Notes - Connect to An SSTP VPN Server Using Command Line in Ubuntu
SSTP stands for Secure Socket Tunneling Protocol, developed by Microsoft. It is one of the most powerful and widely used VPN protocols. It has the ability to bypass most firewalls because it uses SSL over port 443, which is also used by the famous protocol – HTTPS. Together with OpenVPN protocol, SSTP is considered one of the “stealth-VPN” protocols. Since it is owned by Microsoft, most Windows operating systems has a built-in SSTP-client. Other operating systems (e.g., macOS, Linux) also have some plug-in applications with GUI for SSTP client.
In this note, I am interested in finding a way to connect to an SSTP VPN
server from a Ubuntu 18.04 machine (not GUI since I need to automate some
tasks(READ -*2 before proceeding!)
). My VPN service provider only gives me a
username, a password, a hostname of the SSTP VPN server, and a tutorial using
GUI (similar to this
one). There
are many tutorials found on Google
(here
and there)
that show you how to install and use the GUI to connect to an SSTP server.
Unfortunately, I couldn’t find any CLI tutorial that met my needs. Thus, I
noted down here what I found and the steps I took to connect to an SSTP server
using CLI.
-
Install necessary packages (I am using Ubuntu 18.04 LTS) (original instructions). The sstp-client and network-manager packages is available via PPA on launchpad. You can import the gpg key using the following command:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 61FF9694161CE595
Put the following two lines into the following file:
/etc/apt/sources.list.d/sstp-client.list
deb http://ppa.launchpad.net/eivnaes/network-manager-sstp/ubuntu vivid main deb-src http://ppa.launchpad.net/eivnaes/network-manager-sstp/ubuntu vivid main
Then use apt-get:
sudo apt-get update sudo apt-get install -y network-manager-sstp sstp-client
-
After playing around with all parameters of
sstpc
and the man page of sstpc, I get my first SSTP connection UP using this command(-*1
):sudo sstpc --cert-warn --save-server-route --user <your_user_name> --password <your_password> <hostname_or_ip_address_of_sstp_server:port_if_not_standard_port> usepeerdns require-mschap-v2 noauth noipdefault nobsdcomp nodeflate # add/remove parameters according to your VPN provider's instruction.
Note that you may also need to run the following command to
route
all traffic to the VPN interface since some systems do not automatically do this task for you regardless of successfully establishing a connection with the VPN server, see more on stackexchange.sudo route add default <vpn_interface> # e.g., ppp0 in my case. You can find it with `ifconfig` command
Or, you can also try using this command:
sudo route add default gw <ip_address_of_the_vpn_server>
If the above commands keep failing, please make sure your SSTP server is ON and accessible.
If
curl
-ing a website keeps hanging, make sure the DNS resolver is set up properly by looking at/etc/resolv.conf
. If this file containsnameserver
(s) of the older network, you may try running this commandecho "nameserver 8.8.8.8" > /etc/resolv.conf
asroot
. You can replace8.8.8.8
with any OpenDNS server accessible from your network (e.g.,1.1.1.1
or9.9.9.9
). Note that this task will temporaryly change your OS’s stub resolver. When theNetworkManager
is restarted, allnameserver
will be reset in accordance with your network connection._
_*1
: Since we have the flag --save-server-route
ON, you may want to
remove the added routes from the routing table using route del
command to
not increase the size of the routing table. You don’t need to remove them if
you frequently use the same SSTP VPN server, but definitely should remove them
if many different SSTP servers are used.
_*2
: Follow this note if you can only use sstpc
. However, NetworkManager
is a better choice if you can use nmcli
on your machine. NetworkManager will
help to handle all settings of the DNS stub resolver and the routing table. If
you have access to nmcli
command on your machine, you may want to skip this
note and read this
one
instead.