Hi, I found a few hints in the forum about this, but did not spot a solution - sorry in case I overlooked it…
I use a RB1100AHx4 with a public IP address at eth1 and a hotspot at eth2 with a private IP Address range. When activating the SSTP Server port 443, it complains: “Couldn’t change SST Server - can’t bind, check if port is not used by another service! (6)”.
I guess the reason is the hotspot on eth2 …? Is there a way to provide an SSTP-Server at eth1?
I do not see a way to assign an interface to the SSTP-Server.
Yes, just change port number with 444 for example on both sides !
Technically this works, but the idea is to offer VPN-Access when traveling: I would like to stick with 443 since this port is open outgoing for clients from just about everywhere.
Thanks for your comments! I looked at the post cited, and came up with this:
SSTP Server configured to run at port 4431, and
/ip firewall nat add action=dst-nat chain=dstnat dst-port=443 in-interface=eth1 to-addresses=XXX.XXX.XXX.XXX to-ports=4431
where eth1 is the interface clients will connect to, and XXX.XXX.XXX.XXX is the IP assigned to it.
I did not test it but the remote SSTP-client connects to XXX.XXX.XXX.XXX:443, and server and client can mutually ping the IPs assigned to the connection… enough for tonight.
Ok, stupid me, you’re right. If you need to have SSTP available only on one interface, with no HTTPS on the same interface, then just one dstnat rule is enough and you don’t need anything more complicated. That would be only if you needed both on same interface.