Configuring automatic password retrieval for VPN on Mikrotik

Prehistory

In connection with the introduction of blocking of some resources in our country (we will not point fingers), it took me to implement access to them via VPN. By the way, I use these resources not so often, but I use it. And it would seem easier. There are today a whole bunch of different services providing VPN access.

However, to pay for the service a few tens of dollars and use it several times a month, I considered it inappropriate. Then my choice fell on free VPN. One of these is the vpnbook service. For my requirements, there is plenty of it, but here's the bad luck - the password for accessing VPN via PPTP changes periodically. And each time you change it, go to the site to copy it and configure the connection on the router - frankly lazy. And they say that "laziness is the engine of progress." In my case it is. Need to do something…

I thought, why not parse the password from the page and automatically update the connection settings on my Mikrotik. Why just a password? Well, on the vpnbook server addresses are quite constant and I use one and the login is always the same - vpnbook. So let's get started.

Part about PHP - a simple parser

To begin with, I decided to write a simple PHP parser page. Honestly, I don’t program at my own work, so all the code I’ll give here can certainly be done better, and I hope in the comments I’ll point out errors, jambs and flaws.
')
When parsing, I used the PHP Simple HTML DOM Parser library. It can be downloaded from the link . And for starters, we of course need to connect it:

include "simple_html_dom.php"; 

Next, in order to get the contents of the page vpnbook.com/freevpn we will use cURL. I took an example of how to use it from php.net and wrapped it in a function:

 function url_get_html($url){ //  cURL $ch = curl_init(); //  url      curl_setopt($ch, CURLOPT_URL, $url); //        string curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); //   $output = curl_exec($ch); //  cURL curl_close($ch); //   return $output; } 

Next, using the features of the library "PHP Simple HTML DOM Parser", we need to pull the password out of the page content. After reviewing the source code of the page, you can see that the password is in the last item in the list in the strong tag.


Why not get all the strong tags from the first list on the page and not get the password from the last one? We do:

 // URL      $url = "http://www.vpnbook.com/freevpn"; //  DOM $html = str_get_html(url_get_html($url)); //         "disc" $items = $html->find(".disc", 0)->find("strong"); //     $pswd = end($items); //   echo $pswd->innertext; 

So the parser is ready. It remains to put it on the server.

Part about Mikrotik - a script for creating a VPN connection

The parser is ready and imagine that it is available at vpn.pswd.tk. Now we need to write a script on Mikrotik (I have hap lite) that will contact our parser, get the password from it and re-create the VPN connection. Having rummaged through the Mikrotik documentation, I found the functionality I needed, namely using / tool fetch, you can make a request by the URL and put the content into a text file, and then read its contents into a variable. Here is the complete script code:

 /tool fetch url="http://vpn.pswd.tk/" mode=http dst-path="vpn_pswd.txt"; :delay 2s :local password [/file get vpn_pswd.txt contents] /file remove vpn_pswd.txt; /interface pptp-client remove [/interface pptp-client find name=pptp-out1] /interface pptp-client add name=pptp-out1 user=vpnbook password=$password connect-to=us1.vpnbook.com disabled=no 

Let's take a look at what is what. The first line we make a request to our parser and the answer in the form of a password is written to the file vpn_pswd.txt. Further, as it is easy to guess, we have a delay of 2 seconds. For what? The fact is that the router takes some time to execute the request and create the file, and if you don’t make a delay, the next command may simply not read the value from the file into the variable (since it isn’t yet at that time). Further, after writing the value to a variable, we delete the created file - we no longer need it. Then we delete the created VPN connection and create a new one.

It remains only to add to the scheduler the launch of this script after some (of your choice) period of time. This is done in the System / Scheduler section. If we allow our script to be called “through_vpn_list”, then with this command we will create a task to run the script every 6 hours:

 /system scheduler add name=schedule1 interval=6h on-event="/system script run through_vpn_list" 

Results

We were able to automatically create a VPN connection using the password from a free service. How to use this connection is your decision. For example, you can configure policy-based routing so that a VPN connection is used only for a specific list of sites and resources. So for example, and I have implemented. I attach a link to the documentation on which this can be done.

Of course, this solution is probably not the best. And here you can improve a lot of things. For example, what if the layout changes? The parser will not work anymore. Therefore, you need to think about a more universal approach to obtaining a password. But the goal was achieved and this bundle works great.

PS Please write comments, what is wrong, what can be improved. As it is written: “Without a confidential conversation, the plans will be upset, and with many advisers there will be success.”