Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
HAProxy Frontend for IPv6
« previous
next »
Print
Pages: [
1
]
Author
Topic: HAProxy Frontend for IPv6 (Read 5556 times)
simonszu
Newbie
Posts: 17
Karma: 1
HAProxy Frontend for IPv6
«
on:
August 04, 2019, 10:06:16 am »
Hi,
i have Opnsense in a DualStack Network. Inside this network there are some docker containers with IPv4 only, and i want to have HAProxy acting as a reverse proxy and as an "IPv6 offloader". I have configured IPv6 on the docker host and it can reach the internet via IPv6, so my Interface configuration in OPNsense seems to be correct.
I have created a firewall rule which allows IPv4 and v6 traffic on port 443 to enter the firewall. I have configured the docker container as a backend, and a matching frontend which has the v4 and the v6 listen address in the settings.
As a result, the service is reachable via v4, but not via v6. I do not see any v6 connections in the HAproxy log, however, when i enable logging in the appropriate firewall rule, i see the inbound traffic.
What am i missing here?
Logged
simonszu
Newbie
Posts: 17
Karma: 1
Re: HAProxy Frontend for IPv6
«
Reply #1 on:
August 05, 2019, 01:57:01 pm »
I have to add: I am using OPNsense on a VM on a Hetzner server. It is configured like this:
https://forum.netgate.com/topic/101501/anleitung-f%C3%BCr-hetzner-ipv6-mit-pfsense-als-router-vm-auf-esxi-server
For non-german speaking users: The WAN interface is set to DHCP, and it gets a link-local address. The LAN interface gets the public address Hetzner assigns me in their Robot tool. This is working in such a way that each VM can access the internet via IPv6, and i can ping the OPNsense VM on its public IPv6, which it has on its LAN address. However, i cannot access the HAProxy.
Logged
ssbarnea
Newbie
Posts: 24
Karma: 0
Re: HAProxy Frontend for IPv6
«
Reply #2 on:
September 04, 2019, 10:51:50 am »
Is
https://github.com/opnsense/plugins/issues/540#issuecomment-527805198
the same bug? Apparently I cannot make haproxy to bind to ipv6 address. Maybe someone knows a trick about that?
Logged
simonszu
Newbie
Posts: 17
Karma: 1
Re: HAProxy Frontend for IPv6
«
Reply #3 on:
September 04, 2019, 11:07:18 am »
No. I solved it by unchecking "disable reply-to".
Your bug is different. The HAproxy plugin does not follow the IPv6 IP:port notation rule. Just remove the brackets, so to make it listen on v6 port 443, write dead:beef::1:443
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
HAProxy Frontend for IPv6