pptp client on Linux: Disable crazy anon logging (callmgr)

Written by - 0 comments

Published on - Listed in Linux Network Internet


When I needed to transfer some data to an offsite using a PPTP VPN, I followed these two tutorials to get the connection running on my Debian Wheezy server:

  • http://websistent.com/how-to-configure-a-linux-pptp-vpn-client/
  • http://www.vionblog.com/debian-pptp-client-configuration/

Basically the steps are the following.

Install pptp client:

apt-get install pptp-linux

Then enter the vpn credentials in /etc/ppp/chap-secrets:

myvpnuser      PPTP      myvpnpass     *

Then create a new config file for the VPN connection in the /etc/ppp/peers folder. Here I used vpnconn1 as name (/etc/ppp/peers/vpnconn1):

pty "pptp ip.address.remote.site --nolaunchpppd"
name myvpnuser
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
maxfail 0
persist
ipparam vpnconn1

pty: The command line options to launch the pptp client and therefore the connection. ip.address.remote.site is of course the IP address or DNS Name of the VPN Server.

name: It's the username again, which must be the same as defined in chap-secrets.

ipparam: Use the same naming again, as your vpn connection (vpnconn1)

After that I manually launched the VPN connection with the following command:

pppd call smartdev

In /var/log/syslog the following entries appeared:

Jul 21 11:27:01 irnsrvp01 pppd[117523]: pppd 2.4.5 started by root, uid 0
Jul 21 11:27:01 irnsrvp01 pppd[117523]: Using interface ppp0
Jul 21 11:27:01 irnsrvp01 pppd[117523]: Connect: ppp0 <--> /dev/pts/57
Jul 21 11:27:01 irnsrvp01 pptp[117527]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Jul 21 11:27:01 irnsrvp01 pptp[117553]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Jul 21 11:27:01 irnsrvp01 pptp[117553]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Jul 21 11:27:01 irnsrvp01 pptp[117553]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Jul 21 11:27:02 irnsrvp01 pptp[117553]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Jul 21 11:27:02 irnsrvp01 pptp[117553]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Jul 21 11:27:02 irnsrvp01 pptp[117553]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 1640).
Jul 21 11:27:06 irnsrvp01 pppd[117523]: CHAP authentication succeeded
Jul 21 11:27:06 irnsrvp01 pppd[117523]: MPPE 128-bit stateless compression enabled
Jul 21 11:27:09 irnsrvp01 pppd[117523]: local  IP address 10.0.0.11
Jul 21 11:27:09 irnsrvp01 pppd[117523]: remote IP address 10.0.0.10

Success! The VPN connection was established. 

But then the crazyness started! Several times per second I got such log entries:

Jul 21 11:31:14 irnsrvp01 pptp[98247]: anon fatal[open_callmgr:pptp.c:487]: Call manager exited with error 256
Jul 21 11:31:14 irnsrvp01 pptp[98259]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Jul 21 11:31:14 irnsrvp01 pptp[98260]: anon warn[open_inetsock:pptp_callmgr.c:329]: connect: Connection refused
Jul 21 11:31:14 irnsrvp01 pptp[98260]: anon fatal[callmgr_main:pptp_callmgr.c:127]: Could not open control connection to ip.address.remote.site

Altogether pptp logged more than 99k lines into /var/log/syslog. Now if you use OSSEC on that server, and I do, then you can imagine how many alert e-mails you get. I stopped counting after the 1500th alert e-mail.

The question now is: How can I tell pptp to stop logging? Eventually I found a very old (from 12 years ago!) mailing list post in which a command line parameter is mentioned (--loglevel):

should allow you to reduce the verbosity of logging by adding the option "--loglevel 0" to your pptp command line.

As I described above, the command line options are actually defined in the VPN connection's config file (/etc/ppp/peers/vpnconn1) in the "pty" line.

# cat /etc/ppp/peers/vpnconn1
pty "pptp ip.address.remote.site --nolaunchpppd --loglevel 0"
name myvpnuser
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
maxfail 0
persist
ipparam vpnconn1

By adding the "--loglevel 0" option into that line, the crazy logging stopped and only a few "Echo Reply received" entries appeared from time to time.


Add a comment

Show form to leave a comment

Comments (newest first)

No comments yet.

RSS feed

Blog Tags:

  AWS   Android   Ansible   Apache   Apple   Atlassian   BSD   Backup   Bash   Bluecoat   CMS   Chef   Cloud   Coding   Consul   Containers   CouchDB   DB   DNS   Database   Databases   Docker   ELK   Elasticsearch   Filebeat   FreeBSD   Galera   Git   GlusterFS   Grafana   Graphics   HAProxy   HTML   Hacks   Hardware   Icinga   Icingaweb   Icingaweb2   Influx   Internet   Java   KVM   Kibana   Kodi   Kubernetes   LVM   LXC   Linux   Logstash   Mac   Macintosh   Mail   MariaDB   Minio   MongoDB   Monitoring   Multimedia   MySQL   NFS   Nagios   Network   Nginx   OSSEC   OTRS   Office   PGSQL   PHP   Perl   Personal   PostgreSQL   Postgres   PowerDNS   Proxmox   Proxy   Python   Rancher   Rant   Redis   Roundcube   SSL   Samba   Seafile   Security   Shell   SmartOS   Solaris   Surveillance   Systemd   TLS   Tomcat   Ubuntu   Unix   VMWare   VMware   Varnish   Virtualization   Windows   Wireless   Wordpress   Wyse   ZFS   Zoneminder   


Update cookies preferences