hotspot-to-wpa: add optional cleanup script

2021-06-22 15:58:03 +02:00 · 2021-06-22 15:58:03 +02:00 · 1a404195d5
parent f5b1f9cb97
commit 1a404195d5
7 changed files with 72 additions and 3 deletions
--- a/doc/hotspot-to-wpa.md
+++ b/doc/hotspot-to-wpa.md
@ -27,6 +27,21 @@ Configure your hotspot to use this script as `on-login` script:

    / ip hotspot user profile set on-login=hotspot-to-wpa [ find ];

+### Automatic cleanup
+
+With just `hotspot-to-wpa` installed the mac addresses will last in the
+access list forever. Install the optional script for automatic cleanup:
+
+    $ScriptInstallUpdate hotspot-to-wpa-cleanup,lease-script;
+
+Create a scheduler:
+
+    / system scheduler add interval=1d name=hotspot-to-wpa-cleanup on-event="/ system script run hotspot-to-wpa-cleanup;" start-time=startup;
+
+And add the lease script to your wpa interfaces' dhcp server:
+
+    / ip dhcp-server set lease-script=lease-script [ find where name~"wpa" ];
+
 Configuration
 -------------

@ -46,6 +61,11 @@ Now let the users connect and login to the hotspot. After that the devices
 (identified by MAC address) can connect to the WPA2 network, using the
 passphrase from hotspot credentials.

+See also
+--------
+
+* [Run other scripts on DHCP lease](lease-script.md)
+
 ---
 [◀ Go back to main README](../README.md)  
 [▲ Go back to top](#top)
--- a/doc/lease-script.md
+++ b/doc/lease-script.md
@ -33,6 +33,7 @@ See also
 * [Collect MAC addresses in wireless access list](collect-wireless-mac.md)
 * [Comment DHCP leases with info from access list](dhcp-lease-comment.md)
 * [Create DNS records for DHCP leases](dhcp-to-dns.md)
+* [Use WPA2 network with hotspot credentials](doc/hotspot-to-wpa.md)

 ---
 [◀ Go back to main README](../README.md)  
--- a/2
+++ b/2
@ -8,7 +8,7 @@

 # Make sure all configuration properties are up to date and this
 # value is in sync with value in script 'global-functions'!
-:global GlobalConfigVersion 57;
+:global GlobalConfigVersion 58;

 # This is used for DNS and backup file.
 :global Domain "example.com";
--- a/2
+++ b/2
@ -8,7 +8,7 @@
 # Make sure all configuration properties are up to date and this
 # value is in sync with value in script 'global-functions'!
 # Comment or remove to disable news and change notifications.
-:global GlobalConfigVersion 57;
+:global GlobalConfigVersion 58;

 # Copy configuration from global-config here and modify it.

--- a/global-config.changes
+++ b/global-config.changes
@ -61,6 +61,7 @@
  55="Added reverse logic in 'log-forward', so messages can be included even if filtered before.";
  56="Added tags in all backup, lease and ppp-on-up scripts. These are used by 'packages-update', 'lease-script' and 'ppp-on-up' to find the scripts.";
  57="Celebrating the 1.000th commit - Hooray!";
+  58="Added a cleanup script for 'hotspot-to-wpa' to purge old access list entries.";
 };

 # Migration steps to be applied on script updates
--- a/2
+++ b/2
@ -8,7 +8,7 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/

 # expected configuration version
-:global ExpectedConfigVersion 57;
+:global ExpectedConfigVersion 58;

 # global variables not to be changed by user
 :global GlobalFunctionsReady false;
--- a/47
+++ b/47
@ -0,0 +1,47 @@
+#!rsc by RouterOS
+# RouterOS script: hotspot-to-wpa-cleanup
+# Copyright (c) 2021 Christian Hesse <mail@eworm.de>
+# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
+#
+# provides: lease-script assign
+#
+# manage and clean up private WPA passphrase after hotspot login
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
+
+:local 0 "hotspot-to-wpa-cleanup";
+:global GlobalFunctionsReady;
+:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
+
+:global LogPrintExit2;
+
+:foreach Client in=[ / caps-man registration-table find where comment~"^hotspot-to-wpa:" ] do={
+  :local ClientVal [ / caps-man registration-table get $Client ];
+  :local Lease [ / ip dhcp-server lease find where mac-address=($ClientVal->"mac-address") dynamic ];
+  :if ([ :len $Lease ] > 0) do={
+    $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
+      " connected to WPA, making lease static.") false;
+    / ip dhcp-server lease make-static $Lease;
+    / ip dhcp-server lease set comment=($ClientVal->"comment") $Lease;
+  }
+}
+
+:foreach Client in=[ / caps-man access-list find where comment~"^hotspot-to-wpa:" and \
+    !(comment~[ / system clock get date ]) ] do={
+  :local ClientVal [ / caps-man access-list get $Client ];
+  :if ([ :len [ / ip dhcp-server lease find where mac-address=($ClientVal->"mac-address") \
+      !dynamic ] ] = 0) do={
+    $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
+      " did not connect to WPA, removing from access list.") false;
+    / caps-man access-list remove $Client;
+  }
+}
+
+:foreach Lease in=[ / ip dhcp-server lease find where !dynamic status=waiting \
+    last-seen>4w comment~"^hotspot-to-wpa:" ] do={
+  :local LeaseVal [ / ip dhcp-server lease get $Lease ];
+  $LogPrintExit2 info $0 ("Client with mac address " . ($LeaseVal->"mac-address") . \
+    " was not seen for long time, removing.") false;
+  / caps-man access-list remove [ find where comment~"^hotspot-to-wpa:" \
+     mac-address=($LeaseVal->"mac-address") ];
+  / ip dhcp-server lease remove $Lease;
+}