SSTP VPN Server with Docker on Ubuntu VPS

sstp_server.md

On the VPS:

• Create a 10 year certificate. The "Common Name" (CN) must be the static IP of the instance.

  openssl req  -nodes -new -x509 -keyout key.pem -out cert.pem -days 3650

• Run the SoftEther docker with either of the following:

  1. A Single User, SSTP only. Not updated recently (7 years ago at the time of creating the gist)

  sudo docker run -d --cap-add NET_ADMIN -e SSTP_ENABLED=1 -e USERNAME=YOUR_VPN_USERNAME -e PASSWORD=YOU_VPN_PASS -e SERVER_PWD=YOUR_SERVER_PASS -e CERT="$(cat cert.pem)" -e KEY="$(cat key.pem)" -p 443:443/tcp fernandezcuesta/softethervpn

  2. A more recently updated docker image, with all VPN protocols working (OpenVPN, SoftEther and SSTP)

  sudo docker run -d -e VPNCMD_SERVER="SstpEnable yes" --cap-add NET_ADMIN -e USERNAME=YOUR_VPN_USERNAME -e PASSWORD=YOU_VPN_PASS -e SERVER_PWD=YOUR_SERVER_PASS -e CERT="$(cat cert.pem)" -e KEY="$(cat key.pem)"  -p 500:500/udp -p 4500:4500/udp -p 1701:1701/tcp -p 1194:1194/udp -p 5555:5555/tcp -p 443:443/tcp siomiz/softethervpn:ubuntu

• You also need to allow connections over port 443 (You need to look into your provider console)

On Windows Client

• Get the certificate locally

  scp USERNAME@REMOTE_IP_ADDR:/cert.pem ./server.crt
  

• Add Certificate

• Add the connection in the native SSTP windows client and voila!

Hi, sorry, but i don't undesstand:
Create a 10 year certificate. The "Common Name" (CN) must be the static IP of the instance.

this command creates a CA cert, but i need server cert on this CA, right?

Hi, sorry, but i don't undesstand: Create a 10 year certificate. The "Common Name" (CN) must be the static IP of the instance.

this command creates a CA cert, but i need server cert on this CA, right?

With openssl you create cert.pem and copy it to your local windows machine to install it. You will have to install it by following this https://gist.github.com/ma7555/611a6b5ff38d38b60c64d6377565f1d3#on-windows-client