diff --git a/server/base/cfg.go b/server/base/cfg.go index b0b52a2..e211d0a 100644 --- a/server/base/cfg.go +++ b/server/base/cfg.go @@ -81,7 +81,8 @@ type ServerConfig struct { Compression bool `json:"compression"` // bool NoCompressLimit int `json:"no_compress_limit"` // int - DisplayError bool `json:"display_error"` + DisplayError bool `json:"display_error"` + ExcludeExportIp bool `json:"exclude_export_ip"` } func initServerCfg() { diff --git a/server/base/config.go b/server/base/config.go index 11183fd..6d28ac1 100644 --- a/server/base/config.go +++ b/server/base/config.go @@ -48,7 +48,7 @@ var configs = []config{ {Typ: cfgStr, Name: "ipv4_start", Usage: "IPV4开始地址", ValStr: "192.168.90.100"}, {Typ: cfgStr, Name: "ipv4_end", Usage: "IPV4结束", ValStr: "192.168.90.200"}, {Typ: cfgStr, Name: "default_group", Usage: "默认用户组", ValStr: "one"}, - {Typ: cfgStr, Name: "default_domain", Usage: "要发布的默认域", ValStr: ""}, + {Typ: cfgStr, Name: "default_domain", Usage: "客户端dns的默认搜索域", ValStr: ""}, {Typ: cfgInt, Name: "ip_lease", Usage: "IP租期(秒)", ValInt: 86400}, {Typ: cfgInt, Name: "max_client", Usage: "最大用户连接", ValInt: 200}, @@ -69,6 +69,7 @@ var configs = []config{ {Typ: cfgInt, Name: "no_compress_limit", Usage: "低于及等于多少字节不压缩", ValInt: 256}, {Typ: cfgBool, Name: "display_error", Usage: "客户端显示详细错误信息(线上环境慎开启)", ValBool: false}, + {Typ: cfgBool, Name: "exclude_export_ip", Usage: "排除出口ip路由(出口ip不加密传输)", ValBool: true}, } var envs = map[string]string{} diff --git a/server/conf/server-sample.toml b/server/conf/server-sample.toml index d65aa7e..20f91d8 100644 --- a/server/conf/server-sample.toml +++ b/server/conf/server-sample.toml @@ -69,7 +69,7 @@ mobile_dpd = 22 #设置最大传输单元 mtu = 1460 -# 要发布的默认域 +# 客户端dns的默认搜索域 default_domain = "example.com" #default_domain = "example.com abc.example.com" diff --git a/server/handler/link_tunnel.go b/server/handler/link_tunnel.go index 3ddac98..cf96ee0 100644 --- a/server/handler/link_tunnel.go +++ b/server/handler/link_tunnel.go @@ -66,6 +66,8 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) { cstpBaseMtu := r.Header.Get("X-CSTP-Base-MTU") masterSecret := r.Header.Get("X-DTLS-Master-Secret") localIp := r.Header.Get("X-Cstp-Local-Address-Ip4") + // 出口ip + exportIp4 := r.Header.Get("X-Cstp-Remote-Address-Ip4") mobile := r.Header.Get("X-Cstp-License") cSess.SetMtu(cstpMtu) @@ -96,14 +98,6 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) { dtlsCiphersuite := checkDtls12Ciphersuite(r.Header.Get("X-Dtls12-Ciphersuite")) base.Trace("dtlsCiphersuite", dtlsCiphersuite) - // 压缩 - if cmpName, ok := cSess.SetPickCmp("cstp", r.Header.Get("X-Cstp-Accept-Encoding")); ok { - HttpSetHeader(w, "X-CSTP-Content-Encoding", cmpName) - } - if cmpName, ok := cSess.SetPickCmp("dtls", r.Header.Get("X-Dtls-Accept-Encoding")); ok { - HttpSetHeader(w, "X-DTLS-Content-Encoding", cmpName) - } - // 返回客户端数据 HttpSetHeader(w, "Server", fmt.Sprintf("%s %s", base.APP_NAME, base.APP_VER)) HttpSetHeader(w, "X-CSTP-Version", "1") @@ -113,11 +107,19 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) { HttpSetHeader(w, "X-CSTP-Netmask", sessdata.IpPool.Ipv4Mask.String()) // 子网掩码 HttpSetHeader(w, "X-CSTP-Hostname", hn) // 机器名称 HttpSetHeader(w, "X-CSTP-Base-MTU", cstpBaseMtu) - // 要发布的默认域 + // 客户端dns的默认搜索域 if base.Cfg.DefaultDomain != "" { HttpSetHeader(w, "X-CSTP-Default-Domain", base.Cfg.DefaultDomain) } + // 压缩 + if cmpName, ok := cSess.SetPickCmp("cstp", r.Header.Get("X-Cstp-Accept-Encoding")); ok { + HttpSetHeader(w, "X-CSTP-Content-Encoding", cmpName) + } + if cmpName, ok := cSess.SetPickCmp("dtls", r.Header.Get("X-Dtls-Accept-Encoding")); ok { + HttpSetHeader(w, "X-DTLS-Content-Encoding", cmpName) + } + // 设置用户策略 SetUserPolicy(cSess.Username, cSess.Group) @@ -136,10 +138,14 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) { } HttpAddHeader(w, "X-CSTP-Split-Include", v.IpMask) } - // 不允许的路由 X-Cstp-Remote-Address-Ip4: + // 不允许的路由 for _, v := range cSess.Group.RouteExclude { HttpAddHeader(w, "X-CSTP-Split-Exclude", v.IpMask) } + // 排除出口ip路由(出口ip不加密传输) + if base.Cfg.ExcludeExportIp && exportIp4 != "" { + HttpAddHeader(w, "X-CSTP-Split-Exclude", exportIp4+"/255.255.255.255") + } HttpSetHeader(w, "X-CSTP-Lease-Duration", "1209600") // ip地址租期 HttpSetHeader(w, "X-CSTP-Session-Timeout", "none") diff --git a/server/handler/server.go b/server/handler/server.go index 011c04a..6e1f5ec 100644 --- a/server/handler/server.go +++ b/server/handler/server.go @@ -6,6 +6,7 @@ import ( "io" "net" "net/http" + "net/http/httputil" "os" "time" @@ -116,8 +117,10 @@ func initRoute() http.Handler { func notFound(w http.ResponseWriter, r *http.Request) { // fmt.Println(r.RemoteAddr) - // hu, _ := httputil.DumpRequest(r, true) - // fmt.Println("NotFound: ", string(hu)) + if base.GetLogLevel() == base.LogLevelTrace { + hd, _ := httputil.DumpRequest(r, true) + base.Trace("NotFound: ", string(hd)) + } w.WriteHeader(http.StatusNotFound) fmt.Fprintln(w, "404 page not found")