I have VerneMQ setup with TLS authentication for client and have following configuration in place.
```
DOCKER_VERNEMQ_ACCEPT_EULA = "yes"
DOCKER_VERNEMQ_LISTENER__TCP__ALLOWED_PROTOCOL_VERSIONS = "3,4,5"
DOCKER_VERNEMQ_ALLOW_ANONYMOUS = "on"
DOCKER_VERNEMQ_KUBERNETES_INSECURE = "1"
DOCKER_VERNEMQ_LISTENER__SSL__DEFAULT = "
0.0.0.0:8883"
DOCKER_VERNEMQ_LISTENER__SSL__REQUIRE_CERTIFICATE = "on"
DOCKER_VERNEMQ_LISTENER__SSL__USE_IDENTITY_AS_USERNAME = "on"
DOCKER_VERNEMQ_LISTENER__SSL__CAFILE = "/vernemq/cert/ca.crt"
DOCKER_VERNEMQ_LISTENER__SSL__CERTFILE = "/vernemq/cert/server.crt"
DOCKER_VERNEMQ_LISTENER__SSL__KEYFILE = "/vernemq/cert/server.key"
DOCKER_VERNEMQ_VMQ_ACL__ACL_FILE = "/vernemq/acl/vmq.acl"
```
With this config client was able to connect using TLS cert.
With admin cli I can see client connected using TLS cert connected as anonymous
```
$ vmq-admin session show
+-----------------------------------+-----------+------------+-------------+-----------+-------------------------+
| client_id | is_online | mountpoint | peer_host | peer_port | user |
+-----------------------------------+-----------+------------+-------------+-----------+-------------------------+
| anon-Y9WGxgX01b2gDk/D2rDENwpY7JI= | true | | #.#.#.144 | 25064 | *.
example.com |
+-----------------------------------+-----------+------------+-------------+-----------+-------------------------+
```
If I set `DOCKER_VERNEMQ_ALLOW_ANONYMOUS = "off"` then clients not able to connect to broker with error `Connection error: Connection Refused: not authorised.` .
On MQTT side I saw following error
```
14:20:05.039 [debug] Replica meta9: Can't initialize AE exchange due to no peer available
14:20:09.409 [warning] can't authenticate client {[],<<"anon-jIvdbHkbISRjo6dEzFqLxUwfEa4=">>} from x.x.x.x:3340 due to plugin_chain_exhausted
14:20:09.409 [debug] session normally stopped
```
What is wrong with my config ?