Azure VPN Point To Site doesnt work

Support requests about SSTP VPN Client
Post Reply
bredar
Posts: 3
Joined: Wed Feb 27, 2019 8:28 am

Azure VPN Point To Site doesnt work

Post by bredar » Wed Feb 27, 2019 8:42 am

I've tried to set up an Azure VPN Point To Site Connection.

It uses client certificates. I've configured it as shown in the screenshots. The certificate is right. Any ideas?
Attachments
Screenshot_20190227_093827_it.colucciweb.sstpvpnclient.jpg
Screenshot_20190227_093827_it.colucciweb.sstpvpnclient.jpg (61.41 KiB) Viewed 252 times
Screenshot_20190227_093748_it.colucciweb.sstpvpnclient.jpg
Screenshot_20190227_093748_it.colucciweb.sstpvpnclient.jpg (62.7 KiB) Viewed 252 times

admin
Site Admin
Posts: 445
Joined: Fri Feb 15, 2019 4:04 pm
Contact:

Re: Azure VPN Point To Site doesnt work

Post by admin » Wed Feb 27, 2019 10:26 am

Maybe the log at level 2 may help to understand the problem.

To raise the log level:
  • edit the VPN
  • tap on "Options"
  • tap on "Set log level" and set the value to 2
  • save the changes
The "Set log level" option must be used only for debug, so after the test remeber to edit the VPN and unselect the "Set log level" option

To export the log:
  • start the app
  • tap on the VPN name
  • tap on LOG tab
  • tap on device menu button
  • tap on "Export log"
Please, can you post the log file?
(naturally you can strip all sensitive informations)

bredar
Posts: 3
Joined: Wed Feb 27, 2019 8:28 am

Re: Azure VPN Point To Site doesnt work

Post by bredar » Wed Feb 27, 2019 1:57 pm

This is how it looks like. I've tried disableing the server certificate check with no luck.

Code: Select all

2019-02-27 14:50:49 SstpVpnClient-google-api27-release-2.20.14 (23022014)
2019-02-27 14:50:49 Connecting request by user
2019-02-27 14:50:49 OpenSSL 1.1.1a  20 Nov 2018
2019-02-27 14:50:49 try to connect to 52XXXXXXX:443
2019-02-27 14:50:49 Connecting to 52XXXXXXXXXXXX:443
2019-02-27 14:50:49 Set TLS SNI extension to "azuregateway-XXXXXXXXXXXXXXXXXX.cloudapp.net"
2019-02-27 14:50:49 sending HTTP request
2019-02-27 14:50:49 SSTP_DUPLEX_POST /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ HTTP/1.1
SSTPCORRELATIONID: {cf35318b-dc45-30dc-8e57-a1eca6514d6a}
Content-Length: 18446744073709551615
Host: azuregateway-XXXXXXXXXXXXcloudapp.net

2019-02-27 14:50:49 link write queue(1)
2019-02-27 14:50:49 sstp state changed CLIENT_CALL_DISCONNECTED -> CLIENT_HTTP_REQUEST_SENT
2019-02-27 14:50:49 Ca is not set, certificate verify error ignored:
2019-02-27 14:50:49   certificate: /CN=azuregateway-XXXXXXXXXXXXXcloudapp.net
2019-02-27 14:50:49   depth: 0 error: unable to get local issuer certificate(20)
2019-02-27 14:50:49 Ca is not set, certificate verify error ignored:
2019-02-27 14:50:49   certificate: /CN=azuregateway-XXXXXXXXXXXXXXX.cloudapp.net
2019-02-27 14:50:49   depth: 0 error: unable to verify the first certificate(21)
2019-02-27 14:51:04 TLSv1.2 connection established with cipher ECDHE-RSA-AES128-SHA256
2019-02-27 14:51:04 Enable TCP_NODELAY socket option
2019-02-27 14:51:04 link socket is ready for write
2019-02-27 14:51:04 SSL_wirte ret=254, ssl_error=0
2019-02-27 14:51:04 link socket write (254/254) to 49
2019-02-27 14:51:04 link socket is ready for read
2019-02-27 14:51:04 SSL_read ret=123, ssl_error=0
2019-02-27 14:51:04 link socket read (123/123) from 49
2019-02-27 14:51:04 SSTP HTTP Done
2019-02-27 14:51:04 link write queue(1)
2019-02-27 14:51:04 SSTP_MSG_CALL_CONNECT_REQUEST sent
2019-02-27 14:51:04 sstp state changed CLIENT_HTTP_REQUEST_SENT -> CLIENT_CONNECT_REQUEST_SENT
2019-02-27 14:51:04 link socket is ready for write
2019-02-27 14:51:04 SSL_wirte ret=14, ssl_error=0
2019-02-27 14:51:04 link socket write (14/14) to 49
2019-02-27 14:51:04 link socket is ready for read
2019-02-27 14:51:04 SSL_read ret=48, ssl_error=0
2019-02-27 14:51:04 link socket read (48/48) from 49
2019-02-27 14:51:04 received SSTP_MSG_CONNECT_ACK
2019-02-27 14:51:04 set hash protocol to SHA256
2019-02-27 14:51:04 sstp state changed CLIENT_CONNECT_REQUEST_SENT -> CLIENT_CONNECT_ACK_RECEIVED
2019-02-27 14:51:04 LCP status changed STOPPED -> CONFIGURE_REQUEST_SENT
2019-02-27 14:51:04 link write queue(1)
2019-02-27 14:51:04 link socket is ready for write
2019-02-27 14:51:04 SSL_wirte ret=26, ssl_error=0
2019-02-27 14:51:04 link socket write (26/26) to 49
2019-02-27 14:51:04 link socket is ready for read
2019-02-27 14:51:04 SSL_read ret=86, ssl_error=0
2019-02-27 14:51:04 link socket read (86/86) from 49
2019-02-27 14:51:04 LCP status changed CONFIGURE_REQUEST_SENT -> CONFIGURE_REQUEST_RECEIVED
2019-02-27 14:51:04 LCP status changed CONFIGURE_REQUEST_RECEIVED -> CONFIFURE_REJECT_SENT
2019-02-27 14:51:04 link write queue(1)
2019-02-27 14:51:04 LCP status changed CONFIFURE_REJECT_SENT -> CONFIGURE_ACK_RECEIVED
2019-02-27 14:51:04 link socket is ready for write
2019-02-27 14:51:04 SSL_wirte ret=42, ssl_error=0
2019-02-27 14:51:04 link socket write (42/42) to 49
2019-02-27 14:51:04 link socket is ready for read
2019-02-27 14:51:04 SSL_read ret=30, ssl_error=0
2019-02-27 14:51:04 link socket read (30/30) from 49
2019-02-27 14:51:04 LCP status changed CONFIGURE_ACK_RECEIVED -> CONFIGURE_REQUEST_RECEIVED
2019-02-27 14:51:04 LCP status changed CONFIGURE_REQUEST_RECEIVED -> CONFIGURE_ACK_SENT
2019-02-27 14:51:04 link write queue(1)
2019-02-27 14:51:04 link socket is ready for write
2019-02-27 14:51:04 SSL_wirte ret=30, ssl_error=0
2019-02-27 14:51:04 link socket write (30/30) to 49
2019-02-27 14:51:04 link socket is ready for read
2019-02-27 14:51:04 SSL_read ret=11, ssl_error=0
2019-02-27 14:51:04 link socket read (11/11) from 49
2019-02-27 14:51:04 EAP-TLS status changed STOPPED -> REQUEST_RECEIVED
2019-02-27 14:51:04 EAP-TLS status changed REQUEST_RECEIVED -> RESPONSE_SENT
2019-02-27 14:51:04 link write queue(1)
2019-02-27 14:51:04 link socket is ready for write
2019-02-27 14:51:04 SSL_wirte ret=55, ssl_error=0
2019-02-27 14:51:04 link socket write (55/55) to 49
2019-02-27 14:51:04 link socket is ready for read
2019-02-27 14:51:04 SSL_read ret=12, ssl_error=0
2019-02-27 14:51:04 link socket read (12/12) from 49
2019-02-27 14:51:04 EAP-TLS status changed RESPONSE_SENT -> REQUEST_RECEIVED
2019-02-27 14:51:04  -> SSL3_RT_HEADER
2019-02-27 14:51:04  -> SSL3_RT_HANDSHAKE: SSL3_MT_CLIENT_HELLO
2019-02-27 14:51:04 sendEapTls: packet size (104) <= (1484)
2019-02-27 14:51:04 EAP-TLS status changed REQUEST_RECEIVED -> RESPONSE_SENT
2019-02-27 14:51:04 link write queue(1)
2019-02-27 14:51:04 link socket is ready for write
2019-02-27 14:51:04 SSL_wirte ret=120, ssl_error=0
2019-02-27 14:51:04 link socket write (120/120) to 49
2019-02-27 14:51:04 link socket is ready for read
2019-02-27 14:51:04 SSL_read ret=34, ssl_error=0
2019-02-27 14:51:04 link socket read (34/34) from 49
2019-02-27 14:51:04 EAP-TLS status changed RESPONSE_SENT -> FAILURE_RECEIVED
2019-02-27 14:51:04 EAP-TLS authentication failed!
2019-02-27 14:51:04 LCP status changed CONFIGURE_ACK_SENT -> TERMINATE_REQUEST_SENT
2019-02-27 14:51:04 link write queue(1)
2019-02-27 14:51:04 LCP status changed TERMINATE_REQUEST_SENT -> TERMINATE_REQUEST_RECEIVED
2019-02-27 14:51:04 LCP status changed TERMINATE_REQUEST_RECEIVED -> TERMINATE_ACK_SENT
2019-02-27 14:51:04 link write queue(2)
2019-02-27 14:51:04 link socket is ready for write
2019-02-27 14:51:04 SSL_wirte ret=10, ssl_error=0
2019-02-27 14:51:04 link socket write (10/10) to 49
2019-02-27 14:51:04 SSL_wirte ret=10, ssl_error=0
2019-02-27 14:51:04 link socket write (10/10) to 49
2019-02-27 14:51:04 link socket is ready for read
2019-02-27 14:51:04 SSL_read ret=12, ssl_error=0
2019-02-27 14:51:04 link socket read (12/12) from 49
2019-02-27 14:51:04 LCP status changed TERMINATE_ACK_SENT -> TERMINATE_ACK_RECEIVED
2019-02-27 14:51:04 link socket is ready for write
2019-02-27 14:51:04 link socket is ready for read
2019-02-27 14:51:04 SSL_read ret=20, ssl_error=0
2019-02-27 14:51:04 link socket read (20/20) from 49
2019-02-27 14:51:04 received SSTP_MSG_DISCONNECT
2019-02-27 14:51:04 link write queue(1)
2019-02-27 14:51:04 SSTP_MSG_DISCONNECT_ACK sent
2019-02-27 14:51:04 sstp state changed CLIENT_CONNECT_ACK_RECEIVED -> CLIENT_CALL_DISCONNECT_IN_PROGRESS_2
2019-02-27 14:51:04 link socket is ready for write
2019-02-27 14:51:04 SSL_wirte ret=8, ssl_error=0
2019-02-27 14:51:04 link socket write (8/8) to 49
2019-02-27 14:51:04 link socket is ready for read
2019-02-27 14:51:04 SSL_read ret=0, ssl_error=5
2019-02-27 14:51:04 SSL socket closed by remote side
2019-02-27 14:51:04 delete all buf from link write queue(0)
2019-02-27 14:51:04 delete all buf from tun write queue(0)
2019-02-27 14:51:04 Wait 5 seconds...
2019-02-27 14:51:07 Disconnecting request by user
2019-02-27 14:51:07 received disconnect signal
2019-02-27 14:51:07 Disconnecting...
2019-02-27 14:51:07 Disconnected
2019-02-27 14:51:07 delete all buf from link write queue(0)
2019-02-27 14:51:07 delete all buf from tun write queue(0)

admin
Site Admin
Posts: 445
Joined: Fri Feb 15, 2019 4:04 pm
Contact:

Re: Azure VPN Point To Site doesnt work

Post by admin » Wed Feb 27, 2019 4:32 pm

The problem should be related to the TLS protocol negotiation.
I think to have found and fixed the problem.
I just published the new version 2.20.15, please can you try it and give me a feedback?

bredar
Posts: 3
Joined: Wed Feb 27, 2019 8:28 am

Re: Azure VPN Point To Site doesnt work

Post by bredar » Wed Feb 27, 2019 4:42 pm

Fantastic! Now it's working perfect. Thank you very much.

admin
Site Admin
Posts: 445
Joined: Fri Feb 15, 2019 4:04 pm
Contact:

Re: Azure VPN Point To Site doesnt work

Post by admin » Wed Feb 27, 2019 4:44 pm

you're welcome.
Very well. Thank you for the feedback!

Post Reply