SSTP connection works only with PAP (unencrypted) password

[raduci]

Dear all,
I am running a small VPN server at home in this configuration:
1. Operating system name and the type of CPU-bits: Win 7 32 bit
2. The result of "ifconfig –a" (UNIX) or "ipconfig /all" (Windows)

3. The result of "uname –a" (UNIX) or "systeminfo" (Windows)

4. The build number of SoftEther VPN: 4.14 (9529)

5. Which SoftEther VPN component are you using? VPN server

6. Whether or not there is a NAT or Firewall between your VPN server and the Internet. Yes, the VPN ports are opened
(If there is a NAT or Firewall, you should open a TCP port for the VPN listener.)

7. Are you using SecureNAT? no
(If so, why don't you use the Local Bridge function instead?
The performance of SecureNAT is lower than Local Bridge, and it consumes
much of CPU time. You should not use SecureNAT except very limited situation.)
Please see http://www.softether.org/index.php?titl ... T_Function

I have configured it for L2TP password authentication and it works ok. I have tried to use SSTP client in Windows 7 with password authentication, but the connection works only if I select "Unencrypted password (PAP)" in security settings of the Windows client. If I select MS-CHAP v2 for authentication the connection fails, you have the full log below:

2015-02-25 11:31:47.167 [HUB "Internet"] Session "SID-INTERNETSSTP-[SSTP]-17": VPN Client details: (Client product name: "Microsoft SSTP VPN Client", Client version: 414, Client build number: 9529, Server product name: "SoftEther VPN Server (32 bit)", Server version: 414, Server build number: 9529, Client OS name: "Microsoft SSTP VPN Client", Client OS version: "-", Client product ID: "-", Client host name: "xxxxx-net.xx", Client IP address: "xxx.xxx.x.xx", Client port number: 56173, Server host name: "192.168.0.220", Server IP address: "192.168.0.220", Server port number: 58312, Proxy host name: "", Proxy IP address: "0.0.0.0", Proxy port number: 0, Virtual Hub name: "Internet", Client unique ID: "A0628A2C45EE40957EC9519F7C0E88CA")
2015-02-25 11:31:47.838 SSTP PPP Session [194.105.1.28:56173]: Trying to request an IP address from the DHCP server.
2015-02-25 11:31:51.410 [HUB "Internet"] Session "SID-LOCALBRIDGE-1": The DHCP server of host "C8-D7-19-82-BE-36" (192.168.0.1) on this session allocated, for host "SID-INTERNETSSTP-[SSTP]-17" on another session "CA-0C-DD-14-5A-86", the new IP address 192.168.0.109.
2015-02-25 11:31:51.410 SSTP PPP Session [194.105.1.28:56173]: An IP address is assigned. IP Address of Client: 192.168.0.109, Subnet Mask: 255.255.255.0, Default Gateway: 192.168.0.1, Domain Name: "", DNS Server 1: 193.231.127.1, DNS Server 2: 194.105.1.2, WINS Server 1: 0.0.0.0, WINS Server 2: 0.0.0.0, IP Address of DHCP Server: 192.168.0.1, Lease Lifetime: 86400 seconds
2015-02-25 11:31:51.410 SSTP PPP Session [194.105.1.28:56173]: The IP address and other network information parameters are set successfully. IP Address of Client: 192.168.0.109, Subnet Mask: 255.255.255.0, Default Gateway: 192.168.0.1, DNS Server 1: 193.231.127.1, DNS Server 2: 194.105.1.2, WINS Server 1: 0.0.0.0, WINS Server 2: 0.0.0.0
2015-02-25 11:31:51.410 SSTP PPP Session [194.105.1.28:56173]: A PPP protocol error occurred, or the PPP session has been disconnected

Thank You

[dajhorn]

Please also post the connection log from the client side.

Is the client in a corporate environment or in a country where VPN interception happens?

[raduci]

Hi !
Thank you for your support !
I have attached the log on the client side. The problem occurs for any computer corporate or non corporate running windows 7 and 8.1. There are no VPN limitations in my country.
With best regards,

[thisjun]

Please re-check the password.

[raduci]

Sorry, it doesn't work. I have changed to something simple as 1234 and still doesn't work

[thisjun]

Why don't you like to use PAP?

[raduci]

In this case, my password will be sent in clear text ?
I have tried with PAP an I get this info in Softeher VPN log:
5-04-06 13:46:00.206 SSL communication for connection "CID-89-3303E7EA0C" has been started. The encryption algorithm name is "(null)".
This means that my connection is not encrypted ?
Thank you !

[thisjun]

Your VPN password is encrypted.
The log message means that protocol converter communicate with virtual hub without encryption in process.