SSTP VPN Cant connect with new phone

Support requests about SSTP VPN Client
wookie_73
Posts: 7
Joined: Tue Mar 19, 2019 10:07 am

SSTP VPN Cant connect with new phone

Post by wookie_73 » Tue Mar 19, 2019 10:44 am

HI

I am having ,trouble connecting to a Widows Server 2016 machine using the SSTP app.
I had the connection working perfectly on my old phone (Pixel) but have changed my phone (OnePlus6T) and now I cannot get SSTP VPN to connect.
I have spent some time trying to sort this issue out.
Resulting in trying many settings in the SSTP VPN app and also uninstalling the server in the Windows RRAS console. Setting up RRAS again and checking the NPS settings.
I am at a loss now I have tried everything to get it running.
I am unsure if it is a Windows NPS issue of a SSTP VPN app problem. I would normaly be inclined to think it was my set up error apart from the fact that it all worked on my previous phone.

Any help would be greatly appreciated.
I have added screen shots from SSTP VPN App. If you need any more information, windows logs etc let me know.

Thanks Dave
1 SSTP VPN Client.jpg
1 SSTP VPN Client.jpg (217.27 KiB) Viewed 471 times
2 SSTP VPN Client.jpg
2 SSTP VPN Client.jpg (217.08 KiB) Viewed 471 times
3 SSTP VPN Client.jpg
3 SSTP VPN Client.jpg (210.25 KiB) Viewed 471 times

admin
Site Admin
Posts: 494
Joined: Fri Feb 15, 2019 4:04 pm
Contact:

Re: SSTP VPN Cant connect with new phone

Post by admin » Tue Mar 19, 2019 11:46 am

Please, can you post or send me the log at level 2?
To set the log level:
  • edit the VPN profile
  • tap on "Options"
  • select "Set log level" and set the value to 2
  • save the changes
To export the log:
  • tap on LOG tab
  • tap on top right 3 dots
  • tap on "Export log"
After the test, remember to unselect the "Set log level" option.

wookie_73
Posts: 7
Joined: Tue Mar 19, 2019 10:07 am

Re: SSTP VPN Cant connect with new phone

Post by wookie_73 » Tue Mar 19, 2019 11:54 am

Detailed logs from SSTP VPN Client

Code: Select all

2019-03-19 10:02:01 SstpVpnClient-google-api27-release-2.20.19 (23022019)
2019-03-19 10:02:01 Connecting request by user
2019-03-19 10:02:01 OpenSSL 1.1.1b  26 Feb 2019
2019-03-19 10:02:01 getaddrinfo: No address associated with hostname
2019-03-19 10:02:01 delete all buf from link write queue(0)
2019-03-19 10:02:01 delete all buf from tun write queue(0)
2019-03-19 10:02:01 Wait 5 seconds...
2019-03-19 10:02:04 Connectivity change detected: Mobile
2019-03-19 10:02:04 The connectivity is changed.
2019-03-19 10:02:04 Restarting...
2019-03-19 10:02:04 received reconnect signal
2019-03-19 10:02:05 try to connect to 8**.***.***.107:443
2019-03-19 10:02:05 Connecting to 8**.***.***.107:443
2019-03-19 10:02:05 Set TLS SNI extension to "v******k"
2019-03-19 10:02:05 sending HTTP request
2019-03-19 10:02:05 SSTP_DUPLEX_POST /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ HTTP/1.1
SSTPCORRELATIONID: {316d1503-33ab-3219-8161-e0ef79006b57}
Content-Length: 18446744073709551615
Host: v******k

2019-03-19 10:02:05 link write queue(1)
2019-03-19 10:02:05 sstp state changed CLIENT_CALL_DISCONNECTED -> CLIENT_HTTP_REQUEST_SENT
2019-03-19 10:02:06 Ca is not set, certificate verify error ignored:
2019-03-19 10:02:06   certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
2019-03-19 10:02:06   depth: 1 error: unable to get local issuer certificate(20)
2019-03-19 10:02:06 WARNING! server certificate CN "w******k" doesn't match host name "v******k"
2019-03-19 10:02:06 TLSv1.2 connection established with cipher ECDHE-RSA-AES256-GCM-SHA384
2019-03-19 10:02:06 Enable TCP_NODELAY socket option
2019-03-19 10:02:06 link socket is ready for write
2019-03-19 10:02:06 SSL_wirte ret=195, ssl_error=0
2019-03-19 10:02:06 link socket write (195/195) to 47
2019-03-19 10:02:06 link socket is ready for write
2019-03-19 10:02:06 link socket is ready for read
2019-03-19 10:02:06 SSL_read ret=123, ssl_error=0
2019-03-19 10:02:06 link socket read (123/123) from 47
2019-03-19 10:02:06 SSTP HTTP Done
2019-03-19 10:02:06 link write queue(1)
2019-03-19 10:02:06 SSTP_MSG_CALL_CONNECT_REQUEST sent
2019-03-19 10:02:06 sstp state changed CLIENT_HTTP_REQUEST_SENT -> CLIENT_CONNECT_REQUEST_SENT
2019-03-19 10:02:06 link socket is ready for write
2019-03-19 10:02:06 SSL_wirte ret=14, ssl_error=0
2019-03-19 10:02:06 link socket write (14/14) to 47
2019-03-19 10:02:07 link socket is ready for read
2019-03-19 10:02:07 SSL_read ret=48, ssl_error=0
2019-03-19 10:02:07 link socket read (48/48) from 47
2019-03-19 10:02:07 received SSTP_MSG_CONNECT_ACK
2019-03-19 10:02:07 set hash protocol to SHA256
2019-03-19 10:02:07 sstp state changed CLIENT_CONNECT_REQUEST_SENT -> CLIENT_CONNECT_ACK_RECEIVED
2019-03-19 10:02:07 LCP status changed STOPPED -> CONFIGURE_REQUEST_SENT
2019-03-19 10:02:07 link write queue(1)
2019-03-19 10:02:07 link socket is ready for write
2019-03-19 10:02:07 SSL_wirte ret=26, ssl_error=0
2019-03-19 10:02:07 link socket write (26/26) to 47
2019-03-19 10:02:07 link socket is ready for read
2019-03-19 10:02:07 SSL_read ret=60, ssl_error=0
2019-03-19 10:02:07 link socket read (60/60) from 47
2019-03-19 10:02:07 LCP status changed CONFIGURE_REQUEST_SENT -> CONFIGURE_REQUEST_RECEIVED
2019-03-19 10:02:07 LCP status changed CONFIGURE_REQUEST_RECEIVED -> CONFIFURE_REJECT_SENT
2019-03-19 10:02:07 link write queue(1)
2019-03-19 10:02:07 link socket is ready for write
2019-03-19 10:02:07 SSL_wirte ret=42, ssl_error=0
2019-03-19 10:02:07 link socket write (42/42) to 47
2019-03-19 10:02:07 link socket is ready for read
2019-03-19 10:02:07 SSL_read ret=26, ssl_error=0
2019-03-19 10:02:07 link socket read (26/26) from 47
2019-03-19 10:02:07 LCP status changed CONFIFURE_REJECT_SENT -> CONFIGURE_ACK_RECEIVED
2019-03-19 10:02:07 link socket is ready for write
2019-03-19 10:02:07 link socket is ready for read
2019-03-19 10:02:07 SSL_read ret=30, ssl_error=0
2019-03-19 10:02:07 link socket read (30/30) from 47
2019-03-19 10:02:07 LCP status changed CONFIGURE_ACK_RECEIVED -> CONFIGURE_REQUEST_RECEIVED
2019-03-19 10:02:07 LCP status changed CONFIGURE_REQUEST_RECEIVED -> CONFIGURE_ACK_SENT
2019-03-19 10:02:07 link write queue(1)
2019-03-19 10:02:07 link socket is ready for write
2019-03-19 10:02:07 SSL_wirte ret=30, ssl_error=0
2019-03-19 10:02:07 link socket write (30/30) to 47
2019-03-19 10:02:07 link socket is ready for read
2019-03-19 10:02:07 SSL_read ret=11, ssl_error=0
2019-03-19 10:02:07 link socket read (11/11) from 47
2019-03-19 10:02:07 EAP-MSCHAPv2 status changed STOPPED -> REQUEST_RECEIVED
2019-03-19 10:02:07 EAP-MSCHAPv2 status changed REQUEST_RECEIVED -> RESPONSE_SENT
2019-03-19 10:02:07 link write queue(1)
2019-03-19 10:02:07 link socket is ready for write
2019-03-19 10:02:07 SSL_wirte ret=17, ssl_error=0
2019-03-19 10:02:07 link socket write (17/17) to 47
2019-03-19 10:02:07 link socket is ready for read
2019-03-19 10:02:07 SSL_read ret=10, ssl_error=0
2019-03-19 10:02:07 link socket read (10/10) from 47
2019-03-19 10:02:07 EAP-MSCHAPv2 status changed RESPONSE_SENT -> FAILURE_RECEIVED
2019-03-19 10:02:07 EAP-MSCHAPv2 authentication failed!
2019-03-19 10:02:07 LCP status changed CONFIGURE_ACK_SENT -> TERMINATE_REQUEST_SENT
2019-03-19 10:02:07 link write queue(1)
2019-03-19 10:02:07 link socket is ready for write
2019-03-19 10:02:07 SSL_wirte ret=10, ssl_error=0
2019-03-19 10:02:07 link socket write (10/10) to 47
2019-03-19 10:02:07 link socket is ready for read
2019-03-19 10:02:07 SSL_read ret=24, ssl_error=0
2019-03-19 10:02:07 link socket read (24/24) from 47
2019-03-19 10:02:07 LCP status changed TERMINATE_REQUEST_SENT -> TERMINATE_REQUEST_RECEIVED
2019-03-19 10:02:07 LCP status changed TERMINATE_REQUEST_RECEIVED -> TERMINATE_ACK_SENT
2019-03-19 10:02:07 link write queue(1)
2019-03-19 10:02:07 link socket is ready for write
2019-03-19 10:02:07 SSL_wirte ret=10, ssl_error=0
2019-03-19 10:02:07 link socket write (10/10) to 47
2019-03-19 10:02:07 link socket is ready for read
2019-03-19 10:02:07 SSL_read ret=12, ssl_error=0
2019-03-19 10:02:07 link socket read (12/12) from 47
2019-03-19 10:02:07 LCP status changed TERMINATE_ACK_SENT -> TERMINATE_ACK_RECEIVED
2019-03-19 10:02:07 link socket is ready for write
2019-03-19 10:02:07 link socket is ready for read
2019-03-19 10:02:07 SSL_read ret=20, ssl_error=0
2019-03-19 10:02:07 link socket read (20/20) from 47
2019-03-19 10:02:07 received SSTP_MSG_DISCONNECT
2019-03-19 10:02:07 link write queue(1)
2019-03-19 10:02:07 SSTP_MSG_DISCONNECT_ACK sent
2019-03-19 10:02:07 sstp state changed CLIENT_CONNECT_ACK_RECEIVED -> CLIENT_CALL_DISCONNECT_IN_PROGRESS_2
2019-03-19 10:02:07 link socket is ready for write
2019-03-19 10:02:07 SSL_wirte ret=8, ssl_error=0
2019-03-19 10:02:07 link socket write (8/8) to 47
2019-03-19 10:02:07 link socket is ready for read
2019-03-19 10:02:07 SSL_read ret=0, ssl_error=5
2019-03-19 10:02:07 SSL socket closed by remote side
2019-03-19 10:02:07 delete all buf from link write queue(0)
2019-03-19 10:02:07 delete all buf from tun write queue(0)
2019-03-19 10:02:07 Wait 5 seconds...
2019-03-19 10:02:12 try to connect to 8**.***.***.107:443
2019-03-19 10:02:12 Connecting to 8**.***.***.107:443
2019-03-19 10:02:13 Set TLS SNI extension to "v******k"
2019-03-19 10:02:13 sending HTTP request
2019-03-19 10:02:13 SSTP_DUPLEX_POST /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ HTTP/1.1
SSTPCORRELATIONID: {c5b9026a-5b44-3976-8547-b0842e929daf}
Content-Length: 18446744073709551615
Host: v******k

2019-03-19 10:02:13 link write queue(1)
2019-03-19 10:02:13 sstp state changed CLIENT_CALL_DISCONNECTED -> CLIENT_HTTP_REQUEST_SENT
2019-03-19 10:02:13 Ca is not set, certificate verify error ignored:
2019-03-19 10:02:13   certificate: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
2019-03-19 10:02:13   depth: 1 error: unable to get local issuer certificate(20)
2019-03-19 10:02:14 WARNING! server certificate CN "w******k" doesn't match host name "v******k"
2019-03-19 10:02:14 TLSv1.2 connection established with cipher ECDHE-RSA-AES256-GCM-SHA384
2019-03-19 10:02:14 Enable TCP_NODELAY socket option
2019-03-19 10:02:14 link socket is ready for write
2019-03-19 10:02:14 SSL_wirte ret=195, ssl_error=0
2019-03-19 10:02:14 link socket write (195/195) to 47
2019-03-19 10:02:14 link socket is ready for read
2019-03-19 10:02:14 SSL_read ret=123, ssl_error=0
2019-03-19 10:02:14 link socket read (123/123) from 47
2019-03-19 10:02:14 SSTP HTTP Done
2019-03-19 10:02:14 link write queue(1)
2019-03-19 10:02:14 SSTP_MSG_CALL_CONNECT_REQUEST sent
2019-03-19 10:02:14 sstp state changed CLIENT_HTTP_REQUEST_SENT -> CLIENT_CONNECT_REQUEST_SENT
2019-03-19 10:02:14 link socket is ready for write
2019-03-19 10:02:14 SSL_wirte ret=14, ssl_error=0
2019-03-19 10:02:14 link socket write (14/14) to 47
2019-03-19 10:02:14 link socket is ready for read
2019-03-19 10:02:14 SSL_read ret=48, ssl_error=0
2019-03-19 10:02:14 link socket read (48/48) from 47
2019-03-19 10:02:14 received SSTP_MSG_CONNECT_ACK
2019-03-19 10:02:14 set hash protocol to SHA256
2019-03-19 10:02:14 sstp state changed CLIENT_CONNECT_REQUEST_SENT -> CLIENT_CONNECT_ACK_RECEIVED
2019-03-19 10:02:14 LCP status changed STOPPED -> CONFIGURE_REQUEST_SENT
2019-03-19 10:02:14 link write queue(1)
2019-03-19 10:02:14 link socket is ready for write
2019-03-19 10:02:14 SSL_wirte ret=26, ssl_error=0
2019-03-19 10:02:14 link socket write (26/26) to 47
2019-03-19 10:02:14 link socket is ready for read
2019-03-19 10:02:14 SSL_read ret=86, ssl_error=0
2019-03-19 10:02:14 link socket read (86/86) from 47
2019-03-19 10:02:14 LCP status changed CONFIGURE_REQUEST_SENT -> CONFIGURE_REQUEST_RECEIVED
2019-03-19 10:02:14 LCP status changed CONFIGURE_REQUEST_RECEIVED -> CONFIFURE_REJECT_SENT
2019-03-19 10:02:14 link write queue(1)
2019-03-19 10:02:14 LCP status changed CONFIFURE_REJECT_SENT -> CONFIGURE_ACK_RECEIVED
2019-03-19 10:02:14 link socket is ready for write
2019-03-19 10:02:14 SSL_wirte ret=42, ssl_error=0
2019-03-19 10:02:14 link socket write (42/42) to 47
2019-03-19 10:02:14 link socket is ready for read
2019-03-19 10:02:14 SSL_read ret=30, ssl_error=0
2019-03-19 10:02:14 link socket read (30/30) from 47
2019-03-19 10:02:14 LCP status changed CONFIGURE_ACK_RECEIVED -> CONFIGURE_REQUEST_RECEIVED
2019-03-19 10:02:14 LCP status changed CONFIGURE_REQUEST_RECEIVED -> CONFIGURE_ACK_SENT
2019-03-19 10:02:14 link write queue(1)
2019-03-19 10:02:14 link socket is ready for write
2019-03-19 10:02:14 SSL_wirte ret=30, ssl_error=0
2019-03-19 10:02:14 link socket write (30/30) to 47
2019-03-19 10:02:14 link socket is ready for read
2019-03-19 10:02:14 SSL_read ret=11, ssl_error=0
2019-03-19 10:02:14 link socket read (11/11) from 47
2019-03-19 10:02:14 EAP-MSCHAPv2 status changed STOPPED -> REQUEST_RECEIVED
2019-03-19 10:02:14 EAP-MSCHAPv2 status changed REQUEST_RECEIVED -> RESPONSE_SENT
2019-03-19 10:02:14 link write queue(1)
2019-03-19 10:02:14 link socket is ready for write
2019-03-19 10:02:14 SSL_wirte ret=17, ssl_error=0
2019-03-19 10:02:14 link socket write (17/17) to 47
2019-03-19 10:02:14 link socket is ready for read
2019-03-19 10:02:14 SSL_read ret=10, ssl_error=0
2019-03-19 10:02:14 link socket read (10/10) from 47
2019-03-19 10:02:14 EAP-MSCHAPv2 status changed RESPONSE_SENT -> FAILURE_RECEIVED
2019-03-19 10:02:14 EAP-MSCHAPv2 authentication failed!
2019-03-19 10:02:14 LCP status changed CONFIGURE_ACK_SENT -> TERMINATE_REQUEST_SENT
2019-03-19 10:02:14 link write queue(1)
2019-03-19 10:02:14 link socket is ready for write
2019-03-19 10:02:14 SSL_wirte ret=10, ssl_error=0
2019-03-19 10:02:14 link socket write (10/10) to 47
2019-03-19 10:02:14 link socket is ready for read
2019-03-19 10:02:14 SSL_read ret=24, ssl_error=0
2019-03-19 10:02:14 link socket read (24/24) from 47
2019-03-19 10:02:14 LCP status changed TERMINATE_REQUEST_SENT -> TERMINATE_REQUEST_RECEIVED
2019-03-19 10:02:14 LCP status changed TERMINATE_REQUEST_RECEIVED -> TERMINATE_ACK_SENT
2019-03-19 10:02:14 link write queue(1)
2019-03-19 10:02:14 link socket is ready for write
2019-03-19 10:02:14 SSL_wirte ret=10, ssl_error=0
2019-03-19 10:02:14 link socket write (10/10) to 47
2019-03-19 10:02:15 link socket is ready for read
2019-03-19 10:02:15 SSL_read ret=12, ssl_error=0
2019-03-19 10:02:15 link socket read (12/12) from 47
2019-03-19 10:02:15 LCP status changed TERMINATE_ACK_SENT -> TERMINATE_ACK_RECEIVED
2019-03-19 10:02:15 link socket is ready for write
2019-03-19 10:02:15 link socket is ready for read
2019-03-19 10:02:15 SSL_read ret=20, ssl_error=0
2019-03-19 10:02:15 link socket read (20/20) from 47
2019-03-19 10:02:15 received SSTP_MSG_DISCONNECT
2019-03-19 10:02:15 link write queue(1)
2019-03-19 10:02:15 SSTP_MSG_DISCONNECT_ACK sent
2019-03-19 10:02:15 sstp state changed CLIENT_CONNECT_ACK_RECEIVED -> CLIENT_CALL_DISCONNECT_IN_PROGRESS_2
2019-03-19 10:02:15 link socket is ready for write
2019-03-19 10:02:15 SSL_wirte ret=8, ssl_error=0
2019-03-19 10:02:15 link socket write (8/8) to 47
2019-03-19 10:02:15 link socket is ready for read
2019-03-19 10:02:15 SSL_read ret=0, ssl_error=5
2019-03-19 10:02:15 SSL socket closed by remote side
2019-03-19 10:02:15 delete all buf from link write queue(0)
2019-03-19 10:02:15 delete all buf from tun write queue(0)
2019-03-19 10:02:15 Wait 5 seconds...
2019-03-19 10:02:18 Disconnecting request by user
2019-03-19 10:02:18 received disconnect signal
2019-03-19 10:02:18 Disconnecting...
2019-03-19 10:02:18 Disconnected
2019-03-19 10:02:18 delete all buf from link write queue(0)
2019-03-19 10:02:18 delete all buf from tun write queue(0)

admin
Site Admin
Posts: 494
Joined: Fri Feb 15, 2019 4:04 pm
Contact:

Re: SSTP VPN Cant connect with new phone

Post by admin » Tue Mar 19, 2019 12:27 pm

Normally this happen when the user and/or the password are wrong.

Please, can you try to edit the VPN, tap on "Authentication" and reinsert the user and password?

wookie_73
Posts: 7
Joined: Tue Mar 19, 2019 10:07 am

Re: SSTP VPN Cant connect with new phone

Post by wookie_73 » Tue Mar 19, 2019 12:37 pm

Have done again. Still no luck.

Have also tried different users and passwords with no luck.

Also changing authentication protocol in SSTP VPN Client and allowing less secure protocols in Windows NPS.
Everything I try seems to end in the connection getting rejected. I would (and did) normally assume it is a problem on the server. But I am confused as why it worked on my old phone and not on the new one.

Thanks Dave

admin
Site Admin
Posts: 494
Joined: Fri Feb 15, 2019 4:04 pm
Contact:

Re: SSTP VPN Cant connect with new phone

Post by admin » Tue Mar 19, 2019 12:55 pm

this is very strange.

Does the old phone use the same app version?

The app version code is on the top of the left drawer (start the app and tap on the top left icon)

wookie_73
Posts: 7
Joined: Tue Mar 19, 2019 10:07 am

Re: SSTP VPN Cant connect with new phone

Post by wookie_73 » Tue Mar 19, 2019 2:49 pm

Not too sure as I had lost the old phone in January.
I am currently on 2.20.18 on the new phone.

Thinking about it I am getting more convinced it is an issue with NPS on the windows server.
I will try resetting NPS to defaults later and see if that makes a difference.

I will post back and let you know what happens.

Dave

admin
Site Admin
Posts: 494
Joined: Fri Feb 15, 2019 4:04 pm
Contact:

Re: SSTP VPN Cant connect with new phone

Post by admin » Tue Mar 19, 2019 3:17 pm

The latest version is the 2.20.19, anyway the difference with the 2.20.18 is only a fix about the Location service for the auto connect. So for this issue there is not differences between the two releases.

Meanwhile I made some tests with a Windows 2016 server and all work as expected. So, most probably the problem is on the server side.

Maybe also the messages in the Windows log viewer could help.

Looking forward to receiving your feedback...

wookie_73
Posts: 7
Joined: Tue Mar 19, 2019 10:07 am

Re: SSTP VPN Cant connect with new phone

Post by wookie_73 » Wed Mar 20, 2019 12:14 pm

Hi
An update.
I reset NPS to default by deleting the "%windir%\system32\ias\ias.xml" file.
After this I still couldn't log in.
I then I disabled routing and remote access in the RRAS management console and re enabled it.
Hey presto I can log in again.

Very odd as I hadn't messed with the server until all of this stopped working. Maybe a MS update?

Must have been ,something to do with NPS as I had removed and re installed RRAS several times in my trouble shooting but had left NPS alone as all the rules looked ok.

Thanks for your help, our communication gave me the confidence it was a server issue and not a problem with he app / phone.

Dave-

admin
Site Admin
Posts: 494
Joined: Fri Feb 15, 2019 4:04 pm
Contact:

Re: SSTP VPN Cant connect with new phone

Post by admin » Wed Mar 20, 2019 12:42 pm

Very well!
Thank you for the feedback.

Post Reply