MikroTik

Posted: **Fri Dec 15, 2017 12:24 pm**

hello there i am new here and I hope this question is not asked before, although I searched for, I have 3 SSTP client connections to a VPN Provider.
also I have 3 subnets
10.0.1.1/29-ether-2
10.0.2.1/29-ether-3
10.0.3.1/29-ether-4
how i can make the 3 SSTP connected at the same time and NAT each one to a specific interface or subnet. also i w ish to isolate the 3 interfaces in which they cant see each other nor the SSTP connections can see each other.
Please Help

Posted: **Tue Dec 19, 2017 5:59 pm**

any one here ?

Posted: **Tue Dec 19, 2017 7:01 pm**

Easy! Attach your scheme!

Yours respectfully!

Posted: **Tue Dec 19, 2017 7:01 pm**

Easy! Attach your scheme!

Yours respectfully!

Posted: **Sun Dec 24, 2017 11:19 pm**

When i create more than one SSTP client always there is one conneted and others are not and when i dissconect one the other one gets connects they are not working at the same time

Posted: **Mon Jan 01, 2018 4:24 pm**

It sounds weird that only a single user could connect at a time. Does the Mikrotik log say something at the moment when one user is already connected and the other one attempts to log in?

To permit each of the users to communicate with a different subnet connected to a different physical interface, you can use firewall rules based purely on these users' IP addresses (which you assign to them by means of the /ppp secret list). You may end up with simpler (or rather easier to read) firewall rules if you assign to each of the users their own static virtual interface, but if done that way, the overall configuration complexity may raise if we start talking about a group of users per each subnet.

The manual (https://wiki.mikrotik.com/wiki/Manual:I ... STP_Server) is quite clear - if you want to have several users with different firewall rules referring to interface names, you must create an individual user name <=> interface name binding for the sstp server for each of the users, because otherwise a dynamic interface name is generated which (a) is common for all users and (b) firewall rules cannot refer to it. The relevant configuration would look similar to the following:

/interface sstp-server
add name=sstp-in-1 user=joe
add name=sstp-in-2 user=frank
add name=sstp-in-3 user=jack

(the user names match the user names from the /ppp secret list).

If something went wrong in ROS, it could also be that you need these bindings to permit more than a single user to be logged in at a time, but that's a pure speculation.

Posted: **Fri Nov 16, 2018 3:29 pm**

Hi, I just want to ask (I"m quite newbie) the limitation of the SSTP Server instances with different names?
I also want to connect many customers to one Mikrotik CCR1009 with different certificates withdifferent subnets /Interfaces.
Of course I would use different PPP/Secrets individually.

Is there a limitation for that numbers?
Prior thanks.
Pal

MikroTik

multiple SSTP connections

multiple SSTP connections

Re: multiple SSTP connections

Re: multiple SSTP connections

Re: multiple SSTP connections

Re: multiple SSTP connections

Re: multiple SSTP connections

Re: multiple SSTP connections