connectionvpnopenvpnfreeradiusradius

Radius server configured and local radtest returned success, but radtest from another server is not working


I am working on VPN project and wants to add a Radius server to manage the user authentication. I configured the Radius server and was able to radtest it successfully on the local machine

Here is the configuration applied https://docs.google.com/document/d/13jNVGfRQSx94dGdKjOyzXO7OEMQfbtwmOCqJ0RUnC0s/edit?usp=sharing

Radius Server

All ports and groups are allowed and also from the AWS console

[ec2-user@... ~]$ netstat -ln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
tcp6       0      0 :::111                  :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
udp        0      0 0.0.0.0:68              0.0.0.0:*
udp        0      0 0.0.0.0:111             0.0.0.0:*
udp        0      0 127.0.0.1:323           0.0.0.0:*
udp        0      0 0.0.0.0:604             0.0.0.0:*
udp        0      0 0.0.0.0:58016           0.0.0.0:*
udp        0      0 127.0.0.1:18120         0.0.0.0:*
udp        0      0 0.0.0.0:1812            0.0.0.0:*
udp        0      0 0.0.0.0:1813            0.0.0.0:*
udp6       0      0 :::111                  :::*
udp6       0      0 ::1:323                 :::*
udp6       0      0 :::49572                :::*
udp6       0      0 fe80::caf:43ff:fe9c:546 :::*
udp6       0      0 :::604                  :::*
udp6       0      0 :::1812                 :::*
udp6       0      0 :::1813                 :::*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     16100    private/tlsmgr
unix  2      [ ACC ]     STREAM     LISTENING     16103    private/rewrite
unix  2      [ ACC ]     STREAM     LISTENING     2695     /run/systemd/private
unix  2      [ ACC ]     STREAM     LISTENING     16106    private/bounce
unix  2      [ ACC ]     STREAM     LISTENING     16109    private/defer
unix  2      [ ACC ]     STREAM     LISTENING     16112    private/trace
unix  2      [ ACC ]     STREAM     LISTENING     16115    private/verify
unix  2      [ ACC ]     STREAM     LISTENING     16121    private/proxymap
unix  2      [ ACC ]     STREAM     LISTENING     2709     /run/lvm/lvmpolld.socket
unix  2      [ ACC ]     STREAM     LISTENING     16124    private/proxywrite
unix  2      [ ACC ]     STREAM     LISTENING     2710     /run/lvm/lvmetad.socket
unix  2      [ ACC ]     STREAM     LISTENING     16127    private/smtp
unix  2      [ ACC ]     STREAM     LISTENING     16130    private/relay
unix  2      [ ACC ]     STREAM     LISTENING     16136    private/error
unix  2      [ ACC ]     SEQPACKET  LISTENING     621      /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     14761    /var/lib/gssproxy/default.sock
unix  2      [ ACC ]     STREAM     LISTENING     16139    private/retry
unix  2      [ ACC ]     STREAM     LISTENING     16142    private/discard
unix  2      [ ACC ]     STREAM     LISTENING     16145    private/local
unix  2      [ ACC ]     STREAM     LISTENING     2232     /run/systemd/journal/stdout
unix  2      [ ACC ]     STREAM     LISTENING     16148    private/virtual
unix  2      [ ACC ]     STREAM     LISTENING     16151    private/lmtp
unix  2      [ ACC ]     STREAM     LISTENING     16154    private/anvil
unix  2      [ ACC ]     STREAM     LISTENING     16157    private/scache
unix  2      [ ACC ]     STREAM     LISTENING     3981     /var/run/rpcbind.sock
unix  2      [ ACC ]     STREAM     LISTENING     3982     /run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     17327    /run/irqbalance/irqbalance2127.sock
unix  2      [ ACC ]     STREAM     LISTENING     15158    /var/lib/amazon/ssm/ipc/health
unix  2      [ ACC ]     STREAM     LISTENING     15159    /var/lib/amazon/ssm/ipc/termination
unix  2      [ ACC ]     STREAM     LISTENING     16089    public/pickup
unix  2      [ ACC ]     STREAM     LISTENING     14756    /var/run/lsm/ipc/sim
unix  2      [ ACC ]     STREAM     LISTENING     14757    /var/run/lsm/ipc/simc
unix  2      [ ACC ]     STREAM     LISTENING     14762    /run/gssproxy.sock
unix  2      [ ACC ]     STREAM     LISTENING     16093    public/cleanup
unix  2      [ ACC ]     STREAM     LISTENING     16096    public/qmgr
unix  2      [ ACC ]     STREAM     LISTENING     16118    public/flush
unix  2      [ ACC ]     STREAM     LISTENING     16133    public/showq
unix  2      [ ACC ]     STREAM     LISTENING     21035    /var/run/acpid.socket

Local radtest success

[ec2-user@ip-172-31-14-93 ~]$ radtest bob hello 127.0.0.1 0 testing123
Sent Access-Request Id 75 from 0.0.0.0:50324 to 127.0.0.1:1812 length 73
        User-Name = "bob"
        User-Password = "hello"
        NAS-IP-Address = *****
        NAS-Port = 0
        Message-Authenticator = 0x00
        Cleartext-Password = "hello"
Received Access-Accept Id 75 from 127.0.0.1:1812 to 127.0.0.1:50324 length 32
        Reply-Message = "Hello, bob"

sudo nano /etc/raddb/clients.conf

client openvpnserver {
  secret = testing1234
  ipaddr = 3.29.100.80
}

VPN Server

Problem: rad test from another server is not working

radtest bob hello ***** 1812 testing1234
Sent Access-Request Id 52 from 0.0.0.0:56912 to *****:1812 length 73
        User-Name = "bob"
        User-Password = "hello"
        NAS-IP-Address = *****
        NAS-Port = 1812
        Message-Authenticator = 0x00
        Cleartext-Password = "hello"
Sent Access-Request Id 52 from 0.0.0.0:56912 to *****:1812 length 73
        User-Name = "bob"
        User-Password = "hello"
        NAS-IP-Address = 172.31.14.221
        NAS-Port = 1812
        Message-Authenticator = 0x00
        Cleartext-Password = "hello"
Sent Access-Request Id 52 from 0.0.0.0:56912 to *****:1812 length 73
        User-Name = "bob"
        User-Password = "hello"
        NAS-IP-Address = 172.31.14.221
        NAS-Port = 1812
        Message-Authenticator = 0x00
        Cleartext-Password = "hello"
(0) No reply from server for ID 52 socket 3

In addition, I am able to ping both servers from my local machine, but can not ping each other from the server.


Solution

  • I used the Private IP address to connect between each servers under the same subnet