This repository has been archived by the owner on Jun 24, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
SSTP VPN client for Linux
License
Unknown and 2 other licenses found
Licenses found
Unknown
LICENSE
GPL-2.0
COPYING
Unknown
COPYING.OpenSSL
hugsy/sstoper
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
---[ SSToPer ]------------------------------------------------------------------ ---[ SSTP Client for Linux ]---------------------------------------------------- ---[ By Christophe Alladoum ]--------------------------------------------------- What is SSTP ? -------------- Wikipedia says: "Secure Socket Tunneling Protocol (SSTP) is a form of VPN tunnel that provides a mechanism to transport PPP or L2TP traffic through an SSL 3.0 channel. SSL provides transport-level security with key-negotiation, encryption and traffic integrity checking. The use of SSL over TCP port 443 allows SSTP to pass through virtually all firewalls and proxy servers." http://en.wikipedia.org/wiki/Secure_Socket_Tunneling_Protocol What is SSToPer ? ----------------- SSToPer is a SSTP client for Linux. It creates SSTP communications with any Windows Server (2008+) having active service, and is used to establish VPN communication with Microsoft Server 2008 and above. Since SSTP is only a wrapper over PPP communication, pppd (http://ppp.samba.org/) MUST be installed with the synchronous HDLC serial encoding capability enabled. Current SSToPer version DOES NOT support certification validation. SSToPer spawns a pppd instance with noauth option that requires root privilege. Hence, SSToPer must either be started as root, or have CAP_SETKILL and CAP_SETUID. This can be done as root : {{{ $ su -c "setcap cap_setuid,cap_kill+eip ./sstoper" }}} Features: --------- - Establishes PPP based VPN through SSTP - Proxy - HMAC-128/256 support - (Opt.) Wireshark SSTP dissector provided to analyse SSTP behaviour Pre-requisites: --------------- - libcrypto (for hmac.h) - libgnutls (for gnutls.h and other) - libbsd (for util.h) - HDLC-sync capable pppd must be installed - root privileges on a 2.6 Linux kernel Todo: ----- - Certification validation Installing Wireshark SSTP dissector: ------------------------------------ * Download Wireshark source from http://www.wireshark.org and un-tar archive * Add "dissectors/packet-sstp.c" in DISSECTOR_SRC section inside `epan/CMakeLists.txt` file * Add "packet-sstp.c" in DISSECTOR_SRC section inside `epan/dissectors/Makefile.common` file * Copy sstoper/misc/packet-sstp.c -> wireshark/epan/dissectors/ * In wireshark/ root directory, execute : {{{ $ ./autogen.sh && ./configure --with-ssl && make }}} * You now have a SSTP-compliant Wireshark version (a simple SSTP negociation PCAP file is provided in misc/ directory) which can be started {{{ $ sudo ./wireshark }}} SSTP Session example: --------------------- - first you need your server PEM-formatted CA file. It can usually be obtained like this: -> Go to http://<server>/certsrv -> Click on "Download a CA certificate, certificate chain, or CRL" link -> Select "Base64" as "Encoding method" option -> Click on "Download CA certificate" link - un-tar and compile sstoper {{{ $ tar xf sstoper.tar.gz $ cd sstoper && make $ su -c "make install" }}} `install` directive will install sstoper binary by properly setting capabilities so that it can be executed by any user. - Execution with SSToPer with Linux capabilities {{{ $ sstoper -s tweety.looney -c misc/vpn.tweety.looney.crt -U user1 -vv Password: [...] 2011-06-18 03:07:20 [!] Using default value: '443' 2011-06-18 03:07:20 [!] Using default value: '/usr/sbin/pppd' 2011-06-18 03:07:20 [+] Verbose level: 2 2011-06-18 03:07:20 [*] Starting ./sstoper as 7789 2011-06-18 03:07:20 [+] Connected to tweety:443 2011-06-18 03:07:20 [+] Dropping privileges 2011-06-18 03:07:20 [*] chdir-ed '/var/empty' 2011-06-18 03:07:20 [*] Switch user to 'nobody' 2011-06-18 03:07:20 [+] '/usr/sbin/pppd' forked with PID 7790 2011-06-18 03:07:20 [*] [7790] Waiting for SIGUSR1 [...] 2011-06-18 03:07:27 [*] --> 112 bytes 2011-06-18 03:07:27 [+] status: CLIENT_CONNECT_ACK_RECEIVED (0x2) -> CLIENT_CALL_CONNECTED (0x3) 2011-06-18 03:07:27 [+] SSTP link established 2011-06-18 03:07:27 [*] --> 8 bytes 2011-06-18 03:07:27 [*] --> 22 bytes [...] (Hit Ctrl-C to close connection) 2011-06-18 03:07:44 [+] SSTP connection time: 22 sec 2011-06-18 03:07:44 [+] Sent 986 bytes, received 894 bytes 2011-06-18 03:07:44 [+] End of TLS connection, reason: Success. $ }}} Incrementing verbose option (0-3) will display more connection events. Level 3 will expose low-level details, such as crypto algorithm negociation, key exchange, etc. Actually working on Linux (tested Debian & Fedora), other system to be supported. Comments/Bugs: -------------- Please send me back comments and bugs to <christophe __DOT__ alladoum __AT__ hsc __DOT__ fr> with backtrace (using sstoper -vvv options) and/or an strace output of the bug. Changelogs: ----------- 06/2012 : migrating to GitHub public repository 06/2011 : 0.21 few bug fixes 03/2011 : 0.2 version adding capabilities, IPv6 support and many fixes. 11/2010 : 0.1 version adding better network handling. 10/2010 : first public release. Thanks for using SSToPer !
About
SSTP VPN client for Linux
Resources
License
Unknown and 2 other licenses found
Licenses found
Unknown
LICENSE
GPL-2.0
COPYING
Unknown
COPYING.OpenSSL
Stars
Watchers
Forks
Packages 0
No packages published