This may work on Leopard Server as well, but I haven't tested it. There are several brute-force VPN protocol attacks rampant on the internet, and they may leave your VPN service in an unusable state by flooding it with connection requests.
Read on for a solution…
The best answer to this is to turn off the built-in VPN service and use OpenVPN instead, but PPTP remains the de facto standard for VPN connections–there's probably a PPTP client for your refrigerator, for crying out loud. You want to reset the VPN service periodically in order to clear these connections, but you don't want to disconnect any valid VPN users in the process. This script does it for you. I set it up as a cron job to run every six hours or so, although once a day would probably suffice.
#!/bin/sh<br /> #<br /> # checkvpn.sh Jon Gardner 01 Jan 2009<br /> #<br /> # This script resets the VPN service to clear malware attack connections, but only if there<br /> # are no valid user connections in progress.<br /> #<br /> CONN=`/usr/sbin/serveradmin fullstatus vpn|grep CurrentConnections|grep pptp|cut -f2 -d'='`<br /> echo Active VPN connections: $CONN<br /> if [ `expr $CONN` -gt 0 ]<br /> then<br /> USERS=`/usr/sbin/serveradmin command vpn:command = getConnectedUsers | grep name | cut -f2 -d'='|sed -e"s/"//g"`<br /> if [ "$USERS" != "" ]<br /> then<br /> echo Active VPN users: $USERS<br /> else<br /> echo No authorized VPN users connected. Restarting VPN service...<br /> /usr/sbin/serveradmin stop vpn<br /> sleep 5<br /> /usr/sbin/serveradmin start vpn<br /> fi<br /> fi<br />
I think your script got mangled by the by the Geeklog slashmonster… (remember to DOUBLE your backslashes)
First, I like the script! I don’t normally have to reset VPN but once a month (at most), but this will make my life much easier when I am having such a difficulty.
And If I may, I have enhanced it a bit. The current script would reset only if there was no active connections. I want it to be able to tell me current status and if I wanted to restart it, then to be able do so. This like quite a few of my scripts, were culled from others and enhanced to display more output. If some is good, then more is better.
So it can be run as normal and if you pass ‘restart’ as a command line argument, it will then reset, again only if there are zero active connections.
Some things I noticed, I found that it was only checking the status of L2TP. Our users here use either, so I had to modify it a bit deeply to ensure only I reset when we are idle on both PPTP and L2TP. So, I have it output the current Start time of both VPN connection types (redundant as there is no way to start one over the other but… well, for completeness) then if the count is zero and if the restart command line was passed, it will stop, pause and start the vpn service and show you the ‘new’ start times for the services.
Enjoy!
Posted after testing and must have had an old version in clipboard.. here is a WORKING (Fully!) version