SSTP with Win 10 Clients

Hi @Phoenix1993. I double-checked SSTP implementation, and I can confirm that this is work on the latest rolling.

  1. Create a directory and generate certificates
mkdir /config/auth/sstp/

1.1 Generate server key and cert

openssl req -newkey rsa:4096 -new -nodes -x509 -days 3650 -keyout /config/auth/sstp/server.key -out /config/auth/sstp/server.crt
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:VyOS
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:x.x.36.246
Email Address []:

1.2 Generate CA

openssl req -new -x509 -key /config/auth/sstp/server.key -out /config/auth/sstp/ca.crt

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:VyOS
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:ROOT CA
Email Address []:
  1. Check if certs and keys exist
vyos@RTR1# sudo ls -lah /config/auth/sstp
total 20K
drwxrwsr-x 2 vyos vyattacfg 4.0K Jun 27 10:32 .
drwxrwsr-x 8 root vyattacfg 4.0K Jun 27 10:32 ..
-rw-rw-r-- 1 vyos vyattacfg 1.9K Jun 27 10:32 ca.crt
-rw-rw-r-- 1 vyos vyattacfg 2.0K Jun 27 10:32 server.crt
-rw------- 1 vyos vyattacfg 3.2K Jun 27 10:32 server.key
  1. Configure SSTP
set vpn sstp authentication local-users username test password 'test'
set vpn sstp authentication mode 'local'
set vpn sstp authentication protocols 'pap'
set vpn sstp network-settings client-ip-settings gateway-address '100.64.1.1'
set vpn sstp network-settings client-ip-settings subnet '100.64.2.0/24'
set vpn sstp network-settings name-server '1.1.1.1'
set vpn sstp ssl ca-cert-file '/config/auth/sstp/ca.crt'
set vpn sstp ssl cert-file '/config/auth/sstp/server.crt'
set vpn sstp ssl key-file '/config/auth/sstp/server.key'
  1. Export ca.crt and server.crt to Win machine via MMC
  2. Create an SSTP connection and try to connect.