Running VPN server and Apache conflicting ports

apache-http-serverportvpn

Currently my setup is with XAMPP and a simple VPN server provided by Windows Network connections.

If I delete the Incoming Connections, start apache and then remake the VPN server like this:

It works fine (both the VPN and apache).

I already know that I can change Apache to run on different ports but I do not wish to do that. Is there anyway I can stop system from using port 443?

So maybe it's not in my best interest to change the port of the VPN server either.

I want to run both my apache and VPN at the same time, any recommendations?

Best Answer

The problem is that Windows 7 tries to accept incoming VPN connections using all protocol it could support, and this includes SSTP (Secure Socket Tunneling Protocol). SSTP is basically PPP tunneled over SSL, and by default it uses the same port 443 as usual HTTPS connections. Such usage of port 443 allows SSTP to pass through many HTTP proxies which allow connecting to HTTPS servers. Unfortunately, this also means that it will conflict with running an HTTPS server on the same machine as the SSTP VPN server — unless the HTTPS server is Microsoft IIS, which uses the same http.sys kernel driver as the SSTP server to process HTTP and HTTPS requests.

Note that incoming SSTP connections will most likely fail, because your machine probably does not have an appropriate server certificate to accept them. You would probably see RasSstp/18 warning events in the System event log informing about these problems. However, this does not stop the system from occupying the port 443, even if SSTP client connections to it will actually fail.

There are some useful articles about SSTP in the Routing and Remote Access Blog. However, I have not been able to find a method to disable SSTP usage just for the VPN server. It is possible to disable the ”WAN Miniport (SSTP)” device in the Device Manager (after enabling the “Show Hidden Devices” option), however, this could also affect outgoing VPN connections from the same machine.

But there is an article about SSTP server configuration, and also KB947054, which describe a way to change the port used by the SSTP server to accept incoming connections. Using a registry editor, find the following subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sstpsvc\Parameters

Then set the ListenerPort DWORD value to the port number which should be used for incoming SSTP connections. Be sure to specify it as a decimal value (by default the “Hex” radio button is selected). Select a port which will not conflict with other ports used by the system or your applications.

To apply the new setting, restart the “Routing and Remote Access” service. Check the output of the netstat -aon command to confirm that the newly specified port is now in use, and the port 443 is no longer used.

Best Answer

Related Solutions

Windows – WWAHost.exe using same port as Apache

Windows – How to resolve Apache Service path conflict – running both Apache and portable XAMPP on Windows 7

Related Question