ocserv 0.10.6

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Jul 15 02:12:00 PDT 2015


On Wed, Jul 15, 2015 at 10:54 AM, Niels Peen <niels at peen.ch> wrote:
>> On Thu, Jul 2, 2015 at 5:20 PM, Niels Peen <niels at peen.ch> wrote:
>>>> - The worker processes will utilize the UDP socket address (if any),
>>>> when reporting peer's address if the listen-clear-file option is set.
>>> Is it possible to enable this feature for all connections? (Not just non-TLS connections.) The same functionality would be useful for TLS connections forwarded by a simple SNI selector like sniproxy.
>> I'm wondering whether it makes sense to do that which is an ugly hack,
>> instead of supporting the proxy protocol [0] from haproxy. It allows
>> the proxy to send all the useful information at session initiation.
> I can’t answer that. The reason I use sniproxy is because it allows
> wild-cards and a large number of different selectors with minimal
> overhead or configuration.

Wouldn't it make sense to request that feature from sniproxy? The
overhead of version 2 proxy protocol header is insignificant.

regards,
Nikos



More information about the openconnect-devel mailing list