ngx_stream_ssl_preread_module does not seem to extract the server_name when connecting with openconnect

Thomas Glanzmann thomas at
Thu Dec 15 16:22:00 UTC 2016


> How can someone debug ngx_stream_ssl_preread_module?

put the following line in the stream section:

error_log /var/log/nginx/sni_error.log debug;

Once done I found out that 

2016/12/15 17:09:00 [error] 21043#0: *7426 recv() failed (104: Connection reset by peer) while proxying connection, client:, server:, upstream: "", bytes from/to client:0/0, bytes from/to upstream:0/316

And in my syslog I found out:

daemon:Dec 15 17:09:00 infra ocserv[21622]: worker:  worker-proxyproto.c:156: proxy-hdr: invalid v2 header
daemon:Dec 15 17:09:00 infra ocserv[21622]: worker:  worker-vpn.c:560: could not parse proxy protocol header; discarding connection
daemon:Dec 15 17:09:00 infra ocserv[18385]: main: user disconnected (reason: unspecified, rx: 0, tx: 0)

So it seems that the problem is that ocserv can't parse nginx proxy protocol
header. I'll dig deeper and report back once a solution is found.


More information about the nginx mailing list