I am sure lot of queries may be running in your minds related to SSTP. To clarify it further, I am starting a series of frequently asked questions (FAQ) related to SSTP. Please feel free to send your comments on the blog site or to our blog email address if you have further queries.
In this part, I will cover some generic queries related to SSTP
Yes – absolutely.
The same RRAS based VPN server can support all flavor of tunnels or any combination of these at the same time. In-fact L2TP/IPSec and SSTP can share the same machine certificate on the server side.
No – SSTP is currently supported for remote access (or remote user) scenarios only.
HTTP 1.1 with 64 bit content length encoding and SSL 3.0
The same as supported by SSL – i.e. AES, RC4
On the server side a machine certificate is required in order for SSTP based connection to go through. The client gets this certificate as part of SSL hand-shake and validates the same. This certificate should be with EKU as server authentication.
On the client side, a certificate is required inside the trusted root CA machine store which goes back to the certificate chain on the server certificate. This will be used to validate the server certificate in addition to certificate validity, certificate expiry, certificate EKU and certificate revocation check.
Yes – SSTP based VPN connection can be established on top of IPv6 based network (like Internet).
Also IPv6 (or PPPv6) can be carried on top of SSTP based VPN tunnel.
Yes – NAP VPN support remains same as PPTP/L2TP VPN tunnel. This is because NAP VPN support is enabled via PEAP authentication which is part of PPP stage and remains same as PPTP, L2TP or SSTP based VPN tunnel. This means same remote access policies inside NPS can be used to support all form of VPN tunnels – with no explicit extra configuration for SSTP. Same way same client configuration (PEAP, etc) can be used for all form of VPN tunnels.
In the next series, I will try to cover the server related FAQ. Stay tuned for more information and looking forward to hear from you too
Lead Program Manager
RRAS, Windows Enterprise Networking
[This posting is provided “AS IS” with no warranties, and confers no rights.]