Secure Socket Tunneling Protocol: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 06:17, 24 July 2019 edit Williamsongrand (talk \| contribs) 8 edits m minor changes ← Previous edit		Latest revision as of 03:18, 11 August 2025 edit undo Bender the Bot (talk \| contribs) Bots 1,064,377 edits m HTTP to HTTPS for SourceForge Tag: AWB
(23 intermediate revisions by 21 users not shown)
Line 1: {{short description\|Form of virtual private network tunnel}} {{distinguish\|Simple Symmetric Transport Protocol}} {{Infobox technology standard '''Secure Socket Tunneling Protocol''' ('''SSTP''') is a form of [[virtual private network]] (VPN) tunnel that provides a mechanism to transport [[Point-to-Point Protocol\|PPP]] traffic through an [[Transport Layer Security\|SSL/TLS]] channel. SSL/TLS provides transport-level security with key negotiation, [[encryption]] and traffic integrity checking. The use of SSL/TLS over [[Transmission Control Protocol\|TCP]] port 443 allows SSTP to pass through virtually all [[firewall (computing)\|firewalls]] and [[proxy server]]s except for authenticated web proxies.<ref>{{cite web▼ \| title = SSTP \| long_name = Secure Socket Tunneling Protocol \| image = \| image_size = \| alt = \| caption = \| abbreviation = \| native_name = <!-- Name in local language. If more than one, separate using {{plain list}} --> \| native_name_lang = <!-- ISO 639-1 code e.g. "fr" for French. If more than one, use {{lang}} inside native_name items instead --> \| status = \| year_started = 2007 \| first_published = {{Start date\|2007\|02\|22\|df=y}} \| version = \| version_date = \| preview = \| preview_date = \| organization = [[Microsoft]] \| committee = \| series = \| editors = \| authors = \| base_standards = MS-SSTP \| related_standards = \| predecessor = \| successor = \| ___domain = \| license = \| copyright = \| website = <!-- {{URL\|https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-sstp/}} --> }} In [[computer networking]], '''Secure Socket Tunneling Protocol''' ('''SSTP''') is a form of [[virtual private network]] (VPN) tunnel that provides a mechanism to transport [[Point-to-Point Protocol]] (PPP) traffic through an [[Transport Layer Security\|SSL/TLS]] channel. ==Protocol== ▲'''Secure Socket Tunneling Protocol''' ('''SSTP''') is a form of [[virtual private network]] (VPN) tunnel that provides a mechanism to transport [[Point-to-Point Protocol\|PPP]] traffic through an [[Transport Layer Security\|SSL/TLS]] channel. SSL/TLS provides transport-level security with key negotiation, [[encryption]] and traffic integrity checking. The use of SSL/TLS over [[Transmission Control Protocol\|TCP]] port 443 (by default; port can be changed) allows SSTP to pass through virtually all [[firewall (computing)\|firewalls]] and [[proxy server]]s except for authenticated web proxies.<ref>{{cite web \| url=http://blogs.technet.com/b/rrasblog/archive/2007/01/17/sstp-faq-part-2-client-specific.aspx \| title=SSTP FAQ - Part 2: Client Specific Line 12 ⟶ 47: SSTP is available for [[Linux]], [[BSD]], and [[Windows]].<ref>{{cite web \| url=~~http~~https://sstp-client.sourceforge.net/ \| title=SSTP-Client \| date=2011-09-17 \| accessdate=2015-10-17}}</ref> ~~For~~SSTP ~~Windows,~~was introduced in 2007<ref>{{Cite web \|date=2022-11-04 \|title=[MS-SSTP]: isSecure Socket Tunneling Protocol (SSTP) \|url=https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-sstp/c50ed240-56f3-4309-8e0c-1644898f0ea8 \|access-date=2024-08-30 \|website=learn.microsoft.com \|language=en-us}}</ref> and available on [[Windows Vista SP1]] and later, in [[MikroTik\|RouterOS]] since version 5.0, and in [[IIJ SEIL\|SEIL]] since its firmware version 3.50. It is fully integrated with the RRAS architecture in these operating systems, allowing its use with [[Winlogon]] or [[smart-card]] authentication, remote-access policies and the Windows VPN client.<ref>{{cite web▼ ~~[[SoftEther VPN]] Server, a cross-platform open-source VPN server, also supports SSTP as one of its multi-protocol capability.~~ ~~Similar functionality can be obtained by using open-source solutions like [[OpenVPN]], however on Windows a third-party client software must be installed due to the lack of native built-in VPN client.~~ ▲For Windows, SSTP is available on [[Windows Vista SP1]] and later in [[IIJ SEIL\|SEIL]] since its firmware version 3.50. It is fully integrated with the RRAS architecture in these operating systems, allowing its use with [[Winlogon]] or [[smart-card]] authentication, remote-access policies and the Windows VPN client.<ref>{{cite web \| url=http://www.biztechmagazine.com/article/2008/01/sstp-makes-secure-remote-access-easier \| title=SSTP Makes Secure Remote Access Easier Line 35 ⟶ 66: \| accessdate=2015-10-17}}</ref> SSTP ~~was~~is intended only for remote client access, it generally does not support site-to-site VPN tunnels.<ref>{{cite web \|last=Jain \|first=Samir \|date=2007-01-10 \|title=SSTP FAQ - Part 1: Generic \|url=http://blogs.technet.com/b/rrasblog/archive/2007/01/10/sstp-faq-part-1-generic.aspx \|url-status=dead \|archive-url=https://web.archive.org/web/20101012205841/http://blogs.technet.com/b/rrasblog/archive/2007/01/10/sstp-faq-part-1-generic.aspx \|archive-date=2010-10-12 \|website=TechNet Blogs \|accessdate=}}</ref> ~~\| url=http://blogs.technet.com/b/rrasblog/archive/2007/01/10/sstp-faq-part-1-generic.aspx~~ ~~\| title=SSTP FAQ - Part 1: Generic~~ ~~\| date=2007-01-10~~ ~~\| first=Samir~~ ~~\| last=Jain~~ ~~\| accessdate=2015-10-17}}</ref>~~ SSTP suffers from the same performance limitations as any other IP-over-TCP tunnel. In general, performance will be acceptable only as long as there is sufficient excess bandwidth on the un-tunneled network link to guarantee that the tunneled TCP timers do not expire. If this becomes untrue, performance falls off dramatically. ~~This~~due ~~is known as~~to the "[[TCP meltdown problem"]].<ref>{{cite web \| url=http://sites.inka.de/bigred/devel/tcp-tcp.html \| title=Why TCP Over TCP Is A Bad Idea Line 49 ⟶ 74: \| last=Titz \| date=2001-04-23 \| accessdate=2015-10-17}}</ref><ref>{{cite ~~web~~conference \| bibcode=2005SPIE.6011..138H \| title=Understanding TCP over TCP: effects of TCP tunneling on end-to-end throughput and latency \|author1=Honda, Osamu \|~~author2~~book-title=~~Ohsaki~~Performance, ~~Hiroyuki~~Quality ~~\|author3=Imase~~of Service, ~~Makoto~~and ~~\|author4=Ishizuka,~~Control ~~Mika~~of ~~\|author5=Murayama,~~Next-Generation ~~Junichi~~Communication \|and ~~date=October~~Sensor Networks ~~2005~~III \| volume=6011 \| page=60110H \|author2=Ohsaki, Hiroyuki \|author3=Imase, Makoto \|author4=Ishizuka, Mika \|author5=Murayama, Junichi \| s2cid=8945952 \| editor2-first=Sergey I \| editor2-last=Balandin \| editor1-first=Mohammed \| editor1-last=Atiquzzaman \| date=October 2005 \| doi=10.1117/12.630496 ~~\| accessdate=2015-10-17~~}}</ref> SSTP supports user authentication only; it does not support device authentication or computer authentication. Line 115 ⟶ 148: * [[PPTP]] * [[SoftEther VPN]], an open-source VPN server program which supports SSTP-VPN protocol. * [[WireGuard]] ==References== Line 120 ⟶ 154: ==External links== [https://~~msdn~~docs.microsoft.com/en-us/~~library~~openspecs/~~cc247338.aspx~~windows_protocols/ms-sstp/c50ed240-56f3-4309-8e0c-1644898f0ea8 <nowiki>[MS-SSTP]: Secure Socket Tunneling Protocol (SSTP)</nowiki>] by [[Microsoft Open Specification Promise]] [http://blogs.technet.com/rrasblog/archive/tags/SSTP/default.aspx RRAS Technet Blog] [http://www.techworld.com/networking/news/index.cfm?newsID=7814&pagtype=all Microsoft develops new tunneling protocol] [~~http~~https://blogs.technet.microsoft.com/rrasblog~~/archive~~/2007/01/10/how-sstp-based-vpn-connection-works~~.aspx~~/ How SSTP based VPN connection works] [http://www.hsc.fr/ressources/outils/sstoper/index.html.en HSC's SSTP Client for Linux] [https://~~www~~sstp-client.~~purevpn~~sourceforge.~~com~~net/~~what-is-vpn/protocols/sstp~~ SSTP ~~Setup~~Client onfor ~~Windows~~Linux] *[http://sstp-client.sourceforge.net/ SSTP Client for Linux] {{VPN}}