SoftEther OpenVPN random MAC addresses

[pedroespe]

Dear colleagues,

We are using SoftEther on the server and OpenVPN clients on Android smartphones. SoftEther server assigns a random MAC addresses to each new client connection. We have the problem that SoftEther assigns all the time the same MAC addresses to clients, when a user disconnects, SoftEther frees that MAC and assigns it to the next new connection.

Now:
00:01:00 User 1 connects : MAC 01:02:03:04:05:06
00:05:15 User 1 disconnects
00:07:35 User 2 connects : MAC 01:02:03:04:05:06 (repeats MAC)
03:01:00 User 3 connects : MAC A1:A2:A3:A4:A5:A6 (new MAC)

For us that is a problem because our services grant users with up to 2 hours of access based on their MACs, so if one user logs in and logs out in less than 2 hours the systems will consider the next user as the same.
Is there a way for SoftEther to not give always the last free MAC to a new user.

Ideal:
00:01:00 User 1 connects : MAC 01:02:03:04:05:06
00:05:15 User 1 disconnects
00:07:35 User 2 connects : MAC A1:A2:A3:A4:A5:A6 (new MAC)
03:01:00 User 3 connects : MAC 01:02:03:04:05:06 (repeats first MAC only after a certain timeout)

Having a timeout before reassigning a MAC address to a new connection will solve this and many other issues.

On OpenVPN client configuration using TAP interface, MAC address can be specified will LLADDR but not on TUN interfaces. Under Android OS only TUN interfaces can be user and MAC cant be specified.

Thank you,
Peter

[theodisbutler]

How about your services utilize the mac and connecting IP of the client, maybe hash them together even.

[theodisbutler]

Or probably an easier fix, increase the Lease Limit time to more than 7200 seconds (2 hours) on the SecureNAT Configuration (VirtualDHCP Server) settings.

[pedroespe]

theodisbutler wrote:
> How about your services utilize the mac and connecting IP of the client,
> maybe hash them together even.

On TUN interfaces the MAC address is not sent by the client, its randomly created and assigned by the server. Android clients only supports TUN interfaces.

The IP depends on the MAC if you want it static. If not it keeps changing every login.

[pedroespe]

theodisbutler wrote:
> Or probably an easier fix, increase the Lease Limit time to more than 7200
> seconds (2 hours) on the SecureNAT Configuration (VirtualDHCP Server)
> settings.

Lease time of the DHCP Server of the secureNAT? That applies to IP and I am not sure that with a randomly changing/repeating MAC has any effect. In our system the DHCP is externally handled, not by the SoftEther SecureNAT.

User connects with Android OpenVPN client. Gets a MAC address from SoftEther, the connection is bridged to a LAN with DHCP server, once it has a MAC address from SoftEther it gets an IP from the DHCP server. All works fine BUT SoftEther reassigns a MAC address as soon as its let free by another session being closed. 100 sequential sessions (connect disconnect) will have all the same MAC although they come from different clients.

[serhan]

Hi there,

assigning of random mac addresses is also a problem for us. I would love to see a feature which enables assigning a specific mac address to a specific user. (or list of mac addresses)

Thanks

[thisjun]

You can edit the source code.

[maltyx]

Yes, It would be very useful for enable assigning a specific mac address to a specific user feature for Softether VPN server just to make NAC (Network Access Control System) admin's life easier ... :)
My vote for this feature!
Thatnks