Active Directory

Hello,

I’ve looked through the docs and forums, but I want to check again. Is Active Directory supported on Balance devices? If not, is there a timeline for support or will this never be supported (in the next 12 months)?

Hello cyclops,

At this time we do have support Radius. A guide on how to setup this up can be found here.

I will ask if we have any plans for Active Directory integration. Do you have any particular part that you are wondering about AD integration?

Thanks,
Zach

2 Likes

I’m going to show my ignorance here.

We want users to be able to connect to the office from home and access their network shares, files, etc. as appropriate. Being able to print documents to the network printer would be a nice touch as well.

My understanding is that without a router that support AD these things are not possible using the normal way of built-in Windows VPN connection to authenticate on the DC.

Would it would be possible if the users each had a Surfo Soho or other Peplink device and used a PepVPN (w/NAT mode enabled) to connect to the mothership as if they were in the office? Is that correct?

It sounds like you’d require AD support in the Remote User - L2TP section. This is on the road map but we don’t yet have an ETA. You can currently use radius, this should be included in Microsoft Server since Server 2008. We also currently have support for LDAP, but I believe setting up with radius is easier for now.

You could also use another Peplink device like the SOHO to create a PepVPN to the main site. This would be like they are in the office as well.

2 Likes

You said "This is on the road map but we don’t yet have an ETA. " Does that mean it is under development or that it is on the list of things to get to eventually? So 6 months vs 6 years? :slight_smile:

Yeah, the SOHO w/PepVPN will probably be what we use temporarily for a couple users.

At this point its hard to say how long it will take as what features are being added depends on several other factors (ie bugs, other features, etc). If I hear anything about a target I’ll post it here.

2 Likes

Appreciate it.

I am going to try this with a SOHO, but have a question about set up.

  1. The SOHO should have a PepVPN to the main site and all traffic (ethernet or wireless) should flow through the PepVPN
  2. If the main site uses Balance for DHCP, then I would need to set the SOHO to allow multiple vlans.
  3. With multiple vlans, I’d need to select the PepVPN profile to bridge, select the checkbox for spanning tree, and
  4. the option “override ip address when bridge connected” should be set as DHCP (considering my set up)?

Once in place, the SOHO would get ip from the main site, and any device connected through the SOHO (wireless or ethernet) would go through the main site.

Does that all sound correct?

My only concern is that for video conferencing, there just won’t be the quality available through the PepVPN connection and limited SOHO internet connections (typical home speeds). Is there a way to exclude certain sites like Zoom or Skype so that we don’t encounter that issue?

When using L2 over PepVPN the HQ will function as the DHCP Server. Another option would be enabling DHCP Relay on the SOHO and pointing that to the HQ’s address. This would forward any DHCP requests to the main site.

In 7.1.1 VLANs are the default configuration under Network > Network Settings and this will no longer need to be enabled as a feature.

You can setup an Outbound Policy rule, please enable Expert Mode so that you can set rules above the PepVPN/SpeedFusion rule, and you can direct the traffic as needed. You could have Skype, Zoom, or other video conferencing sessions be sent out the WAN or though the PepVPN profile.

1 Like