Page 1 of 1

SSTP VPN and https NAT on one IP

Posted: Wed May 24, 2023 12:53 pm
by bl00dy
Hello,

Is it possible to implement, or if it's possible, then how. I assume I need to use tls-host option.

I have external IP (x.x.x.x) on WAN interface, and I have private LAN network, let's it be default 192.168.88.0/24. I want to use SSTP VPN on port 443 with domain vpn.domain.com, but I also want to have web server on same IP with NAT port 443 for name www.domain.com. so, both services are using same port 443, is it possible to implement.

As an addon I want to use for VPN letsencrypt certificate, which as I know require port 80 to open, and I mant to have my port 80 also regirected to my web server, for example 192.168.88.10

Ed

Re: SSTP VPN and https NAT on one IP

Posted: Wed May 24, 2023 2:05 pm
by anav
Why do you insist on SSTP VPN to be on port 443 it can just as easily be on port 14444

Re: SSTP VPN and https NAT on one IP

Posted: Wed May 24, 2023 2:15 pm
by holvoetn
To my knowledge SSTP usually goes over 443.
One of the reasons why it is not blocked, since it uses the same port as https.

If you change that default, other applications might be less forgiving.

Re: SSTP VPN and https NAT on one IP

Posted: Wed May 24, 2023 2:46 pm
by AntiUltimate
I suggest you use something like https://github.com/cloudflare/cloudflared or maybe rent some cheap KVM VPS and install CHR on it, just so you have a different IP :)

Re: SSTP VPN and https NAT on one IP

Posted: Wed May 24, 2023 2:48 pm
by holvoetn
Or use another VPN. Wireguard comes to mind...

Re: SSTP VPN and https NAT on one IP

Posted: Wed May 24, 2023 3:42 pm
by anav
Personally I would use WG myself but nothing wrong with using SSTP as a backup, both cost nothing and both avoid any third party usage.
No Holvoe, 443 is not mandatory for SSTP.

Re: SSTP VPN and https NAT on one IP

Posted: Wed May 24, 2023 3:56 pm
by holvoetn
No Holvoe, 443 is not mandatory for SSTP.
Didn't say "mandatory".
I said USUALLY.
I already encountered at least one tool (proprietary thing) in the past not wanting to operate with SSTP if the port to be used was not 443. Badly programmed tool ? Yes, definitely.

Re: SSTP VPN and https NAT on one IP

Posted: Wed May 24, 2023 7:21 pm
by anav
ur still giving wrong impression.............
Its USUAL for people to use the default winbox port, but any port can be used.............

443 is just a special case for some instances. ISP or country blocks all other ports etc.