How to route Haproxy traffic only over OpenVPN


I’ve followed Tom’s video on setting up Haproxy. Everything works when accessing the web server over the wan address with a firewall rule pointing it’s self (This Firewall). I can’t figure out how to only allow traffic through when clients are only connected to the OpenVPN server. Can anyone point me in the right direction?

Thanks, Ben

OpenVPN clients should be able to access what ever interface you have HAProxy bound to as long as they don’t have any firewall rule stopping them from doing so.

Thanks for your message. It prompted me to look at the firewall logs again. I can see that the vpn isn’t being used to routed the traffic. I then did a traceroute on the client machine connected to the vpn.

Traceroute’ing addresses that are not hosted locally/not using Haproxy are routed through the vpn.

Addresses that are hosted on Haproxy are not routed through the vpn.

I’ve tried changing the obvious settings in the vpn config with no joy. Do you have any insight why this is happening? Thanks again.

Not sure, make sure you have all the networks you want to work in the OpenVPN server config.

Are you wanting the VPN clients to connect to your haproxy via the vpn connection?

If this is the case. Have a look at virtual ips.

Setup a virtual ip in the OpenVPN subnet
Setup dns record for your hostname.domain to point to the virtual ip
Setup haproxy with the front end of the virtual ip.

You should then be able to access it via that. That would also assume that your using the pfsense as the dns server for the vpn

Thanks. This did help!