@lw3234 wrote:
Hi there,
I recently setup haproxy (Version 1.7 on pfsense) in order to do some tcp routing and therefore to share port 443 with different services.
The services to be used are: Https, OpenVPN, XMPP. The config itself works fine for each of the 3 services. However I was not able to find a way to destinguish successfully between OpenVPN and XMPP.
My current config looks like this:
frontend ssl mode tcp bind 0.0.0.0:443 name frontend-ssl option tcplog tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1 } use_backend main-ssl if { req.ssl_hello_type 1 } use_backend openvpn if !{ req.ssl_hello_type 1 } !{ req.len 0 } use_backend xmpp if { payload(0,5) 3c3f786d6c } !{ req.ssl_hello_type 1 } !{ req.len 0 } backend main-ssl mode tcp server main-ssl 127.0.0.1:8443 send-proxy backend openvpn mode tcp server openvpn-localhost 127.0.0.1:1194 backend xmpp mode tcp server xmpp-localhost 127.0.0.1:5222As you can see payload(0,5) 3c3f786d6c is used to identify the xml payload of an xmpp message. This works for some XMPP clients like pidgin. However, other clients like Xabber cannot connect, their requests seem to be not recognized correctly.
So, question is: How can I destinguish between OpenVPN and XMPP ? Is there a way to identify the payload of OpenVPN ?
Thank you for your help in advance.
Regards,
Posts: 3
Participants: 2