Hi Guys
Would it be possible to allow a setting for Winbox to timeout its connection to RouterOS after xxx mins etc.
Thanks
There is no plans for such feature.
what about a feature to disconnect current logged users? =)
I’d like to add my vote to Chupaka’s suggestion. This is a significant concern with MikroTik security since there is no way to force logout an active user. The list of active users can be printed, but there is nothing that can be done with these entries. Presumably, if we had this feature, then we could then create a script to log out any active user after a period of inactivity, though that would also require having some way to determine how long since the last entry from an active user.
I’m also voting for one of these options:
- Session idle timeout
- I got negative answer from MikroTik support about adding this feature at this moment
- Remove active user session
- the same as option (1)
Any update on this? I have a router running v2.9.26 that shows several of the same user name active in the “Active Users” list. Now it appears Winbox will not open the router with this user name…it trys, but just flashes the winbox session open and closed very quickly.
I can log in to the router using a different user name, but do not see any command to kick or remove these stale “Active Users”. Any suggestion other than rebooting the router?
Thanks,
Brad
If you can determine their IP pop a Reject rule in the firewall perhaps?
Not sure if you’d also need to drop their existing connections from the connection tracking table.
Thanks for the idea, but already tried it. These “Active User” sessions are not actually active to anywhere…just hung there still showing active when in fact they aren’t.
Brad
then just upgrade - it was already fixed
Care to share the command? Looking at a router running v5.14 and still don't see a way to kick an active user. Show me how to kick active user "0".
admin@Test Router] /user active>
Lists all users that are currently logged in.
.. -- go up to user
find -- Find items by value
get -- Gets value of item's property
print -- Print values of item properties
[admin@Test Router] /user active> prin
Flags: R - radius
WHEN NAME ADDRESS
0 mar/24/2012 08:44:28 admin 216.1xx.xxx.xxx
1 mar/24/2012 08:44:28 admin 216.1xx.xxx.xxx
2 mar/29/2012 09:37:24 admin 216.1xx.xxx.xxx
[admin@Test Router] /user active> /sys reso prin
uptime: 2w1d18h35m28s
version: 5.14
free-memory: 1920020KiB
total-memory: 1943356KiB
cpu: Intel(R)
cpu-count: 2
cpu-frequency: 2926MHz
cpu-load: 1%
free-hdd-space: 1848972KiB
total-hdd-space: 1921188KiB
write-sect-since-reboot: 3936
write-sect-total: 3936
architecture-name: x86
board-name: x86
platform: MikroTik
[admin@Test Router] /user active>
Thanks!
Brad
I’m telling about ‘hung’ sessions
I’ve checked that, if I’ve a user loged in (me), and in Firewall > Connection kill the active connection… the session still works!
No new connection is opened, but Winbox still works!
Why???
If I kill the connection, the session must die… I think
PD: Of course I’m connecting by IP, not by MAC
if you NAT that connection - then it will be dropped. if you’re dropping packets of invalid connections - it will be dropped
but if you don’t have anything of this - it will continue to work 