Routing and Remote Access Blog

VPN articles - straight from Windows development team

Browse by Tags

Related Posts
  • Blog Post: How to prevent SSTP based VPN connections to be dialed out from my network

    So we are back with a post on SSTP - the tunnelling protocol that can help you traverse through NATs and firewalls. SSTP is sure a great way to establish VPN connections in cases where PPTP and L2TP will not work due to the presence of NATs and firewalls. However, some network administrators may not...
  • Blog Post: SSTP support on SBS 2008

    Hello, As you know SSTP support in Windows Server 2008 allows you to configure RRAS server role as SSL based L3 VPN server - which allows VPN clients (currently Vista SP1, WS08 and later releases) to connect from anywhere - behind firewalls/NAT. If you would like to run Small business server (SBS...
  • Blog Post: How to debug SSTP specific connection failures

    Hi All, To all our beta testers who are trying out SSTP, first of all "many many thanks from my RRAS team". This post talks about how to debug failures specific to SSTP based VPN tunnel ( Note : I am not discussing all the error codes displayed on RAS client - as most error codes will be common...
  • Blog Post: VPN tunnel across web proxy, NAT and firewall - no kidding !!

    I am sure at times you might have faced this problem where PPTP or L2TP based VPN connection does not go through. This may be in some hotel or when you are visiting a customer or partner site etc. This is primarily due to PPTP GRE port blocking or L2TP ESP port blocking issue by some firewall or NAT...
  • Blog Post: Do we still need PPTP & L2TP/IPsec after Windows 7

    Hi Folks, Our team member Samir Jain has posted a nice blog on how you should decide which tunnel to use/deploy for your scenario. The details for the same are given at which tunnel to use . In this blog, I would like to understand further on a possibility of deprecating PPTP & L2TP/IPsec VPN...
  • Blog Post: How SSTP based VPN connection works

    In this blog, I will explain how SSTP based VPN tunnel works - i.e. the data flow during VPN connection coming up and how data transfer occurs. The flow to get VPN connection up looks like: 1) Client gets Internet connectivity and then establishes TCP connectivity to server over port 443. Let us...
  • Blog Post: Deploying SSTP: Screencast available at

    Hi All, SSTP screencast is available at http://www.microsoft.com/downloads/details.aspx?FamilyID=fc4d7d3f-0376-45bf-9544-ec35329a2fc1&DisplayLang=en Thanks a bunch, Jim for pulling it through ! This will give screen-by-screen view of how to set-up SSTP in a pilot-lab environment. Cheers...
  • Blog Post: Different VPN tunnel types in Windows - which one to use?

    Hello Folks, I am sure you must have experienced VPN reconnect – a new IKEv2 based VPN tunnel that is added in Windows 7 that allows automatic and seamless switchover of an active VPN connection when the underlying Internet interface (connection) changes thus maintaining application persistence...
  • Blog Post: How to change certificate on SSTP server - in Windows server 2008 R2

    Hi Folks, Very soon Windows 7 and Windows Server 2008 R2 will be released and it is very exciting that beta version of these new operating system is available for public download. So, go ahead and start using it and provide your valuable feedback to us. In this blog I will talk about a new feature...
  • Blog Post: SSTP FAQ - Part 3: Server Specific

    I heard a lot of queries related to server side and in this FAQ, I will try to cover most of them. In this article, I will be using "SSTP server" which is RRAS server enabled to accept SSTP based VPN connection. 1) Does SSTP server works on top of IIS or requires IIS to be installed? No – SSTP...
  • Blog Post: How to configure RRAS based SSTP VPN server behind F5 BIGIP SSL load balancer

    Hello All, In this blog, I will discuss how to load balance SSTP based VPN servers using a F5 BIGIP SSL load balancer. Lets look at the deployment scenario first: You are having a pool of RRAS based VPN servers hosted behind F5 BIGIP load balancer. The F5 BIGIP load balancer terminates the HTTPS...
  • Blog Post: How to change machine certificate on the SSTP server

    This blog is going to tell about how to change the Certificate to be used for the SSTP Server. Although, the normal procedure of installing the certificate on RRAS Server for SSTP mentioned in the step by step guide works perfectly fine, this blog is going to talk about how to change the certificate...
  • Blog Post: Setting up the SSTP listener and verifying it

    We have seen the steps to configure a SSTP server in one of the previous posts. However, we will concentrate on on aspect of the configuration in this post in detail and the most important one too, because without this your server is not yet ready to accept SSTP connections - Setting up the SSTP listener...
  • Blog Post: SSTP FAQ - Part 1: Generic

    Hi All, I am sure lot of queries may be running in your minds related to SSTP. To clarify it further, I am starting a series of frequently asked questions (FAQ) related to SSTP. Please feel free to send your comments on the blog site or to our blog email address if you have further queries. In...
  • Blog Post: How Automatic Tunnel type works in VPN

    With the various previous blogs, we already know that SSTP (Secure Socket Tunneling Protocol) is a new VPN tunnel type which is added to the list of the already existing tunnel types, PPTP and L2TP. With this addition, there have been some changes in the definition of the existing tunnel type configuration...
  • Blog Post: SSTP: Beta Program

    Hi Everyone, I have received overwhelming response from the community about SSTP, how it works and a lot of interest in participating in the beta program. Thanks a lot to all of you !! I am trying my best to get as many folks enrolled to the program. We are getting all set for delivering our beta...
  • Blog Post: Advantages of SSTP based VPN tunnel

    In last week blog, I wrote about SSTP - the new VPN tunnel which goes over HTTPS - hence increasing the coverage area of VPN connection to "everywhere". Today I am going to talk about advantages of SSTP compared to "network extension or full tunnel" solution delivered by other SSL products. Note:...
  • Blog Post: SSTP: Microsoft new VPN tunnel using SSL is coming - please get ready to try it out !

    Hi All, I am very happy to announce that SSTP will be first time released to all our TAP and techbeta customers via Vista SP1 beta and Windows Server 2008 RC0 release which was released on Sept 25th, 2007 To get your hands dirty with SSTP, work with your Microsoft TAP contact if you are part of...
  • Blog Post: How to deploy SSTP based VPN server behind a SSL terminator

    By now, from all the other posts you might be aware of steps required to configure SSTP server to accept HTTPS connections. SSTP also supports being configured behind a SSL terminator (HTTP Reverse Proxy scenario). With this setup, a SSL terminator can be configured to terminate the SSL session and direct...
  • Blog Post: Getting Certificate from third party Certificate Authorities for SSTP

    SSTP as you know requires a machine certificate to be installed on the VPN server. Most of the times, when the administrators need this machine certificate, they can configure a CA Server and get the certificates from this CA. But for this to work, the CDPs (CRL Distribution Point) need to be published...
  • Blog Post: How to deploy SSTP based VPN server behind a NAT router

    Hi All, As you know, SSTP is a new VPN tunnel added in Routing and remote access server role in Windows 2008 server and Vista SP1. This allows PPP packets to be encapsulated over HTTP, hence allowing VPN connection to be established through firewalls/NAT/web proxies. For small to medium size organizations...
  • Blog Post: SSTP FAQ - Part 2: Client Specific

    In this FAQ, I will cover client specific queries of SSTP 1) How to enable SSTP based VPN connection on the client side? SSTP based -connection can be enabled on native RAS client UI (i.e. inside “network and sharing center”). For further details, refer to http://blogs.technet.com/rrasblog/archive...
  • Blog Post: Using Secure Socket Tunneling Protocol (SSTP) from Windows VPN client

    By now, you probably are aware of this new VPN tunneling protocol which can work across NAT, web proxies and firewall. If you are familiar with the Windows Vista way of configuring and using VPN, go to the connection "Properties" page and change the "Type of VPN" to "Secure Socket Tunneling Protocol...
  • Blog Post: Publishing SSTP based VPN server using ISA2006 Firewall

    Hello, If you will like to use SSTP based VPN server (which is part of RRAS server in Windows server 2008) behind a ISA2006 Firewall, please refer to following articles – Thanks a bunch to Thomas Shinder http://www.isaserver.org/tutorials/Publishing-Windows-Server-2008-SSL-VPN-Server-Using-ISA...
  • Blog Post: How to restrict SSTP connection to specific IP address (instead of all IP address) on RRAS server

    SSTP by default is configured to listen on all the interfaces (i.e. 0.0.0.0 for IPv4 or ::/0 for IPv6). This means RRAS server by default will allow VPN connections to come in from “all” the IPv4 as well as IPv6 addresses that are available on the server machine. The RRAS server sets the machine certificate...