Community discussions

 
manojlovicl
newbie
Topic Author
Posts: 25
Joined: Mon Aug 18, 2014 11:48 pm

SSTP VPN + port forwarding with multiple WAN ipv4 addresses

Fri Jul 12, 2019 2:03 pm

Hi!

I would like kindly ask if anyone knows if it is possible to run SSTP VPN server on Mikrotik if there are multiple WAN IPv4 addresses (let say 2) but on first I would like to have port forwarding to internal HTTPS server on second I would like MikroTik to terminate SSTP VPN connections. Is it possible to do - so to bind SSTP VPN to one of public IPv4 addresses?

Thank you,
Luka
 
Sob
Forum Guru
Forum Guru
Posts: 4693
Joined: Mon Apr 20, 2009 9:11 pm

Re: SSTP VPN + port forwarding with multiple WAN ipv4 addresses

Fri Jul 12, 2019 2:53 pm

You can't exactly bind SSTP server to specific address, but since dstnat (port forwarding) "wins" over local service (it redirects packets before they can reach it), there's no problem.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
sindy
Forum Guru
Forum Guru
Posts: 3814
Joined: Mon Dec 04, 2017 9:19 pm

Re: SSTP VPN + port forwarding with multiple WAN ipv4 addresses

Fri Jul 12, 2019 7:59 pm

Just don't forget you need to use policy routing to properly choose an outgoing route via the corresponding WAN for each of the two server processes (SSTP and HTTPS). /ip route rule is enough, you don't need to fiddle with /IP firewall mangle.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
manojlovicl
newbie
Topic Author
Posts: 25
Joined: Mon Aug 18, 2014 11:48 pm

Re: SSTP VPN + port forwarding with multiple WAN ipv4 addresses

Fri Jul 12, 2019 8:07 pm

Just don't forget you need to use policy routing to properly choose an outgoing route via the corresponding WAN for each of the two server processes (SSTP and HTTPS). /ip route rule is enough, you don't need to fiddle with /IP firewall mangle.
What if I have two public IPv4 addresses on same WAN interface? Do I still need to configure policy routing?

BTW, thank you both for the answer!

Luka
 
sindy
Forum Guru
Forum Guru
Posts: 3814
Joined: Mon Dec 04, 2017 9:19 pm

Re: SSTP VPN + port forwarding with multiple WAN ipv4 addresses

Fri Jul 12, 2019 8:30 pm

In that case (both WAN addresses on same interface and in same subnet with same gateway IP for both) you should be fine even without policy routing.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: No registered users and 73 guests