sstp-client-devel Mailing List for sstp-client
Brought to you by:
eivnaes
Menu
▾
▴
sstp-client-devel — Development Activities
You can subscribe to this list here.
| 2011 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
(2) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2012 |
Jan
(1) |
Feb
(4) |
Mar
(2) |
Apr
|
May
(4) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2013 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2014 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(3) |
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2018 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Chengxuan T. <bla...@ya...> - 2018-02-12 10:20:05
|
Can i get a copy of the flow chart of the sstp client. Regards |
|
From: Илья <il...@ma...> - 2014-11-08 02:05:16
|
Hello! Thak you for your software. Elie do not answer to the latest questions, but problem is stil persist. I use libsstp-client0_1.0.9_amd64.deb and sstp-client_1.0.9_amd64.deb on Ubuntu 14.04.1 LTS. My SSTP server works on mikrotik router os 6.21 on mikrotik support team reports that there is a problem with ppp negotiation in linux sstp-client. I can reply to previous questions: 1) Software version - 1.0.9 2) Are you trying pon / poff, or passing credentials per command line automatically? I run sstpc only from command line with command: sstpc --log-level 4 --log-stderr --cert-warn --ca-cert PATH --user USER --password PASS IP 3) The output of the sstp-client and the pppd from syslog (/var/log/syslog), please run sstp-client with --log-level 4, and specify 'debug' in the pppd configuration. see in attachments Best regards, Ilia. |
|
From: Anthony W. <yp...@an...> - 2014-07-12 15:21:00
|
Hi, I am very new with this program so I appreciate any help with my question. After much testing, I can finally make sstpc to connect to a remote VPN server from the command line, but it fails when using pon. The command I use that can connect successfully is: $ sstpc --save-server-route --log-level 4 --cert-warn --user myusername --password mypassword remote_vpn_server usepeerdns require-mschap-v2 refuse-eap noauth debug Jul 12 20:23:11 raspberrypi sstpc[3483]: Server certificated failed verification, ignoring Jul 12 20:23:11 raspberrypi pppd[3493]: pppd 2.4.5 started by root, uid 0 Jul 12 20:23:11 raspberrypi pppd[3493]: using channel 16 Jul 12 20:23:11 raspberrypi pppd[3493]: Using interface ppp0 Jul 12 20:23:11 raspberrypi pppd[3493]: Connect: ppp0 <--> /dev/pts/8 Jul 12 20:23:11 raspberrypi pppd[3493]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x2407da70> <pcomp> <accomp>] Jul 12 20:23:11 raspberrypi pppd[3493]: rcvd [LCP ConfNak id=0x1 <magic 0x13e64829>] Jul 12 20:23:11 raspberrypi pppd[3493]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x2ccebdd8> <pcomp> <accomp>] Jul 12 20:23:11 raspberrypi pppd[3493]: rcvd [LCP ConfRej id=0x1 <asyncmap 0x0> <pcomp> <accomp>] Jul 12 20:23:11 raspberrypi pppd[3493]: rcvd [LCP ConfRej id=0x2 <asyncmap 0x0> <pcomp> <accomp>] Jul 12 20:23:11 raspberrypi pppd[3493]: sent [LCP ConfReq id=0x3 <magic 0x2ccebdd8>] Jul 12 20:23:12 raspberrypi pppd[3493]: rcvd [LCP ConfAck id=0x3 <magic 0x2ccebdd8>] Jul 12 20:23:14 raspberrypi pppd[3493]: rcvd [LCP ConfReq id=0x1 <auth chap MS-v2> <magic 0x2fc6cf29> <mru 1400>] Jul 12 20:23:14 raspberrypi pppd[3493]: sent [LCP ConfAck id=0x1 <auth chap MS-v2> <magic 0x2fc6cf29> <mru 1400>] Jul 12 20:23:14 raspberrypi pppd[3493]: sent [LCP EchoReq id=0x0 magic=0x2ccebdd8] Jul 12 20:23:14 raspberrypi pppd[3493]: rcvd [CHAP Challenge id=0x1 <598383abe0568b21f860a4d2bbcbe3fc>, name = ""] Jul 12 20:23:14 raspberrypi pppd[3493]: sent [CHAP Response id=0x1 <1c78047f93ef3336a4a3ce4ba3dadbf500000000000000006b3b914a4aba149183414c329ed558d6f124fe75617d73c900>, name = "xxxxxxxx"] Jul 12 20:23:14 raspberrypi pppd[3493]: rcvd [LCP EchoRep id=0x0 magic=0x2fc6cf29] Jul 12 20:23:15 raspberrypi pppd[3493]: rcvd [CHAP Success id=0x1 "S=83B340499E80A55D917B7DE39424A39D00CC8955 M=Authentication succeeded"] Jul 12 20:23:15 raspberrypi pppd[3493]: CHAP authentication succeeded Jul 12 20:23:15 raspberrypi pppd[3493]: sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>] Jul 12 20:23:15 raspberrypi pppd[3493]: sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>] Jul 12 20:23:15 raspberrypi pppd[3493]: rcvd [IPCP ConfReq id=0x1 <addr 198.18.128.1>] Jul 12 20:23:15 raspberrypi pppd[3493]: sent [IPCP ConfAck id=0x1 <addr 198.18.128.1>] Jul 12 20:23:15 raspberrypi pppd[3493]: rcvd [CCP ConfReq id=0x1] Jul 12 20:23:15 raspberrypi pppd[3493]: sent [CCP ConfAck id=0x1] Jul 12 20:23:15 raspberrypi pppd[3493]: rcvd [CCP ConfRej id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>] Jul 12 20:23:15 raspberrypi pppd[3493]: sent [CCP ConfReq id=0x2] Jul 12 20:23:15 raspberrypi pppd[3493]: rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>] Jul 12 20:23:15 raspberrypi pppd[3493]: sent [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>] Jul 12 20:23:15 raspberrypi pppd[3493]: rcvd [CCP ConfAck id=0x2] Jul 12 20:23:15 raspberrypi pppd[3493]: rcvd [IPCP ConfNak id=0x2 <addr 198.18.128.245> <ms-dns1 198.18.128.1>] Jul 12 20:23:15 raspberrypi pppd[3493]: sent [IPCP ConfReq id=0x3 <addr 198.18.128.245> <ms-dns1 198.18.128.1> <ms-dns2 0.0.0.0>] Jul 12 20:23:16 raspberrypi pppd[3493]: rcvd [IPCP ConfAck id=0x3 <addr 198.18.128.245> <ms-dns1 198.18.128.1> <ms-dns2 0.0.0.0>] Jul 12 20:23:16 raspberrypi pppd[3493]: local IP address 198.18.128.245 Jul 12 20:23:16 raspberrypi pppd[3493]: remote IP address 198.18.128.1 Jul 12 20:23:16 raspberrypi pppd[3493]: primary DNS address 198.18.128.1 Jul 12 20:23:16 raspberrypi pppd[3493]: Script /etc/ppp/ip-up started (pid 3546) Jul 12 20:23:17 raspberrypi pppd[3493]: Script /etc/ppp/ip-up finished (pid 3546), status = 0x0 Jul 12 20:23:18 raspberrypi ntpd[2141]: Listen normally on 11 ppp0 198.18.128.245 UDP 123 Jul 12 20:23:18 raspberrypi ntpd[2141]: 202.118.1.130 interface 192.168.0.101 -> 198.18.128.245 Jul 12 20:23:18 raspberrypi ntpd[2141]: 202.120.2.101 interface 192.168.0.101 -> 198.18.128.245 Jul 12 20:23:18 raspberrypi ntpd[2141]: 202.112.29.82 interface 192.168.0.101 -> 198.18.128.245 Jul 12 20:23:18 raspberrypi ntpd[2141]: peers refreshed But I have tried many times with pon, both on a standard Ubuntu 14.04 and Raspbian. My config and logs on Raspbian are as follows. Anyone has any ideas what is going wrong? Is there any way to output more debug messages for troubleshooting? /etc/ppp/chap-secrets: xxxxxxxx * password * /etc/ppp/peers/vpn: remotename vpn linkname vpn ipparam vpn pty "sstpc --ipparam vpn --nolaunchpppd --log-level 5 --log-stderr --cert-warn remote_vpn_server" name xxxxxxxx plugin sstp-pppd-plugin.so sstp-sock /var/run/sstpc/sstpc-vpn usepeerdns require-mschap-v2 refuse-eap refuse-pap refuse-chap require-mschap nobsdcomp nodeflate noauth debug /var/log/syslog: Jul 12 23:15:04 raspberrypi pppd[1823]: Plugin sstp-pppd-plugin.so loaded. Jul 12 23:15:04 raspberrypi pppd[1830]: pppd 2.4.5 started by root, uid 0 Jul 12 23:15:04 raspberrypi pppd[1830]: using channel 28 Jul 12 23:15:04 raspberrypi pppd[1830]: Using interface ppp0 Jul 12 23:15:04 raspberrypi pppd[1830]: Connect: ppp0 <--> /dev/pts/8 Jul 12 23:15:04 raspberrypi pppd[1830]: Script sstpc --ipparam vpn --nolaunchpppd --log-level 5 --log-stderr --cert-warn remote_vpn_server finished (pid 1831), status = 0xff Jul 12 23:15:04 raspberrypi pppd[1830]: Modem hangup Jul 12 23:15:04 raspberrypi pppd[1830]: Connection terminated. Jul 12 23:15:04 raspberrypi pppd[1830]: Exit. /var/log/debug: Jul 12 23:15:04 raspberrypi pppd[1830]: using channel 28 Jul 12 23:15:04 raspberrypi pppd[1830]: Script sstpc --ipparam vpn --nolaunchpppd --log-level 5 --log-stderr --cert-warn remote_vpn_server finished (pid 1831), status = 0xff Thanks, Anthony |
|
From: Anthony W. <yp...@an...> - 2014-07-12 12:12:07
|
Hi, I compiled sstp-client on Raspberry Pi but it fails to run, which is caused by a simple mistake to assume that char is unsigned. Change char to int can fix it. Please see the attached patch and accept it. After the change, sstpc seems to be running well. Thanks, Anthony Wong |
|
From: Anthony <yp...@yp...> - 2014-07-12 12:05:57
|
Hi, I compiled sstp-client on Raspberry Pi but it fails to run, which is caused by a simple mistake to assume that char is unsigned. Change char to int can fix it. Please see the attached patch and accept it. After the change, sstpc seems to be running well. Thanks, Anthony Wong |
|
From: dong <ilo...@16...> - 2013-03-09 05:44:42
|
Sorry for interrupting.I have new problem.I can not fix myself.Just add ca options. /etc/ppp/peers/sstp-1 file content: remotename sstp-1 linkname sstp-1 ipparam sstp-1 pty "sstpc --ipparam sstp-1 --log-level 4 --ca-path /home/xiang/mnt/config/openvpn/vpntech/sstpca/ --ca-cert sstpv1.avpn.us.crt --save-server-route --nolaunchpppd sstp v1.avpn.us" name dxq83 plugin sstp-pppd-plugin.so sstp-sock /var/run/sstpc/sstpc-sstp-1 usepeerdns refuse-eap noauth debug defaultroute log: Mar 8 23:30:52 debian pppd[27766]: Plugin sstp-pppd-plugin.so loaded. Mar 8 23:30:52 debian pppd[27767]: pppd 2.4.5 started by root, uid 0 Mar 8 23:30:52 debian pppd[27767]: using channel 8 Mar 8 23:30:52 debian pppd[27767]: Using interface ppp1 Mar 8 23:30:52 debian pppd[27767]: Connect: ppp1 <--> /dev/pts/4 Mar 8 23:30:52 debian NetworkManager[2704]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/ppp1, iface: ppp1) Mar 8 23:30:52 debian NetworkManager[2704]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/ppp1, iface: ppp1): no ifupdown configuration found. Mar 8 23:30:52 debian sstpc[27771]: Could not set default verify location Mar 8 23:30:52 debian sstpc[27771]: Could not initialize secure socket layer Mar 8 23:30:52 debian sstpc[27771]: Could not initialize the client Mar 8 23:30:52 debian pppd[27767]: Script sstpc --ipparam sstp-1 --log-level 4 --ca-path /home/xiang/mnt/config/openvpn/vpntech/sstpca/ --ca-cert sstpv1.avpn.us.crt --save-serv er-route --nolaunchpppd sstpv1.avpn.us finished (pid 27768), status = 0xff Mar 8 23:30:52 debian pppd[27767]: Modem hangup Mar 8 23:30:52 debian pppd[27767]: Connection terminated. Mar 8 23:30:52 debian avahi-daemon[2749]: Withdrawing workstation service for ppp1. Mar 8 23:30:52 debian NetworkManager[2704]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp1, iface: ppp1) Mar 8 23:30:52 debian pppd[27767]: Exit. |
|
From: Eivind N. <ei...@ya...> - 2012-05-25 05:16:56
|
Guys, I have one problem that I like some help with. Apparently, if I run sstp-client on a Mac OS-X 10.7.3 the performance of the SSTP connection is pretty bad. Using Xcode and Instruments, I am able to detect the function utf8_encodelen being one of the culprits consuming lots of time when writing data to pppd over a pseudo terminal socket. I have tried to setup a termios structure and disable UTF encoding, and/or making the socket "raw" by setting cfmakeraw(termios *p). Not any of these improved the performance. Is there anyone out there that can post this to Apple Support forum, or have a clue on how to improve this (without claiming a re-design)? Regards, - Eivind Running TimeSelfSymbol Name 25245.0ms 100.0%0.0 Main Thread 25180.0ms 99.7%0.0 start 25180.0ms 99.7%0.0 main 25137.0ms 99.5%132.0 event_base_loop 19765.0ms 78.2%22.0 sstp_recv_cont 12034.0ms 47.6%12.0 sstp_state_recv 11933.0ms 47.2%15.0 sstp_pppd_send 10607.0ms 42.0%24.0 write 10508.0ms 41.6%11.0 unix_syscall64 10479.0ms 41.5%7.0 write_nocancel 10447.0ms 41.3%4.0 writev 10426.0ms 41.2%18.0 utf8_encodelen |
|
From: Eivind N. <ei...@ya...> - 2012-05-14 15:11:42
|
Hi Elie, That's great news on your progress of making SSTP work on the OpenWRT software. Thank you for working on that! :) It sounds to me that you might run into an issue with the MPPE keys not being successfully provided to establish the HLAK (higher layer authentication token) to bind the PPP session with the SSL session. Without saying for certain, there is a SSTP_CONNECTED message being sent to the server after the IPCP layer have been established. And if the info provided in that message is wrong, you would have the server close this connection on you imediately. sstp-client works in two ways, 1) you pass credentials on command line (no pppd plugin needed, but limited to MSCHAP-V2 authentication), or 2) use of pon / poff style of scripts where sstp-client is either being started by pppd (pty mode, pass: --nolaunchpppd) or sstp-client starts pppd. The pppd plugin will pass the MPPE keys to sstp-client after IP-UP succeeds, and sstp-client will then send the SSTP_CONNECTED message to the server using these MPPE keys to calculate the correct hash. To be certain, I like you to describe the setup on the OpenWRT software you are trying to configure. Example, 1) Software version, (sstp-client v1.0.7?) 2) Are you trying pon / poff, or passing credentials per command line automatically? 3) The output of the sstp-client and the pppd from syslog (/var/log/syslog), please run sstp-client with --log-level 4, and specify 'debug' in the pppd configuration. Regards, - Eivind ________________________________ From: Elie Zedeck <kok...@ya...> To: "sst...@li..." <sst...@li...> Sent: Sunday, May 13, 2012 10:37 PM Subject: [Sstp-client-devel] Unrecoverable SSL error Hey guys, I'm new to SSTP, and I'm having trouble making it work, and last as long as it should. My goal is to make this SSTP work on OpenWrt, and it is half-way there. I've already created a package, and packaged in the sstpc binary, the SSTP API library, and the PPPD plugin. They all working fine, but I just don't know why is it not working right. The problem that I get, is that as soon as it has finished negotiating IP address with the SSTP Server, it disconnects right-away with an "Unrecoverable SSL error". And it if it is not ending with that error, it will end with something like "Invalid info attribute", or "Unknown Attribute". I'd like to know, what is the cause of these error, and how to fix it. Connection is working fine on Windows 7. Thanks ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Sstp-client-devel mailing list Sst...@li... https://lists.sourceforge.net/lists/listinfo/sstp-client-devel |
|
From: Amin El-Z. <me...@am...> - 2012-05-14 07:25:29
|
As i know the sstp is only work under win 7, vitsa,2008. There is no way to run it over any other os. Thanks. Sent From My Galaxy Tab On May 14, 2012 8:37 AM, "Elie Zedeck" <kok...@ya...> wrote: > Hey guys, > > I'm new to SSTP, and I'm having trouble making it work, and last as long > as it should. > > My goal is to make this SSTP work on OpenWrt, and it is half-way there. > I've already created a package, and packaged in the sstpc binary, the SSTP > API library, and the PPPD plugin. They all working fine, but I just don't > know why is it not working right. > > The problem that I get, is that as soon as it has finished negotiating IP > address with the SSTP Server, it disconnects right-away with an > "Unrecoverable SSL error". And it if it is not ending with that error, it > will end with something like "Invalid info attribute", or "Unknown > Attribute". > > I'd like to know, what is the cause of these error, and how to fix it. > Connection is working fine on Windows 7. > > Thanks > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Sstp-client-devel mailing list > Sst...@li... > https://lists.sourceforge.net/lists/listinfo/sstp-client-devel > > |
|
From: Elie Z. <kok...@ya...> - 2012-05-14 05:37:12
|
Hey guys, I'm new to SSTP, and I'm having trouble making it work, and last as long as it should. My goal is to make this SSTP work on OpenWrt, and it is half-way there. I've already created a package, and packaged in the sstpc binary, the SSTP API library, and the PPPD plugin. They all working fine, but I just don't know why is it not working right. The problem that I get, is that as soon as it has finished negotiating IP address with the SSTP Server, it disconnects right-away with an "Unrecoverable SSL error". And it if it is not ending with that error, it will end with something like "Invalid info attribute", or "Unknown Attribute". I'd like to know, what is the cause of these error, and how to fix it. Connection is working fine on Windows 7. Thanks |
|
From: Eivind N. <ei...@ya...> - 2012-03-03 07:41:33
|
Hi Kendo, Thank you so much for getting back to the mailinglist with the problem you are having. It looks like there's a bug in the pppd-plugin from sstpc, and I will submit a fix for this shortly. Perhaps 1.0.3 version works better for you unless you can use with the user/password or the network manager applet. I will admit that the documentation is a bit terse and need some update to better reflect the new options being added. When relying on the pppd infrastructure and the pppd plugin to provide the MPPE keys, you will need to setup the chap-secrets file with an appropriate username and password. You should not use the --user/--password options to sstpc, and also if you are using it in pty mode; the --nolaunchpppd must be added. Also, the sstp-sock needs to point to /var/run/sstpc/sstpc-foo (sstpc-<ipparam>). At this point you should be able to invoke the script using pon / poff commands: "sudo pon foo", or "sudo poff foo". Generally, you add a script into /etc/ppp/peers/foo -------------------------------------------------------------- # sudo pon foo remotename foo linkname foo ipparam foo pty "sstpc --ipparam foo --log-level 4 --nolaunchpppd --cert-warn sstp.foo.com" name kendo plugin sstp-pppd-plugin.so sstp-sock /var/run/sstpc/sstpc-foo usepeerdns require-mppe require-mschap-v2 refuse-eap noauth debug file /etc/ppp/options.pptp -------------------------------------------------------------- Using non-pty mode to launch pppd, you can add the following into /etc/ppp/peers/foo-nopty -------------------------------------------------------------- # sudo sstpc --log-level 4 --ipparam foo-nopty --log-stderr --cert-warn sstp.foo.com call foo-nopty remotename foo-nopty linkname foo-nopty ipparam foo-nopty name kendo plugin sstp-pppd-plugin.so sstp-sock /var/run/sstpc/sstpc-foo-nopty usepeerdns require-mppe require-mschap-v2 refuse-eap noauth debug file /etc/ppp/options.pptp -------------------------------------------------------------- Start the connection: sudo sstpc --log-level 4 --ipparam foo-nopty --log-stderr --cert-warn sstp.foo.com call foo-nopty Then finally check your /etc/ppp/chap-secrets file, and make sure the user 'kendo' has a secret defined for the particular server name, ip-address, or * for any. -------------------------------------------------------------- # Secrets for authentication using CHAP # client server secret IP addresses kendo * xxxxxxx * -------------------------------------------------------------- If you have any troubles in trying to configure this, please also look through the /var/log/syslog or /var/log/messages file on your system. If you don't specify the --log-stderr, it will automatically go to syslog. And that should be pretty much it in order to establish a connection to the SSTP server. Good luck in setting this up and let me know how it goes. Cheers, - Eivind ________________________________ From: kendo <63...@qq...> To: sstp-client-devel <sst...@li...> Sent: Friday, March 2, 2012 12:08 AM Subject: [Sstp-client-devel] sstpc Negotiation timeout I use sstpc to connect sstp server after When the sstp connection is successful 60 seconds, the connection is disconnected, the server "Negotiation timeout". MS-SSTP is 3.2.2.1 Description: 1. When a New HTTPS Connection Received event is received, the server transitions to the Server_Connect_Request_Pending state where it waits to receive an acceptable Call Connect Request message. If this is received before the Negotiation timer expires, the server then sends a Call Connect Acknowledge message and transitions to the Server_Call_Connected_Pending state. If the request is not received before the Negotiation timer expires, the server transitions to the Call Failed state as shown in the server call establishment diagram in section 3.2.1.1.1. 2. After sending the Call Connect Acknowledge message, if the server does not receive a Call Connected message before the Negotiation timer expires then it MUST send a Call Abort message and start the process of bringing down (disconnecting) the connection. The server MAY implement different timer values for the Call Connected message and the Call Connect Request message. This the timer SHOULD be set to 60 seconds. ----------------------------------------- Whether it was because sstpc received the "Call Connect Acknowledge message" and "Call Connected message" did not respond to the server caused?? I try modify sstp_state_handle_ctrl function: the switch (the type) { case SSTP_MSG_CONNECT_ACK: sstp_state_connect_ack (state, type, buf); sstp_state_accept (state); break; The call sstp_state_accept (state); to send the "Call Connected message" can be properly connected. Is sstpc Bug or my configuration errors caused by it? This is my configuration file: remotename sstp-test the linkname sstp-test remotename sstp-test the linkname sstp-test ipparam sstp-test pty "sstpc 192.168.2.9 - user txwwy - password 123456 - log-level 1 - log-stderr - ca-cert / etc / sstp-ca / ca.crt" name txwwy plugin sstp-pppd-plugin.so sstp-sock / tmp / sstpc-uds-sock usepeerdns # The require-mppe refuse-eap noauth debug # Adopt defaults from the pptp-the linux package the file / etc / ppp / options.pptp ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Sstp-client-devel mailing list Sst...@li... https://lists.sourceforge.net/lists/listinfo/sstp-client-devel |
|
From: k. <63...@qq...> - 2012-03-02 08:10:05
|
I use sstpc to connect sstp server after When the sstp connection is successful 60 seconds, the connection is disconnected, the server "Negotiation timeout".
MS-SSTP is 3.2.2.1 Description:
1. When a New HTTPS Connection Received event is received, the server transitions to the Server_Connect_Request_Pending state where it waits to receive an acceptable Call Connect Request message. If this is received before the Negotiation timer expires, the server then sends a Call Connect Acknowledge message and transitions to the Server_Call_Connected_Pending state. If the request is not received before the Negotiation timer expires, the server transitions to the Call Failed state as shown in the server call establishment diagram in section 3.2.1.1.1.
2. After sending the Call Connect Acknowledge message, if the server does not receive a Call Connected message before the Negotiation timer expires then it MUST send a Call Abort message and start the process of bringing down (disconnecting) the connection. The server MAY implement different timer values for the Call Connected message and the Call Connect Request message.
This the timer SHOULD be set to 60 seconds.
-----------------------------------------
Whether it was because sstpc received the "Call Connect Acknowledge message" and "Call Connected message" did not respond to the server caused??
I try modify sstp_state_handle_ctrl function:
the switch (the type)
{
case SSTP_MSG_CONNECT_ACK:
sstp_state_connect_ack (state, type, buf);
sstp_state_accept (state);
break;
The call sstp_state_accept (state); to send the "Call Connected message" can be properly connected.
Is sstpc Bug or my configuration errors caused by it?
This is my configuration file:
remotename sstp-test
the linkname sstp-test
remotename sstp-test
the linkname sstp-test
ipparam sstp-test
pty "sstpc 192.168.2.9 - user txwwy - password 123456 - log-level 1 - log-stderr - ca-cert / etc / sstp-ca / ca.crt"
name txwwy
plugin sstp-pppd-plugin.so
sstp-sock / tmp / sstpc-uds-sock
usepeerdns
# The require-mppe
refuse-eap
noauth
debug
# Adopt defaults from the pptp-the linux package
the file / etc / ppp / options.pptp |
|
From: Eivind N. <ei...@ya...> - 2012-02-23 16:58:12
|
Hi Milen, Sorry for the delay in getting back to you. I will take another look at the network-manager-plugin and patch it up if it needs to. Thank you so much for reporting this problem. Regards, - Eivind |
|
From: Eivind N. <ei...@ya...> - 2012-02-23 16:54:00
|
Hi, I currently don't have the time to work on an sstp-server as a part of the sstp-client project. The idea has certainly been circulated out there, and if I am able to fit the time in or recruit some developers to help me with the effort then maybe we one day will see that happening. Do you have a special business need for this? Regards, - Eivind |
|
From: Emanuil H. <in...@gm...> - 2012-02-23 14:39:51
|
Hi do you have any plans to make sstp server Best regards |
|
From: Milen P. <ma...@mi...> - 2012-01-14 00:08:18
|
Hi, Just want to give some feedback on the SSTP Network Manager Plugin. It seems to be missing an EAP configuration option. Connections are always unsuccessful with this logged in the syslog: pppd: EAP: peer reports authentication failure The connection starts working after manually adding to the connection configuration file in section vpn the following: refuse-eap=yes It seems the option is missing in the Network-Manager-Gnome GUI. -- Milen |
|
From: Chaitanya K. <ic...@gm...> - 2011-12-22 14:30:28
|
Just a small correction. The line step 3. above should have read name northgate.tyndall.ie\\ck.ande # Specifies the DOMAIN and USER instead of name northgate.tyndall.ie\\chaitanya.ande # Specifies the DOMAIN and USER Best, Chai On Thu, Dec 22, 2011 at 3:28 PM, Chaitanya Krishna <ic...@gm...>wrote: > Hello there, > > I have been trying to use sstp-client to connect to a server which needs > me to connect using sstp. I tried to follow the instructions in the READE > and in USING but without success. > > If I succeed in using sstp-client to connect to my server, I can write a > small tutorial on using sstp-client. > > This is essentially what I need to do. > server_to_connect_to: northgate.tyndall.ie > user_name: ck.ande > password: pass123 > > This is what I have done on my system. > > 1. configure && make && make install && sudo ldconfig > > 2. sudo cat /etc/ppp/chap-secrets > # Secrets for authentication using CHAP > # client server secret IP addresses > > # OUTBOUND CONNECTIONS > # Here you should add your PPP Login and PPP password to connect to your > # provider via pap. The * means that the entry(login and passoword may be > # used for ANY host you connect to. > # Thus you do not have to worry about the foreign machine name. Just > # replace password with your password. > #hostname * password > northgate.tyndall.ie\\ck.ande tyndall pass123 > > # PREDIFINED CONNECTIONS > # These are user and password entries for publically accessible > call-by-call > # Internet providers in Germany. If they confict with your config, remove > them. > # READ_IN_CALLBYCALL_SECRETS > > # INBOUND CONNECTIONS > #client hostname <password> 192.168.1.1 > > 3. sudo cat /etc/ppp/peers/tyndall > > remotename tyndall # Used in ip up/down scripts > linkname tyndall # Used in ip up/down scripts > ipparam tyndall # Used in ip up/down scripts > name northgate.tyndall.ie\\chaitanya.ande # Specifies the > DOMAIN and USER > plugin sstp-pppd-plugin.so # REQUIRED (SSTP) > sstp-sock /tmp/sstp-uds-sock # REQUIRED (SSTP) > usepeerdns # Use the peer dns addresses > require-mppe # REQUIRED (MPPE) > noauth # We don't need the server to auth > itself > require-mschap-v2 # MSCHAPv2 Authentication Support > refuse-eap # Not yet supported > refuse-chap # Don't accept CHAP-MD5 > refuse-mschap # Don't accept MSCHAP > lock # Lock the port > # nsbsdcomp # Turn off compression protocols > nodeflate # Turn off compression protocols > > 4. sudo /usr/sbin/pppd call tyndall pty "/usr/local/sbin/sstpc server > --nolaunchpppd" > Plugin sstp-pppd-plugin.so loaded. > /usr/sbin/pppd: The remote system (tyndall) is required to authenticate > itself > /usr/sbin/pppd: but I couldn't find any suitable secret (password) for it > to use to do so. > > Can someone tell me what I am doing wrong? > > Also, a couple of things are not clear to me. What is the difference > between <provider> <DOMAIN> and <server>? > > Any help is deeply appreciated. > > Best regards, > Chai > -- > 42 > > -- 42 |
|
From: Chaitanya K. <ic...@gm...> - 2011-12-22 14:28:41
|
Hello there, I have been trying to use sstp-client to connect to a server which needs me to connect using sstp. I tried to follow the instructions in the READE and in USING but without success. If I succeed in using sstp-client to connect to my server, I can write a small tutorial on using sstp-client. This is essentially what I need to do. server_to_connect_to: northgate.tyndall.ie user_name: ck.ande password: pass123 This is what I have done on my system. 1. configure && make && make install && sudo ldconfig 2. sudo cat /etc/ppp/chap-secrets # Secrets for authentication using CHAP # client server secret IP addresses # OUTBOUND CONNECTIONS # Here you should add your PPP Login and PPP password to connect to your # provider via pap. The * means that the entry(login and passoword may be # used for ANY host you connect to. # Thus you do not have to worry about the foreign machine name. Just # replace password with your password. #hostname * password northgate.tyndall.ie\\ck.ande tyndall pass123 # PREDIFINED CONNECTIONS # These are user and password entries for publically accessible call-by-call # Internet providers in Germany. If they confict with your config, remove them. # READ_IN_CALLBYCALL_SECRETS # INBOUND CONNECTIONS #client hostname <password> 192.168.1.1 3. sudo cat /etc/ppp/peers/tyndall remotename tyndall # Used in ip up/down scripts linkname tyndall # Used in ip up/down scripts ipparam tyndall # Used in ip up/down scripts name northgate.tyndall.ie\\chaitanya.ande # Specifies the DOMAIN and USER plugin sstp-pppd-plugin.so # REQUIRED (SSTP) sstp-sock /tmp/sstp-uds-sock # REQUIRED (SSTP) usepeerdns # Use the peer dns addresses require-mppe # REQUIRED (MPPE) noauth # We don't need the server to auth itself require-mschap-v2 # MSCHAPv2 Authentication Support refuse-eap # Not yet supported refuse-chap # Don't accept CHAP-MD5 refuse-mschap # Don't accept MSCHAP lock # Lock the port # nsbsdcomp # Turn off compression protocols nodeflate # Turn off compression protocols 4. sudo /usr/sbin/pppd call tyndall pty "/usr/local/sbin/sstpc server --nolaunchpppd" Plugin sstp-pppd-plugin.so loaded. /usr/sbin/pppd: The remote system (tyndall) is required to authenticate itself /usr/sbin/pppd: but I couldn't find any suitable secret (password) for it to use to do so. Can someone tell me what I am doing wrong? Also, a couple of things are not clear to me. What is the difference between <provider> <DOMAIN> and <server>? Any help is deeply appreciated. Best regards, Chai -- 42 |
|
From: Radu P. <rad...@gm...> - 2011-11-12 14:29:35
|
Hello, I'm connecting successfully to a sstp vpn, but I couldn't get the sstp plugin working by calling directly 'pppd call SOME-VPN', with the config file SOME-VPN containing the plugin, socket and the other necessary instructions. Needlels to say I had a correctly configured chap-secrets file. Another interesting fact is that the connection cannot be completed with the "require-mschap-v2" instruction. Could only get it to work by running from command line: /usr/local/sbin/sstpc --user "DOMAIN\\user" --password "mysecretpass" hostname -- name "DOMAIN\\user" require-mppe Any thoughts? If you need some help from me as a slackware user, let me know. Regards, Radu |
1 message has been excluded from this view by a project administrator.