We changed ISP and also our IP address range got changed. Remote Access VPN is working with local authentication but not with Radius authentication. I really do not have experience in remote access VPN, but I did rebug radius all and here is it what I got
alloc_rip 0x71dba610
new request 0xe43 --> 75 (0x71dba610)
got user 'sgupta'
got password
add_req 0x71dba610 session 0xe43 id 75
RADIUS_REQUEST
radius.c: rad_mkpkt
rad_mkpkt: ip:source-ip=166.170.30.20
RADIUS packet decode (authentication request)
--------------------------------------
Raw packet data (length = 142).....
01 4b 00 8e 52 23 20 d9 9e 7f 4c 95 aa 9b 38 11 | .K..R# .L...8.
76 77 e4 4d 01 08 73 67 75 70 74 61 02 12 fa b8 | vw.M..sgupta....
51 1a 43 65 9f 41 f0 27 a1 3c 39 96 45 0d 05 06 | Q.Ce.A.'.<9.E...
00 61 70 00 1e 0e 37 30 2e 31 39 31 2e 35 38 2e | .ap...70.191.58.
36 38 1f 0f 31 36 36 2e 31 37 30 2e 33 30 2e 32 | 68..166.170.30.2
30 3d 06 00 00 00 05 42 0f 31 36 36 2e 31 37 30 | 0=.....B.166.170
2e 33 30 2e 32 30 04 06 0a 01 08 05 1a 22 00 00 | .30.20......."..
00 09 01 1c 69 70 3a 73 6f 75 72 63 65 2d 69 70 | ....ip:source-ip
3d 31 36 36 2e 31 37 30 2e 33 30 2e 32 30 | =166.170.30.20
Parsed packet data.....
Radius: Code = 1 (0x01)
Radius: Identifier = 75 (0x4B)
Radius: Length = 142 (0x008E)
Radius: Vector: 522320D99E7F4C95AA9B38117677E44D
Radius: Type = 1 (0x01) User-Name
Radius: Length = 8 (0x08)
Radius: Value (String) =
73 67 75 70 74 61 | sgupta
Radius: Type = 2 (0x02) User-Password
Radius: Length = 18 (0x12)
Radius: Value (String) =
fa b8 51 1a 43 65 9f 41 f0 27 a1 3c 39 96 45 0d | ..Q.Ce.A.'.<9.E.
Radius: Type = 5 (0x05) NAS-Port
Radius: Length = 6 (0x06)
Radius: Value (Hex) = 0x617000
Radius: Type = 30 (0x1E) Called-Station-Id
Radius: Length = 14 (0x0E)
Radius: Value (String) =
37 30 2e 31 39 31 2e 35 38 2e 36 38 | 70.191.58.68
Radius: Type = 31 (0x1F) Calling-Station-Id
Radius: Length = 15 (0x0F)
Radius: Value (String) =
31 36 36 2e 31 37 30 2e 33 30 2e 32 30 | 166.170.30.20
Radius: Type = 61 (0x3D) NAS-Port-Type
Radius: Length = 6 (0x06)
Radius: Value (Hex) = 0x5
Radius: Type = 66 (0x42) Tunnel-Client-Endpoint
Radius: Length = 15 (0x0F)
Radius: Value (String) =
31 36 36 2e 31 37 30 2e 33 30 2e 32 30 | 166.170.30.20
Radius: Type = 4 (0x04) NAS-IP-Address
Radius: Length = 6 (0x06)
Radius: Value (IP Address) = 10.1.8.5 (0x0A010805)
Radius: Type = 26 (0x1A) Vendor-Specific
Radius: Length = 34 (0x22)
Radius: Vendor ID = 9 (0x00000009)
Radius: Type = 1 (0x01) Cisco-AV-pair
Radius: Length = 28 (0x1C)
Radius: Value (String) =
69 70 3a 73 6f 75 72 63 65 2d 69 70 3d 31 36 36 | ip:source-ip=166
2e 31 37 30 2e 33 30 2e 32 30 | .170.30.20
send pkt 10.54.1.78/1645
rip 0x71dba610 state 7 id 75
rad_vrfy() : bad req auth
rad_procpkt: radvrfy fail
radius mkreq: 0xe44
alloc_rip 0x71db9b10
new request 0xe44 --> 76 (0x71db9b10)
got user 'sgupta'
got password
add_req 0x71db9b10 session 0xe44 id 76
RADIUS_DELETE
remove_req 0x71dba610 session 0xe43 id 75
free_rip 0x71dba610
RADIUS_REQUEST
radius.c: rad_mkpkt
rad_mkpkt: ip:source-ip=166.170.30.20
RADIUS packet decode (authentication request)
--------------------------------------
Raw packet data (length = 142).....
01 4c 00 8e c2 d3 10 09 0e 2f 3c c5 1a 4b 28 41 | .L......./<..K(A
e6 27 d4 7d 01 08 73 67 75 70 74 61 02 12 c9 99 | .'.}..sgupta....
1d 2d df f5 82 19 f0 f6 e3 7c 12 d4 0c f0 05 06 | .-.......|......
00 61 70 00 1e 0e 37 30 2e 31 39 31 2e 35 38 2e | .ap...70.191.58.
36 38 1f 0f 31 36 36 2e 31 37 30 2e 33 30 2e 32 | 68..166.170.30.2
30 3d 06 00 00 00 05 42 0f 31 36 36 2e 31 37 30 | 0=.....B.166.170
2e 33 30 2e 32 30 04 06 0a 01 08 05 1a 22 00 00 | .30.20......."..
00 09 01 1c 69 70 3a 73 6f 75 72 63 65 2d 69 70 | ....ip:source-ip
3d 31 36 36 2e 31 37 30 2e 33 30 2e 32 30 | =166.170.30.20
Parsed packet data.....
Radius: Code = 1 (0x01)
Radius: Identifier = 76 (0x4C)
Radius: Length = 142 (0x008E)
Radius: Vector: C2D310090E2F3CC51A4B2841E627D47D
Radius: Type = 1 (0x01) User-Name
Radius: Length = 8 (0x08)
Radius: Value (String) =
73 67 75 70 74 61 | sgupta
Radius: Type = 2 (0x02) User-Password
Radius: Length = 18 (0x12)
Radius: Value (String) =
c9 99 1d 2d df f5 82 19 f0 f6 e3 7c 12 d4 0c f0 | ...-.......|....
Radius: Type = 5 (0x05) NAS-Port
Radius: Length = 6 (0x06)
Radius: Value (Hex) = 0x617000
Radius: Type = 30 (0x1E) Called-Station-Id
Radius: Length = 14 (0x0E)
Radius: Value (String) =
37 30 2e 31 39 31 2e 35 38 2e 36 38 | 70.191.58.68
Radius: Type = 31 (0x1F) Calling-Station-Id
Radius: Length = 15 (0x0F)
Radius: Value (String) =
31 36 36 2e 31 37 30 2e 33 30 2e 32 30 | 166.170.30.20
Radius: Type = 61 (0x3D) NAS-Port-Type
Radius: Length = 6 (0x06)
Radius: Value (Hex) = 0x5
Radius: Type = 66 (0x42) Tunnel-Client-Endpoint
Radius: Length = 15 (0x0F)
Radius: Value (String) =
31 36 36 2e 31 37 30 2e 33 30 2e 32 30 | 166.170.30.20
Radius: Type = 4 (0x04) NAS-IP-Address
Radius: Length = 6 (0x06)
Radius: Value (IP Address) = 10.1.8.5 (0x0A010805)
Radius: Type = 26 (0x1A) Vendor-Specific
Radius: Length = 34 (0x22)
Radius: Vendor ID = 9 (0x00000009)
Radius: Type = 1 (0x01) Cisco-AV-pair
Radius: Length = 28 (0x1C)
Radius: Value (String) =
69 70 3a 73 6f 75 72 63 65 2d 69 70 3d 31 36 36 | ip:source-ip=166
2e 31 37 30 2e 33 30 2e 32 30 | .170.30.20
send pkt 10.54.1.78/1645
rip 0x71db9b10 state 7 id 76
rad_vrfy() : bad req auth
rad_procpkt: radvrfy fail
radius mkreq: 0xe45
alloc_rip 0x71dba610
new request 0xe45 --> 77 (0x71dba610)
got user 'sgupta'
got password
add_req 0x71dba610 session 0xe45 id 77
RADIUS_DELETE
remove_req 0x71db9b10 session 0xe44 id 76
free_rip 0x71db9b10
RADIUS_REQUEST
radius.c: rad_mkpkt
rad_mkpkt: ip:source-ip=166.170.30.20
RADIUS packet decode (authentication request)
--------------------------------------
Raw packet data (length = 142).....
01 4d 00 8e 64 cd 82 93 d0 c9 ce ef fc 85 da 0b | .M..d...........
e8 01 a6 e7 01 08 73 67 75 70 74 61 02 12 14 ca | ......sgupta....
00 2b 4c 64 f1 f7 ab ea ba 76 a0 95 62 da 05 06 | .+Ld.....v..b...
00 61 70 00 1e 0e 37 30 2e 31 39 31 2e 35 38 2e | .ap...70.191.58.
36 38 1f 0f 31 36 36 2e 31 37 30 2e 33 30 2e 32 | 68..166.170.30.2
30 3d 06 00 00 00 05 42 0f 31 36 36 2e 31 37 30 | 0=.....B.166.170
2e 33 30 2e 32 30 04 06 0a 01 08 05 1a 22 00 00 | .30.20......."..
00 09 01 1c 69 70 3a 73 6f 75 72 63 65 2d 69 70 | ....ip:source-ip
3d 31 36 36 2e 31 37 30 2e 33 30 2e 32 30 | =166.170.30.20
Parsed packet data.....
Radius: Code = 1 (0x01)
Radius: Identifier = 77 (0x4D)
Radius: Length = 142 (0x008E)
Radius: Vector: 64CD8293D0C9CEEFFC85DA0BE801A6E7
Radius: Type = 1 (0x01) User-Name
Radius: Length = 8 (0x08)
Radius: Value (String) =
73 67 75 70 74 61 | sgupta
Radius: Type = 2 (0x02) User-Password
Radius: Length = 18 (0x12)
Radius: Value (String) =
14 ca 00 2b 4c 64 f1 f7 ab ea ba 76 a0 95 62 da | ...+Ld.....v..b.
Radius: Type = 5 (0x05) NAS-Port
Radius: Length = 6 (0x06)
Radius: Value (Hex) = 0x617000
Radius: Type = 30 (0x1E) Called-Station-Id
Radius: Length = 14 (0x0E)
Radius: Value (String) =
37 30 2e 31 39 31 2e 35 38 2e 36 38 | 70.191.58.68
Radius: Type = 31 (0x1F) Calling-Station-Id
Radius: Length = 15 (0x0F)
Radius: Value (String) =
31 36 36 2e 31 37 30 2e 33 30 2e 32 30 | 166.170.30.20
Radius: Type = 61 (0x3D) NAS-Port-Type
Radius: Length = 6 (0x06)
Radius: Value (Hex) = 0x5
Radius: Type = 66 (0x42) Tunnel-Client-Endpoint
Radius: Length = 15 (0x0F)
Radius: Value (String) =
31 36 36 2e 31 37 30 2e 33 30 2e 32 30 | 166.170.30.20
Radius: Type = 4 (0x04) NAS-IP-Address
Radius: Length = 6 (0x06)
Radius: Value (IP Address) = 10.1.8.5 (0x0A010805)
Radius: Type = 26 (0x1A) Vendor-Specific
Radius: Length = 34 (0x22)
Radius: Vendor ID = 9 (0x00000009)
Radius: Type = 1 (0x01) Cisco-AV-pair
Radius: Length = 28 (0x1C)
Radius: Value (String) =
69 70 3a 73 6f 75 72 63 65 2d 69 70 3d 31 36 36 | ip:source-ip=166
2e 31 37 30 2e 33 30 2e 32 30 | .170.30.20
send pkt 10.54.1.78/1645
rip 0x71dba610 state 7 id 77
rad_vrfy() : bad req auth
rad_procpkt: radvrfy fail
RADIUS_DELETE
remove_req 0x71dba610 session 0xe45 id 77
free_rip 0x71dba610
radius: send queue empty
Any suggestions on what is wrong here?