Provided by: sstp-client_1.0.17-1build1_amd64 bug


       sstpc - SSTP Client


       sstpc [<sstp-options>] <hostname> [ppp-options] ...


       sstpc  establishes  the  client  side  of a Virtual Private Network (VPN) using the Secure
       Socket Tunneling Protocol (SSTP). Use this program to connect to an employer's SSTP  based
       VPN when PPTP and L2TP is not working.

       By  default,  sstpc  establishes  the  SSTP  call  to  the SSTP server, and then starts an
       instance of pppd to manage the data  transfer.  However,  sstpc  can  also  be  run  as  a
       connection manager within pppd.


       The  first  non-option  argument  on  the  sstpc  command line must be the host name or IP
       address of the SSTP server.

       All long options (starting with "--") are interpreted as sstpc options, and a fatal  error
       occurs if an unrecognised option is used.

       All command-line arguments which do not start with "-" are interpreted as ppp options, and
       passed as is to pppd unless --nolaunchpppd is given.

              Specify the CA certificate used to verify the server with

              Specify the directory of certificates that contains the CA certificate. If  nothing
              is specified, the system's wide directory is used.

              Ignore certificate warnings like common name instead of terminating the connection.

       --host When  connecting to an IP address, the host parameter will provide the hostname for
              http, proxy and tls-ext

              This will help specify the callback socket that pppd will try to  connect  back  to
              sstpc  in  order  to  communciate  the  MPPE  keys as negotiated. The MPPE keys are
              required to authenticate against the server at the SSL layer. They can be zeroed if
              no MPPE is negotated. The name is formed based on /tmp/sstpc-<ipparam>.

              Do  not  launch  pppd  but use stdin as the network connection.  Use this flag when
              including sstpc as a pppd connection process using the pty option. See EXAMPLES.

              Specify a password per command line instead of setting it  up  in  a  configuration
              file for pppd in /etc/ppp/peers.

              Connect   to  the  SSTP  server  via  a  proxy  on  your  network.  The  syntax  is

              Specify the privilege separation user to run sstpc

              Specify the privilege separation group to run sstpc

              Specify the privilege separation directory for the chroot jail to run sstpc

       --user Specify the username to authenticate to the SSTP server instead of setting it up in
              a configuration file for pppd in /etc/ppp/peers.

              This will automatically add and remove a route to the SSTP server.

       --uuid Specify a UUID for the connection to simplify the server end debugging.

              This will enable TLS hostname extension.

       The following options are available to help troubleshoot sstpc

       --log-level <level>
              Set the debug level for debugging the sstpc process. Level can be a value between 0
              and 4.

              Log messages to syslog (default).

              Log messages to error output

              Log messages to standard output

              Include file and line number with the log messages

              Filter the logs by a particular set of files, e.g: sstp-packet,sstp-state

              Specify the identity that will be used when writing logs to e.g. syslog


       Connection to a Microsoft Windows RAS Service using SSTP protocol

       Setup the peer scripts in /etc/ppp/peers, you may start by  cloning  one  of  the  scripts
       available      in      your     docs     directory,     /usr/share/doc/sstp-client,     or
       /usr/local/share/doc/sstp-client. The general content of this file will be  close  to  the

              # Example Content of /etc/ppp/peers/sstp-test
              remotename  sstp-test
              linkname    sstp-test
              ipparam     sstp-test
              pty         "sstpc --ipparam sstp-test --nolaunchpppd"
              name        eivnaes
              sstp-sock   /var/run/sstpc/sstpc-sstp-test

       Note  that  the chap-secrets file used by pppd must include an entry for domain\\username.
       For the sstp-test  example,  the  user  eivnaes  will  have  a  equivalent  entry  in  the
       /etc/ppp/chap-secrets file.

              # Secrets for authentication using CHAP
              # client        server  secret          IP addresses
              eivnaes         *       xxxxxx          *

       Starting the sstp-test using the pon script
              sudo pon sstp-test

       Invoking sstpc using the the call command
              sstpc --ipparam sstp-test call sstp-test-nopty

       The  sstp-test-nopty  is  a  pppd script you need to create in /etc/ppp/peers, and you can
       clone the example sstp-test above; but you must  omit  the  pty  statement  in  the  peers




       This manual page was written by Eivind Naess <>