SSTP stands for Secure Socket Tunneling Protocol, developed by Microsoft. It is one of the most powerful and widely used VPN protocols. It has the ability to bypass most firewalls because it uses SSL over port 443, which is also used by the famous protocol – HTTPS. Together with OpenVPN protocol, SSTP is considered one of the “stealth-VPN” protocols. Since it is owned by Microsoft, most Windows operating systems has a built-in SSTP-client. Other operating systems (e.g., macOS, Linux) also have some plug-in applications with GUI for SSTP client.
In this note, I am interested in finding a way to connect to an SSTP VPN
server from a Ubuntu 18.04 machine (not GUI since I need to automate some
(READ -*2 before proceeding!)). My VPN service provider only gives me a
username, a password, a hostname of the SSTP VPN server, and a tutorial using
GUI (similar to this
are many tutorials found on Google
that show you how to install and use the GUI to connect to an SSTP server.
Unfortunately, I couldn’t find any CLI tutorial that met my needs. Thus, I
noted down here what I found and the steps I took to connect to an SSTP server
Install necessary packages (I am using Ubuntu 18.04 LTS) (original instructions). The sstp-client and network-manager packages is available via PPA on launchpad. You can import the gpg key using the following command:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 61FF9694161CE595
Put the following two lines into the following file:
deb http://ppa.launchpad.net/eivnaes/network-manager-sstp/ubuntu vivid main deb-src http://ppa.launchpad.net/eivnaes/network-manager-sstp/ubuntu vivid main
Then use apt-get:
sudo apt-get update sudo apt-get install -y network-manager-sstp sstp-client
After playing around with all parameters of
sstpcand the man page of sstpc, I get my first SSTP connection UP using this command(
sudo sstpc --cert-warn --save-server-route --user <your_user_name> --password <your_password> <hostname_or_ip_address_of_sstp_server:port_if_not_standard_port> usepeerdns require-mschap-v2 noauth noipdefault nobsdcomp nodeflate # add/remove parameters according to your VPN provider's instruction.
Note that you may also need to run the following command to
routeall traffic to the VPN interface since some systems do not automatically do this task for you regardless of successfully establishing a connection with the VPN server, see more on stackexchange.
sudo route add default <vpn_interface> # e.g., ppp0 in my case. You can find it with `ifconfig` command
Or, you can also try using this command:
sudo route add default gw <ip_address_of_the_vpn_server>
If the above commands keep failing, please make sure your SSTP server is ON and accessible.
curl-ing a website keeps hanging, make sure the DNS resolver is set up properly by looking at
/etc/resolv.conf. If this file contains
nameserver(s) of the older network, you may try running this command
echo "nameserver 18.104.22.168" > /etc/resolv.confas
root. You can replace
22.214.171.124with any OpenDNS server accessible from your network (e.g.,
126.96.36.199). Note that this task will temporaryly change your OS’s stub resolver. When the
NetworkManageris restarted, all
nameserverwill be reset in accordance with your network connection._
*1: Since we have the flag
--save-server-route ON, you may want to
remove the added routes from the routing table using
route del command to
not increase the size of the routing table. You don’t need to remove them if
you frequently use the same SSTP VPN server, but definitely should remove them
if many different SSTP servers are used.
*2: Follow this note if you can only use
sstpc. However, NetworkManager
is a better choice if you can use
nmcli on your machine. NetworkManager will
help to handle all settings of the DNS stub resolver and the routing table. If
you have access to
nmcli command on your machine, you may want to skip this
note and read this