Do you have Snort in your setup? I've seen IPS causing this behavior. Best regards
Kostas Sent from my iPhone > On 12 Δεκ 2015, at 00:13, C. R. Oldham <c...@ncbt.org> wrote: > > Actually I think I characterized this problem the wrong way. > > It appears that neither haproxy nor nginx (when used as a proxy) are > reliable on our pfSense firewall. They will work for a while, then they > stop passing traffic for a while, then they work awhile. Restarting them > doesn't make them responsive immediately. I am at a loss to explain this. > I've confirmed there are no other processes listening on port 443 on any IP > (virtual or physical). If anyone has ideas I'd love to hear them. > > --cro > > >> On Fri, Dec 11, 2015 at 8:14 AM, C. R. Oldham <c...@ncbt.org> wrote: >> >> Greetings, >> >> We've recently replaced both our routers with pfSense. I am using tinc >> for site-to-site VPN and OpenVPN for clients to connect. >> >> Since some of our support engineers often end up onsite with customers, I >> want to enable OpenVPN over TCP port 443--we've noticed that many of our >> customers block outbound UDP, but using the https port works fine. >> >> However, we also have haproxy on our firewall proxying for some web >> applications on port 443. but on a different virtual IP from OpenVPN. If I >> enable OpenVPN on the TCP port, haproxy stops working, even though they are >> listening on different IPs. >> >> I have appropriate firewall rules for both virtual IPs in place. >> >> Can anyone shed some insight on how I can fix this? >> >> Thanks. >> >> --cro > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
