Secure Socket Tunneling Protocol

The Secure Socket Tunneling Protocol ( SSTP ) is a Virtual Private Network ( VPN) tunneling protocol from Microsoft in the year 2007. It allows the establishment of a VPN tunnel over Secure HTTP ( SSL / TLS) on port 443 This should problems be eliminated, which occur due to blocking of web proxies, firewalls and NAT routers when other tunneling protocols such as Point - to-Point Tunneling Protocol ( PPTP) or layer 2 Tunneling Protocol over IPSec ( L2TP/IPSec ) are used.

  • 2.1 Example
  • 3.1 header
  • 3.2 Control Message

Development

SSTP is Microsoft's solution for VPN access using PPP over SSL ( SSL VPN). Microsoft hoped that with this method, the support requests that occurred in connection with IPSec-based VPNs to be able to significantly reduce, as these are often blocked by firewalls and routers. Although the method is based on many standards, Microsoft sought to no standardization within the IETF for SSTP.

The method was developed primarily as a (user) - remote access solution for an end- to-site scenario to pass access servers and network structures on the well-known port 443/TCP through firewalls and gateways. An insert as a link between networks, site -to-site scenario is not provided on the part of Microsoft; with a specific implementation, for example, routers, however, possible.

Specifications

The technical specifications of ( MS ) SSTP are published as part of the Microsoft Communications Protocol Program ( MCPP ), which regulates the free provision of technical documents for Microsoft operating systems.

SSTP uses SSL 3.0 and HTTP 1.1 with 64 bit content length encoding and works on both IPv4 and IPv6. For PPP authentication, MS- CHAPv2, EAP -MS -CHAPv2, EAP smart card and Protected Extensible Authentication Protocol (PEAP) can be used. The encryption algorithms available for SSL methods are supported (AES, RC4, 3DES).

On the server side is installed with Routing and Remote Access Service ( RRAS ) is required for the establishment of SSTP VPN Windows Server 2008 or later (Windows Server 2008 R2 or Windows Server 2012 ). Client side, SSTP is available from Windows Vista Service Pack 1 A SSTP client for Linux, FreeBSD and Mac OS is available on SourceForge for download. Is the client side, the protocol selection is set to Automatic, the first connection in the order PPTP L2TP → → SSTP is attempted.

End of the connection setup

Example

  • Suppose the server has the public IP address: 100.100.100.1 and the client has the public IP address: 200.200.200.1
  • After negotiating the PPP connection over SSTP server has an additional interface with the IP: 192.168.0.1 and the client an additional interface with the IP: 192.168.0.2
  • The user will ping from the client to the server with the IP: 192.168.0.1 to.

SSTP packet structure

Header

The following header structure applies to all types of SSTP packages:

  • Version (8 bits) - Communication and negotiation of the SSTP version used ..
  • Reserved ( 7 bits) - Reserved for future use.
  • C (1 bit) - a check bit indicating whether the packet is a SSTP SSTP control packet ( 1) or a SSTP data packet (0).
  • Length ( 16 bits) - packet length, composed of two values ​​: Reserved ( 4 bits) - Reserved for future use and packet length (12 bits) - length of the entire SSTP packet, including SSTP header.
  • Data (variable) - When the control bit C is set, the data field contains a control message. Otherwise, the data field contains a higher level protocol. Currently, only Point-to- Point Protocol (PPP ) is possible.

Control message

The data field of the SSTP header contains an SSTP control message if the control bit C is set in the header.

  • Message type ( 16 bits) - Specifies the type of transmitted control message
  • Attribute counter ( 16 bits) - Specifies the number of transmitted attributes.
  • Attributes (variable) - Contains the list of the SSTP control packet associated attributes. The number of attributes is determined by the attribute - counter field.
720794
de