Advanced User and Group Management in SoftEther VPN Print

Hello there! I’m Corels from Emmanuel Corels Creatives. Today we’re going to take a closer look at how to organize and manage users on your SoftEther VPN Server. Effective user and group management allows you to control access, set usage policies, and simplify administration—especially when you’re dealing with many VPN users or varied access levels. In this guide, I’ll show you how to create user groups, assign policies, and manage users using SoftEther’s vpncmd tool.

What Is Advanced User and Group Management?

SoftEther VPN Server lets you not only create individual user accounts but also organize them into groups with shared policies. This means you can:

• Segment Users: Separate users by department, access level, or service type.
• Apply Policies Globally: Set bandwidth limits, session times, or access restrictions for an entire group.
• Simplify Administration: Instead of configuring each user individually, you assign them to a group and manage settings centrally.

This approach streamlines management and ensures consistent policy enforcement across your VPN environment.

Step 1: Launch vpncmd and Connect to Your Virtual Hub

1. Open your terminal and run:

   sudo /usr/local/softether/vpncmd
   

2. Select 1 for VPN Server mode.
3. Connect to your Virtual Hub by typing:

   Hub MyVPNHub
   

4. If you haven’t set an administrator password, do so with:

   ServerPasswordSet
   

   Follow the prompts to establish a secure password.

Step 2: Creating User Groups

Creating groups allows you to bundle users together under a common set of policies.

1. Create a New Group: At the vpncmd prompt, type:

   UserGroupCreate OfficeUsers
   

   This command creates a group named “OfficeUsers.”

2. Verify the Group: List your groups with:

   UserGroupList
   

   You should see “OfficeUsers” in the list.

Step 3: Setting Group Policies

Group policies let you set parameters that apply to all users within the group. For example, you might want to limit session duration or allocate bandwidth.

1. Set a Session Time Limit: To set a time limit for users in “OfficeUsers,” type:

   UserGroupSet OfficeUsers /SESSIONTIMEOUT:3600
   

   This sets the session timeout to 3600 seconds (1 hour).

2. Configure Additional Policies: You can also set other parameters like data transfer limits or idle timeouts:

   UserGroupSet OfficeUsers /IDLETIMEOUT:600
   

   This command sets an idle timeout of 600 seconds (10 minutes).

3. Review Group Settings: Confirm your settings with:

   UserGroupInfoGet OfficeUsers
   

Step 4: Creating Users and Assigning to Groups

Now that you have a group with defined policies, you can create individual user accounts and assign them to this group.

1. Create a User: To create a user named “user1” and assign them to “OfficeUsers,” type:

   UserCreate user1 /GROUP:OfficeUsers /REALNAME:"User One" /NOTE:"Office VPN User"
   

2. Set the User Password: Then set the password:

   UserPasswordSet user1
   

   Follow the prompt to enter a strong password.

3. Verify the User’s Group Membership: To check which group “user1” belongs to, use:

   UserInfoGet user1
   

   The output should list “OfficeUsers” as the user’s group.

Tip: If you wish, you can create a wildcard user (using *) with authentication type set to radius to allow RADIUS-only logins. This bypasses the need for individual SoftEther user accounts when centralized authentication is preferred.

Step 5: Managing and Updating Users

As your VPN environment grows, you may need to modify user settings or move users between groups.

1. Changing a User’s Group: To move “user1” to a different group, first create the new group (if it doesn’t exist) and then update the user:

   UserGroupCreate RemoteUsers
   UserGroupSet user1 /GROUP:RemoteUsers
   

2. Updating User Policies: Use the same commands you used for groups to adjust session timeouts or other parameters as needed.

3. Removing a User: To delete a user who no longer requires access, type:

   UserDelete user1
   

Step 6: Monitoring Active VPN Sessions

You can easily monitor who is connected to your VPN server and see their session details.

1. List Active Users: In vpncmd, type:

   UserList
   

   This command displays all active sessions along with details like assigned IP addresses and session durations.

2. Check Group Utilization: Periodically review group statistics to see if any group is exceeding its allocated resources, so you can adjust policies if necessary.

Final Thoughts

Advanced user and group management in SoftEther VPN makes it much easier to control and monitor access to your network. By organizing users into groups and applying common policies, you reduce administrative overhead and ensure that all users adhere to the same standards. Whether you’re managing a small office VPN or a larger, multi-departmental environment, these techniques will help you maintain a secure and efficient VPN setup.

Take your time experimenting with these commands, and integrate them into your routine management practices. If you have any questions or need further assistance, feel free to reach out. Happy managing, and here’s to a well-organized VPN environment!

Explained with clarity by
Corels – Admin, Emmanuel Corels Creatives