Menu
What's new
By:
Filters Better Search

pptp vpn log

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

8

8tpercent

New Around Here
Hi,

I've been looking to log pptp vpn login/logouts.

So, looking at the system log I can see this sort of thing (example):

Feb 25 07:50:48 pptp[25580]: Plugin pptp.so loaded.
Feb 25 07:50:48 pptp[25580]: PPTP plugin version 0.8.5 compiled for pppd-2.4.5, linux-2.6.22.19
Feb 25 07:50:48 pptp[25580]: pppd 2.4.5 started by admin, uid 0
Feb 25 07:50:48 pptp[25580]: Couldn't allocate PPP unit 10 as it is already in use
Feb 25 07:50:48 pptp[25580]: Using interface ppp11
Feb 25 07:50:48 pptp[25580]: Connect: ppp11 <--> pptp (x.x.x.x)
Feb 25 07:50:48 pptp[25580]: MPPE 128-bit stateless compression enabled
Feb 25 07:50:50 pptp[25580]: found interface br0 for proxy arp
Feb 25 07:50:50 pptp[25580]: local IP address 192.168.1.246
Feb 25 07:50:50 pptp[25580]: remote IP address 192.168.1.201
Feb 25 08:08:46 pptp[25580]: Connect time 18.0 minutes.
Feb 25 08:08:46 pptp[25580]: Sent 8611410 bytes, received 636834 bytes.
Feb 25 08:08:46 pptp[25580]: Terminating on signal 15
Feb 25 08:08:49 pptp[25580]: Connection terminated.

You can see from the log that only an external IP address is logged for
the connection...

Connect: ppp11 <--> pptp (x.x.x.x)

As the remote VPN users don't use static IP's isn't hard to pinpoint what
username was used to login (historically)

Obviously if the use is logged in right now I can use the /Advanced_VPNStatus.asp screen and get both the IP and the VPN username.

a) Can the pptp syslog have the vpn username address to it?
b) A separate log of PPTN/Vpn connections?

Thank you,

Steve
 
8tpercent said:
Hi,

I've been looking to log pptp vpn login/logouts.

So, looking at the system log I can see this sort of thing (example):

Feb 25 07:50:48 pptp[25580]: Plugin pptp.so loaded.
Feb 25 07:50:48 pptp[25580]: PPTP plugin version 0.8.5 compiled for pppd-2.4.5, linux-2.6.22.19
Feb 25 07:50:48 pptp[25580]: pppd 2.4.5 started by admin, uid 0
Feb 25 07:50:48 pptp[25580]: Couldn't allocate PPP unit 10 as it is already in use
Feb 25 07:50:48 pptp[25580]: Using interface ppp11
Feb 25 07:50:48 pptp[25580]: Connect: ppp11 <--> pptp (x.x.x.x)
Feb 25 07:50:48 pptp[25580]: MPPE 128-bit stateless compression enabled
Feb 25 07:50:50 pptp[25580]: found interface br0 for proxy arp
Feb 25 07:50:50 pptp[25580]: local IP address 192.168.1.246
Feb 25 07:50:50 pptp[25580]: remote IP address 192.168.1.201
Feb 25 08:08:46 pptp[25580]: Connect time 18.0 minutes.
Feb 25 08:08:46 pptp[25580]: Sent 8611410 bytes, received 636834 bytes.
Feb 25 08:08:46 pptp[25580]: Terminating on signal 15
Feb 25 08:08:49 pptp[25580]: Connection terminated.

You can see from the log that only an external IP address is logged for
the connection...

Connect: ppp11 <--> pptp (x.x.x.x)

As the remote VPN users don't use static IP's isn't hard to pinpoint what
username was used to login (historically)

Obviously if the use is logged in right now I can use the /Advanced_VPNStatus.asp screen and get both the IP and the VPN username.

a) Can the pptp syslog have the vpn username address to it?
b) A separate log of PPTN/Vpn connections?

Thank you,

Steve
Click to expand...

I'm sure there is a better way, but I modify init-start

Code: 
# This script appears to be executed too early? so manually run it here?
/jffs/scripts/pptpd.postconf

to force an email script to run whenever a PPTP client has connected:


Code: 
RT-AC56U daemon.info pptp[2006]: Plugin pptp.so loaded.
RT-AC56U daemon.info pptp[2006]: PPTP plugin version 0.8.5 compiled for pppd-2.4.7, linux-2.6.36.4
RT-AC56U daemon.notice pptp[2006]: pppd 2.4.7 started by admin, uid 0
RT-AC56U daemon.info pptp[2006]: Using interface ppp10
RT-AC56U daemon.notice pptp[2006]: Connect: ppp10 <--> pptp (xxx.xxx.xxx.xxx)
RT-AC56U daemon.notice pptp[2006]: MPPE 128-bit stateless compression enabled
RT-AC56U daemon.info pptp[2006]: found interface br0 for proxy arp
RT-AC56U daemon.notice pptp[2006]: local  IP address lll.lll.lll.lll
RT-AC56U daemon.notice pptp[2006]: remote IP address rrr.rrr.rrr.rrr
RT-AC56U user.warn (GMailPPTP.sh): 2017 Notification PPTP connection Gmail SSL (non-certificate) SMTP e-mail running....
[COLOR="Red"]RT-AC56U user.warn (GMailPPTP.sh): 2017 PPTP connection: 2006 ppp10 rrr.rrr.rrr.rrr xxx.xxx.xxx.xxx PPTP_User_Name[/COLOR]
RT-AC56U user.warn (GMailPPTP.sh): 2017 Notification PPTP connection e-mail sent using SSL (non-Certificate) smtp.gmail.com:587

basically I extract the info from /tmp/pptp_connected
 
Last edited:
You must log in or register to reply here.

Similar threads

O
HW issue on RT-AX58U
Replies
4
Views
676
Ola Malmstrom
O
C
Instant Guard IPsec VPN Log Showing Regular Access Attempts
Replies
3
Views
305
ColinTaylor
C
T
Smart Life Device Keeps Disconnecting Daily
Replies
1
Views
185
techdiver
T
Neo-ST
Can't get AX86U to work with bridged router (Link DOWN)
Replies
18
Views
784
Neo-ST
Neo-ST
P
OVPN Problem. Asus rt ax56u (latest merlin firmware
Replies
9
Views
1K
pattox
P
Similar threads
Thread starter Title Forum Replies Date
CntrlAltDel PBR for PPTP Asuswrt-Merlin 2
L IPSec VPN Server with VNC connection causes ASUS RT-AC3100 to Reboot Asuswrt-Merlin 0
G Need help with VPN Asuswrt-Merlin 2
T Wireguard VPN Disable IPV6 Asuswrt-Merlin 0
O Assigned IP address to the WAN interface via VPN director: no internet connection - why? Asuswrt-Merlin 1
A Asus Merlin 388.6_2 VPN-Director Asuswrt-Merlin 5
M VPN FUSION & VPN DIRECTOR Merlin Firmware Asuswrt-Merlin 34
B VPN + Diversion Asuswrt-Merlin 5
S VPN director and LAN traffic Asuswrt-Merlin 2
B Firewall lan - vpn? Asuswrt-Merlin 0

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 939 (members: 23, guests: 916)
Top