SoftEther VPN User Forum

SoftEther VPN User Forum
https://www.vpnusers.com/

Softether as a single access point to multiple VLAN

https://www.vpnusers.com/viewtopic.php?f=7&t=3286

Page 1 of 1

Softether as a single access point to multiple VLAN

Posted: Fri Jun 13, 2014 3:38 pm
by quivalen
Hi there, thank you for this incredible piece of software,
we're currently testing it and features are awesome.

On our institute we have plenty of vlans that are used
in different departments. We also have an ldap server
that stores username/password. Username are in the form
user.name@department.organization.tld

I've saw that i can attach a policy to groups to assign a
VLAN ID to the session. What i'm missing is the ability to
restrict the wild card address of the username (*) to match
only part of the username, so i can choose the right VLAN ID
based on the department.

What i need is the support of regexp in the username field.
Any work is done in this way? Is this kind of feature something
that will be useful?

It's a lot of time i don't put my hands on C, but if someone offer
me some guidance i can try to write this feature.
Otherwise, if it's too difficult (for the design of the software) is
there any interest in a side program that use the vpncmd to add all
the relevant user to the localdb and setting their auth mode as radius?

Best regards

Re: Softether as a single access point to multiple VLAN

Posted: Sat Jun 14, 2014 11:48 pm
by quivalen
Hi there, this is a follow up of the previous message.
I've worked on the code of Softether forking it on github.
I've modified Protocol.c and Sam.c to support an arbitrary token.

The relevant commit is https://github.com/quivalen/SoftEtherVP ... ded63cee77 feel free to test and suggest things to make it better.

Basically the feature it offers is some kind of asterisk user with partial match.
Users in the form email@fqdn match the username in Softether called "token@tld".
So if you wanna to allow to autheticate against radius people that have email something@gmail.com just add the user token#gmail.com
I know that the code is ugly, my C skills are a bit rusty. It use an extern variable in Sam.c that is defined in Protocol.c. I think that shouldn't be any memory leakage cause i've freed it correctly, but please double check it.
I don't know if this can be merged with the official code, i've tried my best to mantain the functionaliy of the classic "asterisk" user but as its broken, will work further to fix that.

Credits for the side function for email check goes to John Viega and Matt Messier ( http://www.oreillynet.com/pub/a/network ... ndex3.html )

Re: Softether as a single access point to multiple VLAN

Posted: Sun Jun 15, 2014 12:29 am
by quivalen
https://github.com/quivalen/SoftEtherVP ... d01d589ffb

fixes compatibility with asterisk user

Re: Softether as a single access point to multiple VLAN

Posted: Tue Jun 17, 2014 12:52 pm
by quivalen
https://github.com/quivalen/SoftEtherVP ... 47870dc011

Enables a simpler token.
To enable john.doe@test.domain.com you should create the user #test.domain.com
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/