I want to use action=route in Mangle with a SSTP connection. And in that rule I put in DST-address, the Local Address of the SSTP connection.
It seems to work but the packets returning back from the SSTP are not arriving back at my client. After a few seconds I get (ACK/RST) back on OUTPUT and those are marked connection state invalid.
What I am doing wrong?
Hey
Just a thought: are you natting these packets? I would expect that to still be needed. Or does the remote site knows what networks are reachable over the tunnel?
I want to do without the NAT and the SSTP is to a VPN provider.
Because I received (invalid) packets back, pointing to the correct client and port I think the other side is natting.
Next I will look with torch what traffic is passing and what direction.
when you add mangle rule of route ,you can add in interface of the rule and add dst-address-type != local.
Thanks shiyiqiang08, it did not make it working.
I used torch and nothing went over the connection when using the Local Address (gateway). When I used the Remote Address packets were visible but they did not return.
Looking at the connection table I see a difference between NAT and Direct.
NAT
192.168.0.2 → 123.12.35.41 → 123.12.35.41 —>172.98.47.52
Direct.
192.168.0.2 → 123.12.35.41 → 123.12.35.41 —>192.168.0.2
The used IP addresses are fake.