Configuring Email Alerts For New PPTP Connections On Raspberry Pi

I recently bought myself a Raspberry Pi B+ (picture semi-related). I had no initial plans on what I was going to with it, but I ended up installing Raspbian and setting up a PPTP VPN in my home’s DMZ (There are plenty of guides online if you are looking to do this). The reason I went with PPTP over IPSEC or L2TP is because PPTP is so easy to set up. It took about 15 minutes to get it up and running. Even though PPTP is no longer considered a “secure” VPN, I wanted to be able to have an encrypted connection anytime I was on a public WiFi.

Taking into account all of the flaws with PPTP, I needed a way to be notified anytime there was a new VPN connection to my server. I also wanted to get notified of the IP address that was connecting, and a location of where the connection was being established from. That’s when I came across the /etc/ppp/ip-up file. The ip-up file (and its twin, the ip-down file) execute a series of commands whenever a new VPN connection is established or removed. Since I only care about new connections, the ip-up file is where I will be making all of my changes.
When you first open the file, you will see several variables already declared.

$ nano /etc/ppp/ip-up
--------------------------------
# These variables are for the use of the scripts run by run-parts
PPP_IFACE="$1"
PPP_TTY="$2"
PPP_SPEED="$3"
PPP_LOCAL="$4"
PPP_REMOTE="$5"
PPP_IPPARAM="$6"
view raw gistfile1.bat hosted with ❤ by GitHub

I will be using some of these in my final script. The one variable that caught my attention was PPP_REMOTE. I first thought this would give me the remote IP address that made the connection, but instead it gives the remote IP address assigned to the new connection. The actual public IP address was being stored in the /var/log/messages file. Here is a snipped of what a new PPTP connection looks like from the /var/log/messages file:

Since the public IP address comes after the words “peer from calling number”, The first line of my script parses though that file and pulls out just the IP address:

ipaddress="$(sudo cat /var/log/messages |tail|grep -Po '(peer from calling number\s)\K[^\s]*')"
view raw gistfile1.bat hosted with ❤ by GitHub

Now that I have the IP address stored in the variable ipaddress, I can run a cURL against the ipinfo.io API to pull back location information for that IP address. Here is what the return looks like for Google:

The rest of my script is just some formatting and a time/date stamp. Note that this whole script is located right in the ip-up file. You essentially could call an external script from the ip-up file, but putting your code inside it has the same effect. Here is my final script:

ipaddress="$(sudo cat /var/log/messages |tail|grep -Po '(peer from calling number\s)\K[^\s]*')"
iplookup="ipinfo.io/$ipaddress"
echo "New PPTP Connection Alert" > /tmp/ppp.log
echo "Source IP:" $(cat /var/log/messages |tail|grep -Po '(peer from calling number\s)\K[^\s]*') >> /tmp/ppp.log
echo "Client IP: $5" >> /tmp/ppp.log
echo "IP lookup info:\n $(curl $iplookup)" >> /tmp/ppp.log
echo "$(date)" >> /tmp/ppp.log
cat /tmp/ppp.log | mail -s "New PPTP VPN Connection" email@address.com
view raw gistfile1.sh hosted with ❤ by GitHub

It simply builds out the email body in a /tmp/ppp.log file, then the last line sends me that file in an email. One thing to note is that I already have MailUtils installed on the server –which handles the actual emailing part.

Here is what the email notification looks like anytime the VPN server establishes a new connection:

Hope this helps! Let me know if you run into any problems in the comments.

 

Cheers!

 

 

 

 

 

 

5 thoughts on “Configuring Email Alerts For New PPTP Connections On Raspberry Pi

  1. markhurd

    I likе what you guys are up too.Such intelligent work aand reporting!
    Carry on the superb works guys I’ve incorporated yօu guys
    to my blogroll. I think it will improve the value of my site :) .

    Feel free to visit my homepaցe –

    Reply
  2. Joekodak

    Awesome and easy tutorial. The notifications are working great for me. The strange thing is that I am getting different results.
    1. Most of the time, the email reports my external IP (IP of my vpn server) rather than the IP of the device connected to my VPN server.
    2. I always get 2 emails every time. Sometimes the first email reports the proper IP (External IP of device connecting to VPN) and most of the time, both emails contain the same information: the external IP address of the VPN server and not the one connecting. Any idea why this would be happening?

    Thanks for the great tutorial

    Reply
  3. miknik

    Thanks for the write up, I found this to be a very useful starting point for sending this info to my phone via push notifications.

    You mention that you expected PPP_REMOTE in the declared variables to contain the users actual IP. Initially I followed your workaround to obtain the users IP from the logfile (/var/log/syslog in my case) but then I realised that there’s actually no need. PPP_IPPARAM returns the client IP in the $6 variable, for me at least.

    Here’s a few extra snippets I came up with which others might find useful, some only apply if you add a similar script to ip-down for notification on client disconnect.

    Get username and connection time info:
    First line sets $foo to contain the connection info returned by the last command. Second line sets username to client login username. Third line is only useful on disconnect, it sets connecttime to return times of login/logout and duration of connection. In a disconnect script you’ll need to add a few seconds of sleep at the beginning. I’m using echo in this example as it’s a really easy way to return the line with all the whitespace stripped.

    foo=$(last | grep -o -m1 '.*.ppp.*.')
    username=$(echo $foo | cut -f1 -d' ')
    connecttime=$(echo $foo | cut -f4- -d' ')

    Parse the JSON response from ipinfo.io and select the bits you want:
    This uses python to return the JSON nicely formatted for grep, just change the word after grep to match the JSON key you want and the variable will be set to that key’s value.

    iplookup="ipinfo.io/$6"
    ipinfo=$(curl -s $iplookup | python -mjson.tool)
    city=$(echo "$ipinfo" | grep city | cut -f4 -d'"')
    country=$(echo "$ipinfo" | grep country | cut -f4 -d'"')
    coords=$(echo "$ipinfo" | grep loc | cut -f4 -d'"')
    postcode=$(echo "$ipinfo" | grep postal | cut -f4 -d'"')

    Get network transfer info for session on client disconnect:
    Data received by client in megabytes, to 2 decimal places
    downloaded=$(echo "scale=2; $(grep -o 'Sent.*.bytes, received.*' /var/log/syslog | tail -1 | cut -f2 -d' ' )" / 1024^2 | bc)
    Data sent by client in megabytes, to 2 decimal places
    uploaded=$(echo "scale=2; $(grep -o 'Sent.*.bytes, received.*' /var/log/syslog | tail -1 | cut -f5 -d' ' )" / 1024^2 | bc)

    Reply
  4. Tractor Supply free shipping

    Lo lamento JJ, perder familia siempre es triste, en cuanto a lo del candidato, pues, el de la “mano dura”, me parece de lo peorcito, una mala analogía, la de quien decidió hacer el comentario.

    Reply