Menu
Menu
Home
AdGuard Ad Blocker
Official site
Windows app
Mac app
Android app
Android TV
iOS app
Browser extension
All products
Blog
AdGuard VPN
Windows app
Mac app
Android app
iOS app
Browser extension
Routers
All products
AdGuard DNS
Official site
About DNS
Public DNS
Blog
Other products
AdGuard Home
AdGuard Pro for iOS
AdGuard Content Blocker
AdGuard for Safari
AdGuard Assistant
AdGuard Temp Mail
All products
Products
AdGuard Ad Blocker
Blocks ads, trackers, phishing, and web annoyances
Official site
Windows app
Mac app
Android app
Android TV
iOS app
Browser extension
All products
Blog
AdGuard VPN
Makes you anonymous and your traffic inconspicuous
Windows app
Mac app
Android app
iOS app
Browser extension
Routers
All products
AdGuard DNS
A cloud-based DNS service that blocks ads and protects your privacy
Official site
About DNS
Public DNS
Blog
Other products
Other tools for content blocking
AdGuard Home
AdGuard Pro for iOS
AdGuard Content Blocker
AdGuard for Safari
AdGuard Assistant
AdGuard Temp Mail
All products
Blog
What is a VPN
Purchase
Purchase
Support
What is a VPN
EN
Support
Log in
AdGuard VPN Blog What is SSTP (Secure Socket Tunneling Protocol), and how does it help secure a VPN connection?

What is SSTP (Secure Socket Tunneling Protocol), and how does it help secure a VPN connection?

November 28, 2023 14 min read
Your provider
You
Desired website
AdGuard VPN

SSTP is a tunneling protocol developed by Microsoft to create VPN connections. SSTP means using the SSL and TLS protocols to encrypt traffic, which protects data transmission on the Internet and makes the connection more reliable and secure.

Here are the situations for which SSTP VPN can be used:

Corporate networks

  • Allows employees to connect to the corporate network from anywhere in the world while maintaining privacy and security of data transfer

  • Provides secure remote access to internal company resources such as file servers, applications and email

Distant work

  • With the rise of remote work, SSTP and VPN are becoming important tools for providing secure remote access to work resources

Bypassing blocking and censorship

  • Allows you to bypass geo-restrictions and censorship on the Internet, providing access to blocked sites and services

Protection of personal information

  • Protects personal information when using insecure networks, such as open Wi-Fi in cafes or airports

Remote access to home resources

  • Provides secure access to home network resources, such as personal cloud storage or private network devices

Telecommunications and IT

  • Used to provide secure connections between locations, servers and data in telecommunications and IT infrastructures

Historical reference

The SSTP protocol was developed by Microsoft and first introduced in the Windows Vista Service Pack 1 operating system in 2007. SSTP was created to provide more reliable and secure VPN connections than previous solutions, such as PPTP and L2TP/IPsec. Its appearance was a response to the need for more modern and secure VPN connection technologies, especially in the corporate sector, where data security is critical.
Since then, the SSTP protocol has gone through several stages of development:

Initial release in 2007

SSTP, introduced in Windows Vista SP1, allows Windows users to create secure VPN connections.

Expanded support in 2008

With the release of Windows 7 and subsequent Windows operating systems, SSTP support has become more comprehensive, and the protocol's performance and level of security have improved.

Support on other operating systems

Over time, implementations of SSTP appeared for other operating systems, including open source Linux and macOS, making the SSTP VPN protocol more widely available.

Security and performance improvements

Improvements included support for modern SSL/TLS protocols and more efficient session management.

Today, SSTP remains a relevant and widely used VPN protocol, especially in Windows environments, due to its integration with Microsoft operating systems and the high level of security provided by SSL/TLS encryption. However, the emergence and proliferation of other protocols, such as OpenVPN and WireGuard, have given users and organizations additional options for secure VPN connections. Some consider these new protocols to be more flexible or performant than SSTP.

As such, SSTP remains an essential tool for creating secure VPN connections, especially in corporate environments and for Windows users, although other modern alternatives exist.

Basic features of SSTP VPN

Route push

Like other VPN protocols, the route push feature in SSTP allows the VPN server to automatically update the client's routing table with the necessary routes to access the internal network. This simplifies client-side configuration and ensures that traffic is routed correctly through the VPN tunnel.

TCP and UDP support

Unlike some other VPN protocols, SSTP primarily uses TCP for tunneling. TCP provides a reliable connection, which is important for security and data integrity, although it may be less efficient than protocols using UDP.

DNS server push

This feature allows the VPN server to automatically provide the client with information about DNS servers for name resolution on the internal network. This also simplifies client-side DNS configuration and ensures correct name resolution.

LDAP/RADIUS integration

SSTP can integrate with LDAP and RADIUS for centralized user authentication. This provides centralized management of accounts and security policies, which improves network management and security.

Cryptographic algorithms

SSTP uses the encryption algorithms provided by SSL/TLS to ensure confidentiality and data integrity. Reliable cryptographic algorithms are the basis for protecting data in VPN connections from unauthorized access and hacking.

These features combine to help provide a secure, reliable, and manageable VPN connection, which is critical for enterprise networks and remote access to resources.

Use of SSTP protocol in the corporate segment

The SSTP protocol provides secure and reliable remote access to corporate resources. With global organizations and the growing need for remote work, secure VPN connections are critical to maintaining business operations and protecting corporate information.

Examples of using SSTP VPN

Remote access to the corporate network

Employees traveling or working remotely can use SSTP to securely access internal company resources such as file servers, applications, and internal sites.

Connecting branches and divisions

Corporations with multiple branches and divisions can use SSTP protocol to create secure tunnels between networks for data exchange and network interoperability.

Securing communications with cloud services

SSTP VPN can provide a secure connection between the corporate network and cloud services if corporate data is hosted in the cloud storage.

Advantages and disadvantages of corporate networks

Advantages

  • Security: SSTP offers strong encryption and authentication, providing high data security

  • Integration with Microsoft products: Tight integration with Microsoft operating systems and products makes it a convenient solution for enterprise networks based on Microsoft technologies

  • Overcoming blocking and filtering: SSTP easily overcomes network-level blocking by using TCP port 443, also used for secure web traffic (HTTPS)

Flaws

  • Performance: The TCP used in SSTP can be less efficient than protocols using UDP, especially on networks with high latency or packet loss

  • Limited platform support: Unlike other VPN protocols, SSTP may not be supported on all platforms or devices, which may cause problems on private networks

  • Microsoft dependency: For companies that don't want to depend on Microsoft products, SSTP may be a less attractive option than other open VPN standards

  • Security: The SSTP code has never been exposed or verified, leaving concerns about possible vulnerabilities

How the SSTP protocol can be useful for ordinary users

Secure Internet access

SSTP can be used to create an encrypted point-to-point tunnel between a user's device and a VPN server, allowing secure Internet browsing on open or unsecured networks, such as in cafes, hotels or airports.

Bypass blocking and censorship

If the user is in a country or network where specific sites or services are restricted or blocked, SSTP can help bypass these restrictions by providing access to blocked resources.

Secure remote access to your home network

If users want to connect to their home network securely from other locations, SSTP can help create a secure connection to home resources such as personal files, media, or smart home controls.

Anonymous Internet access

SSTP can help provide anonymity on the Internet by hiding a user's real IP address and encrypting their Internet traffic, making tracking a user's online activity harder.

Secure online transactions

For users who buy things online, SSTP can offer an additional level of security to protect their financial information and personal data.

Secure access to cloud services

If a user has data or services hosted in the cloud, SSTP can provide a secure connection between their device and cloud services, protecting the data from possible threats.

Advantages and disadvantages for private users

Advantages of SSTP for private use

  • Security and privacy: The SSTP protocol offers a high level of encryption and authentication, which is important to ensure the privacy and security of user data

  • Ease of setup: Setup is usually simple and requires no additional software on platforms that support SSTP. This makes it accessible to users who do not need technical knowledge to set up a VPN connection

  • Reliability: SSTP offers a reliable connection by using the TCP protocol to ensure data integrity and delivery

Disadvantages of SSTP for private use

  • Performance: Because SSTP uses TCP instead of the faster UDP, performance can suffer, especially on networks with high latency or packet loss

  • Limited platform support: SSTP is primarily built into Windows operating systems, and its support may be limited on other platforms, which may cause problems for users of other systems

  • Dependency on third parties: To use SSTP, users must rely on VPN providers, which can present concerns regarding cost, privacy, and dependence on third-party services

  • Difficulty in tracing problems: When connection problems occur, users may find it challenging to independently identify and correct the problem due to the technical complexity of the SSTP protocol

  • Security: The SSTP code has never been exposed or verified, leaving concerns about possible vulnerabilities

SSTP protocol resistance to blocking

Secure Socket Tunneling Protocol is considered quite resistant to blocking for several reasons:

Using port 443

SSTP sends traffic over SSL over TCP port 443, traditionally used for secure web traffic (HTTPS). Most firewalls open external TCP port 443 for SSL, allowing SSTP to pass through them.

SSL encryption

SSTP uses the SSL (Secure Sockets Layer) protocol to encrypt data, similar to regular HTTPS traffic. This makes it hard to identify and block SSTP traffic. However, it also has some weaknesses:

  • Protocol detection

Despite encryption, specialized DPI (Deep Packet Inspection) devices can sometimes detect and block the characteristics of SSTP traffic.

  • Dependency on Microsoft

SSTP VPN is closely tied to Microsoft products, which may make it less resistant to blocking in environments where alternative technologies are used or where there are strict restrictions on Microsoft products.

In general, SSTP is pretty resistant to blocking due to its use of port 443 and SSL encryption. However, it is not entirely impervious to detection in more restrictive or controlled network environments.

Applicability and availability of the SSTP protocol on home routers

The availability of SSTP on home routers largely depends on the specific router model and manufacturer. Here are a few key aspects that can affect SSTP availability on home routers:

Router manufacturer

Some manufacturers offer built-in SSTP support on their routers, especially those aimed at the business segment or more technically advanced users.

Custom firmware

Custom firmware, such as DD-WRT or Tomato, can add SSTP support to routers that do not natively have it. However, installing custom firmware can be technically complex and require certain knowledge.

External VPN providers

Some VPN providers offer simple solutions for setting up SSTP on home routers, perhaps through apps or web interfaces. This can provide access to SSTP even if the router itself does not natively support this protocol.

Cloud VPN services

Cloud VPN services may offer SSTP settings that can be applied to your home router. This could be an option for those looking for an easy way to implement SSTP.

Technical support

Contact your router manufacturer's technical support to find out whether your router supports SSTP and how to configure it.

SSTP may not be as widely available on home routers as more popular VPN protocols such as OpenVPN and IPsec, especially on basic or budget routers. If SSTP access is important to you, check the specifications and documentation for your router or contact the manufacturer for more information.

How to deploy SSTP VPN on the server

Deploying Secure Socket Tunneling Protocol on a server involves several steps and requires certain hardware and software.

Installation and configuration steps

Installing a VPN server

Start by installing server software that supports SSTP, such as Windows Server with the Remote Access role (VPN and DirectAccess).

Setting up an SSL certificate

SSTP requires an SSL certificate for authentication and encryption. Obtain and install an SSL certificate from a trusted certificate authority (CA), or create your own self-signed certificate.

SSTP port listening configuration

Make sure the server is configured to listen for incoming connections on TCP port 443, which SSTP uses.

Setting up routing and remote access

Configure routing and remote access rules to suit the requirements of your network infrastructure.

Testing

Test your VPN connection using a client computer or device to ensure everything is configured correctly.

Hardware and software requirements

  • Server: You need a reliable server with enough resources (CPU, memory, network bandwidth) to process VPN traffic
  • Operating system: Microsoft Windows Server with Remote Access role or similar software that supports SSTP
  • Network equipment: Provide suitable network equipment to handle VPN traffic and support the required protocols and ports

Security features and recommendations

SSL certificates

Use SSL certificates from trusted certificate authorities for better security, and avoid using self-signed certificates if possible.

Strong authentication

Implement strong authentication mechanisms such as multi-factor authentication (MFA) to improve the security of VPN access to your network.

Security policies

Create and implement strict security policies for accessing resources via VPN, including access control and network traffic monitoring.

Updates and patches

Regularly update your server and network equipment to protect all system components from known vulnerabilities.

Monitoring and logging

Configure monitoring and logging levels to track unusual activity and detect security incidents.

Features of configuration on the client

Setting up Secure Socket Tunneling Protocol on the client side may vary slightly depending on the platform. However, the basic process remains similar. Below are the general steps to configure SSTP on desktop and mobile operating systems:

Setting up on desktop devices

Windows

  • Open Control Panel → Network and Internet → Network and Sharing Center
  • Select Set up a new connection or network
  • Select Desktop Connection and follow the connection creation wizard
  • Enter the server address and connection credentials
  • In the connection properties, make sure that the SSTP protocol is selected

macOS and Linux

  • These OSes may require third-party software as native SSTP support may not be available
  • You can use programs such as SSTP-client or similar to install and configure the SSTP connection

Setup on mobile devices

Android

  • Depending on the version and device manufacturer, a third-party application, such as SSTP VPN Client, may be required to support SSTP
  • After installing the app, follow the on-screen instructions to set up a VPN connection to your server

iOS

  • Similar to Android, a third-party app may be required to support SSTP
  • Download and install the app of your choice from the App Store and follow the instructions to set up a VPN connection

When setting up SSTP on any platform, make sure you have all the required credentials and server information (such as the server address, username, and password). Also, make sure the server has a valid SSL certificate to ensure a secure connection.

SSTP VPN standards and performance

SSTP performance may vary depending on many factors, including hardware and network configuration. Below is an analysis of SSTP performance in various scenarios.

Performance based on CPU resources

SSTP performance in megabits per second on a single core can vary greatly depending on the hardware and the specific network configuration. However, a more powerful processor core with a higher clock speed can improve SSTP performance.

SSTP vs. other VPN protocols

  • OpenVPN. OpenVPN can perform similarly to SSTP but is generally considered more flexible to configure and natively supports more operating systems

  • IPsec/L2TP. IPsec/L2TP generally offers high performance and can be faster than SSTP on some configurations, especially when using hardware-accelerated encryption

  • PPTP. PPTP may provide high performance due to weak encryption, making it less secure than SSTP

  • WireGuard. WireGuard is known for its high performance and simplicity and is generally superior to SSTP in speed and ease of configuration

Recommendations to optimize SSTP VPN performance

Hardware acceleration

Use hardware encryption acceleration if supported by your hardware to improve SSTP performance.

Network optimization

Ensure your network is optimized for performance — eliminate bottlenecks and improve routing.

Correct server configuration

Configure your server correctly and make sure you have enough resources to handle VPN traffic.

Performance monitoring and analysis

Regularly monitor and analyze the performance of your SSTP VPN to identify and resolve potential problems.

Hardware and software updates

Keep your hardware and software up to date for best performance and security.

Conclusion

SSTP is a reliable and proven solution for creating secure VPN connections, especially in Windows environments. It provides good encryption and is relatively easy to configure on supported platforms. However, when using SSTP, you may encounter speed and platform support limitations compared to other modern VPN protocols, such as WireGuard.

Liked this post?
Upd: December 5, 2023 Originally posted on November 28, 2023 14 min read AdGuard VPN
Nikita Mazikov Nikita Mazikov

Recommended articles

AdGuard VPN
for Windows

Use any browser or app and never worry about your anonymity again. The entire world is at your fingertips with AdGuard VPN.
Learn more
Download
By downloading the program you accept the terms of the License agreement

AdGuard VPN
for Mac

In just two clicks, select a city from anywhere in the world — we have 65+ locations — and your data is invisible to the prying eyes of corporations and governments.
Learn more
Download
By downloading the program you accept the terms of the License agreement

AdGuard VPN
for iOS

Boost your online protection by taking it with you wherever you go. Use AdGuard VPN to enjoy your favorite movies and shows!
Learn more
App Store
By downloading the program you accept the terms of the License agreement

AdGuard VPN
for Android

Remain anonymous wherever you go with AdGuard VPN! Dozens of locations, fast and reliable connection — all in your pocket.
Learn more
Google Play
By downloading the program you accept the terms of the License agreement
Download
By downloading the program you accept the terms of the License agreement

AdGuard VPN
for Chrome

Hide your true location and emerge from another place in the world — access any content without speed limits and preserve your web anonymity.
Learn more
Install
By downloading the program you accept the terms of the License agreement

AdGuard VPN
for Edge

Get to a different location in one click, hide your IP, and make your web surfing safe and anonymous.
Learn more
Install
By downloading the program you accept the terms of the License agreement

AdGuard VPN
for Firefox

Protect your privacy, hide your real location, and decide to where you need the VPN and where you don't!
Learn more
Install
By downloading the program you accept the terms of the License agreement

AdGuard VPN
for Opera

Be a ninja in your Opera browser: move quickly to any part of the world and remain unnoticed.
Learn more
Install
By downloading the program you accept the terms of the License agreement
© 2009–2024 Adguard Software Limited
AdGuard VPN
download has started
Click the button indicated by the arrow to start the installation.
Scan to install AdGuard VPN on your mobile device