Community discussions

 
williamm
just joined
Topic Author
Posts: 13
Joined: Sun Apr 03, 2005 2:51 am
Location: Brazil

Conditional forwarder with 443 port,

Sat Sep 28, 2013 6:01 pm

Hi,

Currently we have one public IP and we are using a Mikrotik box as VPN server using SSTP protocol.

Now our users needs to reach one internal https server and I cannot redirect the 443 port to that server because SSTP will stop to work.

Is there a way to include some entries in the public DNS Server and to do a conditional forwarding based on the host name like:
Public IP is 1.2.3.4
Local Web Server IP is 192.168.0.1
Public DNS server has the following entries:
- vpnserver.mydomain.com with IP 1.2.3.4
- exchange.mydomain.com with IP 1.2.3.4

So when external traffic reach the Mikrotik box it checks the destination host:
- If destination host is exchange.mydomain.com forwards the packets to local Web Server at IP 192.168.0.1
- If destination host is vpnserver.mydomain.com sends the packets to internal Mikrotik SSTP Server.

Best Regards,

William.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: Conditional forwarder with 443 port,

Sat Sep 28, 2013 7:52 pm

Once the connection is SSL, you no longer have access to the header to get the "Host:" parameter, only the source and destination ips and ports. Since they are the same, there is no way to tell the SSL connections apart, except on the SSL server.
 
User avatar
ohara
Member
Member
Posts: 371
Joined: Mon Jun 13, 2011 11:30 pm
Location: Warsaw

Re: Odp: Conditional forwarder with 443 port,

Sat Sep 28, 2013 10:51 pm

What if you change the SSTP port to a different one?
 
williamm
just joined
Topic Author
Posts: 13
Joined: Sun Apr 03, 2005 2:51 am
Location: Brazil

Re: Conditional forwarder with 443 port,

Sun Sep 29, 2013 1:14 am

The problem in changing the SSTP port is that users are connecting from Windows machines and in the SSTP client there's not an easy way to change the port.

Maybe I'll need to change the VPN protocol to another one like PPTP for instance. My first choice to SSTP was because user connects from different places and PPTP was easily being blocked from Wifi routers or network firewalls.

Who is online

Users browsing this forum: No registered users and 110 guests