Community discussions

MikroTik App
 
masoud80kg
just joined
Topic Author
Posts: 10
Joined: Mon Sep 30, 2019 4:59 pm

ubuntu 22.04 sstp client not working

Sat Nov 12, 2022 6:25 pm

I have a Windows 2019 NPS Server and Mikrotik as a RADIUS client. Windows and ubuntu 20.04 SSTP clients work like a charm. However, the ubuntu 22.04 SSTP client is not!
After successful authentication, Mikrotik shows below error codes and drops the connection:

<sstp-ubuntu22>: authenticated
<sstp-ubuntu22>: connected
<sstp-ubuntu22>: disconnected
<sstp-ubuntu22>: received unsupported protocol 0x80fd
<sstp-ubuntu22>: terminating...
.
.
.

Any clue will be appreciated.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: ubuntu 22.04 sstp client not working

Sat Nov 12, 2022 7:16 pm

Quick search says that it should be something with compression. So either check PPP profile on server side if it's allowed. Or in case it's something different and incompatible, check if client has any such option, and if it does, try to turn it off.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: ubuntu 22.04 sstp client not working

Sat Nov 12, 2022 9:48 pm

Ubuntu 22.04 deprecated quite a few older encryption protocols and if needed one has to enable them back per use case. One such case is deprecation of TLS older than 1.2 which breaks RDP connectivity using xfreerdp to Windows Server 2016 (and possibly others, this particular combination bit me the other day). And SSTP uses SSL/TLS for encryption ...
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: ubuntu 22.04 sstp client not working

Sun Nov 13, 2022 7:07 am

It shouldn't be TLS, RouterOS supports 1.2 just fine. I'm finding only very few results for SSTP and 0x80fd, and it seems to be Compression Control Protocol from RFC 1962, so quite old thing. And based on posted log, it's the client requesting it.
 
masoud80kg
just joined
Topic Author
Posts: 10
Joined: Mon Sep 30, 2019 4:59 pm

Re: ubuntu 22.04 sstp client not working

Wed Nov 16, 2022 10:55 am

tried every combination for compression in sstp-client advanced tab, but unfortunately it didn't work.
But fortunately, there is an option in xl2tpd client called "L2TP ephemeral source port" which changes the source port of the l2tp and will work with NAT.
Last edited by masoud80kg on Sun Dec 11, 2022 10:16 am, edited 1 time in total.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: ubuntu 22.04 sstp client not working

Wed Nov 16, 2022 1:11 pm

@mkx, there seems to be a lot of confusion regarding encryption - there are a few encryption protocols used on the PPP level (L2TP, SSTP, PPTP, serial PPP) to encrypt the payload before encapsulating it into the PPP transport packets, and these are unrelated to the encryption of the transport packets themselves (using IPsec or TLS), except that there is no point in using encryption at PPP level if it is provided on the transport level. So if the log at the responder (server) shows that negotiation on PPP level has started, the encryption of transport works fine.

Also configuration-wise, the use-encryption setting on /ppp profile row has no impact on the transport level encryption.

@masoud80kg (or rather others brought here when searching for the same issue), as @Sob wrote, 0x80fd is a compression protocol, which is also used at PPP level. So there should be a configuration option allowing to disable it completely or at least make it optional, but as you haven't found any corresponding setting on the graphcal interface, you have to search for it in configuration files. https://manpages.ubuntu.com/manpages/ja ... ml#options should give you a hint - look for the bsdcomp option on that page.

Who is online

Users browsing this forum: No registered users and 83 guests