ocserv proxy protocol support
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Sat Aug 22 04:26:02 PDT 2015
On Fri, 2015-08-21 at 22:31 +0200, Niels Peen wrote:
> Hi,
>
> I’m now using haproxy’s proxy protocol go get the client’s real IP
> address to ocserv. (As opposed to using sniproxy and losing this
> information.)
>
> It works very well for Radius, which now receives the clients real IP
> address.
> Two questions:
> 1) occtl and the script variable REAL_IP still show 127.0.0.1 as the
> client’s IP address. Is this expected?
No really, it seems like an omission as these use cases were not
considered.
> 2) I understand the proxy protocol also communicates the destination
> address. Can this destination address be made available to the
> connect script? (E.g. IP_REAL_LOCAL.)
I've made a patch to correct (1) and also add (2), but it is not tested
yet. If you want to check it, it is at the ip-real branch of ocserv.
regards,
Nikos
More information about the openconnect-devel
mailing list