Hello Roman,

> You can try logging $ssl_preread_server_name in access_log.

thank you. It seems that nginx is not able to extract the server_name
from openconnect correctly:

2a01:598:8181:37ef:95e1:682:4c98:449e - [15/Dec/2016:17:45:57 +0100] ""

When I connect with a browser:

2a01:598:8181:37ef:95e1:682:4c98:449e - [15/Dec/2016:17:46:20 +0100] "vpn.gmvl.de"

This seems to be one problem. And another problem seems that backend
communication between nginx and ocserv using the proxy protocol.

Here is tcpdump of the openconnect ssl handshake with nginx:

https://thomas.glanzmann.de/tmp/openconnect_sni.pcap

I'm using the command line 'openconnect vpn.gmvl.de'.

Cheers,
Thomas
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx