FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
520 views 9 comments
by anonymous
I have the sstp tunnel up use the sstpc commands. On server I see the active connection. Now the question how I can see the devices behind the tunnel on the server side?  The server gives to the client the fixed ip address for tunnel 172.16.*.**. The local net of the server behind the tunnel is 192.168.x.**. The client local net 192.168.y.**. What rules of firewall or routine I need to set to see the devices of the server?

1 Answer

0 votes
by anonymous

Hello,

If you're able to establish SSTP tunnel try checking whether you're able to ping the SSTP Virtual IP address of SSTP server firstly.
If tunnel IP will be reachable, try pinging server's LAN from router's LAN using similar command:
ping 192.168.10.1 -I 192.168.1.1
Where 192.168.10.1 would be server's LAN IP; 192.168.1.1 router's RUT LAN IP.

In case pings will not go through, check your other side sstp server's firewall configuration.

On RUT router's firewall side, there sstp zone configuration available, which allows traffic from sttp to lan and vice versa.

Similar options should be available in your keenetic sstp server's firewall configuration.
Check whether firewall is not blocking any sstp traffic to server's LAN network.


Additionally would recommend to check SSTP instruction available in wiki:
https://wiki.teltonika-networks.com/view/Setting_up_a_SSTP_tunnel_between_RUTX_and_Mikrotik_device

by anonymous

Hi Ernestas! That is grate information to try! Thank you! But as I mentioned before the sstp client which is in the webui in the vpn section is cut off in my opinion! To proper establish the connection I use the following sstps commands:

sstpc --log-stderr --log-level 4 --cert-warn --tls-ext --save-server -route --user **** --password **** 'myserver'.keenetic.link usepeerdns require-mschap-v2 noauth noipdefault replacedefaultroute noccp refuse-eap refuse-pap refuse-mschap

by anonymous

Also when I use the client only the tunnel doesn't up. When I use the sstps commands via cli then the connection immediately established. That is on the rutx11 the command in the custom script:

Sun Jan 10 18:04:30 2021 daemon.notice pppd[22955]: pppd 2.4.7 started by root, uid 0
Sun Jan 10 18:04:30 2021 daemon.info pppd[22955]: Using interface ppp0
Sun Jan 10 18:04:30 2021 daemon.notice pppd[22955]: Connect: ppp0 <--> /dev/pts/0
Sun Jan 10 18:04:34 2021 daemon.notice pppd[22955]: CHAP authentication succeeded
Sun Jan 10 18:04:35 2021 daemon.notice pppd[22955]: local IP address 172.16.*.**
Sun Jan 10 18:04:35 2021 daemon.notice pppd[22955]: remote IP address 192.168.X.***
Sun Jan 10 18:04:35 2021 daemon.notice pppd[22955]: primary DNS address 192.168.X.***

That is from the server side:

Янв 10 18:04:28 ppp-sstp
sstp: proxy: connection from 8.**.**.***:PORT
Янв 10 18:04:28 ppp-sstp
ppp0:: connect: ppp0 <--> sstp(8.**.**.***:PORT)
Янв 10 18:04:32 ppp-sstp
ppp0:test: test: authentication succeeded
Янв 10 18:04:33 kernel
sstp0: renamed from ppp0
Янв 10 18:04:33 ndm
SstpServer::Manager: user "????" connected from "8.**.**.***" with address "172.16.*.**".

That is the data transfer: 172.16.*.** 02:15:20 44,9 Кбайт / 70 бай

by anonymous
Hi Ernestas. So in addition to above mentioned I can’t use the sstp switch in the vpn section and I can’t establish the connection with the switch of sstp. How and where I can add the commands or option from the sstps command above to normal use the sstp switch from webui?
by anonymous
Could you please reset your router to default factory settings, set-up your SSTP, and then when it should go into an established state - download the troubleshoot file and send it to me via private message. I will check logs if there's anything starting when it is set-up through WebUI.

EB.
by anonymous
Hi Ernestas! Thank you that keeping eye on this question. I will send you the two troubleshoot files with the switch on and with sstps command!
by anonymous
Hello support. The last FW doesn’t provide any changes for sstp. When the function will be added?
by anonymous
Hi support! Any news when will it be possible to use sstp client with extra settings to establish connection to my sstp server?
by anonymous
Hi,

It's still under work and is planned to be released with 7.1 RutOS. I will send you a test firmware once it's available for testing, but for now it's not yet done.

EB.
by anonymous
Hi Ernestas. Any news?