SSTP: recvd too small packet

Hi,

I have a RB433A device with RouterOS 5.11. I have been running SSTP (with RADIUS auth) successfully for a while now, everything was OK until recently, when my wife (we both have Windows 7) could not establish SSTP VPN any more. She would get the error, shown in this screenshot:

On RB433A, the this error is shown in the debug sstp log:

For me, SSTP is established fine. 2 other remote workers also have the same problem as my wife (we all use Windows 7). The certificate is valid for another month or so. My wife and I establish VPN from the same local network over the internet to the RB433A device.

Any ideas? I Wiresharked both TCP sessions of connection establishment, however the SSL error is sent encrypted back from the server, so I can’t read it. Perhaps I’ll try with ssldump to see what actually is sent over by the server to the failing clients.

However, can anybody help me with the “recvd too small packet” error?

Thanks,
Nejc

I got the same problem, but the windows error code is 631, I’m looking for how to solve too.

I have exactly the same issue with windows error 631.

RB750 ROS 5.11 - the same issue
RB750G ROS 5.11 - the same issue
RB433AH ROS 5.11 - the same issue

Clients are Windows 7 x64 SP1 with latest patches.

Its not issue of clients, because SSTP connection to other VPN server (Windows Server 2008 R2 with RRAS) function correctly.

I also have the same issue. First time I used it since upgrading to 5.11 from 5.9.
Running RB493G

I have the exact same problem, tried adding sstp user manually to no avail.

Same issue here, tried adding sstp user manually, using RB1100 + RouterOS 5.11.

I think there is a problem with some Windows 7 update.
I have the same problem on upgraded Windows 7 Ultimate, when on secondary netbook I can connect to SSTP without a problem.

I will install waiting updates one by one - and try detect which give a problem

I found
There is an update KB2585542 (http://support.microsoft.com/kb/2585542) which fix some issues in SSL.

There is an explanation of problem and suggested fixes (editing Registry ;-( )
http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/e6e8ada8-bc12-4f6f-8de3-1d3fd2ff4931#e6e8ada8-bc12-4f6f-8de3-1d3fd2ff4931

maybe some one in MikroTik team will found a better solution.

Bygger This update is all security fix for ssl and tls itself from what I understand. So there should be att simular fix for mikrotik!

Sent from my Galaxy Nexus using Tapatalk

I confirming, that source of troubles is MS Patch KB2585542.

When i uninstall this patch, Mikrotik SSTP works great.

After that, i install this patch again, and try to add registry key (HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\SendExtraRecord - 2). Well, Mikrotik SSTP vpn works again great.

Regedit hack works for me too. Thanks!

Nejc

The update was aimed to correct issues with tls and ssl. If Microsoft have corrected this shouldn’t mikrotik do the same?

Sent from my Galaxy Nexus using Tapatalk

Definitely yes, but this is a function fix till Mikrotik will release corrected ROS.

After added the regedit, SSTP work again!!

Thanks a lot!

I have the same issue (too small packet) (windows error 631) event with RouterOS 5.12.
… going to try the registry fix.

Ah thanks that was driving me nuts, was trying to figure out what i’d done to my laptop to break SSTP seeing as it had worked the last time I’d used it and was working fine between routerboards.

What about Mikrotik ROS developers? Are you guys going to fix this issue in next version? We need the fix ASAP.

Thanks!

We have found ad fixed the problem. Please wait for v5.13 release.

FYI, I have confirmed that this bug is back in Windows 8.1 and ROS 6.1. Adding SendExtraRecord with with a hexadecimal base value of 2, the problem is resolved.

I have to confirm this bug too, don’t know if it is RouterOS or MS bug this time:
server - ROS 6.3
clients - W2012 R2

Adding registry key helped me too.

Radek