Yes. You will need to turn of the cisco client compatibility though and the behavior should change to what you described. Regards, Nikos On December 1, 2019 3:19:02 AM UTC, Siyuan Ren <netheril96@xxxxxxxxx> wrote: >Hi, > >I don't want people (well, more specifically, China's great firewall) >to find out that my VM has an openconnect server running. > >Currently I only allow login via client certificate. I expected when >users do not present a valid client certificate, the TLS connection is >never established, so no one can find out what exactly is protected by >the TLS connection. But in reality, my ocserv responds with > >``` ><config-auth client="vpn" type="auth-request"> > <version who="sg">0.1(1)</version> > <auth id="main"> > <message>Please enter your username.</message> > <form method="post" action="/auth"> </form> > </auth> ></config-auth> >``` > >which clearly tells others that it is a VPN. > >Is it possible for ocserv to outright close the endpoint if client >certificates are not present or valid? > >_______________________________________________ >openconnect-devel mailing list >openconnect-devel@xxxxxxxxxxxxxxxxxxx >http://lists.infradead.org/mailman/listinfo/openconnect-devel -- Sent from my mobile. Please excuse my brevity. _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
