Tutorial 002 Mikrotik SSTP VPN server Windows SSTP VPN client

Mikrotik 2011UAS-2HnD RouterOS 6.7 L5 as SSTP server
Windows 7 PL 32bit as SSTP VPN client

Mikrotik /server, ca.crt+ca.key/
– internal LAN:, IP:
– external IP – XXX.XXX.86.23

Windows PC /client, only ca.crt/
– external IP: Tmobile 3G PL
– LAN, HTC Wildfire S – WiFi Hotspot

config I
– Mikrotik SSTP pool –
– Windows PC IP is in Mikrotik local LAN pool
– client decides where goes internet traffic

config II
– Windows client PC all internet traffic going through SSTP VPN gateway
– Mikrotik SSTP pool –
– Windows PC IP is in Mikrotik SSTP pool
– if client disable traffic rediret then looses SSTP pool acces and Mikrotik internal LAN acces

1. CA /certificate authority/ CN /common name/ – must be real external IP, domain name or /if server works only in LAN/ LAN IP or LAN name /Router Identity, System Identity/.
2. Not included in Video… ca.crt and ca.key should be deletet from Mikrotik /Files/.
3. Appendix in video – SSTP easly bypass firewalls /client site/.