I need help writing a simple script that goes through and disconnects every active PPP connection on a router (v3.15).
I’m setting up a VPN router cluster with VRRP for failover, everything is working great, except for after I fail over the cluster to a backup VRRP router, and the master later comes back online, it is not dropping the active PPP connections from the backup router, yet the tunnels are in-operable due to VRRP having already handed control of the IP back to the master router.
I want to set up the script to run in the VRRP On-Backup event function to kill all active connections when the master comes back online.
wasn’t very clear originally - I want to disconnect every connection that shows up in
/ppp active
you best option would be to disable the pptp and l2tp services to clear them all. you can either reenable it immediately or just leave it off until its master again.
Figured it out… seems trying to store the interface name and disconnect by name doesn’t work, you have to use the line number…
:local NumConns [/ppp active print count-only]
:log info ("Preparing to disconnect " . $NumConns . " VPN Sessions")
:local iCounter 0
:while ($iCounter < $NumConns) do={
:log info ("Removing VPN Session #" . $iCounter)
/ppp active remove $iCounter
:set iCounter ($iCounter + 1)
}
I thought about that, but I didn’t like that idea in the event that there was the remote chance that if it ever errored out half way, it could possibly leave the interface disabled
You could try this instead of that entire script.
/ppp active remove [/ppp active find]
I was just thinking the remote might connect back instantly again if you havent already switched the primary/master roles.
Sam
Tested and works, both scripts accomplish the same end goal (but you’rs is definitly a little cleaner).
I’ve got the script set on the VRRP interface that the remote routers are connecting to, and executing as the On-Backup event script, so the only time it will ever run is if the backup router becomes the VRRP master for a period, and then the primary router comes back online, demoting the backup router to standby.
So far the 2 test connections i’ve got setup connecting into the system are working perfectly and failover great. There is a few seconds of packet loss while the remote offices re-dial the L2TP connection, and wait for OSPF to come up, but that is expected when things failover to the backup (and much better then waiting for one of the data center techs to go reboot a locked up router, or worse wait for a new one to get shipped and installed!)