Thanks Chris and Ivo for your responses. I was unaware that our topology for the network was a little unusual and in fact there is another service outside the firewall listening on the IP I wanted to use. This (unsurprisingly) was making anything trying to use that IP very unreliable.
--cro On Sat, Dec 12, 2015 at 5:38 AM, Ivo Tonev <i...@tonev.pro.br> wrote: > Run "netstat -anl | grep LISTEN | grep 443" ( for tcp ) to verify on whitch > port/ip haproxy and openvpn are running. Openvpn don't listen on VIP. > Em 12/12/2015 10:31, "C. R. Oldham" <c...@ncbt.org> escreveu: > > > Actually I think I characterized this problem the wrong way. > > > > It appears that neither haproxy nor nginx (when used as a proxy) are > > reliable on our pfSense firewall. They will work for a while, then they > > stop passing traffic for a while, then they work awhile. Restarting them > > doesn't make them responsive immediately. I am at a loss to explain > this. > > I've confirmed there are no other processes listening on port 443 on any > IP > > (virtual or physical). If anyone has ideas I'd love to hear them. > > > > --cro > > > > > > On Fri, Dec 11, 2015 at 8:14 AM, C. R. Oldham <c...@ncbt.org> wrote: > > > > > Greetings, > > > > > > We've recently replaced both our routers with pfSense. I am using tinc > > > for site-to-site VPN and OpenVPN for clients to connect. > > > > > > Since some of our support engineers often end up onsite with > customers, I > > > want to enable OpenVPN over TCP port 443--we've noticed that many of > our > > > customers block outbound UDP, but using the https port works fine. > > > > > > However, we also have haproxy on our firewall proxying for some web > > > applications on port 443. but on a different virtual IP from OpenVPN. > > If I > > > enable OpenVPN on the TCP port, haproxy stops working, even though they > > are > > > listening on different IPs. > > > > > > I have appropriate firewall rules for both virtual IPs in place. > > > > > > Can anyone shed some insight on how I can fix this? > > > > > > Thanks. > > > > > > --cro > > > > > > > > _______________________________________________ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
