RouterOS Italia

Versione completa: [Mikrotik] How to control shared users when PPP server is used with Radius
Al momento stai visualizzando i contenuti in una versione ridotta. Visualizza la versione completa e formattata.
Preface
When Router OS is used as PPPTP server and a radius is used to control users account Router OS ignores the radius restriction of single connection per account. If freeradius is used it should be supported, but in case you use another radius, like also usermanager you cannot say to the radius use single connection per account.
This means that a user is able to connect with same username and password for more than one section. A case should be if the customer shares the account information with the friend. If you want to maintain for an account one connection per time you should implement this script that I made for my PPTP server.

The script
Codice:
:local userX;
:local userY;
:local i;
:local u;
:local clogged 0;
:local addr [ :resolve "www.maxfava.com" ];
:local addr2 [ :resolve "www.maxfava.com" ];

:foreach i in=[/ppp active find] do={
:set userX [/ppp active get $i name];
:set clogged 0;

:foreach u in=[/ppp active find name=$userX ] do={
:set clogged (clogged +1);

:if (clogged>1)  do={
:set userY [/ppp active get $u name];
:set addr [/ppp active get $u caller-id];
:set addr2 [/ppp active get $i caller-id];

:if ($addr != addr2)  do={
:log info "MPPP: FIRST ACTIVE <<$userX>> FROM IP $addr2";
:log info "MPPP: THE $clogged° <<$userY>>  CALLING FROM IP $addr NOW DISCONNECTED";
/ppp active remove $u;
}

}
}
}

Variable Declaration

Codice:
:local userX;
:local userY;
:local i;
:local u;
:local clogged 0;
:local addr [ :resolve "www.maxfava.com" ];
:local addr2 [ :resolve "www.maxfava.com" ];
This is variable declaration section. Note that to be sure that addr and addr2 variable are allocated as IP address I use the function resolve to assign an ip address.

List of active users
Codice:
:foreach i in=[/ppp active find] do={

Codice:
:set userX [/ppp active get $i name];

Codice:
:set clogged 0;


For each PPP connection actives I create a loop. userX store the name of the active connection. clogged will contain the number of connection per user.

Count connections
Codice:
:foreach u in=[/ppp active find name=$userX ] do={

Codice:
:set clogged (clogged +1);


I create now a sub loop for each account name and increment the counter clogger.

Store info
Codice:
:if (clogged>1)  do={

Codice:
:set userY [/ppp active get $u name];

Codice:
:set addr [/ppp active get $u caller-id];

Codice:
:set addr2 [/ppp active get $i caller-id];



Now I'm verifying if the counter is greater then 1 and if it is the case I store the information of the two connections on userY and the caller ip address on addr and addr2. Where addr is the address of the first connection while the addr2 is the second occurrence.

Disconnect and log
Codice:
:if ($addr != addr2)  do={

Codice:
:log info "MPPP: FIRST ACTIVE <<$userX>> FROM IP $addr2";

Codice:
:log info "MPPP: THE $clogged° <<$userY>>  CALLING FROM IP $addr NOW DISCONNECTED";

Codice:
/ppp active remove $u;

Codice:
}

And finally I check also if the account comes from the same caller id. This is because you should have a broken connection and the second call is the real connection while the first will terminate with the server timeout. So in this case you do not need to remove the second connection. This check is performed by :if ($addr != addr2).
At the end I write a log with detailed info on the account and when it has been occurred.
Finally use the schedule task to execute this script each 30 sec or 1 min as you want.