SSTP (Secure Socket Tunneling Protocol) is a form of VPN (Virtual Private Network) that uses TLS 1.0 channel and runs on TCP port 443 (SSL) protocol. In order to use SSTP with optimal security, we must add an SSL certificate for the connection between Server and Client. This makes SSTP VPN more secure (secure) than PPTP VPN.
However, if the Server and Client are both using Mikrotik RouterOS version 5.0beta and above, then you can also not use an SSL certificate. The use of an SSL certificate is required to connect to non-Mirotik clients, for example using a Windows OS PC/Laptop.
In this Mikrotik tutorial, we will discuss how to create an SSTP VPN server on Mikrotik and connect it to a client that also uses Mikrotik. OK, let’s get started.
How to Make SSTP VPN Server on Mikrotik
1. Login to Mikrotik which will be used as SSTP VPN Server via Winbox Mikrotik.
2. Enable SSTP VPN Server by going to the PPP menu –> Interface tab click SSTP Server –> Check the Enabled option
3. Pay attention to the Default Profile option. Select the Profile to be used. Here I use the Profile that I created by using the IP Pool.
4. Also pay attention to the Authentication option. Just select mschap2, otherwise uncheck it. This is done to force the SSTP Server to use the mschap2 protocol only in the authentication process so that it is more secure and will make it easier for us later when setting up the Windows client. Click OK.
5. Create the SSTP VPN user. Go to the Secret tab and add the user. Don’t forget to use the same Profile as on the SSTP Server.
6. Until here the Mikrotik SSTP VPN Server has been successfully activated. Next we set the Mikrotik SSTP VPN Client
How to Set SSTP VPN Client on Mikrotik
1. Login to Mikotik which will be used as SSTP VPN Client.
2. Go to PPP menu –> Interface tab –> Add SSTP Client Interface –> Fill in the SSTP Interface data:
- Connect to: IP Address or domain name of the SSTP VPN Server
- Port: Make sure the port is 443
- Certificate: Because this is a connection between Mikrotik, there is no need to use an SSL certificate (none)
- User : Enter the Username that has been created on the SSTP Server
- Password: Enter the password for the SSTP username
- Profile : Choose the default profile
- Allow: select mschap2
3. Next, we check whether the SSTP Interface can connect to the SSTP Server. Make sure there is an R (Running) sign on the SSTP client interface and Status: connected.
4. If the Mikrotik SSTP Client has successfully connected to the SSTP Server, then on the PPP menu -> Interface on the SSTP Server a new dynamic SSTP interface will appear with the D (Dynamic) and R (Running) marks and Status: connected.
So far, Mikrotik has been connected to each other using the SSTP VPN Tunnel. For Setting SSTP VPN Client on Windows we will discuss in the next article.