VPN: SSTP support

Giroscopic · 2013-03-18 19:50:16

Hi, i am trying to get a SSTP connection to my workplace.

Does anyone has any expirience setting up one? I am yet to find any tool that lets me configure succesfully a conection, either with netcfg, wicd or network manager.

Searching SSTP in the wiki returns no results.
Searching in the forums for SSTP yields no results as well.
In the wiki, network manager has 3 protocols, none of which i can use for my workplace.
Wicd, and Netcfg does not show any VPN support that i can see.

I tried checking http://sourceforge.net/projects/sstp-client/files/, but there should be 3 files to compile and i only see 2 to download. Tried it anyway, didnt work.

Anyone has any ideas?

Giroscopic · 2013-04-03 19:51:37

anyone?

hunterthomson · 2013-04-04 01:18:00

Hum, this is going to be a hard one to get support. Like, no one uses SSTP, basically because it is a bad protocol. You should avoid TCP-over-TCP at all costs. The only reason your work should have this.... really there is no reason... but as a Fall Back VPN solution for remote workers that are on restricted networks and have to tunnel out over TCP port 443. (However, OpenVPN is much more secure and can also do this)

In the AUR there are two packages for this. One is a plugin for networkmanager and then the sstp-client.

yaourt -Ss sstp
aur/networkmanager-sstp 0.9.4.2-0 (0)
    NetworkManager VPN plugin for SSTP
aur/sstp-client 1.0.9-1 (0)
    SSTP VPN implementation that allows remote access to Microsoft Windows 2008 Server
aur/sstp-client-svn-stable 1.0.9-1 (2)
    SSTP client tested SVN experimantally stable revision

You will probably need to work with your employers technical support to work out the bugs.

You should also create a presentation explaining why using SSTP is a bad idea. Then suggest IPSec/L2TP or better yet OpenVPN over UDP.

Example:
If I use OpenVPN over TCP to my server I get a MAX ~300KB/s
Over UDP there is no max really. I normally have my full 15Mb/s

And that is with...
Hawaii <--> Germany

fragment 548
mssfix
cipher BF-CBC
keysize 448
auth SHA512

ta.key + 4096 RSA + dh4096.pem keys.

Last edited by hunterthomson (2013-04-04 01:30:07)

Giroscopic · 2013-04-16 22:35:56

Wow hunterthomson.... really thanks for your input

I will show my gratitude by working on this over the weekend and sharing in a post the results with the community.

Giroscopic · 2013-04-30 22:19:38

Hello, a little update. I have been trying to install the sstp plugin, but i have been not successfull. I dont really understand the error i get in the log.

I can go as far as telling that something in the GTK library is not right, at least for this version of the plugin. I tried googling the error, but i have no idea what to look for, "undefined reference" appear in a lot of different cases.
The wiki of arch has a link to sourceforge, and i dont see any troubleshooting there either.

Help apreciated when available

Here is the output of:
[giro@arch ~]$ sudo packer -S networkmanager-sstp

make  all-recursive
make[1]: Entering directory `/tmp/packerbuild-0/networkmanager-sstp/networkmanager-sstp/src/network-manager-sstp'
Making all in src
make[2]: Entering directory `/tmp/packerbuild-0/networkmanager-sstp/networkmanager-sstp/src/network-manager-sstp/src'
dbus-binding-tool --prefix=nm_sstp_pppd_service --mode=glib-server --output=nm-sstp-pppd-service-glue.h ../src/nm-sstp-pppd-service.xml
make  all-am
make[3]: Entering directory `/tmp/packerbuild-0/networkmanager-sstp/networkmanager-sstp/src/network-manager-sstp/src'
/bin/sh ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I..   -I/usr/include/NetworkManager -I/usr/include/libnm-glib -I/usr/include/NetworkManager -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include  -I/usr/include/sstp-client  -D_FORTIFY_SOURCE=2  -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -MT nm_sstp_pppd_plugin_la-nm-sstp-pppd-plugin.lo -MD -MP -MF .deps/nm_sstp_pppd_plugin_la-nm-sstp-pppd-plugin.Tpo -c -o nm_sstp_pppd_plugin_la-nm-sstp-pppd-plugin.lo `test -f 'nm-sstp-pppd-plugin.c' || echo './'`nm-sstp-pppd-plugin.c
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I/usr/include/NetworkManager -I/usr/include/libnm-glib -I/usr/include/NetworkManager -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/sstp-client -D_FORTIFY_SOURCE=2 -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -MT nm_sstp_pppd_plugin_la-nm-sstp-pppd-plugin.lo -MD -MP -MF .deps/nm_sstp_pppd_plugin_la-nm-sstp-pppd-plugin.Tpo -c nm-sstp-pppd-plugin.c  -fPIC -DPIC -o .libs/nm_sstp_pppd_plugin_la-nm-sstp-pppd-plugin.o
nm-sstp-pppd-plugin.c: In function 'plugin_init':
nm-sstp-pppd-plugin.c:641:2: warning: 'g_type_init' is deprecated (declared at /usr/include/glib-2.0/gobject/gtype.h:669) [-Wdeprecated-declarations]
  g_type_init ();
  ^
mv -f .deps/nm_sstp_pppd_plugin_la-nm-sstp-pppd-plugin.Tpo .deps/nm_sstp_pppd_plugin_la-nm-sstp-pppd-plugin.Plo
/bin/sh ../libtool  --tag=CC   --mode=link gcc  -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -module -avoid-version -Wl,-O1,--sort-common,--as-needed,-z,relro -o nm-sstp-pppd-plugin.la -rpath /usr/lib/pppd/2.4.5 nm_sstp_pppd_plugin_la-nm-sstp-pppd-plugin.lo   -lnm-util -lnm-glib -lnm-glib-vpn -ldbus-glib-1 -ldbus-1 -lgobject-2.0 -lglib-2.0  -lsstp_api  
libtool: link: gcc -shared  -fPIC -DPIC  .libs/nm_sstp_pppd_plugin_la-nm-sstp-pppd-plugin.o   -lnm-util -lnm-glib -lnm-glib-vpn -ldbus-glib-1 -ldbus-1 -lgobject-2.0 -lglib-2.0 /usr/lib/libsstp_api.so -lutil -levent -lssl -lcrypto  -march=x86-64 -mtune=generic -O2 -Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z -Wl,relro   -Wl,-soname -Wl,nm-sstp-pppd-plugin.so -o .libs/nm-sstp-pppd-plugin.so
libtool: link: ( cd ".libs" && rm -f "nm-sstp-pppd-plugin.la" && ln -s "../nm-sstp-pppd-plugin.la" "nm-sstp-pppd-plugin.la" )
depbase=`echo nm-sstp-service.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\
gcc -DHAVE_CONFIG_H -I. -I.. -I..  -pthread -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include  -I/usr/include/NetworkManager -I/usr/include/libnm-glib -I/usr/include/NetworkManager -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include  -DG_DISABLE_DEPRECATED -DBINDIR=\"/usr/bin\" -DPREFIX=\""/usr"\" -DSYSCONFDIR=\""/etc"\" -DNM_VERSION="\"0.9.4\"" -DLIBDIR=\""/usr/lib"\" -DLIBEXECDIR=\""/usr/lib/networkmanager"\" -DLOCALSTATEDIR=\""/usr/var"\" -DDATADIR=\"/usr/share\" -DPLUGINDIR=\"/usr/lib/pppd/2.4.5\"  -D_FORTIFY_SOURCE=2  -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -MT nm-sstp-service.o -MD -MP -MF $depbase.Tpo -c -o nm-sstp-service.o nm-sstp-service.c &&\
mv -f $depbase.Tpo $depbase.Po
nm-sstp-service.c: In function ‘main’:
nm-sstp-service.c:1319:2: warning: ‘g_type_init’ is deprecated (declared at /usr/include/glib-2.0/gobject/gtype.h:669) [-Wdeprecated-declarations]
  g_type_init ();
  ^
/bin/sh ../libtool  --tag=CC   --mode=link gcc  -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4  -Wl,-O1,--sort-common,--as-needed,-z,relro -o nm-sstp-service nm-sstp-service.o  -lgthread-2.0 -pthread -lglib-2.0  -lnm-util -lnm-glib -lnm-glib-vpn -ldbus-glib-1 -ldbus-1 -lgobject-2.0 -lglib-2.0  
libtool: link: gcc -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z -Wl,relro -o nm-sstp-service nm-sstp-service.o -pthread  -lgthread-2.0 -lnm-util -lnm-glib -lnm-glib-vpn -ldbus-glib-1 -ldbus-1 -lgobject-2.0 -lglib-2.0 -pthread
make[3]: Leaving directory `/tmp/packerbuild-0/networkmanager-sstp/networkmanager-sstp/src/network-manager-sstp/src'
make[2]: Leaving directory `/tmp/packerbuild-0/networkmanager-sstp/networkmanager-sstp/src/network-manager-sstp/src'
Making all in auth-dialog
make[2]: Entering directory `/tmp/packerbuild-0/networkmanager-sstp/networkmanager-sstp/src/network-manager-sstp/auth-dialog'
gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I/usr/include/NetworkManager -I/usr/include/libnm-glib -I/usr/include/NetworkManager -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include  -pthread -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include  -pthread -I/usr/include/gtk-3.0 -I/usr/include/at-spi2-atk/2.0 -I/usr/include/gtk-3.0 -I/usr/include/gio-unix-2.0/ -I/usr/include/cairo -I/usr/include/pango-1.0 -I/usr/include/harfbuzz -I/usr/include/pango-1.0 -I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libdrm -I/usr/include/libpng15 -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/libpng15 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include  -I/usr/include/gnome-keyring-1 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include  -DICONDIR=\""/usr/share/pixmaps"\" -DUIDIR=\"""\" -DBINDIR=\""/usr/bin"\" -DG_DISABLE_DEPRECATED -DGDK_DISABLE_DEPRECATED -DGTK_DISABLE_DEPRECATED -DVERSION=\"0.9.4\" -D_FORTIFY_SOURCE=2  -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -MT nm_sstp_auth_dialog-main.o -MD -MP -MF .deps/nm_sstp_auth_dialog-main.Tpo -c -o nm_sstp_auth_dialog-main.o `test -f 'main.c' || echo './'`main.c
mv -f .deps/nm_sstp_auth_dialog-main.Tpo .deps/nm_sstp_auth_dialog-main.Po
gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I/usr/include/NetworkManager -I/usr/include/libnm-glib -I/usr/include/NetworkManager -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include  -pthread -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include  -pthread -I/usr/include/gtk-3.0 -I/usr/include/at-spi2-atk/2.0 -I/usr/include/gtk-3.0 -I/usr/include/gio-unix-2.0/ -I/usr/include/cairo -I/usr/include/pango-1.0 -I/usr/include/harfbuzz -I/usr/include/pango-1.0 -I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libdrm -I/usr/include/libpng15 -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/libpng15 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include  -I/usr/include/gnome-keyring-1 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include  -DICONDIR=\""/usr/share/pixmaps"\" -DUIDIR=\"""\" -DBINDIR=\""/usr/bin"\" -DG_DISABLE_DEPRECATED -DGDK_DISABLE_DEPRECATED -DGTK_DISABLE_DEPRECATED -DVERSION=\"0.9.4\" -D_FORTIFY_SOURCE=2  -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -MT nm_sstp_auth_dialog-vpn-password-dialog.o -MD -MP -MF .deps/nm_sstp_auth_dialog-vpn-password-dialog.Tpo -c -o nm_sstp_auth_dialog-vpn-password-dialog.o `test -f 'vpn-password-dialog.c' || echo './'`vpn-password-dialog.c
vpn-password-dialog.c: In function ‘vpn_password_dialog_new’:
vpn-password-dialog.c:231:14: warning: assignment makes pointer from integer without a cast [enabled by default]
  priv->table = gtk_table_new (4, 2, FALSE);
              ^
mv -f .deps/nm_sstp_auth_dialog-vpn-password-dialog.Tpo .deps/nm_sstp_auth_dialog-vpn-password-dialog.Po
/bin/sh ../libtool  --tag=CC   --mode=link gcc  -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4  -Wl,-O1,--sort-common,--as-needed,-z,relro -o nm-sstp-auth-dialog nm_sstp_auth_dialog-main.o nm_sstp_auth_dialog-vpn-password-dialog.o -lnm-util -lnm-glib -lnm-glib-vpn -ldbus-glib-1 -ldbus-1 -lgobject-2.0 -lglib-2.0  -lgtk-3 -lgdk-3 -lpangocairo-1.0 -lpango-1.0 -latk-1.0 -lcairo-gobject -lcairo -lgdk_pixbuf-2.0 -lgio-2.0 -lgobject-2.0 -lglib-2.0  -lgnome-keyring -lglib-2.0  
libtool: link: gcc -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z -Wl,relro -o nm-sstp-auth-dialog nm_sstp_auth_dialog-main.o nm_sstp_auth_dialog-vpn-password-dialog.o  -lnm-util -lnm-glib -lnm-glib-vpn -ldbus-glib-1 -ldbus-1 -lgtk-3 -lgdk-3 -lpangocairo-1.0 -lpango-1.0 -latk-1.0 -lcairo-gobject -lcairo -lgdk_pixbuf-2.0 -lgio-2.0 -lgobject-2.0 -lgnome-keyring -lglib-2.0
nm_sstp_auth_dialog-vpn-password-dialog.o: In function `add_row':
vpn-password-dialog.c:(.text+0xc8): undefined reference to `GTK_TABLE'
vpn-password-dialog.c:(.text+0xeb): undefined reference to `GTK_TABLE'
nm_sstp_auth_dialog-vpn-password-dialog.o: In function `add_table_rows':
vpn-password-dialog.c:(.text+0x433): undefined reference to `GTK_TABLE'
nm_sstp_auth_dialog-vpn-password-dialog.o: In function `vpn_password_dialog_new':
vpn-password-dialog.c:(.text+0x7f3): undefined reference to `GTK_TABLE'
vpn-password-dialog.c:(.text+0x80c): undefined reference to `GTK_TABLE'
collect2: error: ld returned 1 exit status
make[2]: *** [nm-sstp-auth-dialog] Error 1
make[2]: Leaving directory `/tmp/packerbuild-0/networkmanager-sstp/networkmanager-sstp/src/network-manager-sstp/auth-dialog'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/tmp/packerbuild-0/networkmanager-sstp/networkmanager-sstp/src/network-manager-sstp'
make: *** [all] Error 2
==> ERROR: A failure occurred in build().
    Aborting...
The build failed.

Last edited by Giroscopic (2013-04-30 22:20:22)

enaess · 2013-06-19 23:37:59

This should be fixed now, either by compiling using the latest source drop through git:

git clone git://github.com/enaess/network-manager-sstp.git

Or new files have been staged on the sstp-client project. https://sourceforge.net/projects/sstp-client.

scorpp · 2013-07-12 21:04:16

updated AUR package for networkmanager-sstp https://aur.archlinux.org/packages/networkmanager-sstp/
please let me know in case of problems

Arch Linux

#1 2013-03-18 19:50:16

VPN: SSTP support

#2 2013-04-03 19:51:37

Re: VPN: SSTP support

#3 2013-04-04 01:18:00

Re: VPN: SSTP support

#4 2013-04-16 22:35:56

Re: VPN: SSTP support

#5 2013-04-30 22:19:38

Re: VPN: SSTP support

#6 2013-06-19 23:37:59

Re: VPN: SSTP support

#7 2013-07-12 21:04:16

Re: VPN: SSTP support

Board footer