优化 日志输出

README.md

@@ -108,10 +108,11 @@ sudo ./anylink
 - [x] 兼容 AnyConnect
 - [x] 兼容 OpenConnect
 - [x] 基于 tun 设备的 nat 访问模式
-- [x] 基于 tap 设备的桥接访问模式
+- [x] 基于 tun 设备的桥接访问模式
 - [x] 基于 macvtap 设备的桥接访问模式
 - [x] 支持 [proxy protocol v1&v2](http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt) 协议
 - [x] 用户组支持
+- [x] 用户组策略支持
 - [x] 多用户支持
 - [x] 用户策略支持
 - [x] TOTP 令牌支持
@@ -119,10 +120,15 @@ sudo ./anylink
 - [x] 流量速率限制
 - [x] 后台管理界面
 - [x] 访问权限管理
+- [x] 用户活动审计功能
 - [x] IP 访问审计功能
 - [x] 域名动态拆分隧道（域名路由功能）
 - [x] radius认证支持
 - [x] LDAP认证支持
+- [x] 空闲链接超时自动断开
+- [x] 流量压缩功能
+- [x] 出口 IP 自动放行
+- [x] 支持多服务的配置区分
 - [ ] 基于 ipvtap 设备的桥接访问模式
 
 ## Config

build.sh

@@ -1,16 +1,5 @@
 #!/bin/bash
 
-#github action release.sh
-
-set -x
-function RETVAL() {
-  rt=$1
-  if [ $rt != 0 ]; then
-    echo $rt
-    exit 1
-  fi
-}
-
 #当前目录
 cpath=$(pwd)
 
@@ -18,55 +7,15 @@ ver=$(cat version)
 echo $ver
 
 #前端编译 仅需要执行一次
-#bash ./build_web.sh
+bash ./build_web.sh
 
-echo "copy二进制文件"
+cd $cpath/server
 
-# -tags osusergo,netgo,sqlite_omit_load_extension
+go build -v -o anylink
-flags="-trimpath"
-ldflags="-s -w -extldflags '-static' -X main.appVer=$ver -X main.commitId=$(git rev-parse HEAD) -X main.buildDate=$(date --iso-8601=seconds)"
-#github action
-gopath=/go
 
-dockercmd=$(
-  cat <<EOF
-sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g' /etc/apk/repositories
-apk add gcc g++ musl musl-dev tzdata
-export GOPROXY=https://goproxy.cn
-go mod tidy
-echo "build:"
-rm anylink
-export CGO_ENABLED=1
-go build -v -o anylink $flags -ldflags "$ldflags"
 ./anylink -v
-EOF
-)
 
-#使用 musl-dev 编译
-docker run -q --rm -v $PWD/server:/app -v $gopath:/go -w /app --platform=linux/amd64 \
-  golang:1.20-alpine3.19 sh -c "$dockercmd"
 
-#arm64编译
+echo "anylink 编译完成，目录: $cpath/server/anylink"
-#docker run -q --rm -v $PWD/server:/app -v $gopath:/go -w /app --platform=linux/arm64 \
-#  golang:1.20-alpine3.19 go build -o anylink_arm64 $flags -ldflags "$ldflags"
-#exit 0
 
-#cd $cpath
 
-echo "整理部署文件"
-rm -rf anylink-deploy anylink-deploy.tar.gz
-mkdir anylink-deploy
-mkdir anylink-deploy/log
-
-cp -r server/anylink anylink-deploy
-cp -r server/conf anylink-deploy
-
-cp -r index_template anylink-deploy
-cp -r deploy anylink-deploy
-cp -r LICENSE anylink-deploy
-
-tar zcvf anylink-deploy.tar.gz anylink-deploy
-
-#注意使用root权限运行
-#cd anylink-deploy
-#sudo ./anylink --conf="conf/server.toml"

server/base/config.go

@@ -22,7 +22,7 @@ type config struct {
 var configs = []config{
 	{Typ: cfgStr, Name: "conf", Usage: "config file", ValStr: "./conf/server.toml", Short: "c"},
 	{Typ: cfgStr, Name: "profile", Usage: "profile.xml file", ValStr: "./conf/profile.xml"},
-	{Typ: cfgStr, Name: "profile_name", Usage: "profile name(用于区分不同网站的配置)", ValStr: "anylink"},
+	{Typ: cfgStr, Name: "profile_name", Usage: "profile name(用于区分不同服务端的配置)", ValStr: "anylink"},
 	{Typ: cfgStr, Name: "server_addr", Usage: "TCP服务监听地址(任意端口)", ValStr: ":443"},
 	{Typ: cfgBool, Name: "server_dtls", Usage: "开启DTLS", ValBool: false},
 	{Typ: cfgStr, Name: "server_dtls_addr", Usage: "DTLS监听地址(任意端口)", ValStr: ":443"},

server/conf/server-sample.toml

@@ -11,7 +11,7 @@ cert_file = "./conf/vpn_cert.pem"
 cert_key = "./conf/vpn_cert.key"
 files_path = "./conf/files"
 profile = "./conf/profile.xml"
-#profile name(用于区分不同网站的配置)
+#profile name(用于区分不同服务端的配置)
 #客户端存放位置 C:\ProgramData\Cisco\Cisco Secure Client\VPN\Profile
 profile_name = "anylink"
 #日志目录,为空写入标准输出

server/handler/link_auth.go

@@ -46,10 +46,11 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 	cr := ClientRequest{}
 	err = xml.Unmarshal(body, &cr)
 	if err != nil {
+		base.Error(err)
 		w.WriteHeader(http.StatusBadRequest)
 		return
 	}
-	// fmt.Printf("%+v \n", cr)
+	base.Trace(fmt.Sprintf("%+v \n", cr))
 	// setCommonHeader(w)
 	if cr.Type == "logout" {
 		// 退出删除session信息
@@ -140,7 +141,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 		Banner: other.Banner, ProfileName: base.Cfg.ProfileName, ProfileHash: profileHash}
 	w.WriteHeader(http.StatusOK)
 	tplRequest(tpl_complete, w, rd)
-	base.Debug("login", cr.Auth.Username, userAgent)
+	base.Info("login", cr.Auth.Username, userAgent)
 }
 
 const (

server/handler/link_cstp.go

@@ -37,14 +37,14 @@ func LinkCstp(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessio
 		// 设置超时限制
 		err = conn.SetReadDeadline(utils.NowSec().Add(dead))
 		if err != nil {
-			base.Error("SetDeadline: ", cSess.Username, err)
+			base.Error("SetDeadline: ", cSess.Username, cSess.IpAddr, err)
 			return
 		}
 		// hdata := make([]byte, BufferSize)
 		pl := getPayload()
 		n, err = bufRW.Read(pl.Data)
 		if err != nil {
-			base.Error("read hdata: ", cSess.Username, err)
+			base.Warn("read hdata: ", cSess.Username, cSess.IpAddr, err)
 			return
 		}
 
@@ -69,7 +69,7 @@ func LinkCstp(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessio
 			}
 		case 0x05: // DISCONNECT
 			cSess.UserLogoutCode = dbdata.UserLogoutClient
-			base.Debug("DISCONNECT", cSess.Username, cSess.IpAddr, conn.RemoteAddr(), n, string(pl.Data[9:n]))
+			base.Info("DISCONNECT", cSess.Username, cSess.IpAddr, conn.RemoteAddr(), n, string(pl.Data[9:n]))
 			sessdata.CloseSess(cSess.Sess.Token, dbdata.UserLogoutClient)
 			return
 		case 0x03: // DPD-REQ
@@ -176,7 +176,7 @@ func cstpWrite(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessi
 
 		n, err = conn.Write(pl.Data)
 		if err != nil {
-			base.Error("write err", cSess.Username, err)
+			base.Warn("write err", cSess.Username, cSess.IpAddr, err)
 			return
 		}
 

server/handler/link_dtls.go

@@ -36,14 +36,14 @@ func LinkDtls(conn net.Conn, cSess *sessdata.ConnSession) {
 	for {
 		err = conn.SetReadDeadline(utils.NowSec().Add(dead))
 		if err != nil {
-			base.Error("SetDeadline: ", cSess.Username, err)
+			base.Error("SetDeadline: ", cSess.Username, cSess.IpAddr, err)
 			return
 		}
 
 		pl := getPayload()
 		n, err = conn.Read(pl.Data)
 		if err != nil {
-			base.Error("read hdata: ", cSess.Username, err)
+			base.Warn("read hdata: ", cSess.Username, cSess.IpAddr, err)
 			return
 		}
 
@@ -59,10 +59,10 @@ func LinkDtls(conn net.Conn, cSess *sessdata.ConnSession) {
 			base.Trace("recv LinkDtls Keepalive", cSess.Username, cSess.IpAddr, conn.RemoteAddr())
 		case 0x05: // DISCONNECT
 			cSess.UserLogoutCode = dbdata.UserLogoutClient
-			base.Debug("DISCONNECT DTLS", cSess.Username, cSess.IpAddr, conn.RemoteAddr())
+			base.Info("DISCONNECT DTLS", cSess.Username, cSess.IpAddr, conn.RemoteAddr())
 			return
 		case 0x03: // DPD-REQ
-			base.Trace("recv LinkDtls DPD-REQ", cSess.Username, cSess.IpAddr, conn.RemoteAddr(), n, pl.Data[:n])
+			base.Trace("recv LinkDtls DPD-REQ", cSess.Username, cSess.IpAddr, conn.RemoteAddr(), n)
 			pl.PType = 0x04
 			// 从零开始 可以直接赋值
 			pl.Data = pl.Data[:n]
@@ -151,12 +151,15 @@ func dtlsWrite(conn net.Conn, dSess *sessdata.DtlsSession, cSess *sessdata.ConnS
 			}
 		} else {
 			// 设置头类型
-			// pl.Data = append(pl.Data[:0], pl.PType)
+			if pl.PType == 0x04 {
-			pl.Data[0] = pl.PType
+				pl.Data[0] = pl.PType
+			} else {
+				pl.Data = append(pl.Data[:0], pl.PType)
+			}
 		}
 		n, err := conn.Write(pl.Data)
 		if err != nil {
-			base.Error("write err", cSess.Username, err)
+			base.Warn("write err", cSess.Username, cSess.IpAddr, err)
 			return
 		}
 

server/handler/link_tunnel.go

@@ -92,7 +92,7 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
 		dtlsPort = ss[1]
 	}
 
-	base.Debug(cSess.IpAddr, cSess.MacHw, sess.Username, mobile)
+	base.Info(sess.Username, cSess.IpAddr, cSess.MacHw, cSess.Client, mobile)
 
 	// 检测密码套件
 	dtlsCiphersuite := checkDtls12Ciphersuite(r.Header.Get("X-Dtls12-Ciphersuite"))