What is vsradiusclient_test.exe?

Vsradiusclient is a RADIUS test tool for testing RADIUS authentication requests to the VIP Enterprise Gateway RADIUS Validation Server. The tool work on Windows, Linux, AIX, HP-UX, and Solaris platforms and can be run directly on the Enterprise Gateway or remotely from another server. (The 3rd-party tool 'NTradping' tool can also be used).

Where do I get it?

If using a VIP Enterprise Gateway, it is located in the <install path>\Symantec\VIP_Enterprise_Gateway\tools folder. Download manually from VIP Manager by navigating to Account > Download Files > Third Party Integrations > Tools.zip (manual download only requires Visual C++ 2012 x64 Update 4 Redistributable). 

Note: If the RADIUS vulnerability patch for CVE-2024-3596 has been applied to the VIP Enterprise Gateway server an updated version of the vsradiusclient_test tool is available with support for the RADIUS Message-Authenticator attribute in VIP Manager under Account > Download Files > Third Party Integrations > Radius_Vulnerability_Patch > Tool_Radius.zip.

What is it used for?

• Verify or test the state of an Enterprise Gateway Validation Server by sending a RADIUS validation request directly to the validation server, then viewing the response.
• Rapidly send tests to multiple VIP Enterprise Gateway systems from a single instance of the tool. Use it locally or remotely. 
• Create a script to automatically check the uptime of a VIP EG validation server. Various options help enable this use-case securely. See “Health Monitor for Validation Server” section of the Enterprise Gateway Installation and Configuration guide.

Instructions for use:

Syntax:

vsradiusclient_test.exe --server-host { ip_addr | hostname } [--server-port int] --client-ip ip_addr { --secret string | --secret-file file_name } [--user-name string --password string] [--attempts int] [--timeout int] [--verbose]

Required parameters:

--server-host  IP address or DNS name of the target VIP Enterprise Gateway
--server-port  VIP EG Validation Server port number
--client-ip  IP of the machine running the test. 
--secret  The RADIUS shared secret set in the Validation server settings on the target VIP Enterprise Gateway

Optional parameters:

--user-name  Username who can satisfy the VIP EG userstore filters (for ULO) and exists in the VIP Cloud (ULO and UO). The user should also have a credential assigned in VIP Manager.
--password  Username AD/LDAP password. If UO mode only, this is the VIP credential security code. 
--secret-file  Location of the file containing the shared secret. Keeps the shared secret out of process list space - especially important for multi-user systems. Appropriate ACLs are required for the file containing the unencrypted shared secret.
--attempts  Number of retry attempts
--timeout  Value (in seconds) of the request timeout
--user-agent  Optional user-agent attribute added to the RADIUS request that is visible in the VIP EG validation server log. 

Note: To prevent buffer conflict errors, periodically open a fresh command prompt session if repeated tests are performed.

Sample:
C:\> vsradiusclient_test.exe --server-host {IP address} --server-port 1812 --client-ip {IP address} --secret {RADIUSsharedsecret} --user-name {user} --password {Password} --timeout 60

Interactive Mode (will prompt for username and password):
C:\> vsradiusclient_test.exe --server-host {IP address} --server-port 1812 --client-ip {IP address} --secret {RADIUSsharedsecret} --timeout 60

Automated mode:
C:\> vsradiusclient_test.exe --server-host {IP address} --server-port 1817 --client-ip {IP address} --secret-file “C:\vip_monitor_secret.txt” --user-name {user} --password {Password} --timeout 3

If the secret e.g. ^9f7&5WVDxXHg7k4EP28yTY5A contains the special characters then enclose the sharedsecret with double quotes. Example below-

C:\> vsradiusclient_test.exe --server-host {IP address} --server-port 1812 --client-ip {IP address} --secret "^9f7&5WVDxXHg7k4EP28yTY5A" --timeout 60

Testing with PUSH Number Challenge:

After the number challenge is complete on the mobile device, press ENTER on the keyboard to complete the vsradiusclient_test.exe transaction.

MSVCRT100.DLL error

An earlier version of vsradiusclient_test.exe is being used and requires Microsoft Visual C++ 2010 Redistributable Package (x86) needs to be installed.  

VCRUNTIME140.1.dll was not found error

Requires  Microsoft Visual C++ 2015-2022 Redistributable Package (X64) to be installed.