OpenConnect folks, I am evaluating DoS protections for a instances of ocserv. I see there is an option to configure BanIP, but I am curious about what experience folks have had using this when clients are behind a NAT. Scenario: Company has employees that go on-site to work with customers, but need to connect back to their on-prem VPN server. All of the devices will get routed through the customer's NAT before going back to the companies on-prem server. This would seem to break the logic behind the BanIP protection? Are there any other options beside simply disabling Ban-IP in this scenario? What are the recommended settings for protecting ocserv from potential DoS scenarios? Regards, Alan Jowett _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
