SSTP Tunnel through Firewall

Chaosphere64 · February 14, 2022, 10:36am

Hello,

I am trying to establish an SSTP tunnel from a RB4011 to a CHR through a new FortiGate firewall. The Internet uplink used to be on the RB4011 itself (and the SSTP tunnel worked fine for month) but now moved to the FortiGate. Internet Uplink works fine, MT can reach Internet, but no SSTP tunnel is established, it goes from initializing, connection to terminating - handshake timed out (6).

Would setup is needed to get the tunnel running through the firewall? And what is the source address that the MikroTik uses for SSTP tunnel?

Thanks!

Chaosphere64 · February 15, 2022, 2:05pm

To whom it may concern: it turned out to be an MTU issue on the FortiGate using a PPPoE wan type without properly reducing it to 1492. Funny thing was we saw tcp connections between peers but the tunnel did not come up.

Maybe this helps someone else …