dear All,
Hope you will be fine. I’m facing a problem with the SSTP Server.
When I enabled the SSTP it said Couldn’t change the SSTP server can’t bind, check if the port is not used by other services!
I have no other service running on my Mikrotik.
It’s just brand new with no other service or configuration.
Why it is Happening
No one believes opinion, evidence is provided by the config,
/export file=anynamewyouwish ( minus router serial number, any pubic WANIP information etc…)
/interface bridge
add name=Bridge_LAN
add name=“Bridge_LAN Central Park”
/interface ethernet
set [ find default-name=ether1 ] name=ether1_WAN
/interface pppoe-client
add disabled=no interface=ether1_WAN name=PPPoE password=pwd user=
XYZ
/interface eoip
add local-address=182.176.86.181 mac-address=30:12:00:2D:01:76 name=
“EoIP Tunnel_Central Park” remote-address=203.223.173.66 tunnel-id=11458
/interface lte apn
set [ find default=yes ] ip-type=ipv4-ipv6
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool ranges=192.168.110.100-192.168.110.200
/ip dhcp-server
add address-pool=dhcp_pool disabled=no interface=Bridge_LAN lease-time=30m
name=dhcp1
/port
set 0 name=serial0
/interface bridge port
add bridge=“Bridge_LAN Central Park” ingress-filtering=yes interface=
“EoIP Tunnel_Central Park”
add bridge=“Bridge_LAN Central Park” ingress-filtering=yes interface=ether2
add bridge=Bridge_LAN ingress-filtering=yes interface=ether3
add bridge=Bridge_LAN ingress-filtering=yes interface=ether4
add bridge=Bridge_LAN ingress-filtering=yes interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=all
/interface l2tp-server server
set enabled=yes ipsec-secret=Abc@786 one-session-per-host=yes use-ipsec=yes
/interface ovpn-server server
set auth=sha1,md5
/interface sstp-server server
set authentication=mschap2 default-profile=sstp
/ip address
add address=192.168.110.1/24 interface=Bridge_LAN network=192.168.110.0
add address=192.88.16.1/24 interface=Bridge_LAN network=192.88.16.0
add address=192.168.84.1/24 interface=Bridge_LAN network=192.168.84.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=1m
/ip dhcp-server alert
add disabled=no interface=Bridge_LAN valid-server=18:FD:74:B3:A2:50
/ip dhcp-server lease
add address=192.168.110.101 always-broadcast=yes comment=“Windows 10 Laptop”
mac-address=74:70:FD:1D:CE:23
add address=192.168.110.102 always-broadcast=yes comment=“Windows 11 Laptop”
mac-address=74:E5:F9:D1:59:F2
/ip dhcp-server network
add address=192.168.110.0/24 dns-server=192.168.110.1,8.8.8.8,8.8.4.4
gateway=192.168.110.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.110.3 name=airavenue.contegris.com
/ip firewall filter
add action=accept chain=input comment=“Router Access Remotely” dst-port=
4477,4478 protocol=tcp
add action=accept chain=input comment=“Web Allow” dst-port=53 in-interface=
Bridge_LAN protocol=tcp
add action=accept chain=input comment=“Web Allow” dst-port=53 in-interface=
Bridge_LAN protocol=udp
add action=drop chain=input comment=“Block Attack” dst-port=
25,53,87,512-515,543,544,7547,8080 protocol=tcp
add action=drop chain=input comment=“Block Attack” dst-port=
53,80,87,161,162,1900,4520-4524,8080 protocol=udp
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
"Port Scanners to Address List " protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-NMAP FIN Stealth scan” protocol=tcp tcp-flags=
fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-FIN/SYN scan” protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-RST/SYN scan” protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-FIN/PSH/URG scan” protocol=tcp tcp-flags=
fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-ALL/ALL scan” protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-NMAP NULL scan” protocol=tcp tcp-flags=
!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment=“Dropping Port Scanners”
src-address-list=“Port Scanners”
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.110.0/24
add action=dst-nat chain=dstnat comment=“Windows 10 Laptop” dst-address=
182.176.86.181 dst-port=4481 protocol=tcp to-addresses=192.168.110.101
to-ports=3389
add action=dst-nat chain=dstnat comment=“Windows 11 Laptop” dst-address=
182.176.86.181 dst-port=4482 protocol=tcp to-addresses=192.168.110.102
to-ports=3389
/ip route
add distance=1 gateway=PPPoE_PTCL
add distance=1 dst-address=192.168.8.0/24 gateway=192.168.84.4
add distance=1 dst-address=192.168.94.0/24 gateway=192.168.84.2
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=4478
set ssh disabled=yes
set www-ssl disabled=no
set api disabled=yes
set winbox port=4477
set api-ssl disabled=yes
/ppp profile
add dns-server=8.8.8.8,1.1.1.1 name=sstp remote-address=*4
/ppp secret
add local-address=192.168.84.1 name=remote password=Abc@0321 profile=
default-encryption remote-address=192.168.84.2 service=l2tp
add local-address=192.168.84.1 name=ppp1 password=Abc@0321 profile=
default-encryption remote-address=192.168.84.3 service=l2tp
As the error message suggested port 443 is in use:
/ip service
set www-ssl disabled=no
But I have https://web server on my Lan? It will be effective or not?
Having the www-ssl service running, or not, on the Mikrotik itself has nothing to do with running an HTTPS webserver elsewhere.