sstpc calling pppd works, but pppd calling sstpc doesn't

[dlenski]

First off, many thanks for writing sstp-client and building the Debian/Ubuntu packages. (This is an amazingly great tool for everyone who has to deal with ancient MS VPNs!)

The NetworkManager/Gnome integration works well for me, but I am having trouble getting sstpc+pppd to work standalone from the command line (with pppd). The motivation is that I'd like to be able to connect on a headless server without NetworkManager. I'm using:

• sstp-client 1.0.10-0ubuntu6
• ppp 2.4.7-1+2ubuntu1

  sstpc launching pppd

When I run sstpc and tell it to launch pppd, everything works fine and I can send traffic to the VPN, such as this example of a simple DNS lookup:

$ sudo sstpc --user USERNAME --password PASSWORD --cert-warn VPN.CLIENT.COM require-mppe noauth
usepeerdns logfd 2
...
primary  DNS address 192.168.123.0
...

# from another terminal, since sstpc stays in the foreground
$ sudo ip route add 192.168.123.0/24 dev ppp0
$ dig @192.168.123.1 SERVER.CLIENT.COM
... replies immediately ...

pppd launching sstpc

However, if I instead run pppd and tell it to invoke sstpc, I cannot receive any traffic from the VPN:

$ sudo pppd pty '/usr/sbin/sstpc VPN.CLIENT.COM --cert-warn --nolaunchpppd --ipparam sstp-CLIENT ' ipparam sstp-CLIENT usepeerdns require-mppe noauth user USERNAME password PASSWORD 
<log file shows successful setup>
$ sudo ip route add 192.168.123.0/24 dev ppp0
$ dig @192.168.123.1 SERVER.CLIENT.COM
... no reply ...

When I add --log-level 4 to sstpc, I can see that the connection setup is going normally, but afterwards sstpc is never receiving packets from the peer, only sending them:

Sep 14 19:22:02 sstpc[14577]: SEND SSTP DATA PKT(84) 
Sep 14 19:22:08 sstpc[14577]: SEND SSTP DATA PKT(84) 
Sep 14 19:22:09 sstpc[14577]: SEND SSTP DATA PKT(76) 
Sep 14 19:22:09 sstpc[14577]: SEND SSTP DATA PKT(76) 

Do you have any idea why this might be happening?

I would prefer to have pppd call sstpc, rather than the other way around, since it seems to make it easier to set up a pidfile to check that the connection is still up.

[dlenski]

This is kind of interesting: if I include the NetworkManager plugin in the pppd command line, then everything works fine.

$ sudo pppd pty '/usr/sbin/sstpc VPN.CLIENT.COM --cert-warn --nolaunchpppd --ipparam sstp-CLIENT ' ipparam sstp-CLIENT usepeerdns require-mppe noauth user USERNAME password plugin /usr/lib/pppd/2.4.7/nm-sstp-pppd-plugin.so

# I can send traffic to/from the VPN

However, if I instead use plugin sstp-pppd-plugin.so sstp-sock /var/run/sstpc/sstpc-CLIENT linkname CLIENT ... it doesn't work.

Clearly, there is something I don't understand about how pppd and sstpc are supposed to talk to each other.

[dlenski]

I think I figured this out. It's now working with the standard pppd plugin:

I was putting an extra blob in front of the --ipparam argument, so that I was not pointing pppd at the right socket. derp

This now works:

$ sudo pppd pty '/usr/sbin/sstpc VPN.CLIENT.COM --cert-warn --nolaunchpppd --ipparam CLIENT ' \
    usepeerdns require-mppe noauth user USERNAME password \
    plugin sstp-pppd-plugin.so sstp-sock /var/run/sstpc/sstpc-CLIENT 

[enaess]

The use of the ipparam parameter is essential for sstp-client to get a callback from the pppd plugin. Thanks for troubleshooting and providing a workaround.