0

Setup

HAProxy tcp mode with OpenVPN servers as backend, all on the same machine

Problem

OpenVPN shows localhost IP instead of real IP of client in status

Question

  • Is there any method to retain the real IP of the connected client?
  • If not, is there any way to at least log the real IP in HAProxy? Or control it via a hook?
f.farah
  • 13
  • 2
  • Why use TCP proxy at all? OpenVPN will be slower in TCP mode than UDP - more round trips, because you encapsulate TCP in TCP. As for logging, yes, haproxy can log real IP of clients. `mode tcp` and `option tcplog` will help you start. – tbielaszewski Oct 06 '20 at 17:11
  • My use case forces me to use TCP with the devices I'm connecting to. – f.farah Oct 07 '20 at 04:48

1 Answers1

0

If you want the real IP on your OpenVPN Server you should take a look to haproxy's transparent proxy mode. You need to route also the return traffic through your haproxy.

As already mentioned, you can log the connections with tcplog.

And I also would recommend to use OpenVPN with UDP .

HEGE
  • 91
  • 1
  • 8