subject:"\[Openvpn\-devel\] ngx_stream_ssl_preread_module does not seem to extract the server

Re: [Openvpn-devel] ngx_stream_ssl_preread_module does not seem to extract the server_name when connecting with openconnect

2016-12-17 Thread Илья Шипицин

2016-12-15 23:50 GMT+07:00 Thomas Glanzmann :

> Hello Roman,
>
> > You can try logging $ssl_preread_server_name in access_log.
>
> thank you. It seems that nginx is not able to extract the server_name
> from openconnect correctly:
>
> 2a01:598:8181:37ef:95e1:682:4c98:449e - [15/Dec/2016:17:45:57 +0100] ""
>
> When I connect with a browser:
>
> 2a01:598:8181:37ef:95e1:682:4c98:449e - [15/Dec/2016:17:46:20 +0100] "
> vpn.gmvl.de"
>
> This seems to be one problem. And another problem seems that backend
> communication between nginx and ocserv using the proxy protocol.
>
> Here is tcpdump of the openconnect ssl handshake with nginx:
>
> https://thomas.glanzmann.de/tmp/openconnect_sni.pcap



do you mean port sharing between OpenVPN and Cisco AnyConnect ?


>
>
> I'm using the command line 'openconnect vpn.gmvl.de'.
>
> Cheers,
> Thomas
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> ___
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] ngx_stream_ssl_preread_module does not seem to extract the server_name when connecting with openconnect

2016-12-15 Thread Thomas Glanzmann

Hello Roman,

> You can try logging $ssl_preread_server_name in access_log.

thank you. It seems that nginx is not able to extract the server_name
from openconnect correctly:

2a01:598:8181:37ef:95e1:682:4c98:449e - [15/Dec/2016:17:45:57 +0100] ""

When I connect with a browser:

2a01:598:8181:37ef:95e1:682:4c98:449e - [15/Dec/2016:17:46:20 +0100] 
"vpn.gmvl.de"

This seems to be one problem. And another problem seems that backend
communication between nginx and ocserv using the proxy protocol.

Here is tcpdump of the openconnect ssl handshake with nginx:

https://thomas.glanzmann.de/tmp/openconnect_sni.pcap

I'm using the command line 'openconnect vpn.gmvl.de'.

Cheers,
Thomas

--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] ngx_stream_ssl_preread_module does not seem to extract the server_name when connecting with openconnect

Re: [Openvpn-devel] ngx_stream_ssl_preread_module does not seem to extract the server_name when connecting with openconnect

2 matches

Site Navigation

Mail list logo

Footer information