- Adam Socha
- News
- 7 likes
- 7603 views
- 0 comments
- mikrotik, sstp, certificate
Quick and dirty way of installing SSTP server on Mikrotik with firewall rules
In order to make it bulletproof (dynamic ip address from ISP) we can utilize Mikrotik's Cloud ID:
/ip cloud
set ddns-enabled=yes ddns-update-interval=20m
/system identity
set name=b34560a2feb43.sn.mynetname.net - I made it up, but it is roughly what you can expect there once the ddns is enabled.
Let's generate certificate valid for 10 years:
/certificate:
add name=ca-template common-name=b34560a2feb43.sn.mynetname.net days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign
add name=server-template common-name=b34560a2feb43.sn.mynetname.net days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server
add name=client-template common-name=b34560a2feb43.sn.mynetname.net days-valid=3650 key-size=2048 key-usage=tls-client
sign ca-template name=ca-certificate
sign server-template name=server-certificate ca=ca-certificate
export-certificate ca-certificate export-passphrase=""
Once the certificate is exported it will be available to download from files. Drag and drop it to the desktop and import it to windows (mmc.exe, add, remove snap-in add certificates,OK, computer account)
Let's setup the SSTP server on port 443
/interface sstp-server server
set authentication=mschap2 certificate=Server default-profile=prf.sstp
enabled=yes force-aes=yes pfs=yes port=443
/ip pool
add name=pool.sstp.vpn ranges=10.1.2.10-10.1.2.20
/ppp profile
add dns-server=10.1.2.254 local-address=10.1.2.254 name=prf.sstp
remote-address=pool.sstp.vpn
/ppp secret
add name=user_sstp password=PASSWORD profile=prf.sstp service=sstp
Allow connection on port 443 to the MT:
add action=accept chain=input comment="SSTP Accept 443" dst-port=443
in-interface=ether1 protocol=tcp
Now in windows VPN connection settings we need to specify server name or address, which is b34560a2feb43.sn.mynetname.net
Then of course choose SSTP as the connection type and add user and password.
Comments (0)