Page 1 of 1

Feature request - Winbox connection timeout

Posted: Wed Aug 17, 2011 5:09 pm
by simco999
Hi Guys

Would it be possible to allow a setting for Winbox to timeout its connection to RouterOS after xxx mins etc.

Thanks

Re: Feature request - Winbox connection timeout

Posted: Thu Aug 18, 2011 10:30 am
by sergejs
There is no plans for such feature.

Re: Feature request - Winbox connection timeout

Posted: Thu Aug 25, 2011 2:44 pm
by Chupaka
what about a feature to disconnect current logged users? =)

Re: Feature request - Winbox connection timeout

Posted: Fri Aug 26, 2011 1:22 am
by cwade
what about a feature to disconnect current logged users? =)
I'd like to add my vote to Chupaka's suggestion. This is a significant concern with MikroTik security since there is no way to force logout an active user. The list of active users can be printed, but there is nothing that can be done with these entries. Presumably, if we had this feature, then we could then create a script to log out any active user after a period of inactivity, though that would also require having some way to determine how long since the last entry from an active user.

Re: Feature request - Winbox connection timeout

Posted: Fri Aug 26, 2011 10:33 am
by DjM
I'm also voting for one of these options:

1) Session idle timeout
- I got negative answer from MikroTik support about adding this feature at this moment

2) Remove active user session
- the same as option (1)

Re: Feature request - Winbox connection timeout

Posted: Tue Mar 27, 2012 10:13 pm
by BelWave
I'm also voting for one of these options:

1) Session idle timeout
- I got negative answer from MikroTik support about adding this feature at this moment

2) Remove active user session
- the same as option (1)
Any update on this? I have a router running v2.9.26 that shows several of the same user name active in the "Active Users" list. Now it appears Winbox will not open the router with this user name...it trys, but just flashes the winbox session open and closed very quickly.

I can log in to the router using a different user name, but do not see any command to kick or remove these stale "Active Users". Any suggestion other than rebooting the router?

Thanks,

Brad

Re: Feature request - Winbox connection timeout

Posted: Tue Mar 27, 2012 11:57 pm
by dragon2611
I'm also voting for one of these options:

1) Session idle timeout
- I got negative answer from MikroTik support about adding this feature at this moment

2) Remove active user session
- the same as option (1)
Any update on this? I have a router running v2.9.26 that shows several of the same user name active in the "Active Users" list. Now it appears Winbox will not open the router with this user name...it trys, but just flashes the winbox session open and closed very quickly.

I can log in to the router using a different user name, but do not see any command to kick or remove these stale "Active Users". Any suggestion other than rebooting the router?

Thanks,

Brad
If you can determine their IP pop a Reject rule in the firewall perhaps?

Not sure if you'd also need to drop their existing connections from the connection tracking table.

Re: Feature request - Winbox connection timeout

Posted: Wed Mar 28, 2012 1:27 am
by BelWave
I'm also voting for one of these options:

1) Session idle timeout
- I got negative answer from MikroTik support about adding this feature at this moment

2) Remove active user session
- the same as option (1)
Any update on this? I have a router running v2.9.26 that shows several of the same user name active in the "Active Users" list. Now it appears Winbox will not open the router with this user name...it trys, but just flashes the winbox session open and closed very quickly.

I can log in to the router using a different user name, but do not see any command to kick or remove these stale "Active Users". Any suggestion other than rebooting the router?

Thanks,

Brad
If you can determine their IP pop a Reject rule in the firewall perhaps?

Not sure if you'd also need to drop their existing connections from the connection tracking table.
Thanks for the idea, but already tried it. These "Active User" sessions are not actually active to anywhere...just hung there still showing active when in fact they aren't.

Brad

Re: Feature request - Winbox connection timeout

Posted: Thu Mar 29, 2012 5:33 pm
by Chupaka
then just upgrade - it was already fixed

Re: Feature request - Winbox connection timeout

Posted: Thu Mar 29, 2012 5:45 pm
by BelWave
then just upgrade - it was already fixed
Care to share the command? Looking at a router running v5.14 and still don't see a way to kick an active user. Show me how to kick active user "0".

admin@Test Router] /user active>
Lists all users that are currently logged in.

.. -- go up to user
find -- Find items by value
get -- Gets value of item's property
print -- Print values of item properties


[admin@Test Router] /user active> prin
Flags: R - radius
# WHEN NAME ADDRESS
0 mar/24/2012 08:44:28 admin 216.1xx.xxx.xxx
1 mar/24/2012 08:44:28 admin 216.1xx.xxx.xxx
2 mar/29/2012 09:37:24 admin 216.1xx.xxx.xxx
[admin@Test Router] /user active> /sys reso prin
uptime: 2w1d18h35m28s
version: 5.14
free-memory: 1920020KiB
total-memory: 1943356KiB
cpu: Intel(R)
cpu-count: 2
cpu-frequency: 2926MHz
cpu-load: 1%
free-hdd-space: 1848972KiB
total-hdd-space: 1921188KiB
write-sect-since-reboot: 3936
write-sect-total: 3936
architecture-name: x86
board-name: x86
platform: MikroTik
[admin@Test Router] /user active>


Thanks!

Brad

Re: Feature request - Winbox connection timeout

Posted: Thu Mar 29, 2012 5:51 pm
by Chupaka
I'm telling about 'hung' sessions

Re: Feature request - Winbox connection timeout

Posted: Fri Mar 30, 2012 3:08 am
by andressis2k
I've checked that, if I've a user loged in (me), and in Firewall > Connection kill the active connection... the session still works!

No new connection is opened, but Winbox still works!

Why???

If I kill the connection, the session must die... I think

PD: Of course I'm connecting by IP, not by MAC

Re: Feature request - Winbox connection timeout

Posted: Fri Mar 30, 2012 2:43 pm
by Chupaka
if you NAT that connection - then it will be dropped. if you're dropping packets of invalid connections - it will be dropped

but if you don't have anything of this - it will continue to work :)