I have been playing with OpenBalena on a Proxmox VM and everything works great as long as the devices are connected to the same LAN.
When trying to make OpenBalena accessible from the outside I’m facing an issue with the VPN connection (I guess, not sure). My setup is that I have a DMZ with a Traefik 2.3 reverse proxy on port 443 and I have configured my router to forward traffic on port 3128 directly to the VM.
Since OpenBalena is doing some trick on the TCP connection for the VPN, I’m configuring a TCP router on traefik to transparently forward traffic to the VM and only take care of the certificates.
This is my configuration on traefik:
tcp: routers: openbalena: entryPoints: "https" rule: "HostSNI(`openbalena.mydomain.com`,`api.openbalena.mydomain.com`,`vpn.openbalena.mydomain.com`,`s3.openbalena.mydomain.com`,`registry.openbalena.mydomain.com`)" service: "openbalena" tls: passthrough: "true" services: openbalena: loadBalancer: servers: - address: "192.168.1.201:443"
All the subdomains are pointing to my router. Balena CLI works great, I can do everything with it form inside and outside the LAN.
When de device is inside my LAN, with the vpn.openbalena.mydomain.com pointing to my VM it works but as soon as it’s outside the LAN (and it goes through my router and my traefik) it always shows as offline. The application on the device works (it s a TTN gateway and I can see it posting to the TTN console), it registers (I can see it when typing “balena devices”), I can see the logs of the device but it’s always offline and I cannot SSH to it.
Any insights on what I should double check? I’m not 100% sure but my guess is that it’s got to be with the VPN connection and TCP trick HAProxy does. My traefik might be stripping out some info HAProxy requires to handle the connection properly.
BTW: awesome projec! !