Authentication via Computer (Machine) Certificates

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
mmx
Posts: 1
Joined: Tue Dec 31, 2019 12:38 am

Authentication via Computer (Machine) Certificates

Post by mmx » Mon Aug 09, 2021 10:34 pm

Hello,

I wish authenticate VPN access using computer (machine) certificates instead of user credentials or certificates. My goal is to replicate Microsoft's Always On VPN solution.

I have a dozen company-owned laptops connected to our on-premise Active Directory environment. These authorized laptops are auto-enrolled/assigned the appropriate "VPN Device" certificate for remote authentication via our internal Certificate Authority (ADCS/PKI). ​Ideally, the client VPN connection needs to run in the background (before user logon) and remain connected at all times to our domain. This allows employees to simply logon using their existing domain credentials and access company resources without having to worry about VPN connectivity.

My question is: how can I configure the SoftEther VPN Client to use the machine certificate (that's already on the laptop) as the required authentication method? Is this currently possible?

EDIT: I realized I forgot to mention that I wish to present a Computer Certificate via RADIUS Authentication ("Smartcard or other certificate"). I believe this is currently not possible since PAP is a written requirement on the RADIUS configuration screen. If there is a way to do this using RADIUS or by other means then I'd love to know. :)

Post Reply