Does anyone have any experience with connecting an Ubuntu 10.10 machine to a SSTP VPN server? I haven't found anything too great of information on how to do it.
Here is an example of an entry in /etc/network/interfaces:
auto work
iface work inet ppp
provider work
options pty "sstpc vpn.example.com --ca-cert /path/to/example.com.ca.crt --nolaunchpppd" \
plugin sstp-pppd-plugin.so sstp-sock /var/run/sstpc/sstpc-uds-sock \
lock nodefaultroute noipdefault noauth user myusername \
refuse-pap refuse-chap refuse-eap nobsdcomp nodeflate novj \
nomultilink \
persist maxfail 0 \
debug logfd 2
pre-up touch /etc/ppp/peers/work
Usage
Then you just use ifup work and ifdown work to connect or disconnect.
Installation
You'll need to compile the sstp-client and install it. This can be used by following the instructions on http://sstp-client.sourceforge.net/ or building a deb package using these instructions:
apt-get install build-essential dpkg-dev debhelper ppp-dev libevent-dev libssl-dev
mkdir sstp-client.build && cd sstp-client.build
wget -o sstp-client-1.0.10.tar.gz http://sourceforge.net/projects/sstp-client/files/sstp-client/1.0.10/sstp-client-1.0.10.tar.gz/download
tar xzvf sstp-client-1.0.10
cd sstp-client-1.0.10
dpkg-buildpackage -b -us -uc
cd ..
dpkg -i sstp-client_1.0.10-0ubuntu2_amd64.deb \
libsstp-client0_1.0.10-0ubuntu2_amd64.deb \
libsstp-client-dev_1.0.10-0ubuntu2_amd64.deb
cd /usr/lib/pppd/2.4.5 && ln -s ../2.4.6/sstp-pppd-plugin.so .
Fix symlink
The pppd lib dir is hard-coded to use 2.4.6, and not the installed version, which is why the symlink is required. This is a bug in the debian build description for sstp-client.
Typical connection timeout issue
If you use the pppd pty option (which the example uses) it is vital that the parameters plugin sstp-pppd-plugin.so sstp-sock /var/run/sstpc/sstpc-uds-sock are specified. If you don't specify these, you'll end up getting the famous Connection aborted, reason not known error after approximately 60 seconds, and the connection will not transmit packets.
CA certificate requirement
You also must have the CA certificate for the Active Directory domain the Microsoft SSTP VPN server is part of in the local file /path/to/example.com.ca.crt. This can usually be found in the CertEnroll SMB share on one of the Domain Controllers. Export it as a Base64-encoded X509 certificate and rename as appropriate. Use certtool -i <example.com.ca.crt to verify you have the correct certificate with the correct information.
May be sstp-client can do it? And here is network-manager support for it.
There are now Ubuntu packages for recent distributions, so you should be able to add the PPA for
eivnaes/network-manager-sstpand install the packages:Example
Here is an example of an entry in /etc/network/interfaces:
Usage
Then you just use
ifup workandifdown workto connect or disconnect.Installation
You'll need to compile the sstp-client and install it. This can be used by following the instructions on http://sstp-client.sourceforge.net/ or building a deb package using these instructions:
Fix symlink
The pppd lib dir is hard-coded to use 2.4.6, and not the installed version, which is why the symlink is required. This is a bug in the debian build description for sstp-client.
Typical connection timeout issue
If you use the pppd
ptyoption (which the example uses) it is vital that the parametersplugin sstp-pppd-plugin.so sstp-sock /var/run/sstpc/sstpc-uds-sockare specified. If you don't specify these, you'll end up getting the famous Connection aborted, reason not known error after approximately 60 seconds, and the connection will not transmit packets.CA certificate requirement
You also must have the CA certificate for the Active Directory domain the Microsoft SSTP VPN server is part of in the local file
/path/to/example.com.ca.crt. This can usually be found in theCertEnrollSMB share on one of the Domain Controllers. Export it as a Base64-encoded X509 certificate and rename as appropriate. Usecerttool -i <example.com.ca.crtto verify you have the correct certificate with the correct information.