I just setup my first SSTP VPN. There are just a few difference from PPTP and it’s more secure and faster to use. You only need to port forward 443 to the server. The documentation out there leaves out key things for people who want to set one up with a single NIC that’s behind a firewall like we mostly do.
First go to server manager and then add roles. Choose to add the Web IIS role and click next. Go with all the defaults except go ahead and check all the boxes under the security section.
Complete the install and open up IIS. Click on the server on left and then double click the server certificates on the right. Create a domain certificate. Fill in the blanks, but the only important one is the common name. You have to create an A record for a public common name with the DNS host like Network Solutions. If you already have one then go ahead use that.
You have to have an internal certification authority already installed. This is by default on all SBS servers, but you may have to do this manually by adding the certificate services role if you don’t. If you already have one then it will show up in the list. You can call the friendly name anything you want, and click finish.
Next go back into roles and add the Network policy and access services role. Choose Routing and remote access services and the remote access service and routing options. The new role appears. Open it and right click on the Routing and remote access option and choose to Configure and enable.
Choose custom and only the VPN option.
Change the VPN client on the workstation to use SSTP as its first choice and log in.