Hi everyone.
I already have OVPN server running fine and trying to setup SSTP server in addition. Basically followingh same steps I did for OVPN but looks like I am missing something. Funny thing I can telnet to port 34443 from the local network, but when I am checking this port from https://canyouseeme.org nothing is working and I do not see a connection attempt in the log. Here is my config.
SSTP uses port 443 AFAIK ?
Is there an ISP modem in front of your router ?
Are you sure the ISP modem is passing that port to your device ?
As long as the other side is configured to use same port, it doesn’t matter if not 443. In fact, all the setting have to match on remote end.
Different question is the other end another Mikrotik or Windows? Windows SSTP client has a lot more limitations on what options you can set AFAIK.
I am using a different port because my provider seems to be blocking 443. The client is going to be a Windows box and I know that a built-in client requires extra steps for port redirection. I wonder why my config is not letting traffics in.
There is no 2nd router. I did the following test. I setup a listener on port 34443 on my PC and NAT forwarding 34443 to my PC. That works fine.
The certificate must be trusted by windows. Possible that they have different windows’ version and potentially different root servers? e.g. is the certificate issuer of the Mikrotik SSTP in windows as a root server?
See
https://help.mikrotik.com/docs/display/ROS/SSTP#SSTP-Certificates
I am aware of certs.
My question is why the router does not respond when I check port 34443 from outside?
Well, if your sure its not cert. Your firewall filter could be wrong, the screenshot shows a rule that work, but depending on fasttrack and/or placement it may not trigger…
That looks like kind of bug to me.
I stopped OVPN server and used its port for SSTP server and this piece started working. Changed everything back and now both servers can accept the connections. Still fighting with routing but that is a different story.