"
Hi,
I've had a look and it's not my servers losing connection. They are showing no downtime in Status.
However, I setup a separate server and install haproxy, and copied over only the essential configuration that OPNsense generated so try and diagnose the issue.
I was still getting the same problem, so I asked on the haproxy community regarding the rules.
Apparently, you need to wait for a client hello to complete before trying to match on the SNI like I am trying to do.
I have added these using option passthrough and things are now working as expected.. Though, I wonder why (if this is required) that this is not automatically configured... Maybe I am missing an option or something?
Kind Regards
Cori
I've had a look and it's not my servers losing connection. They are showing no downtime in Status.
However, I setup a separate server and install haproxy, and copied over only the essential configuration that OPNsense generated so try and diagnose the issue.
I was still getting the same problem, so I asked on the haproxy community regarding the rules.
Apparently, you need to wait for a client hello to complete before trying to match on the SNI like I am trying to do.
Code Select
# Wait for a client hello for at most 5 seconds
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }I have added these using option passthrough and things are now working as expected.. Though, I wonder why (if this is required) that this is not automatically configured... Maybe I am missing an option or something?
Kind Regards
Cori
