[tutorial] Mikrotik SSTP VPN server Windows SSTP VPN client

zazun · Mon Dec 30, 2013 3:10 am

Video tutorial:
[youtube]https://www.youtube.com/watch?v=OvfEMGW_KUE[/youtube]

Mikrotik 2011UAS-2HnD RouterOS 6.7 L5 - SSTP server
Windows 7 PL 32bit - SSTP VPN client

SSTP ("PPTP + CA") = more secure

Mikrotik (server, ca.crt+ca.key)
- internal LAN: 192.168.0.0/24, IP: 192.168.0.1
- external IP - XXX.XXX.86.23

Windows PC (client, only ca.key)
- external IP: Tmobile 3G (PL)
- LAN 192.168.1.0/24, HTC Wildfire S WiFi Hotspot

config I
- Mikrotik SSTP pool 192.168.0.100 - 192.168.0.150
- Windows PC IP in Mikrotik local LAN pool
- client decides where goes internet traffic

config II
- Windows client PC - all internet traffic going through PPTP VPN gateway
- Mikrotik SSTP pool 192.168.2.1 - 192.168.2.200
- Windows PC IP in Mikrotik SSTP pool
- if client disable traffic rediret then looses SSTP pool acces and Mikrotik internal LAN acces

Tip:
1. CA (certificate authority) CN (common name) - must be real external IP, domain name or (if server works only in LAN) LAN IP or LAN name (Router Identity, System Identity).
2. Not included in Video... ca.crt and ca.key should be deletet from Mikrotik.
3. Appendix in video - SSTP easly bypass firewalls (client site).