18. pptp Server Administration
This section covers a few tricks on pptp server management. It is far from a complete guide. Any suggestions are welcome.
The packages psacct and SysVinit are required for the utilities used in here. They should be installed by default. If they are not, please install them through yum.
[[email protected] ~]# yum install psacct SysVinit
18.1 Who is Online?
To check who is online, the "last" command is used:
[[email protected] ~]# last | grep ppp | grep still James ppp3 202.xx.xxx.xxx Sat Nov 19 17:38 still logged in Andrew ppp1 220.xxx.xxx.xx Sat Nov 19 17:23 still logged in Mary ppp2 1.2.3.4 Sat Nov 19 16:59 still logged in Sue ppp0 202.xx.xxx.xxx Sat Nov 19 16:43 still logged in Mark ppp7 203.xxx.xxx.xxx Sat Nov 19 14:59 still logged in
last is from SysVinit. It reads the information from /var/log/wtmp.
Note: for last to work properly, the logwtmp option in the /etc/pptpd.conf must be enabled. If you are sure there are pptp connections but see no output from the above mentioned command, check the logwtmp option in the pptpd.conf file is enabled.
18.2 Accounting
The "ac" utility from package psacct will provide a report on the connection time.
[[email protected] ~]# ac -d -p
Amy 3.77
George 0.08
Mark 1.78
Richard 0.35
Lee 3.66
Simon 5.78
Nicole 1.05
Nov 1 total 16.46
Amy 2.43
Nicole 8.61
Richard 4.77
Mark 0.90
Lee 4.68
Keith 1.84
Nov 2 total 23.23
The ac command reads the information from /var/log/wtmp. It has a lot of options. Read the man page for details.
Note:
1.
If you want the statistics from older version of wtmp, use the -f parameter in "ac" to specify the file.
2. If users use shell to log in the server as well, the ac will return the connection time of both pptp and shell connections.
18.3 Disconnect a User
To disconnect an active connection, you will have to kill the pppd process associate with it. Firstly, run the command in section 16.1 to find out the remote ip address of the user. Say you want to disconnect Mary, her ip address in the above example is 1.2.3.4. Then, find the PID of the pppd process.
[[email protected] /]# ps -ef | grep 1.2.3.4 | grep pppd
root 8672 8671 0 16:59 ? 00:00:00 /usr/sbin/pppd local file /etc/ppp/options.pptpd 115200
10.0.0.10:10.0.0.124 ipparam 1.2.3.4.
plugin /usr/lib/pptpd/pptpd-logwtmp.so
pptpd-original-ip 1.2.3.4
The second field of the output, 8672 in our example, is the PID of the pppd process. Kill the process will disconnect the user.
[[email protected] /]# kill 8672
18.4 Allow Only One Connection per User
By default, a user can make multiple connections to the pptpd server. To restrict one connection per user, create two script files in the /etc/ppp directory. When the same user logs in twice, the first connection will be disconnected. This is actually done on the ppp level, not with the pptpd.
The first file is /etc/ppp/auth-up
#!/bin/sh
# get the username/ppp line number from the parameters
PPPLINE=$1
USER=$2
# create the directory to keep pid files per user
mkdir -p /var/run/pptpd-users
# if there is a session already for this user, terminate the old one
if [ -f /var/run/pptpd-users/$USER ]; then
kill -HUP `cat /var/run/pptpd-users/$USER`
rm /var/run/pptpd-users/$USER
fi
# write down the username in the ppp line file
echo $USER > /var/run/pptpd-users/$PPPLINE.new
The second file is /etc/ppp/ip-up.local
#!/bin/sh REALDEVICE=$1 # Get the username from the ppp line record file USER=`cat /var/run/pptpd-users/$REALDEVICE.new` # Copy the ppp line pid cp "/var/run/$REALDEVICE.pid" /var/run/pptpd-users/$USER # remove the ppp line record file rm "/var/run/pptpd-users/$REALDEVICE.new"
The method presented here may not be the best one, but it works for me. (If you have a better way, please let me know.)
Next Previous Content