OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • HAProxy: OpenVPN & Webpage on port 443
« previous next »
  • Print
Pages: [1]

Author Topic: HAProxy: OpenVPN & Webpage on port 443  (Read 5759 times)

Vaseer

  • Newbie
  • *
  • Posts: 10
  • Karma: 0
    • View Profile
HAProxy: OpenVPN & Webpage on port 443
« on: November 19, 2017, 07:26:04 pm »
OPNsense: 17.7.7_1-amd64
HAProxy: 1.17

Hi. I need some help configuring HAProxy for routing OpenVPN and Webpage (https) traffic, that are listening on same port - 443.
I use OpenVPN within OPNsense. https traffic (NextCloud) is redirected to server in LAN network.
OpenVPN is up an running on port 443 (at this moment, HAProxy is not running yet), NextCloud is (for now) reachable only within LAN (or via VPN) on 443.

I found this How-to: https://docs.opnsense.org/manual/how-tos/haproxy.html/, but I am missing information about redirecting traffic for OpenVPN. Do I redirect OpenVPN traffic to 127.0.0.1:443?
Is there How-to or any other tutorial for configuring HAProxy for my example?

Any kind of information is welcome.

Br, Vaseer
Logged

ChrisH

  • Jr. Member
  • **
  • Posts: 67
  • Karma: 6
    • View Profile
Re: HAProxy: OpenVPN & Webpage on port 443
« Reply #1 on: November 19, 2017, 10:09:11 pm »
I don't think this can work. Even if you configure OpenVPN to use port 443, it's still not HTTP.
HAProxy can redirect requests to the same front end to different servers, but IMHO only in HTTP mode, not in TCP mode.
You'll need two IPs or a separate port for OpenVPN.
Logged

bartjsmit

  • Hero Member
  • *****
  • Posts: 1661
  • Karma: 168
    • View Profile
Re: HAProxy: OpenVPN & Webpage on port 443
« Reply #2 on: November 20, 2017, 08:30:10 am »
ChrisH is right, it won't work; HA proxy will not pass OpenVPN traffic.

What you can use is SSLH: http://www.rutschle.net/sslh This is not available as a package for OPNsense (yet) but will install on FreeBSD.

The OPNsense github page will take feature requests.

Bart...
Logged

miroco

  • Full Member
  • ***
  • Posts: 106
  • Karma: 8
    • View Profile
Re: HAProxy: OpenVPN & Webpage on port 443
« Reply #3 on: November 20, 2017, 11:42:26 am »
I wonder if the "port-share" option in OpenVPN server could be of help?

https://www.bestvpn.com/how-to-hide-openvpn-traffic-an-introduction/

Look for "Sinister Brain" in the comments section.


Regards,


Miroco
Logged

Vaseer

  • Newbie
  • *
  • Posts: 10
  • Karma: 0
    • View Profile
Re: HAProxy: OpenVPN & Webpage on port 443
« Reply #4 on: November 20, 2017, 11:58:01 am »
Thanks for suggestions. I will look at them.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • HAProxy: OpenVPN & Webpage on port 443
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2