vpn_name=""
vpn_gateway_url=""
vpn_user_cn=""
sudo mkdir -p /etc/ppp/certs; sudo chmod 600 /etc/ppp/certs
Within VpnSettings.xml
you should see a <VpnServer>
block.
vpn_gateway_url="azuregateway-....cloudapp.net"
openssl x509 -inform der -in General/VpnServerRoot.cer -out /tmp/$vpn_name-server.pem
sudo mv /tmp/$vpn_name-server.pem /etc/ppp/certs/
Create the configuration user set variables, and then move to the correct location.
cat <<EOF > /tmp/$vpn_name
remotename $vpn_gateway_url
linkname $vpn_name
ipparam $vpn_name
pty "sstpc --ipparam azure-vpn --nolaunchpppd --ca-cert /etc/ppp/certs/$vpn_name-server.pem $vpn_gateway_url"
name $vpn_user_cn
plugin sstp-pppd-plugin.so
sstp-sock /var/run/sstpc/sstpc-$vpn_name
require-mppe
require-eap
refuse-mschap-v2
refuse-pap
refuse-chap
refuse-mschap
# Disable compression
nodeflate
nobsdcomp
novj
novjccomp
# Use client certificates for authentication
noauth
ca "/etc/ppp/certs/$vpn_name-server.pem"
cert "/home/$USER/.ssh/$vpn_user_cn-client.crt"
key "/home/$USER/.ssh/$vpn_user_cn-client.key"
EOF
sudo mv /tmp/$vpn_name /etc/ppp/peers/; sudo chmod 600 /etc/ppp/peers/$vpn_name
The domain name given by Microsoft in this configuration will cause issues w. DNS and certificate validation.
pppd[111447]: Certificate verification error: CN (XXX.vpn.cloudapp.net) != peer_name (azuregateway-XXX-YYY.vpn.cloudapp.net)
pppd[111447]: -> Alert: internal error
pppd[111447]: EAP: peer reports authentication failure
- Open a second terminal and begin monitoring the system logs (ie: sudo journalctl -f)
- Attempt to connect to the VPN
sudo -E pon $vpn_name
- Adjust
remotename
to match the 'correct' domain name seen in logs - Attempt to connect again.