SoftEther VPN User Forum

Hi, All. I have my own static ip and domain. So, I prefer to my own domain rather than the DDNS provided. Unfortunately, I can diable the DDNS function by editting the config file，but I didn't find anything about change hostname. And I found that it did not work out that just disable the DDNS. The hostname is very important setting for SSTP and OpenVPN server. So, is anyone can help me?

If you have a static IP, you can point to it using A record. No need to do anything on SoftEther VPN Server hostname configuration.

However, you may need to sign an SSL certificate for your server.

@kh_tsang, thanks for you reply. I tried to create a new cerificate in softether-server-manager for my domain, and imported the certificate into my client, created a new SSTP-VPS connection with my domain. But I recieveed a CERT-error message every time I tried to connect the SSTP-VPS in client (the hostname is not equal to the name in cert during SSL connection). And if I changed everything back to xxx.softether.net in server and client. It would work sucessfully. So I guess that there is some limit to hostname inner softether server. The server would limit the hostname to xxxx.softether.net with default settings.

Please make sure your DNS name is included in the certificate.

Also, you need to put the root certificate in the chain_certs folder and add the root certificate to the local machine trusted root certificates.

kh_tsang wrote:
> Please make sure your DNS name is included in the certificate.
>
> Also, you need to put the root certificate in the chain_certs folder and
> add the root certificate to the local machine trusted root certificates.

Unfortunately, it don't work. I put the SubjectAltName into CERT, but it don't work either. I guess it not the problem without v3 extention in CERTS. Because it will work out with CERT genarated from server-manager (using xxxx.softether.net as commonName) which has no SubjectAltName item at all.

If you are generating a root certificate, the common name must be the same as the hostname.
For example, vpnserver.example.com is pointing at your static IP using an A record, the common name must be vpnserver.example.com so that you can connect using vpnserver.example.com.

If it is set properly, you should be able to connect to https://vpnserver.example.com:[port]/ without a certificate warning.

I tested and it is working on Windows 10(using SSTP).

kh_tsang wrote:
> If you are generating a root certificate, the common name must be the same
> as the hostname.
> For example, vpnserver.example.com is pointing at your static IP using an A
> record, the common name must be vpnserver.example.com so that you can
> connect using vpnserver.example.com.
>
> If it is set properly, you should be able to connect to
> https://vpnserver.example.com:[port]/ without a certificate warning.
>
> I tested and it is working on Windows 10(using SSTP).

Well, I think I find the reason. It didn't work out when I imported the cert-file from "certmgr.msc", while it would work out when I imported it by double-click it. Then I checked the the whole import process. Finally, I found that the certificate stored in wrong location while os imported the cert-file from "certmgr.msc". When the OS　import the cert-file from "certmgr.msc", it will store the certifate for current user by default, and has no an option for local PC(the options are frozen), while we import cert-file by double-click, we can choose store it for local PC. So, I failed the SSTP VPN connection, when I imported the file from "certmgr.msc".

It's very odd that MMC console/certmgr.msc has limit of authority.

Thanks for all your patient and effort!