MS-SSTP with SSL termination

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
oneb1t
Posts: 2
Joined: Fri May 21, 2021 10:35 am

MS-SSTP with SSL termination

Post by oneb1t » Fri May 21, 2021 10:44 am

Hello
is it possible to run softether MS-SSTP under nginx SSL termination? (so basically disable SSL on SSTP)

I want to have following setup:
NGINX + LetsEncrypt cert -> softether docker MS-SSTPT without TLS

I want to have it this way to have automatic certificate regeneration

Is it somehow possible to achieve this?
Thanks

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: MS-SSTP with SSL termination

Post by eddiewu » Sun May 23, 2021 1:59 pm

You can't do SSTP without TLS. You can do two separate TLS though.
In fact, to realize automatic certificate renewal you can use certbot deploy hook + softether command line, without the need for nginx. But that would need good shell script knowledge.

oneb1t
Posts: 2
Joined: Fri May 21, 2021 10:35 am

Re: MS-SSTP with SSL termination

Post by oneb1t » Mon May 24, 2021 11:55 am

So that means I can use nginx with automatic letsencrypt (i already have that working for other things in our infrastructure) and then softether with some invalid certificate? And then ignore that certificate somehow inside nginx configuration? Will it work like that?

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: MS-SSTP with SSL termination

Post by eddiewu » Mon May 24, 2021 12:27 pm

I don't know how to do it with nginx. Basically it needs to do MITM.

Post Reply