Hi Eugene,
> Hello,
>
> we have a problems with TLS offload using HaProxy & TLS VPN (ocserv, ~ Cisco
> VPN).
>
> [...]
>
> It happens at first connection after ~ 30-50 packets.
> Everything is OK if we switch off TLS offload (haproxy TCP mode & server
> "localhost:4443").
You are doing 2 things at once:
- disabling TLS offload
- switching from IP to unix sockets for backend traffic
Does the issue still happen with TLS offload, but with an IP backend over
localhost (instead of a unix socket)? I don't think so, as the TCP layer should
take care of this.
Regarding multiple writes, haproxy is heavily optimized for performance
and scalability, those kinds of behavior heavily depend on whats in the
buffer.
Some "strace -tt" together with a frontend tcpdump (-s0) of the TLS
session and the ouput of "haproxy -vv" would shed more light on this.
Regards,
Lukas
