Hello
We are an ISP for community banks and we provide VPN services to our customers using a 3945 routers within our DC’s. These routers have a SSL cert from Digicert to verify the WebVPN portion of this connection. Recently we have been having issues getting DDoS’d on these connections from all over the world and decided to bring this domain in Cloudflare to help mitigate these issues. What we are finding is that when we are in proxy mode our users are unable to connect using the FQDN but can by IP and group key for their respective connection. When they attempt to connect they are presented with following
10:21:52 AM Ready to connect.
10:22:02 AM Contacting [vpnpa.bitsnetwork.com/key hidden]
(http://vpnpa.bitsnetwork.com/key hidden).
10:22:03 AM Connection attempt has failed.
10:22:03 AM No valid certificates available for authentication.
10:22:03 AM Connection attempt has failed.
We have tried changing different settings within our dashboard on the SSL/TLS setting page but we are still getting the same error no matter what I change.
We are currently using the free account and feel this is an issue with the SSL cert that Cloudflare provides us in proxy mode and what is actually on the VPN routers from Digicert. Our question is do we need to import the Digicert cert to Cloudflare or do we need to utilize the cert from Cloudflare and replace the Digicert cert with this one while running in Proxy mode?
We also need to confirm there is no overhead using Cloudflare that will diminish our throughput of the routers as these are rated at 350 Mbps max.
Any assistance would be greatly appreciated as we are expecting a rash of remote users in the coming weeks due to the recent Corona Virus outbreak and want to make sure this will mitigate the DDOS issues.
Thank you
Todd