Initial commit (tested, PoC compatible with Mikrotik)

.gitignore

@@ -0,0 +1 @@
+/privkey.pem

accel-ppp.conf

@@ -0,0 +1,83 @@
+[modules]
+#log_syslog
+log_file
+pptp
+sstp
+auth_pap
+auth_chap_md5
+auth_mschap_v1
+auth_mschap_v2
+chap-secrets
+ippool
+ipv6_nd
+ipv6_dhcp
+ipv6pool
+#iprange
+pppd_compat
+
+[common]
+single-session=replace
+
+[chap-secrets]
+chap-secrets=/etc/ppp/chap-secrets
+
+[ppp]
+verbose=5
+mtu=1550
+mru=1550
+accomp=allow
+pcomp=allow
+ipv4=prefer
+ipv6=allow
+lcp-echo-interval=30
+lcp-echo-failure=3
+lcp-echo-timeout=5
+
+
+[client-ip-range]
+0.0.0.0/0
+::/0
+
+[sstp]
+port=443
+verbose=5
+#accept=proxy,ssl
+accept=ssl
+ssl-pemfile=/etc/cert.pem
+ssl-keyfile=/etc/privkey.pem
+ssl-ca-file=/etc/ca.pem
+#host-name=sni_name
+http-error=allow
+#https://host.tld/path
+ppp-max-mtu=1480
+ip-pool=v4pool
+ipv6-pool=v6pool
+pv6-pool-delegate=v6pool-delegate
+
+[dns]
+dns1=8.8.8.8
+
+[ip-pool]
+gw-ip-address=192.168.95.1
+tunnel=192.168.95.2-254,v4pool
+192.168.95.0/24,v4pool
+
+[ipv6-dns]
+dns=2001:4860:4860::8888
+
+[ipv6-pool]
+gw-ip6-address=fc00:b10c:0::
+fc00:b10c:0001::/48,64,name=v6pool
+fc00:b10c:0002::/48,64,name=v6pool-delegate
+
+[ipv6-nd]
+verbose=1
+
+[log]
+#level=4
+level=5
+log-file=/dev/stdout
+log-debug=/dev/stdout
+log-emerg=/dev/stderr
+log-fail-file=/dev/stderr
+copy=1

ca.pem

@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIENzCCAx+gAwIBAgIUGIR7o8sMQBKIJFUEoTc4GDivuFUwDQYJKoZIhvcNAQEL
+BQAwgaoxCzAJBgNVBAYTAnJ1MRkwFwYDVQQIDBBTYWludC1QZXRlcnNidXJnMRkw
+FwYDVQQHDBBTYWludC1QZXRlcnNidXJnMRswGQYDVQQKDBJUZXJla2hpbiBBbGV4
+YW5kZXIxDDAKBgNVBAsMA2RldjEbMBkGA1UEAwwSVGVyZWtoaW4gQWxleGFuZGVy
+MR0wGwYJKoZIhvcNAQkBFg5hbGV4QGJlYXJucy5tZTAeFw0yNDA4MTYxMTI0NDha
+Fw0yNzA2MDYxMTI0NDhaMIGqMQswCQYDVQQGEwJydTEZMBcGA1UECAwQU2FpbnQt
+UGV0ZXJzYnVyZzEZMBcGA1UEBwwQU2FpbnQtUGV0ZXJzYnVyZzEbMBkGA1UECgwS
+VGVyZWtoaW4gQWxleGFuZGVyMQwwCgYDVQQLDANkZXYxGzAZBgNVBAMMElRlcmVr
+aGluIEFsZXhhbmRlcjEdMBsGCSqGSIb3DQEJARYOYWxleEBiZWFybnMubWUwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9WtUf+He0fGLXp7ywkhS/FFif
+OJiGMqUbadXy+NFM1BcABLpBbhuYUjDa4UA31629L0p0MgZdVSXLxWiY12C6nNDF
+/HqwP8ez4Pgtf+nnAubPvtUL+KcndMWmY9RFmadSuHwLX5JDvBmxqP2CpWj3J7O0
+k2ndrpgv6I26rFVuB5Gu/tYmjDayz1FEnWKIMzhV+zCZ27hbwVRs+9NzSbOOPz5Z
+dVhlpbXw9mIDyoUjVc51nt00QdeacJ4csFVC1F8DQ1eIXDTg+clFBSy7L4NRWQfc
+uIkkbB+4kYmC6lv0QMM0lMZ3WbTy5BdyVVW+/QmGk29qLxvLJJlv000ZKTURAgMB
+AAGjUzBRMB0GA1UdDgQWBBTtL0OU6B+NvQTn4zpJHtBCfMB7xDAfBgNVHSMEGDAW
+gBTtL0OU6B+NvQTn4zpJHtBCfMB7xDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQBe8G+h+5O1Exoj298kW3Nczoi2Mxr2SIpi9AQvuhYzYkQoFBSA
+0t6GS7WU1rQFXrO0SWedWL2iasX5V4wxK+YXP92hH0Wg0UnUmdKkkhcQRm7Yivo5
+YdZYgx2yb9HGZ7cGn6if26k6R/pm9dWkk93rTVrDwBxho74kTA4nq1D7aYTn3qMS
+FzFPehVKBGjLzuWoujlythKL0rLQL8YXEfQ+wYt6pX3bEyJnrGtImZwhMUK1gX90
+mgb+dhbPV7d7I9UTb9lx2OG5FyOAzOHiZbX2M1/wxOhQvnch6xwxwnJqd4iK1Aec
+/i9ntiVcf2oWfw27DXsIBJbiUXJh6349yC39
+-----END CERTIFICATE-----

cert.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDyjCCArICFDCD8Puy2rJtSajwPYUNuOHnM5tUMA0GCSqGSIb3DQEBCwUAMIGq
+MQswCQYDVQQGEwJydTEZMBcGA1UECAwQU2FpbnQtUGV0ZXJzYnVyZzEZMBcGA1UE
+BwwQU2FpbnQtUGV0ZXJzYnVyZzEbMBkGA1UECgwSVGVyZWtoaW4gQWxleGFuZGVy
+MQwwCgYDVQQLDANkZXYxGzAZBgNVBAMMElRlcmVraGluIEFsZXhhbmRlcjEdMBsG
+CSqGSIb3DQEJARYOYWxleEBiZWFybnMubWUwHhcNMjQxMjA5MDAwNDAzWhcNMjUx
+MjA5MDAwNDAzWjCBlzELMAkGA1UEBhMCcnUxGTAXBgNVBAgMEFNhaW50LVBldGVy
+c2J1cmcxGTAXBgNVBAcMEFNhaW50LVBldGVyc2J1cmcxGzAZBgNVBAoMElRlcmVr
+aGluIEFsZXhhbmRlcjEWMBQGA1UEAwwNYXBpLmJlYXJucy5tZTEdMBsGCSqGSIb3
+DQEJARYOYWxleEBiZWFybnMubWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCv89+4KbomK6lpTniHgR4Li8eiEe2cyTuJW6bz0rgYZmUhO/4OKM5Hlv+w
+s73KPDlMEd3PJnanwnw36MTqoGcfmMqsv6jxq3U/Esjua5lR4+m8JFBV2ESrB5vM
+8x2EnSBbmLhijEBSf+C60pIWMxRLhml7P9J5SaSi0ksPGE0Efzse6uICYnXi3ApR
+L8hqQ0Hu2/yBIcJR/4VepkP9riHAnnBLRtXlRo0Y3mSrQaCgd+cx4qp3gKF6BbJK
+MivT2rgah/7kZIXwUigp3U4OCRIQ8HydpI4UozJNj9StDG96MysdzSzv5vwipcVw
+WbsaJVfSuJ4i4QoaSvnjVfE8ChldAgMBAAEwDQYJKoZIhvcNAQELBQADggEBALx8
+/3Sdy+gz+Yguu9acInU5AbJ+GtJMn0QSXgXTa/R+2ShCF7kfV7tRh8RPI6mZc83M
+UGYDJG6VXbFc6eSB2H2Hy0aWkp/2+glNCPXKk707FIK4Ww2jwJUqHcs9GYEchekL
+7C8PLXBK8GjErtONZhi8Q5yMPFsi+2l1Nze6hHbOfPqTXjDU+qixo5hJjQZRg12i
+FPQxs7eH+30V7fbr88DAI+NcHwaGmJF8xT7g3dLFdwqXkQuGHa7PjNescKry6tg2
+Y8nd5xi8F815yL9k5Vj8zvOn5FRZrXb1M7+DRr3YsG5AwdgLJTfdpFoXSY0anTyI
+HfSSA70qcRa6IJRVon8=
+-----END CERTIFICATE-----

chap-secrets

@@ -0,0 +1,6 @@
+#client     server      secret      ip-address      speed
+user001     *           password1   *
+user002     *           passowrd2   *               10240/10240
+user003     *           passowrd3   ip_pool1        10240
+eth0.101    *           eth0.101    ipoe_pool       20480
+100.64.0.2  *           100.64.0.2  *

compose.yaml

@@ -0,0 +1,20 @@
+name: accel-ppp
+
+services:
+  sstp:
+    build: ./sstp
+    volumes:
+      - ./accel-ppp.conf:/etc/accel-ppp.conf:ro
+      - ./chap-secrets:/etc/ppp/chap-secrets:ro
+      - ./cert.pem:/etc/cert.pem:ro
+      - ./privkey.pem:/etc/privkey.pem:ro
+      - ./ca.pem:/etc/ca.pem:ro
+    expose:
+      - "443/tcp"
+    ports:
+      - "443:443/tcp"
+    devices:
+      - "/dev/ppp:/dev/ppp:rwm"
+
+    cap_add:
+      - NET_ADMIN

sstp/Dockerfile

@@ -0,0 +1,28 @@
+FROM debian:12 as builder
+ENV release=1.13
+RUN apt-get update && apt-get install -y git build-essential cmake gcc git libpcre3-dev libssl-dev linux-libc-dev
+
+RUN git clone --branch $release --depth 1  https://github.com/accel-ppp/accel-ppp.git /usr/src/accel-ppp
+
+WORKDIR /usr/src/accel-ppp/build
+
+RUN cmake \
+        -DRADIUS=TRUE \
+        -DNETSNMP=FALSE \
+        -DCMAKE_INSTALL_PREFIX=/usr \
+        ..
+
+RUN make install
+
+
+FROM debian:12
+
+RUN apt-get update && apt-get install -y libpcre3 libssl3 ppp
+
+COPY --from=builder /usr/sbin/accel-pppd /usr/sbin/accel-pppd
+COPY --from=builder /usr/bin/accel-cmd /usr/bin/accel-cmd
+COPY --from=builder /usr/share/accel-ppp /usr/share/accel-ppp
+COPY --from=builder /usr/lib64/accel-ppp /usr/lib64/accel-ppp
+
+ENTRYPOINT ["/usr/sbin/accel-pppd"]
+CMD ["-c", "/etc/accel-ppp.conf"]