI they used was "yahoo.com" or "cdn.appflyer.com" I don't really know the fundamental of the using SNI but these custom SNI option helps to bypass some restriction for connecting to SSTP server in my location.
That's why i need to use custom SNI and not the one my vpn server provides.