Page 1 of 1
Send notification mail on new VPN connection
Posted: Mon Oct 28, 2013 12:51 pm
by misko
Hello everybody
I am new to mtik scripting so in advance I`m sorry for my newbie questions.
I made a script that checks the active connections in PPP, and when it detects a connection it sends an email.
foreach i in=[ppp active find ] do={
local name [ppp active get value-name=name $i];
local ipaddr [ppp active get value-name=caller $i];
:log info "Active PPTP connection with username: $name, IP Address of caller: $ipaddr";
/tool e-mail send to="example@gmail.com" tls=yes body="Active PPTP connection with username: $name, IP Address of caller: $ipaddr" subject="PPTP connection";
}
Now my goal is to run this script ONLY when a new connection appears, and it sends one email only.
I thought of scheduling the script to run every minute or so, but then it will send an email everytime with the active connections... which is no good for me.
So I would like to ask for some help on an idea for this, and most likely a bit of coding too.
Thank you again
Re: Send notification mail on new VPN connection
Posted: Mon Nov 04, 2013 7:57 pm
by jspool
Hello,
One way to accomplish this is to use system logging.
/system logging action
add email-start-tls=yes email-to=
myemail@mydomain.com name=email target=email
/system logging
add action=email topics=ppp,info,account,!debug
setup your email server in /tool email if you have not already. (and if you don't use tls then you can change that to no)
this will fire off an email on user connect & disconnect and in the subject line it will show username and the IP they connected from.
Regards,
Josh
Re: Send notification mail on new VPN connection
Posted: Sun Nov 10, 2013 10:53 am
by nurmia
very helpful post.i am pleased your post.
Re: Send notification mail on new VPN connection
Posted: Wed Nov 13, 2013 4:49 pm
by misko
Thank you very much, it works like a charm.
Now we got a new request that they want to get a mail when someone tries to connect.
On an unsuccessfull connection to fire off a mail. I managed do do that, but I get three mails instead because of the three log inserts:
<pptp-0>: waiting for call...
<pptp-0>: terminating... - user test.attack authentication failed
<pptp-0>: disconnected
Is there a way to filter out only the middle part (<pptp-0>: terminating... - user test.attack authentication failed) and send it in mail?
My current added setting is
/system logging
add action=email topics=ppp,info,account
Thank you again,
Best regards
Re: Send notification mail on new VPN connection
Posted: Sat Nov 16, 2013 2:26 pm
by nurmia
very fine news i wish your success.thank you.
Re: Send notification mail on new VPN connection
Posted: Fri Nov 04, 2016 8:03 pm
by bl00dy
Hello,
I have little bit advanced question. I use CAPsMAN. And I wan to receive email when my mobile MAC address is connected to one of my AP's... (just ti get status, than I am at home). But I don't want to receive emails when I switch between AP's.
Additional question, is there any possibility to send API request from my home automation system, to check if now MAC is visible as connected in CAPsMAN?
Ed
Re: Send notification mail on new VPN connection
Posted: Tue Oct 10, 2017 1:13 pm
by CuoreSportivo
this will fire off an email on user connect & disconnect and in the subject line it will show username and the IP they connected from.
Hello all,
I just set this up so that I receive emails when a user (dis)connects. Many thanks to Josh since his post was simple and crystal clear!
Even though the action works fine, for some reason the IP I get is not the desired one. To be more specific, once a user logs in, I receive an email with the local IP that was assigned to this connection (192.168.x.x - which is of no use), and when a user disconnects I get a weird query of numbers (eg 451 xxxxxxx xxxxxxx xxxx 5197 - where "x" random numbers) that has nothing to do with the user's public IP.
Is the above behavior normal?
Re: Send notification mail on new VPN connection
Posted: Wed Oct 11, 2017 5:11 am
by jspool
Try removing "account" from the log rule topics and see if that gives you the desired data. It may result in more notifications however it should contain the true IP when they connect.
Re: Send notification mail on new VPN connection
Posted: Wed Oct 11, 2017 11:44 am
by CuoreSportivo
Thank you @jspool!
I did as you said, but unfortunately it didn't work.
Re: Send notification mail on new VPN connection
Posted: Wed Oct 11, 2017 11:58 am
by jspool
Have you tried using "pptp" and "info" for topics? Assuming your using PPTP.
Re: Send notification mail on new VPN connection
Posted: Wed Oct 11, 2017 12:23 pm
by CuoreSportivo
I's using L2TP, so added this ("l2tp") entry too but it's still the same. When connecting I get the local IP, and when disconnecting I get this weird number sequence.
Re: Send notification mail on new VPN connection
Posted: Wed Oct 11, 2017 7:31 pm
by jspool
Hello
So here is an option:
In "ppp profile scripts on the profile your L2TP server is set to use" place the following into the "On Up":
:local FromEmail "myfromaddress@mydomain.com"
:local ToEmail "mytoaddress@mydomain.com"
:foreach i in=[/ppp active find where uptime <1m] do={
:local Addr [/ppp active get $i caller-id]
/tool e-mail send user="$FromEmail" from="$FromEmail" to="$ToEmail" subject="$[/system identity get name] - New L2TP Connection" body="New L2TP connection from $Addr at $[/system clock get time] $[/system clock get date]";
}
If your tool email is setup you will get an email similar to this when there is a new connection: New L2TP connection from x.x.x.x at 09:28:58 oct/11/2017
Re: Send notification mail on new VPN connection
Posted: Thu Oct 12, 2017 2:57 pm
by CuoreSportivo
It works just great! Thanks jspool! Any similar script for when interface goes down?
Re: Send notification mail on new VPN connection
Posted: Fri Oct 13, 2017 9:24 am
by Jotne
Why do you need an email when someone use VPN?
I just send the log using syslog to Splunk and get nice graphs showing when user connects.
Here is an example of me testing VPN and logging. I do see when, who, what type and where he comes from in one view.
Splunk VPN.jpg
More info on Splunk and Mikrotik here:
viewtopic.php?t=117509
Re: Send notification mail on new VPN connection
Posted: Fri Oct 13, 2017 11:30 am
by CuoreSportivo
There are only three VPN users who rarely connect on VPN, so a simple email notification will do the job.