Community discussions

MikroTik App
 
sx10
newbie
Topic Author
Posts: 28
Joined: Fri Jan 04, 2013 5:46 am
Location: Portland, OR USA

https not working over sstp vpn

Mon Mar 04, 2013 10:05 am

I just setup sstp server using self signed certificate and ca per the instructions on the wiki, using CCR running 6.0rc9. I can connect and see the remote network fine, but ssl connections through the VPN are not working. I'm connecting with a windows 7 client. Any http connections work fine, telnet works fine, samba even works. But https and other ssl encrypted connections like citrix do not work at all. I have no firewall filters for internal traffic. Local hosts can connect to each other fine, the problem is only over the sstp vpn. Any ideas what could be causing this? Thanks.
 
Fraction
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Wed Jan 16, 2013 9:42 pm
Location: Helsinki, Finland

Re: https not working over sstp vpn

Mon Mar 04, 2013 12:31 pm

Are you running SSTP in default port 443? Can you try it with different port? That was a bit long shot, but at least one thing what would be possible causing that.
 
sx10
newbie
Topic Author
Posts: 28
Joined: Fri Jan 04, 2013 5:46 am
Location: Portland, OR USA

Re: https not working over sstp vpn

Mon Mar 04, 2013 6:08 pm

Yes I'm running SSTP on port 443. I'm using all the defaults and settings from the SSTP remote client example on the wiki.
 
sx10
newbie
Topic Author
Posts: 28
Joined: Fri Jan 04, 2013 5:46 am
Location: Portland, OR USA

Re: https not working over sstp vpn

Thu Mar 07, 2013 10:17 am

I'm still stumped. And it's not just https connections that aren't working, all connections are getting corrupted through the SSTP vpn. Web pages won't load or will just be gibberish. I've tried connecting from multiple client devices and the sstp vpn connects fine, I have the certificates and clock all set properly, but any connections through the vpn get corrupted! Here's my configuration, what am I doing wrong here, or what could cause data to be lost or corrupted through a vpn connection?
/interface sstp-server server
set authentication=mschap1,mschap2 certificate=sstp enabled=yes
/ip firewall filter
add chain=input protocol=ipsec-esp
add chain=input dst-port=8291,443 protocol=tcp
add chain=input dst-port=500,4500,1701 protocol=udp
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
/ppp secret
add local-address=10.69.0.1 name=xxxxx password=xxxxx remote-address=10.69.0.2 service=sstp
 
sx10
newbie
Topic Author
Posts: 28
Joined: Fri Jan 04, 2013 5:46 am
Location: Portland, OR USA

Re: https not working over sstp vpn

Sun Mar 10, 2013 10:07 pm

I found the solution for this, in case anyone else has the problem. The problem was on the client machines, not in routeros. If you have the "DNE LightWeight Filter" installed (which is installed by many vpn clients such as Sonicwall GLobalVPN) it must be the latest version or else it breaks the SSTP client in Windows. There is an update to DNE available at the following URL. After installing it I can connect to all VPNs with no problem (SSTP, L2TP, Sonicwall, and Cisco).

http://www.citrix.com/lang/English/lp/lp_1680845.asp

Who is online

Users browsing this forum: BartoszP, che, Google [Bot], k6ccc, riviere, sas2k, sindy, swodzt and 36 guests