Enterprise improvements
Posted: Tue May 05, 2015 1:39 pm
Hi,
First i want to say thanks for this very nice vpn tool.
It really works like a charm.
But we just miss some small features which would make this software more enterprise aware.
1.) PAM auth
It would be very nice to have the possibility to use PAM as an auth-type under Linux/Unix servers.
Because we would like to use local Unix accounts for dial in.
2.) T/MFA
What we also would like to have is the possibility to have a two/multi-factor authorization.
We would like to attach/use our current RSA Token system with the SoftEther Client.
Maybe it is possible to have two password fields (first for using RADIUS Server 1, second for RADIUS Server 2, or use the ACE with securid directly).
3.) SoftEther Client + MSCHAPv2
We recognized, that if we want to use the SoftEther Clients with RADIUS Auth, the client sends the password in clear text via PAP Method. That is on one hand quiet unflexible for the radius server it self, and on the other hand very insecure. The nativ L2TP/IPSec connection from Windows works with MSCHAPv2 perfektly, so why the Client it self use an old unsecure auth mechanism ?
4.) Radius VLAN Assignment
Is it possible to have a vlan assignment per user via radius ?
The Radius server it self send a "Tunnel-Private-Group-Id" which can be used for assign the native vlan to the user access.
The VirtualHub bridge could use a tagged vlan interface for handling the different vlan by users.
Thanks
First i want to say thanks for this very nice vpn tool.
It really works like a charm.
But we just miss some small features which would make this software more enterprise aware.
1.) PAM auth
It would be very nice to have the possibility to use PAM as an auth-type under Linux/Unix servers.
Because we would like to use local Unix accounts for dial in.
2.) T/MFA
What we also would like to have is the possibility to have a two/multi-factor authorization.
We would like to attach/use our current RSA Token system with the SoftEther Client.
Maybe it is possible to have two password fields (first for using RADIUS Server 1, second for RADIUS Server 2, or use the ACE with securid directly).
3.) SoftEther Client + MSCHAPv2
We recognized, that if we want to use the SoftEther Clients with RADIUS Auth, the client sends the password in clear text via PAP Method. That is on one hand quiet unflexible for the radius server it self, and on the other hand very insecure. The nativ L2TP/IPSec connection from Windows works with MSCHAPv2 perfektly, so why the Client it self use an old unsecure auth mechanism ?
4.) Radius VLAN Assignment
Is it possible to have a vlan assignment per user via radius ?
The Radius server it self send a "Tunnel-Private-Group-Id" which can be used for assign the native vlan to the user access.
The VirtualHub bridge could use a tagged vlan interface for handling the different vlan by users.
Thanks