When I needed to transfer some data to an offsite using a PPTP VPN, I followed these two tutorials to get the connection running on my Debian Wheezy server:
Basically the steps are the following.
Install pptp client:
apt-get install pptp-linux
Then enter the vpn credentials in /etc/ppp/chap-secrets:
myvpnuser PPTP myvpnpass *
Then create a new config file for the VPN connection in the /etc/ppp/peers folder. Here I used vpnconn1 as name (/etc/ppp/peers/vpnconn1):
pty "pptp ip.address.remote.site --nolaunchpppd"
name myvpnuser
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
maxfail 0
persist
ipparam vpnconn1
pty: The command line options to launch the pptp client and therefore the connection. ip.address.remote.site is of course the IP address or DNS Name of the VPN Server.
name: It's the username again, which must be the same as defined in chap-secrets.
ipparam: Use the same naming again, as your vpn connection (vpnconn1)
After that I manually launched the VPN connection with the following command:
pppd call smartdev
In /var/log/syslog the following entries appeared:
Jul 21 11:27:01 irnsrvp01 pppd[117523]: pppd 2.4.5 started by root, uid 0
Jul 21 11:27:01 irnsrvp01 pppd[117523]: Using interface ppp0
Jul 21 11:27:01 irnsrvp01 pppd[117523]: Connect: ppp0 <--> /dev/pts/57
Jul 21 11:27:01 irnsrvp01 pptp[117527]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Jul 21 11:27:01 irnsrvp01 pptp[117553]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Jul 21 11:27:01 irnsrvp01 pptp[117553]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Jul 21 11:27:01 irnsrvp01 pptp[117553]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Jul 21 11:27:02 irnsrvp01 pptp[117553]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Jul 21 11:27:02 irnsrvp01 pptp[117553]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Jul 21 11:27:02 irnsrvp01 pptp[117553]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 1640).
Jul 21 11:27:06 irnsrvp01 pppd[117523]: CHAP authentication succeeded
Jul 21 11:27:06 irnsrvp01 pppd[117523]: MPPE 128-bit stateless compression enabled
Jul 21 11:27:09 irnsrvp01 pppd[117523]: local IP address 10.0.0.11
Jul 21 11:27:09 irnsrvp01 pppd[117523]: remote IP address 10.0.0.10
Success! The VPN connection was established.
But then the crazyness started! Several times per second I got such log entries:
Jul 21 11:31:14 irnsrvp01 pptp[98247]: anon fatal[open_callmgr:pptp.c:487]: Call manager exited with error 256
Jul 21 11:31:14 irnsrvp01 pptp[98259]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Jul 21 11:31:14 irnsrvp01 pptp[98260]: anon warn[open_inetsock:pptp_callmgr.c:329]: connect: Connection refused
Jul 21 11:31:14 irnsrvp01 pptp[98260]: anon fatal[callmgr_main:pptp_callmgr.c:127]: Could not open control connection to ip.address.remote.site
Altogether pptp logged more than 99k lines into /var/log/syslog. Now if you use OSSEC on that server, and I do, then you can imagine how many alert e-mails you get. I stopped counting after the 1500th alert e-mail.
The question now is: How can I tell pptp to stop logging? Eventually I found a very old (from 12 years ago!) mailing list post in which a command line parameter is mentioned (--loglevel):
should allow you to reduce the verbosity of logging by adding the option "--loglevel 0" to your pptp command line.
As I described above, the command line options are actually defined in the VPN connection's config file (/etc/ppp/peers/vpnconn1) in the "pty" line.
# cat /etc/ppp/peers/vpnconn1
pty "pptp ip.address.remote.site --nolaunchpppd --loglevel 0"
name myvpnuser
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
maxfail 0
persist
ipparam vpnconn1
By adding the "--loglevel 0" option into that line, the crazy logging stopped and only a few "Echo Reply received" entries appeared from time to time.
No comments yet.
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera Git GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Icingaweb Icingaweb2 Influx Internet Java KVM Kibana Kodi Kubernetes LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Office PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder