From 67d44805ce4d6118d3da258d017b5bb6fa1efbbd Mon Sep 17 00:00:00 2001
From: bjdgyc <bjdgyc@163.com>
Date: Sat, 26 Jun 2021 23:33:15 +0800
Subject: [PATCH 1/4] =?UTF-8?q?=E4=BF=AE=E5=A4=8Dip=E9=87=8D=E5=A4=8D?=
 =?UTF-8?q?=E5=88=86=E9=85=8D=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/sessdata/ip_pool.go | 40 +++++++++++++++++---------------------
 web/package-lock.json      | 18 ++++++++++-------
 2 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/server/sessdata/ip_pool.go b/server/sessdata/ip_pool.go
index b749dc9..a2f3d2a 100644
--- a/server/sessdata/ip_pool.go
+++ b/server/sessdata/ip_pool.go
@@ -58,7 +58,7 @@ func ip2long(ip net.IP) uint32 {
 	return binary.BigEndian.Uint32(ip)
 }
 
-// 获取动态ip
+// AcquireIp 获取动态ip
 func AcquireIp(username, macAddr string) net.IP {
 	IpPool.mux.Lock()
 	defer IpPool.mux.Unlock()
@@ -71,37 +71,24 @@ func AcquireIp(username, macAddr string) net.IP {
 	if err == nil {
 		ip := mi.IpAddr
 		ipStr := ip.String()
+		// 跳过活跃连接
+		_, ok := ipActive[ipStr]
 		// 检测原有ip是否在新的ip池内
-		if IpPool.Ipv4IPNet.Contains(ip) {
+		if IpPool.Ipv4IPNet.Contains(ip) && !ok {
 			mi.Username = username
 			mi.LastLogin = tNow
 			// 回写db数据
 			_ = dbdata.Save(mi)
 			ipActive[ipStr] = true
 			return ip
-		} else {
-			_ = dbdata.Del(mi)
 		}
-	}
 
-	// 全局遍历未分配ip
-	// 优先获取没有使用的ip
-	for i := IpPool.IpLongMin; i <= IpPool.IpLongMax; i++ {
-		ip := long2ip(i)
-		ipStr := ip.String()
-		mi := &dbdata.IpMap{}
-		err := dbdata.One("IpAddr", ip, mi)
-		if err != nil && dbdata.CheckErrNotFound(err) {
-			// 该ip没有被使用
-			mi := &dbdata.IpMap{IpAddr: ip, MacAddr: macAddr, Username: username, LastLogin: tNow}
-			_ = dbdata.Save(mi)
-			ipActive[ipStr] = true
-			return ip
-		}
+		_ = dbdata.Del(mi)
+
 	}
 
 	farIp := &dbdata.IpMap{LastLogin: tNow}
-	// 遍历超过租期ip
+	// 全局遍历超过租期ip
 	for i := IpPool.IpLongMin; i <= IpPool.IpLongMax; i++ {
 		ip := long2ip(i)
 		ipStr := ip.String()
@@ -112,11 +99,20 @@ func AcquireIp(username, macAddr string) net.IP {
 		}
 
 		v := &dbdata.IpMap{}
-		err := dbdata.One("IpAddr", ip, v)
+		err = dbdata.One("IpAddr", ip, v)
 		if err != nil {
+			if dbdata.CheckErrNotFound(err) {
+				// 该ip没有被使用
+				mi = &dbdata.IpMap{IpAddr: ip, MacAddr: macAddr, Username: username, LastLogin: tNow}
+				_ = dbdata.Save(mi)
+				ipActive[ipStr] = true
+				return ip
+			}
 			base.Error(err)
 			return nil
 		}
+
+		// 跳过ip保留
 		if v.Keep {
 			continue
 		}
@@ -124,7 +120,7 @@ func AcquireIp(username, macAddr string) net.IP {
 		// 已经超过租期
 		if tNow.Sub(v.LastLogin) > time.Duration(base.Cfg.IpLease)*time.Second {
 			_ = dbdata.Del(v)
-			mi := &dbdata.IpMap{IpAddr: ip, MacAddr: macAddr, Username: username, LastLogin: tNow}
+			mi = &dbdata.IpMap{IpAddr: ip, MacAddr: macAddr, Username: username, LastLogin: tNow}
 			// 重写db数据
 			_ = dbdata.Save(mi)
 			ipActive[ipStr] = true
diff --git a/web/package-lock.json b/web/package-lock.json
index 5e57c24..6c37e41 100644
--- a/web/package-lock.json
+++ b/web/package-lock.json
@@ -3419,10 +3419,14 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001135",
-      "resolved": "https://registry.npm.taobao.org/caniuse-lite/download/caniuse-lite-1.0.30001135.tgz?cache=0&sync_timestamp=1600754676334&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Fcaniuse-lite%2Fdownload%2Fcaniuse-lite-1.0.30001135.tgz",
-      "integrity": "sha1-mVseuUQEo8mg12AMETybsn8s2Ko=",
-      "dev": true
+      "version": "1.0.30001240",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001240.tgz",
+      "integrity": "sha512-nb8mDzfMdxBDN7ZKx8chWafAdBp5DAAlpWvNyUGe5tcDWd838zpzDN3Rah9cjCqhfOKkrvx40G2SDtP0qiWX/w==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/browserslist"
+      }
     },
     "node_modules/case-sensitive-paths-webpack-plugin": {
       "version": "2.3.0",
@@ -17187,9 +17191,9 @@
       }
     },
     "caniuse-lite": {
-      "version": "1.0.30001135",
-      "resolved": "https://registry.npm.taobao.org/caniuse-lite/download/caniuse-lite-1.0.30001135.tgz?cache=0&sync_timestamp=1600754676334&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Fcaniuse-lite%2Fdownload%2Fcaniuse-lite-1.0.30001135.tgz",
-      "integrity": "sha1-mVseuUQEo8mg12AMETybsn8s2Ko=",
+      "version": "1.0.30001240",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001240.tgz",
+      "integrity": "sha512-nb8mDzfMdxBDN7ZKx8chWafAdBp5DAAlpWvNyUGe5tcDWd838zpzDN3Rah9cjCqhfOKkrvx40G2SDtP0qiWX/w==",
       "dev": true
     },
     "case-sensitive-paths-webpack-plugin": {

From 3243cb98ad41a69e5b2d4f4c91d58b0ef5522ebc Mon Sep 17 00:00:00 2001
From: bjdgyc <bjdgyc@163.com>
Date: Sun, 27 Jun 2021 07:21:29 +0800
Subject: [PATCH 2/4] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=20question=20=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 question.md | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/question.md b/question.md
index e758d3f..3c960ee 100644
--- a/question.md
+++ b/question.md
@@ -1,10 +1,13 @@
 # 常见问题
 
 ### anyconnect 客户端问题
-> 客户端请使用群共享文件的版本，其他版本没有测试过，不保证使用正常。
+> 客户端请使用群共享文件的版本，其他版本没有测试过，不保证使用正常
 > 
 > 添加QQ群: 567510628
 
+### OTP 动态码
+> 请使用手机安装 freeotp ，然后扫描otp二维码，生成的数字即是动态码
+
 ### 远程桌面连接
 > 本软件已经支持远程桌面里面连接anyconnect。
 
@@ -13,3 +16,15 @@
 > 
 > 其他使用私有证书的问题，请自行解决
 
+### dpd timeout 设置问题
+```
+#客户端失效检测时间(秒) dpd > keepalive
+cstp_keepalive = 20
+cstp_dpd = 30
+mobile_keepalive = 40
+mobile_dpd = 50
+```
+> 以上dpd参数为客户端的超时时间, 如一段时间内，没有数据传输，防火墙会主动关闭连接
+> 
+> 如经常出现 timeout 的错误信息，应根据当前防火墙的设置，适当减小dpd数值
+

From 94dfb8bc440d4afd67821c321937d6ae3b9ce13b Mon Sep 17 00:00:00 2001
From: bjdgyc <bjdgyc@163.com>
Date: Sun, 27 Jun 2021 07:23:09 +0800
Subject: [PATCH 3/4] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=20question=20=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 question.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/question.md b/question.md
index 3c960ee..7b89a45 100644
--- a/question.md
+++ b/question.md
@@ -24,7 +24,7 @@ cstp_dpd = 30
 mobile_keepalive = 40
 mobile_dpd = 50
 ```
-> 以上dpd参数为客户端的超时时间, 如一段时间内，没有数据传输，防火墙会主动关闭连接
+> 以上dpd参数为客户端的超时检测时间, 如一段时间内，没有数据传输，防火墙会主动关闭连接
 > 
 > 如经常出现 timeout 的错误信息，应根据当前防火墙的设置，适当减小dpd数值
 

From d9af1254a49d11785b778b9e4a17ce32b1d93aa5 Mon Sep 17 00:00:00 2001
From: bjdgyc <bjdgyc@163.com>
Date: Sun, 27 Jun 2021 07:40:00 +0800
Subject: [PATCH 4/4] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=20question=20=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 question.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/question.md b/question.md
index 7b89a45..9ff77f5 100644
--- a/question.md
+++ b/question.md
@@ -28,3 +28,15 @@ mobile_dpd = 50
 > 
 > 如经常出现 timeout 的错误信息，应根据当前防火墙的设置，适当减小dpd数值
 
+### 性能问题
+```
+内网环境测试数据
+虚拟服务器：  centos7 4C8G
+anylink:    tun模式 tcp传输
+客户端文件下载速度：240Mb/s
+客户端网卡下载速度：270Mb/s
+服务端网卡上传速度：280Mb/s
+```
+> 客户端tls加密协议、隧道header头都会占用一定带宽
+
+