Hi,

I've tried to search for solution, but didn't find that much. I have Mikrotik as SSTP server and Windows 7 computer as client. It's impossible to make SSTP VPN tunnel with Windows 7 machine if option 'verify client certificate' is turned on on Mikrotik's server. So is there any solution for this ? I use custom generated certificates. If I connect two Mikrotiks (one server, other client) then everything work just fine even with option 'verify client certificate' enabled.

That is correct, "verify-client-certificate" is Mikrotik feature. If you are connecting Windows machines then disable it.

Ok, thanks for the info.

Is there any plans/possibilities to implement that feature usable with Windows-clients also?
Would make huge improvement to sstp's security and that way make it much better alternative to OpenVPN (which you don't want to development anymore).

Wrong place to ask.. Contact Microsoft and ask them if such feature will be implemented.

Any new ideas concerning this?

I'm still saying that Microsoft is not the problem and Windows SSTP-client is already supporting client-side certificates.

Have you done any investigations about that?

Also, Wiki says that Windows client supports only RC4 encryption, this is not true either. My Windows7 is working well with "force-aes" enabled in ROS6.

Sounds like its a certificate version issue: https://social.technet.microsoft.com/Fo ... networking

Wrong place to ask.. Contact Microsoft and ask them if such feature will be implemented.

Hi! Can you confirm, that verify-client-certificate is a mikrotik only feature And windows EAP is not a way for make SSTP VPN to mikrotik with cetrificate/tokens?

When you're using EAP, you're not authenticating to the RouterOS system, you're authenticating to a Microsoft NPS server. MikroTik doesn't currently support any EAP methods for their VPN implementations. MikroTik only knows how to pass PAP, CHAP, MSCHAPv1, and MSCHAPv2 to RADIUS in their PPP module, but interestingly, they do support EAP methods on wireless. The functionality exists in the code, it's just that the PPP module doesn't appear to have any linkages to the EAP code.

Ok! Than only way to use IPsec and eap radius?


Yours respectfully!

I want to be CEH certified, but i dont know how to do it ( as i m beginner ).So if somebody could help me out how else can i study and get CEH? Please help me out, i shall b really thankful to you for replying.