PPTP,L2TP,IPSEC VPN LOG 관련 정리

PPTP 는 기본적으로 /var/log/messages 에 기본 로그가 남는다.

PPTP 접속시 로그인 관련

Jan 15 13:46:04 localhost pptpd[6252]: CTRL: Client 클라이언트IP control connection started Jan 15 13:46:04 localhost pptpd[6252]: CTRL: Starting call (launching pppd, opening GRE) Jan 15 13:46:04 localhost pppd[6253]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded. Jan 15 13:46:04 localhost pppd[6253]: pppd 2.4.5 started by root, uid 0 Jan 15 13:46:04 localhost pppd[6253]: Using interface ppp0 Jan 15 13:46:04 localhost pppd[6253]: Connect: ppp0 <--> /dev/pts/1 Jan 15 13:46:04 localhost pptpd[6252]: GRE: Bad checksum from pppd. Jan 15 13:46:08 localhost pppd[6253]: peer from calling number 클라이언트IP authorized Jan 15 13:46:08 localhost pppd[6253]: Deflate (15) compression enabled Jan 15 13:46:08 localhost pppd[6253]: local  IP address 192.168.0.1 Jan 15 13:46:08 localhost pppd[6253]: remote IP address 10.0.0.1

현재 접속자나 근래 접속자 확인하기 (명령어) PPTP

[root@localhost pts]# last -w | grep ppp "계정3" ppp1         xx.68.xx.222    Thu Jan 15 11:29 - 11:49  (00:20) "계정3" ppp0         xx.68.xx.222    Thu Jan 15 11:28 - 11:47  (00:18) "계정2"     ppp1         xx.68.xx.222    Thu Jan 15 11:28 - 11:29  (00:00) "계정3"2 ppp0         xx.68.xx.222    Thu Jan 15 11:28 - 11:28  (00:00) "계정2"     ppp1         xx.223.xx.201   Thu Jan 15 10:48 - 10:48  (00:00) "계정2"     ppp0         211.197.3.136    Thu Jan 15 10:47 - 10:49  (00:01) "계정3" ppp0         xx.223.xx.201   Thu Jan 15 10:46 - 10:47  (00:00) "계정3"1 ppp0         xx.223.xx.201   Thu Jan 15 09:58 - 10:11  (00:12) "계정3"1 ppp0         xx.223.xx.201   Thu Jan 15 09:56 - 09:58  (00:02) "계정3"1 ppp0         xx.223.xx.201   Thu Jan 15 09:55 - 09:56  (00:01) "계정1" ppp0         xx.27.xx.69    Wed Jan  7 13:15 - crash  (20:20) "계정1" ppp0         xx.27.xx.69    Wed Jan  7 11:49 - 13:15  (01:25) "계정1" ppp0         xx.27.xx.69    Wed Jan  7 11:46 - 11:49  (00:02) "계정1" ppp0         xx.27.xx.69    Wed Jan  7 11:32 - 11:46  (00:14)

PPTP 없는 계정으로 로그인 요청시

Jan 12 13:51:41 localhost pptpd[15144]: CTRL: Client 클라이언트아이피 control connection started Jan 12 13:51:41 localhost pptpd[15144]: CTRL: Starting call (launching pppd, opening GRE) Jan 12 13:51:41 localhost pppd[15145]: pppd 2.4.5 started by root, uid 0 Jan 12 13:51:41 localhost pppd[15145]: Using interface ppp0 Jan 12 13:51:41 localhost pppd[15145]: Connect: ppp0 <--> /dev/pts/1 Jan 12 13:51:41 localhost pppd[15145]: No CHAP secret found for authenticating 1234 Jan 12 13:51:41 localhost pppd[15145]: Peer 1234 failed CHAP authentication Jan 12 13:51:41 localhost pppd[15145]: Connection terminated. Jan 12 13:51:42 localhost pppd[15145]: Exit. Jan 12 13:51:42 localhost pptpd[15144]: CTRL: Client 클라이언트아이피 control connection finished

PPTP 패스워드 틀림

Jan 12 13:52:47 localhost pptpd[15156]: CTRL: Client 클라이언트아이피 control connection started Jan 12 13:52:47 localhost pptpd[15156]: CTRL: Starting call (launching pppd, opening GRE) Jan 12 13:52:47 localhost pppd[15157]: pppd 2.4.5 started by root, uid 0 Jan 12 13:52:47 localhost pppd[15157]: Using interface ppp0 Jan 12 13:52:47 localhost pppd[15157]: Connect: ppp0 <--> /dev/pts/1 Jan 12 13:52:47 localhost pppd[15157]: Peer takakocap failed CHAP authentication Jan 12 13:52:47 localhost pppd[15157]: Connection terminated. Jan 12 13:52:47 localhost pppd[15157]: Exit. Jan 12 13:52:47 localhost pptpd[15156]: CTRL: Client 클라이언트아이피 control connection finished

PPTP 로그아웃

VPN 사용시간 : Connect time 0.2 minutes. 전송량 : Sent 0 bytes, received 3386 bytes. 접속종료 : Jan 12 13:40:11 localhost pptpd[15066]: CTRL: Client 클라이언트IP control connection finished

L2TP 로그인

Jan 12 14:56:58 localhost racoon: [211.197.3.136] ERROR: couldn't find the pskey for 211.197.3.136. Jan 12 14:56:59 localhost xl2tpd[6024]: Connection established to 클라이언트아이피, 65038.  Local: 17965, Remote: 12 (ref=0/0).  LNS session is 'default' Jan 12 14:56:59 localhost xl2tpd[6024]: Call established with 클라이언트아이피, Local: 7455, Remote: 2192, Serial: 1 Jan 12 14:56:59 localhost pppd[15474]: pppd 2.4.5 started by root, uid 0 Jan 12 14:56:59 localhost pppd[15474]: Using interface ppp1 Jan 12 14:56:59 localhost pppd[15474]: Connect: ppp1 <--> /dev/pts/2 Jan 12 14:56:59 localhost pppd[15474]: Unsupported protocol 'IPv6 Control Protocol' (0x8057) received Jan 12 14:56:59 localhost racoon: ERROR: privsep_bind (Cannot assign requested address) = -1 Jan 12 14:56:59 localhost racoon: [10.0.0.1] ERROR: failed to bind to address 10.0.0.1[500] (Cannot assign requested address). Jan 12 14:56:59 localhost racoon: ERROR: privsep_bind (Cannot assign requested address) = -1 Jan 12 14:56:59 localhost racoon: [10.0.0.1] ERROR: failed to bind to address 10.0.0.1[4500] (Cannot assign requested address). Jan 12 14:56:59 localhost pppd[15474]: Cannot determine ethernet address for proxy ARP Jan 12 14:56:59 localhost pppd[15474]: local  IP address 10.0.0.1 Jan 12 14:56:59 localhost pppd[15474]: remote IP address 10.0.0.2

L2TP 계정없음

Jan 12 15:10:45 localhost racoon: [175.223.30.21] ERROR: couldn't find the pskey for 175.223.30.21. Jan 12 15:10:46 localhost xl2tpd[6024]: Connection established to 175.223.30.21, 63285.  Local: 12724, Remote: 13 (ref=0/0).  LNS session is 'default' Jan 12 15:10:46 localhost xl2tpd[6024]: Call established with 175.223.30.21, Local: 56134, Remote: 2196, Serial: 1 Jan 12 15:10:46 localhost pppd[15542]: pppd 2.4.5 started by root, uid 0 Jan 12 15:10:46 localhost pppd[15542]: Using interface ppp1 Jan 12 15:10:46 localhost pppd[15542]: Connect: ppp1 <--> /dev/pts/2 Jan 12 15:10:49 localhost pppd[15542]: No CHAP secret found for authenticating takakocapee Jan 12 15:10:49 localhost pppd[15542]: Peer takakocapee failed CHAP authentication Jan 12 15:10:49 localhost xl2tpd[6024]: control_finish: Connection closed to 175.223.30.21, serial 1 () Jan 12 15:10:49 localhost xl2tpd[6024]: control_finish: Connection closed to 175.223.30.21, port 63285 (), Local: 12724, Remote: 13 Jan 12 15:10:49 localhost xl2tpd[6024]: udp_xmit failed to 175.223.30.21:63285 with err=-1:Invalid argument Jan 12 15:10:49 localhost racoon: ERROR: no configuration found for 175.223.30.21. Jan 12 15:10:49 localhost racoon: ERROR: failed to begin ipsec sa negotication.

L2TP 패스워드 틀림

Jan 12 15:11:42 localhost racoon: [211.197.3.136] ERROR: couldn't find the pskey for 211.197.3.136. Jan 12 15:11:43 localhost xl2tpd[6024]: Connection established to 211.197.3.136, 62769.  Local: 39729, Remote: 14 (ref=0/0).  LNS session is 'default' Jan 12 15:11:43 localhost xl2tpd[6024]: Call established with 211.197.3.136, Local: 14654, Remote: 2200, Serial: 1 Jan 12 15:11:43 localhost pppd[15556]: pppd 2.4.5 started by root, uid 0 Jan 12 15:11:43 localhost pppd[15556]: Using interface ppp1 Jan 12 15:11:43 localhost pppd[15556]: Connect: ppp1 <--> /dev/pts/2 Jan 12 15:11:43 localhost pppd[15556]: Peer takakocap failed CHAP authentication Jan 12 15:11:43 localhost xl2tpd[6024]: control_finish: Connection closed to 211.197.3.136, serial 1 () Jan 12 15:11:43 localhost pppd[15556]: Modem hangup Jan 12 15:11:43 localhost xl2tpd[6024]: control_finish: Connection closed to 211.197.3.136, port 62769 (), Local: 39729, Remote: 14

IPSEC XAUTH 관련 계정 로그 

/etc/racoon/racoon.conf

accounting system  (SYSLOG에 계정 로그 남기는 설정)

로그인 성공 Jan 21 11:44:13 localhost racoon: INFO: Using port 0 Jan 21 11:44:13 localhost racoon: INFO: login succeeded for user "takakocap" Jan 21 11:44:13 localhost racoon: INFO: Accounting : 'takakocap' logging on 'vpn' from 클라이언트 IP VPN 연결성공 Jan 21 11:45:04 localhost racoon: INFO: respond new phase 2 negotiation: 211.234.6.29[4500]<=>115.68.87.222[4500] Jan 21 11:45:04 localhost racoon: INFO: no policy found, try to generate the policy : 10.0.0.2/32[0] 0.0.0.0/0[0] proto=any dir=in Jan 21 11:45:04 localhost racoon: INFO: Adjusting my encmode UDP-Tunnel->Tunnel Jan 21 11:45:04 localhost racoon: INFO: Adjusting peer's encmode UDP-Tunnel(3)->Tunnel(1) Jan 21 11:45:04 localhost racoon: INFO: IPsec-SA established: ESP/Tunnel 211.234.6.29[4500]->115.68.87.222[4500] spi=249831987(0xee42233) Jan 21 11:45:04 localhost racoon: INFO: IPsec-SA established: ESP/Tunnel 211.234.6.29[4500]->115.68.87.222[4500] spi=37831389(0x24142dd)

accounting pam