Hai,
I have successfully create a SSTP server and a SSTP Client. The network like this:
me ------------------- MTK SSTP Server ------ internet ------- MTK SSTP Client ----- LAN
192.168.1.200 10.0.2.1 10.0.2.2 192.168.101.31
In Mikrotik SSTP Server, I add firewall rule to masquerade to sstp-out.
From Mikrotik SSTP Server (10.0.2.1) I can ping/telnet Mikrotik SSTP client (10.0.2.2). The SSTP Server has public ip address, but SSTP client has private ip address.
From 192.168.1.200, i can ping 10.0.2.2, but can not winbox or telnet.
questions, please help me..
I want to winbox/telnet 10.0.2.2 from 192.168.1.200, do i miss a config here?
Try adding firewall rule on SSTP-Client. Chain=Input, in-interface: sstp-client, protocol:tcp, port: 8291, action=accept. I think default config of Mikrotik allows only winbox via local lan. Create a second rule for telnet.
To connect from 1.200 to 101.31 you only need routing on the MTK SSTP server. Add Route, when destination is 192.168.101.31/32, use gateway 10.0.2.2. Or set destination mask to 192.168.101.0/24 if you want the 1.200 PC to be able to connect to any 101.0/24 device.
If you want to connect from 101.31 to 1.200, you need additional NAT rule on SSTP server. But first you need an interface for the sstp-client. In PPP add an SSTP-Client interface. Specifiy the username of the sstp-client. Now whenever that user connects, he’ll have an interface that you can apply rules to. Go add a NAT rule. Chain = dst-nat, in-interface=SSTP-ClientName (that you just set up), protocol = TCP?, port=??, Action:to-address: 192.168.1.200.
… You can also do an SSTP site-to-site VPN so all traffic flows between the subnets without the need for NATing.
I found out that this is only ISP problem. After several days, suddenly i can connect again. Ports forward are working, winbox working. No problems at all.
I think the real problem will show after the modem restart because i get different IP Address.