Technically ocserv works as an HTTPS server up to the point the VPN session is established. If you want to stick with HTTPS-only (i.e., no UDP), you could run over a CDN if the CDN would handle the HTTP CONNECT and forward the following traffic. In practice I'm not aware of any CDNs that do that. Even if you tackle that step and find a CDN that handles it, you must then trust the CDN with your plaintext traffic.
Regards, Nikos On Wed, May 15, 2024 at 3:59 PM Dimitri Papadopoulos Orfanos <dimitri.papadopou...@cea.fr> wrote: > > Hi, > > I may be missing something, but isn't CDN about HTTP? OpenConnect is a > VPN server, not an web server. > > Le 15/05/2024 à 14:13, Moein Shahbazi a écrit : > > Hi all, > > > > I am trying to establish an ocserv vpn server on ubuntu behind CDN. > > I want to hide the osserv public IP Address from others, because of > > the risk of exposing IP addresses. > > So, I set ocserv domain name records in Cloudflare panel with proxy option > > The client requests are still routed to the server, but connection is > > not established. > > > > When I turn off the proxied option in Cloudflare, it will work fine > > and all clients will connect. > > > > Is there any way to configure ocserv, that client requests are coming from > > CDN? > > > > Best Regards. > > > > _______________________________________________ > > openconnect-devel mailing list > > openconnect-devel@lists.infradead.org > > http://lists.infradead.org/mailman/listinfo/openconnect-devel > > _______________________________________________ > openconnect-devel mailing list > openconnect-devel@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/openconnect-devel _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
