SSTP explained — is it good, and why do we use it?

What is SSTP?

SSTP, or the Secure Socket Tunneling Protocol, is a VPN protocol that creates a tunnel between a client device and a server. Primarily, SSTP is used to secure remote access to private networks over the internet. Microsoft developed SSTP to replace the less secure PPTP and L2TP /IPSec protocols. SSTP is typically used to protect native Windows VPN connections.

How does SSTP work?

Like other protocols, SSTP establishes an encrypted tunnel between a VPN client and a VPN server. The data that passes through the tunnel is protected from external interception.

SSTP is an improvement over PPTP (Point-to-Point Tunneling Protocol) as it uses SSL/TLS and TCP port 443 by default. These features allow SSTP to be considered an improvement in terms of security and firewall traversal capabilities compared to PPTP.

SSTP also bases its connections on user authentication instead of device or computer authentication.

How secure is the SSTP protocol?

SSTP is considered to be a cryptographically secure protocol. It uses the SSL/TLS and AES encryption ciphers to establish a secure connection between the client and the server. SSTP ensures network traffic security by enveloping it within the protective SSL/TLS channel.

SSTP vs. other protocols

SSTP is considered more secure than PPTP and L2TP/IPSec, and it is more difficult for ISPs and firewalls to block VPNs using this protocol.

SSTP vs. OpenVPN

OpenVPN is newer than SSTP. Moreover, OpenVPN is open source and benefits from contributor reviews and updates. It also uses AES encryption, which is the standard in symmetric encryption.

While both protocols use strong encryption ciphers, OpenVPN is a more widely accepted and universal choice because it is available on Windows platforms and beyond. It’s more stable and trustworthy.

SSTP vs. PPTP

PPTP is an older protocol than SSTP and easier to set up. PPTP is also more widely supported than SSTP.

However, PPTP can be easily blocked by internet service providers or admins. Because SSTP uses port 443, it is more difficult to block. PPTP has known security vulnerabilities and is considered less secure compared to SSTP and other modern VPN protocols.

SSTP vs. WireGuard

SSTP and WireGuard protocols are both considered to be secure. However, WireGuard is open source and faster than SSTP. WireGuard also works on more platforms. While both protocols are decent, if you want security, privacy, and speed simultaneously, we recommend choosing WireGuard.

Pros and cons of SSTP

Here are some pros and cons of SSTP:

Pros

• Decent security. SSTP uses SSL and encloses data packets over HTTPS.

• Difficult to block. SSTP is difficult to block due to TCP port 443 usage. SSTP can effectively bypass firewalls.

• Easy to use and configure. SSTP is easier to set up than OpenVPN.

Cons

• Closed source. SSTP is not open source, so it is not possible to check if it contains hidden surprises like backdoors.

• Owned by Microsoft. Microsoft’s ties to the NSA lead to speculation that SSTP may have backdoors or other security loopholes.

• Supports user authentication only. This issue can limit the usage of SSTP.

• Slowness. Robust encryption makes the algorithm slow.

What is an SSTP VPN?

An SSTP VPN is a type of VPN that uses the SSTP protocol to establish a secure and encrypted connection between a client and a server over the internet. An SSTP VPN is used for secure remote access, such as file sharing or connecting to corporate systems. It was developed for Windows operating systems and is therefore popular among Windows users. Usually, you can choose this option in your VPN client’s interface. However, it is best to use a VPN that offers multiple protocols.

How to connect to an SSTP VPN

SSTP is a part of your VPN, whether at home or work. If you are unsure whether your VPN supports SSTP, contact your service provider or system administrator. Follow these steps to configure SSTP VPN on Windows 11 operating system:

1. 1.

   Open “Settings” on your Windows computer.

2. 2.

   Click on “Network and internet” and then choose “VPN.”

   
3. 3.

   Click on “Add VPN” in the top right corner.

   
4. 4.

   Enter the following details and then press “Save.”

   

   • VPN provider – Windows built-in
   • Connection name – e.g., My SSTP VPN
   • Server name or address – nordvpn.com
   • VPN type – Secure Socket Tunneling Protocol (SSTP)
   • Type of sign-in info – username and password
   • User name – [username]
   • Password – [password]
5. 5.

   And finally, click on “Connect.”

   

These are general guidelines for establishing an SSTP VPN connection. The instructions may vary depending on your operating system and VPN provider. If you encounter problems connecting to an SSTP VPN, contact your VPN customer service or system administrator.