SoftEther VPN User Forum

I'm using SoftEther VPN Server 4,19 build 9599 64 bit on Windows 2012 server. SoftEther VPN Client can save the password. Cannot impose to not save password and enter at connection time (it is a big security risk for notebook and mobile clients).

Could you explain more detail?

Think home user's, who install the VPN client into their own, private PC to access work from home. Those PCs aren't protected by hard drive encryption. Its even worse: they aren't protected at all by some password. (And even if the account has password, then resetting it is easy.)
On the same time the SoftEther VPN Client permits to save the password to simplify the connection establishment.

What will happen, it this PC gets stolen? Thief will not only gain access to the local files, but most probably to the remote ones too, because both the VPN username and password is saved, and the server side authentication uses NT domain or RADIUS authentication (IMHO quite common and practical option to use). This means that the thief will get access not only to the network, but also to the servers.
OK, the password isn't in plain text inside the config file, it is only obfuscated. But due to this, it is possible to transform it back into the plain text.

It would be good, if there are few additional config options available:
1. to disable password saving in client
2. to request client connection config verification in server

This implies sending the connection configuration (or hash of it) from client to server and server side verification.

krs tell you about some important cases. The problem is that SoftEther VPN Server has an option for this in the security policy and we set in the Group Security Policy, but on client side is allowed to save the password, with no respect for Server Side configuration.

see in attach

Best Regards

It seems the policy is applied only standard password auth.
Did you use another auth method?

Yes, Active Directory auth