Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VPN before Windows logon #2809

Open
LokoOn opened this issue Oct 29, 2024 · 2 comments
Open

VPN before Windows logon #2809

LokoOn opened this issue Oct 29, 2024 · 2 comments
Labels
feature-request windows

Comments

@LokoOn
Copy link

LokoOn commented Oct 29, 2024
edited
Loading

Is your feature request related to a problem? Please describe.
It's not uncommon for a Windows domain-joined device to be located outside of its home network.

Often, such a device will have an internet connection before a user logs in. If a VPN connection could be established prior to user login, settings, updates, and other configurations from the domain controller could be synchronized directly from the LAN, even without an active user session on the Windows device.

Additionally, with an established VPN connection, login credentials could be verified directly against the central directory. This would also enable users to log in to a Windows client for the first time, even if they had never previously logged in on that particular device.

The pre-login VPN connection should ask for a NetBird user authentication. This ensures that only an authorized user can create a VPN connection.
Using a setup key is not a viable solution, as it authenticates the machine rather than the user, allowing any user on the device to establish a NetBird connection. This could pose a security risk in the case of device loss

Describe the solution you'd like
A pre-login VPN connection at the User logon screen with the option to fill in Netbird SSO credentials.
Such as OpenVPN has implemented: https://support.openvpn.com/hc/en-us/articles/25415580917019-Access-Server-Configure-Start-Before-Logon-SBL-Pre-Logon-Access-Provider-PLAP-using-OpenVPN-GUI
@Lamera
Copy link

Lamera commented Oct 31, 2024

@LokoOn Is this not actually the case when you deploy netbird with a setup key?

@LokoOn
Copy link
Author

LokoOn commented Oct 31, 2024
edited
Loading

@Lamera you are totally right. When using a setup key, than the VPN is established automatically on system start.
That's handy for container, server workloads.
I need to add some to the feature request.

There should be an option to establish a NetBird connection before the Windows login using user authentication. This ensures that only an authorized user can create a VPN connection. Using a setup key is not a viable solution, as it authenticates the machine rather than the user, allowing any user on the device to establish a NetBird connection. This could pose a security risk in the case of device loss

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request windows
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mgarces @Lamera @LokoOn