SoftEther VPN User Forum

Hi

My Situation: I have 2 Hubs
Hub1 - for Students
Hub2 - for Teachers
Both with Radius-Authentication
I got it to work with one Hub and a User "*" that authenticates against Windows NPS-Server

So now my Problems:
- How can i distinquish between the two requests on my radius-server? I have two rules wo is allowed to login to the hub1 and hub2 - but i dont know from which hub the request comes
- How do i send to which hub i want to connect? If i use user@hub1 i cant log in because my domain-info is missing, if i use domain\user@hub1 i cant log in because softether uses domain\user@hub1 as username for radius and login fails

hope you can help me

Thanks
Arnold

There have been a very recent pull request merged into the code base (newest version of SE) that does exactly that
https://github.com/SoftEtherVPN/SoftEtherVPN/pull/204

Now the Hubname is sent as part of the Radius request in a field called "Station-Id"
Here are some examples of how to use this field in freeradius
https://wiki.freeradius.org/guide/mac-auth
http://lists.freeradius.org/pipermail/f ... 44018.html
http://freeradius.1045715.n5.nabble.com ... 83866.html

Hope this helps

Great - this helps a lot!
Tomorrow i get the latest Version and see if it works...

Tanks again!

The first part is solved - with the new Software-Version i get the info to which hub he connects as radius-attribute.

Second part still remains:
I have to send two informations: domain and hub - but i cant send both infos
with one hub i would use:
domain\username -> radius-Request looks like: domain\username -> ok

with two hubs:
username@hub -> radius: username -> not ok
domain\username@hub -> radius: domain\username@hub -> not ok

is it possible to enter an default-domain for my username?

No. As far as I know, SE does not support domain info with radius authentication.
It does support domain info with NT authentication though.

How are you using the domain info? Maybe we can replace these with freeradius groups??

Why are you using a domain info? Are you using NT or active directory behind radius?

I use an Windows Radius-server (Win 2012R2 NPS-Server) which is an AD-Member and i want to login from Windows with my domain-credentials. From the windows vpn login on the client i have 3 fields: user, pwd and domain. but as soon as i enter user@hub the domain-field gets greyed-out. windows thinks "hub" is the domain.

but without the domain-info windows does not authenticate me - and i found no way to tell the radius-server to use an default-domain (even it is a domain-member so the domain-info is useless - theres only one domain - but its not working)

Please try this.
hubname\username@domainname

HI ! I had very similar problem with multiple HUB authentication. My environment WIN Server 2016 - AD, Radius running on same AD server.
My authentication start working if login on client machine is hub\login, but Softether Radius and NT authentication setting = domain\login

Tnx

but coming up different issue, if you login with different hub, you have to use your login as hub\domainlogin from Windows client side. In my environment we are using mapped disk via Group Policy, and as soon as you using hubs, domain controller using wrong credentials (hub\domainlogin instead of domain\domainlogin) and all your mapped drives or domain shares not accessible ... Anyone know any trick to fix this issue ? Tnx !

Did you try this?
hubname\username@domainname