Secure Socket Tunneling Protocol: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 21:22, 19 April 2020 edit 91.64.131.159 (talk) Removed mention of OpenVPN, as this is not related to SSTP nor was it relevant in the context of SSTP. The "See Also" section includes sufficient links to alternatives. ← Previous edit		Latest revision as of 03:18, 11 August 2025 edit undo Bender the Bot (talk \| contribs) Bots 1,064,377 edits m HTTP to HTTPS for SourceForge Tag: AWB
(13 intermediate revisions by 13 users not shown)
Line 1: {{short description\|Form of virtual private network tunnel}} {{distinguish\|Simple Symmetric Transport Protocol}} {{Infobox technology standard '''Secure Socket Tunneling Protocol''' ('''SSTP''') is a form of [[virtual private network]] (VPN) tunnel that provides a mechanism to transport [[Point-to-Point Protocol\|PPP]] traffic through an [[Transport Layer Security\|SSL/TLS]] channel. SSL/TLS provides transport-level security with key negotiation, [[encryption]] and traffic integrity checking. The use of SSL/TLS over [[Transmission Control Protocol\|TCP]] port 443 allows SSTP to pass through virtually all [[firewall (computing)\|firewalls]] and [[proxy server]]s except for authenticated web proxies.<ref>{{cite web▼ \| title = SSTP \| long_name = Secure Socket Tunneling Protocol \| image = \| image_size = \| alt = \| caption = \| abbreviation = \| native_name = <!-- Name in local language. If more than one, separate using {{plain list}} --> \| native_name_lang = <!-- ISO 639-1 code e.g. "fr" for French. If more than one, use {{lang}} inside native_name items instead --> \| status = \| year_started = 2007 \| first_published = {{Start date\|2007\|02\|22\|df=y}} \| version = \| version_date = \| preview = \| preview_date = \| organization = [[Microsoft]] \| committee = \| series = \| editors = \| authors = \| base_standards = MS-SSTP \| related_standards = \| predecessor = \| successor = \| ___domain = \| license = \| copyright = \| website = <!-- {{URL\|https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-sstp/}} --> }} In [[computer networking]], '''Secure Socket Tunneling Protocol''' ('''SSTP''') is a form of [[virtual private network]] (VPN) tunnel that provides a mechanism to transport [[Point-to-Point Protocol]] (PPP) traffic through an [[Transport Layer Security\|SSL/TLS]] channel. ==Protocol== ▲'''Secure Socket Tunneling Protocol''' ('''SSTP''') is a form of [[virtual private network]] (VPN) tunnel that provides a mechanism to transport [[Point-to-Point Protocol\|PPP]] traffic through an [[Transport Layer Security\|SSL/TLS]] channel. SSL/TLS provides transport-level security with key negotiation, [[encryption]] and traffic integrity checking. The use of SSL/TLS over [[Transmission Control Protocol\|TCP]] port 443 (by default; port can be changed) allows SSTP to pass through virtually all [[firewall (computing)\|firewalls]] and [[proxy server]]s except for authenticated web proxies.<ref>{{cite web \| url=http://blogs.technet.com/b/rrasblog/archive/2007/01/17/sstp-faq-part-2-client-specific.aspx \| title=SSTP FAQ - Part 2: Client Specific Line 13 ⟶ 47: SSTP is available for [[Linux]], [[BSD]], and [[Windows]].<ref>{{cite web \| url=~~http~~https://sstp-client.sourceforge.net/ \| title=SSTP-Client \| date=2011-09-17 \| accessdate=2015-10-17}}</ref> SSTP iswas introduced in 2007<ref>{{Cite web \|date=2022-11-04 \|title=[MS-SSTP]: Secure Socket Tunneling Protocol (SSTP) \|url=https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-sstp/c50ed240-56f3-4309-8e0c-1644898f0ea8 \|access-date=2024-08-30 \|website=learn.microsoft.com \|language=en-us}}</ref> and available on [[Windows Vista SP1]] and later, in [[MikroTik\|RouterOS]] since version 5.0, and in [[IIJ SEIL\|SEIL]] since its firmware version 3.50. It is fully integrated with the RRAS architecture in these operating systems, allowing its use with [[Winlogon]] or [[smart-card]] authentication, remote-access policies and the Windows VPN client.<ref>{{cite web▼ ~~[[SoftEther VPN]] Server, a cross-platform open-source VPN server, also supports SSTP as one of its multi-protocol capability.~~ ▲SSTP is available on [[Windows Vista SP1]] and later, in [[MikroTik\|RouterOS]] since version 5.0, and in [[IIJ SEIL\|SEIL]] since its firmware version 3.50. It is fully integrated with the RRAS architecture in these operating systems, allowing its use with [[Winlogon]] or [[smart-card]] authentication, remote-access policies and the Windows VPN client.<ref>{{cite web \| url=http://www.biztechmagazine.com/article/2008/01/sstp-makes-secure-remote-access-easier \| title=SSTP Makes Secure Remote Access Easier Line 34 ⟶ 66: \| accessdate=2015-10-17}}</ref> SSTP ~~was~~is intended only for remote client access, it generally does not support site-to-site VPN tunnels.<ref>{{cite web \|last=Jain \|first=Samir \|date=2007-01-10 \|title=SSTP FAQ - Part 1: Generic \|url=http://blogs.technet.com/b/rrasblog/archive/2007/01/10/sstp-faq-part-1-generic.aspx \|url-status=dead \|archive-url=https://web.archive.org/web/20101012205841/http://blogs.technet.com/b/rrasblog/archive/2007/01/10/sstp-faq-part-1-generic.aspx \|archive-date=2010-10-12 \|website=TechNet Blogs \|accessdate=}}</ref> ~~\| url=http://blogs.technet.com/b/rrasblog/archive/2007/01/10/sstp-faq-part-1-generic.aspx~~ ~~\| title=SSTP FAQ - Part 1: Generic~~ ~~\| date=2007-01-10~~ ~~\| first=Samir~~ ~~\| last=Jain~~ ~~\| accessdate=2015-10-17}}</ref>~~ SSTP suffers from the same performance limitations as any other IP-over-TCP tunnel. In general, performance will be acceptable only as long as there is sufficient excess bandwidth on the un-tunneled network link to guarantee that the tunneled TCP timers do not expire. If this becomes untrue, performance falls off dramatically. ~~This~~due ~~is known as~~to the "[[TCP meltdown problem"]].<ref>{{cite web \| url=http://sites.inka.de/bigred/devel/tcp-tcp.html \| title=Why TCP Over TCP Is A Bad Idea Line 48 ⟶ 74: \| last=Titz \| date=2001-04-23 \| accessdate=2015-10-17}}</ref><ref>{{cite ~~journal~~conference \| bibcode=2005SPIE.6011..138H \| ~~chapter~~title=Understanding TCP over TCP: effects of TCP tunneling on end-to-end throughput and latency \|author1=Honda, Osamu \| book-title=Performance, Quality of Service, and Control of Next-Generation Communication and Sensor Networks III \| volume=6011 \| ~~pages~~page=60110H \|author2=Ohsaki, Hiroyuki \|author3=Imase, Makoto \|author4=Ishizuka, Mika \|author5=Murayama, Junichi \| ~~date~~s2cid=~~October 2005~~8945952 \| editor2-first=Sergey I \| editor2-last=Balandin \| editor1-first=Mohammed \| editor1-last=Atiquzzaman \| date=October 2005 \| doi=10.1117/12.630496 }}</ref> Line 117 ⟶ 148: * [[PPTP]] * [[SoftEther VPN]], an open-source VPN server program which supports SSTP-VPN protocol. * [[WireGuard]] ==References== Line 125 ⟶ 157: [http://blogs.technet.com/rrasblog/archive/tags/SSTP/default.aspx RRAS Technet Blog] [http://www.techworld.com/networking/news/index.cfm?newsID=7814&pagtype=all Microsoft develops new tunneling protocol] [~~http~~https://blogs.technet.microsoft.com/rrasblog~~/archive~~/2007/01/10/how-sstp-based-vpn-connection-works~~.aspx~~/ How SSTP based VPN connection works] [http://www.hsc.fr/ressources/outils/sstoper/index.html.en HSC's SSTP Client for Linux] *[~~http~~https://sstp-client.sourceforge.net/ SSTP Client for Linux] {{VPN}}