SSTP and HTTPS

spotts78 · February 1, 2012, 2:02pm

I’ve got SSTP VPN server running on ros5.11, been working fine for months now. Question is can I run a webserver behind the router which also uses TCP port 443? They want to fight each other.

Here are my firewall/NAT rules:
20 ;;; Allow SSL to webserver
chain=forward action=accept protocol=tcp in-interface=ether1-WAN1 dst-port=443
27 ;;; Allow SSTP VPN
chain=input action=accept protocol=tcp in-interface=ether1-WAN1 dst-port=443

;;; SSL to webserver
chain=dstnat action=dst-nat to-addresses=192.168.1.2 to-ports=443 protocol=tcp in-interface=ether1-WAN1 dst-port=443

Begetan · February 2, 2012, 7:54pm

Move SSTP server to other port, for example 444

spotts78 · February 2, 2012, 9:03pm

Can’t do that the SSTP client software is “hard-coded” to run through port 443.

stmx38 · February 2, 2012, 9:53pm

spotts78
Get the second IP from ISP.

spotts78 · February 3, 2012, 12:05pm

Getting another IP from my ISP isn’t really an option. Guess I’m just stuck…

Stril · February 4, 2012, 6:04pm

Hi!

That`s a problem by design. You can’t assign a port to two applications on on IP.

Stril

spotts78 · February 4, 2012, 7:34pm

I’m stupid!

Changed to SSTP listening port in mikrotik to 4430 then in the VPN setup on Windows 7 you can specify a port number in the server address ex: vpnserver.domain.com:4430

Works fine now. Thanks for all the responses and making me think!

lnredivo · October 11, 2016, 10:46pm

If I change the port in the SSTP server, the contents will continue encrypted?

jarda · October 20, 2016, 12:22pm

Encryption does not rely on the port number.