Quick and dirty way of installing SSTP server on Mikrotik with firewall rules 

In order to make it bulletproof (dynamic ip address from ISP) we can utilize Mikrotik's Cloud ID:

/ip cloud

set ddns-enabled=yes ddns-update-interval=20m

/system identity

set name=b34560a2feb43.sn.mynetname.net   - I made it up, but it is roughly what you can expect there once the ddns is enabled.

Let's generate certificate valid for 10 years:

/certificate:

add name=ca-template common-name=b34560a2feb43.sn.mynetname.net days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign                           

add name=server-template common-name=b34560a2feb43.sn.mynetname.net days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server

add name=client-template common-name=b34560a2feb43.sn.mynetname.net days-valid=3650 key-size=2048 key-usage=tls-client

sign ca-template name=ca-certificate 

sign server-template name=server-certificate ca=ca-certificate                     

export-certificate ca-certificate export-passphrase=""                              

Once the certificate is exported it will be available to download from files. Drag and drop it to the desktop and import it to windows (mmc.exe, add, remove snap-in add certificates,OK, computer account)

Let's setup the SSTP server on port 443

/interface sstp-server server

set authentication=mschap2 certificate=Server default-profile=prf.sstp

    enabled=yes force-aes=yes pfs=yes port=443

/ip pool

add name=pool.sstp.vpn ranges=10.1.2.10-10.1.2.20

/ppp profile

add dns-server=10.1.2.254 local-address=10.1.2.254 name=prf.sstp

    remote-address=pool.sstp.vpn

/ppp secret

add name=user_sstp password=PASSWORD profile=prf.sstp service=sstp

Allow connection on port 443 to the MT:

add action=accept chain=input comment="SSTP Accept 443" dst-port=443

    in-interface=ether1 protocol=tcp

Now in windows VPN connection settings we need to specify server name or address, which is b34560a2feb43.sn.mynetname.net

Then of course choose SSTP as the connection type and add user and password.



Comments (0)

No comments at this moment
Product added to wishlist
Product added to compare.

We use cookies to ensure that we give you the best experience on our website,

if you continue to use this site we will assume that you are happy with it.