What is vsradiusclient_test.exe?

Vsradiusclient is a RADIUS test tool for testing RADIUS authentication requests to the VIP Enterprise Gateway RADIUS Validation Server. The tool work on Windows, Linux, AIX, HP-UX, and Solaris platforms and can be run directly on the Enterprise Gateway or remotely from another server. (The 3rd-party tool 'NTradping' tool can also be used).

Where do I get it?

If using a VIP Enterprise Gateway, it is located in the <install path>\Symantec\VIP_Enterprise_Gateway\tools folder. Download manually from VIP Manager by navigating to Account > Download Files > Third Party Integrations > Plugins >Tools.zip (manual download only requires Visual C++ 2012 x64 Update 4 Redistributable). 

Note: If the RADIUS vulnerability patch for CVE-2024-3596 has been applied to the VIP Enterprise Gateway server an updated version of the vsradiusclient_test tool is available with support for the RADIUS Message-Authenticator attribute in VIP Manager under Account > Download Files > Third Party Integrations > Radius_Vulnerability_Patch > Tool_Radius.zip.

What is it used for?

• Verify or test the state of an Enterprise Gateway Validation Server by sending a RADIUS validation request directly to the validation server, then viewing the response.
• Rapidly send tests to multiple VIP Enterprise Gateway systems from a single instance of the tool. Use it locally or remotely. 
• Create a script to automatically check the uptime of a VIP EG validation server. Various options help enable this use-case securely. See “Health Monitor for Validation Server” section of the Enterprise Gateway Installation and Configuration guide.

Instructions for use:

Syntax:

vsradiusclient_test.exe --server-host { ip_addr | hostname } [--server-port int] --client-ip ip_addr { --secret string | --secret-file file_name } [--user-name string --password string] [--attempts int] [--timeout int] [--verbose]

Required parameters:

--server-host  IP address or DNS name of the target VIP Enterprise Gateway
--server-port  VIP EG Validation Server port number
--client-ip  IP of the machine running the test. 
--secret  The RADIUS shared secret set in the Validation server settings on the target VIP Enterprise Gateway

Optional parameters:

--user-name  Username who can satisfy the VIP EG userstore filters (for ULO) and exists in the VIP Cloud (ULO and UO). The user should also have a credential assigned in VIP Manager.
--password  Username AD/LDAP password. If UO mode only, this is the VIP credential security code. 
--secret-file  Location of the file containing the shared secret. Keeps the shared secret out of process list space - especially important for multi-user systems. Appropriate ACLs are required for the file containing the unencrypted shared secret.
--attempts  Number of retry attempts
--timeout  Value (in seconds) of the request timeout
--user-agent  Optional user-agent attribute added to the RADIUS request that is visible in the VIP EG validation server log. 

Note: To prevent buffer conflict errors, periodically open a fresh command prompt session if repeated tests are performed.