Conditional forwarder with 443 port,

Hi,

Currently we have one public IP and we are using a Mikrotik box as VPN server using SSTP protocol.

Now our users needs to reach one internal https server and I cannot redirect the 443 port to that server because SSTP will stop to work.

Is there a way to include some entries in the public DNS Server and to do a conditional forwarding based on the host name like:
Public IP is 1.2.3.4
Local Web Server IP is 192.168.0.1
Public DNS server has the following entries:

• vpnserver.mydomain.com with IP 1.2.3.4
• exchange.mydomain.com with IP 1.2.3.4

So when external traffic reach the Mikrotik box it checks the destination host:

• If destination host is exchange.mydomain.com forwards the packets to local Web Server at IP 192.168.0.1
• If destination host is vpnserver.mydomain.com sends the packets to internal Mikrotik SSTP Server.

Best Regards,

William.

Once the connection is SSL, you no longer have access to the header to get the “Host:” parameter, only the source and destination ips and ports. Since they are the same, there is no way to tell the SSL connections apart, except on the SSL server.

What if you change the SSTP port to a different one?

The problem in changing the SSTP port is that users are connecting from Windows machines and in the SSTP client there’s not an easy way to change the port.

Maybe I’ll need to change the VPN protocol to another one like PPTP for instance. My first choice to SSTP was because user connects from different places and PPTP was easily being blocked from Wifi routers or network firewalls.