Hi there, thank you for this incredible piece of software,
we're currently testing it and features are awesome.
On our institute we have plenty of vlans that are used
in different departments. We also have an ldap server
that stores username/password. Username are in the form
user.name@department.organization.tld
I've saw that i can attach a policy to groups to assign a
VLAN ID to the session. What i'm missing is the ability to
restrict the wild card address of the username (*) to match
only part of the username, so i can choose the right VLAN ID
based on the department.
What i need is the support of regexp in the username field.
Any work is done in this way? Is this kind of feature something
that will be useful?
It's a lot of time i don't put my hands on C, but if someone offer
me some guidance i can try to write this feature.
Otherwise, if it's too difficult (for the design of the software) is
there any interest in a side program that use the vpncmd to add all
the relevant user to the localdb and setting their auth mode as radius?
Best regards
Softether as a single access point to multiple VLAN
-
quivalen
- Posts: 4
- Joined: Fri Jun 13, 2014 3:28 pm
-
quivalen
- Posts: 4
- Joined: Fri Jun 13, 2014 3:28 pm
Re: Softether as a single access point to multiple VLAN
Hi there, this is a follow up of the previous message.
I've worked on the code of Softether forking it on github.
I've modified Protocol.c and Sam.c to support an arbitrary token.
The relevant commit is https://github.com/quivalen/SoftEtherVP ... ded63cee77 feel free to test and suggest things to make it better.
Basically the feature it offers is some kind of asterisk user with partial match.
Users in the form email@fqdn match the username in Softether called "token@tld".
So if you wanna to allow to autheticate against radius people that have email something@gmail.com just add the user token#gmail.com
I know that the code is ugly, my C skills are a bit rusty. It use an extern variable in Sam.c that is defined in Protocol.c. I think that shouldn't be any memory leakage cause i've freed it correctly, but please double check it.
I don't know if this can be merged with the official code, i've tried my best to mantain the functionaliy of the classic "asterisk" user but as its broken, will work further to fix that.
Credits for the side function for email check goes to John Viega and Matt Messier ( http://www.oreillynet.com/pub/a/network ... ndex3.html )
I've worked on the code of Softether forking it on github.
I've modified Protocol.c and Sam.c to support an arbitrary token.
The relevant commit is https://github.com/quivalen/SoftEtherVP ... ded63cee77 feel free to test and suggest things to make it better.
Basically the feature it offers is some kind of asterisk user with partial match.
Users in the form email@fqdn match the username in Softether called "token@tld".
So if you wanna to allow to autheticate against radius people that have email something@gmail.com just add the user token#gmail.com
I know that the code is ugly, my C skills are a bit rusty. It use an extern variable in Sam.c that is defined in Protocol.c. I think that shouldn't be any memory leakage cause i've freed it correctly, but please double check it.
I don't know if this can be merged with the official code, i've tried my best to mantain the functionaliy of the classic "asterisk" user but as its broken, will work further to fix that.
Credits for the side function for email check goes to John Viega and Matt Messier ( http://www.oreillynet.com/pub/a/network ... ndex3.html )
-
quivalen
- Posts: 4
- Joined: Fri Jun 13, 2014 3:28 pm
-
quivalen
- Posts: 4
- Joined: Fri Jun 13, 2014 3:28 pm
Re: Softether as a single access point to multiple VLAN
https://github.com/quivalen/SoftEtherVP ... 47870dc011
Enables a simpler token.
To enable john.doe@test.domain.com you should create the user #test.domain.com
Enables a simpler token.
To enable john.doe@test.domain.com you should create the user #test.domain.com