SSTP (Secure Socket Tunneling Protocol) is a form of VPN (Virtual Private Network) that uses TLS 1.0 channel and runs on TCP port 443 (SSL) protocol. In order to use SSTP with optimal security, we must add an SSL certificate for connection between Server and Client. This makes SSTP VPN more secure (secure) than PPTP VPN.
But if Server and Client both use Mikrotik RouterOS version 5.0beta and above, then do not use SSL certificate can already. Use of this SSL certificate is required for connection to non-Mikrotik clients, for example using PC / Laptop Windows OS.
In this Mikrotik, Tutorial will discuss How to Make SSTP VPN Server in Mikrotik
How to Make SSTP VPN Server in Mikrotik
1. Login to Mikrotik which will be used as SSTP VPN Server via Winbox Mikrotik.
2. Enable SSTP VPN Server by going to PPP menu -> Interface tab click SSTP Server -> Check Enabled option
3. Pay attention to the Default Profile option. Select Profile to use. Here I use Profile that I have created by utilizing IP Pool. Please read how to do here:
Setting Mikrotik VPN Using IP Pool
Notice also the Authentication option. Select mschap2 only, otherwise remove its tick. This is done to force SSTP Server to use mschap2 protocol only in its authentication process so it is more secure and will make it easier for us when setup client windows. Click OK.
5. Create its SSTP VPN user. Go to the Secret tab and add the user. Do not forget to use the same Profile as in SSTP Server.
5. Up here the SSTP VPN Server Mikrotik has been successfully activated. Next we set its SSTP VPN Client Mikrotik
How to Setup SSTP VPN Client in Mikrotik
1. Login to Mikotik which will be used as SSTP VPN Client.
2. Go to PPP menu -> Interface tab -> Add SSTP Client Interface -> Fill in the SSTP Interface data:
- Connect to: IP Address or domain name of its SSTP VPN Server
- Port: Make sure it’s port 443
- Certificate: Because of this connection between Mikrotik then no need to use the SSL certificate ( none )
- User: Enter Username already created on SSTP Server
- Password: Enter Password for his SSTP username
- Profile: Select default profile
- Allow: select mschap2
3. Next, we check the SSTP interface is whether it can connect to SSTP Server. Make sure there is a sign R (Running) on its SSTP client interface and Status: connected.
4. If SSTP Client Mikrotik has successfully connected to SSTP Server, then on PPP menu -> Interface in SSTP Server will appear new dynamic SSTP interface with mark D (Dynamic) and R(Running) and Status: connected.
Up here between Mikrotik already interconnected using SSTP VPN Tunnel.