HAProxy: OpenVPN & Webpage on port 443

Started by Vaseer, November 19, 2017, 07:26:04 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 19, 2017, 07:26:04 PM
OPNsense: 17.7.7_1-amd64
HAProxy: 1.17

Hi. I need some help configuring HAProxy for routing OpenVPN and Webpage (https) traffic, that are listening on same port - 443.
I use OpenVPN within OPNsense. https traffic (NextCloud) is redirected to server in LAN network.
OpenVPN is up an running on port 443 (at this moment, HAProxy is not running yet), NextCloud is (for now) reachable only within LAN (or via VPN) on 443.

I found this How-to: https://docs.opnsense.org/manual/how-tos/haproxy.html/, but I am missing information about redirecting traffic for OpenVPN. Do I redirect OpenVPN traffic to 127.0.0.1:443?
Is there How-to or any other tutorial for configuring HAProxy for my example?

Any kind of information is welcome.

Br, Vaseer
November 19, 2017, 10:09:11 PM #1
I don't think this can work. Even if you configure OpenVPN to use port 443, it's still not HTTP.
HAProxy can redirect requests to the same front end to different servers, but IMHO only in HTTP mode, not in TCP mode.
You'll need two IPs or a separate port for OpenVPN.
November 20, 2017, 08:30:10 AM #2
ChrisH is right, it won't work; HA proxy will not pass OpenVPN traffic.

What you can use is SSLH: http://www.rutschle.net/sslh This is not available as a package for OPNsense (yet) but will install on FreeBSD.

The OPNsense github page will take feature requests.

Bart...
November 20, 2017, 11:42:26 AM #3
I wonder if the "port-share" option in OpenVPN server could be of help?

https://www.bestvpn.com/how-to-hide-openvpn-traffic-an-introduction/

Look for "Sinister Brain" in the comments section.


Regards,


Miroco
November 20, 2017, 11:58:01 AM #4
Thanks for suggestions. I will look at them.
Print
Go Up Pages1
User actions