- FREE SSTP VPN server on Linux with SoftEther
- Before You Begin
- 1. Install SoftEther
- How to set up an SSTP Server
- 6 Answers 6
- Saved searches
- Use saved searches to filter your results more quickly
- License
- sorz/sstp-server
- Name already in use
- Sign In Required
- Launching GitHub Desktop
- Launching GitHub Desktop
- Launching Xcode
- Launching Visual Studio Code
- Latest commit
- Git stats
- Files
- README.rst
- About
FREE SSTP VPN server on Linux with SoftEther
Always Hot Café needs a fast and cheap way to set up a VPN solution for it’s workers. They don’t want to invest in expensive hardware, or software. Also, the employees have Windows laptops and they want to use the built-in VPN client capability, the Windows computers already have. SSTP is the Microsoft proprietary flavor of SSL VPN protocols. It uses SSL channels just like OpenVPN to build up the VPN tunnel between the client and the server. This way the connection is likely won’t be blocked by strict firewalls when users are away, staying in hotels, etc. As data transmission happens on port 443/tcp, the firewall will not be able to distinguish between VPN traffic or simple web browsing, unlike in case of PPTP or L2TP where dedicated ports need to be used to form the VPN tunnel.
We’ll use SoftEther, a very versatile VPN server created by the University of Tsukuba, Japan. Not only it is free, but are able to configure it with auto-renewing Let’s Encrypt SSL certificates, so we don’t need to care about SSL renewals. We pretty much install the server, then we can forget about it!
Before You Begin
After CentOS basic install:
# Installing prerequisites yum update -y yum install -y wget tar yum groupinstall -y "Development Tools"
wget -P /usr/local https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.34-9745-beta/softether-vpnserver-v4.34-9745-beta-2020.04.05-linux-x64-64bit.tar.gz
Extract SoftEther to /usr/local
tar -C /usr/local -xzf /usr/local/softether-vpnserver-v4.34-9745-beta-2020.04.05-linux-x64-64bit.tar.gz
1. Install SoftEther
We are ready to install SoftEther. This means we extract it, set the right permissions on the config files and set the service to start. Compile the executables first:
How to set up an SSTP Server
Is there a way to set up a linux based, preferably ubuntu, SSTP server? I know there is a SSTP client available on sourceforge, but I can’t find a server. To be clear: I do NOT want openVPN, I want SSTP.
6 Answers 6
Yes, there is a Linux (and Windows/Mac) based SSTP (and lot more) VPN Server. It is called SoftEther VPN (http://www.softether.org). I used it on Ubuntu 13.04 release. Best of off, it is free. Granted, there are couple of limitations with the free version (for example, cannot use external authentication, client certificates etc.)
In general, it seems to work fine. It is quite easy to install, use and manage. Has decently good documentation. Has quite a few options. It does serve my SSTP server needs.
This SoftEther VPN seem to me a very interesting new project. It seem to do SSTP among the others. I read the site and they say it is freeware and is planned to be open-source software (GNU General Public License) in the middle of 2013. On paper there are many intresting features but I have not tried it so perhaps other feedbacks are needed.
It’s open source since January 4, 2014. So most probably the restrictions don’t apply anymore (haven’t checked that).
UPDATE
Shortly after this answer was written, the University of Tsukuba released their first release of SoftEther, which runs on Linux and does provide a Microsoft-compatible SSTP server implementation.
ORIGINAL
There is no SSTP server software for Linux currently available. There is an SSTP client available for Linux and SSTP server implementations available for Windows (as Microsoft developed the protocol) and RouterOS. There is an open specification, so there isn’t a reason why someone couldn’t develop the server. It just hasn’t been done.
The reasons you probably haven’t seen much open-source development on this are:
- SSTP is a relatively new VPN protocol
- SSTP is a Microsoft-pushed technology
- OpenVPN already fulfills the particular needs for open-source solutions
If you want SSTP because firewalls already let through TCP port 443 traffic, OpenVPN already supports running a TCP-based server on any port, including 443. OpenVPN setups using TCP port 443 are quite common for this reason, although they’re rightly not the recommended setup because running IP over TCP (especially TCP over TCP) generally gives poor performance.
VPN, Virtual Private Network, is currently used by a large number of employees working from home for secured connection to a remote corporate network. VPN SSTP, which is one of the many VPN types, we use and offer very often in our datacenter and we will show you how to set it up on the operating system Windows and the Linux distribution Ubuntu 20.04.
There are several types of security protocols in using the VPN, which have many advantages but also disadvantages. We can mention the protocols PPTP, L2TP, IKEv2, however very widespread protocol, which we also provide in our datacenter as a service, is VPN SSTP (Secure Socket Tunneling Protocol. Its great advantage is easy setting and bypassing firewalls.
The VPN SSTP was developed by Microsoft Corporation and designed primarily for secure connections through operating system Windows. Nevertheless, nowadays, it can be used also on open source distributions such as Ubuntu and Debian. And how to install SSTP on Debian 20.04, we will describe for you step by step below.
For successful connection via SSTP VPN, you will need the following information and files that should be provided to you by the VPN server administrator:
- VPN account (user name a password)
- VPN server certificate (file)
- VPN server name
1) Add repository (package repository with SSTP client)
Enter the terminal and use the following command (you will be asked for your password, if you use sudo command for the first time). By this command, you will add new repository with SSTP client to your current package repository list.
2) Update of packages list and installation of the SSTP client
If the previous command ran smoothly without any problem, you can proceed to the next step, which is the list update of all available packages, including the newly added ones:
The information about all packages in the system is up-to-date now. You can proceed with your own installation of the SSTP client:
If a control or test of VPN from the command line was your goal, now, you can do it with the command:
3) Optional – plugin installation of GUI GNOME
If you want to add and configure the SSTP VPN connection conveniently, directly from the GNOME GUI (default for Ubuntu 20.04), install the following package, which will make this option available to you in the GUI:
This package should be installed automatically with the previous package (if the system correctly detects GNOME), so this step should not be needed at all.
4) Create VPN in the graphical interface
Click on the power icon in the upper right corner of your desktop (main system menu) and select Settings. In the open window, find and select Network item and then click the + sign in the VPN section.
A new window will be created with custom settings of SSTP VPN. This window has several tabs. Click on Identity tab and fill following data:
- Name of VPN connection (optional)
- VPN server name (VPN administrator should provided to you)
- Path to VPN server certificate (VPN administrator should provided to you)
- User name and password (VPN administrator should provided to you)
Please, all settings save and you can test it by using the on/off switch located next to your newly added VPN. If everything is alright, the VPN connection will be established within a few seconds. The system will inform you about the result in the form of a new icon on the system panel and a message on the screen.
We hope, you have secured connection now and that our tutorial was helpful. In the next part, we will show you how to set up VPN SSTP on devices with operating system Windows.
Have many secured connections with SSTP VPN and if you are interested in using this type of VPN
on your server in our datacenter, do not hesitate to contact us.
Saved searches
Use saved searches to filter your results more quickly
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.
Secure Socket Tunneling Protocol (SSTP VPN) server for Linux.
License
sorz/sstp-server
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Sign In Required
Please sign in to use Codespaces.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching Xcode
If nothing happens, download Xcode and try again.
Launching Visual Studio Code
Your codespace will open once ready.
There was a problem preparing your codespace, please try again.
Latest commit
* Support empty/zero HLAK in crypto biding validation * Unify received debug log messages Signed-off-by: Tijs Van Buggenhout
Git stats
Files
Failed to load latest commit information.
README.rst
A Secure Socket Tunneling Protocol (SSTP) server implemented by Python.
Crypto Binding is supported using SSTP ppp API plug-in sstp-pppd-plugin.so from sstp-client.
Please ensure your pip >= 9.0.1 to get correct version.
# pip install git+https://github.com/sorz/sstp-server.git
Arch Linux user may install sstp-server package from AUR.
If you share the authentication with services other than SSTP (for example, a RADIUS server that serve both a SSTP and WiFi authentication), crypto binding is required to prevent MITM attacks. Crypto binding is enabled automatically if sstp-pppd-plugin.so is avaliable, see #37 for instructions.
Create pppd configure file /etc/ppp/options.sstpd,
name sstpd require-mschap-v2 nologfd nodefaultroute ms-dns 8.8.8.8 ms-dns 8.8.4.4
sudo sstpd -p 443 -c cert.pem -k key.pem --local 10.0.0.1 --remote 10.0.0.0/24
sudo sstpd -f /path/to/sstpd-server.ini -s site1
Copyright (c) 2014-2020 Shell Chen
About
Secure Socket Tunneling Protocol (SSTP VPN) server for Linux.