hello there i am new here and I hope this question is not asked before, although I searched for, I have 3 SSTP client connections to a VPN Provider.
also I have 3 subnets
10.0.1.1/29-ether-2
10.0.2.1/29-ether-3
10.0.3.1/29-ether-4
how i can make the 3 SSTP connected at the same time and NAT each one to a specific interface or subnet. also i w ish to isolate the 3 interfaces in which they cant see each other nor the SSTP connections can see each other.
Please Help
Re: multiple SSTP connections
Easy! Attach your scheme!
Yours respectfully!
Yours respectfully!
Re: multiple SSTP connections
Easy! Attach your scheme!
Yours respectfully!
Yours respectfully!
Re: multiple SSTP connections
When i create more than one SSTP client always there is one conneted and others are not and when i dissconect one the other one gets connects they are not working at the same time
Re: multiple SSTP connections
It sounds weird that only a single user could connect at a time. Does the Mikrotik log say something at the moment when one user is already connected and the other one attempts to log in?
To permit each of the users to communicate with a different subnet connected to a different physical interface, you can use firewall rules based purely on these users' IP addresses (which you assign to them by means of the /ppp secret list). You may end up with simpler (or rather easier to read) firewall rules if you assign to each of the users their own static virtual interface, but if done that way, the overall configuration complexity may raise if we start talking about a group of users per each subnet.
The manual (https://wiki.mikrotik.com/wiki/Manual:I ... STP_Server) is quite clear - if you want to have several users with different firewall rules referring to interface names, you must create an individual user name <=> interface name binding for the sstp server for each of the users, because otherwise a dynamic interface name is generated which (a) is common for all users and (b) firewall rules cannot refer to it. The relevant configuration would look similar to the following:
(the user names match the user names from the /ppp secret list).
If something went wrong in ROS, it could also be that you need these bindings to permit more than a single user to be logged in at a time, but that's a pure speculation.
To permit each of the users to communicate with a different subnet connected to a different physical interface, you can use firewall rules based purely on these users' IP addresses (which you assign to them by means of the /ppp secret list). You may end up with simpler (or rather easier to read) firewall rules if you assign to each of the users their own static virtual interface, but if done that way, the overall configuration complexity may raise if we start talking about a group of users per each subnet.
The manual (https://wiki.mikrotik.com/wiki/Manual:I ... STP_Server) is quite clear - if you want to have several users with different firewall rules referring to interface names, you must create an individual user name <=> interface name binding for the sstp server for each of the users, because otherwise a dynamic interface name is generated which (a) is common for all users and (b) firewall rules cannot refer to it. The relevant configuration would look similar to the following:
Code: Select all
/interface sstp-server
add name=sstp-in-1 user=joe
add name=sstp-in-2 user=frank
add name=sstp-in-3 user=jackIf something went wrong in ROS, it could also be that you need these bindings to permit more than a single user to be logged in at a time, but that's a pure speculation.
Re: multiple SSTP connections
Hi, I just want to ask (I"m quite newbie) the limitation of the SSTP Server instances with different names?
I also want to connect many customers to one Mikrotik CCR1009 with different certificates withdifferent subnets /Interfaces.
Of course I would use different PPP/Secrets individually.
Is there a limitation for that numbers?
Prior thanks.
Pal
I also want to connect many customers to one Mikrotik CCR1009 with different certificates withdifferent subnets /Interfaces.
Of course I would use different PPP/Secrets individually.
Is there a limitation for that numbers?
Prior thanks.
Pal