Messages

Found the fix on the haproxy, the iphones stopped sending a hostname in the packet header so it didn't match any of my rules. I had to add a default backend server, and now iphones work again.

I think it may be something on the TLS negotiation, I'm seeing a tls1.3 "change cipher spec" from the client and then a reset form the server(firewall) in packet captures.

I have been running services on a home qnap NAS for a while and I've successfully run it behind HAProxy on my OPNSense firewall for months. Yesterday all my family that use iphones lost access. Nothing seems wrong but when I disable HAproxy and just do a basic port forward it works again, so it must be something to do with the proxy setup. It is NOT affecting connections from androids or the same users over most browser connections to the same server with the same credentials, sometimes from the same device. It has consistently affected their connections via the official qnap app and firefox on an iphone. The same iphone could connect to the server on chrome.
I looked for QUIC (UDP instead of TCP) on the firewall logs based on online comments about how apple sometimes tries to force connections from https to quic, but nothing is in the logs showing my clients are trying that, so I'm stumped on what to look for or try and cannot leave this port forward in place.