sstp not working after Router OS upgrade from 6.7 to 6.9

dousin · Sat Feb 08, 2014 7:33 pm

Windows 7/8 clients unable to connect to Mikrotik SSTP VPN after RouterOS upgrade from 6.7 to 6.9.
Windows client ends up with a message 'error 734: The PPP link control protocol was terminated'.
Mikrotik SSTP Log: 'Encryption negotiation rejected'.

In addition, drag and drop from windows explorer to winbox 'File List' window does not work anymore.
Any possibility to downgrade back to 6.7?

anesth · Sun Feb 09, 2014 12:16 pm

Hi, same issue on 6.9 mipsbe, Windows 7 clients can't connect.

Feb  9 11:12:45 192.168.0.1 sstp,packet HTTP/1.1 200^M
Feb  9 11:12:45 192.168.0.1 sstp,packet Content-Length: 18446744073709551615^M
Feb  9 11:12:45 192.168.0.1 sstp,packet Server: MikroTik-SSTP^M
Feb  9 11:12:45 192.168.0.1 sstp,packet Date: Sun, 09 Feb 2014 09:12:45 GMT^M
Feb  9 11:12:45 192.168.0.1 sstp,packet ^M
Feb  9 11:12:45 192.168.0.1 sstp,packet 
Feb  9 11:12:45 192.168.0.1 sstp,packet  recv control packet type: connect request
Feb  9 11:12:45 192.168.0.1 sstp,packet 10 01 00 0e 00 01 00 01 00 01 00 06 00 01 
Feb  9 11:12:45 192.168.0.1 sstp,packet  sent control packet type: connect ack
Feb  9 11:12:45 192.168.0.1 sstp,packet 10 01 00 30 00 02 00 01 00 04 00 28 00 00 00 03 
Feb  9 11:12:45 192.168.0.1 sstp,packet bf b8 c9 14 9f d9 74 ac ad 96 80 15 5c 92 3b 5a 
Feb  9 11:12:45 192.168.0.1 sstp,packet 1e 65 52 c1 c9 9c 10 13 5a b8 d3 86 ad f8 1d 6d 
Feb  9 11:12:45 192.168.0.1 sstp,ppp,debug : LCP lowerup
Feb  9 11:12:45 192.168.0.1 sstp,ppp,debug : LCP open
Feb  9 11:12:45 192.168.0.1 sstp,ppp,debug,packet  : sent LCP ConfReq id=0x1
Feb  9 11:12:45 192.168.0.1 sstp,ppp,debug,packet    <magic 0x7495deb0>
Feb  9 11:12:45 192.168.0.1 sstp,ppp,debug,packet    <auth  mschap2>
Feb  9 11:12:45 192.168.0.1 sstp,ppp,debug : LCP lowerdown
Feb  9 11:12:45 192.168.0.1 sstp,ppp,debug : LCP lowerdown
Feb  9 11:12:45 192.168.0.1 sstp,ppp,debug : LCP down event in starting state
Feb  9 11:12:45 192.168.0.1 sstp,ppp,info,account  logged out, 724871 0 0 0 0

Playing with options (compression, security, etc) gives no effect.

With Linux sstpc connection can be established and traffic flows but tunnel going down after minute. Mikrotik shows:

Feb  9 11:15:46 192.168.0.1 sstp,packet HTTP/1.1 200^M
Feb  9 11:15:46 192.168.0.1 sstp,packet Content-Length: 18446744073709551615^M
Feb  9 11:15:46 192.168.0.1 sstp,packet Server: MikroTik-SSTP^M
Feb  9 11:15:46 192.168.0.1 sstp,packet Date: Sun, 09 Feb 2014 09:15:46 GMT^M
Feb  9 11:15:46 192.168.0.1 sstp,packet ^M
Feb  9 11:15:46 192.168.0.1 sstp,packet 
Feb  9 11:15:46 192.168.0.1 sstp,packet  recv control packet type: connect request
Feb  9 11:15:46 192.168.0.1 sstp,packet 10 01 00 0e 00 01 00 01 00 01 00 06 00 01 
Feb  9 11:15:46 192.168.0.1 sstp,packet  sent control packet type: connect ack
Feb  9 11:15:46 192.168.0.1 sstp,packet 10 01 00 30 00 02 00 01 00 04 00 28 00 00 00 03 
Feb  9 11:15:46 192.168.0.1 sstp,packet 43 d4 42 c5 bd 50 83 00 7c a5 95 6a 91 c7 69 90 
Feb  9 11:15:46 192.168.0.1 sstp,packet 52 1f 62 64 83 2d 93 54 a8 a9 a7 72 7f ef 38 c2 
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug : LCP lowerup
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug : LCP open
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet  : sent LCP ConfReq id=0x1
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet    <magic 0x53a1abc4>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet    <auth  mschap2>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet  : rcvd LCP ConfReq id=0x1
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet    <asyncmap 0x0>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet    <magic 0x2210a38d>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet    <pcomp>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet    <accomp>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet  : sent LCP ConfRej id=0x1
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet    <asyncmap 0x0>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet    <pcomp>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet    <accomp>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet  : rcvd LCP ConfAck id=0x1
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet    <magic 0x53a1abc4>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet    <auth  mschap2>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet  : rcvd LCP ConfReq id=0x2
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet    <magic 0x2210a38d>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet  : sent LCP ConfAck id=0x2
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet    <magic 0x2210a38d>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug : LCP opened
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet  : sent CHAP Challenge id=0x1
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet     <challenge len=16>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet     <name core-gw>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet  : rcvd CHAP Response id=0x1
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet     <response len=49>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet     <name phone>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,info,account phone logged in, 192.168.2.130
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet  <sstp-phone>: sent CHAP Success id=0x1
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet     S=36F65525D4EB678D000DD4F493B2A7C17754D44B
Feb  9 11:15:46 192.168.0.1 sstp,ppp,info <sstp-phone>: authenticated
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug <sstp-phone>: IPCP lowerup
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug <sstp-phone>: IPCP open
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet  <sstp-phone>: sent IPCP ConfReq id=0x1
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet     <addr 192.168.0.1>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug <sstp-phone>: IPV6CP lowerup
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug <sstp-phone>: IPV6CP open
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet  <sstp-phone>: sent IPV6CP ConfReq id=0x1
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet     <interface-identifier 0:0:0:1d>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug <sstp-phone>: MPLSCP lowerup
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug <sstp-phone>: MPLSCP open
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet  <sstp-phone>: sent MPLSCP ConfReq id=0x1
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug <sstp-phone>: BCP open
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug <sstp-phone>: CCP lowerup
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug <sstp-phone>: CCP open
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet  <sstp-phone>: rcvd IPCP ConfReq id=0x1
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet     <addr 0.0.0.0>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet  <sstp-phone>: sent IPCP ConfNak id=0x1
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet     <addr 192.168.2.130>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet  <sstp-phone>: rcvd LCP ProtRej id=0x3
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet      80 57 01 01 00 0e 01 0a 00 00 00 00 00 00 00 1d
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet  <sstp-phone>: rcvd IPCP ConfAck id=0x1
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet     <addr 192.168.0.1>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet  <sstp-phone>: rcvd LCP ProtRej id=0x4
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet      82 81 01 01 00 04
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet  <sstp-phone>: rcvd IPCP ConfReq id=0x2
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet     <addr 192.168.2.130>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet  <sstp-phone>: sent IPCP ConfAck id=0x2
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug,packet     <addr 192.168.2.130>
Feb  9 11:15:46 192.168.0.1 sstp,ppp,debug <sstp-phone>: IPCP opened
Feb  9 11:15:46 192.168.0.1 sstp,ppp,info <sstp-phone>: connected
Feb  9 11:16:46 192.168.0.1 sstp,packet <sstp-phone> sent control packet type: abort
Feb  9 11:16:46 192.168.0.1 sstp,packet 10 01 00 14 00 05 00 01 00 02 00 0c 00 00 00 02 
Feb  9 11:16:46 192.168.0.1 sstp,packet 00 00 00 00 
Feb  9 11:16:46 192.168.0.1 sstp,ppp,debug <sstp-phone>: LCP lowerdown
Feb  9 11:16:46 192.168.0.1 sstp,ppp,debug <sstp-phone>: LCP closed
Feb  9 11:16:46 192.168.0.1 sstp,ppp,debug <sstp-phone>: CCP lowerdown
Feb  9 11:16:46 192.168.0.1 sstp,ppp,debug <sstp-phone>: BCP lowerdown
Feb  9 11:16:46 192.168.0.1 sstp,ppp,debug <sstp-phone>: BCP down event in starting state
Feb  9 11:16:46 192.168.0.1 sstp,ppp,debug <sstp-phone>: IPCP lowerdown
Feb  9 11:16:46 192.168.0.1 sstp,ppp,debug <sstp-phone>: IPCP closed
Feb  9 11:16:46 192.168.0.1 sstp,ppp,debug <sstp-phone>: IPV6CP lowerdown
Feb  9 11:16:46 192.168.0.1 sstp,ppp,debug <sstp-phone>: MPLSCP lowerdown
Feb  9 11:16:46 192.168.0.1 sstp,ppp,info <sstp-phone>: terminating... - negotiation timeout
Feb  9 11:16:46 192.168.0.1 sstp,ppp,debug <sstp-phone>: LCP lowerdown
Feb  9 11:16:46 192.168.0.1 sstp,ppp,debug <sstp-phone>: LCP down event in starting state
Feb  9 11:16:46 192.168.0.1 sstp,ppp,info,account phone logged out, 60 387858 388340 4620 4630
Feb  9 11:16:46 192.168.0.1 sstp,ppp,info <sstp-phone>: disconnected

wahoo · Mon Feb 10, 2014 2:21 pm

Hi,
same issue here. I've downgraded back to 6.7, and sstp is working again.
My downgrade procedure:
- copy version 6.7 upgrade package to Mikrotik
- system -> packages -> downgrade -> reboot

rbeumer · Tue Feb 11, 2014 11:41 am

Also having same issue's over here. Also with mikrotik (6.9) to mikrotik (6.7) After putting both on 6.9 problem is solved. But connecting with Windows 7/8/8.1 clients gives error 734

Please assist

derliang · Tue Feb 11, 2014 7:05 pm

try ROS 6.10rc。
my SSTP work fine with windows8 client

wahoo · Tue Feb 11, 2014 8:09 pm

Where can I download ROS 6.10rc ?

rbeumer · Tue Feb 11, 2014 8:29 pm

cool where can I download it?

exhornik · Mon Feb 17, 2014 4:18 pm

It does not work for me. I have Windows 7 Pro and Mikrotik CRS125-24G-1S-2HnD with 6.10 firmware and the same error.
Any suggestion ?

Thanks very much.

rbeumer · Sat Feb 22, 2014 9:52 am

Same issue here with 6,10 and Windows 8,1

telepro · Fri Mar 21, 2014 11:17 pm

i am experiencing the same problem with official 6.10. We have a Mikrotik 1100AhX2 running the SSTP server, and we have a number of Mikrotik 951G units that are acting as SSTP clients. The connection stays up for about 2 minutes, then client disconnects and a few seconds later reconnects.
This connect/reconnect sequence will go on for hours, and then sometime later will connect and stay connected.

i have not loaded any certificates or encryption keys at either the client or the server.

Was there any resolution to the earlier forum entries?

exhornik · Sun Mar 23, 2014 11:25 am

Unfortunately 6.11 does not solve my problem. Still getting error 734 on Win7.
Can someone tell me if I can use 5.26 firmware for CRS125-24G-1S-2HnD-IN (without configuration loss)? I can not use 6.7 because of high cpu load (better when I switch off LCD) and wifi problems, but I need SSTP server running.

Thanks for help.

telepro · Mon Mar 24, 2014 11:14 am

6.11 did not fix the problem in our environment either.

patrickmkt · Mon Mar 24, 2014 3:15 pm

did you check that the sstp profile does not have the Use encryption set to required. It seems to be a setting not concerning sstp but creating conflict since 6.9+. Change it to default or no.

telepro · Mon Mar 24, 2014 3:19 pm

yes, we did change that when upgrading from 6.5 to 6.10. But thanks for the thoughts, anyway.

exhornik · Mon Mar 24, 2014 5:08 pm

did you check that the sstp profile does not have the Use encryption set to required. It seems to be a setting not concerning sstp but creating conflict since 6.9+. Change it to default or no.

First thanks for your help.

I checked both (default and no), but do effect - I got the same error.
Then I studyed Mikrotik wiki very carefully (to be sure not to make configuration mistake) and there is one note in description of this setting (Use encryption): "This setting does not work on OVPN and SSTP tunnels." (http://wiki.mikrotik.com/wiki/Manual:PP ... r_Profiles) and that's exactly how it wors

.

I think we have to wait for next firmware version, I hope it will be released very soon or does someone have any other suggestition/workaround ?

Thanks for help.

rbeumer · Wed Apr 02, 2014 10:59 am

Solved for me by setting use-encryption to yes instead of required.

newranman · Sun Apr 06, 2014 10:28 pm

The Problem:
The current changes to SSTP are indeed not working with my previous configs with 6.11. I had a ppp profile with all protocol options set to no for MPLS, Use Compression, Use VJ Compression and Use Encryption. For authentication I'm using mschap2 with no certificates.

My SSTP client and servers are all Mikrotik devices running 6.11

The error on the server shows negotiation errors and the connection drops in about a minute.

The Workaround:
To make it work I had to set the profile option like the previous poster said to Yes for Use Encryption. In the past I had it set to no.

It connects and stays connected now put I really don't need encryption and the possible latency it may create.

Request:
I'd like to be able to use no encryption again

stefan803 · Thu Apr 17, 2014 1:57 am

Thanks! Setting use-encryption to yes also solved it for me. (windows error 734, routeros 6.12)

kazak · Tue Jun 10, 2014 1:51 pm

I still have the same error "encryption negotiation rejected" with latest RouterOS 6.14 when trying to make an SSTP connection to Mikrotik SST server.
The client is Windows 8.1. I did try nearly every combination of settings in PPP profile, without success

It was working like a charm in 6.7, and since 6.9 till now (6.14) I was not able to make it work

Very disappointed!!!!

kazak · Sat Jun 14, 2014 11:32 am

Same issue in 6.15

Anyone experiencing same issue since 6.9 now ? How to work around?

Zorn · Thu Nov 13, 2014 11:03 pm

Hi!
I had troubles with config SSTP Server for windows client (2008R2, 7,

for two days

!! RouterOS 6.2.11 - 6.22. All combination with cert and server config was worked - all time I had "lcp lowerdown lcp down event in initial state" in logs. Only after System->RouterBoard -> Upgrade!! From 3.17 to 3.19 it worked!

PS. Was some disappointed with wiki - it is not actual. Commands changing always, but wiki - not

sstp not working after Router OS upgrade from 6.7 to 6.9

sstp not working after Router OS upgrade from 6.7 to 6.9

Re: sstp not working after Router OS upgrade from 6.7 to 6.9

Re: sstp not working after Router OS upgrade from 6.7 to 6.9

Re: sstp not working after Router OS upgrade from 6.7 to 6.9

Re: sstp not working after Router OS upgrade from 6.7 to 6.9

Re: sstp not working after Router OS upgrade from 6.7 to 6.9

Re: sstp not working after Router OS upgrade from 6.7 to 6.9

Re: sstp not working after Router OS upgrade from 6.7 to 6.9

Re: sstp not working after Router OS upgrade from 6.7 to 6.9

Re: sstp not working after Router OS upgrade from 6.7 to 6.9

Re: sstp not working after Router OS upgrade from 6.7 to 6.9

Re: sstp not working after Router OS upgrade from 6.7 to 6.9

Re: sstp not working after Router OS upgrade from 6.7 to 6.9

Re: sstp not working after Router OS upgrade from 6.7 to 6.9

Re: sstp not working after Router OS upgrade from 6.7 to 6.9

Re: sstp not working after Router OS upgrade from 6.7 to 6.9

Re: sstp not working after Router OS upgrade from 6.7 to 6.9

Re: sstp not working after Router OS upgrade from 6.7 to 6.9

Re: sstp not working after Router OS upgrade from 6.7 to 6.9

Re: sstp not working after Router OS upgrade from 6.7 to 6.9

Re: sstp not working after Router OS upgrade from 6.7 to 6.9

Who is online