I am trying to see if softether is a viable VPN solution for our needs. I have been successful in getting sstp to connect to SE, but only when secure NAT is enabled. When I disable secure NAT the request is going to our DHCP server but the lease is not being returned to the client and therefore they are not getting an IP Address and are not able to connect.
You can see this information from the server log:
2019-04-05 11:10:00.319 SSTP PPP Session [xxx.xxx.xxx.xx:55743]: Trying to request an IP address from the DHCP server.
2019-04-05 11:10:05.319 SSTP PPP Session [xxx.xxx.xxx.xx:55743]: Acquiring an IP address from the DHCP server failed. To accept a PPP session, you need to have a DHCP server. Make sure that a DHCP server is working normally in the Ethernet segment which the Virtual Hub belongs to. If you do not have a DHCP server, you can use the Virtual DHCP function of the SecureNAT on the Virtual Hub instead.
2019-04-05 11:10:13.501 SSTP PPP Session [xxx.xxx.xxx.xx:55743]: The VPN Client sent a packet though an IP address of the VPN Client hasn't been determined.
2019-04-05 11:10:13.501 SSTP PPP Session [xxx.xxx.xxx.xx:55743]: A PPP protocol error occurred, or the PPP session has been disconnected.
I have setup a bridge to the private NIC from the virtual hub and have disabled secure NAT and DHCP functionality in the SE hub.
When I try to connect from a windows box using SSTP, I am getting the following information from the packet log:
-04-05,11:09:52.450,SID-LOCALBRIDGE- 1,-,A4580F42CBB6,FFFFFFFFFFFF,0x0800,358,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=350047519 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,-,-
2019-04-05,11:09:53.199,SID-LOCALBRIDGE-1,-,001A4A160154,FFFFFFFFFFFF,0x0800,348,DHCPv4,Response,10.1.1.24,bootps(67),255.255.255.255,bootpc(68),-,-,TransactionId=350047519 ClientIP=0.0.0.0 YourIP=10.1.2.253 ServerIP=10.1.1.24 RelayIP=0.0.0.0,-,-,-
2019-04-05,11:09:53.199,SID-LOCALBRIDGE-1,-,A4580F42CBB6,FFFFFFFFFFFF,0x0800,370,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=350047519 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,-,-
2019-04-05,11:09:53.199,SID-LOCALBRIDGE-1,-,001A4A160154,FFFFFFFFFFFF,0x0800,348,DHCPv4,Response,10.1.1.24,bootps(67),255.255.255.255,bootpc(68),-,-,TransactionId=350047519 ClientIP=0.0.0.0 YourIP=10.1.2.253 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,-,-
2019-04-05,11:09:53.210,SID-LOCALBRIDGE-1,-,001A4A16017B,FFFFFFFFFFFF,0x0800,348,DHCPv4,Response,10.1.1.23,bootps(67),255.255.255.255,bootpc(68),-,-,TransactionId=350047519 ClientIP=0.0.0.0 YourIP=10.1.2.203 ServerIP=10.1.1.23 RelayIP=0.0.0.0,-,-,-
2019-04-05,11:09:56.159,SID-LOCALBRIDGE-1,-,001A4A16017B,FFFFFFFFFFFF,0x0800,348,DHCPv4,Response,10.1.1.23,bootps(67),255.255.255.255,bootpc(68),-,-,TransactionId=2306803456 ClientIP=0.0.0.0 YourIP=10.1.2.112 ServerIP=10.1.1.23 RelayIP=0.0.0.0,-,-,-
2019-04-05,11:10:00.400,SID-GIL.COMEAU-[SSTP]-4,-,CA20658C6E7E,FFFFFFFFFFFF,0x0800,335,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=3970409621 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,xxx.xxx.xxx.xx,-
2019-04-05,11:10:01.932,SID-GIL.COMEAU-[SSTP]-4,-,CA20658C6E7E,FFFFFFFFFFFF,0x0800,335,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=3970409621 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,xxx.xxx.xxx.xx,-
2019-04-05,11:10:03.516,SID-GIL.COMEAU-[SSTP]-4,-,CA20658C6E7E,FFFFFFFFFFFF,0x0800,335,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=3970409621 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,xxx.xxx.xxx.xx,-
2019-04-05,11:10:04.084,SID-LOCALBRIDGE-1,-,001A4A16017B,FFFFFFFFFFFF,0x0800,348,DHCPv4,Response,10.1.1.23,bootps(67),255.255.255.255,bootpc(68),-,-,TransactionId=2306803456 ClientIP=0.0.0.0 YourIP=10.1.2.112 ServerIP=10.1.1.23 RelayIP=0.0.0.0,-,-,-
2019-04-05,11:10:05.076,SID-GIL.COMEAU-[SSTP]-4,-,CA20658C6E7E,FFFFFFFFFFFF,0x0800,335,DHCPv4,Request,0.0.0.0,bootpc(68),255.255.255.255,bootps(67),-,-,TransactionId=3970409621 ClientIP=0.0.0.0 YourIP=0.0.0.0 ServerIP=0.0.0.0 RelayIP=0.0.0.0,-,xxx.xxx.xxx.xx,-
One issue that I think is causing the issue is the relay address from the DHCP lease that should be returning the ip address is not correct (0.0.0.0). But I am not sure how this should be configured on the SE server side.
I have been banging my head on the table for sometime about this and was hoping to find someone who has completed a simliar setup for a bit of help.
Best Answer
The answer to this was that the SOFT ether was only sending text-based passwords to the radius server but out radius server was configured to accept only encrypted passwords, the only solution I found (that is not great) is to change the radius server to accept text-based passwords.