The basic idea was to watch the log file of the vpnd daemon and fire a shell script that sends a mail to me, if the most recent line of the log file contains the word "progress". (That word is a unique indicator for a successful connection. Otherwise you will get mails for each status change, too.)
To watch a file change i used Lingon: I logged in via Remote Desktop, launched "Lingon" (freeware -
http://sourceforge.net/projects/lingon/) and created a user daemon named "com.myserver.vpnd_watch". Then i've chosen my shell script as the application to be called. In my case it was "/usr/sbin/vpnd_watch.sh". And finally i set the only option "Run it if this file is modified:" as "/var/log/ppp/vpnd.log".
The shell script is quiet simple. To prevent multiple alerts for the same event, it reads a file that contains the date & time of the last login/alert, reads out the date & time of the most recent log file entry containing the word "progress" and compares both. In case of being different, it sends a mail with the log file entries of the last three connections via email and creates a new date file.
#!/bin/bash
*date_old=$(cat /Users/myaccount/watch_date.txt)*
*date_new=$(cat /var/log/ppp/vpnd.log | grep progress | tail -n1 | grep -o -E "[a-zA-Z]{3} [0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}")*
*if [ "$date_old" != "$date_new" ]; then*
*cat /var/log/ppp/vpnd.log | grep progress | tail -n3 | mail -s "VPN Connection" mail@myserver.com*
*echo $date_new > /Users/myaccount/watch_date.txt*
fi
*exit 0*
(You might have to set permissions accordingly.) The log file entry which matters is something like:
Fri Nov 19 22:23:43 2010 : L2TP incoming call in progress from 'xxx.xxx.xx.xx'...
This is also the message text of the email, so you can see what the connecting client's IP address is. My mobile phone provider offers a mail to SMS service. So i get an SMS on my iPhone, too. Useful when i don't have an internet connection or no time to check mails.
Binding all administrative traffic to that vpn connection (ssh, ARD and Server Admin Tools) makes sure that you're always informed if some tries to take control and by the IP address if it's your client.