mpd5 - ban IP with failed authentication


I want to protect my PPTP/L2TP VPN server by banning clients after 3 failed authentications.
Tried to use fail2ban (+IPFW) but was unable to find any IP in MPD5/Racoon logs (even with debug log level).
Is there any solution how to ban IP of a client that failed PPTP/L2TP authentications several times?

No need for a new program. Fail2ban does this perfectly.
The problem - how to force MPD5 to log IP addresses...
Or, maybe, MPD5 has already some built-in option to ban failed IPs... But I'm just unable to find such an option.