PFSENSE + HAproxy - Client Certificate Authentication - Any Resources?


Someone suggested I try posting this here, as Tom, you’ve had some great PFSENSE + HAproxy resources (already watched your videos).

Ultimately my goal is to allow access to some internal servers, but secure it behind a client certificate authentication.

  • meaning, clients that have the certificate, can access the internal servers, but the rest of the world cannot.
  • ideally traffic would also then be encrypted via a typical ACME+HAproxy HTTPS connection.

It’s my understanding that this should be possible, but I’m having trouble finding any good resources for this type of implementation.

  • google-foo results seem to mainly be people asking for help.

If I can help clarify anything about what I’m trying to do, please let me know.

Thank you!

If docker is an option, I would use Traefik + Authelia since those two work together really well. You can get haproxy to work with authelia too: HAProxy - Authelia
Just requires a little bit of tinkering.

Not something that I have tested or used with HAProxy so not sure where to point you for that. Most people go for the easier to manage solution of using a VPN. Try the pfsense forums.