Hello,
I'm having issues with SSTP on mikrotik (version 6.41.3, CCR 1009) with freeradius 3.0.14 as backend.I'm testing with windows 10 client.
SSTP with "local" users works just fine, i'm using certificate signed by well-trusted CA (geotrust), no issues there.
Issues arise when I try to authenticate using radius. I set in /ppp in PPP - use RADIUS in /radius I enable PPP. When i enter username/password that should be accepted by radius, i do get ACCESS-ACCEPT (shown both in freeradius and in mikrotik log), ip is assigned, in mikrotik i see "sstp: XYZ logged in, <proper.ip.address.assigned>, then there is CHAP Success, sstp: welcome, but the client disconnects.
Windows client receives "ras client error 778" which means "It was not possible to verify the identity of the server"
It's clearly not in itself fault of freeradius, as it does what it's supposed to (authenticates the user and passes access-accept to mikrotik). Certificate and SSTP in itself works fine, as without radius I, and multiple other users, authenticate just fine.
I thought that maybe, for whatever reason, identity of radius server is also checked by client, so i added CA that signed radius server certificate to trusted on client pc (internal CA is used there), but it made no difference.
Any help is appreciated, especially that i'm 100% certain that it used to work maybe 6 months ago when I tested this feature. Since then I didn't need to use freeradius for this purpose so didn't test it, but now I'd like to use this feature.
Regards,
Kacper
Re: mikrotik SSTP vpn + freeradius = "It was not possible to verify the identity of the server"
Hello Kacper,
did you solve this problem, if so how? We have same problem.
Mikrotik RB1100AHx4 ROS 6.41.4
Debian 9:
FreeRADIUS Version 3.0.12
Version 4.5.12-Debian
Windows 10 build 1709
SSTP client same error.
Thank you.
Ragards
Ondrej
did you solve this problem, if so how? We have same problem.
Mikrotik RB1100AHx4 ROS 6.41.4
Debian 9:
FreeRADIUS Version 3.0.12
Version 4.5.12-Debian
Windows 10 build 1709
SSTP client same error.
Thank you.
Ragards
Ondrej
Re: mikrotik SSTP vpn + freeradius = "It was not possible to verify the identity of the server"
Hello,
I'm sorry to say that I did not. I was hoping that someone might have some answer here on the boards
.
I've tried again after going up to win 10 1803 and with most recent freeradius/MT versions but everything seems the same.
I'll try again with windows 7 client, when I get a hold on one, to see if it's windows-related.
Regards,
Kacper
I'm sorry to say that I did not. I was hoping that someone might have some answer here on the boards
.I've tried again after going up to win 10 1803 and with most recent freeradius/MT versions but everything seems the same.
I'll try again with windows 7 client, when I get a hold on one, to see if it's windows-related.
Regards,
Kacper