Community discussions

MikroTik App
 
bl00dy
just joined
Topic Author
Posts: 4
Joined: Fri Nov 04, 2016 8:00 pm

SSTP VPN and https NAT on one IP

Wed May 24, 2023 12:53 pm

Hello,

Is it possible to implement, or if it's possible, then how. I assume I need to use tls-host option.

I have external IP (x.x.x.x) on WAN interface, and I have private LAN network, let's it be default 192.168.88.0/24. I want to use SSTP VPN on port 443 with domain vpn.domain.com, but I also want to have web server on same IP with NAT port 443 for name www.domain.com. so, both services are using same port 443, is it possible to implement.

As an addon I want to use for VPN letsencrypt certificate, which as I know require port 80 to open, and I mant to have my port 80 also regirected to my web server, for example 192.168.88.10

Ed
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: SSTP VPN and https NAT on one IP

Wed May 24, 2023 2:05 pm

Why do you insist on SSTP VPN to be on port 443 it can just as easily be on port 14444
 
holvoetn
Forum Guru
Forum Guru
Posts: 5324
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: SSTP VPN and https NAT on one IP

Wed May 24, 2023 2:15 pm

To my knowledge SSTP usually goes over 443.
One of the reasons why it is not blocked, since it uses the same port as https.

If you change that default, other applications might be less forgiving.
 
AntiUltimate
just joined
Posts: 10
Joined: Tue Sep 11, 2018 9:25 pm

Re: SSTP VPN and https NAT on one IP

Wed May 24, 2023 2:46 pm

I suggest you use something like https://github.com/cloudflare/cloudflared or maybe rent some cheap KVM VPS and install CHR on it, just so you have a different IP :)
 
holvoetn
Forum Guru
Forum Guru
Posts: 5324
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: SSTP VPN and https NAT on one IP

Wed May 24, 2023 2:48 pm

Or use another VPN. Wireguard comes to mind...
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: SSTP VPN and https NAT on one IP

Wed May 24, 2023 3:42 pm

Personally I would use WG myself but nothing wrong with using SSTP as a backup, both cost nothing and both avoid any third party usage.
No Holvoe, 443 is not mandatory for SSTP.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5324
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: SSTP VPN and https NAT on one IP

Wed May 24, 2023 3:56 pm

No Holvoe, 443 is not mandatory for SSTP.
Didn't say "mandatory".
I said USUALLY.
I already encountered at least one tool (proprietary thing) in the past not wanting to operate with SSTP if the port to be used was not 443. Badly programmed tool ? Yes, definitely.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: SSTP VPN and https NAT on one IP

Wed May 24, 2023 7:21 pm

ur still giving wrong impression.............
Its USUAL for people to use the default winbox port, but any port can be used.............

443 is just a special case for some instances. ISP or country blocks all other ports etc.

Who is online

Users browsing this forum: own3r1138 and 44 guests