load balance two ports

[Julien]

Hi guys,
I don't know if this possible like on pfsense to load balance ports 443 and 80 to differetns hosts on the LAN.
hope someone can point me on the right directions

Thank you

[franco]

Hi Julien,

Sure, use the os-relayd plugin (the pfSense "load balancer"), or the os-haproxy plugin (specifically written for OPNsense).

I think that some time in 2018, we may be removing the os-relayd plugin in favour of os-haproxy as it has some advantages like still being developed and supporting Let's Encrypt integration.


Cheers,
Franco

[Julien]

Thank you Franco,
I will be testing the the os-haproxy plugin  as I need a fully support opnsense plug in.
appreciate it your support
is there a kind of document about os-haproxy?

[franco]

Hi Julien,

There is a bit of info in the original code merges on GitHub that Frank put up:

https://github.com/opnsense/plugins/pull/10

I would also suggest to peek at the HAproxy documentation, the terminology in the plugin should match the handbook:

http://cbonte.github.io/haproxy-dconv/1.7/intro.html


Cheers,
Franco

[Julien]

Thank you Franco,
i'll go ahead and test it, if I have any questions I will report back.
I have checked on the plug in but I can't find the os-haproxy
is there is some kind of commands line to use in order to install it ?

thank you

[franco]

System: Firmware: Plugins. Not there?

[Julien]

System: Firmware: Plugins. Not there?

Found it,
was looking at the packages and not the plug in.
Thank you sir,
will try it now
We have two exchanges servers with ssl certificate, do we have to import the SSL to the Opnsense to get them checked ?

[franco]

Yes, correct, import them under System: Trust to be able to use them.

[Julien]

Yes, correct, import them under System: Trust to be able to use them.

I have the certificate on the .PFX extention.
I am not sure how I can import it to the firewall.

hope you can point me how to configure this as I can't seem to find a working Documentation about this.

[bartjsmit]

Hi Julien,

run...

openssl pkcs12 -in input.pfx -nocerts -out key.pem
openssl pkcs12 -in input.pfx -clcerts -nokeys -out certs.pem

...to get the key and the certs respectively. You may want to parse out the certs into separate files and check which one is which by:

openssl x509 -in test.pem -noout -text | less

Bart...

[Julien]

Hi Julien,

run...

openssl pkcs12 -in input.pfx -nocerts -out key.pem
openssl pkcs12 -in input.pfx -clcerts -nokeys -out certs.pem

...to get the key and the certs respectively. You may want to parse out the certs into separate files and check which one is which by:

openssl x509 -in test.pem -noout -text | less

Bart...

Thank you So much Bart,
Have you configured the HAProxy ? I've been reading over but can't seem to figured out how to get it configured.

[bartjsmit]

Sorry Julien, no ha-proxy here - my setup is rather simpler than yours. I have just done a fair bit of openssl over the years ;-)

Bart...

[Julien]

Sorry Julien, no ha-proxy here - my setup is rather simpler than yours. I have just done a fair bit of openssl over the years ;-)

Bart...

Thank you,
I managed to find the how to which is a German but thanks god for google translate
https://www.frankysweb.de/exchange-2016-opnsense-haproxy-und-lets-encrypt/

[Julien]

I can't seem to get it working.
I hope someone can help me getting this fixed as it getting urgent.