Problem with SSTP

hostmate · October 8, 2019, 10:57am

Hi,

I am using Mikrotik RB450G with RouterOS 6.45.6. I can’t connect to my Mikrotik using SSTP VPN.

Firewall is set up as below:

The first role is :
chain=input action=accept protocol=tcp dst-port=443 log=no log-prefix="

and then is drop for the rest:

chain=input action=drop in-interface=Eth1-Wan log=no log-prefix=“”

When i turn off last role (drop) - all working fine, but when is enable i can’t connect to the network.
Is there anyone who can help me?
Thank you in advance

Regards,
Adrian

Zacharias · October 8, 2019, 7:46pm

Maybe you ve changed the default SSTP port from 443 to another one?

bpwl · January 2, 2022, 10:41pm

Add this before the drop action (it is in the default firewall), you probably also need “established”
.
from default
.

/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked

.
or from wiki
.

/ip firewall filter
add chain=input connection-state=invalid action=drop \
	comment="Drop Invalid connections"  
add chain=input connection-state=established action=accept \
	comment="Allow Established connections"

anav · January 3, 2022, 5:08pm

@bpwl Without seeing the config, you are just guessing. WHY?

Please post config
/export hide-sensitive file=anynameyouwish
(ensure no public IPs are exposed).

holvoetn · January 3, 2022, 6:04pm

The only rreason this thread got resurrected after 2 (TWO) years is because someone posted to create visibility for the links in his signature…

So sad.

anav · January 4, 2022, 12:28am

Yeah my bad also, it was a dead thread…good point holvoeten!!