• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Weird issue haproxy behind ipsec tunnel

Scheduled Pinned Locked Moved General pfSense Questions
3 Posts 2 Posters 987 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • V
    Vince62s
    last edited by Apr 21, 2015, 5:11 AM

    Hi,

    here is my config :

    One pfsense A with several IPSEC tunnels to many other Firewalls of which one pfsense B.
    On lan behind pfsense A I have a HAPROXY on another machine, serving RDP loadbalancing.

    Any client connecting to haproxy from behind all other firewalls connect properly to haproxy and are redispatched
    to TSE farm servers.
    For clients behind pfsense B, it does not work. ping works both ways between these clients and haproxy / tse farm servers.
    Clients see open port 3389 on haproxy, the connection is initiated and pfsense state is created to 3389, but then it hangs
    as if the reverse path was not found.

    Any idea ?

    1 Reply Last reply Reply Quote 0
    • X
      xadhoom
      last edited by May 4, 2015, 3:11 PM

      Hi have the same problem, you can resolve disabling transparent proxy in the backend
      Transparent ClientIP

      1 Reply Last reply Reply Quote 0
      • X
        xadhoom
        last edited by May 5, 2015, 5:59 AM

        Yes I know this but how can I get the log of connection without it ? I mean that if I disable the transparent ip I will read that connection are coming from pf.
        I need that only for ipsec tunnel or for a specific address webservers that are behind haproxy have to answer back directly.
        I mean that if I'm on 192.168.x.x and connected via ipsec to pf the LAN side of pf having 10.1.x.x , on this network we have  haproxy working on port 80 and 443, if i try to do an http://10.1.x.x it won't respond back ( any other port like ssh do ).

        Best regards

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          [[user:consent.lead]]
          [[user:consent.not_received]]