Always On VPN Integration

Should VPN integration work with MS Always On VPN? I configured accounting on the RRAS servers to send events to the sensors on domain controllers but am not seeing anything in the timeline for VPN ...

Or Tsemah
Jan 27, 2021
Jason1330 Thanks for the feedback, we're incorporated it into our engineering plans

Jason1330

Copper Contributor

Jan 26, 2021

Or Tsemah

I tried a workaround by modifying the user-name attribute in NPS. It works for user accounts where the samAccountName matches the UPN prefix. But we have a few users where that does not match, usually due to very long names.

On the RRAS server open Network Policy Server. Under Policies/Connection Request Policies edit the policy that's used for your connections. On the Settings tab, under Attribute, set the attribute to User-Name and click Add. In the Find field enter the UPN suffix domain name @domain.com. In the replace field leave it blank.

With this in place users are still able to authenticate, and accounting now sends the user name as just the prefix, basically the SamAccountName instead of UPN, and the sensor agent is able to properly report it.

I can't leave it like this for now. It would be better if the sensor agent could properly handle UPNs.

Or Tsemah

Former Employee

Jan 27, 2021

Jason1330 Thanks for the feedback, we're incorporated it into our engineering plans

Jason1330
Copper Contributor
Jan 27, 2021
Or Tsemah

I was able to come up with a satisfactory user-name attribute regex filter so that only the part before the @domain.com is used, and it is limited to 20 characters.

Find:
([^@]{1,20})(?:.*)

Replace:
$1

This works perfectly in our environment, including users with very long names.

Forum Discussion

Always On VPN Integration

Resources