SSTP connectivity error

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
jessicabrobert
Posts: 1
Joined: Fri Jan 10, 2020 6:54 am
Location: Limoges-Cite, France

SSTP connectivity error

Post by jessicabrobert » Fri Jan 10, 2020 7:00 am

I am using a SoftEther vpn from last 2 months. I always connect it on my pc with ikev2 and it works fine. But when I try to connect it with sstp it shows a connection error. Why does it happen?

ethanolson
Posts: 50
Joined: Mon Dec 02, 2019 6:29 am

Re: SSTP connectivity error

Post by ethanolson » Sat Jan 11, 2020 3:30 am

First, your VPN Server's certificate (if self-signed) or chain (if issued by a CA) needs to be in your computer's Trusted Root Certificate Authorities certificate store. And there's a chance that you need to have SSTP configured to not check certificate revocation. To do these two steps, you can execute from an elevated command prompt the following (assuming you have a certificate file in the working directory called vpn.crt).
reg add HKLM\SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters /v NoCertRevocationCheck /t REG_DWORD /d 0x00000001 /f
certutil -addstore "Root" vpn.crt


Second, SoftEther doesn't use PEAP or EAP-TLS to authenticate you (it can use PEAP on the backend to RADIUS, though), so your VPN client config needs to use MS-CHAPv2 (I think... or is it PAP? It's been a while.) which means you have to have username/password as the authentication type.

Contrary to popular belief, you can use a different port than 443 with SSTP if your VPN profile simply has the port appended to the hostname, like vpnserver.company.net:7443

Post Reply