Ubuntu 25.04 and SSTP problem

Support and Help
, ,
1

Ubuntu version: 25.04

Desktop Environment: GNOME

Problems:

  1. SSTP plugin does not work for NetworkManager; after: Add VPN->SSTP->Identity I have: “(Error: unable to load VPN connection editor)”.
  2. The above error is not the only problem and the situation seems to be more serious – if I provide the same VPN SSTP configuration via nm-connection-editor as in Ubuntu 24.04.2 LTS it still does not work (it works fine under 24.*)

Error Messages (from journalctl):

[1750682933.4650] platform: (wlp0s20f3) signal: address 4 changed: 192.168.1.133/24 brd 192.168.1.255 lft 71353sec pref 71353sec lifetime 15053-6[86400,86400] dev 3 flags noprefixrou>
[1750682934.9651] vpn[0x60fe8f645a20,d387742a-3bb2-4659-9fe9-ebdb7b3d5be8,“VPN”]: dbus: failure: connect-failed (1)

2

If you run the below, does it help (May need a reboot)
sudo apt install network-manager-sstp

3

Unfortunately, no. I have all necessary packages installed:

$ apt list --installed | grep sstp

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

libsstp-api-0/plucky,now 1.0.20-1build2 amd64 [installed,automatic]
network-manager-sstp-gnome/plucky,now 1.3.2-1build5 amd64 [installed]
network-manager-sstp/plucky,now 1.3.2-1build5 amd64 [installed]
sstp-client/plucky,now 1.0.20-1build2 amd64 [installed]
4

nm-connection-editor in Ubuntu 25.04 was rebuilt with GTK-4.
Any VPN plugin whose editor is still GTK-3 simply fails to load, and
NetworkManager shows the

(Error: unable to load VPN connection editor)

message you see. That is why the same SSTP packages that worked in
24.04 no longer open a dialog in 25.04.

The daemon part of the plugin (network-manager-sstp) still works, so
you have two work-arounds until the maintainer ports the GTK code:

Create / edit the connection with nmcli

nmcli connection add \
    type sstp \
    con-name MySSTP \
    ifname '*' \
    username youruser \
    password-flags 0 \
    password yourpass \
    gateway vpn.example.com

then connect with

nmcli connection up MySSTP

All settings that were in the editor can be supplied as nmcli
arguments; nmcli connection show MySSTP will list them afterwards.

Use plain sstp-client + pppd

Create /etc/ppp/peers/myvpn and a small /etc/ppp/chap-secrets, then
run

sudo sstpc --log-level 1 --cert-warnings --save-server-route --pppd \
     call myvpn

This bypasses NetworkManager entirely.

What to expect

The SSTP front-end will come back once the upstream project (or an Ubuntu
maintainer) ports network-manager-sstp-gnome to GTK-4. Keep the package
installed so you get the update automatically, or file / subscribe to the
launchpad bug to be notified. Until then, nmcli or sstp-client are the
only reliable ways to bring the tunnel up on 25.04.

5

Thank you for the response. Nonetheless, I do not think this is just a GTK-related problem. The following command (essentially extracted from my previous configuration) works on both systems:

nmcli connection add type vpn con-name MySSTP autoconnect no vpn.service-type org.freedesktop.NetworkManager.sstp vpn.data "connection-type=password,gateway=<<VPN>>,ignore-cert-warn=no,lcp-echo-failure=5,lcp-echo-interval=30,mppe-stateful=yes,password-flags=1,refuse-chap=yes,refuse-eap=yes,refuse-mschap=yes,refuse-mschapv2=no,refuse-pap=yes,require-mppe=yes,tls-ext=yes,tls-verify-key-usage=no,user=mrp" ipv4.method auto ipv4.routes "10.0.0.0/8 0.0.0.0, 172.16.0.0/12 0.0.0.0" ipv4.ignore-auto-routes yes ipv4.never-default yes ipv6.method disabled

but:

nmcli connection up MySSTP

fails on Ubuntu 25.04.

6

nmcli will create the profile on 25.04, but when you try to bring it up
NetworkManager throws Failed to request VPN secrets and aborts.
That’s a change in NM 1.46 +: if you set password-flags=1 it expects a
secret-agent (the GNOME keyring) to supply the password; on a pure CLI run
there is no agent, so the connection fails immediately.

Give the password directly (or let nmcli prompt for it) and the tunnel will
come up:

# easiest: let nmcli ask interactively
nmcli connection modify MySSTP vpn.secrets "password="
nmcli connection up MySSTP  --ask

# or store it explicitly
nmcli connection modify MySSTP \
        vpn.secrets "password=yourpass" \
        vpn.data "password-flags="
nmcli connection up MySSTP

(Leave password-flags empty when the secret is stored in the profile.)

Once the secret is present NetworkManager hands it to the sstp-plugin and the
connection works on 25.04 just as it does on 24.04. When the GTK-4 editor
returns it will write the secret to the keyring automatically, but until then
you have to supply it via --ask or vpn.secrets.

7

Thank you for your patience. Unfortunately, but no matter what I do I get the same problem:

mrp@mrp-Precision-3490:~$ journalctl -xe NM_CONNECTION=5ed9333a-8ce4-4d42-b13c-1003aa65c8c1 + NM_DEVICE=wlp0s20f3
Jun 24 18:33:38 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750782818.0872] device[6e35d9d910dbf93e] (wlp0s20f3): remove_pending_action (0): 'activation-14'
Jun 24 18:34:55 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750782895.3212] device[6e35d9d910dbf93e] (wlp0s20f3): add_pending_action (1): 'activation-15'
Jun 24 18:34:55 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750782895.3214] active-connection[02ef5959faa6f976]: constructed (NMVpnConnection, version-id 15, type managed)
Jun 24 18:34:55 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750782895.3216] active-connection[02ef5959faa6f976]: set state activating (was unknown)
Jun 24 18:34:55 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750782895.3217] active-connection[02ef5959faa6f976]: check-controller-ready: not signalling (state activating, no controller)
Jun 24 18:34:55 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750782895.3410] active-connection[02ef5959faa6f976]: set state deactivated (was activating)
Jun 24 18:34:55 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750782895.3410] active-connection[02ef5959faa6f976]: check-controller-ready: not signalling (state deactivated, no controller)
Jun 24 18:34:55 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750782895.3411] device[6e35d9d910dbf93e] (wlp0s20f3): remove_pending_action (0): 'activation-15'
Jun 24 18:36:45 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783005.0644] connectivity: (wlp0s20f3,IPv6,91) start request to 'http://connectivity-check.ubuntu.com./' (try resolving 'connectivity-check.ubuntu.com.' using systemd-resolved)
Jun 24 18:36:45 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783005.0664] connectivity: (wlp0s20f3,IPv6,91) check completed: LIMITED; check failed: (7) Could not connect to server
Jun 24 18:38:04 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783084.7077] device[6e35d9d910dbf93e] (wlp0s20f3): add_pending_action (1): 'activation-16'
Jun 24 18:38:04 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783084.7078] active-connection[02ef5959faa6f976]: constructed (NMVpnConnection, version-id 16, type managed)
Jun 24 18:38:04 mrp-Precision-3490 NetworkManager[1806]: <info>  [1750783084.7080] vpn[0x58b5b1f3ffa0,5ed9333a-8ce4-4d42-b13c-1003aa65c8c1,"MySSTP"]: starting sstp
Jun 24 18:38:04 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783084.7080] vpn[0x58b5b1f3ffa0,5ed9333a-8ce4-4d42-b13c-1003aa65c8c1,"MySSTP"]: starting: watch D-Bus service org.freedesktop.NetworkManager.sstp.Connection_16
Jun 24 18:38:04 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783084.7081] vpn[0x58b5b1f3ffa0,5ed9333a-8ce4-4d42-b13c-1003aa65c8c1,"MySSTP"]: set state: prepare (was waiting)
Jun 24 18:38:04 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783084.7081] active-connection[02ef5959faa6f976]: set state activating (was unknown)
Jun 24 18:38:04 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783084.7082] active-connection[02ef5959faa6f976]: check-controller-ready: not signalling (state activating, no controller)
Jun 24 18:38:04 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783084.7119] vpn[0x58b5b1f3ffa0,5ed9333a-8ce4-4d42-b13c-1003aa65c8c1,"MySSTP"]: starting: VPN service has PID 11854
Jun 24 18:38:04 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783084.7210] vpn[0x58b5b1f3ffa0,5ed9333a-8ce4-4d42-b13c-1003aa65c8c1,"MySSTP"]: set state: need-auth (was prepare)
Jun 24 18:38:04 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783084.7211] vpn[0x58b5b1f3ffa0,5ed9333a-8ce4-4d42-b13c-1003aa65c8c1,"MySSTP"]: secrets: requesting VPN secrets pass #1
Jun 24 18:38:04 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783084.7213] settings-connection[363f66ff8847d346,5ed9333a-8ce4-4d42-b13c-1003aa65c8c1]: (vpn:0x58b5b1ed44d0) secrets requested flags 0x80000004 hints '(none)'
Jun 24 18:38:04 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783084.7216] settings-connection[363f66ff8847d346,5ed9333a-8ce4-4d42-b13c-1003aa65c8c1]: (vpn:0x58b5b1f85d80) existing secrets returned
Jun 24 18:38:04 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783084.7216] settings-connection[363f66ff8847d346,5ed9333a-8ce4-4d42-b13c-1003aa65c8c1]: (vpn:0x58b5b1f85d80) secrets request completed
Jun 24 18:38:04 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783084.7217] settings-connection[363f66ff8847d346,5ed9333a-8ce4-4d42-b13c-1003aa65c8c1]: (vpn:0x58b5b1f85d80) new agent secrets processed
Jun 24 18:38:04 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783084.7221] vpn[0x58b5b1f3ffa0,5ed9333a-8ce4-4d42-b13c-1003aa65c8c1,"MySSTP"]: secrets: asking service if additional secrets are required
Jun 24 18:38:04 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783084.7249] vpn[0x58b5b1f3ffa0,5ed9333a-8ce4-4d42-b13c-1003aa65c8c1,"MySSTP"]: service indicated no additional secrets required
Jun 24 18:38:04 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783084.7250] vpn[0x58b5b1f3ffa0,5ed9333a-8ce4-4d42-b13c-1003aa65c8c1,"MySSTP"]: connect: allowing interactive secrets as all agents have that capability
Jun 24 18:38:04 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783084.7251] vpn[0x58b5b1f3ffa0,5ed9333a-8ce4-4d42-b13c-1003aa65c8c1,"MySSTP"]: set state: connect (was need-auth)
Jun 24 18:38:04 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783084.7265] vpn[0x58b5b1f3ffa0,5ed9333a-8ce4-4d42-b13c-1003aa65c8c1,"MySSTP"]: connect: falling back to non-interactive connect
Jun 24 18:38:04 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783084.7294] vpn[0x58b5b1f3ffa0,5ed9333a-8ce4-4d42-b13c-1003aa65c8c1,"MySSTP"]: dbus: state changed: starting (3)
Jun 24 18:38:04 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783084.7434] platform: (wlp0s20f3) signal: address 4 changed: 192.168.1.133/24 brd 192.168.1.255 lft 84010sec pref 84010sec lifetime 2397-7[86400,86400] dev 3 flags noprefixrout>
Jun 24 18:38:06 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783086.6165] platform: (wlp0s20f3) signal: address 4 changed: 192.168.1.133/24 brd 192.168.1.255 lft 84008sec pref 84008sec lifetime 2398-7[86399,86399] dev 3 flags noprefixrout>
Jun 24 18:38:06 mrp-Precision-3490 NetworkManager[1806]: <warn>  [1750783086.6171] vpn[0x58b5b1f3ffa0,5ed9333a-8ce4-4d42-b13c-1003aa65c8c1,"MySSTP"]: dbus: failure: connect-failed (1)
Jun 24 18:38:06 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783086.6172] vpn[0x58b5b1f3ffa0,5ed9333a-8ce4-4d42-b13c-1003aa65c8c1,"MySSTP"]: dbus: state changed: stopping (5)
Jun 24 18:38:06 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783086.6190] vpn[0x58b5b1f3ffa0,5ed9333a-8ce4-4d42-b13c-1003aa65c8c1,"MySSTP"]: dbus: state changed: stopped (6)
Jun 24 18:38:06 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783086.6190] vpn[0x58b5b1f3ffa0,5ed9333a-8ce4-4d42-b13c-1003aa65c8c1,"MySSTP"]: set state: failed (was connect)
Jun 24 18:38:06 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783086.6190] active-connection[02ef5959faa6f976]: set state deactivated (was activating)
Jun 24 18:38:06 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783086.6192] active-connection[02ef5959faa6f976]: check-controller-ready: not signalling (state deactivated, no controller)
Jun 24 18:38:06 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783086.6192] device[6e35d9d910dbf93e] (wlp0s20f3): remove_pending_action (0): 'activation-16'
Jun 24 18:38:06 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783086.6195] active-connection[02ef5959faa6f976]: disposing
Jun 24 18:38:15 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783095.0655] connectivity: (wlp0s20f3,IPv4,92) start request to 'http://connectivity-check.ubuntu.com./' (try resolving 'connectivity-check.ubuntu.com.' using systemd-resolved)
Jun 24 18:38:15 mrp-Precision-3490 NetworkManager[1806]: <debug> [1750783095.1501] connectivity: (wlp0s20f3,IPv4,92) check completed: FULL; status header found
8

The password issue is solved NetworkManager is now talking to the
sstp-plugin but the plug-in itself crashes out. That’s because Ubuntu
25.04 ships ppp 2.5, while the current network-manager-sstp package is
still hard-coded for the old ppp 2.4 plug-in path. When pppd starts it looks
for /usr/lib/pppd/2.4.9/sstp-pppd-plugin.so, doesn’t find it, and the VPN
drops immediately with connect-failed .

Until the maintainer rebuilds the package you can give pppd what it expects
with a simple symlink.

# Make sure the new plug-in really exists
ls /usr/lib/pppd/2.5/sstp-pppd-plugin.so

#Point the old path at the new one
sudo mkdir -p /usr/lib/pppd/2.4.9
sudo ln -s /usr/lib/pppd/2.5/sstp-pppd-plugin.so \
           /usr/lib/pppd/2.4.9/sstp-pppd-plugin.so

(If your pppd minor version is not 2.4.9, check the actual directory name
under /usr/lib/pppd/ and use that.)

Now bring the connection up again:

nmcli connection up MySSTP

The link should stay up, IPv4 routes appear, and journalctl -u NetworkManager
will show the VPN in connected state instead of connect-failed.

When network-manager-sstp 1.4 (or a patched 1.3.2) hits the Ubuntu
archives it will look in /usr/lib/pppd/2.5/ directly and the workaround
won’t be needed; you can simply remove the symlink then.

9

Splendid! Everything works now :slight_smile:

2 Likes
10

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.