Hi all,
Currently, our L2TP/PPTP servers authentication is purely based on username and password for each user (Secrets).
Our problem is that these users have a basic understanding, and they frequently configure their VPN connection on their personal computers as well. The objective is to restrict this behavior, allowing only the company devices to connect to VPN.
On first tought, I came up with MAC address validation, but the L2TP/PPTP server does not send this attribute to RADIUS servers.
Do you know some other approach we can use to achieve this goal? It must be a way to deny personal computers to ingress the company network.
Another problem is that the "IT guy" of the company knows the password of each user, because it is him that configures the VPN connection on each company computer. Is there a way to use MFA?