I am working on VPN project and wants to add a Radius server to manage the user authentication. I configured the Radius server and was able to radtest it successfully on the local machine
Here is the configuration applied https://docs.google.com/document/d/13jNVGfRQSx94dGdKjOyzXO7OEMQfbtwmOCqJ0RUnC0s/edit?usp=sharing
Radius Server
All ports and groups are allowed and also from the AWS console
[ec2-user@... ~]$ netstat -ln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp6 0 0 :::111 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp 0 0 0.0.0.0:111 0.0.0.0:*
udp 0 0 127.0.0.1:323 0.0.0.0:*
udp 0 0 0.0.0.0:604 0.0.0.0:*
udp 0 0 0.0.0.0:58016 0.0.0.0:*
udp 0 0 127.0.0.1:18120 0.0.0.0:*
udp 0 0 0.0.0.0:1812 0.0.0.0:*
udp 0 0 0.0.0.0:1813 0.0.0.0:*
udp6 0 0 :::111 :::*
udp6 0 0 ::1:323 :::*
udp6 0 0 :::49572 :::*
udp6 0 0 fe80::caf:43ff:fe9c:546 :::*
udp6 0 0 :::604 :::*
udp6 0 0 :::1812 :::*
udp6 0 0 :::1813 :::*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 16100 private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 16103 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 2695 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 16106 private/bounce
unix 2 [ ACC ] STREAM LISTENING 16109 private/defer
unix 2 [ ACC ] STREAM LISTENING 16112 private/trace
unix 2 [ ACC ] STREAM LISTENING 16115 private/verify
unix 2 [ ACC ] STREAM LISTENING 16121 private/proxymap
unix 2 [ ACC ] STREAM LISTENING 2709 /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 16124 private/proxywrite
unix 2 [ ACC ] STREAM LISTENING 2710 /run/lvm/lvmetad.socket
unix 2 [ ACC ] STREAM LISTENING 16127 private/smtp
unix 2 [ ACC ] STREAM LISTENING 16130 private/relay
unix 2 [ ACC ] STREAM LISTENING 16136 private/error
unix 2 [ ACC ] SEQPACKET LISTENING 621 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 14761 /var/lib/gssproxy/default.sock
unix 2 [ ACC ] STREAM LISTENING 16139 private/retry
unix 2 [ ACC ] STREAM LISTENING 16142 private/discard
unix 2 [ ACC ] STREAM LISTENING 16145 private/local
unix 2 [ ACC ] STREAM LISTENING 2232 /run/systemd/journal/stdout
unix 2 [ ACC ] STREAM LISTENING 16148 private/virtual
unix 2 [ ACC ] STREAM LISTENING 16151 private/lmtp
unix 2 [ ACC ] STREAM LISTENING 16154 private/anvil
unix 2 [ ACC ] STREAM LISTENING 16157 private/scache
unix 2 [ ACC ] STREAM LISTENING 3981 /var/run/rpcbind.sock
unix 2 [ ACC ] STREAM LISTENING 3982 /run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 17327 /run/irqbalance/irqbalance2127.sock
unix 2 [ ACC ] STREAM LISTENING 15158 /var/lib/amazon/ssm/ipc/health
unix 2 [ ACC ] STREAM LISTENING 15159 /var/lib/amazon/ssm/ipc/termination
unix 2 [ ACC ] STREAM LISTENING 16089 public/pickup
unix 2 [ ACC ] STREAM LISTENING 14756 /var/run/lsm/ipc/sim
unix 2 [ ACC ] STREAM LISTENING 14757 /var/run/lsm/ipc/simc
unix 2 [ ACC ] STREAM LISTENING 14762 /run/gssproxy.sock
unix 2 [ ACC ] STREAM LISTENING 16093 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 16096 public/qmgr
unix 2 [ ACC ] STREAM LISTENING 16118 public/flush
unix 2 [ ACC ] STREAM LISTENING 16133 public/showq
unix 2 [ ACC ] STREAM LISTENING 21035 /var/run/acpid.socket
Local radtest success
[ec2-user@ip-172-31-14-93 ~]$ radtest bob hello 127.0.0.1 0 testing123
Sent Access-Request Id 75 from 0.0.0.0:50324 to 127.0.0.1:1812 length 73
User-Name = "bob"
User-Password = "hello"
NAS-IP-Address = *****
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "hello"
Received Access-Accept Id 75 from 127.0.0.1:1812 to 127.0.0.1:50324 length 32
Reply-Message = "Hello, bob"
sudo nano /etc/raddb/clients.conf
client openvpnserver {
secret = testing1234
ipaddr = 3.29.100.80
}
VPN Server
Problem: rad test from another server is not working
radtest bob hello ***** 1812 testing1234
Sent Access-Request Id 52 from 0.0.0.0:56912 to *****:1812 length 73
User-Name = "bob"
User-Password = "hello"
NAS-IP-Address = *****
NAS-Port = 1812
Message-Authenticator = 0x00
Cleartext-Password = "hello"
Sent Access-Request Id 52 from 0.0.0.0:56912 to *****:1812 length 73
User-Name = "bob"
User-Password = "hello"
NAS-IP-Address = 172.31.14.221
NAS-Port = 1812
Message-Authenticator = 0x00
Cleartext-Password = "hello"
Sent Access-Request Id 52 from 0.0.0.0:56912 to *****:1812 length 73
User-Name = "bob"
User-Password = "hello"
NAS-IP-Address = 172.31.14.221
NAS-Port = 1812
Message-Authenticator = 0x00
Cleartext-Password = "hello"
(0) No reply from server for ID 52 socket 3
In addition, I am able to ping both servers from my local machine, but can not ping each other from the server.
I used the Private IP address to connect between each servers under the same subnet