SE + NPS in AD environment

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
marantz
Posts: 3
Joined: Sun Nov 07, 2021 2:48 pm

SE + NPS in AD environment

Post by marantz » Sun Nov 07, 2021 4:31 pm

Hi guys,

At 1st I want to thank all folks working on this project. It looks amazing. Keep up the good work!

I have set up SE with network policy server and AD. As far as I use asteriks to manage users it works great. We have couple thousands users and adding them 1 by 1 to SE including setting magane access lists would be extremely painful process.

Is there any chance to Softether actually read/use IP filters in network policy server?

eddiewu
Posts: 286
Joined: Wed Nov 25, 2020 9:10 am

Re: SE + NPS in AD environment

Post by eddiewu » Mon Nov 08, 2021 2:55 am

Try setting up nps as radius server and use radius authentication on se.

marantz
Posts: 3
Joined: Sun Nov 07, 2021 2:48 pm

Re: SE + NPS in AD environment

Post by marantz » Mon Nov 08, 2021 3:31 pm

As said above I did it and it works great. The problem is SE can't recognize nps IP filters.

dr.cryo
Posts: 1
Joined: Wed Nov 24, 2021 2:46 pm

Re: SE + NPS in AD environment

Post by dr.cryo » Wed Nov 24, 2021 2:54 pm

I got exactly the same problem to solve. Since I cannot (don't want) use VLANs to separate traffic and keep ACLs on router (that's why ACLs are on SE), I'm looking for a way, how to achieve traffic separation.
One way, as Marantz mentioned, could be to accept IP-filter RADIUS/NPS parameter. Second way could be, since ACLs are stored on Hub level, somehow decide which Hub to use by the RADIUS/NPS response.
Is any of the above two supported or easily achievable? Thanks in advance for your replies.

marantz
Posts: 3
Joined: Sun Nov 07, 2021 2:48 pm

Re: SE + NPS in AD environment

Post by marantz » Sat Nov 27, 2021 8:50 pm

I came accross the same idea to arrange users access level by using few hubs. No luck there since I couldnt force NPS to work with specific hub.
I stuck on this for a long time.

Post Reply