Home computickets How to set up SSTP client on Mikrotik Routeros?

How to set up SSTP client on Mikrotik Routeros?

Author

Fil Ka

Date

Category

computickets

There is a task to connect to a remote network by VPN SSTP . Most likely, the VPN server is Windows Server 2008 , it is definitely not known.

For connecting, remote network administrator, issued

  • Server Address remote.network.com
  • certificate as file rca.crt
  • Login: Test
  • Password: passwd

set up vpn on the workstation (Windows 7 ) – everything worked. There is access to the remote network, the hosts respond to pingies, by RDP can be connected.

tried to configure on the router mikrotik c Routeros v.6.34.3 : 

/ certificate import file-name = rca.crt
/ Interface SSTP-Client Add Authentication = Mschap1, Mschap2 \
  Certificate = RCA.CRT_0 Connect-to = Remote.network.com \
  disabled = no name = sstp-vpn password = passwd \
  Profile = Default-Encryption User = Test Verify-Server-Certificate = YES
/ IP Route Add Distance = 1 DST-Address = 10.0.0.0 / 8 Gateway = SSTP-VPN
/ IP Firewall Filter Add Chain = Input Comment = "VPN" dst-port = 1723 Protocol = TCP
/ IP Firewall Filter Add Chain = Input Protocol = GRE

When checking the connection (Ping 10.0.0.1 ), such messages appear in the log: 

sstp, info sstp-vpn: initializing ...
SSTP, Debug SSTP-VPN: IPCP Demandup
SSTP, Info SSTP-VPN: Waiting for Packets ...
SSTP, Info SSTP-VPN: Connecting ...
SSTP, Info SSTP-VPN: Terminating ... - No Key for Certificate Found (6)
SSTP, Debug SSTP-VPN: LCP LOWERDOWN
SSTP, Debug SSTP-VPN: LCP DOWN EVENT INITIAL STATE
SSTP, info sstp-vpn: disconnected

As I understand it, the connection is initialized, the server responds, and at the certificate verification stage, the connection is broken.

Can’t understand where I was wrong or did not configure.

Answer 1, Authority 100%

No key for Certificate Found

requires a key file. * .key. He himself faced this problem, i.e. One root certificate is a little microtist, despite the fact that only the client is configured. I didn’t find it, I didn’t find it, I just put the key, the good I was an administrator.

Answer 2

It seems that the error is that the root certificate has been registered as a customer certificate,
To verify the authenticity of the server, it is enough to import the root certificate (which was done here: / certificate import file-name = rca.crt ) and enable the server certificate check on the client (Verify-Server-Certificate = YES )

Routeros Client Would Be to Import The CA CERTIFICATE AND ENABLING VERIFY-SERVER-CERTIFICATE OPTION
https://wiki.mikrotik.com/wiki/manual:interface/sstp

I think that the tunnel rose, it was necessary to simply remove the Certificate parameter = rca.crt_0 when setting up the client: 

/ interface sstp-client add authentication = mschap1, mschap2 \
  Connect-to = Remote.network.com \
  disabled = no name = sstp-vpn password = passwd \
  Profile = Default-Encryption User = Test Verify-Server-Certificate = YES
Previous articleCurrent time with accuracy to milliseconds
Next articleCHAR16_T and CHAR32_T Symbols output

Programmers, Start Your Engines!

Why spend time searching for the correct question and then entering your answer when you can find it in a second? That's what CompuTicket is all about! Here you'll find thousands of questions and answers from hundreds of computer languages.

Recent questions

© Copyright - Newspaper by TagDiv