Connection is done with IP address instead of hostname
I have a setup where my ocserv is running behind a multiplexed HTTPS port using sslh. Using the sni_hostname feature in sslh, the incoming connection is forwarded to ocserv.
This works fine when using:
openconnect -u username vpn.host.name
but it fails when trying to use Network Manager, as it seems this plugin resolves the gateway hostname and then specifies the IP address of the gateway on the openconnect commandline. Hence the SNI field will then not contain the actual hostname and the routing based on SNI in sslh will fail. (using a catch all in sslh makes it work)
Example sslh config:
protocols:
(
{ name: "tls"; service: "vpn"; host: "internal.ocserv.host"; port: "443"; sni_hostnames: [ "vpn.host.name" ];
);
I'm not sure if the use of the IP address on the commandline is intended or not?