Topic: List users @ VPN using CLI

[Jáder]

I'd like to list username of all users connected from VPN.
I can do a netstat but no usernames.
I could use smbstatus but then those users should be using smb protocol.

I'd like to use this to monitor who connects to access just a webservice/daemon.

Any tips ?

Thanks

Jáder

[guest22]

Jader,

a bit more info on "VPN" please. Which VPN mechnaism, build-in PPTP or a contrib?

If build-in PPTP then the DHCP log could tell you a bit more, for all PPTP users will get an ddress from the top of the DHCP range down. A script with 'grep' or other utilities could help.
Just a thought. 

guest

[Stefano]

I agree with RequestedDeletion and I'd addirittura that if vpn=pptp then radius' logo will tell you many interesting things

[Jáder]

Sorry not be cristal clear: VPN == PPTP (we're in SME8 forum, not in SME8contribs

I'll look for that info on radius log because DHCP knows nothing about logon usernames.

I'll update thread as soon as I get any news.

Regards

Jáder

[mmccarn]

It looks like you can assign a specific IP to each remote user -- then you could see who is connected by looking for their IP:
http://wiki.contribs.org/VPN_practical_tips#Mapping_Ip_addresses

I can't establish a successful VPN connection to my server at the moment -- but the username for each attempt is logged in /var/log/messages, looking like this:

Code: [Select]

Sep  6 09:05:18 office pppd[3758]: Peer mmccarn failed CHAP authentication
You might use this to see login info:

Code: [Select]

grep pppd.*Peer /var/log/messages
A successful connection might create a useful entry in /var/log/pptpd/current.

[Stefano]

http://uk-corp.org/Books/OReilly%20Books/radius/html/radius-chp-7-sect-3.html
http://pgregg.com/projects/radiusreport/

let us know.. and, if it works, woould you be so kind to write a page in the wiki? TIA

[CharlieBrady]

If build-in PPTP then the DHCP log could tell you a bit more, for all PPTP users will get an ddress from the top of the DHCP range down.

They get an address from the DHCP range, but it's not allocated via DHCP, so won't appear in the DHCP logs. I think the output of 'last' will show the PPTP logged-in users.

[Jáder]

http://uk-corp.org/Books/OReilly%20Books/radius/html/radius-chp-7-sect-3.html
http://pgregg.com/projects/radiusreport/

let us know.. and, if it works, woould you be so kind to write a page in the wiki? TIA

Thanks for pointing to pgregg page.
I download the tool but was unable to use it to create any report.
After change PERL path on header o radiusrepot (removind LOCAL) I run:

Code: [Select]

[root@rinoceronte radiusreport-0.3b6]# ./radiusreport -r -f ./origem.txt
Complete summary of All users last logged in times
Username Real Name                                Last time on.
===============================================================

But there are data on that file as you can see:

Code: [Select]

[root@rinoceronte radiusreport-0.3b6]# head origem.txt
Sun Jan  8 12:00:01 2012
Acct-Session-Id = "4F09A1613E9E00"
User-Name = "jader"
Acct-Status-Type = Start
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "pptpd"
Acct-Authentic = RADIUS
NAS-Port-Type = Async
Framed-IP-Address = 192.168.47.90
(...)

If anyone wish to test, I can upload that origem.txt file somewhere.

EDIT: Fix formatation typo.

[Jáder]

(...)
I think the output of 'last' will show the PPTP logged-in users.

No, there are no info available over there. I can find info about FTP logging in users... but not about PPTP. This is part of file, with IP changed

Code: [Select]

reboot   system boot  2.6.18-348.12.1. Fri Sep 20 02:36         (12+03:48)
root     pts/1        pc-00090.antinse Thu Sep 19 18:55 - 19:46  (00:50)
root     pts/2        000.158.224.94   Thu Sep 19 11:21 - 11:59  (00:38)
root     pts/0        pc-00090.antinse Thu Sep 19 11:08 - 13:34  (02:25)
root     pts/0        000.158.224.94   Wed Sep 18 22:47 - 07:20  (08:32)
root     pts/0        000.158.224.94   Wed Sep 18 18:53 - 19:04  (00:10)
public   ftpd8457     000.215.138.222  Wed Sep 18 11:21 - 11:21  (00:00)
root     pts/2        000.158.224.94   Wed Sep 18 09:32 - 09:54  (00:22)


[Jáder]

I got significative forward steps on this! URRA!

Now I'm able to see reports.
So let's document my steps for now... later I'll wiki them and maybe create a contrib.

You must update radiusreport as shown by diff below:

Code: [Select]

root@rinoceronte radius-report]# diff -u radiusreport-0.3b6/radiusreport radiusreport
--- radiusreport-0.3b6/radiusreport 1998-04-12 08:35:23.000000000 -0300
+++ radiusreport 2014-09-09 06:21:41.000000000 -0300
@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl
+#!/usr/bin/perl
 #
 # radiusreport - Extract information from Radius 2.0 detail log
 #
@@ -526,7 +526,7 @@
     print " -> $_" if ($DEBUG ge 3);
     chomp;
     $AcctSessionId = $_ if s/Acct-Session-Id = //;
-    $UserName = $_ if s/User-Name = //;
+    $UserName = $_ if s/Stripped-User-Name = //;
     $NasPort = $_ if s/NAS-Port = //;
      $NasPortType = $_ if s/NAS-Port-Type = //;
             $NasIPAddress = $_ if s/NAS-IP-Address = //;
[root@rinoceronte radius-report]#
and try it using:

Code: [Select]

./radiusreport -l jader -f /var/log/radius/accounting.log

to obtain a report for all users replace "-l jader" with "-l all"

Here you can see  other parameters: http://uk-corp.org/Books/OReilly%20Books/radius/html/radius-chp-7-sect-3.html

[ReetP]

Good work Jader.

A wiki page would be great, a contrib even better - you could open a bug as a NFR and document your work there.

B. Rgds
John