SSTP Connection not working correctly

RouterOS General
1

Hello,

I am using Ivacy and follwed this guide: https://support.ivacy.com/setup_guide/how-to-setup-pptp-on-mikrotik-router/
The SSTP connection is working. I am trying to forward the output traffic from my Mikrotik box (port 443, and 80) and created an output (mangle, mark routing) rule with the specific ports as mentioned.
But I am unable to lad a website and I still do not know whats wrong.

SSTP connection is etabilished.
SRCNAT → masquerade (Out Interface is the SSTP interface)
mark routing (sstp mark, for the specific traffic)
Static route using the SSTP interface with the routing mark “sstp mark”

This work for my VPN connection(I have an additional OVPN connection)…but if I change m mangle rules to the “sstp mark” instead my OVPN mark it does not work anymore but I do not know why. Did I miss something?

I am using a simple script to test my connection:

:log info "script started"
:local result [/tool fetch url="https://api.ipify.org" as-value output=user]
:log info $result

With my VPN interface → works. I get a result
Over SSTP → no result.

Any Ideas?

2

Start by pinging something well-known (8.8.8.8, 9.9.9.9) from the Mikrotik, specifying routing-table=“sstp mark”, to see whether at least the routing and the src-nat work. If they do, you may need to adjust the TCP MSS so that the HTTPS connections would work; if even the ping is not responded, something is wrong with the VPN and you’ll have to sniff to see whether a TCP packet to ivacy’s server is sent each time a ping is sent.

3

Ping is working fine.

The MTU is at 1610. I am not really a pro :slight_smile:
Strange is, Max MTU is set to 1500 on my side.


EDT:I set the MTU to 1400 and removed the MRRU entry and its working now… may someone be so kind and explain me why is lowering the MTU is solving the issue? :slight_smile:

EDIT2: 1460 is working, 1470 does not.

4

There is also a great guide posted by HostNOC