diff --git a/server/base/cfg.go b/server/base/cfg.go
index c30cd2e..4d7f79a 100644
--- a/server/base/cfg.go
+++ b/server/base/cfg.go
@@ -33,6 +33,7 @@ type ServerConfig struct {
 	// LinkAddr      string `json:"link_addr"`
 	ServerAddr     string `json:"server_addr"`
 	ServerDTLSAddr string `json:"server_dtls_addr"`
+	ServerDTLS     bool   `json:"server_dtls"`
 	AdminAddr      string `json:"admin_addr"`
 	ProxyProtocol  bool   `json:"proxy_protocol"`
 	DbFile         string `json:"db_file"`
diff --git a/server/base/config.go b/server/base/config.go
index 6e412ba..f45d80d 100644
--- a/server/base/config.go
+++ b/server/base/config.go
@@ -16,8 +16,9 @@ type config struct {
 }
 
 var configs = []config{
-	{Typ: cfgStr, Name: "server_addr", Usage: "前台服务监听地址", ValStr: ":443"},
-	{Typ: cfgStr, Name: "server_dtls_addr", Usage: "前台DTLS监听地址", ValStr: ":4433"},
+	{Typ: cfgStr, Name: "server_addr", Usage: "服务监听地址", ValStr: ":443"},
+	{Typ: cfgBool, Name: "server_dtls", Usage: "开启DTLS", ValBool: false},
+	{Typ: cfgStr, Name: "server_dtls_addr", Usage: "DTLS监听地址", ValStr: ":4433"},
 	{Typ: cfgStr, Name: "admin_addr", Usage: "后台服务监听地址", ValStr: ":8800"},
 	{Typ: cfgBool, Name: "proxy_protocol", Usage: "TCP代理协议", ValBool: false},
 	{Typ: cfgStr, Name: "db_file", Usage: "数据库地址", ValStr: "./data.db"},
diff --git a/server/conf/server.toml b/server/conf/server.toml
index 92e166c..0cd6b76 100644
--- a/server/conf/server.toml
+++ b/server/conf/server.toml
@@ -25,8 +25,10 @@ admin_pass = "$2a$10$UQ7C.EoPifDeJh6d8.31TeSPQU7hM/NOM2nixmBucJpAuXDQNqNke"
 jwt_secret = "iLmspvOiz*%ovfcs*wersdf#heR8pNU4XxBm&mW$aPCjSRMbYH#&"
 
 
-#前台服务监听地址
+#服务监听地址
 server_addr = ":443"
+#开启 DTLS, 默认关闭
+server_dtls = false
 server_dtls_addr = ":4433"
 #后台服务监听地址
 admin_addr = ":8800"
diff --git a/server/handler/dtls.go b/server/handler/dtls.go
index d3cc7c9..d897923 100644
--- a/server/handler/dtls.go
+++ b/server/handler/dtls.go
@@ -21,6 +21,10 @@ import (
 // 最后,感谢 github.com/pion/dtls 对golang生态做出的贡献
 
 func startDtls() {
+	if !base.Cfg.ServerDTLS {
+		return
+	}
+
 	certificate, err := selfsign.GenerateSelfSigned()
 	if err != nil {
 		panic(err)
diff --git a/server/handler/link_tunnel.go b/server/handler/link_tunnel.go
index 6388692..8b73780 100644
--- a/server/handler/link_tunnel.go
+++ b/server/handler/link_tunnel.go
@@ -70,7 +70,7 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
 	}
 	cSess.CstpDpd = cstpDpd
 
-	dtlsPort := ""
+	dtlsPort := "4433"
 	if strings.Contains(base.Cfg.ServerDTLSAddr, ":") {
 		ss := strings.Split(base.Cfg.ServerDTLSAddr, ":")
 		dtlsPort = ss[1]