good day
i have over 50 ppp connection
i want to limit work time connection from 8:00 to 16:00 every day
how can i do this
thank you
The most effective way that i can think of is create a script that will delete all active connections and then disable all the Secrets…
So you create one scedule that enables all the secrets at 8:00 and a second one that deletes connections and disable the Secrets…
thank you
how can i do this
thank you
Here is a simple example…
Lets say i have 10 L2TP/IPsec users connected on my Server..
The following script at 16:00 will first disable all the Secrets so that the users can not use their credentials to login and after that it will remove all the active connections…
At 8:00 the secrets will be enabled and the users will be able to connect…
Paste this code in your terminal and then go to System->scheduler and see the Schedules created…
/system scheduler
add interval=1d name=Enable on-event=":foreach i in=[/ppp secret find] do={/ppp \
secret enable \$i}\r\
\n\r\
\n\r\
\n" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=apr/14/2020 start-time=08:00:00
add interval=1d name=Disable on-event=":foreach i in=[/ppp secret find] do={/ppp\
\_secret disable \$i}\r\
\n:delay 5s;\r\
\n:foreach i in=[/ppp active find] do={/ppp active remove \$i}\r\
\n\r\
\n" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=apr/14/2020 start-time=16:00:00
Using scripts is not a good idea.
I would consider two solutions:
- Create a rule in the firewall for port 1723 in the input chain in time.
- If you have exceptions for any tunnels, then for them I created a separate profile, added a interface-list and all the same with a firewall enabled or disabled time forward and input
Using scripts is not a good idea.
Amazing things have happened using Scripts… I totally disagree…
- Create a rule in the firewall for port 1723 in the input chain in time.
- If you have exceptions for any tunnels, then for them I created a separate profile, added a interface-list and all the same with a firewall enabled or disabled time forward and input
It can be a solution yes, however suggesting someone to play with the firewall rules with the possibility to mess up everything is not the best thing for me… So i can’t suggest something that will make things worse…
A script in this case is a lot easier and can provide an actual solution to the problem…
Very good and thank you for your help
But is it possible to determine the exclusion of some users from this cut and how it is done
Yes, you can create a comment for the secrets you want…
e.g. comment= “its_time”
:foreach i in=[/ppp secret find where comment ~"its_time"] do={/ppp secret disable $i}
:delay 5s;
:foreach i in=[/ppp active find where comment ~"its_time"] do={/ppp active remove $i}
This is my script.
Marcello
/system script
add dont-require-permissions=no name=AbilitaVpnClienti owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source=\
"/ip firewall filter enable [find comment=\"SSTP_Clienti\"];\r\
\n/interface sstp-server server set enabled=yes;\r\
\n"
add dont-require-permissions=no name=DisabilitaVpnClienti owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="/interface sstp-server serv\
er set enabled=no;\r\
\n/ip firewall filter disable [find comment=\"SSTP_Clienti\"];\r\ \n
/system scheduler
add interval=1d name=ChiusuraPorte-Vpn on-event="/system script run \"DisabilitaVpnClienti\";\r\n\r\
\n" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=may/18/2016 start-time=18:05:00
/ip firewall filter
add action=accept chain=input comment=SSTP_Clienti disabled=yes dst-address=X.X.X.X dst-port=443 in-interface=ether1-Wan protocol=tcp
Thank you
A wonderful and very successful experience
Great, you can mark the post as solved…