Provided by: sstp-client_1.0.19-1build2_amd64 bug

NAME
       sstpc - SSTP Client


SYNOPSIS
       sstpc [<sstp-options>] <hostname> [ppp-options] ...


DESCRIPTION
       sstpc  establishes  the  client side of a Virtual Private Network (VPN) using the Secure Socket Tunneling
       Protocol (SSTP). Use this program to connect to an employer's SSTP based VPN when PPTP and  L2TP  is  not
       working.

       By  default,  sstpc  establishes the SSTP call to the SSTP server, and then starts an instance of pppd to
       manage the data transfer. However, sstpc can also be run as a connection manager within pppd.


OPTIONS
       The first non-option argument on the sstpc command line must be the host name or IP address of  the  SSTP
       server.

       All  long  options  (starting with "--") are interpreted as sstpc options, and a fatal error occurs if an
       unrecognised option is used.

       All command-line arguments which do not start with "-" are interpreted as ppp options, and passed  as  is
       to pppd unless --nolaunchpppd is given.

       --ca-cert
              Specify the CA certificate used to verify the server with

       --ca-dir
              Specify  the  directory of certificates that contains the CA certificate. If nothing is specified,
              the system's wide directory is used.

       --cert-warn
              Ignore certificate warnings like common name instead of terminating the connection.

       --host When connecting to an IP address, the host parameter will provide the hostname for http, proxy and
              tls-ext

       --ipparam
              This will help specify the callback socket that pppd will try to connect back to sstpc in order to
              communicate the MPPE keys as negotiated. The MPPE keys are required to  authenticate  against  the
              server  at the SSL layer. They can be zeroed if no MPPE is negotiated. The name is formed based on
              /tmp/sstpc-<ipparam>.

       --nolaunchpppd
              Do not launch pppd but use stdin as the network connection.  Use this flag when including sstpc as
              a pppd connection process using the pty option. See EXAMPLES.

       --password
              Specify a password per command line instead of setting it up in a configuration file for  pppd  in
              /etc/ppp/peers.

       --proxy
              Connect    to    the    SSTP   server   via   a   proxy   on   your   network.   The   syntax   is
              http://[<user>:<pass>@]<domain>:port.

       --priv-user
              Specify the privilege separation user to run sstpc

       --priv-group
              Specify the privilege separation group to run sstpc

       --priv-dir
              Specify the privilege separation directory for the chroot jail to run sstpc

       --user Specify the username  to  authenticate  to  the  SSTP  server  instead  of  setting  it  up  in  a
              configuration file for pppd in /etc/ppp/peers.

       --save-server-route
              This will automatically add and remove a route to the SSTP server.

       --uuid Specify a UUID for the connection to simplify the server end debugging.

       --tls-ext
              This will enable TLS hostname extension.

   Troubleshooting
       The following options are available to help troubleshoot sstpc

       --log-level <level>
              Set the debug level for debugging the sstpc process. Level can be a value between 0 and 4.

       --log-syslog
              Log messages to syslog (default).

       --log-stderr
              Log messages to error output

       --log-stdout
              Log messages to standard output

       --log-fileno
              Include file and line number with the log messages

       --log-filter
              Filter the logs by a particular set of files, e.g: sstp-packet,sstp-state

       --log-ident
              Specify the identity that will be used when writing logs to e.g. syslog


EXAMPLES
       Connection to a Microsoft Windows RAS Service using SSTP protocol

       Setup the peer scripts in /etc/ppp/peers, you may start by cloning one of the scripts available in your
       docs directory, /usr/share/doc/sstp-client, or /usr/local/share/doc/sstp-client. The general content of
       this file will be close to the following:

              # Example Content of /etc/ppp/peers/sstp-test
              remotename  sstp-test
              linkname    sstp-test
              ipparam     sstp-test
              pty         "sstpc --ipparam sstp-test --nolaunchpppd sstp-test.yourdomain.com"
              name        eivnaes
              plugin      sstp-pppd-plugin.so
              sstp-sock   /var/run/sstpc/sstpc-sstp-test
              usepeerdns
              require-mppe
              require-mschap-v2
              refuse-eap
              refuse-pap
              refuse-chap
              refuse-mschap
              nobsdcomp
              nodeflate

       Note that the chap-secrets file used by pppd must include an entry for domain\\username. For the sstp-
       test example, the user eivnaes will have a equivalent entry in the /etc/ppp/chap-secrets file.

              # Secrets for authentication using CHAP
              # client        server  secret          IP addresses
              eivnaes         *       xxxxxx          *

       Starting the sstp-test using the pon script
              sudo pon sstp-test

       Invoking sstpc using the the call command
              sstpc --ipparam sstp-test sstp-test.yourdomain.com call sstp-test-nopty

       The sstp-test-nopty is a pppd script you need to create in /etc/ppp/peers, and you can clone the example
       sstp-test above; but you must omit the pty statement in the peers configuration.


SEE ALSO
       pppd(8)


AUTHOR
       This manual page was written by Eivind Naess <enaess@yahoo.com>

                                                                                                        SSTPC(8)