Haproxy with OpenVPN and ocserv

One of the reasons I wanna setup OpenVPN and ocserv OpenConnect under port 443 is because my university start to blocking ports. Usually port 443 is use as HTTPS protocol, in general firewall dont block it by default.

Solution

Updated April 29 2019
// Openvpn conf
nano /etc/openvpn/server.conf
tcp
port 993

// Openconnect ocserv
nano /etc/ocserv/ocserv.conf
tcp port 4443
listen-proxy-proto = true

// Haproxy conf
nano /etc/haproxy/haproxy.cfg

frontend www-https
   bind :::443
   mode tcp
   tcp-request inspect-delay 5s
   tcp-request content accept if { req.ssl_hello_type 1 }
   use_backend openvpn        if  !{ req.ssl_hello_type 1 } !{ req.len 0 }
   acl vpn-app req_ssl_sni -i vpn.xx.com
   option ssl-hello-chk
   use_backend ocserv

backend ocserv
	mode tcp
	option ssl-hello-chk
	server ocserv 127.0.0.1:4443 send-proxy-v2	 

backend openvpn
        mode tcp
        server openvpn-vpn 127.0.0.1:993
// End HAProxy conf

References:

  1. https://github.com/openconnect/recipes/blob/master/ocserv-multihost.md
  2. https://314es.pl/https-openvpn-and-ssh-on-one-port-thanks-to-haproxy
  3. https://huataihuang.gitbooks.io/cloud-atlas/service/ssh/sslh_multi_service_in_one_port.html
  4. https://ocserv.gitlab.io/www/recipes-ocserv-multihost.html
  5. https://github.com/dlundquist/sniproxy
  6. https://www.linuxbabe.com/ubuntu/openconnect-vpn-server-ocserv-ubuntu-16-04-17-10-lets-encrypt