mirror.MikroTik/nymurbd.MikroTik-scripts
1
0
Fork 0
mirror of https://github.com/nymurbd/MikroTik-scripts.git synced 2025-07-15 12:34:29 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'hotspot-to-wpa' into next

Browse source
This commit is contained in:
Christian Hesse 2023-06-26 21:18:51 +02:00
commit a030e2f946
5 changed files with 58 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

14
doc/hotspot-to-wpa.md
View file

@ -38,9 +38,16 @@ Create a scheduler:
/system/scheduler/add interval=1d name=hotspot-to-wpa-cleanup on-event="/system/script/run hotspot-to-wpa-cleanup;" start-time=startup; /system/scheduler/add interval=1d name=hotspot-to-wpa-cleanup on-event="/system/script/run hotspot-to-wpa-cleanup;" start-time=startup;
And add the lease script to your wpa interfaces' dhcp server: And add the lease script and matcher comment to your wpa interfaces' dhcp
server. You can add more information to the comment, separated by comma. In
this example the server is called `hotspot-to-wpa`.
/ip/dhcp-server/set lease-script=lease-script [ find where name~"wpa" ]; /ip/dhcp-server/set lease-script=lease-script comment="hotspot-to-wpa=wpa" hotspot-to-wpa;
You can specify the timeout after which a device is removed from leases and
access-list. The default is four weeks.
/ip/dhcp-server/set lease-script=lease-script comment="hotspot-to-wpa=wpa, timeout=2w" hotspot-to-wpa;
Configuration Configuration
------------- -------------
@ -54,6 +61,9 @@ Create hotspot login credentials:
/ip/hotspot/user/add comment="Test User 1" name=user1 password=v3ry; /ip/hotspot/user/add comment="Test User 1" name=user1 password=v3ry;
/ip/hotspot/user/add comment="Test User 2" name=user2 password=s3cr3t; /ip/hotspot/user/add comment="Test User 2" name=user2 password=s3cr3t;
This also works with authentication via radius, but is limited then:
Additional information is not available, including the password.
Additionally templates can be created to give more options for access list: Additionally templates can be created to give more options for access list:
* `action`: set to `reject` to ignore logins on that hotspot * `action`: set to `reject` to ignore logins on that hotspot

2
global-functions.rsc
View file

@ -12,7 +12,7 @@
:local 0 "global-functions"; :local 0 "global-functions";
# expected configuration version # expected configuration version
:global ExpectedConfigVersion 101; :global ExpectedConfigVersion 103;
# global variables not to be changed by user # global variables not to be changed by user
:global GlobalFunctionsReady false; :global GlobalFunctionsReady false;

31
hotspot-to-wpa-cleanup.rsc
View file

@ -12,27 +12,40 @@
:global GlobalFunctionsReady; :global GlobalFunctionsReady;
:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } :while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
:global EitherOr;
:global LogPrintExit2; :global LogPrintExit2;
:global ParseKeyValueStore;
:global ScriptLock; :global ScriptLock;
$ScriptLock $0 false 10; $ScriptLock $0 false 10;
:local DHCPServers ({});
:foreach Server in=[ /ip/dhcp-server/find where comment~"hotspot-to-wpa" ] do={
:local ServerVal [ /ip/dhcp-server/get $Server ]
:local ServerInfo [ $ParseKeyValueStore ($ServerVal->"comment") ];
:if (($ServerInfo->"hotspot-to-wpa") = "wpa") do={
:set ($DHCPServers->($ServerVal->"name")) \
[ :totime [ $EitherOr ($ServerInfo->"timeout") 4w ] ];
}
}
:foreach Client in=[ /caps-man/registration-table/find where comment~"^hotspot-to-wpa:" ] do={ :foreach Client in=[ /caps-man/registration-table/find where comment~"^hotspot-to-wpa:" ] do={
:local ClientVal [ /caps-man/registration-table/get $Client ]; :local ClientVal [ /caps-man/registration-table/get $Client ];
:local Lease [ /ip/dhcp-server/lease/find where server~"wpa" dynamic \ :foreach Lease in=[ /ip/dhcp-server/lease/find where dynamic \
mac-address=($ClientVal->"mac-address") ]; mac-address=($ClientVal->"mac-address") ] do={
:if ([ :len $Lease ] > 0) do={ :if (($DHCPServers->[ /ip/dhcp-server/lease/get $Lease server ]) > 0s) do={
$LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \ $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
" connected to WPA, making lease static.") false; " connected to WPA, making lease static.") false;
/ip/dhcp-server/lease/make-static $Lease; /ip/dhcp-server/lease/make-static $Lease;
/ip/dhcp-server/lease/set comment=($ClientVal->"comment") $Lease; /ip/dhcp-server/lease/set comment=($ClientVal->"comment") $Lease;
} }
}
} }
:foreach Client in=[ /caps-man/access-list/find where comment~"^hotspot-to-wpa:" and \ :foreach Client in=[ /caps-man/access-list/find where comment~"^hotspot-to-wpa:" \
!(comment~[ /system/clock/get date ]) ] do={ !(comment~[ /system/clock/get date ]) ] do={
:local ClientVal [ /caps-man/access-list/get $Client ]; :local ClientVal [ /caps-man/access-list/get $Client ];
:if ([ :len [ /ip/dhcp-server/lease/find where server~"wpa" !dynamic \ :if ([ :len [ /ip/dhcp-server/lease/find where !dynamic comment~"^hotspot-to-wpa:" \
mac-address=($ClientVal->"mac-address") ] ] = 0) do={ mac-address=($ClientVal->"mac-address") ] ] = 0) do={
$LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \ $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
" did not connect to WPA, removing from access list.") false; " did not connect to WPA, removing from access list.") false;
@ -40,12 +53,14 @@ $ScriptLock $0 false 10;
} }
} }
:foreach Lease in=[ /ip/dhcp-server/lease/find where !dynamic status=waiting \ :foreach Server,Timeout in=$DHCPServers do={
last-seen>4w comment~"^hotspot-to-wpa:" ] do={ :foreach Lease in=[ /ip/dhcp-server/lease/find where !dynamic status="waiting" \
server=$Server last-seen>$Timeout comment~"^hotspot-to-wpa:" ] do={
:local LeaseVal [ /ip/dhcp-server/lease/get $Lease ]; :local LeaseVal [ /ip/dhcp-server/lease/get $Lease ];
$LogPrintExit2 info $0 ("Client with mac address " . ($LeaseVal->"mac-address") . \ $LogPrintExit2 info $0 ("Client with mac address " . ($LeaseVal->"mac-address") . \
" was not seen for long time, removing.") false; " was not seen for " . $Timeout . ", removing.") false;
/caps-man/access-list/remove [ find where comment~"^hotspot-to-wpa:" \ /caps-man/access-list/remove [ find where comment~"^hotspot-to-wpa:" \
mac-address=($LeaseVal->"mac-address") ]; mac-address=($LeaseVal->"mac-address") ];
/ip/dhcp-server/lease/remove $Lease; /ip/dhcp-server/lease/remove $Lease;
}
} }

11
hotspot-to-wpa.rsc
View file

@ -25,7 +25,10 @@ $ScriptLock $0;
} }
:local Date [ /system/clock/get date ]; :local Date [ /system/clock/get date ];
:local UserVal [ /ip/hotspot/user/get [ find where name=$UserName ] ]; :local UserVal ({});
:if ([ :len [ /ip/hotspot/user/find where name=$UserName ] ] > 0) do={
:set UserVal [ /ip/hotspot/user/get [ find where name=$UserName ] ];
}
:local UserInfo [ $ParseKeyValueStore ($UserVal->"comment") ]; :local UserInfo [ $ParseKeyValueStore ($UserVal->"comment") ];
:local Hotspot [ /ip/hotspot/host/get [ find where mac-address=$MacAddress authorized ] server ]; :local Hotspot [ /ip/hotspot/host/get [ find where mac-address=$MacAddress authorized ] server ];
@ -54,7 +57,8 @@ $LogPrintExit2 info $0 ("Adding/updating access-list entry for mac address " . $
" (user " . $UserName . ").") false; " (user " . $UserName . ").") false;
/caps-man/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ]; /caps-man/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
/caps-man/access-list/add comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) \ /caps-man/access-list/add comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) \
mac-address=$MacAddress private-passphrase=($UserVal->"password") ssid-regexp="-wpa\$" place-before=$PlaceBefore; mac-address=$MacAddress private-passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
action=reject place-before=$PlaceBefore;
:local Entry [ /caps-man/access-list/find where mac-address=$MacAddress \ :local Entry [ /caps-man/access-list/find where mac-address=$MacAddress \
comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) ]; comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) ];
@ -78,3 +82,6 @@ $LogPrintExit2 info $0 ("Adding/updating access-list entry for mac address " . $
:if ([ :len $VlanMode] > 0) do={ :if ([ :len $VlanMode] > 0) do={
/caps-man/access-list/set $Entry vlan-mode=$VlanMode; /caps-man/access-list/set $Entry vlan-mode=$VlanMode;
} }
:delay 2s;
/caps-man/access-list/set $Entry action=accept;

2
news-and-changes.rsc
View file

@ -15,6 +15,8 @@
99="Modified 'dhcp-to-dns', which dropped global configuration. Settings moved to dhcp server's network definitions."; 99="Modified 'dhcp-to-dns', which dropped global configuration. Settings moved to dhcp server's network definitions.";
100="The script 'ssh-keys-import' became a module 'mod/ssh-keys-import' with enhanced functionality."; 100="The script 'ssh-keys-import' became a module 'mod/ssh-keys-import' with enhanced functionality.";
101="Introduced new script 'fw-addr-lists' to download, import and update firewall address-lists."; 101="Introduced new script 'fw-addr-lists' to download, import and update firewall address-lists.";
102="Modified 'hotspot-to-wpa' to support non-local (radius) users.";
103="Dropped hard-coded name and timeout from 'hotspot-to-wpa-cleanup', instead a comment is required for dhcp server now.";
}; };
# Migration steps to be applied on script updates # Migration steps to be applied on script updates