1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Poptop Custom configuration question

Discussion in 'Tomato Firmware' started by macbrian, May 11, 2014.

  1. macbrian

    macbrian Networkin' Nut Member

    Is it possible to add something to the Poptop Custom configuration so there is a custom entry written in /var/log/messages every time the VPN is used? I would like to do something like:
    echo $(date) "VPN activated" >> /var/log/messages

    I'm using TomatoRAF Beta 9014-v1.3d on Asus RT-N66U

  2. darkknight93

    darkknight93 Networkin' Nut Member

    logger -t VPN -s INFO Text
    in the script/config


    logger -t "Facility Name" -s "Text"
    Last edited: May 11, 2014
  3. macbrian

    macbrian Networkin' Nut Member

    Thank you, but if i add it to VPN Tunneling: PPTP Server: Poptop Custom configuration i cannot connect to the VPN and i get this in the Tomato log:
    ”In file /tmp/pptpd/options.pptpd: unrecognized option 'logger'“
  4. darkknight93

    darkknight93 Networkin' Nut Member

    ah ok so you are not allowed to run bash commands here. well i dont know whether tomato has any "VPN UP" script area to be honest.
    you might do the trick via

    If host(on other side of vpn) is pingable
    logger -text
    macbrian likes this.
  5. koitsu

    koitsu Network Guru Member

    I don't think pptpd (options or config) supports this; there is not a way to run shell commands or scripts when something goes "up" or "down". The problem with doing it outside of pptpd is that you'd likely get false positives; you really need a way to know when things are truly up and truly down when they happen, and that's within the daemon.

    OpenVPN does provide this kind of capability, but the existing PPTP daemon does not. (OpenVPN != PPTP, by the way. Very different, unrelated technologies)
    macbrian likes this.
  6. macbrian

    macbrian Networkin' Nut Member

    To bad...

    Thanks guys for taking your time to answer :)
  7. macbrian

    macbrian Networkin' Nut Member

    Could there be another solution to this? I thought a lot about it and came to the conclusion that maybe i could let iptables make a log entry every time port 1723 was used. I have put the following in Administration: Scripts: Firewall:

    iptables -I INPUT -p tcp -m tcp --dport 1723 -m state --state NEW -j LOG --log-level 1 --log-prefix "VPN activated"

    Unfortunately nothing appears in my log. Does anyone have an idea how to make it work?

  8. koitsu

    koitsu Network Guru Member

    That rule would match any inbound TCP packets from the Internet, destined to TCP port 1723; all it would take is some random person on the Internet to try to connect to that TCP port on your WAN IP to induce a logging message.

    If you're trying to induce a logging message when the VPN software running on the router itself connects to some other place (i.e. your router is the client), then that would involve (I think -- I need someone else to confirm) using the OUTPUT chain (or on TomatoUSB, it'd probably be better to use the wanout chain).
  9. macbrian

    macbrian Networkin' Nut Member

    Thats OK. Its a compromise i can live with. I figured out why it didn't work. I had to reboot the router and not just save the rule.

    Thanks koitsu

Share This Page