You’re absorbing caffeine from a white cup with green letters while surfing the web on your laptop and you suddenly remember that you need something from your corporate VPN. What to do? Yes, I know you’ll try to establish VPN even if you tried it just last Thursday. You’re an optimist who believes that they just might have realized that outgoing VPN is not evil. But alas, you’ll need to head back home since airports, hotels and coffee shops notoriously block most all of the really cool protocols from working.
Some day soon (we hope) you’ll be able stay comfy and do your work. This is all due to the upcoming Windows 2008 and Vista support of SSTP!
The Secure Socket Tunnel Protocol is really an ingenious convergence of secure HTTP (HTTPS/SSL) and Point-to-Point Protocol technologies. In order to make this work you’ll need a few things:
- Windows 2008 Server – Expected February release
- A certificate authority (This can be an internal enterprise CA)
- A firewall – My personal favorite: Microsoft ISA 2006
- Vista SP1 – Early to mid March release. There’s discussion on whether XP SP3 will add this support but the future is unclear. Check again later.
Now, I won’t tell you that giving your road warriors this kind of freedom is going to take 15 minutes and a wizard, but there are already some great resources published to get you ready.
- Dr. Thomas Shinder (The smartest firewall guy I know) has published an article on ISAserver.org on how to configure ISA 2006 for SSTP access:
- Another Dr. Shinder article on WindowsSecurity.com. This one is a 2-part article. Part 1 is a deep-dive on the new protocol and part 2 focuses on configuring required Windows 2008 services:
- Samir Jain from the TechNet Routing and Remote Access blog has posted a primer on the SSTP protocol:
Jonathan Connery MCSE+I, MCSD
Senior Systems Architect
Infrastructure Optimization Team