Setting up sstp-client with custom port and EAP

Hello all,
In short, trying to create an interface that is an sstp-client that will connect to a windows server. I have read a bit of this thread, which did lead me to this script. In reading through the script, I was able to see the setup functions given, however the individual settings are not clear.

Setup:
Running OpenWrt on a Raspberry Pi 4 Model B, Rev 1.5
ARMv8 Processor rev 3
OpenWrt 22.03.5 r20134-5f15225c1e / LuCi openwrt-22.03 branch git-23.093.57104-ce20b4a
Kernel Version 5.10.176

Current interfaces file setup:
config interface 'vpnclient'
option proto 'sstp'
option username 'myvpnusername'
option password 'myvpnpassword'
option server 'the.serveraddress.com'
option log_level '0'

I tried adding an "option port '4443'" here (and using the GUI advanced options tab on the interface page) but the log shows that this parameter is not recognized. Without port information, the log does indicate its trying but the HTTP handshake is not working - which does make sense as it would be trying port 443. (The folks that set this up moved it to port 4443, and unfortunately I cannot change it due to functionality of other systems.)

I'm also unsure on how to force it to use EAP, though in seeing settings for pppd options I see a 'refuse-eap' option, so perhaps this would be:

option pppd-options 'force-eap'?

Unfortunately I have not been able to find a syntax document, but perhaps I am searching the wrong thing.

My main goal is to create a router in my office that presents a wifi network to connect to that is always connected to the network of a company I support. This is so I can easily setup new systems, troubleshoot issues, and monitor network remotely. (So, if there are more straightforward options for this, I'm all for it - this just seemed like a good use of a Pi 4 I had.)

Would love to learn more as doing this, and not afraid of bricking the Pi, it takes about 15 min for me to start over from fresh, so no issue.

Thanks

When I attempt to connect via the cli:
sstpc --cert-warn --user vpnusername --password vpnpassword server:port I get a:
**Error: Connection was aborted, Reason was not known, (-1)

When I attempt:
sstpc --cert-warn --user test server:port I get a:
/dev/pts/1: Error loading shared library /usr/lib/pppd/2.4.9/sstp-pppd-plugin.so: no such file or directory
/dev/pts/1: Couldnt load plug sstp-pppd-plugin.so

Im not sure how to load the plugin? Doesnt appear to be an opkg error (the sstp-client and luci-sstp is loaded).

The quick and dirty way:

Open /lib/netifd/proto/sstp.sh, go to line 85 and change $server \ to $server:4443 \

@pavelgl - thanks very much! Now when I try:

sstpc --cert-warn --user vpnusername --password vpnpassword server
or:
sstpc --cert-warn --user test server I get a:

Error: HTTP handshake with server failed, (-1)

  • which is an improvement! At least now its trying to communicate with something, just the handshake isnt working as needed. Im assuming (uh oh) that this is due to my EAP settings not being what they should be.

To be more specific, according to those who set the VPN up, I need to "Use EAP - Microsoft secured password EAP-MSCHAPv2"

So it appears that the interface that I have set to sstp is now connecting to the VPN. I used the following command on cli:

pppd pty "sstpc --username vpnusername --password vpnuserpassword server"
The cli did not report an error. When I went to restart the interface, it reports connected.

Now to route the traffic...

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.