Overview

Secure Socket Tunneling Protocol (SSTP) transports a PPP tunnel over a TLS channel. The use of TLS over TCP port 443 allows SSTP to pass through virtually all firewalls and proxy servers.

Introduction

Let`s take a look at SSTP connection mechanism:

1. A TCP connection is established from client to server (by default on port 443);
2. SSL validates the server certificate. If a certificate is valid, connection is established otherwise the connection is turned down. (But see note below);
3. The client sends SSTP control packets within the HTTPS session which establishes the SSTP state machine on both sides;
4. PPP negotiation over SSTP. The client authenticates to the server and binds IP addresses to SSTP interface;
5. SSTP tunnel is now established and packet encapsulation can begin;

   Starting from v5.0beta2 SSTP does not require certificates to operate and can use any available authentication type. This feature will work only between two MikroTik routers, as it is not in accordance with Microsoft standards. Otherwise to establish secure tunnels mschap authentication and client/server certificates from the same chain should be used.