OPNsense Forum
English Forums => Web Proxy Filtering and Caching => Topic started by: lebernd on June 21, 2020, 09:35:45 pm
-
Hello everybody,
I'm trying to make something like this: https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki/pfsense_2_3_haproxy_sni_plus_offloading_backends (https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki/pfsense_2_3_haproxy_sni_plus_offloading_backends) working on opnsense.
As I'm getting closer to a working passthrough connection - I'm not sure how I can bind a default backend that is looping to an offloading frontend.
Has anyone something like this working?
Thanks and best,
Bernd
-
Hello, ever succeeded in configuring that ssl passthrough?
-
Tell me, have you found a solution for yourself? :)
-
I think this guide should cover it:
https://forum.opnsense.org/index.php?topic=23339.0
-
Could anybody get mixed modes passthrough and offloading running with HAProxy under OPNsense meanwhile?
I only get running either with offloading or with passthrough, but not in parallel. What I would like to achieve is to use passthrough for one server and offloading for another server and distinguish via SNI or hostname.
I guess this instruction for pfsense is exactly what I am looking for. Unfortunately, I am not able to transfer this to OPNsense.
https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki/pfsense_2_3_haproxy_sni_plus_offloading_backends
Any idea?
-
I only get running either with offloading or with passthrough, but not in parallel. What I would like to achieve is to use passthrough for one server and offloading for another server and distinguish via SNI or hostname.
After reading a couple of time and trial-and-error, finally I got it running. The key infortation was written in the chapter:
6. How can we load balance TCP traffic that we don't want to get SSL offloaded, f.e. OpenVPN over TCP?
In my tutorial I only explain how to "redirect+load balance SSL offloaded traffic".
This is because I myself don't have (yet) the need to actually load balance any non SSL traffic.
However balancing non SSL traffic is pretty much the same as balancing SSL traffic.
You only have to make sure that your "NOSSLservice_rule" or "NOSSLservices_map-file_rule" is placed on the "SNI_frontend" instead of the "HTTPS_frontend" and that the backend that belongs to your "NOSSLservice_server" is running in TCP mode.
-
After reading a couple of time and trial-and-error, finally I got it running. The key infortation was written in the chapter:
sorry to ressurect but would like to know how you were able to implement this