Hello, colleagues, I'm facing strange issue, connecting to ocserv (0.11.9-1, Ubuntu 18) using openconnect (7.08, OSX) from behind NAT without any proxies inline. When switching listen-proxy-proto to false, everything works like a charm, but as soon as I switch this option to true, I'm getting the following error on client side: # openconnect -u doka --pfs server.fqdn POST https://server.fqdn/ Connected to x.x.x.x:443 SSL negotiation with server.fqdn SSL connection failure: Error in the pull function. Failed to open HTTPS connection to server.fqdn Failed to obtain WebVPN cookie while server side says: ocserv[5105]: worker:? accepted proxy protocol connection ocserv[5105]: worker:? worker-proxyproto.c:317: proxy-hdr: invalid v2 header ocserv[5105]: worker:? worker-vpn.c:572: could not parse proxy protocol header; discarding connection ocserv[5103]: main: client:53370 worker terminated The question is: does listen-proxy-proto mandates proxy protocol in negotiation? If so - does it mean that any connection without proxy will fail? If so - are there ways to ensure availability of VPN server for any kind of connectivity conditions (i.e. with [transparent] proxy and without proxy) (for clients, which can work from hotels, restaurants and where it's impossible to change connectivity options) Thank you! -- Volodymyr Litovka "Vision without Execution is Hallucination." -- Thomas Edison
