Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Remote Desktop Gateway via Reverse Proxy

    Scheduled Pinned Locked Moved pfSense Packages
    5 Posts 2 Posters 4.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      HenriH
      last edited by

      Hi,

      I'am short of port 443, is there any way to use the SQUID Reverse Proxy in conjunction with the MS RDP TS GW (RPC over HTTPS)?

      Thanks

      Henri

      1 Reply Last reply Reply Quote 0
      • M
        Mats
        last edited by

        Yes, it can be done

        I did that a few years ago but unfortunately I don't have that config anymore (I replaced squid with HA proxy and removed the RDGW) )so I can't give you a complete config.
        My  scenario was built for a single external IP scenario (ADSL from ISP)
        I did create a few different hostnames like www.example.com, Mail.example.com and rdgw.example.com. All of them resolving to the same IP (thanks to the DDns client in PFsense)
        In Squid I created rules based on the hostname and forwarded that traffic to the right backend system. Since the routing is based on hostname, all services can use 443 from the client to the firewall

        1 Reply Last reply Reply Quote 0
        • H
          HenriH
          last edited by

          Thanks a lot,

          unfortunately I get this kind of messages  :-[.

          Thanks

          Henri

          Date IP Status Address User Destination
          26.05.2017 13:21:31 5.x.x.x TAG_NONE_ABORTED/000 https://tsgw.example.com/rpc/rpcproxy.dll? - -
          26.05.2017 13:21:31 5.x.x.x TCP_MISS_ABORTED/000 https://tsgw.example.com/rpc/rpcproxy.dll? - 10.43.23.50
          26.05.2017 13:21:16 5.x.x.x TCP_MISS/200 https://tsgw.example.com/rpc/rpcproxy.dll? - 10.43.23.50
          26.05.2017 13:21:16 5.x.x.x TCP_MISS/200 https://tsgw.example.com/rpc/rpcproxy.dll? - 10.43.23.50
          26.05.2017 13:21:16 5.x.x.x TCP_MISS/401 https://tsgw.example.com/rpc/rpcproxy.dll? - 10.43.23.50
          26.05.2017 13:21:16 5.x.x.x TCP_MISS/401 https://tsgw.example.com/rpc/rpcproxy.dll? - 10.43.23.50
          26.05.2017 13:21:16 5.x.x.x TCP_MISS/401 https://tsgw.example.com/rpc/rpcproxy.dll? - 10.43.23.50
          26.05.2017 13:21:15 5.x.x.x TCP_MISS/401 https://tsgw.example.com/rpc/rpcproxy.dll? - 10.43.23.50
          26.05.2017 13:21:15 5.x.x.x TCP_MISS/404 https://tsgw.example.com/remoteDesktopGateway/ - 10.43.23.50

          1 Reply Last reply Reply Quote 0
          • M
            Mats
            last edited by

            I'm sorry that I can't help you more with squid.
            I did dig through my old backups but no luck.

            even if it's a little-off topic:
            I did find an old 2008/TSGW virtual machine though so I just had to test to set up a TSGW behind HAproxy. That worked.

            I know got a public certificate (Lets encrypt) with a san name for my TSGW, a hostname that points to the external IP of my firewall and a Haproxy config  that forwards the traffic to the TSGW server on my DMZ.

            For reference:
            Ha proxy frontend

            ACL
            TSGW Host starts with: no tsgw.Example.com

            Action
            Use Backend See below TSGW

            The backend is even easier, just a server list
            active TSGW Address+Port: 192.168.5.2 443 yes

            1 Reply Last reply Reply Quote 0
            • H
              HenriH
              last edited by

              Hi Mats,

              thanks at lot, ok I will switch to HApoxy, if that works better.

              Best regards

              Henri

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.