Get active VPN connections via e-mail

From MikroTik Wiki
Jump to: navigation, search

The script sends an e-mail with all PPTP and L2TP servers and clients and their statuses.

It is pretty simple and there is no problem in adding OVPN and others.

Declare global and local variables (we only need to reuse the variable oldvlist). I like to create seperate variables for each VPN type.

:global oldvlist ;
:local pptplist "PPTP interfaces \n \n" ;
:local l2tplist "L2TP interfaces \n \n" ;
:local vlist ;
:local int ;

Fill the variables with all VPN connections and their statuses.

:set pptplist "$pptplist SERVERS: \n" ;
:foreach int in=[/interface pptp-server find] do={
  :set pptplist "$pptplist PPTP: $[/interface pptp-server get $int name] :  $[/interface pptp-server get $int running] \n" ;
  :if ( [/interface pptp-server get $int running] = true ) do={
     :log error "PPTP: $[/interface pptp-server get $int name] : true" ;
  }
}

:set pptplist "$pptplist \n \n CLIENTS: \n" ;
:foreach int in=[/interface pptp-client find] do={
  :set pptplist "$pptplist PPTP: $[/interface pptp-client get $int name] :  $[/interface pptp-client get $int running] \n" ;
  :if ( [/interface pptp-client get $int running] = true ) do={
     :log error "PPTP: $[/interface pptp-client get $int name] : true" ;
  }
}

:set l2tplist "$l2tplist SERVERS: \n" ;
:foreach int in=[/interface l2tp-server find] do={
  :set l2tplist "$l2tplist L2TP: $[/interface l2tp-server get $int name] :  $[/interface l2tp-server get $int running] \n" ;
  :if ( [/interface l2tp-server get $int running] = true ) do={
     :log error "L2TP: $[/interface l2tp-server get $int name] : true" ;
  }
}

:set l2tplist "$l2tplist \n \n CLIENTS: \n" ;
:foreach int in=[/interface l2tp-client find] do={
  :set l2tplist "$l2tplist L2TP: $[/interface l2tp-client get $int name] :  $[/interface l2tp-client get $int running] \n" ;
  :if ( [/interface l2tp-client get $int running] = true ) do={
     :log error "L2TP: $[/interface l2tp-client get $int name] : true" ;
  }
}

If you don't like the list of all interfaces, you can move the ':set list...' line inside the IF statement. That way the e-mail will contain only active connections. And beware that variable length is not unlimited so this will not work if you have a great number of VPN connections.

Fill the 'vlist' variable and send it vie a-mail if it is different than the 'oldvlist' variable

:set vlist "** Active VPN list ** \n \n $pptplist \n \n $l2tplist" ;

:if ( $oldvlist != $vlist) do={
   /tool e-mail send body="$vlist" subject="VPN" to="RECIPIENT_EMAIL_ADDRESS" server="IP_OF_SMTP" from="$[/system identity get name]@EMAIL_DOMAIN"
   :set voldlist $vlist
   :log error "VPN status list sent"
} else={
   :log error "VPN no change"
}

Replace IP_OD_SMTP with the IP address of hostname of the SMTP server that you can use (usually your ISP has one or two), RECIPIENT_EMAIL_LIST with your e-mail address, EMAIL_DOMAIN with the domain name that is allowed as a sender on that specific SMTP server.

It is my assumption that anyone connected needs at least two minutes to do something so I have set my scheduler to repeat every 2 minutes. You can set the scheduler to run in greater intervals but note that if someone connects after the script was run, and disconnects in under the schedule interval time, you will not see the connection.