Messages

Does anyone have an Idea?

Hello @all,
I'm using haproxy for several backend pools with ssl offload which is working fine when I use domains which go thru rules into these backends.
Now I want to use the well documented feature of "redirecting" paths.

So for example a request to https://test.domain.com/app1" should be redirected to a backend without the path but still preserving the rest of the path.
It can be used by adding a backend rule "http-request replace-path /xxxx(/)?(.*) /\2" where xxxx is the "virtual" directory
This feature ist documented in https://www.haproxy.com/blog/path-based-routing-with-haproxy

Please can anyone give advice how to use that feature in opnsense's haproxy implementation?
I'm using latest version 23.7.6
Thanks @all in advance from Germany...

Thank you. That did the trick. No firewall rules needed - thanks god  ;)

I did on each side:

1. System -> Gateways -> Single
-> Add a Gateway. Leave all Fields default. Type a name like "Firewall_Myself" and use the LAN IP Address as "IP Address"
2. System -> Routes -> Configuration
-> Add a Network Address like 192.168.111.0/24 which is the remote LAN of the other Network "behind" the tunnel.  Select the local Gateway from (1)

Works great!

Case solved

Hello guys.
I updated my original post and made an illustration. Anyone an idea why I can not ping other side from local OPNSense?

Hello, my first post here.

I have two opnsense A and B running with fixed IP addresses and VPN ipsec net-to-net. The tunnels are running well with IPv4 tunnel. I can access all machines from one network A to the other network B. Also I have some web-services behind the haproxy in network B with let's encrypt ACME which is running well also and is available from internet.

What I'm trying to do: have a "server A" with a webservice in network A (behind firewall) and want to access this webservice as a "real server" from haproxy B. That does not work. When I go by using SSH onto OPNSense B and try to ping this (Server A) address - it is NOT reachable. Other adresses in network A are also NOT reachable by ping from firewall. Is that normal? There is just "no response" from the other side when pinging from firewall itself.


Server A with Webservice (192.168.112.112:80)
Network A (192.168.112.0/24)
   |
   |
OPNSense A (LAN 192.168.112.1)
   |
   |
VPN Internet
   |
   |
haproxy B
OPNSense B  (LAN 192.168.111.1)
   |
   |
Network B (192.168.111.0/24)


Open SSH session to OPNSense B:

root@ext-firewall:~ # ping 192.168.112.112
PING 192.168.112.112 (192.168.112.112): 56 data bytes
^C
--- 192.168.112.112 ping statistics ---
7 packets transmitted, 0 packets received, 100.0% packet loss


So it seems that the route goes NOT thru the IPV4 Tunnel when access from local firewall or may be is blocked by firewall rule.

When I ping that host with webservice in network A from another host in network B that is possible and also I can access that webservice on host in network A from a browser in network B.

What must be configured to get this connection from haproxy in firewall B to reach a service behind firewall A - routed by IPV4 tunnel?

Thank you in advance