Closed AusinOffice closed 3 months ago
kittoku
commented
11 months ago Certificates in User Credentials are used for certificate authentication which is NOT supported in this app.
You should make it sure that your server enables PAP or MS-CHAPv2, and all certificates of the chain for authenticating your server are stored in Trusted credentials.
Also, I recommend you use other android apps to confirm your problem is this-app-specific.
AusinOffice
commented
11 months ago What other safe apps on Play Store can do MS SSTP client connection ? (that also accepts certificate in User Credentials)
So is it because I have self-assigned certificate that it goes into "User Credentials" ? In that case I need an official 3-party certificate to go in "Trusted Credentials", correct ?
I will check the MS-CHAPv2 compatibility but I thought Windows Server 2012 by default support this...
Cheers,
Azuriye
commented
10 months ago I can't get this working as well. I assume Password-based authentication isn't supported and I need to use Individual Certification Authentication? But when I specify the folder inside Select Cipher Suites where my .cer and .key file resides it says OPENSSL_internal:NO_START_LINE
Hi,
I can use your app to connect to one of VPNGate MS-SSTP servers. However, can not connect to my own private SSTP VPN that I created on a Windows Server 2022.
I can connect to this VPN using a buit-in client on a Window laptop, so the VPN server works.
I created a self-assigned certificate for this VPN on the server, imported the pfx file to my Windows laptop and my phone and installed it successfully. On the phone it shows under User Credentials.
I read on this forum that someone had this issue in 2020, and consulted you, and his problem was resolved, though at that time he had to do some setting changes for PAP, but I think this is not needed now. He also talked about adding Windows Server Root CA certificate (that is my server that did the self-assigned certificate) to the phone, again I am not sure if this is needed, as Microsoft Windows Root CA certificate is listed on the system Trusted credentials, or that something else !? (was needed on Windows laptop client).
Here is the log: (I tried most of the options on the app and still can not connect)
[2023-12-29 19:00:04.227] Establish VPN connection [2023-12-29 19:00:04.690] OSC: ERR_UNEXPECTED java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:672) at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:549) at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:505) at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:425) at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:368) at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:102) at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:106) at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:260) at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1638) at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_force_read(Native Method) at com.android.org.conscrypt.NativeSsl.forceRead(NativeSsl.java:589) at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:911) at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:747) at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:712) at com.android.org.conscrypt.Java8EngineWrapper.unwrap(Java8EngineWrapper.java:237) at kittoku.osc.terminal.SSLTerminal.receive$app_release(SSLTerminal.kt:284) at kittoku.osc.terminal.SSLTerminal.startHandshake(SSLTerminal.kt:151) at kittoku.osc.terminal.SSLTerminal.access$startHandshake(SSLTerminal.kt:37) at kittoku.osc.terminal.SSLTerminal$startHandshake$1.invokeSuspend(Unknown Source:14) at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106) at kotlinx.coroutines.internal.LimitedDispatcher.run(LimitedDispatcher.kt:42) at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:95) at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:570) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:749) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:677) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:664) Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. ... 27 more
[2023-12-29 19:00:04.698] Terminate VPN connection