Hi,
I don't want people (well, more specifically, China's great firewall)
to find out that my VM has an openconnect server running.
Currently I only allow login via client certificate. I expected when
users do not present a valid client certificate, the TLS connection is
never established, so no one can find out what exactly is protected by
the TLS connection. But in reality, my ocserv responds with
```
<config-auth client="vpn" type="auth-request">
<version who="sg">0.1(1)</version>
<auth id="main">
<message>Please enter your username.</message>
<form method="post" action="/auth"> </form>
</auth>
</config-auth>
```
which clearly tells others that it is a VPN.
Is it possible for ocserv to outright close the endpoint if client
certificates are not present or valid?
_______________________________________________
openconnect-devel mailing list
[email protected]
http://lists.infradead.org/mailman/listinfo/openconnect-devel
