Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Weird issue haproxy behind ipsec tunnel

    General pfSense Questions
    2
    3
    977
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      Vince62s
      last edited by

      Hi,

      here is my config :

      One pfsense A with several IPSEC tunnels to many other Firewalls of which one pfsense B.
      On lan behind pfsense A I have a HAPROXY on another machine, serving RDP loadbalancing.

      Any client connecting to haproxy from behind all other firewalls connect properly to haproxy and are redispatched
      to TSE farm servers.
      For clients behind pfsense B, it does not work. ping works both ways between these clients and haproxy / tse farm servers.
      Clients see open port 3389 on haproxy, the connection is initiated and pfsense state is created to 3389, but then it hangs
      as if the reverse path was not found.

      Any idea ?

      1 Reply Last reply Reply Quote 0
      • X
        xadhoom
        last edited by

        Hi have the same problem, you can resolve disabling transparent proxy in the backend
        Transparent ClientIP

        1 Reply Last reply Reply Quote 0
        • X
          xadhoom
          last edited by

          Yes I know this but how can I get the log of connection without it ? I mean that if I disable the transparent ip I will read that connection are coming from pf.
          I need that only for ipsec tunnel or for a specific address webservers that are behind haproxy have to answer back directly.
          I mean that if I'm on 192.168.x.x and connected via ipsec to pf the LAN side of pf having 10.1.x.x , on this network we have  haproxy working on port 80 and 443, if i try to do an http://10.1.x.x it won't respond back ( any other port like ssh do ).

          Best regards

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.