[PF Sense 2.4.4] Riavvio Servizio L2TP Via script Cron

tecno214

Buonasera a tutti.Come da titolo sto' cercando una soluzione per comporre uno script da inserire poi in Cron con lo scopo di riavviare il server VPN L2TP in modo da disconnettere tutti i miei utenti ad un certo orario prestabilito.

Qualcuno sa' come aiutarmi?

Ho provato senza successo ad intercettare in servizio all'interno della cartella /etc/rd.c

kiokoman

verifico

kiokoman

ok non c'e' un modo diretto per farlo, dal codice /etc/inc/vpn.inc
usano killbypid per terminare l2tp

/* kill mpd */
                killbypid("{$g['varrun_path']}/l2tp-vpn.pid");

in pratica kill -9 PID

puoi usare

kill -9 `cat /var/run/l2tp-vpn.pid `

in uno script o in crontab (occhio alla virgoletta prima e dopo che non sono accenti)
oppure

pkill -F /var/run/l2tp-vpn.pid

oppure

cat /var/run/l2tp-vpn.pid | xargs kill -9

per farlo ripartire

/usr/local/sbin/mpd5 -b -d /var/etc/l2tp-vpn -p /var/run/l2tp-vpn.pid -s l2tps l2tps

tecno214

Perfetto.. Con questo

pkill -F /var/run/l2tp-vpn.pid

e questo

/usr/local/sbin/mpd5 -b -d /var/etc/l2tp-vpn -p /var/run/l2tp-vpn.pid -s l2tps l2tps

Funziona TUTTO perfettamente.

Grazie di cuore per la soluzione!!

tecno214

Dubbio in merito:

Ho applicato lo stesso script anche relativamente all'altro mio VPN-Server, che però è la versione 2.2.2.

La parte del kill degli utenti connessi funziona alla perfezione pkill -F /var/run/l2tp-vpn.pid

La parte invece relativa al riavvio del server /usr/local/sbin/mpd5 -b -d /var/etc/l2tp-vpn -p /var/run/l2tp-vpn.pid -s l2tps l2tps via script invece pare non funzionare..
L'accesso al server dopo che Crontab ha girato non è più possibile..

Premetto che..

• Per i due comandi o usato due sessioni diverse di CronTab a distanza di un minuto.
• Lo script di riavvio non funziona neanche dal Command Prompt.
  Il servizio pare non riavviarsi....

kiokoman

beh potrebbero essere cambiate diverse cose tra la 2.2.2 e la 2.4.4-p3 magari gestiva l2tp in maniera diversa, sinceramente ti consiglio di aggiornare a 2.4.4-p3 anche quella macchina appena possibile

potresti avviare l2tp e da console fare ps aux | grep l2tp
e vedere cosa usavano al tempo per avviare quel servizio. ma il mio consiglio di aggiornare a 2.4.4-p3 rimane, 2.2.2 e' EOL e probabilmente presenta qualche bug e potrebbe essere insicuro ormai

tecno214

Si, ovvio che appena rientreremo operativi sarò una delle mie priorita l'aggiornamento all'ultima versione..
Anche se mi turba il discorso del non poter monitorare correttamente il Traffico e il NetFlow per i noti bug alla versione..

Il comando suggeritomi riporta quanto di seguito:

$ ps aux | grep l2tp
root 20760 0.0 0.1 10396 2036 - S 2:18PM 0:00.00 grep l2tp

Però anche così non saprei comporre lo script per il riavvio del servizio

kiokoman

quel comando non ha riportato nulla se on la tua stessa richiesta, era in esecuzione l2tp in quel momento?

tecno214

Direi di si, ero in sessione da remoto regolarmente...

kiokoman

fai
ps aux
senza il resto e posta tutto se riesci così vedo se riesco a riconoscere il processo dalla lista completa

tecno214

USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 11 400.0 0.0 0 32 - RL Sun03AM 31510:05.99 [idle]
root 0 0.0 0.0 0 96 - DLs Sun03AM 8:57.84 [kernel]
root 1 0.0 0.0 9364 816 - ILs Sun03AM 0:00.14 /sbin/init --
root 2 0.0 0.0 0 8 - DL Sun03AM 0:00.00 [crypto]
root 3 0.0 0.0 0 8 - DL Sun03AM 0:00.00 [crypto return
root 4 0.0 0.0 0 16 - DL Sun03AM 0:07.09 [cam]
root 5 0.0 0.0 0 8 - DL Sun03AM 0:00.00 [mpt_recovery0
root 6 0.0 0.0 0 8 - DL Sun03AM 0:01.09 [fdc0]
root 7 0.0 0.0 0 8 - DL Sun03AM 0:44.40 [pf purge]
root 8 0.0 0.0 0 8 - DL Sun03AM 0:00.00 [sctp_iterator
root 9 0.0 0.0 0 8 - DL Sun03AM 0:05.47 [pagedaemon]
root 10 0.0 0.0 0 8 - DL Sun03AM 0:00.00 [audit]
root 12 0.0 0.0 0 168 - WL Sun03AM 9:10.05 [intr]
root 13 0.0 0.0 0 32 - DL Sun03AM 6:15.07 [ng_queue]
root 14 0.0 0.0 0 24 - DL Sun03AM 0:00.25 [geom]
root 15 0.0 0.0 0 8 - DL Sun03AM 0:23.13 [rand_harvestq
root 16 0.0 0.0 0 8 - DL Sun03AM 0:00.00 [vmdaemon]
root 17 0.0 0.0 0 8 - DL Sun03AM 0:00.01 [pagezero]
root 18 0.0 0.0 0 8 - DL Sun03AM 0:00.34 [idlepoll]
root 19 0.0 0.0 0 8 - DL Sun03AM 0:01.28 [bufdaemon]
root 20 0.0 0.0 0 8 - DL Sun03AM 0:01.29 [vnlru]
root 21 0.0 0.0 0 8 - DL Sun03AM 0:42.65 [syncer]
root 57 0.0 0.0 0 8 - DL Sun03AM 0:03.32 [md0]
root 240 0.0 1.0 83724 20812 - Ss Sun03AM 0:10.20 php-fpm: maste
root 256 0.0 0.1 10524 2152 - INs Sun03AM 0:00.01 /usr/local/sbi
root 258 0.0 0.1 10524 2016 - IN Sun03AM 0:00.00 check_reload_s
root 271 0.0 0.2 8980 3352 - Ss Sun03AM 0:00.12 /sbin/devd -q
root 1243 0.0 0.1 10372 1948 - Is Mon08PM 0:00.08 /usr/local/sbi
root 2045 0.0 0.8 17180 17212 - Ss Sun03AM 0:14.27 /usr/local/sbi
root 2874 0.0 0.0 0 0 - ZN 2:36PM 0:00.15 <defunct>
root 2921 0.0 0.0 0 0 - ZN 2:36PM 0:00.15 <defunct>
root 3209 0.0 1.5 83724 30844 - S 2:37PM 0:00.03 php-fpm: pool
root 9400 0.0 0.1 10364 2024 - Ss Sun03AM 0:15.40 /usr/local/sbi
root 9615 0.0 0.2 12732 4376 - Ss Sun03AM 1:13.48 /usr/local/sbi
root 11297 0.0 0.1 10292 2004 - Is Sun03AM 0:00.00 /usr/sbin/inet
root 14524 0.0 0.1 5984 1660 - S 2:37PM 0:00.00 sleep 55
root 15074 0.0 0.1 10336 2040 - R 2:37PM 0:00.00 ps aux
root 15225 0.0 0.2 13160 4556 - Is Sun03AM 0:01.68 /usr/sbin/sshd
root 15504 0.0 0.1 10372 1880 - Is Sun03AM 0:00.01 /usr/local/sbi
root 16036 0.0 0.1 10132 1840 - Ss Sun03AM 1:16.28 /usr/local/sbi
root 16106 0.0 0.1 11576 2572 - I Sun03AM 0:02.89 rrdtool -
root 20088 0.0 0.3 13148 5652 - S Sun03AM 0:11.79 /usr/local/sbi
root 26907 0.0 0.3 18952 6156 - Ss 1:25PM 0:00.11 /usr/local/sbi
dhcpd 30210 0.0 0.5 16348 9612 - Ss Sun03AM 0:25.64 /usr/local/sbi
root 30738 0.0 0.1 10168 1956 - S Sun03AM 0:06.42 /usr/local/sbi
root 31768 0.0 0.1 10372 1928 - Is 12:06PM 0:00.01 /usr/local/sbi
root 33836 0.0 0.1 10372 1948 - Is Wed01PM 0:00.08 /usr/local/sbi
root 36776 0.0 0.5 17180 9904 - Ss Sun03AM 1:43.16 /usr/sbin/bsnm
root 40873 0.0 0.0 0 0 - ZN 2:03PM 0:00.07 <defunct>
root 40952 0.0 0.0 0 0 - ZN 2:03PM 0:00.07 <defunct>
root 44921 0.0 0.1 10372 1948 - Is Thu01PM 0:00.07 /usr/local/sbi
root 51960 0.0 0.1 10372 1920 - Is 1:33PM 0:00.00 /usr/local/sbi
root 56245 0.0 0.1 10244 1956 - Is Sun03AM 0:00.63 /usr/sbin/cron
root 57004 0.0 0.1 10300 2096 - Ss 1:26PM 0:00.20 /usr/sbin/sysl
root 59533 0.0 0.1 10372 1940 - Is Mon03PM 0:00.02 /usr/local/sbi
root 61671 0.0 0.3 15012 6116 - Is Sun03AM 0:00.00 /usr/local/sbi
root 62217 0.0 0.0 0 0 - ZN 3:01AM 0:00.03 <defunct>
root 62481 0.0 0.0 0 0 - ZN 3:01AM 0:00.03 <defunct>
proxy 62592 0.0 0.4 31396 8968 - S Sun03AM 0:16.39 (squid) -D (sq
root 63873 0.0 0.1 10372 1944 - Is Tue05PM 0:00.06 /usr/local/sbi
proxy 65574 0.0 0.1 6036 1672 - I Sun03AM 0:00.00 (unlinkd) (unl
root 67009 0.0 0.1 10372 1928 - Is 10:33AM 0:00.01 /usr/local/sbi
root 68309 0.0 0.1 10372 1916 - Is Thu01PM 0:00.01 /usr/local/sbi
root 69964 0.0 0.1 10592 2064 - S Sun03AM 0:03.33 /bin/sh /usr/l
root 71487 0.0 0.1 10084 1668 - Is Sun03AM 0:00.00 /usr/local/bin
root 71900 0.0 0.1 10084 1680 - I Sun03AM 0:00.10 minicron: help
root 72223 0.0 0.1 10084 1668 - Is Sun03AM 0:00.00 /usr/local/bin
root 72661 0.0 0.1 10084 1680 - I Sun03AM 0:00.01 minicron: help
root 72697 0.0 0.1 10084 1668 - Is Sun03AM 0:00.00 /usr/local/bin
root 73268 0.0 0.1 10084 1680 - I Sun03AM 0:00.00 minicron: help
root 75640 0.0 0.5 19848 10572 - S Sun03AM 0:07.09 /usr/pbi/bandw
root 76120 0.0 0.5 19848 10284 - S Sun03AM 0:07.07 /usr/pbi/bandw
root 76156 0.0 0.1 10372 1928 - Is Thu11AM 0:00.01 /usr/local/sbi
root 76217 0.0 0.5 19848 10464 - S Sun03AM 0:06.71 /usr/pbi/bandw
root 76632 0.0 0.3 15752 6932 - S Sun03AM 0:06.36 /usr/pbi/bandw
root 76788 0.0 0.3 15752 6224 - S Sun03AM 0:06.57 /usr/pbi/bandw
root 77510 0.0 0.5 19848 10252 - S Sun03AM 0:06.67 /usr/pbi/bandw
root 77724 0.0 0.3 15752 6664 - S Sun03AM 0:06.36 /usr/pbi/bandw
root 77761 0.0 0.3 15752 6000 - S Sun03AM 0:06.47 /usr/pbi/bandw
nobody 82709 0.0 0.1 10428 2760 - Ss Sun03AM 0:10.42 /usr/local/sbi
root 82956 0.0 0.1 5984 1660 - IN 2:36PM 0:00.00 sleep 60
nobody 83254 0.0 0.1 10428 2776 - Ss Sun03AM 0:10.47 /usr/local/sbi
root 84052 0.0 0.0 0 0 - ZN 2:34PM 0:00.14 <defunct>
root 84193 0.0 0.0 0 0 - ZN 2:34PM 0:00.14 <defunct>
root 87566 0.0 0.1 10372 1936 - Is Wed10AM 0:00.02 /usr/local/sbi
root 90388 0.0 0.1 10372 1920 - Is Sun03AM 0:00.14 /usr/local/sbi
root 41117 0.0 0.1 10592 2100 v0- IN Sun03AM 0:30.68 /bin/sh /var/d
root 83093 0.0 0.1 10584 2248 v0 Is Sun03AM 0:00.00 login [pam] (l
root 91243 0.0 0.1 10592 2252 v0 I Sun03AM 0:00.00 -sh (sh)
root 92152 0.0 0.1 10592 2156 v0 I+ Sun03AM 0:00.00 /bin/sh /etc/r

kiokoman

cosi purtroppo non mi serve a niente le scritte sono troncate a destra
prova con
ps ax -w

tecno214

$ ps ax -w
PID TT STAT TIME COMMAND
0 - DLs 9:29.52 [kernel]
1 - ILs 0:00.15 /sbin/init --
2 - DL 0:00.00 [crypto]
3 - DL 0:00.00 [crypto returns]
4 - DL 0:07.28 [cam]
5 - DL 0:00.00 [mpt_recovery0]
6 - DL 0:01.11 [fdc0]
7 - DL 0:45.61 [pf purge]
8 - DL 0:00.00 [sctp_iterator]
9 - DL 0:05.61 [pagedaemon]
10 - DL 0:00.00 [audit]
11 - RL 32393:15.42 [idle]
12 - WL 9:25.31 [intr]
13 - DL 6:41.24 [ng_queue]
14 - DL 0:00.25 [geom]
15 - DL 0:23.73 [rand_harvestq]
16 - DL 0:00.00 [vmdaemon]
17 - DL 0:00.01 [pagezero]
18 - DL 0:00.35 [idlepoll]
19 - DL 0:01.31 [bufdaemon]
20 - DL 0:01.32 [vnlru]
21 - DL 0:43.90 [syncer]
57 - DL 0:03.43 [md0]
240 - Ss 0:10.39 php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm)
256 - INs 0:00.01 /usr/local/sbin/check_reload_status
258 - IN 0:00.00 check_reload_status: Monitoring daemon of check_reload_status
271 - Ss 0:00.12 /sbin/devd -q
1243 - Is 0:00.08 /usr/local/sbin/sshlockout_pf 15
2045 - Ss 0:14.70 /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
3209 - S 0:00.17 php-fpm: pool lighty (php-fpm)
9400 - Ss 0:15.91 /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
9615 - Ss 1:15.41 /usr/local/sbin/openvpn --config /var/etc/openvpn/server1.conf
10732 - Ss 0:00.01 /usr/sbin/syslogd -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /var/etc/syslog.conf
11297 - Is 0:00.00 /usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf
15225 - Ss 0:01.75 /usr/sbin/sshd
15504 - Is 0:00.01 /usr/local/sbin/sshlockout_pf 15
16036 - Ss 1:18.36 /usr/local/sbin/apinger -c /var/etc/apinger.conf
16106 - I 0:02.97 rrdtool -
20088 - S 0:11.96 /usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf
26907 - Ss 0:00.86 /usr/local/sbin/mpd4 -b -d /var/etc/l2tp-vpn -p /var/run/l2tp-vpn.pid -s l2tps l2tps
30210 - Ss 0:26.38 /usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd
30738 - S 0:06.59 /usr/local/sbin/radvd -p /var/run/radvd.pid -C /var/etc/radvd.conf -m syslog
31768 - Is 0:00.01 /usr/local/sbin/sshlockout_pf 15
33836 - Is 0:00.08 /usr/local/sbin/sshlockout_pf 15
34712 - ZN 0:00.15 <defunct>
34994 - ZN 0:00.15 <defunct>
36776 - Ss 1:45.25 /usr/sbin/bsnmpd -c /var/etc/snmpd.conf -p /var/run/snmpd.pid
37371 - I 0:00.00 sleep 55
44921 - Is 0:00.07 /usr/local/sbin/sshlockout_pf 15
51960 - Is 0:00.02 /usr/local/sbin/sshlockout_pf 15
56245 - Is 0:00.64 /usr/sbin/cron -s
56637 - ZN 0:00.15 <defunct>
56721 - ZN 0:00.15 <defunct>
58024 - IN 0:00.00 sleep 60
58057 - R 0:00.00 ps ax -w
59533 - Is 0:00.02 /usr/local/sbin/sshlockout_pf 15
61671 - Is 0:00.00 /usr/local/sbin/squid -D
62592 - S 0:16.82 (squid) -D (squid)
63873 - Is 0:00.06 /usr/local/sbin/sshlockout_pf 15
65574 - I 0:00.00 (unlinkd) (unlinkd)
67009 - Is 0:00.01 /usr/local/sbin/sshlockout_pf 15
68309 - Is 0:00.01 /usr/local/sbin/sshlockout_pf 15
69964 - I 0:03.41 /bin/sh /usr/local/pkg/sqpmon.sh
71487 - Is 0:00.00 /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
71900 - I 0:00.10 minicron: helper /usr/local/bin/ping_hosts.sh (minicron)
72223 - Is 0:00.00 /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccou
72661 - I 0:00.01 minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts (minicron)
72697 - Is 0:00.00 /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.upda
73268 - I 0:00.00 minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data (minicron)
75640 - S 0:07.33 /usr/pbi/bandwidthd-i386/local/bandwidthd/bandwidthd
76120 - S 0:07.30 /usr/pbi/bandwidthd-i386/local/bandwidthd/bandwidthd
76156 - Is 0:00.01 /usr/local/sbin/sshlockout_pf 15
76217 - S 0:06.94 /usr/pbi/bandwidthd-i386/local/bandwidthd/bandwidthd
76632 - S 0:06.58 /usr/pbi/bandwidthd-i386/local/bandwidthd/bandwidthd
76788 - S 0:06.79 /usr/pbi/bandwidthd-i386/local/bandwidthd/bandwidthd
77510 - S 0:06.90 /usr/pbi/bandwidthd-i386/local/bandwidthd/bandwidthd
77724 - S 0:06.57 /usr/pbi/bandwidthd-i386/local/bandwidthd/bandwidthd
77761 - S 0:06.69 /usr/pbi/bandwidthd-i386/local/bandwidthd/bandwidthd
79810 - ZN 0:00.03 <defunct>
79930 - ZN 0:00.03 <defunct>
82709 - Ss 0:10.97 /usr/local/sbin/softflowd -i em0 -n 192.168.80.82:9996 -m 8192 -L 1 -v 9 -T full -t general=59 -t maxlif
83254 - Ss 0:11.02 /usr/local/sbin/softflowd -i em0 -n 192.168.80.82:9996 -m 8192 -L 1 -v 9 -T full -t general=59 -t maxlif
87566 - Is 0:00.02 /usr/local/sbin/sshlockout_pf 15
90388 - Is 0:00.14 /usr/local/sbin/sshlockout_pf 15
94876 - ZN 0:00.07 <defunct>
95027 - ZN 0:00.07 <defunct>
41117 v0- IN 0:31.51 /bin/sh /var/db/rrd/updaterrd.sh
83093 v0 Is 0:00.00 login [pam] (login)
91243 v0 I 0:00.00 -sh (sh)
92152 v0 I+ 0:00.00 /bin/sh /etc/rc.initial

tecno214

/usr/local/sbin/mpd4 -b -d /var/etc/l2tp-vpn -p /var/run/l2tp-vpn.pid -s l2tps l2tps

Dovrebbe essere questa chiamata....

kiokoman

@tecno214 said in [PF Sense 2.4.4] Riavvio Servizio L2TP Via script Cron:

26907 - Ss 0:00.86 /usr/local/sbin/mpd4 -b -d /var/etc/l2tp-vpn -p /var/run/l2tp-vpn.pid -s l2tps l2tps

eccolo si, è quello, è mpd4 anziche mpd5

tecno214

Sospettavo...
Ti ringrazio di cuore...

Un ultima questione/dubbio..
L'elenco degli utenti collegati lo posso rilevare solo dagli "states" o esiste anche qualcosa di simile, ad esempio, alla verifica dei lease dhcp?

kiokoman

non so per l2tp se funzioni ma c'e' il widget per le vpn da mettere sulla dashboard, status / monitor puoi mettere vpn come filtro, Diagnostics / Tables ha anche quello il filtro per le vpn

tecno214

Grazie veramente per TUTTO.
Adesso tutto funziona come avrei voluto con gli utenti che a tot orario si trovano disconnessi!!!

kiokoman

ottimo, spero che i tuoi utenti non me ne vogliano, non dirgli dove mi hai trovato