global
	user haproxy
	group haproxy
	#daemon

	# Default SSL material locations
	#ca-base /etc/ssl/certs
	#crt-base /etc/ssl/private

	ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL


defaults
	log	global
	mode	http
	option	dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000

frontend ssl
	mode tcp
	bind *:@HAPORT@
	tcp-request inspect-delay 5s
	tcp-request content accept if { req.ssl_hello_type 1 }

use_backend ocserv

backend ocserv
	mode tcp
#	option ssl-hello-chk
	server server-vpn @ADDRESS@:@PORT@ check send-proxy-v2 send-proxy-v2-ssl-cn