OPNsense Forum
English Forums => General Discussion => Topic started by: browne on September 16, 2020, 11:01:01 am
-
Hello,
I already set up HAProxy as a reverse proxy on port 443 with ACME for some web servers, Exchange, ....
Right now I am struggeling with adding our remote desktop gateway server.
https://www.haproxy.com/documentation/haproxy/deployment-guides/remote-desktop/rdp-gateway/
I want to use the "SSL bridging mode" in order to get rid off the certificate errrors.
If I understand everything there correctly I will need a seperate frontend for the RDP gateway because of some special settings and of course on another port than 443. Sadly I failed with just copying the given config as I didn't figure out where to set all the options.
Is there someone who has already set up haproxy with a remote desktop gateway server and would be so kind to share his config?
(Sorry for double posting this here and in the "Web Proxy Filtering and Caching" sub forum. But I thought more people would read it here.)
Best regards
browne
-
Did you search the forums? I already posted the answer some time ago, it needs an ACL to deny a specific URI to work. Just search the forums :)
-
Thank you very much!
I already saw your post in that other thread (https://forum.opnsense.org/index.php?topic=18429.msg83772#msg83772), but couldn't believe it had to do with my problem.
Could you please explain to me: Why do I have to use this rule and what exactly it does?
browne
-
I have no idea, but I guess when this URI is accessible it tries something which is not supported and with this the connection might be "downgraded" or similar.
-
We tracked it down to some NTLM issues on the RDP Gateway...
https://support.microsoft.com/en-us/help/2903333/terminal-services-client-connection-error-0xc000035b-when-you-use-lmco
Anyway it is working perfectly fine now!