Author Topic: haproxy: mixed ssl passthrough and offloading (Read 8329 times)

lebernd · « **on:** June 21, 2020, 09:35:45 pm »

Hello everybody,

I'm trying to make something like this: https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki/pfsense_2_3_haproxy_sni_plus_offloading_backends working on opnsense.

As I'm getting closer to a working passthrough connection - I'm not sure how I can bind a default backend that is looping to an offloading frontend.

Has anyone something like this working?

Thanks and best,
Bernd

trogie · « **Reply #1 on:** September 25, 2021, 10:25:10 am »

Hello, ever succeeded in configuring that ssl passthrough?

SamanthaMcLean · « **Reply #2 on:** October 01, 2021, 10:09:13 am »

Tell me, have you found a solution for yourself?

sorano · « **Reply #3 on:** October 01, 2021, 08:43:17 pm »

I think this guide should cover it:

https://forum.opnsense.org/index.php?topic=23339.0

Tubs · « **Reply #4 on:** August 27, 2022, 11:53:27 pm »

Could anybody get mixed modes passthrough and offloading running with HAProxy under OPNsense meanwhile?

I only get running either with offloading or with passthrough, but not in parallel. What I would like to achieve is to use passthrough for one server and offloading for another server and distinguish via SNI or hostname.

I guess this instruction for pfsense is exactly what I am looking for. Unfortunately, I am not able to transfer this to OPNsense.

https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki/pfsense_2_3_haproxy_sni_plus_offloading_backends

Any idea?

Tubs · « **Reply #5 on:** August 28, 2022, 09:42:51 pm »

Quote from: Tubs on August 27, 2022, 11:53:27 pm

I only get running either with offloading or with passthrough, but not in parallel. What I would like to achieve is to use passthrough for one server and offloading for another server and distinguish via SNI or hostname.

After reading a couple of time and trial-and-error, finally I got it running. The key infortation was written in the chapter:

Quote

6. How can we load balance TCP traffic that we don't want to get SSL offloaded, f.e. OpenVPN over TCP?
In my tutorial I only explain how to "redirect+load balance SSL offloaded traffic".
This is because I myself don't have (yet) the need to actually load balance any non SSL traffic.
However balancing non SSL traffic is pretty much the same as balancing SSL traffic.
You only have to make sure that your "NOSSLservice_rule" or "NOSSLservices_map-file_rule" is placed on the "SNI_frontend" instead of the "HTTPS_frontend" and that the backend that belongs to your "NOSSLservice_server" is running in TCP mode.

brynjolm · « **Reply #6 on:** February 01, 2023, 08:45:09 pm »

Quote from: Tubs on August 28, 2022, 09:42:51 pm

After reading a couple of time and trial-and-error, finally I got it running. The key infortation was written in the chapter:

sorry to ressurect but would like to know how you were able to implement this

Author Topic: haproxy: mixed ssl passthrough and offloading (Read 8329 times)

lebernd

haproxy: mixed ssl passthrough and offloading

trogie

Re: haproxy: mixed ssl passthrough and offloading

SamanthaMcLean

Re: haproxy: mixed ssl passthrough and offloading

sorano

Re: haproxy: mixed ssl passthrough and offloading

Tubs

Re: haproxy: mixed ssl passthrough and offloading

Tubs

Re: haproxy: mixed ssl passthrough and offloading

brynjolm

Re: haproxy: mixed ssl passthrough and offloading