From 1a404195d5f8f58f89bb8671a6b8afc5feebdd94 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Tue, 22 Jun 2021 15:58:03 +0200 Subject: hotspot-to-wpa: add optional cleanup script --- doc/hotspot-to-wpa.md | 20 ++++++++++++++++++++ doc/lease-script.md | 1 + global-config | 2 +- global-config-overlay | 2 +- global-config.changes | 1 + global-functions | 2 +- hotspot-to-wpa-cleanup | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 72 insertions(+), 3 deletions(-) create mode 100644 hotspot-to-wpa-cleanup diff --git a/doc/hotspot-to-wpa.md b/doc/hotspot-to-wpa.md index 108cfd5..13f307a 100644 --- a/doc/hotspot-to-wpa.md +++ b/doc/hotspot-to-wpa.md @@ -27,6 +27,21 @@ Configure your hotspot to use this script as `on-login` script: / ip hotspot user profile set on-login=hotspot-to-wpa [ find ]; +### Automatic cleanup + +With just `hotspot-to-wpa` installed the mac addresses will last in the +access list forever. Install the optional script for automatic cleanup: + + $ScriptInstallUpdate hotspot-to-wpa-cleanup,lease-script; + +Create a scheduler: + + / system scheduler add interval=1d name=hotspot-to-wpa-cleanup on-event="/ system script run hotspot-to-wpa-cleanup;" start-time=startup; + +And add the lease script to your wpa interfaces' dhcp server: + + / ip dhcp-server set lease-script=lease-script [ find where name~"wpa" ]; + Configuration ------------- @@ -46,6 +61,11 @@ Now let the users connect and login to the hotspot. After that the devices (identified by MAC address) can connect to the WPA2 network, using the passphrase from hotspot credentials. +See also +-------- + +* [Run other scripts on DHCP lease](lease-script.md) + --- [◀ Go back to main README](../README.md) [▲ Go back to top](#top) diff --git a/doc/lease-script.md b/doc/lease-script.md index 6391c40..d437ee5 100644 --- a/doc/lease-script.md +++ b/doc/lease-script.md @@ -33,6 +33,7 @@ See also * [Collect MAC addresses in wireless access list](collect-wireless-mac.md) * [Comment DHCP leases with info from access list](dhcp-lease-comment.md) * [Create DNS records for DHCP leases](dhcp-to-dns.md) +* [Use WPA2 network with hotspot credentials](doc/hotspot-to-wpa.md) --- [◀ Go back to main README](../README.md) diff --git a/global-config b/global-config index ed7cd24..f411d14 100644 --- a/global-config +++ b/global-config @@ -8,7 +8,7 @@ # Make sure all configuration properties are up to date and this # value is in sync with value in script 'global-functions'! -:global GlobalConfigVersion 57; +:global GlobalConfigVersion 58; # This is used for DNS and backup file. :global Domain "example.com"; diff --git a/global-config-overlay b/global-config-overlay index abea983..202db89 100644 --- a/global-config-overlay +++ b/global-config-overlay @@ -8,7 +8,7 @@ # Make sure all configuration properties are up to date and this # value is in sync with value in script 'global-functions'! # Comment or remove to disable news and change notifications. -:global GlobalConfigVersion 57; +:global GlobalConfigVersion 58; # Copy configuration from global-config here and modify it. diff --git a/global-config.changes b/global-config.changes index dfbb1b4..3fe213b 100644 --- a/global-config.changes +++ b/global-config.changes @@ -61,6 +61,7 @@ 55="Added reverse logic in 'log-forward', so messages can be included even if filtered before."; 56="Added tags in all backup, lease and ppp-on-up scripts. These are used by 'packages-update', 'lease-script' and 'ppp-on-up' to find the scripts."; 57="Celebrating the 1.000th commit - Hooray!"; + 58="Added a cleanup script for 'hotspot-to-wpa' to purge old access list entries."; }; # Migration steps to be applied on script updates diff --git a/global-functions b/global-functions index 236b211..677cfc7 100644 --- a/global-functions +++ b/global-functions @@ -8,7 +8,7 @@ # https://git.eworm.de/cgit/routeros-scripts/about/ # expected configuration version -:global ExpectedConfigVersion 57; +:global ExpectedConfigVersion 58; # global variables not to be changed by user :global GlobalFunctionsReady false; diff --git a/hotspot-to-wpa-cleanup b/hotspot-to-wpa-cleanup new file mode 100644 index 0000000..2c418cd --- /dev/null +++ b/hotspot-to-wpa-cleanup @@ -0,0 +1,47 @@ +#!rsc by RouterOS +# RouterOS script: hotspot-to-wpa-cleanup +# Copyright (c) 2021 Christian Hesse +# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# +# provides: lease-script assign +# +# manage and clean up private WPA passphrase after hotspot login +# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md + +:local 0 "hotspot-to-wpa-cleanup"; +:global GlobalFunctionsReady; +:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } + +:global LogPrintExit2; + +:foreach Client in=[ / caps-man registration-table find where comment~"^hotspot-to-wpa:" ] do={ + :local ClientVal [ / caps-man registration-table get $Client ]; + :local Lease [ / ip dhcp-server lease find where mac-address=($ClientVal->"mac-address") dynamic ]; + :if ([ :len $Lease ] > 0) do={ + $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \ + " connected to WPA, making lease static.") false; + / ip dhcp-server lease make-static $Lease; + / ip dhcp-server lease set comment=($ClientVal->"comment") $Lease; + } +} + +:foreach Client in=[ / caps-man access-list find where comment~"^hotspot-to-wpa:" and \ + !(comment~[ / system clock get date ]) ] do={ + :local ClientVal [ / caps-man access-list get $Client ]; + :if ([ :len [ / ip dhcp-server lease find where mac-address=($ClientVal->"mac-address") \ + !dynamic ] ] = 0) do={ + $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \ + " did not connect to WPA, removing from access list.") false; + / caps-man access-list remove $Client; + } +} + +:foreach Lease in=[ / ip dhcp-server lease find where !dynamic status=waiting \ + last-seen>4w comment~"^hotspot-to-wpa:" ] do={ + :local LeaseVal [ / ip dhcp-server lease get $Lease ]; + $LogPrintExit2 info $0 ("Client with mac address " . ($LeaseVal->"mac-address") . \ + " was not seen for long time, removing.") false; + / caps-man access-list remove [ find where comment~"^hotspot-to-wpa:" \ + mac-address=($LeaseVal->"mac-address") ]; + / ip dhcp-server lease remove $Lease; +} -- cgit v1.2.3-54-g00ecf