request for run ocserv over CDN
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Wed May 15 07:19:58 PDT 2024
Technically ocserv works as an HTTPS server up to the point the VPN
session is established. If you want to stick with HTTPS-only (i.e., no
UDP), you could run over a CDN if the CDN would handle the HTTP
CONNECT and forward the following traffic. In practice I'm not aware
of any CDNs that do that. Even if you tackle that step and find a CDN
that handles it, you must then trust the CDN with your plaintext
traffic.
Regards,
Nikos
On Wed, May 15, 2024 at 3:59 PM Dimitri Papadopoulos Orfanos
<dimitri.papadopoulos at cea.fr> wrote:
>
> Hi,
>
> I may be missing something, but isn't CDN about HTTP? OpenConnect is a
> VPN server, not an web server.
>
> Le 15/05/2024 à 14:13, Moein Shahbazi a écrit :
> > Hi all,
> >
> > I am trying to establish an ocserv vpn server on ubuntu behind CDN.
> > I want to hide the osserv public IP Address from others, because of
> > the risk of exposing IP addresses.
> > So, I set ocserv domain name records in Cloudflare panel with proxy option
> > The client requests are still routed to the server, but connection is
> > not established.
> >
> > When I turn off the proxied option in Cloudflare, it will work fine
> > and all clients will connect.
> >
> > Is there any way to configure ocserv, that client requests are coming from CDN?
> >
> > Best Regards.
> >
> > _______________________________________________
> > openconnect-devel mailing list
> > openconnect-devel at lists.infradead.org
> > http://lists.infradead.org/mailman/listinfo/openconnect-devel
>
> _______________________________________________
> openconnect-devel mailing list
> openconnect-devel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/openconnect-devel
More information about the openconnect-devel
mailing list