Exchange and proxy issues (Solved)



  • Hi all,

    Firstly, please excuse my ignorance in my post I'm still learning the ropes on pfsense. My pfsense setup has been working solid for almost a year now however I have one little issue that's got me stumped.

    I posted a few days ago in the General forum about an authentication issue with a webmail client and failing to gain access from the network.

    I have pfSense running with a dual-wan setup using load balancing. Upon further research could this error be because I'm trying to access the webmail server via the dual-wan with different DNS servers?

    At first I thought it'd be a port issue, so I checked the system logs from the IP of the computer that was trying to access the webmail and opened the port that it was clearly trying to reach but still no avail.

    Would this work if I used the Reverse Proxy in Squid?

    Thanks in advance for your help! I'll throw you as much information as I can if need be!



  • Could you please clarify (because this is not clear to me) whether you try to access internal service from outside (WAN) or external service from your LAN. I understood that you want from your LAN access server running on internet but then I don't understand where the reverse proxy stuff would occur  :-[

    From LAN to WAN with WAN fail-over or load balancing, you should implement the sticky connection (IMHO) if not already done.
    As you discuss proxy: to me, if you deploy proxy running on pfSense itself, then it won't benefit from the load-balancing/failover mechanism as this one is based on FW rule defining your group gateway as target.

    Well, my points show that your landscape description is not clear enough to allow any conclusion, unless I don't understand.



  • I'm trying to access a external service from the LAN.

    I can access the page (https://webmail.123-reg.co.uk/ox6/ox.html) but I get an authentication error upon logging in.  I've been doing some reading which has lead me to believe it could be a proxy issue but I have no proof (or knowledge to that fact) it is of course.



  • Much clearer  ;)
    Next step would be to be more accurate about error message you receive.

    So, there is no reverse proxy in the pipe, at least from your side. Perhaps proxy ? if yes you should describe it: where is, if any, this proxy running? Explicit or transparent mode, authentication (if explicit).

    As far as I guess, this is not Exchange but OpeneXchange application BTW  ;)



  • The error message says "Session Invalidated" and on a second attempt to log-in I get a user credentials error (which I can't remember what it said  says exactly as not currently on site).

    There isn't, to my knowlege any proxy running on pfsense unless it was configured by default on install as I haven't configured anything.

    Aye, I wasn't sure if Open-xchange was the same protocol etc as Exchange you see  :P



  • Openchange does implement, indeed, Exchange-like protocol however here it doesn't matter are you are using Open-xchange which is something different too because using HTTP (basically this application is web based, nothing to do with any mail related protocol).

    As I suggested in my first mail, did you look at "sticky connection" setting which should prevent to swing between your 2 WAN gateways?
    As connection is most-likely based on session cookies + IP address, when winging from one WAN to the other, your source IP is seen as different, which may generate such error.



  • Oki doki, I'll have a look at sticky connection the next time I'm there (or when there's a computer available to connect to).

    However, reading about "sticky connection" does sound like it could be the solution when reading about similar problems that people have had.

    I'll let you know when I've tried. Hopefully I'll be successful.

    Thanks :)



  • Enabled sticky connection and all is good in the world. For now!

    Thank you  :D


Log in to reply