I just setup sstp server using self signed certificate and ca per the instructions on the wiki, using CCR running 6.0rc9. I can connect and see the remote network fine, but ssl connections through the VPN are not working. I’m connecting with a windows 7 client. Any http connections work fine, telnet works fine, samba even works. But https and other ssl encrypted connections like citrix do not work at all. I have no firewall filters for internal traffic. Local hosts can connect to each other fine, the problem is only over the sstp vpn. Any ideas what could be causing this? Thanks.
Are you running SSTP in default port 443? Can you try it with different port? That was a bit long shot, but at least one thing what would be possible causing that.
Yes I’m running SSTP on port 443. I’m using all the defaults and settings from the SSTP remote client example on the wiki.
I’m still stumped. And it’s not just https connections that aren’t working, all connections are getting corrupted through the SSTP vpn. Web pages won’t load or will just be gibberish. I’ve tried connecting from multiple client devices and the sstp vpn connects fine, I have the certificates and clock all set properly, but any connections through the vpn get corrupted! Here’s my configuration, what am I doing wrong here, or what could cause data to be lost or corrupted through a vpn connection?
/interface sstp-server server
set authentication=mschap1,mschap2 certificate=sstp enabled=yes
/ip firewall filter
add chain=input protocol=ipsec-esp
add chain=input dst-port=8291,443 protocol=tcp
add chain=input dst-port=500,4500,1701 protocol=udp
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
/ppp secret
add local-address=10.69.0.1 name=xxxxx password=xxxxx remote-address=10.69.0.2 service=sstp
I found the solution for this, in case anyone else has the problem. The problem was on the client machines, not in routeros. If you have the “DNE LightWeight Filter” installed (which is installed by many vpn clients such as Sonicwall GLobalVPN) it must be the latest version or else it breaks the SSTP client in Windows. There is an update to DNE available at the following URL. After installing it I can connect to all VPNs with no problem (SSTP, L2TP, Sonicwall, and Cisco).