HAProxy: OpenVPN & Webpage on port 443

[Vaseer]

OPNsense: 17.7.7_1-amd64
HAProxy: 1.17

Hi. I need some help configuring HAProxy for routing OpenVPN and Webpage (https) traffic, that are listening on same port - 443.
I use OpenVPN within OPNsense. https traffic (NextCloud) is redirected to server in LAN network.
OpenVPN is up an running on port 443 (at this moment, HAProxy is not running yet), NextCloud is (for now) reachable only within LAN (or via VPN) on 443.

I found this How-to: https://docs.opnsense.org/manual/how-tos/haproxy.html/, but I am missing information about redirecting traffic for OpenVPN. Do I redirect OpenVPN traffic to 127.0.0.1:443?
Is there How-to or any other tutorial for configuring HAProxy for my example?

Any kind of information is welcome.

Br, Vaseer

[ChrisH]

I don't think this can work. Even if you configure OpenVPN to use port 443, it's still not HTTP.
HAProxy can redirect requests to the same front end to different servers, but IMHO only in HTTP mode, not in TCP mode.
You'll need two IPs or a separate port for OpenVPN.

[bartjsmit]

ChrisH is right, it won't work; HA proxy will not pass OpenVPN traffic.

What you can use is SSLH: http://www.rutschle.net/sslh This is not available as a package for OPNsense (yet) but will install on FreeBSD.

The OPNsense github page will take feature requests.

Bart...

[miroco]

I wonder if the "port-share" option in OpenVPN server could be of help?

https://www.bestvpn.com/how-to-hide-openvpn-traffic-an-introduction/

Look for "Sinister Brain" in the comments section.


Regards,


Miroco

[Vaseer]

Thanks for suggestions. I will look at them.