Hello.
Is there any setting, that allows me to limit amount of devices the user can use?
I want to use RADIUS, and have multiply VPN Servers. Where the user, can only use 1 server/instance at once.
Also user should not be able to share their login details (so their friends can use the same login at same time).
I believe the correct word would be "Simultaneous Connections". I'd like the user to have only one Simultaneous connection. So they can not use it on more than one device at once.
I saw someone talking about Group Security Policy "Maximum number of Multiple logins" is this the setting Im looking for? To prevent users from having it on mulitply different devices at once?
thanks a lot in advance :D
Prevent users from sharing their account?
-
moatazelmasry
- Posts: 336
- Joined: Sat Aug 15, 2015 7:41 pm
Re: Prevent users from sharing their account?
Yes. In the user/group policy, you can limit the the user to a given number of:
- Connections,
- MAC
If you have multiple servers, then you must apply this policy to all servers. This isn't feasible, maybe you can use a SoftEther cluster
You can also solve the problem directly in freeradius, by setting the attribute "simultaneous-use"
See this thread for the solution:
http://lists.freeradius.org/pipermail/f ... 53159.html
- Connections,
- MAC
If you have multiple servers, then you must apply this policy to all servers. This isn't feasible, maybe you can use a SoftEther cluster
You can also solve the problem directly in freeradius, by setting the attribute "simultaneous-use"
See this thread for the solution:
http://lists.freeradius.org/pipermail/f ... 53159.html
-
Justafan
- Posts: 7
- Joined: Tue Jan 03, 2017 8:32 pm
Re: Prevent users from sharing their account?
moatazelmasry wrote:
> Yes. In the user/group policy, you can limit the the user to a given number
> of:
> - Connections,
> - MAC
>
> If you have multiple servers, then you must apply this policy to all
> servers. This isn't feasible, maybe you can use a SoftEther cluster
>
> You can also solve the problem directly in freeradius, by setting the
> attribute "simultaneous-use"
> See this thread for the solution:
>
> http://lists.freeradius.org/pipermail/f ... 53159.html
Thanks!
This option worked for me; Maximum number of Multiple logins
Hopefully this would work fine with Freeradius.
> Yes. In the user/group policy, you can limit the the user to a given number
> of:
> - Connections,
> - MAC
>
> If you have multiple servers, then you must apply this policy to all
> servers. This isn't feasible, maybe you can use a SoftEther cluster
>
> You can also solve the problem directly in freeradius, by setting the
> attribute "simultaneous-use"
> See this thread for the solution:
>
> http://lists.freeradius.org/pipermail/f ... 53159.html
Thanks!
This option worked for me; Maximum number of Multiple logins
Hopefully this would work fine with Freeradius.
-
Justafan
- Posts: 7
- Joined: Tue Jan 03, 2017 8:32 pm
Re: Prevent users from sharing their account?
I have setup FreeRADIUS Now. It's authorizing correctly.
Screenshot: http://i.imgur.com/mCIXACF.png
Issue: How would maximum number of connections work now, would it work the same way? I can't imagine it would work now that I use freeradius for auth.
How would softether know which are who, to prevent multiply logins?
Screenshot: http://i.imgur.com/mCIXACF.png
Issue: How would maximum number of connections work now, would it work the same way? I can't imagine it would work now that I use freeradius for auth.
How would softether know which are who, to prevent multiply logins?
-
moatazelmasry
- Posts: 336
- Joined: Sat Aug 15, 2015 7:41 pm
Re: Prevent users from sharing their account?
This is not going to work.
The user policy will be applied to actual users defined in SoftEther. If you are using freeradius for authentication, then please use simultaneous-use attribute of softether
The user policy will be applied to actual users defined in SoftEther. If you are using freeradius for authentication, then please use simultaneous-use attribute of softether
-
Justafan
- Posts: 7
- Joined: Tue Jan 03, 2017 8:32 pm
Re: Prevent users from sharing their account?
moatazelmasry wrote:
> This is not going to work.
>
> The user policy will be applied to actual users defined in SoftEther. If
> you are using freeradius for authentication, then please use
> simultaneous-use attribute of softether
Figured, that would work the same. Thanks!
> This is not going to work.
>
> The user policy will be applied to actual users defined in SoftEther. If
> you are using freeradius for authentication, then please use
> simultaneous-use attribute of softether
Figured, that would work the same. Thanks!
-
moatazelmasry
- Posts: 336
- Joined: Sat Aug 15, 2015 7:41 pm
Re: Prevent users from sharing their account?
Sorry, obviously I meant simultaneous-use attribute of freeradius
Happy that it worked
Happy that it worked
-
Justafan
- Posts: 7
- Joined: Tue Jan 03, 2017 8:32 pm
Re: Prevent users from sharing their account?
moatazelmasry wrote:
> Sorry, obviously I meant simultaneous-use attribute of freeradius
>
> Happy that it worked
Hi, i tried it.. But no luck.
> Sorry, obviously I meant simultaneous-use attribute of freeradius
>
> Happy that it worked
Hi, i tried it.. But no luck.
-
moatazelmasry
- Posts: 336
- Joined: Sat Aug 15, 2015 7:41 pm
Re: Prevent users from sharing their account?
Have a look at this thread which discusses simultaneous use in freeradius and mysql
http://lists.freeradius.org/pipermail/f ... 57044.html
Unfortuantely SE does not support Radius accounting ( which is a requirement for this solution). I found this project that implemnts Radius Accounting for SE. Maybe you can try it
https://github.com/kosztyua/softether-radacct
Cheers
http://lists.freeradius.org/pipermail/f ... 57044.html
Unfortuantely SE does not support Radius accounting ( which is a requirement for this solution). I found this project that implemnts Radius Accounting for SE. Maybe you can try it
https://github.com/kosztyua/softether-radacct
Cheers
-
Justafan
- Posts: 7
- Joined: Tue Jan 03, 2017 8:32 pm
Re: Prevent users from sharing their account?
moatazelmasry wrote:
> Have a look at this thread which discusses simultaneous use in freeradius
> and mysql
>
> http://lists.freeradius.org/pipermail/f ... 57044.html
>
> Unfortuantely SE does not support Radius accounting ( which is a
> requirement for this solution). I found this project that implemnts Radius
> Accounting for SE. Maybe you can try it
>
> https://github.com/kosztyua/softether-radacct
>
> Cheers
I have freeradius working fine with Softether. The issue I have, is limiting it to 1 login per device form the client.
So user can only have 1 device connection, then soon as they disconnect the VPN from that device - they will be able to connect from other devices.
I'm still looking for a way to do this, with FREERADIUS..
> Have a look at this thread which discusses simultaneous use in freeradius
> and mysql
>
> http://lists.freeradius.org/pipermail/f ... 57044.html
>
> Unfortuantely SE does not support Radius accounting ( which is a
> requirement for this solution). I found this project that implemnts Radius
> Accounting for SE. Maybe you can try it
>
> https://github.com/kosztyua/softether-radacct
>
> Cheers
I have freeradius working fine with Softether. The issue I have, is limiting it to 1 login per device form the client.
So user can only have 1 device connection, then soon as they disconnect the VPN from that device - they will be able to connect from other devices.
I'm still looking for a way to do this, with FREERADIUS..
-
moatazelmasry
- Posts: 336
- Joined: Sat Aug 15, 2015 7:41 pm
Re: Prevent users from sharing their account?
So you want a credentials to be used only with 1 device??
If this is the case, you can define a MAC address in the user security policy, so that it is coupled to a user credentials
Nevertheless a MAC address can be spoofed
If this is the case, you can define a MAC address in the user security policy, so that it is coupled to a user credentials
Nevertheless a MAC address can be spoofed