I have an SSTP server working perfect allowing 2 remote MiktoTik clients connect to it, using port 443 by default.
As I understand (excuse my noobish knowledge in all this, i am just learning), certificates need 443 right?
Now, i am setting up an ubuntu server behind this router, and need port 443 open and forwarded to it to get SSL certificates during the installation.
I forwarded port 443 & 80 in the firewall>NAT section to the IP of this new server like this:
But the script that sets up the Nextcloud server reports that port 443 is not open.
(i enabled the ubuntu firewall and opened the needed ports there as well)
So i believe, port 443 is already in use by the Mikrotik SSTP server, then what should I do to allow both servers run on the same router?
I am not 100% sure i am forwarding the ports properly on the Mikrotik, but that is how i did it before in another location that has another web server and it works ok, although on that network there is no SSTP server installed like here.
Could i just set any other port number for the SSTP server and the clients connecting to it or 443 is mandatory for the certificates i had to sign when i setup the SSTP server?
You can’t have two independent services to use same port number. There are two ways to deal with your problem:
use different port number for SSTP
There’s gotcha: some ISPs don’t allow connections to random service port numbers (and that could be either ISP on server’s side or ISP on client’s side). Hence many tunneling services nowdays use 443 as service port number because ISPs tend to allow connections towards it. You’ll have to test and see if you’re affected or not.
make exception to HTTPS port forwarding rule so that certain source IP addresses don’t get forwarded. Those will not have access to HTTPS but to SSTP.
The problem with this solution is that you’ll have to keep updating the address list with SSTP clients which can be a big nuisance if you have SSTP clients with dynamic IP addresses. Those clients won’t be able to connect HTTPS service directly, they will have to connect it through tunnel. And there are other minor details in configuration necessary to make this scenario work seamlessly.
So, if you can, go with option #1.
BTW, SSL certificates usually don’t refer to port numbers, most of time they refer to domain names (single, multiple or wildcard), seldomly they refer to IP address(es). I’ve never seen certificate specific to port number (I don’t know if it’s even possible to create certificate refering to specific port number).
Thank you so much for the clarification.
I changed the post numbers to something else on the server and the 2 connecting clients. The ISP is not blocking the one i picked and the connection is working good for the SSTP server.
Now i am still scratching my head, because port 443 (now forwarded to the nextcloud server i need on the network, is not working.
Trying to troubleshoot right now. i may ask another question or 2..
But thanks a lot mkx
