How to make SSTP client working on Beryl AX?

katzz0 · July 14, 2024, 12:53pm

Hello,

I have a Beryl AX router and wanna configure SSTP client on it. There is a SoftEther SSTP VPN server version 5.02.5185 configured on my raspberry pi in the local network. Mikrotik router and Android phone connect to the SSTP server without any issues and traffic goes as expect. Beryl AX connects successfully but there are no packages reaching the outside world. SSTP interface shows KB of data transferred which may say that packages never get to the interface.

Default route is set automatically and successfully

and logs say the connection to the SSTP server is successful

Sun Jul 14 11:49:51 2024 daemon.notice pppd[24287]: CHAP authentication succeeded
Sun Jul 14 11:49:51 2024 daemon.err pppd[24287]: sif6addr: ioctl(SIOCSIFADDR): Permission denied (line 2848)
Sun Jul 14 11:49:51 2024 daemon.warn pppd[24287]: cif6addr: ioctl(SIOCDIFADDR): No such address
Sun Jul 14 11:49:51 2024 daemon.notice netifd: Network device 'sstp-SSTP' link is up
Sun Jul 14 11:49:51 2024 daemon.notice netifd: Network device 'sstp-SSTP' link is down
Sun Jul 14 11:49:51 2024 daemon.info avahi-daemon[4131]: Joining mDNS multicast group on interface sstp-SSTP.IPv4 with address 192.168.30.10.
Sun Jul 14 11:49:51 2024 daemon.notice netifd: Network device 'sstp-SSTP' link is up
Sun Jul 14 11:49:51 2024 daemon.info avahi-daemon[4131]: New relevant interface sstp-SSTP.IPv4 for mDNS.
Sun Jul 14 11:49:51 2024 daemon.info avahi-daemon[4131]: Registering new address record for 192.168.30.10 on sstp-SSTP.IPv4.
Sun Jul 14 11:49:51 2024 daemon.notice pppd[24287]: replacing old default route to apcli0 [192.168.1.1] with metric -1
Sun Jul 14 11:49:51 2024 daemon.err pppd[24287]: del old default route ioctl(SIOCDELRT): No such process
Sun Jul 14 11:49:51 2024 daemon.notice pppd[24287]: local  IP address 192.168.30.10
Sun Jul 14 11:49:51 2024 daemon.notice pppd[24287]: remote IP address 192.168.30.1
Sun Jul 14 11:49:51 2024 daemon.notice pppd[24287]: primary   DNS address 192.168.30.1
Sun Jul 14 11:50:01 2024 daemon.notice netifd: Interface 'SSTP' is now up
Sun Jul 14 11:50:01 2024 user.notice firewall: Reloading firewall due to ifup of SSTP (sstp-SSTP)

There are firewall rules as well.

I posted a question on OpenWRT forum but got a recommendation to ask it here.

Since GLiNET uses a customised OpenWRT version it may be the cause why there is no SSTP VPN connection. Or I miss something else.

Any help is appreciated. Thank you!

admon · July 14, 2024, 12:55pm

My recommendation would be to stay with plain OpenWrt then and dump the GL firmware.
You will always have trouble while doing non-supported things and keeping GL.

katzz0 · July 16, 2024, 7:01am

@admon, thanks for an advice. Indeed SSTP works as expected on plain OpenWrt.

It also worth to mention that GLiNET provides a "Native OpenWrt 24" at the download center but it didn't work for me neither. I installed 23.05.3 from the official OpenWrt downloads.

Interesting that there is a message on GliNET downloads web site

Due to certain performance and compatibility issues with the open-source drivers for the model, firmware version 4.6.0 will utilize the MTK SDK to ensure a better user experience.

I didn't notice any issues after running plain OpenWrt for a few days. But it would be great to know pitfalls for the open source driver used in OpenWrt.

There are some troubles with having multiple VPN connections and fail over between them (which is not an issues on Mikrotik) but it's another problem unrelated to SSTP.

admon · July 16, 2024, 7:13am

Afaik the only downfall is that captive portals might work better or worse, depending on the captive portal. And I read about some old Android devices with degraded performance.

So I would say: It works as good or bad as any other driver...