How to Use a VPN with SSTP (Secure Socket Tunneling Protocol)

One of the best things about VPNs (Virtual Private Networks) is how versatile they are. With many excellent providers to choose from, you can choose the right VPN for you according to its price, server location, special features, and, perhaps most importantly, security measures.

There are a variety of different protocols VPNs can use to tunnel, encrypt, and protect your data. Many VPNs come with multiple protocol options, so you can choose the one that best suits you in different circumstances.

One of these options is SSTP, or Secure Socket Tunneling Protocol. This method is a relatively common option for securing a VPN.

When installed correctly and selected in the proper situation, SSTP can help you go online more anonymously, get past geoblocks, and protect your privacy. However, like all protocols, SSTP has its own unique characteristics, benefits, and disadvantages.

vpnMentor is committed to helping you find and utilize the best VPN for your needs. Read on to learn when, why, and how to use a VPN with SSTP.

Tunneling 101

In order to fully understand SSTP, you’ll first need to grasp the basic idea behind tunneling in a VPN. After all, SSTP stands for Secure Socket Tunneling Protocol. (Note that a “protocol” is simply a list of guidelines and methods for sending information from one digital device to another.)

The goal of tunneling is to protect your IP (Internet Protocol) address, location, search history, and other sensitive information from being hacked, stolen, or spied on. In order to accomplish this, a VPN does two things:

  1. Encapsulation. This means that the VPN covers your actual internet request and the data you want to send online with additional information. This makes it looks like something else and shields it from prying eyes. When this packet of data reaches your VPN, the VPN uncovers the actual data and processes it from there. This means you can still use the internet, but it is much more difficult for anyone to tell what you’re doing online, since your activity looks like it’s coming from the VPN server itself.
  2. Encryption. Encapsulation goes a long way toward protecting your data, but VPNs want to provide additional security. In order to do this, they encrypt the information you send. Basically, encryption translates the data into a code that only the VPN server itself can decipher. This means that even if cybercriminals or spies were able to get past the encapsulation around your data, they wouldn’t be able to read the jumbled-up version of your information. VPNs use encapsulation to both send and receive information from your computer, keeping your online activity maximally private.

These two layers of defense are a big part of what makes VPNs safe and effective. For this reason, understanding the methods your VPN uses to provide these protections is important.

SSTP: A History

Back in 1999, a group led by Microsoft created what was essentially the very first tunneling protocol for VPNs: PPTP, which stands for Point-to-Point Tunneling Protocol. Some people still PPTP today because it typically provides excellent speeds and it’s easy to install.

PPTP offers encapsulation and encryption (today, most PPTP has 128-bit encryption), but unfortunately, it’s easily hackable. A cybercriminal can get past PPTP in mere minutes.

In addition, it seems certain that the United States NSA (National Security Agency) can easily hack into PPTP. This is a real problem, especially considering that the United States is part of the 5 Eyes, 9 Eyes, and 14 Eyes Agreements, meaning that it may spy on users and share information with other countries.

Since it’s been around so long, PPTP is also easy for companies to block. For example, if a company doesn’t want you to access its articles or stream its videos using a VPN, it could potentially disable your PPTP connection.

Today, there are a wide variety of safe, effective VPNs designed to be undetectable and bypass these kinds of VPN blocks.

As technology, the internet, and cybercriminals evolved, Microsoft created a new, more modern tunneling protocol: SSTP. Although it has its own issues, SSTP offers numerous advantages over PPTP.

How Does SSTP Work?

Like most VPN protocols, SSTP both encapsulates and encrypts users’ information.

SSTP encapsulates data in the same way that PPTP does. Basically, it wraps one form of data (Point-to-Point Protocol packets, which travel directly between two servers) in another form of online data (Internet Protocol datagrams, which are the general type of information sent online).

SSTP then sends this wrapped-up information through secure servers to the internet. Specifically, SSTP sends the encapsulated information through Port 443. A “port” is an online relay point that information travels through.

Overall, SSTP provides a simple but effective form of encapsulation.

The true difference between SSTP and PPTP lies in SSTP’s encryption strategies. SSTP uses Secure Socket Layer (SSL) encryption. SSL sends an encryption request called a “certificate” from one server to another.

When both computers agree to encrypt, SSL converts the encapsulated information a VPN sends into a code that can only be deciphered with the correct key. Port 443 is specifically designed to process SSL encryption, which is why SSTP sends it through this relay point.

While you might not have realized it, you probably interact with SSL encryption on a daily basis. Any website that begins with “https” instead of “http” is using SSL. SSTP typically uses SSL version 3.0 today. This is generally seen as a strong, reliable form of encryption.

Benefits of SSTP

SSTP is relatively widespread for a reason: it’s a solid protocol for VPNs in a number of ways.

SSL 3.0 provides above-average encryption. If you want to protect your privacy from hackers and cybercriminals, SSTP may be a good option.

SSTP’s Port 443 encapsulation means that companies have a harder time blocking it, and it can get through many firewalls. This feature may also help users who want to view censored content, since it makes VPN traffic look like standard HTTPS traffic online.

Since it was created by Microsoft, SSTP is also particularly easy to set up and use on Windows devices. It can also technically work on Apple and Linux devices. Microsoft also provides fairly regular updates and good support for this protocol. The company works to keep it up-to-date and running smoothly.

When compared to other protocols, SSTP is fairly fast, which may make it a good option for conducting online activity that doesn’t require as much bandwidth.

Disadvantages of SSTP

SSTP is an excellent protocol in many ways, but there are a few negative aspects to consider and potential risks to look out for.

While SSTP’s encapsulation often gets around firewalls, blocks, and censorship, it may not be ideal for online gaming or P2P (Peer-to-Peer) activity like torrenting, since it tends to run through web browsers (although alternative methods may be available, depending on your provider).

Additionally, while SSTP is somewhat fast, its advanced encryption can slow it down. This may also make it difficult to use for streaming, gaming, torrenting, and similar activity. Fortunately, we can recommend excellent VPNs for torrents and PC (Personal Computer) gaming.

While SSL 3.0 encryption is generally strong, it may be vulnerable to certain types of attacks. In 2014, the United States Department of Homeland Security and the Internet Engineering Task Force (IETF) discovered that SSL 3.0 and related protocols could fall prey to what’s called a “POODLE” attack.

POODLE stands for Padding Oracle on Downgraded Legacy Encryption. It’s essentially a “Man in the Middle” attack, which means that a hacker records your information as it’s traveling to or from its destination.

It’s possible that Microsoft has taken steps to protect the SSL 3.0 encryption used in SSTP from POODLE attacks, but we can’t know for sure. For this reason, it may be wiser to use an even more strongly encrypted protocol, such as OpenVPN.

Furthermore, even beyond any SSL 3.0 concerns, your data could be at risk because SSTP is a proprietary protocol from Microsoft. The company could give intelligence agencies, unsavory companies, or other entities a “backdoor” into your information, if they were persuaded to do so.

In addition, while a random hacker or your ISP (Internet Service Provider) might not be able to track your online activity, it’s possible that Microsoft could, since it created and manages SSTP.

Basically, while SSTP’s fundamental structure as a protocol might be safe, you’d have to trust Microsoft to use it responsibly and keep it that way. Unfortunately, there are some reasons users might be suspicious of Microsoft.

The company has worked with the US NSA in the past, allegedly helping the government agency get past Microsoft’s own encryption methods. Others believe that Windows applications have tracking measures installed in them. This does not inspire a lot of confidence in the company when it comes to protecting users’ privacy.

After all, Microsoft is headquartered in the US, which is a member of the 5 Eyes, 9 Eyes, and 14 Eyes intelligence-sharing agreements. The government could pressure the company to share further information collected by SSTP VPNs.

As we’ve explained above, these alliances mean that certain countries have agreed to share their citizens’ and users’ online activity with each other. If your VPN uses Microsoft’s SSTP system, your data could fall under this agreement.

Although SSTP may technically be able to run on Mac or Linux, it performs best on Windows devices, applications, and platforms. If you have a non-Windows device, getting SSTP to work properly may be more of a hassle than it’s worth.

What Kinds of Devices Can Run SSTP?

Most Windows desktops, PCs, tablets, and smartphones can easily run SSTP, since this protocol is likely integrated with their operating systems. Some routers may be able to run SSTP, along with other protocols.

Mac and Linux devices may be able to run SSTP, but there isn’t nearly as much support for these devices. It can be very challenging to run an SSTP VPN on a non-Windows device.

Who Should Use a VPN with SSTP?

As we mentioned above, there are a variety of protocols available for use on a VPN. As a VPN user, you can pick the protocol that best fits your needs and preferences. We recommend using a VPN with SSTP if:

  • You want to reliably get past firewalls.
    This may be especially important to you if you live in a country with heavy censorship. You may also benefit from an SSTP VPN if you want to access sites that your local school or work network blocks.
  • You want to use a VPN on a Windows device.
    As we’ve explained, SSTP is optimally configured and suited for Windows devices and applications, since it’s typically a part of their operating systems. If you have a Windows computer, tablet, or phone, SSTP will likely be very easy to use, plus Microsoft will continually support it. If you don’t have a Windows device, we’d encourage you to consider an alternate protocol, since setting up and running an SSTP VPN may be quite tough.
  • You trust Microsoft to keep your data secure.
    Since Microsoft owns and runs SSTP, the company is completely in control of this protocol. It could also potentially monitor your online activity and even provide your information to the NSA or another government agency. If the company became corrupt, Microsoft could also sell your data to more unsavory groups or hackers. Furthermore, if privacy is important to you, you’d need to feel confident that Microsoft has fully handled the vulnerabilities exposed by the 2014 report about POODLE attacks on SSL 3.0, the encryption method SSTP uses.
  • You don’t intend to use your VPN for gaming, torrenting, or bandwidth-heavy activity.
    Although you may be able to download a client to manage your SSTP VPN, SSTP usually runs through a web browser. Its speeds are also satisfactory, but not exceptional. For these reasons, an SSTP VPN is more appropriate for users who are casually browsing the internet rather than engaging in very high-bandwidth activity.

If you fall into one or more of the above categories, an SSTP VPN may be right for you. However, there are a variety of factors you should take into account when selecting a VPN service. We recommend that you check out our list of tips for choosing the best VPN.

Choosing the Right SSTP VPN for You

Once you’ve decided to go for a VPN that uses SSTP, you’ll still have many providers to choose from. There are multiple VPNs that offer SSTP (although you should note that some providers that used to support SSTP have stopped, in favor of what they believe are stronger, more modern protocols).

When you need to select an SSTP VPN, we suggest you consider the following factors:

  • What you’ll be doing on the VPN.
    VPNs are an incredibly multipurpose technology. They have various potential uses. You could use your VPN to stream videos, access geoblocked content, protect your privacy on public wi-fi, or simply browse more safely at home. Ideally, you should choose an SSTP VPN that serves your exact needs. For example, some VPN providers are better at accessing Netflix than others. If the shows you want to stream are on that platform, you should go with a Netflix-oriented SSTP VPN.
  • Whether or not the VPN provider has a “no-logs” policy.
    One of the advantages of a VPN is that spies, government agencies, ISPs, and hackers can’t see your information, but that becomes somewhat pointless if your VPN itself keeps records of your activity. If your personal privacy is your top priority (and you trust Microsoft’s SSTP practices to keep it safe), you’ll want to choose a VPN provider with a “no-logs” policy. This is a promise that the provider won’t keep records of what you do on their network. If you want this in a VPN provider but aren’t sure where to start, you can take a look at our list of the best no-logs VPNs.
  • Whether or not the VPN includes a kill switch.
    If you’re connected to the internet using a VPN and your service drops out for a moment, your sensitive information could suddenly become viewable by your ISP, hackers, and more. The solution to this problem is a kill switch. This feature automatically disconnects you from the internet if your VPN loses connection. vpnMentor recommends using SSTP VPNs with kill switches.
  • The VPN’s customer support.
    Most VPNs are relatively easy to use, and SSTP VPNs may be especially easy for Windows users to manage. However, it’s important to have reliable customer support, just in case something goes wrong or you have a question. When looking for a good SSTP VPN, we encourage you to take your VPN provider’s customer support options, practices, and ratings into account. It’s ideal if your VPN provider offers updated tutorials online, is available 24/7 via chat or phone, and has earned good reviews from existing customers.
  • The location of the VPN’s headquarters.
    As we described above, the 5 Eyes, 9 Eyes, and 14 Eyes Alliances can impact how secure your information really is when using a VPN. Especially because the SSTP system itself may already fall under these agreements, we recommend selecting a VPN whose headquarters are located outside of countries in these alliances. This can help protect your data from being exposed to governmental agencies.
  • Where the VPN has servers.
    If your goal is to overcome geoblocks, you’ll need a VPN with servers in countries that can access the videos, articles, or information you’d like to see. For example, if you live outside of the US, but want to watch US Netflix, you’ll want to make sure your VPN provider has servers in the US. In addition, the location of your VPN’s servers could have an impact on your privacy, based on the 5 Eyes, 9 Eyes, and 14 Eyes Alliances. An optimal SSTP VPN provider has servers in countries outside of these alliances, as well as in the countries whose content you want to view.
  • How much the VPN service costs.
    While it’s not the only factor you should think about when choosing an SSTP VPN, the price of your provider does matter. There are free VPNs, but it’s important that you do careful research before choosing one, since many are unsafe or inconvenient. If you want to save money, select your SSTP VPN from our list of recommended free VPNs. If you’re willing to spend a bit to enjoy a great VPN, Zenmate VPN supports SSTP and is one of our top VPNs, with an excellent rating from our reviewers. The fast, effective, and highly-rated ExpressVPN also offers SSTP options.
  • Whether or not the VPN provider offers a free trial.
    Whenever you’re using a new service, it’s great to be able to test it out without losing any money. A free trial gives you the opportunity to see how you like a VPN before you commit to paying for it (if you choose a paid VPN, of course). Many of our top VPNs offer free trials.
  • Whether or not the VPN provider has a money-back guarantee.
    If you decide that the SSTP VPN you’ve selected doesn’t meet your needs, you should be able to get your money back. Many reputable VPN providers offer 30-day (or more) money-back guarantees to their customers.
  • How intuitive the VPN’s interface is.
    VPNs are a somewhat complex technology. High-quality VPN providers typically have simple interfaces that are easy to use. Unless you’re especially tech-savvy and want to see all the details of what your SSTP VPN is doing, we suggest taking a look at various interface options and choosing the VPN that offers the easiest experience.
  • How many devices the VPN supports.
    Some VPN subscriptions support multiple devices, while others cover just one or two connections at a time. If you’re looking for an SSTP VPN for the entire family, you may want to look for a provider that supports a few simultaneous device connections. However, if the VPN is just for you, this may not be a factor.

These are just a few aspects of an SSTP VPN provider you may want to consider when making up your mind about which to use.

How to Set Up a VPN with SSTP

It may be possible to set up a VPN with SSTP without going through a VPN provider, especially if you have a Windows device. In this case, you would need to manually configure your device, connect to a network, choose a VPN internet connection, and select a server.

You may also need to create and install SSL certificates, generate your own client, and make sure you put the correct security measures in place.

Likely, each of these steps would involve their own extra complications, since organizing and running a VPN is not a small task.

Rather than dealing with the struggles of setting up your own VPN – and the potential issues that could occur if you arrange it improperly – we recommend using a trusted VPN provider.

When you set up an SSTP VPN through a VPN provider, all you’ll need to do is:

  1. Purchase a subscription, get a free trial, or create an account with a free VPN provider to get started.
  2. Download and activate the VPN software or application onto the device you wish to use.
  3. Click through the installer the VPN provider has created.
  4. Open your new VPN client and sign in.
  5. Use the interface to choose a VPN server. In some cases, a VPN provider can automatically choose a server optimized to your needs, so you don’t have to select one for yourself.
  6. Begin using your SSTP VPN right away.

Some of these steps may vary based on your particular VPN provider, device, and preferences. Generally, using an SSTP VPN through a VPN provider is very simple. You should be able to set up your whole system in a few minutes.

How to Run a VPN with SSTP

Once you’ve set up your VPN with SSTP through a VPN provider, it should either automatically begin running when you connect to the internet, or you can open the interface whenever you want to use it and choose your VPN server in one or two clicks.

If you try to manually run your own SSTP-based VPN (which we do not recommend), this process may be more complicated. In this case, you may have to create a customized configuration for your device and take certain actions to maintain your connection.

To easily, successfully run an SSTP VPN with minimal inconvenience, you should choose a top-quality VPN provider.

SSTP VPNs: A Summary

SSTP is a strong protocol for VPNs if you trust Microsoft, plan to use your VPN on a Windows device, and aren’t interested in particularly high-bandwidth activities such as gaming or torrenting. If you want a VPN with SSTP, you can easily install and run one of vpnMentor’s recommended options (like Zenmate or ExpressVPN) in a few simple steps, which we’ve outlined above.

Further Reading

If you’re interested in learning more about VPN providers, protocols, and benefits, we recommend reading the following articles:


Be the first to comment

Leave a Reply

Your email address will not be published.