1SSTPC(8)                    System Manager's Manual                   SSTPC(8)
2
3
4

NAME

6       sstpc - SSTP Client
7

SYNOPSIS

9       sstpc [<sstp-options>] <hostname> [ppp-options] ...
10

DESCRIPTION

12       sstpc  establishes  the  client side of a Virtual Private Network (VPN)
13       using the Secure Socket Tunneling Protocol (SSTP). Use this program  to
14       connect to an employer's SSTP based VPN when PPTP and L2TP is not work‐
15       ing.
16
17       By default, sstpc establishes the SSTP call to  the  SSTP  server,  and
18       then  starts  an instance of pppd to manage the data transfer. However,
19       sstpc can also be run as a connection manager within pppd.
20

OPTIONS

22       The first non-option argument on the sstpc command  line  must  be  the
23       host name or IP address of the SSTP server.
24
25       All long options (starting with "--") are interpreted as sstpc options,
26       and a fatal error occurs if an unrecognised option is used.
27
28       All command-line arguments which do not start with "-" are  interpreted
29       as  ppp  options,  and  passed  as  is to pppd unless --nolaunchpppd is
30       given.
31
32       --ca-cert
33              Specify the CA certificate used to verify the server with
34
35       --ca-dir
36              Specify the directory of certificates that contains the CA  cer‐
37              tificate.  If  nothing is specified, the system's wide directory
38              is used.
39
40       --cert-warn
41              Ignore certificate warnings like common name instead  of  termi‐
42              nating the connection.
43
44       --host When  connecting  to an IP address, the host parameter will pro‐
45              vide the hostname for http, proxy and tls-ext
46
47       --ipparam
48              This will help specify the callback socket that pppd will try to
49              connect  back  to sstpc in order to communicate the MPPE keys as
50              negotiated. The MPPE keys are required to  authenticate  against
51              the  server  at  the SSL layer. They can be zeroed if no MPPE is
52              negotiated. The name is formed based on /tmp/sstpc-<ipparam>.
53
54       --nolaunchpppd
55              Do not launch pppd but use stdin as the network connection.  Use
56              this  flag when including sstpc as a pppd connection process us‐
57              ing the pty option. See EXAMPLES.
58
59       --password
60              Specify a password per command line instead of setting it up  in
61              a configuration file for pppd in /etc/ppp/peers.
62
63       --proxy
64              Connect to the SSTP server via a proxy on your network. The syn‐
65              tax is http://[<user>:<pass>@]<domain>:port.
66
67       --priv-user
68              Specify the privilege separation user to run sstpc
69
70       --priv-group
71              Specify the privilege separation group to run sstpc
72
73       --priv-dir
74              Specify the privilege separation directory for the  chroot  jail
75              to run sstpc
76
77       --user Specify  the username to authenticate to the SSTP server instead
78              of  setting  it  up  in  a  configuration  file  for   pppd   in
79              /etc/ppp/peers.
80
81       --save-server-route
82              This  will  automatically  add  and  remove  a route to the SSTP
83              server.
84
85       --uuid Specify a UUID for the connection to simplify the server end de‐
86              bugging.
87
88       --tls-ext
89              This will enable TLS hostname extension.
90
91   Troubleshooting
92       The following options are available to help troubleshoot sstpc
93
94       --log-level <level>
95              Set  the  debug level for debugging the sstpc process. Level can
96              be a value between 0 and 4.
97
98       --log-syslog
99              Log messages to syslog (default).
100
101       --log-stderr
102              Log messages to error output
103
104       --log-stdout
105              Log messages to standard output
106
107       --log-fileno
108              Include file and line number with the log messages
109
110       --log-filter
111              Filter the logs  by  a  particular  set  of  files,  e.g:  sstp-
112              packet,sstp-state
113
114       --log-ident
115              Specify the identity that will be used when writing logs to e.g.
116              syslog
117

EXAMPLES

119       Connection to a Microsoft Windows RAS Service using SSTP protocol
120
121       Setup the peer scripts in /etc/ppp/peers, you may start by cloning  one
122       of  the  scripts available in your docs directory, /usr/share/doc/sstp-
123       client, or /usr/local/share/doc/sstp-client.  The  general  content  of
124       this file will be close to the following:
125
126              # Example Content of /etc/ppp/peers/sstp-test
127              remotename  sstp-test
128              linkname    sstp-test
129              ipparam     sstp-test
130              pty            "sstpc    --ipparam    sstp-test   --nolaunchpppd
131              sstp-test.yourdomain.com"
132              name        eivnaes
133              plugin      sstp-pppd-plugin.so
134              sstp-sock   /var/run/sstpc/sstpc-sstp-test
135              usepeerdns
136              require-mppe
137              require-mschap-v2
138              refuse-eap
139              refuse-pap
140              refuse-chap
141              refuse-mschap
142              nobsdcomp
143              nodeflate
144
145       Note that the chap-secrets file used by pppd must include an entry  for
146       domain\\username. For the sstp-test example, the user eivnaes will have
147       a equivalent entry in the /etc/ppp/chap-secrets file.
148
149              # Secrets for authentication using CHAP
150              # client        server  secret          IP addresses
151              eivnaes         *       xxxxxx          *
152
153       Starting the sstp-test using the pon script
154              sudo pon sstp-test
155
156       Invoking sstpc using the the call command
157              sstpc --ipparam sstp-test  sstp-test.yourdomain.com  call  sstp-
158              test-nopty
159
160       The   sstp-test-nopty   is   a  pppd  script  you  need  to  create  in
161       /etc/ppp/peers, and you can clone the example sstp-test above; but  you
162       must omit the pty statement in the peers configuration.
163

SEE ALSO

165       pppd(8)
166

AUTHOR

168       This manual page was written by Eivind Naess <enaess@yahoo.com>
169
170
171
172                                                                      SSTPC(8)
Impressum