SoftEther VPN User Forum

Hi just implemented softehter and its going well.

We have individual certificate authentication setup and its going fine.

Just wondering what is the most secure method for protecting against hacking either at the client side, crossing the web or at the server side ?

We have active directory, is NT Domain authentication any better or is there an option for NT auth with individual certificate ?

The only downside of the individual certificate is that anyone sits at computer and can open connection to office without any password required.

I have blocked IPs of stuff they dont need to access and blocked things like RDP and SAMBA etc but every bit more helps.

If all of your clients are using L2TP/IPSec as the protocol to establish communication, a strong pre-shared key will circumvent any intrusion attempts. As for the safest authentication method for this particular protocol, I highly recommend NT Domain Authentication and setting logon hours for those users in your active directory settings the way I showed you in another of your threads.

Unfortunately certificate authentication is not working with L2TP/IPSec