Menu

Help Converting pbk phone book entry settings to pppd options

Help
Jesse-Millwood
2019-08-22
2019-08-22

  • Jesse-Millwood

    Jesse-Millwood - 2019-08-22

    I have a pbk phone book entry settings file that is used on a Windows mahcine to connect to the RRAS VPN server. The IT at my company is not interested in supporting any Linux machines so I'm kind of on my own if I want to use our VPN server. Our RRAS server also integrates with DUO for MFA. From Duo's documentation though I don't think the client is responsible for anything related to the MFA side of things. I From the pbk file I know the following:

    • DialParamsUID
    • GUID
    • VpnStrategy: Only sstp is attempted
    • Configure LcpExtensions
    • DataEncryption: RRAS requests encryptoin during negotiation
    • SwCompression: 0
    • DialMode: Dial first available subentry
    • Redial Attempts: 3
    • RedialSeconds: 60
    • PreferredHwFlow: Enable hardware flow control
    • PreferredCompression: Enable hardware compression
    • AuthRestirctions: Use the following protocols
      • PAP
      • CHAP
      • MSCHAPv2
    • IpDnsAddress and ipDns2Address
    • IpDnsSuffix
    • PhoneNumber (the url)

    There are more but referring to the documentation of the Microsoft PBK Format (LINK I don't think the rest are as useful.

    Now I don't know much about configuring vpn clients. But what I have tried is putting my user name and password in /etc/ppp/chap-secrets in the form of 

    DOMAIN\\USER * PASSWORD PhoneNumber

    In /etc/ppp/peers/company-name I have the follwing: 

    remotename  company 
linkname    company
ipparam     company
name        DOMAIN\\USER
plugin      sstp-pppd-plugin.so 
sstp-sock   /var/run/sstpc/sstp-uds-sock 
usepeerdns              # Use the peer dns addresses
require-mppe            # REQUIRED (MPPE)
noauth                  
require-mschap-v2       # MSCHAPv2 Authentication Support
require-mschap
require-pap
refuse-eap          
# Disable Compression
nobsdcomp
nodeflate
noccp
novjcomp
# Enable Debugging
debug
# Redail
maxfail 3

    I am trying to connect with: "sudo sstpc PhoneNumber call company". I get: 

    Aug 21 19:23:30 sstpc[26161]: Waiting for sstp-plugin to connect on: /run/sstpc/sstpc-uds-sock
Aug 21 19:23:30 sstpc[26161]: Resolved PhoneNumber to PublicIP
Aug 21 19:23:30 sstpc[26161]: Connected to PhoneNumber
Aug 21 19:23:30 sstpc[26161]: The certificate did not match the host:
 PhoneNumber
Aug 21 19:23:30 sstpc[26161]: Verification of server certificate failed
**Error: Verification of server certificate failed, (-2)

    It seems that the DialParamsUID and GUID are specific to the rras credential authentication. I do not see anything that looks like it would be the analog in pppd options (from the man page of pppd). Is there another way to specify this?

    Thanks

     

    Last edit: Jesse-Millwood 2019-08-22

  • Jesse-Millwood

    Jesse-Millwood - 2019-08-22

    Also, I am on Gentoo using sstp-client 1.0.12. I'm on a 5.2.8 Linux Kernel as well.

     

Log in to post a comment.