其实以前也搞过PPTP VPN的配置,但是当时都是存在于建立,很多细节的方面并没有做好。今天来搞下这个日志系统吧,主要实现是通过ip-up 和ip-down两个脚本来实现的。这里说下原理吧,原理是通过pptp建立连接的时候都会执行ip-up,然后断线会执行ip-down。首先看看man pppd里面的一些内容:
- SCRIPTS
- Pppd invokes scripts at various stages in its processing which can be
- used to perform site-specific ancillary processing. These scripts are
- usually shell scripts, but could be executable code files instead.
- Pppd does not wait for the scripts to finish (except for the ip-pre-up
- script). The scripts are executed as root (with the real and effective
- user-id set to 0), so that they can do things such as update routing
- tables or run privileged daemons. Be careful that the contents of
- these scripts do not compromise your system's security. Pppd runs the
- scripts with standard input, output and error redirected to /dev/null,
- and with an environment that is empty except for some environment vari-
- ables that give information about the link. The environment variables
- that pppd sets are:
- DEVICE The name of the serial tty device being used.
- IFNAME The name of the network interface being used.
- IPLOCAL
- The IP address for the local end of the link. This is only set
- when IPCP has come up.
- IPREMOTE
- The IP address for the remote end of the link. This is only set
- when IPCP has come up.
- PEERNAME
- The authenticated name of the peer. This is only set if the
- peer authenticates itself.
- SPEED The baud rate of the tty device.
- ORIG_UID
- The real user-id of the user who invoked pppd.
- PPPLOGNAME
- The username of the real user-id that invoked pppd. This is
- always set.
- For the ip-down and auth-down scripts, pppd also sets the following
- variables giving statistics for the connection:
- CONNECT_TIME
- The number of seconds from when the PPP negotiation started
- until the connection was terminated.
- BYTES_SENT
- The number of bytes sent (at the level of the serial port) dur-
- ing the connection.
- BYTES_RCVD
- The number of bytes received (at the level of the serial port)
- during the connection.
- LINKNAME
- The logical name of the link, set with the linkname option.
- CALL_FILE
- The value of the call option.
- DNS1 If the peer supplies DNS server addresses, this variable is set
- to the first DNS server address supplied.
- DNS2 If the peer supplies DNS server addresses, this variable is set
- to the second DNS server address supplied.
- Pppd invokes the following scripts, if they exist. It is not an error
- if they don't exist.
- /etc/ppp/auth-up
- A program or script which is executed after the remote system
- successfully authenticates itself. It is executed with the
- parameters
- interface-name peer-name user-name tty-device speed
- Note that this script is not executed if the peer doesn't
- authenticate itself, for example when the noauth option is used.
- /etc/ppp/auth-down
- A program or script which is executed when the link goes down,
- if /etc/ppp/auth-up was previously executed. It is executed in
- the same manner with the same parameters as /etc/ppp/auth-up.
- /etc/ppp/ip-pre-up
- A program or script which is executed just before the ppp net-
- work interface is brought up. It is executed with the same
- parameters as the ip-up script (below). At this point the
- interface exists and has IP addresses assigned but is still
- down. This can be used to add firewall rules before any IP
- traffic can pass through the interface. Pppd will wait for this
- script to finish before bringing the interface up, so this
- script should run quickly.
- /etc/ppp/ip-up
- A program or script which is executed when the link is available
- for sending and receiving IP packets (that is, IPCP has come
- up). It is executed with the parameters
- interface-name tty-device speed local-IP-address
- remote-IP-address ipparam
- /etc/ppp/ip-down
- A program or script which is executed when the link is no longer
- available for sending and receiving IP packets. This script can
- be used for undoing the effects of the /etc/ppp/ip-up and
- /etc/ppp/ip-pre-up scripts. It is invoked in the same manner
- and with the same parameters as the ip-up script.
- /etc/ppp/ipv6-up
- Like /etc/ppp/ip-up, except that it is executed when the link is
- available for sending and receiving IPv6 packets. It is executed
- with the parameters
- interface-name tty-device speed local-link-local-address
- remote-link-local-address ipparam
- /etc/ppp/ipv6-down
- Similar to /etc/ppp/ip-down, but it is executed when IPv6 pack-
- ets can no longer be transmitted on the link. It is executed
- with the same parameters as the ipv6-up script.
- /etc/ppp/ipx-up
- A program or script which is executed when the link is available
- for sending and receiving IPX packets (that is, IPXCP has come
- up). It is executed with the parameters
- interface-name tty-device speed network-number
- local-IPX-node-address remote-IPX-node-address local-IPX-rout-
- ing-protocol remote-IPX-routing-protocol local-IPX-router-name
- remote-IPX-router-name ipparam pppd-pid
- The local-IPX-routing-protocol and remote-IPX-routing-protocol
- field may be one of the following:
- NONE to indicate that there is no routing protocol
- RIP to indicate that RIP/SAP should be used
- NLSP to indicate that Novell NLSP should be used
- RIP NLSP to indicate that both RIP/SAP and NLSP should be used
- /etc/ppp/ipx-down
- A program or script which is executed when the link is no longer
- available for sending and receiving IPX packets. This script
- can be used for undoing the effects of the /etc/ppp/ipx-up
- script. It is invoked in the same manner and with the same
- parameters as the ipx-up script.
这就是ppp的脚本内容,里面当然有变量咯,这些变量就是我们需要的。
好了,那么开始进行日志整理吧,首先是ip-up
- vim /etc/ppp/ip-up
- #!/bin/sh
- #
- # This script is run by the pppd after the link is established.
- # It uses run-parts to run scripts in /etc/ppp/ip-up.d, so to add routes,
- # set IP address, run the mailq etc. you should create script(s) there.
- #
- # Be aware that other packages may include /etc/ppp/ip-up.d scripts (named
- # after that package), so choose local script names with that in mind.
- #
- # This script is called with the following arguments:
- # Arg Name Example
- # $1 Interface name ppp0
- # $2 The tty ttyS1
- # $3 The link speed 38400
- # $4 Local IP number 12.34.56.78
- # $5 Peer IP number 12.34.56.99
- # $6 Optional ``ipparam'' value foo
- # The environment is cleared before executing this script
- # so the path must be reset
- PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
- export PATH
- # These variables are for the use of the scripts run by run-parts
- PPP_IFACE="$1"
- PPP_TTY="$2"
- PPP_SPEED="$3"
- PPP_LOCAL="$4"
- PPP_REMOTE="$5"
- PPP_IPPARAM="$6"
- export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM
- # as an additional convenience, $PPP_TTYNAME is set to the tty name,
- # stripped of /dev/ (if present) for easier matching.
- PPP_TTYNAME=`/usr/bin/basename "$2"`
- export PPP_TTYNAME
- # If /var/log/ppp-ipupdown.log exists use it for logging.
- if [ -e /var/log/ppp-ipupdown.log ]; then
- exec > /var/log/ppp-ipupdown.log 2>&1
- echo $0 $@
- echo
- fi
- # This script can be used to override the .d files supplied by other packages.
- if [ -x /etc/ppp/ip-up.local ]; then
- exec /etc/ppp/ip-up.local "$@"
- fi
- run-parts /etc/ppp/ip-up.d \
- --arg="$1" --arg="$2" --arg="$3" --arg="$4" --arg="$5" --arg="$6"
- # if pon was called with the "quick" argument, stop pppd
- if [ -e /var/run/ppp-quick ]; then
- rm /var/run/ppp-quick
- wait
- kill $PPPD_PID
- fi
- /sbin/iptables -t nat -A POSTROUTING -s 172.16.36.0/24 -j SNAT --to-source "serverip" 这里设置每次登陆时候都设定一次路由转发,避免失效。
- echo "****************************************************" > /var/log/pptpd-${1}.log 将所有内容导入到pptpd-${1}.log,以防多用户登陆时候造成日志混乱
- echo "username: $PEERNAME" >> /var/log/pptpd-${1}.log
- echo "clientIP: $6" >> /var/log/pptpd-${1}.log
- echo "device: $1" >> /var/log/pptpd-${1}.log
- echo "vpnIP: $4" >> /var/log/pptpd-${1}.log
- echo "assignIP: $5" >> /var/log/pptpd-${1}.log
- echo "logintime: `date -d today +%F_%T`" >> /var/log/pptpd-${1}.log
然后是ip-up的处理:
- vim /etc/ppp/ip-down
- #!/bin/sh
- #
- # This script is run by the pppd _after_ the link is brought down.
- # It uses run-parts to run scripts in /etc/ppp/ip-down.d, so to delete
- # routes, unset IP addresses etc. you should create script(s) there.
- #
- # Be aware that other packages may include /etc/ppp/ip-down.d scripts (named
- # after that package), so choose local script names with that in mind.
- #
- # This script is called with the following arguments:
- # Arg Name Example
- # $1 Interface name ppp0
- # $2 The tty ttyS1
- # $3 The link speed 38400
- # $4 Local IP number 12.34.56.78
- # $5 Peer IP number 12.34.56.99
- # $6 Optional ``ipparam'' value foo
- # The environment is cleared before executing this script
- # so the path must be reset
- PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
- export PATH
- # These variables are for the use of the scripts run by run-parts
- PPP_IFACE="$1"
- PPP_TTY="$2"
- PPP_SPEED="$3"
- PPP_LOCAL="$4"
- PPP_REMOTE="$5"
- PPP_IPPARAM="$6"
- export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM
- # as an additional convenience, $PPP_TTYNAME is set to the tty name,
- # stripped of /dev/ (if present) for easier matching.
- PPP_TTYNAME=`/usr/bin/basename "$2"`
- export PPP_TTYNAME
- # If /var/log/ppp-ipupdown.log exists use it for logging.
- if [ -e /var/log/ppp-ipupdown.log ]; then
- exec >> /var/log/ppp-ipupdown.log 2>&1
- echo $0 $@
- echo
- fi
- echo "downtime: `date -d today +%F_%T`" >> /var/log/pptpd-${1}.log
- echo "bytes sent: $BYTES_SENT" >> /var/log/pptpd-${1}.log
- echo "bytes received: $BYTES_RCVD" >> /var/log/pptpd-${1}.log
- echo "connect time: $CONNECT_TIME" >> /var/log/pptpd-${1}.log
- echo "****************************************************" >> /var/log/pptpd-${1}.log
- cat /var/log/pptpd-${1}.log >> /var/log/pptpd.log
- # This script can be used to override the .d files supplied by other packages.
- if [ -x /etc/ppp/ip-down.local ]; then
- exec /etc/ppp/ip-down.local "$@"
- fi
- run-parts /etc/ppp/ip-down.d \
- --arg="$1" --arg="$2" --arg="$3" --arg="$4" --arg="$5" --arg="$6"
最后就可以通过/var/log/pptpd.log文件进行查看PPTP VPN日志了。日志形式如下,需要更美观的自行修改代码:
- ****************************************************
- username: nenew
- clientIP: XXX.XXX.XXX.XXX
- device: ppp0
- vpnIP: 172.16.36.1
- assignIP: 172.16.36.2
- logintime: 2015-08-03_17:06:05
- downtime: 2015-08-03_17:06:23
- bytes sent: 164143
- bytes received: 51606
- connect time: 18
- ****************************************************