Recently I came across a need to implement a simple VPN connection to my home network. I have a Windows Server 2012 box hosting my IIS, which also supports VPN connections over SSTP through the Routing and Remote Access Service (RRAS) without any need for 3rd party software on either server or client side.

To get started I followed the instructions on technet which outlined how to add the feature to the server and start the service. I already had port 443 forwarded through my router for IIS.

I was unable to get my external Windows client to connect right off the bat. I needed to configure a few extra settings. The server was unable to reach the local router DHCP services. I worked around this by adding a static IP pool for the server to pull from instead of the router:

I took this range of IPs out of what the router would hand out to clients to keep any IP address conflicts at bay.

I ensured that the user I was attempting to log in as had remote access permissions through the MMC console:

Windows 7 and above supports the VPN connection natively:

I found that after setting up the connection modifications were required to get the client using the correct protocol and credentials:

After these changes I was able to make a successful connection and tunnel my connection through my home network.

Since the SSTP protocol is basically an SSH connection, a valid trusted certificate is required to be installed on the server. the Windows VPN client does not support trusting non-verified certificates. If your connection address is mattlapaglia.com, a SSL certificate with the same CN is required on the server. I already had a certificate installed on the server for use with IIS which RRAS picked it up automatically. I was surprised there was no issue with IIS and RRAS fighting for control of port 443 (used with both RRAS for SSTP and IIS for SSL connections)