sorz / sstp-server Goto Github PK

View Code? Open in Web Editor NEW

246.0 29.0 95.0 214 KB

Secure Socket Tunneling Protocol (SSTP VPN) server for Linux.

License: MIT License

Python 86.23% C 13.77%

python vpn-server python-asyncio

sstp-server's Introduction

sstp-server

A Secure Socket Tunneling Protocol (SSTP) server implemented by Python.

Requirements

Python >= 3.4.4
pppd

For Python 2.7, use v0.4.x

Crypto Binding is supported using SSTP ppp API plug-in sstp-pppd-plugin.so from sstp-client.

Install

Install from PyPI:

# pip install sstp-server

Please ensure your pip >= 9.0.1 to get correct version.

Install from GitHub:

# pip install git+https://github.com/sorz/sstp-server.git

Arch Linux user may install sstp-server package from AUR.

If you share the authentication with services other than SSTP (for example, a RADIUS server that serve both a SSTP and WiFi authentication), crypto binding is required to prevent MITM attacks. Crypto binding is enabled automatically if sstp-pppd-plugin.so is avaliable, see #37 for instructions.

Usage

Create pppd configure file /etc/ppp/options.sstpd,

A example:

name sstpd
require-mschap-v2
nologfd
nodefaultroute
ms-dns 8.8.8.8
ms-dns 8.8.4.4

Start server:

sudo sstpd -p 443 -c cert.pem -k key.pem --local 10.0.0.1 --remote 10.0.0.0/24

Or:

sudo sstpd -f /path/to/sstpd-server.ini -s site1

Known Issues

High CPU usage, may not suitable for high thougthput applications.

License

The MIT License (MIT)

sstp-server's People

Contributors

Stargazers

Watchers

Forkers

ceclinux haohaolee colabambino deba12 asasuou kasuganosora fqtools xyz12810 destitution xmcsi geligaoli coolchenk xswvfr gvsurenderreddy udo-tech-team bigeor juncojet alex-eri youxiaojie syxoasis cozil xbb123 dogfight360 sanyuli caoli5288 spofa blackholejet chmodawk ii0 sireof wangqiaozi create-rr isharework pobizhe xltuo qaq1145145 iojaeuian studythink ayelemeze ro9ueadmin damiankaczkowski coolsnake peaceanddemocracy et2017et xuacker hamjin zeropool playrooot catding skypeus bahattab fossabot vutral inste stefanalexandrubogdan noodled x0r2d2 axsguard xocoder fedorbelyakoff luckypoem vmajster mandymak ctyb zc409 sunny8886667 wikipikimiki fastforge 751797916 blazeryoo toxi22 kiterepo michael-hahn carlosmdarribas qiuweiwei111 nyuuk adist travellerxi mkll kingpop jekrami alireza1365karimi disassembler0 jn7163 zhanyongji coffeeyuyu coresh xiaolang2018 aa5959 imisinow anabasis-dev momothefox

sstp-server's Issues

No implement crypto binding

Must verify certHash and macHash on sstpMsgCallConnectedReceived() to prevent MITM attack.

Add ability to daemonize sstpd

it will be very useful if you add knob for daemonize the daemon :)
using screen is some how quirky

Gateway routing issues

Hello,

I have managed to set up the server and run it locally, however I have a question in regards to expected functionality and configuration.

The configuration specifies that the server can self-assign itself an IP address. The default value is 192.168.20.1, however this is configurable. However, it is not specified in the instructions if a specific networking adapter needs to be set up to facilitate this.

To be more specific, when running ifconfig I do not have any IP address that matches the one configured for the server. However, I was able to successfully connect to the server with Windows machines. The issue now becomes that these machines are not able to connect to the internet while the VPN connection is up; the issue is mitigated if I disable the server-inherited default gateway on the client.

To summarize, I cannot access the internet from clients connected to the server and I can't seem to figure out how to set up gateway routing appropriately to facilitate this because I cannot identify an adapter on the server that I can work with.

The server setup instructions do not specify anything in this regard, so I am either missing something that is implicitly known for server administrators, or I did something wrong, or there is another issue.

Thank you in advance for your help.

Let's encrypt's compatible

Let's encrypt's made 4 pem file, like

# ls
cert.pem  chain.pem  fullchain.pem  privkey.pem

And sstpd need a pem mixed privkey.pem and fullchain.pem(?). It works mixed it manually, but what about add a option(s) like -s to select private key file?

logspam

Currently sstpd outputs to stdout every disconnect and spam logs

2015-11-04 13:49:34,383 INFO: Connection finished.
2015-11-04 13:51:38,177 INFO: Connection finished.
2015-11-04 13:52:57,105 INFO: Connection finished.
2015-11-04 13:53:39,217 INFO: Connection finished.
2015-11-04 13:54:41,798 INFO: Connection finished.
2015-11-04 13:56:36,392 INFO: Connection finished.
2015-11-04 13:57:31,393 INFO: Connection finished.
2015-11-04 13:58:14,140 INFO: Connection finished.
2015-11-04 13:58:23,109 INFO: Connection finished.
2015-11-04 14:00:23,634 INFO: Connection finished.
2015-11-04 14:05:33,920 INFO: Connection finished.
2015-11-04 14:12:47,249 INFO: Connection finished.
2015-11-04 14:13:03,067 INFO: Connection finished.
2015-11-04 14:13:15,576 INFO: Connection finished.
2015-11-04 14:16:18,154 INFO: Connection finished.
2015-11-04 14:22:20,012 INFO: Connection finished.
2015-11-04 14:29:01,732 INFO: Connection finished.
2015-11-04 14:29:18,779 INFO: Connection finished.
2015-11-04 14:32:45,681 INFO: Connection finished.
2015-11-04 14:33:36,489 INFO: Connection finished.
2015-11-04 14:34:15,784 INFO: Connection finished.
2015-11-04 14:37:09,130 INFO: Connection finished.
2015-11-04 14:41:17,671 INFO: Connection finished.
2015-11-04 14:42:51,010 INFO: Connection finished.
2015-11-04 14:44:17,934 INFO: Connection finished.
2015-11-04 14:51:16,214 INFO: Connection finished.
2015-11-04 14:52:18,549 INFO: Connection finished.

I think "connection finished" must be printed
only when actual ppp connection is tear down

Is it also useable only with password & username authentication - so WITHOUT keys / keyfiles?

As the title says: Is it also useable only with password & username authentication - so WITHOUT keys / keyfiles?

Thank you very much for your feedback.

Best regards, Jan

Inter-peer port communication

Hello!

I have been successful in establishing connections between two peers using this VPN. Performing Test-NetConnection on the other peer will result in a successful ping, and I am also able to run netcat to do UDP test on another port as well, using PsPing on the other client to test. Everything works well.

What does not work at all however is games. Anything I have tried to run that should work over LAN simply fails to 'discover'. Worse yet, the ports seem to be somehow blocked. For example, Starcraft over LAN uses UDP 6112. I am able to perform a successful netcat/psping test on 6112, but the same machines are unable to see each other in Starcraft. Additionally, running and hosting a game in Starcraft on machine 1 and doing the same port 6112 psping test from machine 2 will fail.

The most I could narrow down this issue is at the adapter level; specifically, no matter what I have attempted to do (including using ForceBindIP with both the IP and interface ID), I have not been able to get the application to use the correct adapter. DemonStar, a very old game, has a 'Get IP Address' function that outputs the currently used IP address. Using other VPN solutions, it will pick up the relevant adapter interface correctly and use that IP address. With this however, I have been completely unable to get it to use the correct interface.

To summarize, although port connections and most functions work correctly, I have not been able to get games to use the correct network interface, and I have not been able to find a solution online. Has anyone else encountered / attempted this, and if so is this a known issue with sstp VPN types or am I missing something?

Thank you in advance!

SSTP Configuration Ubuntu

PPP Link Negotiation Never Ends?

Hi,

Thank you for your SSTP server implementation!
As I am not familiar with networking, I am wondering if you can provide some insight on the issues I am having now. I can run the server on my Ubuntu VM without a problem:

sudo+ssh://[email protected]:2222/usr/bin/python3.6 -u /home/vagrant/host/sstp-server/sstpd/run.py -f ../sstp-server.ini -s site1
2021-07-07 22:54:23,245 INFO: Cert SHA-1: 54dabc04b60dc153cb6cd2a7187484e087da77dc
2021-07-07 22:54:23,245 INFO: Cert SHA-256: 1551aac7c9caf20f974ab7d6c2a67d5fbfdc8cc881b1272f2f15656c2f70040b
2021-07-07 22:54:23,245 INFO: Running without uvloop
2021-07-07 22:54:23,245 DEBUG: Using selector: EpollSelector
2021-07-07 22:54:23,249 INFO: Listening on 192.168.33.10:443...

I am using the following configs:

[site1]
log_level = 5
listen = 192.168.33.10
listen_port = 443
pem_cert = /home/vagrant/host/sstp-server/cert.pem
pem_key = /home/vagrant/host/sstp-server/key.pem
local = 192.168.20.1
remote = 192.168.20.0/24
pppd_config = /etc/ppp/options.sstpd

And the pppd_config file looks like this:

name sstpd
noauth
nologfd
ms-dns 8.8.8.8
ms-dns 8.8.4.4
debug

Then I tried to use sstpc on my host machine to connect to the VPN server:

 sstp-server % sudo /usr/local/sbin/sstpc --log-level 5 --log-stderr --cert-warn --user user --password 'password' 192.168.33.10:443 usepeerdns noauth noipdefault defaultroute refuse-eap noccp

Now, the server outputs:

sudo+ssh://[email protected]:2222/usr/bin/python3.6 -u /home/vagrant/host/sstp-server/sstpd/run.py -f ../sstp-server.ini -s site1
2021-07-07 22:59:42,641 INFO: Cert SHA-1: 54dabc04b60dc153cb6cd2a7187484e087da77dc
2021-07-07 22:59:42,642 INFO: Cert SHA-256: 1551aac7c9caf20f974ab7d6c2a67d5fbfdc8cc881b1272f2f15656c2f70040b
2021-07-07 22:59:42,642 INFO: Running without uvloop
2021-07-07 22:59:42,642 DEBUG: Using selector: EpollSelector
2021-07-07 22:59:42,645 INFO: Listening on 192.168.33.10:443...
2021-07-07 22:59:47,765 INFO: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] SSTP control packet (CALL_CONNECT_REQUEST) received.
2021-07-07 22:59:47,766 INFO: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] Registered address 192.168.20.2
2021-07-07 22:59:47,771 VERBOSE: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] Raw data: 7eff7d23c0217d217d217d207d347d227d267d207d207d207d207d257d26e17d2c63d57d277d227d287d22466b7e
2021-07-07 22:59:47,771 DEBUG: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] pppd => sstp (24 bytes)
2021-07-07 22:59:47,771 VERBOSE: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] ff03c021010100140206000000000506e10c63d507020802
2021-07-07 22:59:47,772 DEBUG: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] sstp => pppd (24 bytes).
2021-07-07 22:59:47,772 VERBOSE: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] ff03c021010100140206000000000506e10c63d507020802
2021-07-07 22:59:47,774 VERBOSE: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] Raw data: 7eff7d23c0217d237d217d207d2a7d257d26fa49fbd9c6dd7e
2021-07-07 22:59:47,774 DEBUG: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] pppd => sstp (14 bytes)
2021-07-07 22:59:47,774 VERBOSE: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] ff03c0210301000a0506fa49fbd9
2021-07-07 22:59:47,775 DEBUG: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] sstp => pppd (14 bytes).
2021-07-07 22:59:47,776 VERBOSE: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] ff03c0210301000a0506fa49fbd9
2021-07-07 22:59:47,777 VERBOSE: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] Raw data: 7eff7d23c0217d217d227d207d347d227d267d207d207d207d207d257d265b3189967d277d227d287d22c3597e
2021-07-07 22:59:47,777 DEBUG: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] pppd => sstp (24 bytes)
2021-07-07 22:59:47,777 VERBOSE: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] ff03c0210102001402060000000005065b31899607020802
2021-07-07 22:59:47,777 DEBUG: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] sstp => pppd (24 bytes).
2021-07-07 22:59:47,778 VERBOSE: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] ff03c0210102001402060000000005065b31899607020802
2021-07-07 22:59:47,778 VERBOSE: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] Raw data: 7eff7d23c0217d237d227d207d2a7d257d2684dfc57d2535907e
2021-07-07 22:59:47,778 DEBUG: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] pppd => sstp (14 bytes)
2021-07-07 22:59:47,778 VERBOSE: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] ff03c0210302000a050684dfc505
2021-07-07 22:59:47,779 DEBUG: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] sstp => pppd (24 bytes).
2021-07-07 22:59:47,780 VERBOSE: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] ff03c0210101001402060000000005060628096c07020802
2021-07-07 22:59:47,780 VERBOSE: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] Raw data: 7eff7d23c0217d227d217d207d347d227d267d207d207d207d207d257d267d26287d296c7d277d227d287d22ea2b7e
2021-07-07 22:59:47,781 DEBUG: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] pppd => sstp (24 bytes)
2021-07-07 22:59:47,781 VERBOSE: [2A636439-AE46-66F0-79A4F1F9/192.168.33.1:61975] ff03c0210201001402060000000005060628096c07020802
...

and from the client end I see:

Jul  7 18:59:47 sstpc[9968]: Resolved 192.168.33.10 to 192.168.33.10
Jul  7 18:59:47 sstpc[9968]: Connected to 192.168.33.10
Jul  7 18:59:47 sstpc[9968]: SSL certificate verification failed: self signed certificate (18)
Jul  7 18:59:47 sstpc[9968]: Server certificated failed verification, ignoring
Jul  7 18:59:47 sstpc[9968]: Sending Connect-Request Message
Jul  7 18:59:47 sstpc[9968]: SEND SSTP CRTL PKT(14) 
Jul  7 18:59:47 sstpc[9968]:   TYPE(1): CONNECT REQUEST, ATTR(1):
Jul  7 18:59:47 sstpc[9968]:     ENCAP PROTO(1): 6
Jul  7 18:59:47 sstpc[9968]: RECV SSTP CRTL PKT(48) 
Jul  7 18:59:47 sstpc[9968]:   TYPE(2): CONNECT ACK, ATTR(1):
Jul  7 18:59:47 sstpc[9968]:     CRYPTO BIND REQ(4): 40
Jul  7 18:59:47 sstpc[9968]: Started PPP Link Negotiation
Jul  7 18:59:47 sstpc[9968]: RECV SSTP DATA PKT(28) 
Jul  7 18:59:47 sstpc[9968]:   PPP LCP ID: 1  CONFREQ ASYNCMAP: 00 00 00 00 MAGIC: 0xE10C63D5
Jul  7 18:59:47 sstpc[9968]: SEND SSTP DATA PKT(28) 
Jul  7 18:59:47 sstpc[9968]:   PPP LCP ID: 1  CONFREQ ASYNCMAP: 00 00 00 00 MAGIC: 0xE10C63D5
Jul  7 18:59:47 sstpc[9968]: RECV SSTP DATA PKT(18) 
Jul  7 18:59:47 sstpc[9968]:   PPP LCP ID: 1  CONFNAK MAGIC: 0xFA49FBD9
Jul  7 18:59:47 sstpc[9968]: SEND SSTP DATA PKT(18) 
Jul  7 18:59:47 sstpc[9968]:   PPP LCP ID: 1  CONFNAK MAGIC: 0xFA49FBD9
Jul  7 18:59:47 sstpc[9968]: RECV SSTP DATA PKT(28) 
Jul  7 18:59:47 sstpc[9968]:   PPP LCP ID: 2  CONFREQ ASYNCMAP: 00 00 00 00 MAGIC: 0x5B318996
Jul  7 18:59:47 sstpc[9968]: SEND SSTP DATA PKT(28) 
Jul  7 18:59:47 sstpc[9968]:   PPP LCP ID: 2  CONFREQ ASYNCMAP: 00 00 00 00 MAGIC: 0x5B318996
Jul  7 18:59:47 sstpc[9968]: RECV SSTP DATA PKT(18) 
Jul  7 18:59:47 sstpc[9968]:   PPP LCP ID: 2  CONFNAK MAGIC: 0x84DFC505
Jul  7 18:59:47 sstpc[9968]: SEND SSTP DATA PKT(28) 
Jul  7 18:59:47 sstpc[9968]:   PPP LCP ID: 1  CONFREQ ASYNCMAP: 00 00 00 00 MAGIC: 0x0628096C
Jul  7 18:59:47 sstpc[9968]: RECV SSTP DATA PKT(28) 
Jul  7 18:59:47 sstpc[9968]:   PPP LCP ID: 1  CONFACK ASYNCMAP: 00 00 00 00 MAGIC: 0x0628096C
Jul  7 18:59:50 sstpc[9968]: SEND SSTP DATA PKT(28) 
Jul  7 18:59:50 sstpc[9968]:   PPP LCP ID: 1  CONFREQ ASYNCMAP: 00 00 00 00 MAGIC: 0x0628096C
Jul  7 18:59:50 sstpc[9968]: RECV SSTP DATA PKT(28) 
Jul  7 18:59:50 sstpc[9968]:   PPP LCP ID: 2  CONFREQ ASYNCMAP: 00 00 00 00 MAGIC: 0x5B318996
Jul  7 18:59:50 sstpc[9968]: SEND SSTP DATA PKT(28) 
Jul  7 18:59:50 sstpc[9968]:   PPP LCP ID: 2  CONFACK ASYNCMAP: 00 00 00 00 MAGIC: 0x5B318996
Jul  7 18:59:50 sstpc[9968]: RECV SSTP DATA PKT(28) 
Jul  7 18:59:50 sstpc[9968]:   PPP LCP ID: 1  CONFACK ASYNCMAP: 00 00 00 00 MAGIC: 0x0628096C
Jul  7 18:59:50 sstpc[9968]: SEND SSTP DATA PKT(34) 
Jul  7 18:59:50 sstpc[9968]:   PPP IPCP ID: 1  CONFREQ COMPRESSTYPE: VJ [0x0F 0x01] ADDR: 0.0.0.0 MS_DNS1: 0.0.0.0 MS_DNS2: 0.0.0.0
Jul  7 18:59:50 sstpc[9968]: SEND SSTP DATA PKT(22) 
Jul  7 18:59:50 sstpc[9968]:   PPP ACSP ID: 1
Jul  7 18:59:50 sstpc[9968]: RECV SSTP DATA PKT(14) 
Jul  7 18:59:50 sstpc[9968]:   PPP LCP ID: 0  ECHOREQ MAGIC: 0x5B318996
Jul  7 18:59:50 sstpc[9968]: SEND SSTP DATA PKT(16) 
Jul  7 18:59:50 sstpc[9968]:   PPP LCP ID: 0  ECHOREP MAGIC: 0x0628096C
Jul  7 18:59:50 sstpc[9968]: RECV SSTP DATA PKT(21) 
Jul  7 18:59:50 sstpc[9968]:   PPP CCP ID: 1  CONFREQ BSD
Jul  7 18:59:50 sstpc[9968]: SEND SSTP DATA PKT(29) 
Jul  7 18:59:50 sstpc[9968]:   PPP LCP ID: 2  PROTOREJ CCP
Jul  7 18:59:50 sstpc[9968]: RECV SSTP DATA PKT(22) 
Jul  7 18:59:50 sstpc[9968]:   PPP IPCP ID: 1  CONFREQ COMPRESSTYPE: VJ [0x0F 0x01] ADDR: 192.168.20.1
Jul  7 18:59:50 sstpc[9968]: SEND SSTP DATA PKT(22) 
Jul  7 18:59:50 sstpc[9968]:   PPP IPCP ID: 1  CONFACK COMPRESSTYPE: VJ [0x0F 0x01] ADDR: 192.168.20.1
Jul  7 18:59:50 sstpc[9968]: RECV SSTP DATA PKT(28) 
Jul  7 18:59:50 sstpc[9968]:   PPP IPCP ID: 1  CONFNAK ADDR: 192.168.20.2 MS_DNS1: 8.8.8.8 MS_DNS2: 8.8.4.4
Jul  7 18:59:50 sstpc[9968]: SEND SSTP DATA PKT(34) 
Jul  7 18:59:50 sstpc[9968]:   PPP IPCP ID: 2  CONFREQ COMPRESSTYPE: VJ [0x0F 0x01] ADDR: 192.168.20.2 MS_DNS1: 8.8.8.8 MS_DNS2: 8.8.4.4
Jul  7 18:59:50 sstpc[9968]: RECV SSTP DATA PKT(28) 
Jul  7 18:59:50 sstpc[9968]:   PPP LCP ID: 3  PROTOREJ ACSP
Jul  7 18:59:50 sstpc[9968]: RECV SSTP DATA PKT(34) 
Jul  7 18:59:50 sstpc[9968]:   PPP IPCP ID: 2  CONFACK COMPRESSTYPE: VJ [0x0F 0x01] ADDR: 192.168.20.2 MS_DNS1: 8.8.8.8 MS_DNS2: 8.8.4.4
Jul  7 18:59:50 sstpc[9968]: SEND SSTP DATA PKT(88) 
Jul  7 18:59:50 sstpc[9968]: SEND SSTP DATA PKT(92) 
Jul  7 18:59:50 sstpc[9968]: SEND SSTP DATA PKT(76) 
Jul  7 18:59:50 sstpc[9968]: SEND SSTP DATA PKT(92) 
Jul  7 18:59:51 sstpc[9968]: SEND SSTP DATA PKT(64) 
Jul  7 18:59:51 sstpc[9968]: SEND SSTP DATA PKT(69) 
Jul  7 18:59:51 sstpc[9968]: SEND SSTP DATA PKT(69) 
Jul  7 18:59:51 sstpc[9968]: SEND SSTP DATA PKT(73) 
Jul  7 18:59:51 sstpc[9968]: SEND SSTP DATA PKT(75) 
Jul  7 18:59:51 sstpc[9968]: SEND SSTP DATA PKT(83) 
Jul  7 18:59:51 sstpc[9968]: SEND SSTP DATA PKT(65) 
Jul  7 18:59:51 sstpc[9968]: SEND SSTP DATA PKT(71) 
Jul  7 18:59:51 sstpc[9968]: SEND SSTP DATA PKT(99) 
Jul  7 18:59:51 sstpc[9968]: SEND SSTP DATA PKT(99) 
Jul  7 18:59:51 sstpc[9968]: SEND SSTP DATA PKT(79) 
Jul  7 18:59:51 sstpc[9968]: SEND SSTP DATA PKT(79) 
Jul  7 18:59:51 sstpc[9968]: SEND SSTP DATA PKT(67) 
...

It simply continues sending SSTP DATA PKT non-stop. It looks like the client stopped receiving any data from the server so PPP link negotiation never succeeded (but also never failed for some reason).

p.s.. I also tried to use nodefaultroute on both client and server. However, I don't think PPP connection was established either.

auth? can't get it to work

I've installed sstpd and can run the service, and I'm initiating a connection from a remote machine, but I can't seem to get authentication down.

I see require-mschap-v2 in the default options.sstpd file so I made an /etc/ppp/chap-secrets file contaning

user user password *

but I can't complete auth.

what am I missing?

socket.gaierror Name or service not known

Good afternoon, while trying to start the server, there was a problem.

sudo sstpd -p 443 -c ~/crts/cert.pem -k ~/crts/key.pem

2021-08-16 18:38:12,968 INFO: Cert SHA-1: cfe84a32f3e704fa4759182666c6ab1ccc08b0b0
2021-08-16 18:38:12,968 INFO: Cert SHA-256: 333d033ece684c297b997af6e7ddc24d6c132daa90dceb8aba61c620578d487b
2021-08-16 18:38:12,969 INFO: Running without uvloop
Traceback (most recent call last):
File "/usr/local/bin/sstpd", line 8, in <module> sys.exit(run())
File "/usr/local/lib/python3.8/dist-packages/sstpd/__init__.py", line 9, in run main()
File "/usr/local/lib/python3.8/dist-packages/sstpd/__main__.py", line 168, in main server = loop.run_until_complete(coro)
File "/usr/lib/python3.8/asyncio/base_events.py", line 616, in run_until_complete return future.result()
File "/usr/lib/python3.8/asyncio/base_events.py", line 1429, in create_server infos = await tasks.gather(*fs, loop=self)
File "/usr/lib/python3.8/asyncio/base_events.py", line 1369, in _create_server_getaddrinfo infos = await self._ensure_resolved((host, port), family=family,
File "/usr/lib/python3.8/asyncio/base_events.py", line 1365, in _ensure_resolved return await loop.getaddrinfo(host, port, family=family, type=type,
File "/usr/lib/python3.8/asyncio/base_events.py", line 825, in getaddrinfo return await self.run_in_executor(
File "/usr/lib/python3.8/concurrent/futures/thread.py", line 57, in run result = self.fn(*self.args, **self.kwargs)
File "/usr/lib/python3.8/socket.py", line 918, in getaddrinfo for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -2] Name or service not known

system: ubuntu server 20.04
preinstalled: pptpd

segfault fault under Python 3.11.2

Hi!
I've tried to run sstpd server under Debian 12 but got error.

`pppd[33457]: Connect: ppp0 <--> /dev/pts/2

kernel: [ 4758.218216] sstpd[33399]: segfault at 0 ip 00007ff0da33739e sp 00007fffe6817980 error 4 in codec.cpython-311-x86_64-linux-gnu.so[7ff0da337000+1000] likely on CPU 1 (core 0, socket 1)

kernel: [ 4758.218231] Code: 00 00 00 00 48 8b 73 10 83 ea 02 48 8d 3d 7f 0c 00 00 31 c0 e8 23 fd ff ff 4c 89 e7 48 89 c6 49 89 c7 e8 05 fd ff ff 83 f8 ff <49> 8b 07 74 24 48 83 e8 01 49 89 07 75 b9 4c 89 ff e8 ac fc ff ff

pppd[33457]: Modem hangup
`

Breaks when running under Python 3.10

sstp-server segfaults immediately after accepting and setting up a connection when running under Python 3.10. The segfault seems to happen within the context of codecmodule.c.

request feature, logwtmp

how to add logwtmp feature ? need to know who is loggin.
why i don't see pppd daemon in ps aux command , after sstp connection established ?
Thanks very much

No support for protocol field compression

Temporary solution: put nopcomp on pppd configure file.

Listen on unix socket

If you consider #15 then please add unix socket listening it will be much faster than TCP
when proxing sstpd

Path in the URI?

I've setup a SSTP server that works fine. But I want to hide its existence. According to https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-sstp/7e5b2134-b4bf-435a-85bf-bfe0313fd889, the SSTP protocol can have a path in the connection (e.g. mydomain.org/mypath/abc). Is it supported by this server software?

two processes of the same VPN connection

Hi all

When a client connects to sstpd, two processes of the same VPN connection are created in Linux

Is that how it should be?

[Feature Req] Daemon mode

A daemon mode which like ss's is good. sstpd -f /etc/sstpd.ini -l /var/log/sstpd.log -d start make daemon start and redirect output to /var/log/sstpd.log.

nohup is evil.

Support for PROXY PROTOCOL

In my quest to place nginx infront of sstpd
i found one huge limitation: can't get user ip address due to proxy.
Please add support (with configuration switch)
for PROXY PROTOCOL
http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt
I am not sure which version nginx supports so please add both of them.

PPP sync mode support

Current sstp-server using async ppp, it requires escaping & unescaping every frames it
send and receive (and the pppd also have to do that). If we can use sync mode, lots of
CPU time will be save from these meaningless escaping & unescaping .

I tried to support sync mode on 15f66b3.
It seem work at the beginning, but once I fire a iperf, things go wrong: some frames that
read from pppd (via pty) are "broken".

Normally, the data stream are something like:
…[frame #5][frame #6][frame #7]…
But when the traffic increase, it comes like
…[frame #5][first 40 bytes of frame #6][frame #6][frame #7]…
(the number "40" is just a example, may more or less)
In the other word, it received a duplicated, partial frame, inserted just before the normal
complete frame.

Since in sync mode the boundary of frames does not exist, I don't know how to handle this.
And I don't know why this happen either.

feature request : pass user IP to ppp

like pptpd.conf set pass peer = yes, then set ipparam pptpd to get user IP and accounting with calling-station-id. current version do not pass the user IP to pppd, so radius only record with strings
like pptpd behind param ipparam.

Win10 client issus

Everything is OK on my win7 laptop but cannot be client in my win10 PC. Here is the options.sstpd

# cat /etc/ppp/options.sstpd
name sstpd
require-mschap-v2
nologfd
nodefaultroute
ms-dns 8.8.8.8
ms-dns 8.8.4.4

Here is message in win10. MS-CHAP V2 support is checked.

Here is the sstpd's log.

2017-03-30 08:16:07,890 INFO: Listening on 0.0.0.0:443...
2017-03-30 08:33:08,928 INFO: SSTP control packet (CALL_CONNECT_REQUEST) received.
2017-03-30 08:33:09,867 INFO: pppd stopped.
2017-03-30 08:33:09,901 INFO: SSTP control packet (CALL_DISCONNECT) received.
2017-03-30 08:33:28,695 INFO: SSTP control packet (CALL_CONNECT_REQUEST) received.
2017-03-30 08:33:29,750 INFO: SSTP control packet (CALL_DISCONNECT) received.
2017-03-30 08:33:29,750 INFO: Received call disconnect request.
2017-03-30 08:33:29,752 INFO: pppd stopped.

Sanitize HTTP parsing

When input is invalid
for example GET / \r\n\r\n

we get stack trace

Unhandled Error
Traceback (most recent call last):
  File "/usr/local/lib/pypy2.7/dist-packages/Twisted-15.4.0-py2.7-linux-x86_64.egg/twisted/python/log.py", line 101, in callWithLogger
    return callWithContext({"system": lp}, func, *args, **kw)
  File "/usr/local/lib/pypy2.7/dist-packages/Twisted-15.4.0-py2.7-linux-x86_64.egg/twisted/python/log.py", line 84, in callWithContext
    return context.call({ILogContext: newCtx}, func, *args, **kw)
  File "/usr/local/lib/pypy2.7/dist-packages/Twisted-15.4.0-py2.7-linux-x86_64.egg/twisted/python/context.py", line 118, in callWithContext
    return self.currentContext().callWithContext(ctx, func, *args, **kw)
  File "/usr/local/lib/pypy2.7/dist-packages/Twisted-15.4.0-py2.7-linux-x86_64.egg/twisted/python/context.py", line 81, in callWithContext
    return func(*args,**kw)
--- <exception caught here> ---
  File "/usr/local/lib/pypy2.7/dist-packages/Twisted-15.4.0-py2.7-linux-x86_64.egg/twisted/internet/posixbase.py", line 597, in _doReadOrWrite
    why = selectable.doRead()
  File "/usr/local/lib/pypy2.7/dist-packages/Twisted-15.4.0-py2.7-linux-x86_64.egg/twisted/internet/tcp.py", line 209, in doRead
    return self._dataReceived(data)
  File "/usr/local/lib/pypy2.7/dist-packages/Twisted-15.4.0-py2.7-linux-x86_64.egg/twisted/internet/tcp.py", line 215, in _dataReceived
    rval = self.protocol.dataReceived(data)
  File "/usr/local/lib/pypy2.7/dist-packages/sstp_server-0.3.6-py2.7-linux-x86_64.egg/sstpd/sstp.py", line 32, in dataReceived
    self.httpDataReceived(data)
  File "/usr/local/lib/pypy2.7/dist-packages/sstp_server-0.3.6-py2.7-linux-x86_64.egg/sstpd/sstp.py", line 53, in httpDataReceived
    method, uri, version = requestLine.split()
exceptions.ValueError: expected length 3, got 1

I think there have to be proper input sanitize :)

Add remotenumber in pppd invoke

I am trying to get sstpd working with radius, but i can't get user's ip.
Please add remotenumber $$REMOTE_IP when you call pppd
i think it will be sufficient.

Thanks

Can not connect to the server after start the sstp-server by systemd

The server OS is Centos 7, I copy the .service file from archlinux aur which is written by you.
Use this .service file i can start the sstp server . but when i try to connect. the /var/log/message shows:

Feb  4 03:41:18 test pppd[6582]: Couldn't open the /dev/ppp device: No such file or directory
Feb  4 03:41:18 test pppd[6582]: You need to create the /dev/ppp device node by#012executing the following command as root:#012#011mknod /dev/ppp c 108 0

and the connection fail

I try to create the file manually. But do not fix this problem...

mac下，怎么运行客户端？

有gui程序吗？还是用命令行？
如果用命令行，该怎么写？

tks

How to configure Username/Password

There's no documentation for how to setup the username and password for clients to connect with, and I have been struggling to figure this out

as per the documentation my options.sstpd has require-mschap-v2

radius server

Please delete it!

Default Gateway is 0.0.0.0 No Internet access

How to configure the default gateway so clients can access the internet while connected to the vpn?

DistributionNotFound: ipaddress

Latest git version. The module ipaddress already installed by pip.

Traceback (most recent call last):
  File "/usr/bin/sstpd", line 5, in <module>
    from pkg_resources import load_entry_point
  File "/usr/lib/python2.6/site-packages/pkg_resources.py", line 2655, in <module>
    working_set.require(__requires__)
  File "/usr/lib/python2.6/site-packages/pkg_resources.py", line 648, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/lib/python2.6/site-packages/pkg_resources.py", line 546, in resolve
    raise DistributionNotFound(req)
pkg_resources.DistributionNotFound: ipaddress

On which Linux distribution can i run it?

Can i run it on Debian 11 "Bullseye" 64 bit?
Can i also run it on Raspbian 11 "Bullseye" 64 bit?

Thanks in advance for your feedback.

Best regards, Jan

Proxy HTTPS requests to Web-server

For serving http and sstp it will be great feature.

How to make cert.pem file?

Hi,How to make cert.pem file?

AttributeError: 'SSTPProtocol' object has no attribute 'transport'

i keep getting such errors dumped to stderr, probably caused by non-sstp clients tryting to connect to the server:

2023-04-03 08:02:26,470 ERROR: Exception in callback SSTPProtocol.hello_timer_expired(close=False)()
handle: <TimerHandle when=33316.876951445 SSTPProtocol.hello_timer_expired(close=False)()>
Traceback (most recent call last):
File "/usr/lib64/python3.7/asyncio/events.py", line 88, in _run
self._context.run(self._callback, *self._args)
File "/usr/lib64/python3.7/site-packages/sstp_server-0.6.0-py3.7-linux-x86_64.egg/sstpd/sstp.py", line 532, in hello_timer_expired
self.transport.close() # TODO: follow HTTP
AttributeError: 'SSTPProtocol' object has no attribute 'transport'

Protocol decode mismatch and severe packet loss

Hello,
i have just tried your last version there are errors in pppd log about unsupported protocol.
After that errors windows clients expirience severe packet loss that leads to disconnection
logs from pppd

2015-07-09T00:23:53.402367+03:00 vpn-server pppd[8403]: pppd 2.4.6 started by root, uid 0
2015-07-09T00:23:53.402586+03:00 vpn-server pppd[8403]: using channel 1033
2015-07-09T00:23:53.402939+03:00 vpn-server pppd[8403]: Using interface ppp0
2015-07-09T00:23:53.403059+03:00 vpn-server pppd[8403]: Connect: ppp0 <--> /dev/pts/3
2015-07-09T00:23:53.403264+03:00 vpn-server pppd[8403]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xd79088c7> <pcomp> <accomp>]
2015-07-09T00:23:53.509403+03:00 vpn-server pppd[8403]: rcvd [LCP ConfReq id=0x0 <mru 4091> <magic 0x3a00292c> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:b5.1f.d9.e8.f4.86.46.e3.bc.98.5c.9a.4a.7c.b2.62.00.00.00.0c]>]
2015-07-09T00:23:53.509428+03:00 vpn-server pppd[8403]: sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614>]
2015-07-09T00:23:53.546378+03:00 vpn-server pppd[8403]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xd79088c7> <pcomp> <accomp>]
2015-07-09T00:23:53.583447+03:00 vpn-server pppd[8403]: rcvd [LCP ConfReq id=0x1 <mru 4091> <magic 0x3a00292c> <pcomp> <accomp> <endpoint [local:b5.1f.d9.e8.f4.86.46.e3.bc.98.5c.9a.4a.7c.b2.62.00.00.00.0c]>]
2015-07-09T00:23:53.583465+03:00 vpn-server pppd[8403]: sent [LCP ConfAck id=0x1 <mru 4091> <magic 0x3a00292c> <pcomp> <accomp> <endpoint [local:b5.1f.d9.e8.f4.86.46.e3.bc.98.5c.9a.4a.7c.b2.62.00.00.00.0c]>]
2015-07-09T00:23:53.583493+03:00 vpn-server pppd[8403]: sent [LCP EchoReq id=0x0 magic=0xd79088c7]
2015-07-09T00:23:53.583512+03:00 vpn-server pppd[8403]: sent [CHAP Challenge id=0x95 <a3181101c5c77845fac665897416225a>, name = "sstpd"]
2015-07-09T00:23:53.624084+03:00 vpn-server pppd[8403]: rcvd [LCP Ident id=0x2 magic=0x3a00292c "MSRASV5.20"] c0 21 0c 03 00 1f 3a 00 29 2c 4d 53 52 41 53 2d 30 2d 57 49 4e 2d 48 47 41 42 52 4e 55 54 30 4d ...
2015-07-09T00:23:53.625795+03:00 vpn-server pppd[8403]: rcvd [LCP EchoRep id=0x0 magic=0x3a00292c]
2015-07-09T00:23:53.628134+03:00 vpn-server pppd[8403]: rcvd [CHAP Response id=0x95 <24555f687d362359bd911b8bd86820cc0000000000000000f4ac22e29ecd6b76bdc2173aaf32f413e789c073d558787800>, name = "user"]
2015-07-09T00:23:53.628880+03:00 vpn-server pppd[8403]: sent [CHAP Success id=0x95 "S=6A6C5B424560B3BFF323DE614A54DE5D71281117 M=Access granted"]
2015-07-09T00:23:53.628980+03:00 vpn-server pppd[8403]: sent [IPCP ConfReq id=0x1 <addr 10.51.0.1>]
2015-07-09T00:23:53.669201+03:00 vpn-server pppd[8403]: rcvd [IPCP ConfReq id=0x5 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns2 0.0.0.0> <ms-wins 0.0.0.0>]
2015-07-09T00:23:53.669216+03:00 vpn-server pppd[8403]: sent [IPCP ConfRej id=0x5 <ms-wins 0.0.0.0> <ms-wins 0.0.0.0>]
2015-07-09T00:23:53.669844+03:00 vpn-server pppd[8403]: rcvd [IPCP ConfAck id=0x1 <addr 10.51.0.1>]
2015-07-09T00:23:53.707833+03:00 vpn-server pppd[8403]: rcvd [IPCP ConfReq id=0x6 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
2015-07-09T00:23:53.707850+03:00 vpn-server pppd[8403]: sent [IPCP ConfNak id=0x6 <addr 10.51.0.2> <ms-dns1 8.8.8.8> <ms-dns2 8.8.4.4>]
2015-07-09T00:23:53.745637+03:00 vpn-server pppd[8403]: rcvd [IPCP ConfReq id=0x7 <addr 10.51.0.2> <ms-dns1 8.8.8.8> <ms-dns2 8.8.4.4>]
2015-07-09T00:23:53.745653+03:00 vpn-server pppd[8403]: sent [IPCP ConfAck id=0x7 <addr 10.51.0.2> <ms-dns1 8.8.8.8> <ms-dns2 8.8.4.4>]
2015-07-09T00:23:53.746306+03:00 vpn-server pppd[8403]: local  IP address 10.51.0.1
2015-07-09T00:23:53.746320+03:00 vpn-server pppd[8403]: remote IP address 10.51.0.2
2015-07-09T00:23:53.746705+03:00 vpn-server pppd[8403]: Script /etc/ppp/ip-up started (pid 8406)
2015-07-09T00:23:53.748707+03:00 vpn-server pppd[8403]: Script /etc/ppp/ip-up finished (pid 8406), status = 0x0
2015-07-09T00:24:20.347745+03:00 vpn-server pppd[8403]: rcvd [proto=0xb5] ed 97 71 cc 0c 43 c2 77 07 0e 2e f2 d7 17 69 ae fb 45 a0 11 22 4a 7f 3c 3a 0d 2e f2 99 96 20 f8 ...
2015-07-09T00:24:20.347754+03:00 vpn-server pppd[8403]: Unsupported protocol 0xb5 received
2015-07-09T00:24:20.347764+03:00 vpn-server pppd[8403]: sent [LCP ProtRej id=0x2 00 b5 ed 97 71 cc 0c 43 c2 77 07 0e 2e f2 d7 17 69 ae fb 45 a0 11 22 4a 7f 3c 3a 0d 2e f2 99 96 ...]
2015-07-09T00:25:23.371749+03:00 vpn-server pppd[8403]: Hangup (SIGHUP)

logs from sstpd

2015-07-09 00:23:53,395 INFO: SSTP control packet (type 1) received.
2015-07-09 00:23:53,667 INFO: SSTP control packet (type 4) received.
2015-07-09 00:23:53,667 INFO: Connection established.
2015-07-09 00:25:23,371 INFO: Connection finished.
2015-07-09 00:25:23,382 INFO: pppd stopped.

Name or service not known

when i try run it on debian 11 i get this error
2023-06-19 05:55:43,720 INFO: Running without uvloop

Traceback (most recent call last):
  File "/usr/local/bin/sstpd", line 8, in <module>
    sys.exit(run())
  File "/usr/local/lib/python3.9/dist-packages/sstpd/__init__.py", line 9, in run
    main()
  File "/usr/local/lib/python3.9/dist-packages/sstpd/__main__.py", line 168, in main
    server = loop.run_until_complete(coro)
  File "/usr/lib/python3.9/asyncio/base_events.py", line 642, in run_until_complete
    return future.result()
  File "/usr/lib/python3.9/asyncio/base_events.py", line 1460, in create_server
    infos = await tasks.gather(*fs, loop=self)
  File "/usr/lib/python3.9/asyncio/base_events.py", line 1400, in _create_server_getaddrinfo
    infos = await self._ensure_resolved((host, port), family=family,
  File "/usr/lib/python3.9/asyncio/base_events.py", line 1396, in _ensure_resolved
    return await loop.getaddrinfo(host, port, family=family, type=type,
  File "/usr/lib/python3.9/asyncio/base_events.py", line 856, in getaddrinfo
    return await self.run_in_executor(
  File "/usr/lib/python3.9/concurrent/futures/thread.py", line 52, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/usr/lib/python3.9/socket.py", line 953, in getaddrinfo
    for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -2] Name or service not known

Improve performance

Very high cpu usage
(bandwidth was around 20mbit/s but cpu usage was over 70% on sandy bridge xeon)

outReceived takes so many cpu cycles

VMprof report. See also #5.

/cc @deba12

Dose the sstp-server support auth by radius ? and how to or any plan?

any title go