MS-SSTP connection

[colapig]

Hi,
I trying to setup a MS-SSTP connection for the MS client with softether. But I got error during connect to the server. Any guys can tell me the detail of how to setup the MS-SSTP connection with Softether? Shall I need to install a certificate in each client machine?
記錄檔名稱: Application
來源: RasClient
日期: 2014/12/5 下午 02:51:38
事件識別碼: 20227
工作類別: 無
等級: 錯誤
關鍵字: 傳統
使用者: 不適用
電腦: comutername
描述:
CoId={B2CC93A7-CBA3-42B9-BCFD-DB04ADC97DB5}: 使用者 Username 撥接名為 MS SSTP test 的連線已失敗。傳回的失敗錯誤碼是 -2146762487。
事件 Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="RasClient" />
<EventID Qualifiers="0">20227</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-12-05T06:51:38.000000000Z" />
<EventRecordID>5407</EventRecordID>
<Channel>Application</Channel>
<Computer>computername</Computer>
<Security />
</System>
<EventData>
<Data>{B2CC93A7-CBA3-42B9-BCFD-DB04ADC97DB5}</Data>
<Data>username</Data>
<Data>MS SSTP test</Data>
<Data>-2146762487</Data>
</EventData>
</Event>

[qupfer]

mostly, its a problem with the certificate validation. SoftEther creats (by default) a self-signet cert for its dyndomain (something like vpn123456.softether.com). And normaly, windows doesn't trust selfsignet certs. So you have to disable the cert-check in windows or create a new self-signed cert for your used server-domain and also install this certificate on your client machine.

[colapig]

How can I disable the cer check? I using the windows 7.

[qupfer]

I don't know. Maybe I'm wrong and its not possible :(
I just find a way to disable the revocation check.
http://support.microsoft.com/kb/947054/en-us

But I would try to install the certificate. This post may help:
http://www.vpnusers.com/viewtopic.php?f ... =mmc#p5580
But give attention that the cert include the correct domain. If you use your own dynDNS Client/service, you have create a new cert with the dynDomain as the "Common Name".

Or just use the offical softether client ;)

[acampeau]

qupfer wrote:
> I don't know. Maybe I'm wrong and its not possible :(

As far as I know, you're not wrong. I don't think it's possible.

> But I would try to install the certificate.
> http://www.vpnusers.com/viewtopic.php?f ... =mmc#p5580
> But give attention that the cert include the correct domain. If you use
> your own dynDNS Client/service, you have create a new cert with the
> dynDomain as the "Common Name".

Indeed, create a certificate with Common name as your domain name and install in on the windows machine. Working perfectly.

> Or just use the offical softether client ;)
That would be using the SE-VPN protocol, but yes, it would work if a client is available for your device.