Configure Mikrotik SSTP VPN with TLS certificate

In our previous post, we showed how to automatically generate and activate/renew a Let’s Encrypt TLS certificate on a Mikrotik device: https://www.amd-k6.com/automate-letss-encrypt-tls-certificate-on-mikrotik-routeros/

Today, we look at configuring an SSTP VPN server which uses this certificate so you can remotely connect to your Mikrotik router from a Windows PC, for example.

The first step is to create a VPN user, this is done in PPP > Secrets. The options are mostly straightforward:

  • Name: you username
  • Password: select a strong password
  • Service: select sstp
  • Profile: default-encryption
  • Local address: set the IP address of you mikrotik device on the LAN-side
  • Remote address: this is the IP address you will get from the VPN, select an address that is available on your LAN
Continue reading

Automate Lets’s Encrypt TLS certificate on Mikrotik RouterOS

To configure an SSTP or OpenVPN service on my Mikrotik Router, I had the need to generate and upload a real TLS certificate to the device. Some solutions exist in various blog posts but they are either too complicated, outdated or badly documented. So I made my own post and script. I hope it helps someone!

The goal here is to generate a Let’s Encrypt certificate and upload/activate it on a Mikrotik router. What you will need to do manually is:

  • Generate a Let’s Encrypt certificate
  • Create an user to SSH to your Mikrotik
  • Run the script to transfer and activate the certificate
Continue reading