1SSTPC(8) System Manager's Manual SSTPC(8)
2
3
4
6 sstpc - SSTP Client
7
9 sstpc [<sstp-options>] <hostname> [ppp-options] ...
10
12 sstpc establishes the client side of a Virtual Private Network (VPN)
13 using the Secure Socket Tunneling Protocol (SSTP). Use this program to
14 connect to an employer's SSTP based VPN when PPTP and L2TP is not work‐
15 ing.
16
17 By default, sstpc establishes the SSTP call to the SSTP server, and
18 then starts an instance of pppd to manage the data transfer. However,
19 sstpc can also be run as a connection manager within pppd.
20
22 The first non-option argument on the sstpc command line must be the
23 host name or IP address of the SSTP server.
24
25 All long options (starting with "--") are interpreted as sstpc options,
26 and a fatal error occurs if an unrecognised option is used.
27
28 All command-line arguments which do not start with "-" are interpreted
29 as ppp options, and passed as is to pppd unless --nolaunchpppd is
30 given.
31
32 --ca-cert
33 Specify the CA certificate used to verify the server with
34
35 --ca-dir
36 Specify the directory of certificates that contains the CA cer‐
37 tificate. If nothing is specified, the system's wide directory
38 is used.
39
40 --cert-warn
41 Ignore certificate warnings like common name instead of termi‐
42 nating the connection.
43
44 --host When connecting to an IP address, the host parameter will pro‐
45 vide the hostname for http, proxy and tls-ext
46
47 --ipparam
48 This will help specify the callback socket that pppd will try to
49 connect back to sstpc in order to communciate the MPPE keys as
50 negotiated. The MPPE keys are required to authenticate against
51 the server at the SSL layer. They can be zeroed if no MPPE is
52 negotated. The name is formed based on /tmp/sstpc-<ipparam>.
53
54 --nolaunchpppd
55 Do not launch pppd but use stdin as the network connection. Use
56 this flag when including sstpc as a pppd connection process us‐
57 ing the pty option. See EXAMPLES.
58
59 --password
60 Specify a password per command line instead of setting it up in
61 a configuration file for pppd in /etc/ppp/peers.
62
63 --proxy
64 Connect to the SSTP server via a proxy on your network. The syn‐
65 tax is http://[<user>:<pass>@]<domain>:port.
66
67 --priv-user
68 Specify the privilege separation user to run sstpc
69
70 --priv-group
71 Specify the privilege separation group to run sstpc
72
73 --priv-dir
74 Specify the privilege separation directory for the chroot jail
75 to run sstpc
76
77 --user Specify the username to authenticate to the SSTP server instead
78 of setting it up in a configuration file for pppd in
79 /etc/ppp/peers.
80
81 --save-server-route
82 This will automatically add and remove a route to the SSTP
83 server.
84
85 --uuid Specify a UUID for the connection to simplify the server end de‐
86 bugging.
87
88 --tls-ext
89 This will enable TLS hostname extension.
90
91 Troubleshooting
92 The following options are available to help troubleshoot sstpc
93
94 --log-level <level>
95 Set the debug level for debugging the sstpc process. Level can
96 be a value between 0 and 4.
97
98 --log-syslog
99 Log messages to syslog (default).
100
101 --log-stderr
102 Log messages to error output
103
104 --log-stdout
105 Log messages to standard output
106
107 --log-fileno
108 Include file and line number with the log messages
109
110 --log-filter
111 Filter the logs by a particular set of files, e.g: sstp-
112 packet,sstp-state
113
114 --log-ident
115 Specify the identity that will be used when writing logs to e.g.
116 syslog
117
119 Connection to a Microsoft Windows RAS Service using SSTP protocol
120
121 Setup the peer scripts in /etc/ppp/peers, you may start by cloning one
122 of the scripts available in your docs directory, /usr/share/doc/sstp-
123 client, or /usr/local/share/doc/sstp-client. The general content of
124 this file will be close to the following:
125
126 # Example Content of /etc/ppp/peers/sstp-test
127 remotename sstp-test
128 linkname sstp-test
129 ipparam sstp-test
130 pty "sstpc --ipparam sstp-test --nolaunchpppd
131 sstp-test.yourdomain.com"
132 name eivnaes
133 plugin sstp-pppd-plugin.so
134 sstp-sock /var/run/sstpc/sstpc-sstp-test
135 usepeerdns
136 require-mppe
137 require-mschap-v2
138 refuse-eap
139 refuse-pap
140 refuse-chap
141 refuse-mschap
142 nobsdcomp
143 nodeflate
144
145 Note that the chap-secrets file used by pppd must include an entry for
146 domain\\username. For the sstp-test example, the user eivnaes will have
147 a equivalent entry in the /etc/ppp/chap-secrets file.
148
149 # Secrets for authentication using CHAP
150 # client server secret IP addresses
151 eivnaes * xxxxxx *
152
153 Starting the sstp-test using the pon script
154 sudo pon sstp-test
155
156 Invoking sstpc using the the call command
157 sstpc --ipparam sstp-test sstp-test.yourdomain.com call sstp-
158 test-nopty
159
160 The sstp-test-nopty is a pppd script you need to create in
161 /etc/ppp/peers, and you can clone the example sstp-test above; but you
162 must omit the pty statement in the peers configuration.
163
165 pppd(8)
166
168 This manual page was written by Eivind Naess <enaess@yahoo.com>
169
170
171
172 SSTPC(8)