RSA Certificate Authentication [Solved]

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
OG1Dot
Posts: 3
Joined: Wed Aug 02, 2017 7:41 pm

RSA Certificate Authentication [Solved]

Post by OG1Dot » Wed Aug 02, 2017 7:55 pm

Is RSA certificate authentication supported? Below is the build release notes for SoftEther VPN 4.06 build 9432 for which RSA certificate authentication was introduced into SoftEther.
"SoftEther VPN 4.06 Build 9432 (Beta) (March 20, 2014)
We apologize that the previous build (Build 9430) has a problem that the RSA certificate authentication doesn't work.
This build has been fixed the problem. Please use Build 9432 if you are intending to use the RSA certificate authentication function."

I have verified that my setup is working using NT domain authentication. I am able to connect via windows or mac osx on both the local network as well as externally through NAT'ed firewall. Actiontec in my case.

I have tried all of the certificates I can generate within softether with no luck. I tried 1024, 2048, and 4096 All of which should be supported after reading the documentation but I keep getting the following in my server log:
2017-08-02 15:34:28.141 L2TP PPP Session [<IPADDRESS>:1701]: The client denied to accept both the "PAP" (Password Authentication Protocol, a clear-text password authentication protocol) and MS-CHAP v2 Protocol. Enable either PAP or MS-CHAP v2 on the client-side and retry.
2017-08-02 15:34:28.141 L2TP PPP Session [1<IPADDRESS>:1701]: A PPP protocol error occurred, or the PPP session has been disconnected.
2017-08-02 15:34:28.141 IPsec ESP Session (IPsec SA) 17 (Client: 121) (<IPADDRESS>:4500 -> <IPADDRESS>:4500): This IPsec SA is deleted.
2017-08-02 15:34:28.157 IPsec IKE Session (IKE SA) 37 (Client: 121) (<IPADDRESS>:4500 -> <IPADDRESS>:4500): This IKE SA is deleted.
2017-08-02 15:34:28.157 IPsec ESP Session (IPsec SA) 17 (Client: 121) (<IPADDRESS>:4500 -> <IPADDRESS>:4500): This IPsec SA is deleted.

Not sure why its asking for a password since it I configured the user in softether to authenticate using a certificate. I associated the same user certificate on both the user profile in softether as well as on my devices windows or mac. I get the same result. Any one know what the issue is?

OG1Dot
Posts: 3
Joined: Wed Aug 02, 2017 7:41 pm

Re: RSA Certificate Authentication [Solved]

Post by OG1Dot » Thu Aug 03, 2017 1:38 am

I marked this as solved as I was able to use the SoftEther VPN client to use certificate authentication but I am still wondering how to configure the out of the box L2TP clients on windows/mac/linux etc. If you are behind a router like I am e.g. verizon fios you can disable the L2TP UDP settings and just open up a TCP port that your SoftEther server is listening on. I used 5555 but you can use anything your server is listening on 443, 992,1194, any other port you defined.
So I am able to get certificate based authentication to work but I'm all ears on how I can configure the default clients so I can turn on the L2TP UDP settings in the future.

tepliczky
Posts: 1
Joined: Sat Feb 20, 2021 7:14 am

Re: RSA Certificate Authentication [Solved]

Post by tepliczky » Sat Feb 20, 2021 7:23 am

I am using 4.34 Build 9745
the signed certificate authentication doesn't work on MacOS Big Sur.
The log is
"The client denied to accept both the "PAP" (Password Authentication Protocol, a clear-text password authentication protocol) and MS-CHAP v2 Protocol. Enable either PAP or MS-CHAP v2 on the client-side and retry."

What am I doing wrong?

Thank you.

Post Reply