SSTP VPN and https NAT on one IP

RouterOS Beginner Basics
1

Hello,

Is it possible to implement, or if it’s possible, then how. I assume I need to use tls-host option.

I have external IP (x.x.x.x) on WAN interface, and I have private LAN network, let’s it be default 192.168.88.0/24. I want to use SSTP VPN on port 443 with domain vpn.domain.com, but I also want to have web server on same IP with NAT port 443 for name www.domain.com. so, both services are using same port 443, is it possible to implement.

As an addon I want to use for VPN letsencrypt certificate, which as I know require port 80 to open, and I mant to have my port 80 also regirected to my web server, for example 192.168.88.10

Ed

2

Why do you insist on SSTP VPN to be on port 443 it can just as easily be on port 14444

3

To my knowledge SSTP usually goes over 443.
One of the reasons why it is not blocked, since it uses the same port as https.

If you change that default, other applications might be less forgiving.

4

I suggest you use something like https://github.com/cloudflare/cloudflared or maybe rent some cheap KVM VPS and install CHR on it, just so you have a different IP :slight_smile:

5

Or use another VPN. Wireguard comes to mind…

6

Personally I would use WG myself but nothing wrong with using SSTP as a backup, both cost nothing and both avoid any third party usage.
No Holvoe, 443 is not mandatory for SSTP.

7

Didn’t say “mandatory”.
I said USUALLY.
I already encountered at least one tool (proprietary thing) in the past not wanting to operate with SSTP if the port to be used was not 443. Badly programmed tool ? Yes, definitely.

8

ur still giving wrong impression…
Its USUAL for people to use the default winbox port, but any port can be used…

443 is just a special case for some instances. ISP or country blocks all other ports etc.