Feature Request and/or bug report

[Lydig]

Hopefully I'm posting this in the correct forum.

At my organization we use Softether for external SSTP access, and it works great!! But the lack of MFA is a problem, so we setup a Windows RADIUS server that connects to Microsoft Entra ID for validation & MFA. When we use * for the username in Softether everything works as expected. It passes whatever username it receives to RADIUS for validation and the user is able to login.

In order to limit things a bit, we decided to create individual user accounts on Softether rather than using *.
Our user powershell script creates the SSTP connection using the credentials of the user currently signed into the workstation.
Here's where our problem occurs. It sends DOMAIN\USERNAME as the credential, but Softether doesn't allow for that format for usernames.
So the VPN authentication request fails without ever reaching our RADIUS server.

Since Softether won't allow the "\" character in the username via the GUI, we decided to test things by editing the vpn_server.config file and manually changing a user to include the DOMAIN\ prefix and it worked.

declare USERNAME
changed to
declare DOMAIN\USERNAME

But that user can no longer be modified or deleted by the GUI.

Would it be possible to update the management GUI to allow th4e "\" character in usernames?

Thanks,
Andrew

[solo]

While we're waiting for an official solution (if any or ever), try the following mod.

- stop the SE service
- backup vpnserver.exe and vpnsmgr.exe
- open vpnserver.exe and vpnsmgr.exe in a hex editor
- search/replace (only 1 byte is actually changed)

Code: Select all

()-_#%&
()-_#\&

- start the SE service

Tested in SE v4.44
.

backslash.png

In addition to the now unconstrained GUI, backslash-containing user names also work fine in CLI and JSON-RPC.

Code: Select all

vpncmd localhost /server /password:*** /adminhub:VPN /cmd UserCreate abc\de /G /R /N

vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.44 Build 9807   (English)
Compiled 2025/04/16 04:50:46 by buildsan at crosswin with OpenSSL 3.0.9
Copyright (c) 2012-2025 SoftEther VPN Project. All Rights Reserved.
Connection has been established with VPN Server "localhost" (port 443).
You have administrator privileges for the entire VPN Server.
The Virtual Hub "VPN" has been selected.
VPN Server/VPN>UserCreate abc\de /G /R /N
UserCreate command - Create User
The command completed successfully.

Code: Select all

curl -i -k -H "X-VPNADMIN-PASSWORD: ***" --json "{ \"jsonrpc\": \"2.0\", \"id\": \"rpc_call_id\", \"method\": \"CreateUser\", \"params\": { \"HubName_str\": \"VPN\", \"Name_str\": \"de\\fg\", \"AuthType_u32\": 0 } }" https://localhost:5555/api/

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-VPNADMIN-HUBNAME,X-VPNADMIN-PASSWORD
Access-Control-Allow-Methods: OPTIONS,GET,POST
Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 723
Content-Type: application/json
Date: Sun, 03 Aug 2025 11:05:44 GMT
{
    "result": {
        "AuthType_u32": 0,
        "CreatedTime_dt": "1970-01-01T09:00:00.000Z",
        "ExpireTime_dt": "1970-01-01T09:00:00.000Z",
        "GroupName_str": "",
        "HubName_str": "VPN",
        "Name_str": "de\\fg",
        "Note_utf": "",
        "NumLogin_u32": 0,
        "Realname_utf": "",
        "Recv.BroadcastBytes_u64": 0,
        "Recv.BroadcastCount_u64": 0,
        "Recv.UnicastBytes_u64": 0,
        "Recv.UnicastCount_u64": 0,
        "Send.BroadcastBytes_u64": 0,
        "Send.BroadcastCount_u64": 0,
        "Send.UnicastBytes_u64": 0,
        "Send.UnicastCount_u64": 0,
        "UpdatedTime_dt": "1970-01-01T09:00:00.000Z"
    },
    "jsonrpc": "2.0",
    "id": "rpc_call_id"
}

Any side-effects, other than changing "%" to "\", are unknown. Test and verify, don't do it on a production server just yet :-)

[Lydig]

That worked perfectly!!!!
Tried it in a test environment for a bit and then rolled it out on our production box and it appears to be working great.

Thanks so much for the assistance!

-Andrew