pptp client on Linux: Disable crazy anon logging (callmgr)

Written by - 0 comments

Published on - Listed in Linux Network Internet


When I needed to transfer some data to an offsite using a PPTP VPN, I followed these two tutorials to get the connection running on my Debian Wheezy server:

  • http://websistent.com/how-to-configure-a-linux-pptp-vpn-client/
  • http://www.vionblog.com/debian-pptp-client-configuration/

Basically the steps are the following.

Install pptp client:

apt-get install pptp-linux

Then enter the vpn credentials in /etc/ppp/chap-secrets:

myvpnuser      PPTP      myvpnpass     *

Then create a new config file for the VPN connection in the /etc/ppp/peers folder. Here I used vpnconn1 as name (/etc/ppp/peers/vpnconn1):

pty "pptp ip.address.remote.site --nolaunchpppd"
name myvpnuser
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
maxfail 0
persist
ipparam vpnconn1

pty: The command line options to launch the pptp client and therefore the connection. ip.address.remote.site is of course the IP address or DNS Name of the VPN Server.

name: It's the username again, which must be the same as defined in chap-secrets.

ipparam: Use the same naming again, as your vpn connection (vpnconn1)

After that I manually launched the VPN connection with the following command:

pppd call smartdev

In /var/log/syslog the following entries appeared:

Jul 21 11:27:01 irnsrvp01 pppd[117523]: pppd 2.4.5 started by root, uid 0
Jul 21 11:27:01 irnsrvp01 pppd[117523]: Using interface ppp0
Jul 21 11:27:01 irnsrvp01 pppd[117523]: Connect: ppp0 <--> /dev/pts/57
Jul 21 11:27:01 irnsrvp01 pptp[117527]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Jul 21 11:27:01 irnsrvp01 pptp[117553]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Jul 21 11:27:01 irnsrvp01 pptp[117553]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Jul 21 11:27:01 irnsrvp01 pptp[117553]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Jul 21 11:27:02 irnsrvp01 pptp[117553]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Jul 21 11:27:02 irnsrvp01 pptp[117553]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Jul 21 11:27:02 irnsrvp01 pptp[117553]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 1640).
Jul 21 11:27:06 irnsrvp01 pppd[117523]: CHAP authentication succeeded
Jul 21 11:27:06 irnsrvp01 pppd[117523]: MPPE 128-bit stateless compression enabled
Jul 21 11:27:09 irnsrvp01 pppd[117523]: local  IP address 10.0.0.11
Jul 21 11:27:09 irnsrvp01 pppd[117523]: remote IP address 10.0.0.10

Success! The VPN connection was established. 

But then the crazyness started! Several times per second I got such log entries:

Jul 21 11:31:14 irnsrvp01 pptp[98247]: anon fatal[open_callmgr:pptp.c:487]: Call manager exited with error 256
Jul 21 11:31:14 irnsrvp01 pptp[98259]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Jul 21 11:31:14 irnsrvp01 pptp[98260]: anon warn[open_inetsock:pptp_callmgr.c:329]: connect: Connection refused
Jul 21 11:31:14 irnsrvp01 pptp[98260]: anon fatal[callmgr_main:pptp_callmgr.c:127]: Could not open control connection to ip.address.remote.site

Altogether pptp logged more than 99k lines into /var/log/syslog. Now if you use OSSEC on that server, and I do, then you can imagine how many alert e-mails you get. I stopped counting after the 1500th alert e-mail.

The question now is: How can I tell pptp to stop logging? Eventually I found a very old (from 12 years ago!) mailing list post in which a command line parameter is mentioned (--loglevel):

should allow you to reduce the verbosity of logging by adding the option "--loglevel 0" to your pptp command line.

As I described above, the command line options are actually defined in the VPN connection's config file (/etc/ppp/peers/vpnconn1) in the "pty" line.

# cat /etc/ppp/peers/vpnconn1
pty "pptp ip.address.remote.site --nolaunchpppd --loglevel 0"
name myvpnuser
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
maxfail 0
persist
ipparam vpnconn1

By adding the "--loglevel 0" option into that line, the crazy logging stopped and only a few "Echo Reply received" entries appeared from time to time.


Add a comment

Show form to leave a comment

Comments (newest first)

No comments yet.