ocserv 0.10.6
Niels Peen
niels at peen.ch
Wed Jul 15 02:49:50 PDT 2015
> On 15 Jul 2015, at 11:12, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
>
> On Wed, Jul 15, 2015 at 10:54 AM, Niels Peen <niels at peen.ch> wrote:
>>> On Thu, Jul 2, 2015 at 5:20 PM, Niels Peen <niels at peen.ch> wrote:
>>>>> - The worker processes will utilize the UDP socket address (if any),
>>>>> when reporting peer's address if the listen-clear-file option is set.
>>>> Is it possible to enable this feature for all connections? (Not just non-TLS connections.) The same functionality would be useful for TLS connections forwarded by a simple SNI selector like sniproxy.
>>> I'm wondering whether it makes sense to do that which is an ugly hack,
>>> instead of supporting the proxy protocol [0] from haproxy. It allows
>>> the proxy to send all the useful information at session initiation.
>> I can’t answer that. The reason I use sniproxy is because it allows
>> wild-cards and a large number of different selectors with minimal
>> overhead or configuration.
>
> Wouldn't it make sense to request that feature from sniproxy? The
> overhead of version 2 proxy protocol header is insignificant.
True. Done.
https://github.com/dlundquist/sniproxy/issues/171
Best regards,
Niels
(re-sent as plain-text)
More information about the openconnect-devel
mailing list