Hero Banner

Products Discussions

Share best practices and get the latest Microsoft product info

Level 1 Contributor

SSTP support for device-based VPN tunnels / machine certificates

We're running Windows 10 Enterprise and Server 2016.

We have always-on VPN setup, we have device-based tunnels setup as that's the preferred end-user experience.

However, we noticed that while user-based tunnels support 'automatic' tunnel selection (so will go IKEv2 then SSTP if necessary), the device-based tunnels only support IKEv2.

Couldn't find anything explicitly stating that on MS' site, just a few random blogs running into that particular issue.

Not sure if that limitation is to be addressed in the future (Server 2019....and need some Windows 10 future release?) or if that is just a short-coming of that choice.

Trying to make sure they have connectivity flexibility depending on what limitations a hotel or other place remote users are at where IKEv2 isn't always a possible method of connection, but SSTP should be fine.


Visitor 1


TLS-support is indeed really needed to make the Device Tunnel more reliable. Hope they add this soon.