http://debianws.lexgopc.com/wiki143/index.php?action=history&feed=atom&title=Secure_Socket_Tunneling_ProtocolSecure Socket Tunneling Protocol - Revision history2026-05-15T15:43:55ZRevision history for this page on the wikiMediaWiki 1.43.1http://debianws.lexgopc.com/wiki143/index.php?title=Secure_Socket_Tunneling_Protocol&diff=4108881&oldid=previmported>Applsdev: /* Infobox */2025-05-03T09:48:29Z<p><span class="autocomment">Infobox</span></p>
<p><b>New page</b></p><div>{{short description|Form of virtual private network tunnel}}<br />
{{distinguish|Simple Symmetric Transport Protocol}}<br />
{{Infobox technology standard<br />
| title = SSTP<br />
| long_name = Secure Socket Tunneling Protocol<br />
| image = <br />
| image_size = <br />
| alt = <br />
| caption = <br />
| abbreviation = <br />
| native_name = <!-- Name in local language. If more than one, separate using {{plain list}} --><br />
| native_name_lang = <!-- ISO 639-1 code e.g. "fr" for French. If more than one, use {{lang}} inside native_name items instead --><br />
| status = <br />
| year_started = 2007<br />
| first_published = {{Start date|2007|02|22|df=y}}<br />
| version = <br />
| version_date = <br />
| preview = <br />
| preview_date = <br />
| organization = [[Microsoft]]<br />
| committee = <br />
| series = <br />
| editors = <br />
| authors = <br />
| base_standards = MS-SSTP<br />
| related_standards = <br />
| predecessor = <br />
| successor = <br />
| domain = <br />
| license = <br />
| copyright = <br />
| website = <!-- {{URL|https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-sstp/}} --><br />
}}<br />
In [[computer networking]], '''Secure Socket Tunneling Protocol''' ('''SSTP''') is a form of [[virtual private network]] (VPN) tunnel that provides a mechanism to transport [[Point-to-Point Protocol]] (PPP) traffic through an [[Transport Layer Security|SSL/TLS]] channel.<br />
<br />
==Protocol==<br />
SSL/TLS provides transport-level security with key negotiation, [[encryption]] and traffic integrity checking. The use of SSL/TLS over [[Transmission Control Protocol|TCP]] port 443 (by default; port can be changed) allows SSTP to pass through virtually all [[firewall (computing)|firewalls]] and [[proxy server]]s except for authenticated web proxies.<ref>{{cite web<br />
| url=http://blogs.technet.com/b/rrasblog/archive/2007/01/17/sstp-faq-part-2-client-specific.aspx<br />
| title=SSTP FAQ - Part 2: Client Specific<br />
| first=Samir<br />
| last=Jain<br />
| date=2007-01-17<br />
| publisher=[[Microsoft TechNet]]<br />
| accessdate=2015-10-17}}</ref><br />
<br />
SSTP servers must be [[authentication|authenticated]] during the SSL/TLS phase. SSTP clients can optionally be authenticated during the SSL/TLS phase and must be authenticated in the PPP phase. The use of PPP allows support for common authentication methods, such as [[EAP-TLS]] and [[MS-CHAP]].<br />
<br />
SSTP is available for [[Linux]], [[BSD]], and [[Windows]].<ref>{{cite web<br />
| url=http://sstp-client.sourceforge.net/<br />
| title=SSTP-Client<br />
| date=2011-09-17<br />
| accessdate=2015-10-17}}</ref><br />
<br />
SSTP was introduced in 2007<ref>{{Cite web |date=2022-11-04 |title=[MS-SSTP]: Secure Socket Tunneling Protocol (SSTP) |url=https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-sstp/c50ed240-56f3-4309-8e0c-1644898f0ea8 |access-date=2024-08-30 |website=learn.microsoft.com |language=en-us}}</ref> and available on [[Windows Vista SP1]] and later, in [[MikroTik|RouterOS]] since version 5.0, and in [[IIJ SEIL|SEIL]] since its firmware version 3.50. It is fully integrated with the RRAS architecture in these operating systems, allowing its use with [[Winlogon]] or [[smart-card]] authentication, remote-access policies and the Windows VPN client.<ref>{{cite web<br />
| url=http://www.biztechmagazine.com/article/2008/01/sstp-makes-secure-remote-access-easier<br />
| title=SSTP Makes Secure Remote Access Easier<br />
| first=Mitch<br />
| last=Tulloch<br />
| date=2008-01-22<br />
| accessdate=2015-10-17}}</ref> The protocol is also used by [[Windows Azure]] for Point-to-Site Virtual Network.<ref>{{cite web<br />
| url=https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-point-to-site-create/<br />
| title=Configure a point-to-site VPN connection to an Azure Virtual Network<br />
| first=Cheryl<br />
| last=McGuire<br />
| date=2015-08-11<br />
| accessdate=2015-10-17}}</ref><br />
<br />
SSTP is intended only for remote client access, it generally does not support site-to-site VPN tunnels.<ref>{{cite web |last=Jain |first=Samir |date=2007-01-10 |title=SSTP FAQ - Part 1: Generic |url=http://blogs.technet.com/b/rrasblog/archive/2007/01/10/sstp-faq-part-1-generic.aspx |url-status=dead |archive-url=https://web.archive.org/web/20101012205841/http://blogs.technet.com/b/rrasblog/archive/2007/01/10/sstp-faq-part-1-generic.aspx |archive-date=2010-10-12 |website=TechNet Blogs |accessdate=}}</ref><br />
<br />
SSTP suffers from the same performance limitations as any other IP-over-TCP tunnel. In general, performance will be acceptable only as long as there is sufficient excess bandwidth on the un-tunneled network link to guarantee that the tunneled TCP timers do not expire. If this becomes untrue, performance falls off dramatically due to the [[TCP meltdown problem]].<ref>{{cite web<br />
| url=http://sites.inka.de/bigred/devel/tcp-tcp.html<br />
| title=Why TCP Over TCP Is A Bad Idea<br />
| first=Olaf<br />
| last=Titz<br />
| date=2001-04-23<br />
| accessdate=2015-10-17}}</ref><ref>{{cite conference<br />
| bibcode=2005SPIE.6011..138H<br />
|title=Understanding TCP over TCP: effects of TCP tunneling on end-to-end throughput and latency<br />
|author1=Honda, Osamu |book-title=Performance, Quality of Service, and Control of Next-Generation Communication and Sensor Networks III<br />
| volume=6011<br />
| page=60110H<br />
|author2=Ohsaki, Hiroyuki |author3=Imase, Makoto |author4=Ishizuka, Mika |author5=Murayama, Junichi | s2cid=8945952<br />
| editor2-first=Sergey I<br />
| editor2-last=Balandin<br />
| editor1-first=Mohammed<br />
| editor1-last=Atiquzzaman<br />
| date=October 2005<br />
| doi=10.1117/12.630496<br />
}}</ref><br />
<br />
SSTP supports user authentication only; it does not support device authentication or computer authentication.<br />
<br />
== Packet structure ==<br />
<br />
The following header structure is common to all types of SSTP packets:<ref>{{cite web<br />
| url=https://technet.microsoft.com/en-us/subscriptions/cc247338.aspx<br />
| title=MS-SSTP: Secure Socket Tunneling Protocol (SSTP)<br />
| date=2015-10-16<br />
| publisher=Microsoft TechNet<br />
| accessdate=2015-10-17}}</ref><br />
<br />
{| class="wikitable" style="text-align :center"<br />
|+SSTP header<br />
|-<br />
! Bit offset !!colspan="8"| Bits 0–7 !!colspan="7"| 8–14 !! 15 !!colspan="16"| 16–31<br />
|-<br />
! 0<br />
|colspan="8"| Version ||colspan="7"| Reserved ||colspan="1"| C ||colspan="16"| Length<br />
|-<br />
! 32+<br />
| colspan="32"| Data<br />
|}<br />
<br />
* Version (8 bits) &ndash; communicates and negotiates the version of SSTP that is used.<br />
* Reserved (7 bits) &ndash; reserved for future use.<br />
* C (1 bit) &ndash; control bit indicating whether the SSTP packet represents an SSTP control packet or an SSTP data packet. This bit is set if the SSTP packet is a control packet.<br />
* Length (16 bits) &ndash; packet length field, composed of two values: a Reserved portion and a Length portion.<br />
:* Reserved (4 bits) &ndash; reserved for future use.<br />
:* Length (12 bits) &ndash; contains the length of the entire SSTP packet, including the SSTP header.<br />
* Data (variable) &ndash; when control bit C is set, this field contains an SSTP control message. Otherwise, the data field would contain a higher-level protocol. At the moment, this can only be [[Point-to-Point Protocol|PPP]].<br />
<br />
=== Control message ===<br />
<br />
The data field of the SSTP header contains an SSTP control message only when the header's Control bit C is set.<br />
<br />
{| class="wikitable" style="text-align:center"<br />
|+SSTP control message<br />
|-<br />
! Bit offset !!colspan="16"| Bits 0–15 !!colspan="16"| 16–31<br />
|-<br />
! 0<br />
|colspan="16"| Message type ||colspan="16"| Attributes count<br />
|-<br />
!32+<br />
|colspan="32"| Attributes<br />
|}<br />
<br />
* Message type (16 bits) &ndash; specifies the type of SSTP control message being communicated. This dictates the number and types of attributes that can be carried in the SSTP control packet.<br />
* Attributes count (16 bits) &ndash; specifies the number of attributes appended to the SSTP control message.<br />
* Attributes (variable) &ndash; contains a list of attributes associated with the SSTP control message. The number of attributes is specified by the Attributes count field.<br />
<br />
==See also==<br />
* [[AuthIP]]<br />
* [[L2TP#L2TP.2FIPsec|L2TP/IPsec]]<br />
* [[HTTPS]]<br />
* [[OpenVPN]]<br />
* [[OpenConnect|OpenConnect VPN]]<br />
* [[PPTP]]<br />
* [[SoftEther VPN]], an open-source VPN server program which supports SSTP-VPN protocol.<br />
* [[WireGuard]]<br />
<br />
==References==<br />
{{Reflist}}<br />
<br />
==External links==<br />
*[https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-sstp/c50ed240-56f3-4309-8e0c-1644898f0ea8 <nowiki>[MS-SSTP]: Secure Socket Tunneling Protocol (SSTP)</nowiki>] by [[Microsoft Open Specification Promise]]<br />
*[http://blogs.technet.com/rrasblog/archive/tags/SSTP/default.aspx RRAS Technet Blog]<br />
*[http://www.techworld.com/networking/news/index.cfm?newsID=7814&pagtype=all Microsoft develops new tunneling protocol]<br />
*[https://blogs.technet.microsoft.com/rrasblog/2007/01/10/how-sstp-based-vpn-connection-works/ How SSTP based VPN connection works]<br />
*[http://www.hsc.fr/ressources/outils/sstoper/index.html.en HSC's SSTP Client for Linux]<br />
*[http://sstp-client.sourceforge.net/ SSTP Client for Linux]<br />
{{VPN}}<br />
<br />
[[Category:Network protocols]]<br />
[[Category:Tunneling protocols]]</div>imported>Applsdev