Hi, I’m fed up with freaks of Windows 10 SSTP VPN client, today it works (using mikrotik certificate), after tomorrow gives error without reasons, the same exact procedure on another computer works, the same exact procedure on a third computer fails. That’s crazy how Windows manage certificates, and also crazy how it doesn’t give any useful feedback to correct the problem, for a such stupid needs of certificates that I don’t care, probably nobody cares, on Android I use SSTP Max and it works without certificates.
I?m fed up losing hours trying to install in all different modes possible, manually remove and reinstall again, that’s not a way at all, time values.
So I’m looking for a third party SSTP client for Windows, I really hope there is one that doesn’t care of useless certificates, looking like Wireguard client for example. Anything aroud? Gooogling I haven’t valid results.
Thank you
I was about to mention Wireguard …
I need a client for SSTP protocol, only SSTP works under some firewalls.
As there is a client for wireguard able to route all traffic into there there may be a client VPN that supports SSTP..
I’m sorry I can’t be more helpful, but generally the in-built clients on Windows are really hard to manage. Often updates screw with defaults, and a lot of times registry entries have to be setup just so for things to work. Of course with joining a domains/groups policy things tend to be better.
If the firewall is not that picky, quite often OpenVPN tcp tunneling over port 443 works fine. If the firewall is protocol-aware, it depends on the exact policy settings, e.g. SSTP is also easy to identified by the “Upgrade: SSTP” type HTTP header…
I now what you mean, but here they also advice the SSTP.. reducing or killing the connection, it’s crazy.
What a bad news, if for windows only native client is available.. I hate it
the first time i approached to sstp i had the problems, in fact never been able to make it working with self signed certificate
because of that we tryed buying a certificate from a recognized provider
since that day
we have used native SSTP client many years without any problem
but i make it clear
using a certificate from a recognized provider and renewing it every year (paying the respective fees)
maybe is not the solution you are searching for, sharing my experience is the only way i can contribute to this topic
1 Like
I use the same Let’s Encrypt TLS certificate that RouterOS obtains for www-ssl for SSTP and User Manager. The Windows SSTP clients never had any problem with that.
There a a couple of little things that need to be addressed at certificate renewal though. Because I use my domains and not the one from IP → Cloud, I need a script that temporarily opens port 80 (but only on the IPv6 firewall, luckily), enables the www service, request the Let’s Encrypt renewal, then shutdowns www and closes port 80 again. The second issue is that although the renewal process automatically updates the setting of www-ssl with the new certificate, it doesn’t make changes to SSTP server or User Manager and they still have the old certificate. So the script also has to make sure that those settings are updated.
Mates, thank you for replying and share your experience.
Facts are that the same router, with the same certificate, installed on all PC (Win10 64) in this moment in the same way, let SSTP works in the computer A, but doesn’t work on the computer B, was working but no more for an unknow reason on computer C.
The procedure is correct, no dubts about that, the only difference that can matter is that these PC are connected by different providers, but all of them use google dns 8.8.8.8..
How can I trubeshot the windows error? There should be a way to know why it is failing.
The PC B doesn’t want to connect with any of SSTP I created on different routers, placed on different public IPs, using for all of them the mikrotik DDNS. It looks like the PC B has troubles with certificates, I’ve tried to remove mine manually from all possible places, something went wrong inside windows. On PC C can happen the same. How can I fix certification problems on WIn10?
Thanks
the thing is that when you make changes to force the PC to accept a certificate not signed by a recognized entity as a valid you are circunventing security built in the operating system in that matter, dont expect that “solution” or fix to be reliable.
Yeah, that’s why OP should try the Let’s Encrypt issued certificate like I wrote above, if he doesn’t want to spend money on certificates from commercial providers.
1 Like