Ubuntu Connect To SSTP VPN

ubuntu vpn sstp

Does anyone have any experience with connecting an Ubuntu 10.10 machine to a SSTP VPN server? I haven't found anything too great of information on how to do it.


May be sstp-client can do it? And here is network-manager support for it.

There are now Ubuntu packages for recent distributions, so you should be able to add the PPA for eivnaes/network-manager-sstp and install the packages:

$ sudo add-apt-repository ppa:eivnaes/network-manager-sstp
...
$ sudo apt-get update
$ sudo apt-get install sstp-client
$ sudo apt-get install network-manager-sstp-gnome # NM configuration GUI

Example

Here is an example of an entry in /etc/network/interfaces:

auto work
iface work inet ppp
    provider work
    options pty "sstpc vpn.example.com --ca-cert /path/to/example.com.ca.crt --nolaunchpppd" \
            plugin sstp-pppd-plugin.so sstp-sock /var/run/sstpc/sstpc-uds-sock \
            lock nodefaultroute noipdefault noauth user myusername \
            refuse-pap refuse-chap refuse-eap nobsdcomp nodeflate novj \
            nomultilink \
            persist maxfail 0 \
            debug logfd 2
    pre-up touch /etc/ppp/peers/work

Usage

Then you just use ifup work and ifdown work to connect or disconnect.

Installation

You'll need to compile the sstp-client and install it. This can be used by following the instructions on http://sstp-client.sourceforge.net/ or building a deb package using these instructions:

apt-get install build-essential dpkg-dev debhelper ppp-dev libevent-dev libssl-dev
mkdir sstp-client.build && cd sstp-client.build
wget -o sstp-client-1.0.10.tar.gz http://sourceforge.net/projects/sstp-client/files/sstp-client/1.0.10/sstp-client-1.0.10.tar.gz/download
tar xzvf sstp-client-1.0.10
cd sstp-client-1.0.10
dpkg-buildpackage -b -us -uc
cd ..
dpkg -i sstp-client_1.0.10-0ubuntu2_amd64.deb \
        libsstp-client0_1.0.10-0ubuntu2_amd64.deb \
        libsstp-client-dev_1.0.10-0ubuntu2_amd64.deb
cd /usr/lib/pppd/2.4.5 && ln -s ../2.4.6/sstp-pppd-plugin.so .

Fix symlink

The pppd lib dir is hard-coded to use 2.4.6, and not the installed version, which is why the symlink is required. This is a bug in the debian build description for sstp-client.

Typical connection timeout issue

If you use the pppd pty option (which the example uses) it is vital that the parameters plugin sstp-pppd-plugin.so sstp-sock /var/run/sstpc/sstpc-uds-sock are specified. If you don't specify these, you'll end up getting the famous Connection aborted, reason not known error after approximately 60 seconds, and the connection will not transmit packets.

CA certificate requirement

You also must have the CA certificate for the Active Directory domain the Microsoft SSTP VPN server is part of in the local file /path/to/example.com.ca.crt. This can usually be found in the CertEnroll SMB share on one of the Domain Controllers. Export it as a Base64-encoded X509 certificate and rename as appropriate. Use certtool -i <example.com.ca.crt to verify you have the correct certificate with the correct information.

Related

Far manager for linux? [closed]
Dedicated server or Cloud Hosting?
Ubuntu Linux: Process swap memory and memory usage
SSH equivalent of .profile/.bashrc
Tool to compute SHA256 Tree Hash [closed]
Linux networking port exhaustion
How did I get this Windows share to prompt for login?
Vagrant Error: Connection timeout. Retrying
Assign physical interface to docker exclusively
Launch instances via Elastic Beanstalk without Elastic IP configured
What happens when an SSL certificate is cancelled?
Restarting networking on Debian Jessie