[pptp-server] Logging actual remote ip addr
Godfrey Livingstone
godfrey at hattaway-associates.com
Tue Dec 19 05:23:27 CST 2000
I use tcpwrappers to limit access to to pptp-server but I run the server as a
deamon.
I wanted to know who tried to connect and who connected So I log the IPaddress
the name associated with the address and if an ident server is available the
user who tried to connect.
Dec 19 23:59:16 server01 pptpd[775]: CTRL: ALLOWED by tcp_wrappers connection
from XX-XX-XX-XXX.isp.net [XX.XX.XX.XXX] user "unknown"
I wrote the following patch to output information on those who connect or
attempt to connect , maybe this helps it applies to either pptd version.
Godfrey
#################################################################
--- pptpd-1.0.0/pptpmanager.c Thu Sep 23 12:01:28 1999
+++ pptpd-1.0.0.patched/pptpmanager.c Mon Sep 25 14:46:51 2000
@@ -188,11 +188,20 @@
* type deny so probably best to just
drop it immediately like
* this, as tcp wrappers usually do.
*/
+ syslog(LOG_INFO, "CTRL: DENYED by
tcp_wrappers connection from %s [%s] user \"%s\"",
+ eval_hostname(&(r.client)),
+ eval_hostaddr(&(r.client)),
+ eval_user(&r));
close(clientSocket);
/* this would never be file descriptor
0, so use it as a error
* value
*/
clientSocket = 0;
+ } else {
+ syslog(LOG_INFO, "CTRL: ALLOWED by
tcp_wrappers connection from %s [%s] user \"%s\"",
+ eval_hostname(&(r.client)),
+ eval_hostaddr(&(r.client)),
+ eval_user(&r));
}
}
#endif
###################################################################################################
George Vieira wrote:
> I actually found a way of doing this in a more proper fashion..
>
> If you run PPTPD from the inet services and use TCP wrappers, you can spawn
> a script for every connection using the TCP wrappers hosts.allow file.
> I have tested this and I hope people archive this somewhere on a site
> because I ain't keeping this set up.
>
> /etc/inetd.conf # Please Note, the next line is ONE LINE
> pptpctrl stream tcp nowait root /usr/sbin/tcpd /usr/local/sbin/pptpctrl 0 1
> /etc/pp
> p/options.pptp 1 115200 1 10.10.0.1 0 0
>
> /etc/hosts.allow # Spawns the script on every connection
> pptpctrl: ALL : spawn (/sbin/pptpdlog %n %a %d)
>
> /sbin/pptplog # Logs IPName IP DaemonProc
> #!/bin/bash
> echo "[`date +\"%D\"`] : $1 $2 $3" >> /var/log/pptpuser.log
>
> I hope this helps somebody out there..
>
> -----Original Message-----
> From: George Vieira
> Sent: Tuesday, December 19, 2000 10:48 AM
> To: 'Giulio Orsero'; pptp-server at lists.schulte.org
> Subject: RE: [pptp-server] Logging actual remote ip addr
>
> Oh sorry, I missed the very last line in your email and I know now what IP
> you meant... sorry.
>
> I can't see any other info on that except in /var/log/messages file.
>
> I don't know of any other way except to use the line below in your
> ip-up.local .. problem with with it is if you get 2 people connecting to the
> PPTPD server at the same time that it could possibly grab the wrong IP for
> the wrong client.
>
> grep "CTRL: Client" /var/log/messages | grep started | tail -1 | cut -f 8 -d
> " "
>
> -----Original Message-----
> From: Giulio Orsero [mailto:giulioo at pobox.com]
> Sent: Tuesday, December 19, 2000 9:04 AM
> To: pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] Logging actual remote ip addr
>
> On Tue, 19 Dec 2000 08:47:48 +1100, you wrote:
>
> >I don't know how that can be... because your PPP shows up as... eg..
> >ppp1 Link encap:Point-to-Point Protocol
> > inet addr:10.0.0.1 P-t-P:10.0.0.68 Mask:255.255.255.255
> > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
> > RX packets:231490 errors:0 dropped:0 overruns:0 frame:0
> > TX packets:149905 errors:0 dropped:0 overruns:0 carrier:0
> > collisions:0 txqueuelen:10
> >So how the hell is it reporting the external addresses...
> Sorry, I don't understand.
> Suppose I use in pptpd.conf:
> localip 10.0.0.1
> remoteip 10.0.0.68 (just an example to follow you on the above output)
> and suppose a client connects to its ISP and gets ip 212.x.x.x.
> that clients connect to my VPN server, say 210.x.x.x.
>
> Then, the variables in ip-up will show 10.0.0.1 and 10.0.0.68, while I
> want to know the 212.x.x.x address of the client which I only see in the
> pptpd log (through syslog)
>
> >Just add the following line into your /etc/ppp/ip-up.local and watch the
> >logs as your bring the link up
> >echo "$1 $2 $3 $4 $5 $6 " >> /var/log/pppconnect.log
> $4 and $5 would be 10.0.0.1 and 10.0.0.68
>
> As far as I understand pptd<--->pppd interaction, pppd only sees
> internal/vpn addresses (the one you specify in pptpd.conf), not the real
> internet addresses (the one I want to automatically email to someone).
>
> --
> giulioo at pobox.com
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
More information about the pptp-server
mailing list