Close Menu
    Subscribe
    Article

    Mikrotik SSTP VPN, Installing, Scripts, Advantages, and Disadvantages

    Having not yet visited Sector 10, follow these steps for a free upgrade.
    adminBy Updated:No Comments3 Mins Read

    Secure Socket Tunneling Protocol (SSTP) is a VPN protocol that uses SSL/TLS channels for secure communication. SSTP is commonly used for bypassing firewall restrictions as it runs over port 443 (HTTPS). Below are some scripts for setting up SSTP on a Mikrotik router, followed by an overview of the advantages and disadvantages of using SSTP on Mikrotik.

    SSTP VPN is secure connection and it needs to have some certificate to be run. As a result, the first steps is to generate some certification and sign them.

    Next step is to bring up the sstp server with configurations which are needed and mandatory. Furthermore, Installing the certificate on the Windows.

    Simply, The best way to do it as video describes or same below.

    1. Basic Mikrotik SSTP Server Setup Script

    # Step 1: Create SSL certificate for SSTP server
    /certificate
    add name=ca-template common-name=yourdomain.com key-size=4096 days-valid=3650 key-usage=key-cert-sign,crl-sign
    add name=server-template common-name=yourdomain.com key-size=4096 days-valid=3650 key-usage=digital-signature,key-encipherment,tls-server
     
    # Step 2: Sign the certificates
    sign ca-template name=ca-cert
    sign server-template name=server-cert ca=ca-cert
     
    # Step 3: Enable SSTP server using the created SSL certificate
    /interface sstp-server server
    set certificate=server-cert enabled=yes default-profile=default-encryption
     
    # Step 4: Create a PPP profile for SSTP clients
    /ppp profile
    add name=sstp-users use-encryption=yes local-address=192.168.89.1 remote-address=sstp-pool dns-server=192.168.88.1
     
    # Step 5: Add IP pool for SSTP clients
    /ip pool
    add name=sstp-pool ranges=192.168.89.2-192.168.89.254
     
    # Step 6: Add users for SSTP VPN
    /ppp secret
    add name=user1 password=pass1 profile=sstp-users service=sstp
     
    # Step 7: Allow necessary firewall rules for SSTP
    /ip firewall filter
    add chain=input protocol=tcp dst-port=443 action=accept comment="Allow SSTP VPN"

     

    2. Mikrotik SSTP Client Setup Script

    # Step 1: Import the SSL certificate if required (on the client)

    /certificate import file-name=server-cert.pem

    # Step 2: Setup SSTP client interface

    /interface sstp-client

    add name=sstp-out1 connect-to=yourdomain.com user=user1 password=pass1 profile=default-encryption \

    certificate=server-cert disabled=no

    # Step 3: Set up routes through the SSTP VPN

    /ip route

    add dst-address=0.0.0.0/0 gateway=sstp-out1

    Advantages of SSTP on Mikrotik

    1. Secure Encryption: SSTP uses SSL/TLS encryption (up to AES-256), ensuring high-level security for transmitted data.
    2. Firewall and NAT Traversal: SSTP can bypass firewalls and NAT devices easily because it runs over HTTPS (TCP port 443), which is rarely blocked.
    3. Cross-platform Support: SSTP works on various platforms including Windows, Linux (with certain configurations), and Mikrotik devices, making it flexible.
    4. SSL-based Authentication: SSTP supports both username/password and SSL certificate-based authentication, offering strong user verification.
    5. Reliability: SSTP works well in scenarios where other VPN protocols (like PPTP or L2TP) might be blocked.

    Disadvantages of SSTP on Mikrotik

    1. TCP Overhead: Since SSTP runs over TCP, it can suffer from higher latency and reduced throughput compared to UDP-based protocols like OpenVPN or L2TP/IPsec, especially in networks with packet loss.
    2. Limited Support on Non-Windows Platforms: SSTP is primarily designed for Windows, and while it can be configured on other platforms, it requires additional effort and is not as natively supported as OpenVPN.
    3. SSL/TLS Certificate Management: Managing SSL certificates can be complicated for users who are not familiar with certificate generation, signing, and installation.
    4. Resource Intensive: SSL encryption and decryption are resource-intensive, which might put a strain on lower-end Mikrotik routers when multiple clients are connected.
    5. No UDP Support: SSTP relies entirely on TCP, which makes it less optimal for real-time applications (like VoIP or video conferencing) compared to VPN protocols that support UDP.

    Conclusion

    Mikrotik SSTP is a robust, secure, and firewall-friendly VPN protocol that is well-suited for environments where SSL/TLS encryption is needed. However, its reliance on TCP and limited support outside of Windows environments might be drawbacks in certain scenarios.

    Share.

    Related Posts

    Add A Comment
    Leave A Reply