Hi,
First i want to say thanks for this very nice vpn tool.
It really works like a charm.
But we just miss some small features which would make this software more enterprise aware.
1.) PAM auth
It would be very nice to have the possibility to use PAM as an auth-type under Linux/Unix servers.
Because we would like to use local Unix accounts for dial in.
2.) T/MFA
What we also would like to have is the possibility to have a two/multi-factor authorization.
We would like to attach/use our current RSA Token system with the SoftEther Client.
Maybe it is possible to have two password fields (first for using RADIUS Server 1, second for RADIUS Server 2, or use the ACE with securid directly).
3.) SoftEther Client + MSCHAPv2
We recognized, that if we want to use the SoftEther Clients with RADIUS Auth, the client sends the password in clear text via PAP Method. That is on one hand quiet unflexible for the radius server it self, and on the other hand very insecure. The nativ L2TP/IPSec connection from Windows works with MSCHAPv2 perfektly, so why the Client it self use an old unsecure auth mechanism ?
4.) Radius VLAN Assignment
Is it possible to have a vlan assignment per user via radius ?
The Radius server it self send a "Tunnel-Private-Group-Id" which can be used for assign the native vlan to the user access.
The VirtualHub bridge could use a tagged vlan interface for handling the different vlan by users.
Thanks
Enterprise improvements
-
Petrol
- Posts: 44
- Joined: Wed May 06, 2015 11:23 pm
Re: Enterprise improvements
I would also be really happy to see MSCHAPv2.
I'm currently using a radius server with PAP for authentication and I find this very unsecure.
I'm currently using a radius server with PAP for authentication and I find this very unsecure.
-
PaulC
- Posts: 26
- Joined: Mon Nov 02, 2015 12:18 am
Re: Enterprise improvements
I find MSCHAPv2 works fine with Radius (running on a Domain Controller) a long as a @virtualhub is not specified after the username.
If using user@virtualhub then it only seems to work with PAP. Strange. Not sure if that's a bug, but also not sure of where to raise it if it is.
If using user@virtualhub then it only seems to work with PAP. Strange. Not sure if that's a bug, but also not sure of where to raise it if it is.
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Enterprise improvements
Please use this format when you connect to a VPN server with MSCHAPv2.
virtualhub\user
virtualhub\user
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Enterprise improvements
1) Please try to use "User name on Authentication server".
2) SoftEther doesn't support PAM.
2) SoftEther doesn't support PAM.