Share via

Windows Server 2016 VPN SSTP Server

Nick Antoniadis 1 Reputation point
2021-02-25T21:50:21.923+00:00

Hello everyone,

I have a machine with Windows Server 2016,

I want to build a VPN server so I can connect to my home network when I am out of home and some friends to connect also.

I want to make the server with SSTP as I understand that the SSH and it's secure,

although one friend is joining from a network where some port are blocked and many VPN aren't working.

We have tried to connect thought PPTP and he is unable to join, also we want something to be fast and simple.

So I have the following questions:

  • I want to understand more about the Domain, I believe that is essential for the SSTP, so my question is do I need to buy a domain or something like No-IP will work?
  • I want to know if there is any other way to connect like to different port with PPTP ? (As I have researched that's option is not possible)
  • What are the detailed steps that I need to take in order to build something like that?

Thank you in advance.

*Update
I have also noticed that I need a second machine to be my DNS can I just do all that in one machine or have no DNS at all and just manually send the certificate ?

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,436 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sunny Qi 10,926 Reputation points Microsoft Vendor
    2021-02-26T09:34:39.723+00:00

    Hi,

    Thanks for posting in Q&A platform.

    The pre-requisitions for SSTP VPN Tunnel type are one server with DC, DNS and ACCS role, one VPN server and one VPN client. VPN server needs join to the domain which hosted by the DNS server. You can configure your domain name in the DNS server.

    SSTP tunneling uses TCP 443 to create an SSL connection. Any protocol that uses SSL requires the use of a certificate.

    For more details regarding of how to configure SSTP VPN server in Windows server 2016, please refer to the following article:

    Create an SSTP VPN Server in Windows Server 2016

    Best Regards,
    Sunny

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments
  2. Nick Antoniadis 1 Reputation point
    2021-02-25T21:58:50.147+00:00

    Yes, I have visited the same source although it seemed kinda lacking and missing out a lot of important steps and information.

    For example for someone like me that I am not really an expert and want to learn, feels like it needs a bit more work.

    0 comments
  3. Nick Antoniadis 1 Reputation point
    2021-02-26T10:24:49.477+00:00

    Hi @Sunny Qi ,

    I have read this article also,

    I want to know if I can do it without the need to make a certification from the other PC's that are going to connect to the VPN?

    *Edit
    Something like a self-signed certification or like request certification and I would accept it from the server and I can have access,
    is that possible?

    0 comments
  4. Sunny Qi 10,926 Reputation points Microsoft Vendor
    2021-03-01T04:20:00.83+00:00

    Hi,

    If you need request certification from client side, you coukd configure certificate revocation list CRL.

    The CRL setup is divided in 4 parts:

    First step: Configure your CA for publishing CRL lists.

    Second step: Configure HTTP link for CRL in CDP extension.

    Third step: Configure IIS web server for the http link of CRL location.

    Fourth step: Test CRL download.

    Best Regards,
    Sunny

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments