1SSTPC(8) System Manager's Manual SSTPC(8)
2
6 sstpc - SSTP Client
7
9 sstpc <sstp-server-IP> <sstp-options> [ppp-options] ...
10
12 sstpc establishes the client side of a Virtual Private Network (VPN)
13 using the Secure Socket Tunneling Protocol (SSTP). Use this program to
14 connect to an employer's SSTP based VPN when PPTP and L2TP is not work‐
15 ing.
16 By default, sstpc establishes the SSTP call to the SSTP server, and
18 then starts an instance of pppd to manage the data transfer. However,
19 sstpc can also be run as a connection manager within pppd.
20
22 The first non-option argument on the sstpc command line must be the
23 host name or IP address of the SSTP server.
24 All long options (starting with "--") are interpreted as sstpc options,
26 and a fatal error occurs if an unrecognised option is used.
27 All command-line arguments which do not start with "-" are interpreted
29 as ppp options, and passed as is to pppd unless --nolaunchpppd is
30 given.
31 --ca-cert
33 Specify the CA certificate used to verify the server with
34 --ca-dir
36 Specify the directory of certificates that contains the CA cer‐
37 tificate. If nothing is specified, the system's wide directory
38 is used.
39 --cert-warn
41 Ignore certificate warnings like common name instead of termi‐
42 nating the connection.
43 --debug
45 Run in foreground (for debugging with gdb)
46 --ipparam
48 This will help specify the callback socket that pppd will try to
49 connect back to sstpc in order to communciate the MPPE keys as
50 negotiated. The MPPE keys are required to authenticate against
51 the server at the SSL layer. They can be zeroed if no MPPE is
52 negotated. The name is formed based on /tmp/sstpc-<ipparam>.
53 --nolaunchpppd
55 Do not launch pppd but use stdin as the network connection. Use
56 this flag when including sstpc as a pppd connection process
57 using the pty option. See EXAMPLES.
58 --password
60 Specify a password per command line instead of setting it up in
61 a configuration file for pppd in /etc/ppp/peers.
62 --proxy
64 Connect to the SSTP server via a proxy on your network. The syn‐
65 tax is http://[<user>:<pass>@]<domain>:port.
66 --priv-user
68 Specify the privilege separation user to run sstpc
69 --priv-group
71 Specify the privilege separation group to run sstpc
72 --priv-dir
74 Specify the privilege separation directory for the chroot jail
75 to run sstpc
76 --user Specify the username to authenticate to the SSTP server instead
78 of setting it up in a configuration file for pppd in
79 /etc/ppp/peers.
80 --save-server-route
82 This will automatically add and remove a route to the SSTP
83 server.
84 --uuid Specify a UUID for the connection to simplify the server end
86 debugging.
87 --tls-ext
89 This will enable TLS hostname extension.
90 Troubleshooting
92 The following options are available to help troubleshoot sstpc
93 --log-level <level>
95 Set the debug level for debugging the sstpc process. Level can
96 be a value between 0 and 4.
97 --log-syslog
99 Log messages to syslog (default).
100 --log-stderr
102 Log messages to error output
103 --log-stdout
105 Log messages to standard output
106 --log-fileno
108 Include file and line number with the log messages
109 --log-filter
111 Filter the logs by a particular set of files, e.g: sstp-
112 packet,sstp-state
113
116 Connection to a Microsoft Windows RAS Service using SSTP protocol
117 Setup the peer scripts in /etc/ppp/peers, you may start by cloning one
119 of the scripts available in your docs directory, /usr/share/doc/sstp-
120 client, or /usr/local/share/doc/sstp-client. The general content of
121 this file will be close to the following:
122 # Example Content of /etc/ppp/peers/sstp-test
124 remotename sstp-test
125 linkname sstp-test
126 ipparam sstp-test
127 pty "sstpc --ipparam sstp-test --nolaunchpppd
128 sstp-test.yourdomain.com"
129 name eivnaes
130 plugin sstp-pppd-plugin.so
131 sstp-sock /var/run/sstpc/sstpc-sstp-test
132 usepeerdns
133 require-mppe
134 require-mschap-v2
135 refuse-eap
136 refuse-pap
137 refuse-chap
138 refuse-mschap
139 nobsdcomp
140 nodeflate
141 Note that the chap-secrets file used by pppd must include an entry for
143 domain\\username. For the sstp-test example, the user eivnaes will have
144 a equivalent entry in the /etc/ppp/chap-secrets file.
145 # Secrets for authentication using CHAP
147 # client server secret IP addresses
148 eivnaes * xxxxxx *
149 Starting the sstp-test using the pon script
151 sudo pon sstp-test
152 Invoking sstpc using the the call command
154 sstpc --ipparam sstp-test sstp-test.yourdomain.com call sstp-
155 test-nopty
156 The sstp-test-nopty is a pppd script you need to create in
158 /etc/ppp/peers, and you can clone the example sstp-test above; but you
159 must omit the pty statement in the peers configuration.
160
162 pppd(8)
163
165 This manual page was written by Eivind Naess <enaess@yahoo.com>
166 SSTPC(8)