Community discussions

MikroTik App
 
azzurro
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 92
Joined: Mon Jan 17, 2022 2:55 am

SSTP server default route in VRF

Fri Jan 21, 2022 11:53 am

Hi!

I would like my SSTP server to be in a separate VRF. Current issue is, that during the connection process, packets get sent to the client through the default route of the main routing table but the VRF which is supposed to be there for the SSTP clients, has a separate default route. Is that possible with 6.48.6? I read somewhere something about 7.x fixing stuff like that but I'm not sure.

Routing looks like this:
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
 0 A S  dst-address=0.0.0.0/0 pref-src=192.168.31.45 gateway=192.168.31.46 gateway-status=192.168.31.46 on SSTP_VRF reachable via  SSTP-VLAN-INTERFACE distance=1 scope=30 target-scope=10 
        routing-mark=SSTP_VRF
 4 A S  dst-address=0.0.0.0/0 pref-src=192.168.31.25 gateway=192.168.31.26 gateway-status=192.168.31.26 reachable via  L7FW-VLAN-INTERFACE check-gateway=ping distance=1 scope=30 
        target-scope=10
 5   S  dst-address=0.0.0.0/0 pref-src=192.168.25.252 gateway=10.200.25.1 gateway-status=10.200.25.1 reachable via  ether1 check-gateway=ping distance=10 scope=30 target-scope=10
ID 0 is the default route which the SSTP server daemon should use, SSTP requests are going to 192.168.31.45 which is the MikroTik router, but it uses ID 4 instead.
ID 4 is the default route for outgoing traffic for everything coming from the LAN, traffic is being routed through a L7 firewall for AV scanning and stuff
ID 5 is a fallback default route, if the L7 firewall from ID 4 is unreachable

so again, to sum it up, SSTP client connections are coming in through the interface ip 192.168.31.45 of the MikroTik router, but responses are routed through the default route ID 4 instead of ID 0.
I expected, because 192.168.31.45 is part of a separate VRF, that the default route of that VRF (ID 0) would be taken into account.
Thanks for your help 🙂

Who is online

Users browsing this forum: britgent, chrisk, DimoSK, rextended, rjuho and 75 guests