Recently, a customer wanted us to connect to his servers in a Microsoft Azure Cloud environment.
This connection required an SSTP tunnel with EAP-MSCHAPv2 authentication. We didn’t want to use the provided VPN client for Windows, but rather preferred to use our Linux gateway to make the connection.
An SSTP client for Linux is available at Sourceforge, but unfortunately the current pppd-2.4.7 does not support the required EAP encapsulated MSCHAPv2 authentication.
There is a patch implementing a PEAP encapsulated MSCHAPv2 at Github, but this didn’t solve our problem either, as the gateway doesn’t support PEAP.
Inspired by that implementation, we created our own EAP-MSCHAPv2 patch for pppd-2.4.7, which you can download here.
The implementation is incomplete in the way that only client mode is supported. Nevertheless, it works well for us. Please use at own risk.
Download link is not working, could you please update it?
Sorry for that, just fixed it!
Is there possible to have you help push this patch upstream to the pppd project. Please see here: https://github.com/paulusmack/ppp/pull/139
The patch needs to have you sign-off on it.
Hi Thomas,
I’ve followed your instructions closely but keep getting an error message.
Connection was aborted, Reason was not known.
In the logs it’s saying auth eap
I’m running ubuntu 18.04.5 (sstp-client version 1.0.12)
Which OS did you use?
Kind regards,
David
Hi David, for the original build we used a Slackware 14.2 system. This should only influence details of the built process.
Without more detailed information of the steps of the connection dialog it is impossible to say what’s going wrong at your system.
You should be able to find that in the ppp debug logs, maybe you need to increase the log level verbosity.
With best regards, Thomas.
Thanks Thomas, I got it working.
I think the problem was that the sstp-client was using an already pre-installed pppd.
I uninstalled it first (apt remove ppp) and compiled ppp with your patch (I then also compiled the sstp-client, rather than using the packages) and it worked out great!
Can I reference this site on a message board?
Kind regards,
David
Hi David,
good to hear that you were successful!
And yes, of course you may reference our web site.
With best regards,
Thomas.