SSTP Support Router



  • Dear All,

    I want to buy a new router. Do you have SSTP protocol support router because I need SSTP protocol to connect to my office network.

    Thank and Best Regards


  • LAYER 8 Moderator

    AFAIK there are no commercial router/firewalls, that support SSTP as clients to an existing network. Isn't SSTP a Microsoft/Windows thing? I know Microtik and Synology can speak SSTP but as servers emulating Windows Server behavior but I know no current router/firewall that can create something like an SSTP tunnel as a client to an existing corporate network. In my understanding of SSTP that's not the goal either, as it's meant as end-user / client dial-in VPN, not site2site network linking.

    Greets



  • @JeGr said in SSTP Support Router:

    AFAIK there are no commercial router/firewalls, that support SSTP as clients to an existing network. Isn't SSTP a Microsoft/Windows thing? I know Microtik and Synology can speak SSTP but as servers emulating Windows Server behavior but I know no current router/firewall that can create something like an SSTP tunnel as a client to an existing corporate network. In my understanding of SSTP that's not the goal either, as it's meant as end-user / client dial-in VPN, not site2site network linking.

    Greets

    Thank You for prompt reply but I read from the various guides where they mention that SSTP is a best choice for business use.


  • LAYER 8 Moderator

    @rootwilliamson said in SSTP Support Router:

    Thank You for prompt reply but I read from the various guides where they mention that SSTP is a best choice for business use.

    That's nonsense. It depends completely what you want to achieve. SSTP isn't that new and not particularly different than other OVPN or IPSEC based dial-in VPNs or even self-built SSL based (like OVPN) VPN solutions like Pulse or Cisco Anyconnect. Only because SSTP is a thing now with MS (after riding the PPTP horse literally to its death), that doesn't mean that it's in any way better or preferrable to other solutions. It's just a matter of your infrastructure, environment and IT/admins capability.

    But "It's the best choice for business use" sounds more like marketing BS than a technical reason.

    "It's not the best choice! It's Spacer's Choice!" 😉


  • Netgate Administrator

    Yes, SSTP is intended as a remote access protocol not for site-to-site tunnels.
    I'm sure it could be made to work like that if you really needed it to though. Just as you can do that with OpenVPN set up as remote access.

    OpenWRT can probably do it: https://openwrt.org/packages/pkgdata/sstp-client
    Or roll you own Linux solution.

    Steve



  • @stephenw10 said in SSTP Support Router:

    Yes, SSTP is intended as a remote access protocol not for site-to-site tunnels.
    I'm sure it could be made to work like that if you really needed it to though. Just as you can do that with OpenVPN set up as remote access.

    OpenWRT can probably do it: https://openwrt.org/packages/pkgdata/sstp-client
    Or roll you own Linux solution.

    Steve

    Thank You Steve.
    I check this router and its configuration. But as you know that I do not have enough technical knowledge, we need to use VPN for my office and my friends told me that not every router support sstp protocol (might be he is wrong) that is why I asking.


  • LAYER 8 Moderator

    @rootwilliamson said in SSTP Support Router:

    But as you know that I do not have enough technical knowledge, we need to use VPN for my office and my friends told me that not every router support sstp protocol (might be he is wrong) that is why I asking.

    As Steven also told you (and I already was), SSTP is not intended to be used on routers as tunnel protocol. It is primarily used as dial-in VPN from your specific client (laptop, PC etc.) to your corporate VPN. Nothing you set up on your router that stays active day and night. Also in my understanding most companies don't want you to connect your whole private home network to their corporate network with a tunnel, so if you need it done, then the IT guys should do it/equip yourself with an appropriate router. But in my years in various companies I can't remember one that was happy to have some home-office/private home user network hooked up to their corporate network for any reasons at all. So perhaps check back if you are actually allowed to do such a thing - SSTP or not.



  • OK


  • Netgate Administrator

    Yes, I agree with this. It sounds like you are trying to use a remote access login you have been given to do something it was never intended to do. If you need a site-to-site VPN ask your office IT staff.
    Trying to work past the IT admins is recipe for a bad time, possibly up to getting fired for it level if you ended up exposing the office network to something inadvertently. 😉

    Steve


Log in to reply