티스토리 뷰

VPN

PPTP,L2TP,IPSEC VPN LOG 관련 정리

초보의 CHOMAN 2015.06.12 11:58

PPTP 는 기본적으로 /var/log/messages 에 기본 로그가 남는다.


PPTP 접속시 로그인 관련

Jan 15 13:46:04 localhost pptpd[6252]: CTRL: Client 클라이언트IP control connection started

Jan 15 13:46:04 localhost pptpd[6252]: CTRL: Starting call (launching pppd, opening GRE)

Jan 15 13:46:04 localhost pppd[6253]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.

Jan 15 13:46:04 localhost pppd[6253]: pppd 2.4.5 started by root, uid 0

Jan 15 13:46:04 localhost pppd[6253]: Using interface ppp0

Jan 15 13:46:04 localhost pppd[6253]: Connect: ppp0 <--> /dev/pts/1

Jan 15 13:46:04 localhost pptpd[6252]: GRE: Bad checksum from pppd.

Jan 15 13:46:08 localhost pppd[6253]: peer from calling number 클라이언트IP authorized

Jan 15 13:46:08 localhost pppd[6253]: Deflate (15) compression enabled

Jan 15 13:46:08 localhost pppd[6253]: local  IP address 192.168.0.1

Jan 15 13:46:08 localhost pppd[6253]: remote IP address 10.0.0.1


현재 접속자나 근래 접속자 확인하기 (명령어) PPTP

[root@localhost pts]# last -w | grep ppp

"계정3" ppp1         xx.68.xx.222    Thu Jan 15 11:29 - 11:49  (00:20)

"계정3" ppp0         xx.68.xx.222    Thu Jan 15 11:28 - 11:47  (00:18)

"계정2"     ppp1         xx.68.xx.222    Thu Jan 15 11:28 - 11:29  (00:00)

"계정3"2 ppp0         xx.68.xx.222    Thu Jan 15 11:28 - 11:28  (00:00)

"계정2"     ppp1         xx.223.xx.201   Thu Jan 15 10:48 - 10:48  (00:00)

"계정2"     ppp0         211.197.3.136    Thu Jan 15 10:47 - 10:49  (00:01)

"계정3" ppp0         xx.223.xx.201   Thu Jan 15 10:46 - 10:47  (00:00)

"계정3"1 ppp0         xx.223.xx.201   Thu Jan 15 09:58 - 10:11  (00:12)

"계정3"1 ppp0         xx.223.xx.201   Thu Jan 15 09:56 - 09:58  (00:02)

"계정3"1 ppp0         xx.223.xx.201   Thu Jan 15 09:55 - 09:56  (00:01)

"계정1" ppp0         xx.27.xx.69    Wed Jan  7 13:15 - crash  (20:20)

"계정1" ppp0         xx.27.xx.69    Wed Jan  7 11:49 - 13:15  (01:25)

"계정1" ppp0         xx.27.xx.69    Wed Jan  7 11:46 - 11:49  (00:02)

"계정1" ppp0         xx.27.xx.69    Wed Jan  7 11:32 - 11:46  (00:14) 


PPTP 없는 계정으로 로그인 요청시

Jan 12 13:51:41 localhost pptpd[15144]: CTRL: Client 클라이언트아이피 control connection started

Jan 12 13:51:41 localhost pptpd[15144]: CTRL: Starting call (launching pppd, opening GRE)

Jan 12 13:51:41 localhost pppd[15145]: pppd 2.4.5 started by root, uid 0

Jan 12 13:51:41 localhost pppd[15145]: Using interface ppp0

Jan 12 13:51:41 localhost pppd[15145]: Connect: ppp0 <--> /dev/pts/1

Jan 12 13:51:41 localhost pppd[15145]: No CHAP secret found for authenticating 1234

Jan 12 13:51:41 localhost pppd[15145]: Peer 1234 failed CHAP authentication

Jan 12 13:51:41 localhost pppd[15145]: Connection terminated.

Jan 12 13:51:42 localhost pppd[15145]: Exit.

Jan 12 13:51:42 localhost pptpd[15144]: CTRL: Client 클라이언트아이피 control connection finished


PPTP 패스워드 틀림

Jan 12 13:52:47 localhost pptpd[15156]: CTRL: Client 클라이언트아이피 control connection started

Jan 12 13:52:47 localhost pptpd[15156]: CTRL: Starting call (launching pppd, opening GRE)

Jan 12 13:52:47 localhost pppd[15157]: pppd 2.4.5 started by root, uid 0

Jan 12 13:52:47 localhost pppd[15157]: Using interface ppp0

Jan 12 13:52:47 localhost pppd[15157]: Connect: ppp0 <--> /dev/pts/1

Jan 12 13:52:47 localhost pppd[15157]: Peer takakocap failed CHAP authentication

Jan 12 13:52:47 localhost pppd[15157]: Connection terminated.

Jan 12 13:52:47 localhost pppd[15157]: Exit.

Jan 12 13:52:47 localhost pptpd[15156]: CTRL: Client 클라이언트아이피 control connection finished 


PPTP 로그아웃

VPN 사용시간 : Connect time 0.2 minutes.

전송량 : Sent 0 bytes, received 3386 bytes.

접속종료 : Jan 12 13:40:11 localhost pptpd[15066]: CTRL: Client 클라이언트IP control connection finished 


L2TP 로그인

Jan 12 14:56:58 localhost racoon: [211.197.3.136] ERROR: couldn't find the pskey for 211.197.3.136.

Jan 12 14:56:59 localhost xl2tpd[6024]: Connection established to 클라이언트아이피, 65038.  Local: 17965, Remote: 12 (ref=0/0).  LNS session is 'default'

Jan 12 14:56:59 localhost xl2tpd[6024]: Call established with 클라이언트아이피, Local: 7455, Remote: 2192, Serial: 1

Jan 12 14:56:59 localhost pppd[15474]: pppd 2.4.5 started by root, uid 0

Jan 12 14:56:59 localhost pppd[15474]: Using interface ppp1

Jan 12 14:56:59 localhost pppd[15474]: Connect: ppp1 <--> /dev/pts/2

Jan 12 14:56:59 localhost pppd[15474]: Unsupported protocol 'IPv6 Control Protocol' (0x8057) received

Jan 12 14:56:59 localhost racoon: ERROR: privsep_bind (Cannot assign requested address) = -1

Jan 12 14:56:59 localhost racoon: [10.0.0.1] ERROR: failed to bind to address 10.0.0.1[500] (Cannot assign requested address).

Jan 12 14:56:59 localhost racoon: ERROR: privsep_bind (Cannot assign requested address) = -1

Jan 12 14:56:59 localhost racoon: [10.0.0.1] ERROR: failed to bind to address 10.0.0.1[4500] (Cannot assign requested address).

Jan 12 14:56:59 localhost pppd[15474]: Cannot determine ethernet address for proxy ARP

Jan 12 14:56:59 localhost pppd[15474]: local  IP address 10.0.0.1

Jan 12 14:56:59 localhost pppd[15474]: remote IP address 10.0.0.2 


L2TP 계정없음

Jan 12 15:10:45 localhost racoon: [175.223.30.21] ERROR: couldn't find the pskey for 175.223.30.21.

Jan 12 15:10:46 localhost xl2tpd[6024]: Connection established to 175.223.30.21, 63285.  Local: 12724, Remote: 13 (ref=0/0).  LNS session is 'default'

Jan 12 15:10:46 localhost xl2tpd[6024]: Call established with 175.223.30.21, Local: 56134, Remote: 2196, Serial: 1

Jan 12 15:10:46 localhost pppd[15542]: pppd 2.4.5 started by root, uid 0

Jan 12 15:10:46 localhost pppd[15542]: Using interface ppp1

Jan 12 15:10:46 localhost pppd[15542]: Connect: ppp1 <--> /dev/pts/2

Jan 12 15:10:49 localhost pppd[15542]: No CHAP secret found for authenticating takakocapee

Jan 12 15:10:49 localhost pppd[15542]: Peer takakocapee failed CHAP authentication

Jan 12 15:10:49 localhost xl2tpd[6024]: control_finish: Connection closed to 175.223.30.21, serial 1 ()

Jan 12 15:10:49 localhost xl2tpd[6024]: control_finish: Connection closed to 175.223.30.21, port 63285 (), Local: 12724, Remote: 13

Jan 12 15:10:49 localhost xl2tpd[6024]: udp_xmit failed to 175.223.30.21:63285 with err=-1:Invalid argument

Jan 12 15:10:49 localhost racoon: ERROR: no configuration found for 175.223.30.21.

Jan 12 15:10:49 localhost racoon: ERROR: failed to begin ipsec sa negotication. 


L2TP 패스워드 틀림

Jan 12 15:11:42 localhost racoon: [211.197.3.136] ERROR: couldn't find the pskey for 211.197.3.136.

Jan 12 15:11:43 localhost xl2tpd[6024]: Connection established to 211.197.3.136, 62769.  Local: 39729, Remote: 14 (ref=0/0).  LNS session is 'default'

Jan 12 15:11:43 localhost xl2tpd[6024]: Call established with 211.197.3.136, Local: 14654, Remote: 2200, Serial: 1

Jan 12 15:11:43 localhost pppd[15556]: pppd 2.4.5 started by root, uid 0

Jan 12 15:11:43 localhost pppd[15556]: Using interface ppp1

Jan 12 15:11:43 localhost pppd[15556]: Connect: ppp1 <--> /dev/pts/2

Jan 12 15:11:43 localhost pppd[15556]: Peer takakocap failed CHAP authentication

Jan 12 15:11:43 localhost xl2tpd[6024]: control_finish: Connection closed to 211.197.3.136, serial 1 ()

Jan 12 15:11:43 localhost pppd[15556]: Modem hangup

Jan 12 15:11:43 localhost xl2tpd[6024]: control_finish: Connection closed to 211.197.3.136, port 62769 (), Local: 39729, Remote: 14 




IPSEC XAUTH 관련 계정 로그 

/etc/racoon/racoon.conf


accounting system  (SYSLOG에 계정 로그 남기는 설정)

로그인 성공

Jan 21 11:44:13 localhost racoon: INFO: Using port 0

Jan 21 11:44:13 localhost racoon: INFO: login succeeded for user "takakocap"

Jan 21 11:44:13 localhost racoon: INFO: Accounting : 'takakocap' logging on 'vpn' from 클라이언트 IP


VPN 연결성공

Jan 21 11:45:04 localhost racoon: INFO: respond new phase 2 negotiation: 211.234.6.29[4500]<=>115.68.87.222[4500]

Jan 21 11:45:04 localhost racoon: INFO: no policy found, try to generate the policy : 10.0.0.2/32[0] 0.0.0.0/0[0] proto=any dir=in

Jan 21 11:45:04 localhost racoon: INFO: Adjusting my encmode UDP-Tunnel->Tunnel

Jan 21 11:45:04 localhost racoon: INFO: Adjusting peer's encmode UDP-Tunnel(3)->Tunnel(1)

Jan 21 11:45:04 localhost racoon: INFO: IPsec-SA established: ESP/Tunnel 211.234.6.29[4500]->115.68.87.222[4500] spi=249831987(0xee42233)

Jan 21 11:45:04 localhost racoon: INFO: IPsec-SA established: ESP/Tunnel 211.234.6.29[4500]->115.68.87.222[4500] spi=37831389(0x24142dd)


accounting pam

댓글
댓글쓰기 폼