OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: lebernd on June 21, 2020, 09:35:45 pm

Title: haproxy: mixed ssl passthrough and offloading
Post by: lebernd on June 21, 2020, 09:35:45 pm
Hello everybody,

I'm trying to make something like this: https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki/pfsense_2_3_haproxy_sni_plus_offloading_backends (https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki/pfsense_2_3_haproxy_sni_plus_offloading_backends) working on opnsense.

As I'm getting closer to a working passthrough connection - I'm not sure how I can bind a default backend that is looping to an offloading frontend.

Has anyone something like this working?

Thanks and best,
Bernd
Title: Re: haproxy: mixed ssl passthrough and offloading
Post by: trogie on September 25, 2021, 10:25:10 am
Hello, ever succeeded in configuring that ssl passthrough?
Title: Re: haproxy: mixed ssl passthrough and offloading
Post by: SamanthaMcLean on October 01, 2021, 10:09:13 am
Tell me, have you found a solution for yourself?  :)
 
Title: Re: haproxy: mixed ssl passthrough and offloading
Post by: sorano on October 01, 2021, 08:43:17 pm
I think this guide should cover it:

https://forum.opnsense.org/index.php?topic=23339.0
Title: Re: haproxy: mixed ssl passthrough and offloading
Post by: Tubs on August 27, 2022, 11:53:27 pm
Could anybody get mixed modes passthrough and offloading running with HAProxy under OPNsense meanwhile?

I only get running either with offloading or with passthrough, but not in parallel. What I would like to achieve is to use passthrough for one server and offloading for another server and distinguish via SNI or hostname.

I guess this instruction for pfsense is exactly what I am looking for. Unfortunately, I am not able to transfer this to OPNsense.

https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki/pfsense_2_3_haproxy_sni_plus_offloading_backends

Any idea?
Title: Re: haproxy: mixed ssl passthrough and offloading
Post by: Tubs on August 28, 2022, 09:42:51 pm
I only get running either with offloading or with passthrough, but not in parallel. What I would like to achieve is to use passthrough for one server and offloading for another server and distinguish via SNI or hostname.

After reading a couple of time and trial-and-error, finally I got it running. The key infortation was written in the chapter:

Quote
6. How can we load balance TCP traffic that we don't want to get SSL offloaded, f.e. OpenVPN over TCP?
In my tutorial I only explain how to "redirect+load balance SSL offloaded traffic".
This is because I myself don't have (yet) the need to actually load balance any non SSL traffic.
However balancing non SSL traffic is pretty much the same as balancing SSL traffic.
You only have to make sure that your "NOSSLservice_rule" or "NOSSLservices_map-file_rule" is placed on the "SNI_frontend" instead of the "HTTPS_frontend" and that the backend that belongs to your "NOSSLservice_server" is running in TCP mode.
Title: Re: haproxy: mixed ssl passthrough and offloading
Post by: brynjolm on February 01, 2023, 08:45:09 pm
After reading a couple of time and trial-and-error, finally I got it running. The key infortation was written in the chapter:
sorry to ressurect but would like to know how you were able to implement this