Hello Roman, > You can try logging $ssl_preread_server_name in access_log.
thank you. It seems that nginx is not able to extract the server_name from openconnect correctly: 2a01:598:8181:37ef:95e1:682:4c98:449e - [15/Dec/2016:17:45:57 +0100] "" When I connect with a browser: 2a01:598:8181:37ef:95e1:682:4c98:449e - [15/Dec/2016:17:46:20 +0100] "vpn.gmvl.de" This seems to be one problem. And another problem seems that backend communication between nginx and ocserv using the proxy protocol. Here is tcpdump of the openconnect ssl handshake with nginx: https://thomas.glanzmann.de/tmp/openconnect_sni.pcap I'm using the command line 'openconnect vpn.gmvl.de'. Cheers, Thomas ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel