Connecting to a MS server via sstp protocol

[markozu]

Hi to all,
This is my first post to freebsd forums so please be patient with me. Started to explore the possibility to use freebsd as a desktop os and need to connect to my ms rdp server on work via sstp protocol. sstp is the only one supported. Have tried to google if there is a sstp client for freebsd like sstp-client for linux which we already use in company at linux boxes. The only thing I found is softether5 (developer edition) that is supposed to work on freebsd.
I have tried to set it up, but for some reason in softether logs I get:
The connection has either disconnected or it failed. Cause: Connection to the server failed. Check the server address etc.
I can telnet to my server, so I suppose there is something wrong with softether.

Finally my question, does someone have any experience with this kind of setup? Do you know of any working alternative?

Thx in advance for any pointers.

 

[SirDice]

Try net/rdesktop and/or net/freerdp.

 

[VladiBG]

You could try with RTM version 4 security/softether to establish the vpn an then to use net/rdesktop to connect. I don't have sstp server so i didn't test it.

 

[markozu]

Thank you guys for your replay.
I also posted on the Softether forum the question about using softether client to connect to a MS server via sstp, but no dice. They told me only sstp clients can connect to softether server, but not vice versa.
So if anyone knows of an sstp client for freebsd I'd be happy to test it. Do not know if it is possible to use the linux sstp-client in freebsd?

rdesktop, freerdp, remmina etc comes later only if an sstp vpn can be established to the MS server. Already tested freerdp whe inside the server network and it works perfectly.

Kind regards

 

[hermo]

In short: create a bhyve linux vm, take the sstp connection from there, then route your traffic through the vm.

Somewhat longer:

• I used the network-manager-sstp-gnome gui package to setup the connection from linux for the first time (for some reason i didn't get it done without the gui)
• after the initial setup, the connection works e.g. with the nmcli command
• once the connection is established in the linux vm, do (as linux root, replacing enp0s5 with your interface shown in ip a)
  
/usr/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
/usr/sbin/iptables -A FORWARD -i ppp0 -o enp0s5 -m state --state RELATED,ESTABLISHED -j ACCEPT
/usr/sbin/iptables -A FORWARD -i enp0s5 -o ppp0 -j ACCEPT

• Finally on the freebsd host, do sysrc gateway_enable="YES" and thereafter (see the comments in the end)
  
route delete default
route add default 192.168.50.149
echo "nameserver 192.168.40.20" > /etc/resolv.conf

  Above, the address 192.168.50.149 is my linux vm address on the freebsd host (independent of the sstp connection), and the address 192.168.40.20 is the address of the vpn nameserver (given by the microsoft vpn provider).

 

[hermo]

An update: Joining microsoft Teams meetings wasn't successful with the configuration above (i.e. routing all my traffic trough the linux vm vpn). A better configuration is to install a dante proxy server on the linux vm, and proxychains-ng on the freebsd host. I connect to sstp on the linux vm as before, and start the dante server on the linux vm. On the freebsd host, I have the line socks5 my.linux.vm.ip 1080 in the proxychains.conf file (1080 being the dante server port). Now I can start a vpn browser window from the command line with, say, proxychains firefox. So I can use e.g. chrome (no vpn) for a Teams meeting, and simultaneously proxychains firefox (vpn) for anything that needs the vpn.