修改客户端分配的ip为CIDR格式，请注意原来network格式

handler/dtls.go

@@ -2,4 +2,5 @@ package handler
 
 // 暂时没有实现
 func startDtls() {
+
 }

handler/link_auth.go

@@ -87,7 +87,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 	sess.MacAddr = strings.ToLower(cr.MacAddressList.MacAddress)
 	sess.UniqueIdGlobal = cr.DeviceId.UniqueIdGlobal
 	other := &dbdata.SettingOther{}
-	dbdata.SettingGet(other)
+	_ = dbdata.SettingGet(other)
 	rd := RequestData{SessionId: sess.Sid, SessionToken: sess.Sid + "@" + sess.Token,
 		Banner: other.Banner}
 	w.WriteHeader(http.StatusOK)
@@ -102,7 +102,7 @@ const (
 func tplRequest(typ int, w io.Writer, data RequestData) {
 	if typ == tpl_request {
 		t, _ := template.New("auth_request").Parse(auth_request)
-		t.Execute(w, data)
+		_ = t.Execute(w, data)
 		return
 	}
 
@@ -111,7 +111,7 @@ func tplRequest(typ int, w io.Writer, data RequestData) {
 		data.Banner = strings.ReplaceAll(data.Banner, "\n", "
")
 	}
 	t, _ := template.New("auth_complete").Parse(auth_complete)
-	t.Execute(w, data)
+	_ = t.Execute(w, data)
 }
 
 // 设置输出信息

handler/link_base.go

@@ -2,11 +2,9 @@ package handler
 
 import (
 	"encoding/xml"
-	"fmt"
 	"log"
 	"net/http"
 	"os/exec"
-	"strings"
 )
 
 const BufferSize = 2048
@@ -43,27 +41,6 @@ type macAddressList struct {
 	MacAddress string `xml:"mac-address"`
 }
 
-// 判断anyconnect客户端
-func checkLinkClient(h http.HandlerFunc) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		// TODO 调试信息输出
-		// hd, _ := httputil.DumpRequest(r, true)
-		// fmt.Println("DumpRequest: ", string(hd))
-		// fmt.Println(r.RemoteAddr)
-
-		userAgent := strings.ToLower(r.UserAgent())
-		x_Aggregate_Auth := r.Header.Get("X-Aggregate-Auth")
-		x_Transcend_Version := r.Header.Get("X-Transcend-Version")
-		if strings.Contains(userAgent, "anyconnect") &&
-			x_Aggregate_Auth == "1" && x_Transcend_Version == "1" {
-			h(w, r)
-		} else {
-			w.WriteHeader(http.StatusForbidden)
-			fmt.Fprintf(w, "error request")
-		}
-	}
-}
-
 func setCommonHeader(w http.ResponseWriter) {
 	// Content-Length Date 默认已经存在
 	w.Header().Set("Content-Type", "text/html; charset=utf-8")

handler/link_home.go

@@ -26,7 +26,7 @@ func LinkHome(w http.ResponseWriter, r *http.Request) {
 }
 
 func LinkOtpQr(w http.ResponseWriter, r *http.Request) {
-	r.ParseForm()
+	_ = r.ParseForm()
 	idS := r.FormValue("id")
 	jwtToken := r.FormValue("jwt")
 	data, err := admin.GetJwtData(jwtToken)

handler/link_tap.go

@@ -29,6 +29,9 @@ func checkTap() {
 	bridgeHw = brFace.HardwareAddr
 
 	addrs, err := brFace.Addrs()
+	if err != nil {
+		base.Fatal("testTap err: ", err)
+	}
 	for _, addr := range addrs {
 		ip, _, err := net.ParseCIDR(addr.String())
 		if err != nil || ip.To4() == nil {

handler/link_tunnel.go

@@ -73,9 +73,9 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Server", fmt.Sprintf("%s %s", base.APP_NAME, base.APP_VER))
 	w.Header().Set("X-CSTP-Version", "1")
 	w.Header().Set("X-CSTP-Protocol", "Copyright (c) 2004 Cisco Systems, Inc.")
-	w.Header().Set("X-CSTP-Address", cSess.IpAddr.String()) // 分配的ip地址
-	w.Header().Set("X-CSTP-Netmask", base.Cfg.Ipv4Netmask)  // 子网掩码
-	w.Header().Set("X-CSTP-Hostname", hn)                   // 机器名称
+	w.Header().Set("X-CSTP-Address", cSess.IpAddr.String())             // 分配的ip地址
+	w.Header().Set("X-CSTP-Netmask", sessdata.IpPool.Ipv4Mask.String()) // 子网掩码
+	w.Header().Set("X-CSTP-Hostname", hn)                               // 机器名称
 
 	// 允许本地LAN访问vpn网络，必须放在路由的第一个
 	if cSess.Group.AllowLan {
@@ -131,11 +131,11 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
 	// w.Header().Set("X-CSTP-Post-Auth-XML", ``)
 	w.WriteHeader(http.StatusOK)
 
-	h := w.Header().Clone()
+	hClone := w.Header().Clone()
 	headers := make([]byte, 0)
 	buf := bytes.NewBuffer(headers)
-	h.Write(buf)
-	base.Debug(string(buf.Bytes()))
+	_ = hClone.Write(buf)
+	base.Debug(buf.String())
 
 	hj := w.(http.Hijacker)
 	conn, _, err := hj.Hijack()

handler/start.go

@@ -21,5 +21,5 @@ func Start() {
 }
 
 func Stop() {
-	dbdata.Stop()
+	_ = dbdata.Stop()
 }