Weird issue haproxy behind ipsec tunnel

Vince62s · Apr 21, 2015, 5:11 AM

Hi,

here is my config :

One pfsense A with several IPSEC tunnels to many other Firewalls of which one pfsense B.
On lan behind pfsense A I have a HAPROXY on another machine, serving RDP loadbalancing.

Any client connecting to haproxy from behind all other firewalls connect properly to haproxy and are redispatched
to TSE farm servers.
For clients behind pfsense B, it does not work. ping works both ways between these clients and haproxy / tse farm servers.
Clients see open port 3389 on haproxy, the connection is initiated and pfsense state is created to 3389, but then it hangs
as if the reverse path was not found.

Any idea ?

xadhoom · May 4, 2015, 3:11 PM

Hi have the same problem, you can resolve disabling transparent proxy in the backend
Transparent ClientIP

xadhoom · May 5, 2015, 5:59 AM

Yes I know this but how can I get the log of connection without it ? I mean that if I disable the transparent ip I will read that connection are coming from pf.
I need that only for ipsec tunnel or for a specific address webservers that are behind haproxy have to answer back directly.
I mean that if I'm on 192.168.x.x and connected via ipsec to pf the LAN side of pf having 10.1.x.x , on this network we have haproxy working on port 80 and 443, if i try to do an http://10.1.x.x it won't respond back ( any other port like ssh do ).

Best regards