Solved: Re: Script to log off VPN userScript to log off VPN user

Silvano Ferreira de Souza · ‎03-25-2021

Hello guys.

I need to make a code that runs every day at 11pm to force users who are connected to the
VPN to log off. Researching some materials I made a code that when I run on Idle Shell
works perfectly, however when converting this .py file to an .exe it doesn't work.
I use Pyinstaller to convert them. Idle Shell version 3.9.2. If any can help I appreciate it.

Code:

import paramiko

ip_address = "192.168.1.1"
username = "myusername"
password = "mypassword"

ssh_client = paramiko.SSHClient()
ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh_client.connect(hostname=ip_address,username=username,password=password)

print ("Sucessful conection")

remote_connection = ssh_client.invoke_shell()
remote_connection.send("vpn-sessiondb logoff name Petter noconfirm\n")
remote_connection.send("exit\n")
ssh_client.close

Silvano Ferreira de Souza · ‎03-27-2021

I searched the Internet and on the netmiko website I found several examples of simple codes, modified one of the examples, converted from .py to .exe and it worked correctly. Thank you for your help. Follow the link netmiko and the code that worked.

https://pynet.twb-tech.com/blog/automation/netmiko.html

from netmiko import ConnectHandler

cisco1 = {
"device_type": "cisco_ftd",
"host": "192.168.1.5",
"username": "myusername",
"password": "mypassword",
}

# Show command that we execute.
command = "vpn-sessiondb logoff All noconfirm\n"

with ConnectHandler(**cisco1) as net_connect:
output = net_connect.send_command(command)

# Automatically cleans-up the output so that only the show output is returned
print()
print(output)
print()

Thanks...

View solution in original post

balaji.bandi · ‎03-25-2021

what is the error you get ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Silvano Ferreira de Souza · ‎03-25-2021

Hi balaji.bandi,

When I run the .exe file it opens the prompt and shows me connected success and closes the prompt but does not log off on Anyconnect(on Idle it works). I did a test by inserting a print at the end of the code line to see if the code ran until the end and when I run the .py file directly in the windows command prompt there is no error in the program, however it does not disconnect the VPN. Attached print windows prompt.

import paramiko

ip_address = "192.168.1.1"
username = "myusername"
password = "mypassword"

ssh_client = paramiko.SSHClient()
ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh_client.connect(hostname=ip_address,username=username,password=password)

print ("Sucessful conection")

remote_connection = ssh_client.invoke_shell()
remote_connection.send("vpn-sessiondb logoff name Petter noconfirm\n")
remote_connection.send("exit\n")
ssh_client.close

print ("Sucessful conection")

balaji.bandi · ‎03-25-2021

just to clarify the script runs and it will not disconnect user "Petter" - is this correct?

Do you see Petter connection show VPN session db ?

just to confirm you got access and able to execute command, get Petter db from ASA and disconnect again and show db again ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Silvano Ferreira de Souza · ‎03-25-2021

I connect my laptop to the VPN with the user "Petter", so when I run the .exe script or at the windows prompt my laptop remains connected to the vpn does not log off. In the idle shell my connection drops and the login screen appears to reconnect to the vpn using my credentials.

balaji.bandi · ‎03-25-2021

you mean you running the same script when you dial in VPN ? i do not believe the script executes correctly and you get optimal results here.

the test correctly, you need to run the script on a different Pc than the one you connected.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Silvano Ferreira de Souza · ‎03-25-2021

I did this test, I also connected VPN on my smartphone and another laptop and does not disconnect on any of these devices.

balaji.bandi · ‎03-26-2021

That means this script not working as expected.

as per the original post - the below command on the ASA console does disconnect the user right?

vpn-sessiondb logoff name <name>

as you using the same user in the script? (for login?)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Silvano Ferreira de Souza · ‎03-26-2021

Right. The Script is not working, but the command is correct, in Firepower console works. Yes I use the same name that I use to login to Anyconnect.

Thanks for your help.

Silvano Ferreira de Souza · ‎03-27-2021

I searched the Internet and on the netmiko website I found several examples of simple codes, modified one of the examples, converted from .py to .exe and it worked correctly. Thank you for your help. Follow the link netmiko and the code that worked.

https://pynet.twb-tech.com/blog/automation/netmiko.html

from netmiko import ConnectHandler

cisco1 = {
"device_type": "cisco_ftd",
"host": "192.168.1.5",
"username": "myusername",
"password": "mypassword",
}

# Show command that we execute.
command = "vpn-sessiondb logoff All noconfirm\n"

with ConnectHandler(**cisco1) as net_connect:
output = net_connect.send_command(command)

# Automatically cleans-up the output so that only the show output is returned
print()
print(output)
print()

Thanks...

balaji.bandi · ‎03-27-2021

thank you for the feedback and glad it all good.

But this was going to log off all but you trying one user right "vpn-sessiondb logoff All noconfirm"

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help