test

删除armv7
删除静态编译
2025-09-28 16:15:17 +08:00 · 2024-02-04 19:57:07 +08:00 · 2024-02-04 00:01:24 +08:00 · 2024-02-02 19:24:02 +08:00 · 2024-02-02 19:22:13 +08:00 · 2024-02-02 18:59:34 +08:00
93 changed files with 4146 additions and 2124 deletions
--- a/.codecov.yml
+++ b/.codecov.yml
@@ -1,5 +1,7 @@
 ignore:
-  - "screenshot"
+  - "^doc"
-  - "web"
+  - "^home"
-  - "server/conf"
+  - "^web"
-  - "server/files"
+  - "^server/conf"
  - "^server/files"
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1,13 @@
 # These are supported funding model platforms
 github: [ 'bjdgyc' ] # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
 patreon: # Replace with a single Patreon username
 open_collective: # Replace with a single Open Collective username
 ko_fi: # Replace with a single Ko-fi username
 tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
 community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
 liberapay: # Replace with a single Liberapay username
 issuehunt: # Replace with a single IssueHunt username
 otechie: # Replace with a single Otechie username
 lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
 custom: [ 'https://github.com/bjdgyc/anylink/blob/main/doc/README.md' ] # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -12,13 +12,15 @@
 name: "CodeQL"
 on:
-  push:
+  workflow_dispatch:
    branches: [ "main", "dev" ]
  pull_request:
    # The branches below must be a subset of the branches above
    branches: [ "main", "dev" ]
  schedule:
-    - cron: '32 12 * * 5'
+    - cron: '32 5 * * 1'
 #  push:
 #    branches: [ "main", "dev" ]
 #  pull_request:
 #    branches: [ "main", "dev" ]
 jobs:
  analyze:
@@ -39,7 +41,7 @@ jobs:
    steps:
      - name: Checkout repository
-      uses: actions/checkout@v2
+        uses: actions/checkout@v4
      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
--- a/.github/workflows/go-update.yml
+++ b/.github/workflows/go-update.yml
@@ -0,0 +1,48 @@
 name: go-update
 on:
  workflow_dispatch:
 #  schedule:
 #    - cron: "1 2 * * 5"
 jobs:
  go:
    runs-on: ubuntu-latest
    steps:
      - name: Setup Go 1.x.y
        uses: actions/setup-go@main
        with:
          go-version: '1.20'
          stable: true
      - name: Checkout codebase
        uses: actions/checkout@main
      - name: go
        run: |
          cd ./server
          go mod tidy -compat=1.20
          #gofmt -w -r 'interface{} -> any' .
          go get -u
          go mod download
          go get -u
          go mod download
      - name: Git push
        run: |
          git init
          git config --local user.name "github-actions[bot]"
          git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
          git remote rm origin
          git remote add origin "https://${{ github.actor }}:${{ secrets.GITHUBTOKEN }}@github.com/${{ github.repository }}"
          git gc --aggressive
          git add --all
          git commit -m "update go.mod $(date +%Y.%m.%d.%H.%M)"
          #git push -f -u origin _autoaction
          git push -u origin _autoaction
      # 删除无用 workflow runs;
      - name: Delete workflow runs
        uses: GitRML/delete-workflow-runs@main
        with:
          retain_days: 0.1
          keep_minimum_runs: 1
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -1,6 +1,8 @@
 name: Go
 on:
  workflow_dispatch:
  push:
    branches: [ "main", "dev" ]
  pull_request:
@@ -12,15 +14,15 @@ jobs:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - name: Check out code into the Go module directory
        uses: actions/checkout@v4
      - name: Set up Go 1.x
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v4
        with:
-          go-version: 1.18
+          go-version: '1.20'
-        id: go
+          go-version-file: 'server/go.mod'
-
+          cache-dependency-path: 'server/go.sum'
      - name: Check out code into the Go module directory
        uses: actions/checkout@v2
      - name: Get dependencies
        run: |
@@ -32,15 +34,16 @@ jobs:
          cd server
          mkdir ui
          touch ui/index.html
-          go build -v -o anylink -ldflags "-X main.CommitId=`git rev-parse HEAD`"
+          go build -v -o anylink -trimpath -ldflags "-X main.CommitId=`git rev-parse HEAD`"
          ./anylink tool -v
      - name: Test coverage
        run: |
          cd server
          go test ./...
          go test -race -coverprofile=coverage.txt -covermode=atomic -v ./...
-      - name: Upload coverage to Codecov
+      - name: Upload coverage reports to Codecov
-        run: |
+        uses: codecov/codecov-action@v3
-          cd server
+        env:
-          bash <(curl -s https://codecov.io/bash)
+          CODECOV_TOKEN: 28d52fb0-8fc9-460f-95b9-fb84f9138e58
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -0,0 +1,98 @@
 name: release
 on:
  workflow_dispatch:
  push:
    tags:
      - "v0.*"
      - "v1.*"
 jobs:
  Build:
    name: build-binary
    runs-on: ubuntu-latest
    env:
      TZ: Asia/Shanghai
    steps:
      - name: Hello world
        run: uname -a
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '16'
          cache: 'yarn'
          cache-dependency-path: 'web/yarn.lock'
      - name: Build web
        working-directory: web
        run: |
          yarn install
          yarn run build
      #      - uses: actions/setup-go@v4
      #        with:
      #          go-version: '1.20'
      #          cache-dependency-path: 'server/go.sum'
      - name: Set up QEMU
        # https://github.com/docker/setup-qemu-action
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: bjdgyc
          password: ${{ secrets.DOCKERHUB_TOKEN }}
          logout: true
      - name: Pre bash
        shell: bash
        run: |
          appVer=`cat version`
          commitId=`git rev-parse HEAD`
          echo "APP_VER=$appVer" >> $GITHUB_ENV
          echo "commitId=$commitId" >> $GITHUB_ENV
          echo $appVer > version_info
          echo $commitId >> version_info
          echo $GITHUB_REF >> version_info
          echo $GITHUB_REF_NAME >> version_info
          #cd server;go mod tidy
      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          push: true
          cache-from: type=gha,scope=anylink
          cache-to: type=gha,mode=max,scope=anylink
          context: .
          file: ./docker/Dockerfile
          platforms: linux/amd64,linux/arm64
          #platforms: linux/amd64
          build-args: |
            appVer=${{ env.APP_VER }}
            commitId=${{ env.commitId }}
          tags: bjdgyc/anylink:latest,bjdgyc/anylink:${{ env.APP_VER }}
          #tags: bjdgyc/anylink:${{ env.APP_VER }}
      - name: Build deploy binary
        shell: bash
        run: bash release.sh
      - name: Release
        # https://github.com/ncipollo/release-action
        # artifacts: bin/release/*
        # generateReleaseNotes: true
        # draft: true
        # https://github.com/softprops/action-gh-release
        uses: softprops/action-gh-release@v1
        #if: startsWith(github.ref, 'refs/tags/')
        with:
          tag_name: v${{ env.APP_VER }}
          files: artifact-dist/*
 #  Docker:
 #    name: build-docker
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,8 @@
 .idea/
 anylink-deploy
 anylink-deploy.tar.gz
 anylink
 anylink.db
 dist
 artifact-dist
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -0,0 +1,104 @@
 #https://goreleaser.com/static/schema.json
 # release --skip=publish
 # goreleaser build --skip=validate --clean --debug
 # GOPROXY=https://goproxy.cn
 # docker run -it --rm -v $PWD:/app -v /go:/go -w /app --platform=linux/arm64 golang:alpine3.19
 # docker run -it --rm -v $PWD:/app -v /go:/go -w /app goreleaser/goreleaser-cross build --skip=validate --clean --debug
 # docker run -it --rm -v $PWD:/app -v /go:/go -w /app bjdgyc/dcross goreleaser build --skip=validate --clean --debug
 version: 1
 dist: dist
 before:
  hooks:
    - pwd
 #    - cmd: go mod tidy
 #      dir:
 #        "{{ dir .Dist}}"
 #      output: true
 #    - cmd: go generate
 #      dir:
 #        "{{ dir .Dist}}"
 #      output: true
 builds:
  - id: "build"
    #main: .
    dir: ./server
    hooks:
      pre:
        - cmd: go mod tidy
          dir: ./server
          output: true
        - cmd: go generate
          dir: ./server
          output: true
    # {{- if eq .Arch "amd64" }}CC=x86_64-linux-gnu-gcc CXX=x86_64-linux-gnu-g++{{- end }}
    env:
      - CGO_ENABLED=1
      - >-
        {{- if eq .Os "linux" }}
          {{- if eq .Arch "amd64" }}CC=x86_64-linux-musl-gcc{{- end }}
          {{- if eq .Arch "arm64" }}CC=aarch64-linux-gnu-gcc{{- end }}
        {{- end }}
        {{- if eq .Os "darwin" }}
          {{- if eq .Arch "amd64"}}CC=o64-clang{{- end }}
          {{- if eq .Arch "arm64"}}CC=oa64-clang{{- end }}
        {{- end }}
        {{- if eq .Os "windows" }}
          {{- if eq .Arch "amd64"}}CC=x86_64-w64-mingw32-gcc{{- end }}
          {{- if eq .Arch "arm64"}}CC=aarch64-linux-gnu-gcc{{- end }}
        {{- end }}
    goos:
      - linux
      #- darwin
      #- windows
    goarch:
      - amd64
      #- arm64
    # https://go.dev/wiki/MinimumRequirements
    goamd64:
      - v1
    command: build
    flags:
      - -trimpath
      - -tags osusergo,netgo,sqlite_omit_load_extension
    ldflags:
      # go tool link -help
      # go tool compile -help
      # -linkmode external
      # -extld=$CC
      # -fpic 作为动态链接库的时候 需要添加
      - -s -w -extldflags '-static' -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.Date}} -X main.builtBy=dcross
 archives:
  - id: "archive1"
    format: tar.gz
    # this name template makes the OS and Arch compatible with the results of `uname`.
    name_template: >-
      {{ .ProjectName }}_
      {{- title .Os }}_
      {{- if eq .Arch "amd64" }}x86_64
      {{- else if eq .Arch "386" }}i386
      {{- else }}{{ .Arch }}{{ end }}
      {{- if .Arm }}v{{ .Arm }}{{ end }}
    # use zip for windows archives
    format_overrides:
      - goos: windows
        format: zip
 changelog:
  sort: asc
  filters:
    exclude:
      - "^docs:"
      - "^test:"
--- a/README.md
+++ b/README.md
@@ -3,9 +3,10 @@
 [![Go](https://github.com/bjdgyc/anylink/workflows/Go/badge.svg?branch=main)](https://github.com/bjdgyc/anylink/actions)
 [![PkgGoDev](https://pkg.go.dev/badge/github.com/bjdgyc/anylink)](https://pkg.go.dev/github.com/bjdgyc/anylink)
 [![Go Report Card](https://goreportcard.com/badge/github.com/bjdgyc/anylink)](https://goreportcard.com/report/github.com/bjdgyc/anylink)
-[![codecov](https://codecov.io/gh/bjdgyc/anylink/branch/master/graph/badge.svg?token=JTFLIIIBQ0)](https://codecov.io/gh/bjdgyc/anylink)
+[![codecov](https://codecov.io/gh/bjdgyc/anylink/graph/badge.svg?token=JTFLIIIBQ0)](https://codecov.io/gh/bjdgyc/anylink)
 ![GitHub release](https://img.shields.io/github/v/release/bjdgyc/anylink)
-![GitHub downloads)](https://img.shields.io/github/downloads/bjdgyc/anylink/total)
+![GitHub downloads total)](https://img.shields.io/github/downloads/bjdgyc/anylink/total)
 ![GitHub Downloads (all assets, latest release)](https://img.shields.io/github/downloads/bjdgyc/anylink/latest/total)
 [![Docker pulls)](https://img.shields.io/docker/pulls/bjdgyc/anylink.svg)](https://hub.docker.com/r/bjdgyc/anylink)
 ![LICENSE](https://img.shields.io/github/license/bjdgyc/anylink)
@@ -24,7 +25,8 @@ AnyLink 基于 [ietf-openconnect](https://tools.ietf.org/html/draft-mavrogiannop
 AnyLink 使用 TLS/DTLS 进行数据加密，因此需要 RSA 或 ECC 证书，可以通过 Let's Encrypt 和 TrustAsia 申请免费的 SSL 证书。
-AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试通过，如需要安装在其他系统，需要服务端支持 tun/tap 功能、ip 设置命令。
+AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试通过，如需要安装在其他系统，需要服务端支持 tun/tap
 功能、ip 设置命令。
 ## Screenshot
@@ -45,6 +47,8 @@ AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试
 > 没有编程基础的同学建议直接下载 release 包，从下面的地址下载 anylink-deploy.tar.gz
 >
 > https://github.com/bjdgyc/anylink/releases
 >
 > 如果不会安装，可以提供有偿远程协助服务。添加QQ联系我 68492170
 ### 使用问题
@@ -52,17 +56,29 @@ AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试
 >
 > 对于线上环境，必须申请安全的 https 证书，不支持私有证书连接
 >
 > 服务端安装 yum install iproute 或者 apt-get install iproute2
 >
 > 客户端请使用群共享文件的版本，其他版本没有测试过，不保证使用正常
 >
-> 首次使用，请在浏览器访问 https://域名:443，浏览器提示安全后，在客户端输入 【域名:443】 即可
+> 其他问题 [前往查看](doc/question.md)
 >
 > 默认管理后台访问地址  https://host:8800  默认账号密码 admin 123456
 >
 > 首次使用，请在浏览器访问  https://域名:443   浏览器提示安全后，在客户端输入 【域名:443】 即可
 ### 自行编译安装
-> 需要提前安装好 golang >= 1.18 和 nodejs >= 14.x 和 yarn >= v1.22.x
+> 需要提前安装好 golang >= 1.20 和 nodejs = 16.x 和 yarn >= v1.22.x
 ```shell
 git clone https://github.com/bjdgyc/anylink.git
 # 编译参考软件版本
 # go 1.20.12
 # node v16.20.2
 # yarn 1.22.19
 cd anylink
 sh build.sh
@@ -109,17 +125,25 @@ sudo ./anylink
 > 示例配置文件内有详细的注释，根据注释填写配置即可。
 ```shell
 # 查看帮助信息
 ./anylink -h
 # 生成后台密码
 ./anylink tool -p 123456
 # 生成jwt密钥
 ./anylink tool -s
 # 查看所有配置项
 ./anylink tool -d
 ```
 > 数据库配置示例
 >
 > 数据库表结构自动生成，无需手动导入(请赋予 DDL 权限)
 | db_type  | db_source                                              |
-| -------- | ------------------------------------------------------ |
+|----------|--------------------------------------------------------|
 | sqlite3  | ./conf/anylink.db                                      |
 | mysql    | user:password@tcp(127.0.0.1:3306)/anylink?charset=utf8 |
 | postgres | user:password@localhost/anylink?sslmode=verify-full    |
@@ -128,13 +152,23 @@ sudo ./anylink
 >
 > [conf/server-sample.toml](server/conf/server-sample.toml)
 ## Upgrade
 > 升级前请备份配置文件`conf`目录 和 数据库，并停止服务
 >
 > 使用新版的 `anylink` 二进制文件替换旧版
 >
 > 重启服务后，即可完成升级
 ## Setting
 > 以下参数必须设置其中之一
-网络模式选择，需要配置 `link_mode` 参数，如 `link_mode="tun"`,`link_mode="macvtap"`,`link_mode="tap"(不推荐)` 等参数。 不同的参数需要对服务器做相应的设置。
+网络模式选择，需要配置 `link_mode` 参数，如 `link_mode="tun"`,`link_mode="macvtap"`,`link_mode="tap"(不推荐)` 等参数。
 不同的参数需要对服务器做相应的设置。
-建议优先选择 tun 模式，其次选择 macvtap 模式，因客户端传输的是 IP 层数据，无须进行数据转换。 tap 模式是在用户态做的链路层到 IP 层的数据互相转换，性能会有所下降。 如果需要在虚拟机内开启 tap
+建议优先选择 tun 模式，其次选择 macvtap 模式，因客户端传输的是 IP 层数据，无须进行数据转换。 tap 模式是在用户态做的链路层到
 IP 层的数据互相转换，性能会有所下降。 如果需要在虚拟机内开启 tap
 模式，请确认虚拟机的网卡开启混杂模式。
 ### tun 设置
@@ -142,7 +176,7 @@ sudo ./anylink
 1. 开启服务器转发
 ```shell
-# flie: /etc/sysctl.conf
+# file: /etc/sysctl.conf
 net.ipv4.ip_forward = 1
 #执行如下命令
@@ -188,7 +222,6 @@ https://cloud.tencent.com/document/product/216/62007
 ```
 3. 使用 AnyConnect 客户端连接即可
 ### macvtap 设置
@@ -199,9 +232,17 @@ https://cloud.tencent.com/document/product/216/62007
 > 以下参数可以通过执行 `ip a` 查看
 ```
 # 命令行执行 master网卡需要打开混杂模式
 ip link set dev eth0 promisc on
 #=====================#
 # 配置文件修改
 # 首先关闭nat转发功能
 iptables_nat = false
 link_mode = "macvtap"
 #内网主网卡名称
 ipv4_master = "eth0"
 #以下网段需要跟ipv4_master网卡设置成一样
@@ -211,29 +252,36 @@ ipv4_start = "10.1.2.100"
 ipv4_end = "10.1.2.200"
 ```
 ## Deploy
-## Systemd
+> 部署配置文件放在 `deploy` 目录下，请根据实际情况修改配置文件
 ### Systemd
 1. 添加 anylink 程序
-
+    - 首先把 `anylink-deploy` 文件夹放入 `/usr/local/anylink-deploy`
    - anylink 程序目录放入 `/usr/local/anylink-deploy`
    - 添加执行权限 `chmod +x /usr/local/anylink-deploy/anylink`
-
+2. 把 `anylink.service` 脚本放入：
 2. systemd/anylink.service 脚本放入：
    - centos: `/usr/lib/systemd/system/`
    - ubuntu: `/lib/systemd/system/`
 3. 操作命令:
    - 启动: `systemctl start anylink`
    - 停止: `systemctl stop anylink`
    - 开机自启: `systemctl enable anylink`
 ### Docker Compose
 1. 进入 `deploy` 目录
 2. 执行脚本 `docker-compose up`
 ### k8s
 1. 进入 `deploy` 目录
 2. 执行脚本 `kubectl apply -f deployment.yaml`
 ## Docker
 1. 获取镜像
   ```bash
   # 具体tag可以从docker hub获取
   # https://hub.docker.com/r/bjdgyc/anylink/tags
@@ -241,61 +289,79 @@ ipv4_end = "10.1.2.200"
   ```
 2. 查看命令信息
   ```bash
   docker run -it --rm bjdgyc/anylink -h
   ```
 3. 生成密码
   ```bash
   docker run -it --rm bjdgyc/anylink tool -p 123456
   #Passwd:$2a$10$lCWTCcGmQdE/4Kb1wabbLelu4vY/cUwBwN64xIzvXcihFgRzUvH2a
   ```
 4. 生成 jwt secret
   ```bash
   docker run -it --rm bjdgyc/anylink tool -s
   #Secret:9qXoIhY01jqhWIeIluGliOS4O_rhcXGGGu422uRZ1JjZxIZmh17WwzW36woEbA
   ```
-5. 启动容器
+5. 查看所有配置项
   ```bash
   docker run -it --rm bjdgyc/anylink tool -d
   ```
 6. 启动容器
   ```bash
   # 默认启动
   docker run -itd --name anylink --privileged \
-       -p 443:443 -p 8800:8800 \
+       -p 443:443 -p 8800:8800 -p 443:443/udp \
       --restart=always \
       bjdgyc/anylink
   # 自定义配置目录
   # 首次启动会自动创建配置文件
   # 配置文件初始化完成后，容器会强制退出，请重新启动容器
   docker run -itd --name anylink --privileged \
       -p 443:443 -p 8800:8800 -p 443:443/udp \
       -v /home/myconf:/app/conf \
       --restart=always \
       bjdgyc/anylink
   docker restart anylink
   ```
 6. 使用自定义参数启动容器
   ```bash
-   # 参数可以参考 -h 命令
+   # 参数可以参考 ./anylink tool -d
   # 可以使用命令行参数 或者 环境变量 配置
   docker run -itd --name anylink --privileged \
-       -p 443:443 -p 8800:8800 \
+       -e LINK_LOG_LEVEL=info \
       -p 443:443 -p 8800:8800 -p 443:443/udp \
       -v /home/myconf:/app/conf \
       --restart=always \
       bjdgyc/anylink \
-       -c=/etc/server.toml --ip_lease=1209600 # IP地址租约时长
+       --ip_lease=1209600 # IP地址租约时长
   ```
-7. 构建镜像
+7. 构建镜像 (非必需)
   ```bash
   #获取仓库源码
   git clone https://github.com/bjdgyc/anylink.git
   # 构建镜像
   sh build_docker.sh
   或
   docker build -t anylink -f docker/Dockerfile .
   ```
 ## 常见问题
 请前往 [问题地址](doc/question.md) 查看具体信息
 ## Discussion
-添加QQ群: 567510628
+添加QQ群(1)(已满): 567510628
 添加QQ群(2): 739072205
 群共享文件有相关软件下载
@@ -305,6 +371,11 @@ ipv4_end = "10.1.2.200"
 ![contact_me_qr](doc/screenshot/contact_me_qr.png)
 -->
 ## Support Client
 - [AnyConnect Secure Client](https://www.cisco.com/) (可通过群文件下载: Windows/macOS/Linux/Android/iOS)
 - [OpenConnect](https://gitlab.com/openconnect/openconnect) (Windows/macOS/Linux)
 - [AnyLink Secure Client](https://github.com/tlslink/anylink-client) (Windows/macOS/Linux)
 ## Contribution
--- a/build.sh
+++ b/build.sh
@@ -11,43 +11,52 @@ function RETVAL() {
 #当前目录
 cpath=$(pwd)
 #ver=`cat server/base/app_ver.go | grep APP_VER | awk '{print $3}' | sed 's/"//g'`
 ver=$(cat version)
 echo "当前版本 $ver"
 echo "编译前端项目"
 cd $cpath/web
 #国内可替换源加快速度
 #npx browserslist@latest --update-db
-#npm install --registry=https://registry.npm.taobao.org
+yarn install --registry=https://registry.npmmirror.com
 #npm install
 #npm run build
 yarn install
 yarn run build
 RETVAL $?
 echo "编译二进制文件"
 cd $cpath/server
 rm -rf ui
 cp -rf $cpath/web/ui .
 # -tags osusergo,netgo,sqlite_omit_load_extension
 flags="-v -trimpath"
 # -extldflags '-static'
 ldflags="-s -w -X main.appVer=$ver -X main.commitId=$(git rev-parse HEAD) -X main.date=$(date -Iseconds)"
 #国内可替换源加快速度
 export GOPROXY=https://goproxy.io
 go mod tidy
-go build -v -o anylink -ldflags "-X main.CommitId=$(git rev-parse HEAD)"
+go build -o anylink $flags -ldflags "$ldflags"
 RETVAL $?
 cd $cpath
 exit 0
 echo "整理部署文件"
 deploy="anylink-deploy"
 rm -rf $deploy ${deploy}.tar.gz
 mkdir $deploy
 mkdir $deploy/log
 cp -r server/anylink $deploy
-#cp -r server/bridge-init.sh $deploy
+cp -r server/bridge-init.sh $deploy
 cp -r server/conf $deploy
 cp -r systemd $deploy
 cp -r LICENSE $deploy
 cp -r home $deploy
 tar zcvf ${deploy}.tar.gz $deploy
--- a/build_docker.sh
+++ b/build_docker.sh
@@ -1,15 +1,18 @@
 #!/bin/bash
-ver=`cat server/base/app_ver.go | grep APP_VER | awk '{print $3}' | sed 's/"//g'`
+ver=$(cat version)
 echo $ver
-#docker login -u bjdgyc
+# docker login -u bjdgyc
-#docker build -t bjdgyc/anylink .
+# 生成时间 2024-01-30T21:41:27+08:00
-docker build -t bjdgyc/anylink -f docker/Dockerfile .
+# date -Iseconds
 docker run -it --rm -v $PWD/web:/app -w /app node:16-alpine \
  sh -c "yarn install --registry=https://registry.npmmirror.com && yarn run build"
 docker buildx build -t bjdgyc/anylink:latest --progress=plain --build-arg CN="yes" --build-arg appVer=$ver \
  --build-arg commitId=$(git rev-parse HEAD) -f docker/Dockerfile .
 echo "docker tag latest $ver"
 docker tag bjdgyc/anylink:latest bjdgyc/anylink:$ver
 docker push bjdgyc/anylink:$ver
 docker push bjdgyc/anylink:latest
--- a/deploy/anylink.service
+++ b/deploy/anylink.service
@@ -0,0 +1,24 @@
 [Unit]
 Description=AnyLink Server Service
 Documentation=https://github.com/bjdgyc/anylink
 After=network-online.target
 [Service]
 Type=simple
 User=root
 WorkingDirectory=/usr/local/anylink-deploy
 Restart=on-failure
 RestartSec=5s
 ExecStart=/usr/local/anylink-deploy/anylink --conf=/usr/local/anylink-deploy/conf/server.toml
 # systemctl --version
 # systemd older than v236
 # ExecStart=/bin/bash -c 'exec /usr/local/anylink-deploy/anylink --conf=/usr/local/anylink-deploy/conf/server.toml >> /usr/local/anylink-deploy/log/anylink.log 2>&1'
 # systemd new than v236
 # StandardOutput=file:/usr/local/anylink-deploy/log/anylink-systemd.log
 # StandardError=file:/usr/local/anylink-deploy/log/anylink-systemd.log
 [Install]
 WantedBy=multi-user.target
--- a/deploy/deployment.yaml
+++ b/deploy/deployment.yaml
@@ -0,0 +1,101 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: anylink
  namespace: default
  labels:
    link-app: anylink
 spec:
  replicas: 1
  selector:
    matchLabels:
      link-app: anylink
  template:
    metadata:
      labels:
        link-app: anylink
    spec:
      #hostNetwork: true
      dnsPolicy: ClusterFirst
      containers:
        - name: anylink
          env:
            - name: NODE_NAME
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: spec.nodeName
            - name: GOMAXPROCS
              valueFrom:
                resourceFieldRef:
                  resource: limits.cpu
            - name: POD_CPU_LIMIT
              valueFrom:
                resourceFieldRef:
                  resource: limits.cpu
            - name: POD_MEMORY_LIMIT
              valueFrom:
                resourceFieldRef:
                  resource: limits.memory
            - name: TZ
              value: "Asia/Shanghai"
          image: bjdgyc/anylink:latest
          imagePullPolicy: Always
          args:
            - --conf=/app/conf/server.toml
          ports:
            - name: https
              containerPort: 443
              protocol: TCP
            - name: https-admin
              containerPort: 8800
              protocol: TCP
            - name: dtls
              containerPort: 443
              protocol: UDP
          # 设置资源
          resources:
            limits:
              cpu: "2"
              memory: 4Gi
              ephemeral-storage: "2Gi"
          securityContext:
            privileged: true
      # 禁用自动注入 service 信息到环境变量
      enableServiceLinks: false
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      nodeSelector:
        kubernetes.io/os: linux
      securityContext: { }
      tolerations:
        - operator: Exists
      #设置优先级
      priorityClassName: system-cluster-critical
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: anylink
  namespace: default
  labels:
    link-app: anylink
 spec:
  ports:
    - name: https
      port: 443
      targetPort: 443
      protocol: TCP
    - name: https-admin
      port: 8800
      targetPort: 8800
      protocol: TCP
    - name: dtls
      port: 443
      targetPort: 443
      protocol: UDP
  selector:
    link-app: anylink
  sessionAffinity: ClientIP
  type: ClusterIP
--- a/deploy/docker-compose.yaml
+++ b/deploy/docker-compose.yaml
@@ -0,0 +1,19 @@
 services:
  anylink:
    image: bjdgyc/anylink:latest
    container_name: anylink
    restart: always
    privileged: true
    #cpus: 2
    #mem_limit: 4g
    ports:
      - 443:443
      - 8800:8800
      - 443:443/udp
    environment:
      LINK_LOG_LEVEL: info
    command:
      - --conf=/app/conf/server.toml
    #volumes:
    #  - /home/myconf:/app/conf
    dns_search: .
--- a/doc/README.md
+++ b/doc/README.md
@@ -10,10 +10,10 @@
 > 感谢以下同学的打赏，AnyLink 有你更美好！
 >
-> 需要展示主页的同学，可以在QQ群(567510628) 直接联系我添加。
+> 需要展示主页的同学，可以在QQ群 直接联系我添加。
-| 昵称      | 主页                         |
+| 昵称        | 主页 / 联系方式                    |
-|---------| ---------------------------- |
+|-----------|------------------------------|
 | 代码 oo8    |                              |
 | 甘磊        | https://github.com/ganlei333 |
 | Oo@       | https://github.com/chooop    |
@@ -33,6 +33,18 @@
 | 刘国华       |                              |
 | 忧郁的豚骨拉面   |                              |
 | 张小旋当爹地    |                              |
 | 对方正在输入    |                              |
 | Ronny     |                              |
 | 奔跑的少年     |                              |
 | ZBW       |                              |
 | 悲鸣        |                              |
 | 谢谢        |                              |
 | 云思科技      |                              |
 | 哆啦A伟(张佳伟) |                              |
 | 人类的悲欢并不相通 |                              |
 | 做人要低调     |                              |
 | 洛洛        |                              |
--- a/doc/question.md
+++ b/doc/question.md
@@ -1,34 +1,106 @@
-# 常见问题
+## 常见问题
 ### anyconnect 客户端问题
 > 客户端请使用群共享文件的版本，其他版本没有测试过，不保证使用正常
 >
 > 添加QQ群: 567510628
 ### OTP 动态码
 > 请使用手机安装 freeotp ，然后扫描otp二维码，生成的数字即是动态码
 ### 远程桌面连接
 > 本软件已经支持远程桌面里面连接anyconnect。
 ### 私有证书问题
 > anylink 默认不支持私有证书
 >
 > 其他使用私有证书的问题，请自行解决
 ### 客户端连接名称
 > 客户端连接名称需要修改 [profile.xml](../server/conf/profile.xml) 文件
 ```xml
 <HostEntry>
    <HostName>VPN</HostName>
    <HostAddress>localhost</HostAddress>
 </HostEntry>
 ```
 ### dpd timeout 设置问题
-```
+
 ```yaml
 #客户端失效检测时间(秒) dpd > keepalive
-cstp_keepalive = 20
+cstp_keepalive = 4
-cstp_dpd = 30
+cstp_dpd = 9
-mobile_keepalive = 40
+mobile_keepalive = 7
-mobile_dpd = 50
+mobile_dpd = 15
 ```
 > 以上dpd参数为客户端的超时检测时间, 如一段时间内，没有数据传输，防火墙会主动关闭连接
 >
 > 如经常出现 timeout 的错误信息，应根据当前防火墙的设置，适当减小dpd数值
 ### 关于审计日志 audit_interval 参数
 > 默认值 `audit_interval = 600` 表示相同日志600秒内只记录一次，不同日志首次出现立即记录
 >
 > 去重key的格式: 16字节源IP地址 + 16字节目的IP地址 + 2字节目的端口 + 1字节协议类型 + 16字节域名MD5
 ### 反向代理问题
 > anylink 仅支持四层反向代理，不支持七层反向代理
 >
 > 如Nginx请使用 stream模块
 ```conf
 stream {
    upstream anylink_server {
        server 127.0.0.1:8443;
    }
    server {
        listen 443 tcp;
        proxy_timeout 30s;
        proxy_pass anylink_server;
    }
 }
 ```
 > nginx实现 共用443端口 示例
 ```conf
 stream {
    map $ssl_preread_server_name $name {
        vpn.xx.com        myvpn;
        default     defaultpage;
    }
    # upstream pool
    upstream myvpn {
        server 127.0.0.1:8443;
    }
    upstream defaultpage {
        server 127.0.0.1:8080;
    }
    server {
        listen 443 so_keepalive=on;
        ssl_preread on;
        #接收端也需要设置 proxy_protocol
        #proxy_protocol on;
        proxy_pass $name;
    }
 }
 ```
 ### 性能问题
 ```
 内网环境测试数据
 虚拟服务器：  centos7 4C8G
@@ -37,6 +109,7 @@ anylink:    tun模式 tcp传输
 客户端网卡下载速度：270Mb/s
 服务端网卡上传速度：280Mb/s
 ```
 > 客户端tls加密协议、隧道header头都会占用一定带宽
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,48 +1,58 @@
-# web
+#node:16-bullseye
-FROM node:16.17.1-alpine3.15 as builder_node
+#golang:1.20-bullseye
-WORKDIR /web
+#debian:bullseye-slim
-COPY ./web /web
+#bullseye
-RUN yarn install \
+# sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
-    && yarn run build \
+#bookworm
-    && ls /web/ui
+# sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list.d/debian.sources
 # sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
 # 配合 github action 使用
 # 需要先编译出ui文件后 再执行docker编译
 # server
-FROM golang:1.18-alpine as builder_golang
+FROM golang:1.20-alpine3.19 as builder_golang
-#TODO 本地打包时使用镜像
+
-ENV GOPROXY=https://goproxy.io
+ARG CN="no"
-ENV GOOS=linux
+ARG appVer="appVer"
-WORKDIR /anylink
+ARG commitId="commitId"
-COPY . /anylink
+
-COPY --from=builder_node /web/ui  /anylink/server/ui
+ENV TZ=Asia/Shanghai
 WORKDIR /server
 COPY docker/init_build.sh /tmp/
 COPY server/ /server/
 COPY web/ui  /server/ui
 #RUN apk add gcc musl-dev bash
 RUN sh /tmp/init_build.sh
 #TODO 本地打包时使用镜像
 RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
 RUN apk add --no-cache git gcc musl-dev
 RUN cd /anylink/server;go mod tidy;go build -o anylink -ldflags "-X main.CommitId=$(git rev-parse HEAD)" \
    && /anylink/server/anylink tool -v
 # anylink
-FROM alpine
+FROM alpine:3.19
 LABEL maintainer="github.com/bjdgyc"
-ENV IPV4_CIDR="192.168.10.0/24"
+ARG CN="no"
 ENV TZ=Asia/Shanghai
 ENV ANYLINK_IN_CONTAINER=true
 WORKDIR /app
-COPY --from=builder_golang /anylink/server/anylink  /app/
+COPY docker/init_release.sh /tmp/
 COPY docker/docker_entrypoint.sh  /app/
-#COPY ./server/bridge-init.sh /app/
+COPY --from=builder_golang /server/anylink  /app/
 COPY docker/docker_entrypoint.sh server/bridge-init.sh ./README.md ./LICENSE version_info /app/
 COPY ./deploy /app/deploy
 COPY ./index_template  /app/index_template
 COPY ./server/conf  /app/conf
 COPY ./LICENSE  /app/LICENSE
 #TODO 本地打包时使用镜像
-RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
+RUN sh /tmp/init_release.sh
 RUN apk add --no-cache bash iptables \
    && chmod +x /app/docker_entrypoint.sh \
    && ls /app
-EXPOSE 443 8800
+
 EXPOSE 443 8800 443/udp
 #CMD ["/app/anylink"]
 ENTRYPOINT ["/app/docker_entrypoint.sh"]
--- a/docker/docker_entrypoint.sh
+++ b/docker/docker_entrypoint.sh
@@ -14,10 +14,18 @@ case $var1 in
  ;;
 *)
-  sysctl -w net.ipv4.ip_forward=1
+  #sysctl -w net.ipv4.ip_forward=1
  #iptables -t nat -A POSTROUTING -s "${IPV4_CIDR}" -o eth0+ -j MASQUERADE
  #iptables -nL -t nat
  # 启动服务 先判断配置文件是否存在
  if [ ! -f /app/conf/profile.xml ]; then
    /bin/cp -r /home/conf-bak/* /app/conf/
    echo "After the configuration file is initialized, the container will be forcibly exited. Restart the container."
    echo "配置文件初始化完成后，容器会强制退出，请重新启动容器。"
    exit 1
  fi
  exec /app/anylink "$@"
  ;;
 esac
--- a/docker/init_build.sh
+++ b/docker/init_build.sh
@@ -0,0 +1,34 @@
 #!/bin/sh
 set -x
 #TODO 本地打包时使用镜像
 if [[ $CN == "yes" ]]; then
  sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
  export GOPROXY=https://goproxy.cn
 fi
 apk add build-base tzdata gcc musl-dev upx
 uname -a
 env
 date
 cd /server
 go mod tidy
 echo "start build"
 extldflags="-static"
 ldflags="-s -w -X main.appVer=$appVer -X main.commitId=$commitId -X main.buildDate=$(date -Iseconds) \
  -extldflags \"$extldflags\" "
 CGO_ENABLED=1 go build -o anylink -trimpath -ldflags "$ldflags"
 ls -lh /server/
 # 压缩文件
 upx -9 -k anylink
 /server/anylink -v
--- a/docker/init_release.sh
+++ b/docker/init_release.sh
@@ -0,0 +1,21 @@
 #!/bin/sh
 set -x
 #TODO 本地打包时使用镜像
 if [[ $CN == "yes" ]]; then
  sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
  export GOPROXY=https://goproxy.cn
 fi
 apk add --no-cache bash iptables iproute2 tzdata
 chmod +x /app/docker_entrypoint.sh
 mkdir /app/log
 #备份配置文件
 cp -r /app/conf /home/conf-bak
 tree /app
 uname -a
 date -Iseconds
--- a/index_template/自定义首页1.html
+++ b/index_template/自定义首页1.html
@@ -0,0 +1,101 @@
 <!DOCTYPE html>
 <html>
 <head>
  <meta charset="UTF-8">
  <title>AnyLink - 企业级远程办公 SSL VPN</title>
  <style>
    /* CSS样式表 */
    body {
      font-family: Arial, sans-serif;
      margin: 0;
      padding: 0;
    }
    header {
      background-color: #333;
      color: #fff;
      padding: 20px;
      text-align: center;
    }
    h1 {
      margin: 0;
      font-size: 32px;
    }
    main {
      max-width: 960px;
      margin: 20px auto;
      padding: 0 20px;
 	  margin-bottom: 100px;
    }
    p {
      line-height: 1.5;
    }
 	/* 设置页脚固定在底部，并且占满横向宽度 */
 	footer {
 		position: fixed;
 		bottom: 0;
 		left: 0;
 		width: 100%;
 	}
    footer {
      background-color: #f2f2f2;
      padding: 20px;
      text-align: center;
    }
    .cta-button {
      display: inline-block;
      background-color: #007bff;
      color: #fff;
      padding: 10px 20px;
      text-decoration: none;
      border-radius: 4px;
      font-weight: bold;
      margin-right: 10px;
    }
  </style>
 </head>
 <body>
  <header>
    <h1>欢迎使用 AnyLink</h1>
  </header>
  <main>
    <h2>什么是 AnyLink？</h2>
    <p>AnyLink 是一款面向企业级的远程办公 SSL VPN 软件，支持多人同时在线使用。它提供安全、便捷的访问内部网络资源的方式，使远程工作者能够有效协作。</p>
    <h2>核心功能</h2>
    <ul>
      <li>安全远程访问：AnyLink 使用 SSL/TLS 加密技术，确保远程用户与企业网络之间的连接安全可靠。</li>
      <li>多用户支持：多个用户可以同时连接 VPN，实现不同地点团队的无缝协作。</li>
      <li>灵活网络访问：AnyLink 能够安全地让远程工作者访问内部资源，如文件、应用程序和数据库。</li>
      <li>集中化管理：该 VPN 解决方案提供集中化管理控制台，便于用户管理、访问控制和监控。</li>
    </ul>
    <h2>开始使用 AnyLink</h2>
    <p>体验 AnyLink 为您的企业远程办公需求所带来的便利和安全。</p>
    <h2>下载客户端</h2>
    <a href="/files/anyconnect-win-4.10.05111.msi" class="cta-button">Windows 客户端</a>
    <a href="/files/anyconnect-macos-4.10.05111.dmg" class="cta-button">Mac 客户端</a>
    <a href="https://apps.apple.com/cn/app/cisco-secure-client/id1135064690" class="cta-button">iOS 客户端</a>
    <a href="/files/CiscoSecureClientAnyConnect_v5.0.00247.apk" class="cta-button">Android 客户端</a>
    <a href="/files/freeotp.apk" class="cta-button">Android FreeOTP客户端</a>
    <a href="https://apps.apple.com/cn/app/freeotp-authenticator/id872559395" class="cta-button">iOS FreeOTP客户端</a>
    <h2>使用手册</h2>
    <a href="/files/anylink_doc.pdf" class="cta-button">使用手册(Windows)</a>
  </main>
  <footer>
    &copy; 2023 AnyLink. 保留所有权利。
  </footer>
 </body>
 </html>
--- a/release.sh
+++ b/release.sh
@@ -0,0 +1,50 @@
 #!/bin/bash
 #github action release.sh
 set -x
 function RETVAL() {
  rt=$1
  if [ $rt != 0 ]; then
    echo $rt
    exit 1
  fi
 }
 #当前目录
 cpath=$(pwd)
 ver=$(cat version)
 echo "当前版本 $ver"
 rm -rf artifact-dist
 mkdir artifact-dist
 function archive() {
  arch=$1
  #echo "整理部署文件 $arch"
  arch_name=${arch//\//-}
  echo $arch_name
  deploy="anylink-$ver-$arch_name"
  docker container rm $deploy
  docker container create --platform $arch --name $deploy bjdgyc/anylink:$ver
  rm -rf anylink-deploy
  docker cp -a $deploy:/app ./anylink-deploy
  ls -lh anylink-deploy
  tar zcf ${deploy}.tar.gz anylink-deploy
  mv ${deploy}.tar.gz artifact-dist/
 }
 echo "copy二进制文件"
 archive "linux/amd64"
 archive "linux/arm64"
 ls -lh artifact-dist
 #注意使用root权限运行
 #cd anylink-deploy
 #sudo ./anylink --conf="conf/server.toml"
--- a/release_bak.sh
+++ b/release_bak.sh
@@ -0,0 +1,58 @@
 #!/bin/bash
 #github action release.sh
 set -x
 function RETVAL() {
  rt=$1
  if [ $rt != 0 ]; then
    echo $rt
    exit 1
  fi
 }
 #当前目录
 cpath=$(pwd)
 echo "copy二进制文件"
 cd $cpath/server
 # -tags osusergo,netgo,sqlite_omit_load_extension
 flags="-trimpath"
 ldflags="-s -w -extldflags '-static' -X main.appVer=$ver -X main.commitId=$(git rev-parse HEAD) -X main.date=$(date --iso-8601=seconds)"
 #github action
 gopath=$(go env GOPATH)
 go mod tidy
 # alpine3
 apk add gcc musl-dev
 #使用 musl-dev 编译
 docker run -q --rm -v $PWD:/app -v $gopath:/go -w /app --platform=linux/amd64 \
  golang:1.20-alpine3.19 go build -o anylink_amd64 $flags -ldflags "$ldflags"
 ./anylink_amd64 -v
 #arm64编译
 docker run -q --rm -v $PWD:/app -v $gopath:/go -w /app --platform=linux/arm64 \
  golang:1.20-alpine3.19 go build -o anylink_arm64 $flags -ldflags "$ldflags"
 ./anylink_arm64 -v
 exit 0
 cd $cpath
 echo "整理部署文件"
 deploy="anylink-deploy"
 rm -rf $deploy ${deploy}.tar.gz
 mkdir $deploy
 mkdir $deploy/log
 cp -r server/anylink $deploy
 cp -r server/bridge-init.sh $deploy
 cp -r server/conf $deploy
 cp -r systemd $deploy
 cp -r LICENSE $deploy
 cp -r home $deploy
 tar zcvf ${deploy}.tar.gz $deploy
 #注意使用root权限运行
 #cd anylink-deploy
 #sudo ./anylink --conf="conf/server.toml"
--- a/server/admin/api_base.go
+++ b/server/admin/api_base.go
@@ -8,6 +8,7 @@ import (
 	"github.com/bjdgyc/anylink/base"
 	"github.com/bjdgyc/anylink/pkg/utils"
 	"github.com/gorilla/mux"
 	"github.com/xlzd/gotp"
 )
 // Login 登陆接口
@@ -20,10 +21,35 @@ func Login(w http.ResponseWriter, r *http.Request) {
 	adminUser := r.PostFormValue("admin_user")
 	adminPass := r.PostFormValue("admin_pass")
 	// 启用otp验证
 	if base.Cfg.AdminOtp != "" {
 		pwd := adminPass
 		pl := len(pwd)
 		if pl < 6 {
 			RespError(w, RespUserOrPassErr)
 			base.Error(adminUser, "管理员otp错误")
 			return
 		}
 		// 判断otp信息
 		adminPass = pwd[:pl-6]
 		otp := pwd[pl-6:]
 		totp := gotp.NewDefaultTOTP(base.Cfg.AdminOtp)
 		unix := time.Now().Unix()
 		verify := totp.Verify(otp, unix)
 		if !verify {
 			RespError(w, RespUserOrPassErr)
 			base.Error(adminUser, "管理员otp错误")
 			return
 		}
 	}
 	// 认证错误
 	if !(adminUser == base.Cfg.AdminUser &&
 		utils.PasswordVerify(adminPass, base.Cfg.AdminPass)) {
 		RespError(w, RespUserOrPassErr)
 		base.Error(adminUser, "管理员用户名或密码错误")
 		return
 	}
@@ -41,6 +67,14 @@ func Login(w http.ResponseWriter, r *http.Request) {
 	data["admin_user"] = adminUser
 	data["expires_at"] = expiresAt
 	ck := &http.Cookie{
 		Name:     "jwt",
 		Value:    tokenString,
 		Path:     "/",
 		HttpOnly: true,
 	}
 	http.SetCookie(w, ck)
 	RespSucess(w, data)
 }
@@ -50,13 +84,15 @@ func authMiddleware(next http.Handler) http.Handler {
 		w.Header().Set("Access-Control-Allow-Methods", "GET,POST,OPTIONS")
 		w.Header().Set("Access-Control-Allow-Headers", "*")
 		if r.Method == http.MethodOptions {
 			// 正式环境不支持 OPTIONS
 			w.WriteHeader(http.StatusForbidden)
 			return
 		}
 		route := mux.CurrentRoute(r)
 		name := route.GetName()
 		// fmt.Println("bb", r.URL.Path, name)
-		if utils.InArrStr([]string{"login", "index", "static", "debug"}, name) {
+		if utils.InArrStr([]string{"login", "index", "static"}, name) {
 			// 不进行鉴权
 			next.ServeHTTP(w, r)
 			return
@@ -67,6 +103,12 @@ func authMiddleware(next http.Handler) http.Handler {
 		if jwtToken == "" {
 			jwtToken = r.FormValue("jwt")
 		}
 		if jwtToken == "" {
 			cc, err := r.Cookie("jwt")
 			if err == nil {
 				jwtToken = cc.Value
 			}
 		}
 		data, err := GetJwtData(jwtToken)
 		if err != nil || base.Cfg.AdminUser != fmt.Sprint(data["admin_user"]) {
 			w.WriteHeader(http.StatusUnauthorized)
--- a/server/admin/api_cert.go
+++ b/server/admin/api_cert.go
@@ -0,0 +1,99 @@
 package admin
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
 	"os"
 	"github.com/bjdgyc/anylink/base"
 	"github.com/bjdgyc/anylink/dbdata"
 )
 func CustomCert(w http.ResponseWriter, r *http.Request) {
 	cert, _, err := r.FormFile("cert")
 	if err != nil {
 		RespError(w, RespInternalErr, err)
 		return
 	}
 	key, _, err := r.FormFile("key")
 	if err != nil {
 		RespError(w, RespInternalErr, err)
 		return
 	}
 	certFile, err := os.OpenFile(base.Cfg.CertFile, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0600)
 	if err != nil {
 		RespError(w, RespInternalErr, err)
 		return
 	}
 	defer certFile.Close()
 	if _, err := io.Copy(certFile, cert); err != nil {
 		RespError(w, RespInternalErr, err)
 		return
 	}
 	keyFile, err := os.OpenFile(base.Cfg.CertKey, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0600)
 	if err != nil {
 		RespError(w, RespInternalErr, err)
 		return
 	}
 	defer keyFile.Close()
 	if _, err := io.Copy(keyFile, key); err != nil {
 		RespError(w, RespInternalErr, err)
 		return
 	}
 	if tlscert, _, err := dbdata.ParseCert(); err != nil {
 		RespError(w, RespInternalErr, fmt.Sprintf("证书不合法，请重新上传:%v", err))
 		return
 	} else {
 		dbdata.LoadCertificate(tlscert)
 	}
 	RespSucess(w, "上传成功")
 }
 func GetCertSetting(w http.ResponseWriter, r *http.Request) {
 	sess := dbdata.GetXdb().NewSession()
 	defer sess.Close()
 	data := &dbdata.SettingLetsEncrypt{}
 	if err := dbdata.SettingGet(data); err != nil {
 		dbdata.SettingSessAdd(sess, data)
 		RespError(w, RespInternalErr, err)
 	}
 	userData := &dbdata.LegoUserData{}
 	if err := dbdata.SettingGet(userData); err != nil {
 		dbdata.SettingSessAdd(sess, userData)
 	}
 	RespSucess(w, data)
 }
 func CreatCert(w http.ResponseWriter, r *http.Request) {
 	if err := r.ParseForm(); err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
 	body, err := io.ReadAll(r.Body)
 	if err != nil {
 		RespError(w, RespInternalErr, err)
 		return
 	}
 	defer r.Body.Close()
 	config := &dbdata.SettingLetsEncrypt{}
 	if err := json.Unmarshal(body, config); err != nil {
 		RespError(w, RespInternalErr, err)
 		return
 	}
 	if err := dbdata.SettingSet(config); err != nil {
 		RespError(w, RespInternalErr, err)
 		return
 	}
 	client := dbdata.LeGoClient{}
 	if err := client.NewClient(config); err != nil {
 		base.Error(err)
 		RespError(w, RespInternalErr, fmt.Sprintf("获取证书失败:%v", err))
 		return
 	}
 	if err := client.GetCert(config.Domain); err != nil {
 		base.Error(err)
 		RespError(w, RespInternalErr, fmt.Sprintf("获取证书失败:%v", err))
 		return
 	}
 	RespSucess(w, "生成证书成功")
 }
--- a/server/admin/api_group.go
+++ b/server/admin/api_group.go
@@ -118,3 +118,30 @@ func GroupDel(w http.ResponseWriter, r *http.Request) {
 	}
 	RespSucess(w, nil)
 }
 func GroupAuthLogin(w http.ResponseWriter, r *http.Request) {
 	type AuthLoginData struct {
 		Name string                 `json:"name"`
 		Pwd  string                 `json:"pwd"`
 		Auth map[string]interface{} `json:"auth"`
 	}
 	body, err := io.ReadAll(r.Body)
 	if err != nil {
 		RespError(w, RespInternalErr, err)
 		return
 	}
 	defer r.Body.Close()
 	v := &AuthLoginData{}
 	err = json.Unmarshal(body, &v)
 	if err != nil {
 		RespError(w, RespInternalErr, err)
 		return
 	}
 	err = dbdata.GroupAuthLogin(v.Name, v.Pwd, v.Auth)
 	if err != nil {
 		RespError(w, RespInternalErr, err)
 		return
 	}
 	RespSucess(w, "ok")
 }
--- a/server/admin/api_ip_map.go
+++ b/server/admin/api_ip_map.go
@@ -80,6 +80,8 @@ func UserIpMapSet(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	// sessdata.IpAllSet(v)
 	RespSucess(w, nil)
 }
@@ -93,11 +95,20 @@ func UserIpMapDel(w http.ResponseWriter, r *http.Request) {
 		return
 	}
-	data := dbdata.IpMap{Id: id}
+	var data dbdata.IpMap
-	err := dbdata.Del(&data)
+	err := dbdata.One("Id", id, &data)
 	if err != nil {
 		RespError(w, RespInternalErr, err)
 		return
 	}
 	err = dbdata.Del(&data)
 	if err != nil {
 		RespError(w, RespInternalErr, err)
 		return
 	}
 	// sessdata.IpAllDel(&data)
 	RespSucess(w, nil)
 }
--- a/server/admin/api_uploaduser.go
+++ b/server/admin/api_uploaduser.go
@@ -5,11 +5,11 @@ import (
 	"io"
 	"net/http"
 	"os"
 	"path"
 	"strconv"
 	"strings"
 	"time"
 	"github.com/bjdgyc/anylink/base"
 	"github.com/bjdgyc/anylink/dbdata"
 	"github.com/bjdgyc/anylink/pkg/utils"
 	mapset "github.com/deckarep/golang-set"
@@ -25,21 +25,27 @@ func UserUpload(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	defer file.Close()
-	newFile, err := os.Create(base.Cfg.FilesPath + header.Filename)
+
 	// go/path-injection
 	// base.Cfg.FilesPath 可以直接对外访问，不能上传文件到此
 	fileName := path.Join(os.TempDir(), utils.RandomRunes(10))
 	newFile, err := os.Create(fileName)
 	if err != nil {
 		RespError(w, RespInternalErr, "创建文件失败:", err)
 		return
 	}
 	defer newFile.Close()
 	io.Copy(newFile, file)
 	if err = UploadUser(newFile.Name()); err != nil {
 		RespError(w, RespInternalErr, err)
-		os.Remove(base.Cfg.FilesPath + header.Filename)
+		os.Remove(fileName)
 		return
 	}
-	os.Remove(base.Cfg.FilesPath + header.Filename)
+	os.Remove(fileName)
 	RespSucess(w, "批量添加成功")
 }
 func UploadUser(file string) error {
 	f, err := excelize.OpenFile(file)
 	if err != nil {
--- a/server/admin/api_user.go
+++ b/server/admin/api_user.go
@@ -22,6 +22,7 @@ import (
 func UserList(w http.ResponseWriter, r *http.Request) {
 	_ = r.ParseForm()
 	prefix := r.FormValue("prefix")
 	prefix = strings.TrimSpace(prefix)
 	pageS := r.FormValue("page")
 	page, _ := strconv.Atoi(pageS)
 	if page < 1 {
@@ -37,8 +38,11 @@ func UserList(w http.ResponseWriter, r *http.Request) {
 	// 查询前缀匹配
 	if len(prefix) > 0 {
-		count = dbdata.CountPrefix("username", prefix, &dbdata.User{})
+		fuzzy := "%" + prefix + "%"
-		err = dbdata.Prefix("username", prefix, &datas, pageSize, 1)
+		where := "username LIKE ? OR nickname LIKE ? OR email LIKE ?"
 		count = dbdata.FindWhereCount(&dbdata.User{}, where, fuzzy, fuzzy, fuzzy)
 		err = dbdata.FindWhere(&datas, pageSize, page, where, fuzzy, fuzzy, fuzzy)
 	} else {
 		count = dbdata.CountAll(&dbdata.User{})
 		err = dbdata.Find(&datas, pageSize, page)
@@ -107,7 +111,7 @@ func UserSet(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 	}
-	//修改用户资料后执行过期用户检测
+	// 修改用户资料后执行过期用户检测
 	sessdata.CloseUserLimittimeSession()
 	RespSucess(w, nil)
 }
@@ -205,6 +209,7 @@ type userAccountMailData struct {
 	LinkAddr     string
 	Group        string
 	Username     string
 	Nickname     string
 	PinCode      string
 	OtpImg       string
 	OtpImgBase64 string
@@ -251,9 +256,11 @@ func userAccountMail(user *dbdata.User) error {
 	otpData, _ := userOtpQr(user.Id, true)
 	data := userAccountMailData{
 		Issuer:       base.Cfg.Issuer,
 		LinkAddr:     setting.LinkAddr,
 		Group:        strings.Join(user.Groups, ","),
 		Username:     user.Username,
 		Nickname:     user.Nickname,
 		PinCode:      user.PinCode,
 		OtpImg:       fmt.Sprintf("https://%s/otp_qr?id=%d&jwt=%s", setting.LinkAddr, user.Id, tokenString),
 		OtpImgBase64: "data:image/png;base64," + otpData,
--- a/server/admin/server.go
+++ b/server/admin/server.go
@@ -9,6 +9,8 @@ import (
 	"github.com/arl/statsviz"
 	"github.com/bjdgyc/anylink/base"
 	"github.com/bjdgyc/anylink/dbdata"
 	"github.com/bjdgyc/anylink/pkg/utils"
 	"github.com/gorilla/handlers"
 	"github.com/gorilla/mux"
 )
@@ -19,6 +21,14 @@ var UiData embed.FS
 func StartAdmin() {
 	r := mux.NewRouter()
 	// 所有路由添加安全头
 	r.Use(func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
 			utils.SetSecureHeader(w)
 			w.Header().Set("Server", "AnyLinkAdminOpenSource")
 			next.ServeHTTP(w, req)
 		})
 	})
 	r.Use(authMiddleware)
 	r.Use(handlers.CompressHandler)
@@ -46,6 +56,9 @@ func StartAdmin() {
 	r.HandleFunc("/set/audit/list", SetAuditList)
 	r.HandleFunc("/set/audit/export", SetAuditExport)
 	r.HandleFunc("/set/audit/act_log_list", UserActLogList)
 	r.HandleFunc("/set/other/createcert", CreatCert)
 	r.HandleFunc("/set/other/getcertset", GetCertSetting)
 	r.HandleFunc("/set/other/customcert", CustomCert)
 	r.HandleFunc("/user/list", UserList)
 	r.HandleFunc("/user/detail", UserDetail)
@@ -71,6 +84,7 @@ func StartAdmin() {
 	r.HandleFunc("/group/detail", GroupDetail)
 	r.HandleFunc("/group/set", GroupSet)
 	r.HandleFunc("/group/del", GroupDel)
 	r.HandleFunc("/group/auth_login", GroupAuthLogin)
 	r.HandleFunc("/statsinfo/list", StatsInfoList)
@@ -83,8 +97,9 @@ func StartAdmin() {
 		r.HandleFunc("/debug/pprof", location("/debug/pprof/")).Name("debug")
 		r.PathPrefix("/debug/pprof/").HandlerFunc(pprof.Index).Name("debug")
 		// statsviz
-		r.Path("/debug/statsviz/ws").Name("debug").HandlerFunc(statsviz.Ws)
+		srv, _ := statsviz.NewServer() // Create server or handle error
-		r.PathPrefix("/debug/statsviz/").Name("debug").Handler(statsviz.Index)
+		r.Path("/debug/statsviz/ws").Name("debug").HandlerFunc(srv.Ws())
 		r.PathPrefix("/debug/statsviz/").Name("debug").Handler(srv.Index())
 	}
 	base.Info("Listen admin", base.Cfg.AdminAddr)
@@ -95,18 +110,29 @@ func StartAdmin() {
 	for _, s := range cipherSuites {
 		selectedCipherSuites = append(selectedCipherSuites, s.ID)
 	}
 	if tlscert, _, err := dbdata.ParseCert(); err != nil {
 		base.Fatal("证书加载失败", err)
 	} else {
 		dbdata.LoadCertificate(tlscert)
 	}
 	// 设置tls信息
 	tlsConfig := &tls.Config{
 		NextProtos:   []string{"http/1.1"},
 		MinVersion:   tls.VersionTLS12,
 		CipherSuites: selectedCipherSuites,
 		GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
 			return dbdata.GetCertificateBySNI(chi.ServerName)
 		},
 	}
 	srv := &http.Server{
 		Addr:      base.Cfg.AdminAddr,
 		Handler:   r,
 		TLSConfig: tlsConfig,
 		ErrorLog:  base.GetServerLog(),
 	}
-	err := srv.ListenAndServeTLS(base.Cfg.CertFile, base.Cfg.CertKey)
+	err := srv.ListenAndServeTLS("", "")
 	if err != nil {
 		base.Fatal(err)
 	}
--- a/server/base/app_ver.go
+++ b/server/base/app_ver.go
@@ -2,6 +2,12 @@ package base
 const (
 	APP_NAME = "AnyLink"
-	// app版本号
+)
-	APP_VER = "0.9.2-beta2"
+
 var (
 	// APP_VER app版本号
 	APP_VER = "0.0.1"
 	// 提交id
 	CommitId  string
 	BuildDate string
 )
--- a/server/base/cfg.go
+++ b/server/base/cfg.go
@@ -45,10 +45,12 @@ type ServerConfig struct {
 	FilesPath      string `json:"files_path"`
 	LogPath        string `json:"log_path"`
 	LogLevel       string `json:"log_level"`
 	HttpServerLog  bool   `json:"http_server_log"`
 	Pprof          bool   `json:"pprof"`
 	Issuer         string `json:"issuer"`
 	AdminUser      string `json:"admin_user"`
 	AdminPass      string `json:"admin_pass"`
 	AdminOtp       string `json:"admin_otp"`
 	JwtSecret      string `json:"jwt_secret"`
 	LinkMode    string `json:"link_mode"`    // tun tap macvtap ipvtap
@@ -69,12 +71,17 @@ type ServerConfig struct {
 	Mtu             int    `json:"mtu"`
 	DefaultDomain   string `json:"default_domain"`
 	IdleTimeout    int `json:"idle_timeout"`    // in seconds
 	SessionTimeout int `json:"session_timeout"` // in seconds
 	// AuthTimeout    int `json:"auth_timeout"`    // in seconds
 	AuditInterval int `json:"audit_interval"` // in seconds
 	ShowSQL         bool `json:"show_sql"` // bool
 	IptablesNat     bool `json:"iptables_nat"`
 	Compression     bool `json:"compression"`       // bool
 	NoCompressLimit int  `json:"no_compress_limit"` // int
 	DisplayError bool `json:"display_error"`
 }
 func initServerCfg() {
@@ -148,6 +155,7 @@ type SCfg struct {
 	Env  string      `json:"env"`
 	Info string      `json:"info"`
 	Data interface{} `json:"data"`
 	Val  interface{} `json:"default"`
 }
 func ServerCfg2Slice() []SCfg {
@@ -162,18 +170,27 @@ func ServerCfg2Slice() []SCfg {
 		field := typ.Field(i)
 		value := s.Field(i)
 		tag := field.Tag.Get("json")
-		usage, env := getUsageEnv(tag)
+		usage, env, val := getUsageEnv(tag)
-		datas = append(datas, SCfg{Name: tag, Env: env, Info: usage, Data: value.Interface()})
+		datas = append(datas, SCfg{Name: tag, Env: env, Info: usage, Data: value.Interface(), Val: val})
 	}
 	return datas
 }
-func getUsageEnv(name string) (usage, env string) {
+func getUsageEnv(name string) (usage, env string, val interface{}) {
 	for _, v := range configs {
 		if v.Name == name {
 			usage = v.Usage
 			if v.Typ == cfgStr {
 				val = v.ValStr
 			}
 			if v.Typ == cfgInt {
 				val = v.ValInt
 			}
 			if v.Typ == cfgBool {
 				val = v.ValBool
 			}
 		}
 	}
--- a/server/base/cmd.go
+++ b/server/base/cmd.go
@@ -1,23 +1,25 @@
 package base
 import (
 	"errors"
 	"fmt"
 	"io"
 	"os"
 	"reflect"
 	"runtime"
 	"strings"
 	"github.com/bjdgyc/anylink/pkg/utils"
 	"github.com/skip2/go-qrcode"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"github.com/xlzd/gotp"
 )
 var (
 	// 提交id
 	CommitId string
 	// pass明文
 	passwd string
 	// 生成otp
 	otp bool
 	// 生成密钥
 	secret bool
 	// 显示版本信息
@@ -56,8 +58,28 @@ func execute() {
 	}
 	if !runSrv {
 		if debug {
 			scfgData := ServerCfg2Slice()
 			fmtStr := "%-18v %-23v %-20v %v\n"
 			fmt.Printf(fmtStr, "Name", "Env", "Value", "Info")
 			for _, v := range scfgData {
 				if v.Name == "admin_pass" || v.Name == "jwt_secret" {
 					v.Val = "******"
 				}
 				fmt.Printf(fmtStr, v.Name, v.Env, v.Val, v.Info)
 			}
 		}
 		os.Exit(0)
 	}
 	// 移动配置解析代码
 	conf := linkViper.GetString("conf")
 	linkViper.SetConfigFile(conf)
 	err = linkViper.ReadInConfig()
 	if err != nil {
 		// 没有配置文件，直接报错
 		panic("config file err:" + err.Error())
 	}
 }
 func initCmd() {
@@ -69,13 +91,17 @@ func initCmd() {
 		Run: func(cmd *cobra.Command, args []string) {
 			// fmt.Println("cmd：", cmd.Use, args)
 			runSrv = true
 			if rev {
 				printVersion()
 				os.Exit(0)
 			}
 		},
 	}
 	linkViper.SetEnvPrefix("link")
 	// 基础配置
 	for _, v := range configs {
 		if v.Typ == cfgStr {
 			rootCmd.Flags().StringP(v.Name, v.Short, v.ValStr, v.Usage)
@@ -92,23 +118,11 @@ func initCmd() {
 		// viper.SetDefault(v.Name, v.Value)
 	}
 	rootCmd.Flags().BoolVarP(&rev, "version", "v", false, "display version info")
 	rootCmd.AddCommand(initToolCmd())
 	cobra.OnInitialize(func() {
 		linkViper.AutomaticEnv()
 		conf := linkViper.GetString("conf")
 		_, err := os.Stat(conf)
 		if errors.Is(err, os.ErrNotExist) {
 			// 没有配置文件，不做处理
 			panic(err)
 		}
 		linkViper.SetConfigFile(conf)
 		err = linkViper.ReadInConfig()
 		if err != nil {
 			fmt.Println("Using config file:", err)
 		}
 	})
 }
@@ -122,22 +136,31 @@ func initToolCmd() *cobra.Command {
 	toolCmd.Flags().BoolVarP(&rev, "version", "v", false, "display version info")
 	toolCmd.Flags().BoolVarP(&secret, "secret", "s", false, "generate a random jwt secret")
 	toolCmd.Flags().StringVarP(&passwd, "passwd", "p", "", "convert the password plaintext")
 	toolCmd.Flags().BoolVarP(&otp, "otp", "o", false, "generate a random otp secret")
 	toolCmd.Flags().BoolVarP(&debug, "debug", "d", false, "list the config viper.Debug() info")
 	toolCmd.Run = func(cmd *cobra.Command, args []string) {
 		runSrv = false
 		switch {
 		case rev:
-			fmt.Printf("%s v%s build on %s [%s, %s] commit_id(%s) \n",
+			printVersion()
 				APP_NAME, APP_VER, runtime.Version(), runtime.GOOS, runtime.GOARCH, CommitId)
 		case secret:
 			s, _ := utils.RandSecret(40, 60)
 			s = strings.Trim(s, "=")
 			fmt.Printf("Secret:%s\n", s)
 		case otp:
 			s := gotp.RandomSecret(32)
 			fmt.Printf("Otp:%s\n\n", s)
 			qrstr := fmt.Sprintf("otpauth://totp/%s:%s?issuer=%s&secret=%s", "anylink_admin", "admin@anylink", "anylink_admin", s)
 			qr, _ := qrcode.New(qrstr, qrcode.High)
 			ss := qr.ToSmallString(false)
 			io.WriteString(os.Stderr, ss)
 		case passwd != "":
 			pass, _ := utils.PasswordHash(passwd)
 			fmt.Printf("Passwd:%s\n", pass)
 		case debug:
-			linkViper.Debug()
+			// linkViper.Debug()
 		default:
 			fmt.Println("Using [anylink tool -h] for help")
 		}
@@ -145,3 +168,8 @@ func initToolCmd() *cobra.Command {
 	return toolCmd
 }
 func printVersion() {
 	fmt.Printf("%s v%s build on %s [%s, %s] date:%s commit_id(%s)\n",
 		APP_NAME, APP_VER, runtime.Version(), runtime.GOOS, runtime.GOARCH, BuildDate, CommitId)
 }
--- a/server/base/config.go
+++ b/server/base/config.go
@@ -22,9 +22,9 @@ type config struct {
 var configs = []config{
 	{Typ: cfgStr, Name: "conf", Usage: "config file", ValStr: "./conf/server.toml", Short: "c"},
 	{Typ: cfgStr, Name: "profile", Usage: "profile.xml file", ValStr: "./conf/profile.xml"},
-	{Typ: cfgStr, Name: "server_addr", Usage: "服务监听地址", ValStr: ":443"},
+	{Typ: cfgStr, Name: "server_addr", Usage: "TCP服务监听地址(任意端口)", ValStr: ":443"},
-	{Typ: cfgBool, Name: "server_dtls", Usage: "开启DTLS", ValBool: false},
+	{Typ: cfgBool, Name: "server_dtls", Usage: "开启DTLS", ValBool: true},
-	{Typ: cfgStr, Name: "server_dtls_addr", Usage: "DTLS监听地址", ValStr: ":443"},
+	{Typ: cfgStr, Name: "server_dtls_addr", Usage: "DTLS监听地址(任意端口)", ValStr: ":443"},
 	{Typ: cfgStr, Name: "admin_addr", Usage: "后台服务监听地址", ValStr: ":8800"},
 	{Typ: cfgBool, Name: "proxy_protocol", Usage: "TCP代理协议", ValBool: false},
 	{Typ: cfgStr, Name: "db_type", Usage: "数据库类型 [sqlite3 mysql postgres]", ValStr: "sqlite3"},
@@ -34,10 +34,12 @@ var configs = []config{
 	{Typ: cfgStr, Name: "files_path", Usage: "外部下载文件路径", ValStr: "./conf/files"},
 	{Typ: cfgStr, Name: "log_path", Usage: "日志文件路径,默认标准输出", ValStr: ""},
 	{Typ: cfgStr, Name: "log_level", Usage: "日志等级 [debug info warn error]", ValStr: "debug"},
 	{Typ: cfgBool, Name: "http_server_log", Usage: "开启go标准库http.Server的日志", ValBool: false},
 	{Typ: cfgBool, Name: "pprof", Usage: "开启pprof", ValBool: false},
 	{Typ: cfgStr, Name: "issuer", Usage: "系统名称", ValStr: "XX公司VPN"},
 	{Typ: cfgStr, Name: "admin_user", Usage: "管理用户名", ValStr: "admin"},
 	{Typ: cfgStr, Name: "admin_pass", Usage: "管理用户密码", ValStr: defaultPwd},
 	{Typ: cfgStr, Name: "admin_otp", Usage: "管理用户otp,生成命令 ./anylink tool -o", ValStr: ""},
 	{Typ: cfgStr, Name: "jwt_secret", Usage: "JWT密钥", ValStr: defaultJwt},
 	{Typ: cfgStr, Name: "link_mode", Usage: "虚拟网络类型[tun tap macvtap ipvtap]", ValStr: "tun"},
 	{Typ: cfgStr, Name: "ipv4_master", Usage: "ipv4主网卡名称", ValStr: "eth0"},
@@ -48,20 +50,25 @@ var configs = []config{
 	{Typ: cfgStr, Name: "default_group", Usage: "默认用户组", ValStr: "one"},
 	{Typ: cfgStr, Name: "default_domain", Usage: "要发布的默认域", ValStr: ""},
-	{Typ: cfgInt, Name: "ip_lease", Usage: "IP租期(秒)", ValInt: 1209600},
+	{Typ: cfgInt, Name: "ip_lease", Usage: "IP租期(秒)", ValInt: 86400},
 	{Typ: cfgInt, Name: "max_client", Usage: "最大用户连接", ValInt: 200},
 	{Typ: cfgInt, Name: "max_user_client", Usage: "最大单用户连接", ValInt: 3},
-	{Typ: cfgInt, Name: "cstp_keepalive", Usage: "keepalive时间(秒)", ValInt: 4},
+	{Typ: cfgInt, Name: "cstp_keepalive", Usage: "keepalive时间(秒)", ValInt: 5},
-	{Typ: cfgInt, Name: "cstp_dpd", Usage: "死链接检测时间(秒)", ValInt: 10},
+	{Typ: cfgInt, Name: "cstp_dpd", Usage: "死链接检测时间(秒)", ValInt: 12},
-	{Typ: cfgInt, Name: "mobile_keepalive", Usage: "移动端keepalive接检测时间(秒)", ValInt: 7},
+	{Typ: cfgInt, Name: "mobile_keepalive", Usage: "移动端keepalive接检测时间(秒)", ValInt: 10},
-	{Typ: cfgInt, Name: "mobile_dpd", Usage: "移动端死链接检测时间(秒)", ValInt: 15},
+	{Typ: cfgInt, Name: "mobile_dpd", Usage: "移动端死链接检测时间(秒)", ValInt: 22},
 	{Typ: cfgInt, Name: "mtu", Usage: "最大传输单元MTU", ValInt: 1460},
-	{Typ: cfgInt, Name: "session_timeout", Usage: "session过期时间(秒)", ValInt: 3600},
+	{Typ: cfgInt, Name: "idle_timeout", Usage: "空闲链接超时时间(秒)-超时后断开链接，0关闭此功能", ValInt: 7200},
 	{Typ: cfgInt, Name: "session_timeout", Usage: "session过期时间(秒)-用于断线重连，0永不过期", ValInt: 3600},
 	// {Typ: cfgInt, Name: "auth_timeout", Usage: "auth_timeout", ValInt: 0},
-	{Typ: cfgInt, Name: "audit_interval", Usage: "审计去重间隔(秒),-1关闭", ValInt: -1},
+	{Typ: cfgInt, Name: "audit_interval", Usage: "审计去重间隔(秒),-1关闭", ValInt: 600},
 	{Typ: cfgBool, Name: "show_sql", Usage: "显示sql语句，用于调试", ValBool: false},
 	{Typ: cfgBool, Name: "iptables_nat", Usage: "是否自动添加NAT", ValBool: true},
 	{Typ: cfgBool, Name: "compression", Usage: "启用压缩", ValBool: false},
 	{Typ: cfgInt, Name: "no_compress_limit", Usage: "低于及等于多少字节不压缩", ValInt: 256},
 	{Typ: cfgBool, Name: "display_error", Usage: "客户端显示详细错误信息(线上环境慎开启)", ValBool: false},
 }
 var envs = map[string]string{}
--- a/server/base/log.go
+++ b/server/base/log.go
@@ -10,11 +10,12 @@ import (
 )
 const (
-	_Debug = iota
+	LogLevelTrace = iota
-	_Info
+	LogLevelDebug
-	_Warn
+	LogLevelInfo
-	_Error
+	LogLevelWarn
-	_Fatal
+	LogLevelError
 	LogLevelFatal
 )
 var (
@@ -27,6 +28,10 @@ var (
 	logName    = "anylink.log"
 )
 func init() {
 	log.SetFlags(log.LstdFlags | log.Lshortfile)
 }
 // 实现 os.Writer 接口
 type logWriter struct {
 	UseStdout bool
@@ -76,28 +81,46 @@ func initLog() {
 	baseLw.newFile()
 	baseLevel = logLevel2Int(Cfg.LogLevel)
 	baseLog = log.New(baseLw, "", log.LstdFlags|log.Lshortfile)
 	serverLog = log.New(&sLogWriter{}, "[http_server]", log.LstdFlags|log.Lshortfile)
 }
 func GetBaseLw() *logWriter {
 	return baseLw
 }
 var serverLog *log.Logger
 type sLogWriter struct{}
 func (w *sLogWriter) Write(p []byte) (n int, err error) {
 	if Cfg.HttpServerLog {
 		return os.Stderr.Write(p)
 	}
 	return 0, nil
 }
 // 获取 log.Logger
-func GetBaseLog() *log.Logger {
+func GetServerLog() *log.Logger {
-	return baseLog
+	return serverLog
 }
 func GetLogLevel() int {
 	return baseLevel
 }
 func logLevel2Int(l string) int {
 	levels = map[int]string{
-		_Debug: "Debug",
+		LogLevelTrace: "Trace",
-		_Info:  "Info",
+		LogLevelDebug: "Debug",
-		_Warn:  "Warn",
+		LogLevelInfo:  "Info",
-		_Error: "Error",
+		LogLevelWarn:  "Warn",
-		_Fatal: "Fatal",
+		LogLevelError: "Error",
 		LogLevelFatal: "Fatal",
 	}
-	lvl := _Info
+	lvl := LogLevelInfo
 	for k, v := range levels {
-		if strings.EqualFold(strings.ToLower(l), strings.ToLower(v)) {
+		if strings.ToLower(l) == strings.ToLower(v) {
 			lvl = k
 		}
 	}
@@ -109,8 +132,16 @@ func output(l int, s ...interface{}) {
 	_ = baseLog.Output(3, lvl+fmt.Sprintln(s...))
 }
 func Trace(v ...interface{}) {
 	l := LogLevelTrace
 	if baseLevel > l {
 		return
 	}
 	output(l, v...)
 }
 func Debug(v ...interface{}) {
-	l := _Debug
+	l := LogLevelDebug
 	if baseLevel > l {
 		return
 	}
@@ -118,7 +149,7 @@ func Debug(v ...interface{}) {
 }
 func Info(v ...interface{}) {
-	l := _Info
+	l := LogLevelInfo
 	if baseLevel > l {
 		return
 	}
@@ -126,7 +157,7 @@ func Info(v ...interface{}) {
 }
 func Warn(v ...interface{}) {
-	l := _Warn
+	l := LogLevelWarn
 	if baseLevel > l {
 		return
 	}
@@ -134,7 +165,7 @@ func Warn(v ...interface{}) {
 }
 func Error(v ...interface{}) {
-	l := _Error
+	l := LogLevelError
 	if baseLevel > l {
 		return
 	}
@@ -142,7 +173,7 @@ func Error(v ...interface{}) {
 }
 func Fatal(v ...interface{}) {
-	l := _Fatal
+	l := LogLevelFatal
 	if baseLevel > l {
 		return
 	}
--- a/server/base/mod.go
+++ b/server/base/mod.go
@@ -0,0 +1,82 @@
 package base
 import (
 	"bufio"
 	"fmt"
 	"log"
 	"os"
 	"os/exec"
 	"strings"
 )
 const (
 	procModulesPath = "/proc/modules"
 	inContainerKey  = "ANYLINK_IN_CONTAINER"
 	tunPath         = "/dev/net/tun"
 )
 var (
 	InContainer = false
 	modMap      = map[string]struct{}{}
 )
 func initMod() {
 	container := os.Getenv(inContainerKey)
 	if container == "true" {
 		InContainer = true
 	}
 	log.Println("InContainer", InContainer)
 	file, err := os.Open(procModulesPath)
 	if err != nil {
 		err = fmt.Errorf("[ERROR] Problem with open file: %s", err)
 		panic(err)
 	}
 	defer file.Close()
 	scanner := bufio.NewScanner(file)
 	scanner.Split(bufio.ScanLines)
 	for scanner.Scan() {
 		splited := strings.Split(scanner.Text(), " ")
 		if len(splited[0]) > 0 {
 			modMap[splited[0]] = struct{}{}
 		}
 	}
 }
 func CheckModOrLoad(mod string) {
 	log.Println("CheckModOrLoad", mod)
 	if _, ok := modMap[mod]; ok {
 		return
 	}
 	var err error
 	if mod == "tun" || mod == "tap" {
 		_, err = os.Stat(tunPath)
 		if err == nil {
 			// 文件存在
 			return
 		}
 		err = fmt.Errorf("[error] Linux tunFile is null %s", tunPath)
 		log.Println(err)
 		return
 		// panic(err)
 	}
 	if InContainer {
 		err = fmt.Errorf("[error] Linux module %s is not loaded, please run `modprobe %s`", mod, mod)
 		log.Println(err)
 		return
 		// panic(err)
 	}
 	cmdstr := fmt.Sprintln("modprobe", mod)
 	cmd := exec.Command("sh", "-c", cmdstr)
 	b, err := cmd.CombinedOutput()
 	if err != nil {
 		log.Println(string(b))
 		panic(err)
 	}
 }
--- a/server/base/start.go
+++ b/server/base/start.go
@@ -4,6 +4,7 @@ func Start() {
 	execute()
 	initCfg()
 	initLog()
 	initMod()
 }
 func Test() {
--- a/server/build_test.sh
+++ b/server/build_test.sh
@@ -0,0 +1,20 @@
 #!/bin/sh
 # docker run -it --rm -v $PWD:/app -v /go:/go -w /app --platform=linux/arm64 golang:alpine3.19 sh build_test.sh
 set -x
 sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
 export GOPROXY=https://goproxy.cn
 apk add build-base tzdata gcc musl-dev upx
 #go build -o anylink
 go build -o anylink -ldflags "-s -w -extldflags '-static'"
 go env
 uname -a
 ./anylink -v
--- a/server/conf/files/info.txt
+++ b/server/conf/files/info.txt
@@ -1,2 +1,2 @@
 客户端软件需放置在files目录内，
-如需要帮助请加QQ群：567510628
+如需要帮助请加QQ群：567510628 、739072205
--- a/server/conf/profile.xml
+++ b/server/conf/profile.xml
@@ -8,6 +8,7 @@
        <RestrictPreferenceCaching>false</RestrictPreferenceCaching>
        <RestrictTunnelProtocols>IPSec</RestrictTunnelProtocols>
        <BypassDownloader>true</BypassDownloader>
        <AutoUpdate UserControllable="false">false</AutoUpdate>
        <WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
        <LinuxVPNEstablishment>AllowRemoteUsers</LinuxVPNEstablishment>
        <CertEnrollmentPin>pinAllowed</CertEnrollmentPin>
@@ -20,15 +21,19 @@
            </ExtendedKeyUsage>
        </CertificateMatch>
        <BackupServerList>
            <HostAddress>localhost</HostAddress>
        </BackupServerList>
    </ClientInitialization>
    <ServerList>
        <HostEntry>
-            <HostName>VPN Server</HostName>
+            <HostName>VPN</HostName>
            <HostAddress>localhost</HostAddress>
        </HostEntry>
        <HostEntry>
            <HostName>VPN2</HostName>
            <HostAddress>localhost2</HostAddress>
        </HostEntry>
    </ServerList>
 </AnyConnectProfile>
--- a/server/conf/server-sample.toml
+++ b/server/conf/server-sample.toml
@@ -23,19 +23,24 @@ issuer = "XX公司VPN"
 admin_user = "admin"
 #pass 123456
 admin_pass = "$2a$10$UQ7C.EoPifDeJh6d8.31TeSPQU7hM/NOM2nixmBucJpAuXDQNqNke"
 # 留空表示不开启 otp, 开启otp后密码为  pass + 6位otp
 # 生成 ./anylink tool -o
 admin_otp = ""
 jwt_secret = "abcdef.0123456789.abcdef"
-#服务监听地址
+#TCP服务监听地址(任意端口)
 server_addr = ":443"
-#开启 DTLS, 默认关闭
+#开启 DTLS
-server_dtls = false
+server_dtls = true
 #UDP监听地址(任意端口)
 server_dtls_addr = ":443"
 #后台服务监听地址
 admin_addr = ":8800"
 #开启tcp proxy protocol协议
 proxy_protocol = false
 #虚拟网络类型[tun macvtap tap]
 link_mode = "tun"
 #客户端分配的ip地址池
@@ -46,20 +51,20 @@ ipv4_start = "192.168.90.100"
 ipv4_end = "192.168.90.200"
 #最大客户端数量
-max_client = 100
+max_client = 200
 #单个用户同时在线数量
 max_user_client = 3
 #IP租期(秒)
-ip_lease = 1209600
+ip_lease = 86400
 #默认选择的组
 default_group = "one"
 #客户端失效检测时间(秒) dpd > keepalive
-cstp_keepalive = 6
+cstp_keepalive = 5
-cstp_dpd = 10
+cstp_dpd = 12
-mobile_keepalive = 15
+mobile_keepalive = 10
-mobile_dpd = 20
+mobile_dpd = 22
 #设置最大传输单元
 mtu = 1460
@@ -68,14 +73,24 @@ mtu = 1460
 default_domain = "example.com"
 #default_domain = "example.com abc.example.com"
 #空闲链接超时时间(秒)-超时后断开链接，0关闭此功能
 idle_timeout = 7200
 #session过期时间，用于断线重连，0永不过期
 session_timeout = 3600
 auth_timeout = 0
-audit_interval = -1
+audit_interval = 600
 show_sql = false
 #是否自动添加nat
 iptables_nat = true
 #启用压缩
 compression = false
 #低于及等于多少字节不压缩
 no_compress_limit = 256
 #客户端显示详细错误信息(线上环境慎开启)
 display_error = false
--- a/server/conf/server.toml
+++ b/server/conf/server.toml
@@ -18,14 +18,22 @@ issuer = "XX公司VPN"
 admin_user = "admin"
 #pass 123456
 admin_pass = "$2a$10$UQ7C.EoPifDeJh6d8.31TeSPQU7hM/NOM2nixmBucJpAuXDQNqNke"
 # 留空表示不开启 otp, 开启otp后密码为  pass + 6位otp
 # 生成 ./anylink tool -o
 admin_otp = ""
 jwt_secret = "abcdef.0123456789.abcdef"
-#服务监听地址
+#TCP服务监听地址(任意端口)
 server_addr = ":443"
 #开启 DTLS
 server_dtls = true
 #UDP监听地址(任意端口)
 server_dtls_addr = ":443"
 #后台服务监听地址
 admin_addr = ":8800"
-
+#虚拟网络类型[tun macvtap]
 link_mode = "tun"
 #客户端分配的ip地址池
 ipv4_master = "eth0"
 ipv4_cidr = "192.168.90.0/24"
@@ -35,3 +43,9 @@ ipv4_end = "192.168.90.200"
 #是否自动添加nat
 iptables_nat = true
 #客户端显示详细错误信息(线上环境慎开启)
 display_error = true
--- a/server/conf/vpn_cert.crt
+++ b/server/conf/vpn_cert.crt
@@ -1,61 +1,67 @@
 -----BEGIN CERTIFICATE-----
-MIIF9jCCBN6gAwIBAgIQAuUy6Rv6Bo3nDXn5FackbDANBgkqhkiG9w0BAQsFADBu
+MIIGbTCCBNWgAwIBAgIQIodwqN03+Y3aYpdvfq2qKTANBgkqhkiG9w0BAQwFADBZ
-MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+MQswCQYDVQQGEwJDTjElMCMGA1UEChMcVHJ1c3RBc2lhIFRlY2hub2xvZ2llcywg
-d3cuZGlnaWNlcnQuY29tMS0wKwYDVQQDEyRFbmNyeXB0aW9uIEV2ZXJ5d2hlcmUg
+SW5jLjEjMCEGA1UEAxMaVHJ1c3RBc2lhIFJTQSBEViBUTFMgQ0EgRzIwHhcNMjQw
-RFYgVExTIENBIC0gRzEwHhcNMjMwMTAzMDAwMDAwWhcNMjQwMTAzMjM1OTU5WjAc
+MTIyMDAwMDAwWhcNMjUwMTIxMjM1OTU5WjAcMRowGAYDVQQDExF2cG4udGVzdC52
-MRowGAYDVQQDExF2cG4udGVzdC52cWlsdS5jbjCCASIwDQYJKoZIhvcNAQEBBQAD
+cWlsdS5jbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANFWPBr5g8py
-ggEPADCCAQoCggEBANJAJPYBvOP/7v8SgMIkVLIulN/ziPALvFcEwVnQDImUIky8
+8oPZhklQw9zBcIvfaEX2AVPIwW6iOm+j8v0LvXTGQkE1bZx4RwB1jKiEGG3KVsIU
-4udy0fmvJ2E3E3NL6Qv14ZHDGtH7CafukimNWTT2BVmQBYiO1ZlUkHcHUX4IoYEh
+pTJCkNEmwCZGJYvnNKN952zhtUQieZe8X4Zr0W43+j9Hbv+TKt6MFV3u70ArOD2T
-egdy2xw0WwknJWTOyvkRkeDhtT9QUpA/zeemS4q1TG95zRDf5htUR4OMZXsZpkQ2
+m8j/gWFcUyK9mDCCFpKImRUckbp6GYJUZHXUDktQiOu5v6Jgl9pLZ2XhZXGf2TJh
-bkSgnLtdyUmw2nhfSWgsD9fbwr6WnOx/swsUe52N3sIDZ6JTgn3N7xeT3/lVJKVN
+G441TScMwidYToX51VrnscRQQ6iUMSav1H43lchdh9fAThbheP/kIv6YEswT45oA
-wyYkZldialmRzrs6btr3mmnqpWObcc4FvKr/CLmoOSXl0I1wWsr+HnQ4X9hHsJUk
+MrxET10+iaCTdWpz+zy2GWXLO2pH9N9AjALCZA1/5QHkMhavmJgOxfitTeGzAlBQ
-jk3EZKfhH3mM37HF8apqztb6WjC3R96Zam6Z8bMCAwEAAaOCAuAwggLcMB8GA1Ud
+JNAIs0Rx1K0CAwEAAaOCAuwwggLoMB8GA1UdIwQYMBaAFF86fBEQfgxncWHci6O1
-IwQYMBaAFFV0T7JyT/VgulDR1+ZRXJoBhxrXMB0GA1UdDgQWBBSUpPcW3emC2l0o
+AANn9VccMB0GA1UdDgQWBBRDRfNBNYRlLb4V1MRTnU+bUVnvnDAOBgNVHQ8BAf8E
-q6qRBOBDMjQ2rDAcBgNVHREEFTATghF2cG4udGVzdC52cWlsdS5jbjAOBgNVHQ8B
+BAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
-Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD4GA1UdIAQ3
+AwIwSQYDVR0gBEIwQDA0BgsrBgEEAbIxAQICMTAlMCMGCCsGAQUFBwIBFhdodHRw
-MDUwMwYGZ4EMAQIBMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQu
+czovL3NlY3RpZ28uY29tL0NQUzAIBgZngQwBAgEwfQYIKwYBBQUHAQEEcTBvMEIG
-Y29tL0NQUzCBgAYIKwYBBQUHAQEEdDByMCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz
+CCsGAQUFBzAChjZodHRwOi8vY3J0LnRydXN0LXByb3ZpZGVyLmNuL1RydXN0QXNp
-cC5kaWdpY2VydC5jb20wSgYIKwYBBQUHMAKGPmh0dHA6Ly9jYWNlcnRzLmRpZ2lj
+YVJTQURWVExTQ0FHMi5jcnQwKQYIKwYBBQUHMAGGHWh0dHA6Ly9vY3NwLnRydXN0
-ZXJ0LmNvbS9FbmNyeXB0aW9uRXZlcnl3aGVyZURWVExTQ0EtRzEuY3J0MAkGA1Ud
+LXByb3ZpZGVyLmNuMBwGA1UdEQQVMBOCEXZwbi50ZXN0LnZxaWx1LmNuMIIBfwYK
-EwQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AO7N0GTV2xrOxVy3nbTN
+KwYBBAHWeQIEAgSCAW8EggFrAWkAdgDPEVbu1S58r/OHW9lpLpvpGnFnSrAX7KwB
-E6Iyh0Z8vOzew1FIWUZxH7WbAAABhXXkyXMAAAQDAEcwRQIgVhLvLOPcW0V1xhBv
+0lt3zsw7CAAAAY0v95Z6AAAEAwBHMEUCIDbFVgzV1DDvqTq6UnYisMqAEJn1cR+d
-5KSeqGHbAnRVhew3kutV3Bu1x+ICIQCbYjRtmkDo1hx6p0YNdNfkZ3N5u+syVjwH
+mc+agwaOuRbrAiEAz3W2HooNcKqADX9QyK8xQQ8r9BQKVCQzF76g9AZKeDoAdwCi
-Al3a9NpVxgB1AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABhXXk
+4wrkRe+9rZt+OO1HZ3dT14JbhJTXK14bLMS5UKRH5wAAAY0v95ZkAAAEAwBIMEYC
-yY4AAAQDAEYwRAIgcuscG2kkSGNvAsVH9CAtXjNUwk9UJriY0+3OtQ4WVrMCIAsC
+IQCWVxDjciJ/KMbwbqMbEZdsDq0nCrotlPhIBb5wFBurVgIhAOgnw3nqSqFYRm8y
-CkqEI1Ek5M26yrWt0Q7+u+UZ8rXhfYu3kcMMq7PVAHYAO1N3dT4tuYBOizBbBv5A
+OL3nz8rop0V5IEtgiNarOqMfLf33AHYATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnA
-O2fYT8P0x70ADS1yb+H61BcAAAGFdeTJkAAABAMARzBFAiAEJbJTN8hrRUZ6UaaD
+sfpksWKaOd8AAAGNL/eWFwAABAMARzBFAiBB+V0NBebuCniZVuin5OaMYvWyNvRd
-2TlyDQfzUvTkex0XGT6PGKHkagIhAJ+Kg6tdt/csKde2vdweu+dT01fzg/fq4q3o
+NJ6hRmLbSKQAwwIhAKrPRrAP3An/9HSrFN/70eEK5DHT8+q8m0L5tc0+TckmMA0G
-mjfPhFm1MA0GCSqGSIb3DQEBCwUAA4IBAQAKFTUHbpgKsXARCBIIfEZGqkOvaafm
+CSqGSIb3DQEBDAUAA4IBgQCB65Q0V6Mewca0iVCxLJxczu6XYCCwsUzJiTWYjao3
-QaoNodc6cj0+LJCbuMzrTlkzmII0X/U52MBG8JCEIO8BPe5R4NIFqqaE066zQANq
+XZVe8yB4RhAimsUY+U3nXIL3RivkJydqfOO9N5APWndDgbtS4r55TFdscDUDmzsR
-HOsROOJi2A+WTTZcSEHbH3uhdVwcEQHvDzaOEEJc9Ilz6pdYsrv+trOmeR5PeIxv
+S5kYCoEudbDWT89U+tHMOxzUKkb3nDA0WvJEN52CAanYO3blihnX3eX7enQMGtsM
-t1jQacSwN1z6z0N4CRjBpePV/9nwETkEaKjQuXSoYlN+pczK/4nX2W9+E/OnwtZs
+gfDrArcQyS+WMKUkyOlNysqGtj3XWYKssBPrX/0GqMimoeYkg+B4daBTbOVB6sKs
-ScyFffPtTLHf1u4eSYuBT/AdwaKHXetxWzh98GP9LRfQhm63Gs+/WcloYl489dG/
+USnmhI2MF3QUxn0+fC207HbSDj7s4a6npjg5KsL0zUsFrNZlMH30Tx2L0WuI1T7
-FOFjch2TdmrPcUwxxGEbbPt3zXRxSVlzvIaf4gTUl2+PsKwbKy/w4OLS
+65lKHaKt8CyuL/YTjD5lAGYtJ+K9ypl5sBUFCXeW1lazTocjDa2CKv3WV+kVBhyO
 2nA2Lo4e643YXwXw98+ufU2U9yUjn1OrhsUXo3qaxETGVMumRwubtX4O2dUKnYGF
 xBxfHzXJKhZjX+U2ENIwsrm7pp3dcpIZqKxPCeowU5Ma9tvYpM7kgDhploMfsVic
 H7pWcFY99X5nMwJoDDBYomY=
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
-MIIEqjCCA5KgAwIBAgIQAnmsRYvBskWr+YBTzSybsTANBgkqhkiG9w0BAQsFADBh
+MIIFBzCCA++gAwIBAgIRALIM7VUuMaC/NDp1KHQ76aswDQYJKoZIhvcNAQELBQAw
-MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+ezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
-d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+A1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV
-QTAeFw0xNzExMjcxMjQ2MTBaFw0yNzExMjcxMjQ2MTBaMG4xCzAJBgNVBAYTAlVT
+BAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczAeFw0yMjAxMTAwMDAwMDBaFw0y
-MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+ODEyMzEyMzU5NTlaMFkxCzAJBgNVBAYTAkNOMSUwIwYDVQQKExxUcnVzdEFzaWEg
-b20xLTArBgNVBAMTJEVuY3J5cHRpb24gRXZlcnl3aGVyZSBEViBUTFMgQ0EgLSBH
+VGVjaG5vbG9naWVzLCBJbmMuMSMwIQYDVQQDExpUcnVzdEFzaWEgUlNBIERWIFRM
-MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPeP6wkab41dyQh6mKc
+UyBDQSBHMjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKjGDe0GSaBs
-oHqt3jRIxW5MDvf9QyiOR7VfFwK656es0UFiIb74N9pRntzF1UgYzDGu3ppZVMdo
+Yl/VhMaTM6GhfR1TAt4mrhN8zfAMwEfLZth+N2ie5ULbW8YvSGzhqkDhGgSBlafm
-lbxhm6dWS9OK/lFehKNT0OYI9aqk6F+U7cA6jxSC+iDBPXwdF4rs3KRyp3aQn6pj
+qq05oeESrIJQyz24j7icGeGyIZ/jIChOOvjt4M8EVi3O0Se7E6RAgVYcX+QWVp5c
-pp1yr7IB6Y4zv72Ee/PlZ/6rK6InC6WpK0nPVOYR7n9iDuPe1E4IxUMBH/T33+3h
+Sy+l7XrrtL/pDDL9Bngnq/DVfjCzm5ZYUb1PpyvYTP7trsV+yYOCNmmwQvB4yVjf
-yuH3dvfgiWUOUkjdpMbyxX+XNle5uEIiyBsi4IvbcTCh8ruifCIi5mDXkZrnMT8n
+IIpHC1OcsPBntMUGeH1Eja4D+qJYhGOxX9kpa+2wTCW06L8T6OhkpJWYn5JYiht5
-wfYCV6v6kDdXkbgGRLKsR4pucbJtbKqIkUGxuZI2t7pfewKRc5nWecvDBZf3+p1M
+8exjAR7b8Zi3DeG9oZO5o6Qvhl3f8uGU8lK1j9jCUN/18mI/5vZJ76i+hsgdlfZB
-pA8CAwEAAaOCAU8wggFLMB0GA1UdDgQWBBRVdE+yck/1YLpQ0dfmUVyaAYca1zAf
+Rh5lmAQjD80M9TY+oD4MYUqB5XrigPfFAUwXFGehhlwCVw7y6+5kpbq/NpvM5Ba8
-BgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYw
+SeQYUUuMA8RXpTtGlrrTPqJryfa55hTuX/ThhX4gcCVkbyujo0CYr+Uuc14IOyNY
-HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8C
+1fD0/qORbllbgV41wiy/2ZUWZQUodqHWkjT1CwIMbQOY5jmrSYGBwwIDAQABo4IB
-AQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp
+JjCCASIwHwYDVR0jBBgwFoAUoBEKIz6W8Qfs4q8p74Klf9AwpLQwHQYDVR0OBBYE
-Y2VydC5jb20wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQu
+FF86fBEQfgxncWHci6O1AANn9VccMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8E
-Y29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG
+CDAGAQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAiBgNVHSAE
-/WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT
+GzAZMA0GCysGAQQBsjEBAgIxMAgGBmeBDAECATBDBgNVHR8EPDA6MDigNqA0hjJo
-MAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAQEAK3Gp6/aGq7aBZsxf/oQ+TD/B
+dHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNy
-SwW3AU4ETK+GQf2kFzYZkby5SFrHdPomunx2HBzViUchGoofGgg7gHW0W3MlQAXW
+bDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9k
-M0r5LUvStcr82QDWYNPaUy4taCQmyaJ+VB+6wxHstSigOlSNF2a6vg4rgexixeiV
+b2NhLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAHMUom5cxIje2IiFU7mOCsBr2F6CY
-4YSB03Yqp2t3TeZHM9ESfkus74nQyW7pRGezj+TC44xCagCQQOzzNmzEAP2SnCrJ
+eU5cyfQ/Aep9kAXYUDuWsaT85721JxeXFYkf4D/cgNd9+hxT8ZeDOJrn+ysqR7NO
-sNE2DpRVMnL8J6xBRdjmOsC3N6cQuKuRXbzByVBjCqAA8t1L0I+9wXJerLPyErjy
+2K9AdqTdIY2uZPKmvgHOkvH2gQD6jc05eSPOwdY/10IPvmpgUKaGOa/tyygL8Og4
-rMKWaBFLmfK/AHNF4ZihwPGOc7w6UHczBZXH5RFzJNnww+WnKuTPI0HfnVH8lg==
+3tYyoHipMMnS4OiYKakDJny0XVuchIP7ZMKiP07Q3FIuSS4omzR77kmc75/6Q9dP
 v4wa90UCOn1j6r7WhMmX3eT3Gsdj3WMe9bYD0AFuqa6MDyjIeXq08mVGraXiw73s
 Zale8OMckn/BU3O/3aFNLHLfET2H2hT6Wb3nwxjpLIfXmSVcVd8A58XH0g==
 -----END CERTIFICATE-----
--- a/server/conf/vpn_cert.key
+++ b/server/conf/vpn_cert.key
@@ -1,27 +1,28 @@
-----BEGIN RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
-MIIEpQIBAAKCAQEA0kAk9gG84//u/xKAwiRUsi6U3/OI8Au8VwTBWdAMiZQiTLzi
+MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQDRVjwa+YPKcvKD
-53LR+a8nYTcTc0vpC/XhkcMa0fsJp+6SKY1ZNPYFWZAFiI7VmVSQdwdRfgihgSF6
+2YZJUMPcwXCL32hF9gFTyMFuojpvo/L9C710xkJBNW2ceEcAdYyohBhtylbCFKUy
-B3LbHDRbCSclZM7K+RGR4OG1P1BSkD/N56ZLirVMb3nNEN/mG1RHg4xlexmmRDZu
+QpDRJsAmRiWL5zSjfeds4bVEInmXvF+Ga9FuN/o/R27/kyrejBVd7u9AKzg9k5vI
-RKCcu13JSbDaeF9JaCwP19vCvpac7H+zCxR7nY3ewgNnolOCfc3vF5Pf+VUkpU3D
+/4FhXFMivZgwghaSiJkVHJG6ehmCVGR11A5LUIjrub+iYJfaS2dl4WVxn9kyYRuO
-JiRmV2JqWZHOuzpu2veaaeqlY5txzgW8qv8Iuag5JeXQjXBayv4edDhf2EewlSSO
+NU0nDMInWE6F+dVa57HEUEOolDEmr9R+N5XIXYfXwE4W4Xj/5CL+mBLME+OaADK8
-TcRkp+EfeYzfscXxqmrO1vpaMLdH3plqbpnxswIDAQABAoIBAGKKzugAi4Q/Vch2
+RE9dPomgk3Vqc/s8thllyztqR/TfQIwCwmQNf+UB5DIWr5iYDsX4rU3hswJQUCTQ
-ZyPXPF0hCQToE3QSxAzy/R53rRCkfekClMTO44xHpEjjs/mTiCBjd3xGeiEVrIJp
+CLNEcdStAgMBAAECgf97UHp7u8+x4lz6BQB8/c0xHWdAw1clIveZbEVl0hNoVUN/
-hlb0WW3Bq2M9ZeKJs6JAaM9o/jB4oh2wT44DLqALB+oDz3puk+Jl8j34++a3YmMa
+EKku+q/1Sf+CuhnbgLjT1bkVnnotmVcGeWH2DeCnkMJqHVMOBRb/dso2fw+pCTzY
-jIq4veo+rBsJduwkTKjdeQE2ge/ODZEQ6bUmSjYo1P9LNGEyO2wmcVk+jHx0zBi7
+VofQpmbPy1xCXb6chqrpT3MTaJdI7IrBCNEQ54cOxsojwzp0MfejS/NI41q8iuCS
-8fR3oY03Io+byuN0494Di1m3IpIdj3ma0MV5zJf31urLXqqYtOApouWL/yhZOIuo
+hVry+VEbmtA22vjwMvsF6NsRKlfc1DUyC/ZoHB91gzKmvLdXBREwBXtdiJfMlu9G
-YW+mcuS7ZgK5FsqrUm0vGBcf24GcKhhlBlUu0mfLrCRrWLDsqJDQ/8alvuNP0IVm
+EKH3ORxbcanmdsXWIG84t5M9Sf9L5FZe6tlL4FdoKv25Vxv2z+PVM8Y/0B3IBTCb
-gqz0H5UCgYEA8yaKzMfkeRXSTERt6NZHo/8ShIn26Yf+pMDpVdYKfVBL254vGTeq
+yqMK8579PTlHl40WRjSgzpijGvMxuIpgm5KaXQECgYEA7U6lBhRWmPsJRaK0jyAv
-B+LQhDpxZV1iMr1FNvkhHtNGQ74ZbWOj4+5Xjsllaw1ao2iGp1w/chuJ6FG/Go4q
+qnaC5AbnM8OjIbsDtnQxn0BWvx7aZznxOE4jL0QejUD/gov6yYkNhIu797LzO8Mq
-9FaY3eGiCqRJOQNivBxU/D7sN0y4b48HAEQdmp516pItlGtG+C8TY38CgYEA3VyD
+fEqEX7Bp23PfLvybqkyhJWFz26v0erU5q8Rlt648bK7Ul1j8FkmsEN3qu+64c8Fu
-6EczHdAmPO7bdbYn/irfe78so1lHT04P0FiVg2W77ZKuQINTNDK9w/alYyZ2tH1b
+pzN081bqOGjEcaCjsHswvkMCgYEA4dOPvYYu8wBfrH3Gn94XHWWVvFMnWErXEOzK
-N2JznulJ6UDcl4xw43xJixxhme2jWPaYzmQUuQHviZ0D0tCgmOkN8bUnc9LSvEGA
+eL0dFg3Ae+y8Sg5x9YTz3XjwyzwcTbrD0zg4huWwmD64BgPcliG7XKA093ea2JIs
-SnaiKbOtUfP8Z3c/mF997wuFNfdmhww8LBpbO80CgYEAmdRKf9/+5bQuhd3NAz99
+Mah5/KTQmltcIut7qUvzwwbQVfN3xTwWzd7eDtEIAeFZ8r/HzJM6X21b/LaQIXUY
-t31KQ9vdAEXvjmAVvx5ZKIrCU0EyXuvegHq4nM80qoJ3+83Omkbm80+K5pTAFXqy
+Gb7dik8CgYAaaUxYlt7ke9wWUfuCinSDplj/A/2rdzSqxmOtZNU5AjIlZ0urfXlp
-VyOU9Vro9N9P9o3MktlDsndFulrtYmmLN2YJ9GYpVD43rQA9WPE7uxI784hwLvP3
+aNjlo9E6q2dEokuxLn3AqMSs1s/XcOtDlg+RjtLZR9YpJpg0pf6xaF06r7KwDYdz
-4+00JXwW8b5lY76y+ZUe2RUCgYEAt6BQN/YgPCH4JmHKIWp64If2HbQntlWQJwRN
+pJIllVDIT9T9WzwDRwPNhMVhUTpaN8cW+NUlWCENUiu68cQGGk/cfQKBgEmvRk+I
-b/qcBIT3EQu1iwSll85jxtSqu4YjwHOgoGAGI5PIYTsSApFY8AyhAUoI2OTdtSXS
+4PjZPl6CC7VOOiyVYO46E7RzdwlGuin7SupPQmctL6LaY8TAxPGW7LrjujiCoDLj
-+prg6dvmNhTPICk6n73seE5bLOR9NfdsEdk5ijhnlW09OyMb2S2VzR+UYIEbRvnq
+PU6G08BZdqI/0FIMX54xiBbXJ+dSiqkJWARfotE6zi12uLrc1YTlTEU/U+0/VhGG
-THeMqR0CgYEAwQ9aAIGD4t4DXjHHtz6Wqpbq6jj6mmYBsL9jqRgu8ASj1/THgWWn
+jt42xm4WocrbWM4fnARXIpSq3QyNsHd2F8NxAoGBAMEcT0mFQ0J7HCQ+zL36ogGv
-iUrlCbFIXWu2vnP1h0SBV56GA7MSTqAt0ZdTzpI1PRkMOIO9z1dN4Q2R1SEya1eF
+Bc/N6WR0xSEBQVG9D4iysxX4XyJukCuUCvMIbsBj5IVAVBlMNxfDtL/kD6tgy0L7
-7/LPLqJIoLbILGvy6U3DLYdMckPZaoTPf5BNKD52paZcNbjkXTlVLSY=
+tdN7nOaYgnqTyZfQItz92cQ6oiIqW7GPJA5ATJe1fxXINjcP6EkRDAfACBW7/l85
-----END RSA PRIVATE KEY-----
+Cd/yRpaOSMPbqKO1OOSn
 -----END PRIVATE KEY-----
--- a/server/cron/start.go
+++ b/server/cron/start.go
@@ -3,6 +3,7 @@ package cron
 import (
 	"time"
 	"github.com/bjdgyc/anylink/dbdata"
 	"github.com/bjdgyc/anylink/sessdata"
 	"github.com/go-co-op/gocron"
 )
@@ -13,5 +14,6 @@ func Start() {
 	s.Cron("0 * * * *").Do(ClearStatsInfo)
 	s.Cron("0 * * * *").Do(ClearUserActLog)
 	s.Every(1).Day().At("00:00").Do(sessdata.CloseUserLimittimeSession)
 	s.Every(1).Day().At("00:00").Do(dbdata.ReNewCert)
 	s.StartAsync()
 }
--- a/server/dbdata/cert.go
+++ b/server/dbdata/cert.go
@@ -0,0 +1,411 @@
 package dbdata
 import (
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"errors"
 	"fmt"
 	"math/big"
 	"net"
 	"os"
 	"strings"
 	"sync"
 	"time"
 	"github.com/pion/dtls/v2/pkg/crypto/selfsign"
 	"github.com/bjdgyc/anylink/base"
 	"github.com/go-acme/lego/v4/certcrypto"
 	"github.com/go-acme/lego/v4/certificate"
 	"github.com/go-acme/lego/v4/challenge"
 	"github.com/go-acme/lego/v4/challenge/dns01"
 	"github.com/go-acme/lego/v4/lego"
 	"github.com/go-acme/lego/v4/providers/dns/alidns"
 	"github.com/go-acme/lego/v4/providers/dns/cloudflare"
 	"github.com/go-acme/lego/v4/providers/dns/tencentcloud"
 	"github.com/go-acme/lego/v4/registration"
 )
 var (
 	// nameToCertificate mutex
 	ntcMux            sync.RWMutex
 	nameToCertificate = make(map[string]*tls.Certificate)
 	tempCert          *tls.Certificate
 )
 func init() {
 	c, _ := selfsign.GenerateSelfSignedWithDNS("localhost")
 	tempCert = &c
 }
 type SettingLetsEncrypt struct {
 	Domain   string `json:"domain"`
 	Legomail string `json:"legomail"`
 	Name     string `json:"name"`
 	Renew    bool   `json:"renew"`
 	DNSProvider
 }
 type DNSProvider struct {
 	AliYun struct {
 		APIKey    string `json:"apiKey"`
 		SecretKey string `json:"secretKey"`
 	} `json:"aliyun"`
 	TXCloud struct {
 		SecretID  string `json:"secretId"`
 		SecretKey string `json:"secretKey"`
 	} `json:"txcloud"`
 	CfCloud struct {
 		AuthToken string `json:"authToken"`
 	} `json:"cfcloud"`
 }
 type LegoUserData struct {
 	Email        string                 `json:"email"`
 	Registration *registration.Resource `json:"registration"`
 	Key          []byte                 `json:"key"`
 }
 type LegoUser struct {
 	Email        string
 	Registration *registration.Resource
 	Key          *ecdsa.PrivateKey
 }
 type LeGoClient struct {
 	mutex  sync.Mutex
 	Client *lego.Client
 	Cert   *certificate.Resource
 	LegoUserData
 }
 func GetDNSProvider(l *SettingLetsEncrypt) (Provider challenge.Provider, err error) {
 	switch l.Name {
 	case "aliyun":
 		if Provider, err = alidns.NewDNSProviderConfig(&alidns.Config{APIKey: l.DNSProvider.AliYun.APIKey, SecretKey: l.DNSProvider.AliYun.SecretKey, PropagationTimeout: 60 * time.Second, PollingInterval: 2 * time.Second, TTL: 600}); err != nil {
 			return
 		}
 	case "txcloud":
 		if Provider, err = tencentcloud.NewDNSProviderConfig(&tencentcloud.Config{SecretID: l.DNSProvider.TXCloud.SecretID, SecretKey: l.DNSProvider.TXCloud.SecretKey, PropagationTimeout: 60 * time.Second, PollingInterval: 2 * time.Second, TTL: 600}); err != nil {
 			return
 		}
 	case "cfcloud":
 		if Provider, err = cloudflare.NewDNSProviderConfig(&cloudflare.Config{AuthToken: l.DNSProvider.CfCloud.AuthToken, PropagationTimeout: 60 * time.Second, PollingInterval: 2 * time.Second, TTL: 600}); err != nil {
 			return
 		}
 	}
 	return
 }
 func (u *LegoUser) GetEmail() string {
 	return u.Email
 }
 func (u LegoUser) GetRegistration() *registration.Resource {
 	return u.Registration
 }
 func (u *LegoUser) GetPrivateKey() crypto.PrivateKey {
 	return u.Key
 }
 func (l *LegoUserData) SaveUserData(u *LegoUser) error {
 	key, err := x509.MarshalECPrivateKey(u.Key)
 	if err != nil {
 		return err
 	}
 	l.Email = u.Email
 	l.Registration = u.Registration
 	l.Key = key
 	if err := SettingSet(l); err != nil {
 		return err
 	}
 	return nil
 }
 func (l *LegoUserData) GetUserData(d *SettingLetsEncrypt) (*LegoUser, error) {
 	if err := SettingGet(l); err != nil {
 		return nil, err
 	}
 	if l.Email != "" {
 		key, err := x509.ParseECPrivateKey(l.Key)
 		if err != nil {
 			return nil, err
 		}
 		return &LegoUser{
 			Email:        l.Email,
 			Registration: l.Registration,
 			Key:          key,
 		}, nil
 	}
 	privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	if err != nil {
 		return nil, err
 	}
 	return &LegoUser{
 		Email: d.Legomail,
 		Key:   privateKey,
 	}, nil
 }
 func ReNewCert() {
 	_, certtime, err := ParseCert()
 	if err != nil {
 		base.Error(err)
 		return
 	}
 	if certtime.AddDate(0, 0, -7).Before(time.Now()) {
 		config := &SettingLetsEncrypt{}
 		if err := SettingGet(config); err != nil {
 			base.Error(err)
 			return
 		}
 		if config.Renew {
 			client := &LeGoClient{}
 			if err := client.NewClient(config); err != nil {
 				base.Error(err)
 				return
 			}
 			if err := client.RenewCert(base.Cfg.CertFile, base.Cfg.CertKey); err != nil {
 				base.Error(err)
 				return
 			}
 			base.Info("证书续期成功")
 		}
 	} else {
 		base.Info(fmt.Sprintf("证书过期时间：%s", certtime.Local().Format("2006-1-2 15:04:05")))
 	}
 }
 func (c *LeGoClient) NewClient(l *SettingLetsEncrypt) error {
 	c.mutex.Lock()
 	defer c.mutex.Unlock()
 	legouser, err := c.GetUserData(l)
 	if err != nil {
 		return err
 	}
 	config := lego.NewConfig(legouser)
 	config.CADirURL = lego.LEDirectoryProduction
 	config.Certificate.KeyType = certcrypto.RSA2048
 	client, err := lego.NewClient(config)
 	if err != nil {
 		return err
 	}
 	Provider, err := GetDNSProvider(l)
 	if err != nil {
 		return err
 	}
 	if err := client.Challenge.SetDNS01Provider(Provider, dns01.AddRecursiveNameservers([]string{"223.6.6.6", "223.5.5.5"})); err != nil {
 		return err
 	}
 	if legouser.Registration == nil {
 		reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
 		if err != nil {
 			return err
 		}
 		legouser.Registration = reg
 		c.SaveUserData(legouser)
 	}
 	c.Client = client
 	return nil
 }
 func (c *LeGoClient) GetCert(domain string) error {
 	// 申请证书
 	certificates, err := c.Client.Certificate.Obtain(
 		certificate.ObtainRequest{
 			Domains: []string{domain},
 			Bundle:  true,
 		})
 	if err != nil {
 		return err
 	}
 	c.Cert = certificates
 	// 保存证书
 	if err := c.SaveCert(); err != nil {
 		return err
 	}
 	return nil
 }
 func (c *LeGoClient) RenewCert(certFile, keyFile string) error {
 	cert, err := os.ReadFile(certFile)
 	if err != nil {
 		return err
 	}
 	key, err := os.ReadFile(keyFile)
 	if err != nil {
 		return err
 	}
 	// 续期证书
 	renewcert, err := c.Client.Certificate.Renew(certificate.Resource{
 		Certificate: cert,
 		PrivateKey:  key,
 	}, true, false, "")
 	if err != nil {
 		return err
 	}
 	c.Cert = renewcert
 	// 保存更新证书
 	if err := c.SaveCert(); err != nil {
 		return err
 	}
 	return nil
 }
 func (c *LeGoClient) SaveCert() error {
 	err := os.WriteFile(base.Cfg.CertFile, c.Cert.Certificate, 0600)
 	if err != nil {
 		return err
 	}
 	err = os.WriteFile(base.Cfg.CertKey, c.Cert.PrivateKey, 0600)
 	if err != nil {
 		return err
 	}
 	if tlscert, _, err := ParseCert(); err != nil {
 		return err
 	} else {
 		LoadCertificate(tlscert)
 	}
 	return nil
 }
 func ParseCert() (*tls.Certificate, *time.Time, error) {
 	_, errCert := os.Stat(base.Cfg.CertFile)
 	_, errKey := os.Stat(base.Cfg.CertKey)
 	if os.IsNotExist(errCert) || os.IsNotExist(errKey) {
 		err := PrivateCert()
 		if err != nil {
 			return nil, nil, err
 		}
 	}
 	cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey)
 	if err != nil || errors.Is(err, os.ErrNotExist) {
 		PrivateCert()
 		return nil, nil, err
 	}
 	parseCert, err := x509.ParseCertificate(cert.Certificate[0])
 	if err != nil {
 		return nil, nil, err
 	}
 	return &cert, &parseCert.NotAfter, nil
 }
 func PrivateCert() error {
 	// 创建一个RSA密钥对
 	priv, _ := rsa.GenerateKey(rand.Reader, 2048)
 	pub := &priv.PublicKey
 	// 生成一个自签名证书
 	template := x509.Certificate{
 		SerialNumber:          big.NewInt(1658),
 		Subject:               pkix.Name{CommonName: "localhost"},
 		NotBefore:             time.Now(),
 		NotAfter:              time.Now().Add(time.Hour * 24 * 365),
 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
 		BasicConstraintsValid: true,
 		IPAddresses:           []net.IP{},
 	}
 	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, pub, priv)
 	if err != nil {
 		return err
 	}
 	// 将证书编码为PEM格式并将其写入文件
 	certOut, _ := os.OpenFile(base.Cfg.CertFile, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0600)
 	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
 	certOut.Close()
 	// 将私钥编码为PEM格式并将其写入文件
 	keyOut, _ := os.OpenFile(base.Cfg.CertKey, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
 	keyOut.Close()
 	cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey)
 	if err != nil {
 		return err
 	}
 	LoadCertificate(&cert)
 	return nil
 }
 func getTempCertificate() (*tls.Certificate, error) {
 	var err error
 	var cert tls.Certificate
 	if tempCert == nil {
 		cert, err = selfsign.GenerateSelfSignedWithDNS("localhost")
 		tempCert = &cert
 	}
 	return tempCert, err
 }
 func GetCertificateBySNI(commonName string) (*tls.Certificate, error) {
 	ntcMux.RLock()
 	defer ntcMux.RUnlock()
 	// Copy from tls.Config getCertificate()
 	name := strings.ToLower(commonName)
 	if cert, ok := nameToCertificate[name]; ok {
 		return cert, nil
 	}
 	if len(name) > 0 {
 		labels := strings.Split(name, ".")
 		labels[0] = "*"
 		wildcardName := strings.Join(labels, ".")
 		if cert, ok := nameToCertificate[wildcardName]; ok {
 			return cert, nil
 		}
 	}
 	// TODO 默认证书 兼容不支持 SNI 的客户端
 	if cert, ok := nameToCertificate["default"]; ok {
 		return cert, nil
 	}
 	return getTempCertificate()
 }
 func LoadCertificate(cert *tls.Certificate) {
 	buildNameToCertificate(cert)
 }
 // Copy from tls.Config BuildNameToCertificate()
 func buildNameToCertificate(cert *tls.Certificate) {
 	ntcMux.Lock()
 	defer ntcMux.Unlock()
 	// TODO 设置默认证书
 	nameToCertificate["default"] = cert
 	x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
 	if err != nil {
 		return
 	}
 	startTime := x509Cert.NotBefore.String()
 	expiredTime := x509Cert.NotAfter.String()
 	if x509Cert.Subject.CommonName != "" && len(x509Cert.DNSNames) == 0 {
 		commonName := x509Cert.Subject.CommonName
 		fmt.Printf("┏ Load Certificate: %s\n", commonName)
 		fmt.Printf("┠╌╌ Start Time:     %s\n", startTime)
 		fmt.Printf("┖╌╌ Expired Time:   %s\n", expiredTime)
 		nameToCertificate[commonName] = cert
 	}
 	for _, san := range x509Cert.DNSNames {
 		fmt.Printf("┏ Load Certificate: %s\n", san)
 		fmt.Printf("┠╌╌ Start Time:     %s\n", startTime)
 		fmt.Printf("┖╌╌ Expired Time:   %s\n", expiredTime)
 		nameToCertificate[san] = cert
 	}
 }
 // func Scrypt(passwd string) string {
 // 	salt := []byte{0xc8, 0x28, 0xf2, 0x58, 0xa7, 0x6a, 0xad, 0x7b}
 // 	hashPasswd, err := scrypt.Key([]byte(passwd), salt, 1<<15, 8, 1, 32)
 // 	if err != nil {
 // 		return err.Error()
 // 	}
 // 	return base64.StdEncoding.EncodeToString(hashPasswd)
 // }
--- a/server/dbdata/db.go
+++ b/server/dbdata/db.go
@@ -99,6 +99,24 @@ func addInitData() error {
 		return err
 	}
 	// SettingDnsProvider
 	provider := &SettingLetsEncrypt{
 		Domain:      "vpn.xxx.com",
 		Legomail:    "legomail",
 		Name:        "aliyun",
 		Renew:       false,
 		DNSProvider: DNSProvider{},
 	}
 	err = SettingSessAdd(sess, provider)
 	if err != nil {
 		return err
 	}
 	// LegoUser
 	legouser := &LegoUserData{}
 	err = SettingSessAdd(sess, legouser)
 	if err != nil {
 		return err
 	}
 	// SettingOther
 	other := &SettingOther{
 		LinkAddr:    "vpn.xx.com",
--- a/server/dbdata/db_orm.go
+++ b/server/dbdata/db_orm.go
@@ -75,6 +75,11 @@ func Find(data interface{}, limit, page int) error {
 	return xdb.Limit(limit, start).Find(data)
 }
 func FindWhereCount(data interface{}, where string, args ...interface{}) int {
 	n, _ := xdb.Where(where, args...).Count(data)
 	return int(n)
 }
 func FindWhere(data interface{}, limit int, page int, where string, args ...interface{}) error {
 	if limit == 0 {
 		return xdb.Where(where, args...).Find(data)
--- a/server/dbdata/group.go
+++ b/server/dbdata/group.go
@@ -117,11 +117,18 @@ func SetGroup(g *Group) error {
 				continue
 			}
-			ipMask, _, err := parseIpNet(v.Val)
+			ipMask, ipNet, err := parseIpNet(v.Val)
 			if err != nil {
 				return errors.New("RouteInclude 错误" + err.Error())
 			}
 			// 给Mac系统下发路由时，必须是标准的网络地址
 			if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
 				errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误，建议： %s 改为 %s", v.Val, ipNet)
 				return errors.New(errMsg)
 			}
 			v.IpMask = ipMask
 			routeInclude = append(routeInclude, v)
 		}
@@ -130,10 +137,16 @@ func SetGroup(g *Group) error {
 	routeExclude := []ValData{}
 	for _, v := range g.RouteExclude {
 		if v.Val != "" {
-			ipMask, _, err := parseIpNet(v.Val)
+			ipMask, ipNet, err := parseIpNet(v.Val)
 			if err != nil {
 				return errors.New("RouteExclude 错误" + err.Error())
 			}
 			if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
 				errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误，建议： %s 改为 %s", v.Val, ipNet)
 				return errors.New(errMsg)
 			}
 			v.IpMask = ipMask
 			routeExclude = append(routeExclude, v)
 		}
@@ -225,6 +238,21 @@ func SetGroup(g *Group) error {
 	return err
 }
 func GroupAuthLogin(name, pwd string, authData map[string]interface{}) error {
 	g := &Group{Auth: authData}
 	authType := g.Auth["type"].(string)
 	if _, ok := authRegistry[authType]; !ok {
 		return errors.New("未知的认证方式: " + authType)
 	}
 	auth := makeInstance(authType).(IUserAuth)
 	err := auth.checkData(g.Auth)
 	if err != nil {
 		return err
 	}
 	err = auth.checkUser(name, pwd, g)
 	return err
 }
 func parseIpNet(s string) (string, *net.IPNet, error) {
 	ip, ipNet, err := net.ParseCIDR(s)
 	if err != nil {
--- a/server/dbdata/group_test.go
+++ b/server/dbdata/group_test.go
@@ -51,6 +51,7 @@ func TestGetGroupNames(t *testing.T) {
 			"bind_name":    "userfind@abc.com",
 			"bind_pwd":     "afdbfdsafds",
 			"base_dn":      "dc=abc,dc=com",
 			"object_class": "person",
 			"search_attr":  "sAMAccountName",
 			"member_of":    "cn=vpn,cn=user,dc=abc,dc=com",
 		},
--- a/server/dbdata/ip_map.go
+++ b/server/dbdata/ip_map.go
@@ -2,20 +2,22 @@ package dbdata
 import (
 	"errors"
 	"net"
 	"time"
 )
-// type IpMap struct {
+type IpMap struct {
-// 	Id        int       `json:"id" xorm:"pk autoincr not null"`
+	Id        int       `json:"id" xorm:"pk autoincr not null"`
-// 	IpAddr    string    `json:"ip_addr" xorm:"not null unique"`
+	IpAddr    string    `json:"ip_addr" xorm:"varchar(32) not null unique"`
-// 	MacAddr   string    `json:"mac_addr" xorm:"not null unique"`
+	MacAddr   string    `json:"mac_addr" xorm:"varchar(32) not null unique"`
-// 	Username  string    `json:"username"`
+	UniqueMac bool      `json:"unique_mac" xorm:"Bool index"`
-// 	Keep      bool      `json:"keep"` // 保留 ip-mac 绑定
+	Username  string    `json:"username" xorm:"varchar(60)"`
-// 	KeepTime  time.Time `json:"keep_time"`
+	Keep      bool      `json:"keep" xorm:"Bool"` // 保留 ip-mac 绑定
-// 	Note      string    `json:"note"` // 备注
+	KeepTime  time.Time `json:"keep_time" xorm:"DateTime"`
-// 	LastLogin time.Time `json:"last_login"`
+	Note      string    `json:"note" xorm:"varchar(255)"` // 备注
-// 	UpdatedAt time.Time `json:"updated_at"`
+	LastLogin time.Time `json:"last_login" xorm:"DateTime"`
-// }
+	UpdatedAt time.Time `json:"updated_at" xorm:"DateTime updated"`
 }
 func SetIpMap(v *IpMap) error {
 	var err error
@@ -24,6 +26,13 @@ func SetIpMap(v *IpMap) error {
 		return errors.New("IP或MAC错误")
 	}
 	macHw, err := net.ParseMAC(v.MacAddr)
 	if err != nil {
 		return errors.New("MAC错误")
 	}
 	// 统一macAddr的格式
 	v.MacAddr = macHw.String()
 	v.UpdatedAt = time.Now()
 	if v.Id > 0 {
 		err = Set(v)
--- a/server/dbdata/policy.go
+++ b/server/dbdata/policy.go
@@ -2,6 +2,7 @@ package dbdata
 import (
 	"errors"
 	"fmt"
 	"net"
 	"strings"
 	"time"
@@ -31,11 +32,16 @@ func SetPolicy(p *Policy) error {
 				continue
 			}
-			ipMask, _, err := parseIpNet(v.Val)
+			ipMask, ipNet, err := parseIpNet(v.Val)
 			if err != nil {
 				return errors.New("RouteInclude 错误" + err.Error())
 			}
 			if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
 				errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误，建议： %s 改为 %s", v.Val, ipNet)
 				return errors.New(errMsg)
 			}
 			v.IpMask = ipMask
 			routeInclude = append(routeInclude, v)
 		}
@@ -45,10 +51,15 @@ func SetPolicy(p *Policy) error {
 	routeExclude := []ValData{}
 	for _, v := range p.RouteExclude {
 		if v.Val != "" {
-			ipMask, _, err := parseIpNet(v.Val)
+			ipMask, ipNet, err := parseIpNet(v.Val)
 			if err != nil {
 				return errors.New("RouteExclude 错误" + err.Error())
 			}
 			if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
 				errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误，建议： %s 改为 %s", v.Val, ipNet)
 				return errors.New(errMsg)
 			}
 			v.IpMask = ipMask
 			routeExclude = append(routeExclude, v)
 		}
--- a/server/dbdata/policy_test.go
+++ b/server/dbdata/policy_test.go
@@ -21,19 +21,19 @@ func TestGetPolicy(t *testing.T) {
 	err = SetPolicy(&p2)
 	ast.Nil(err)
-	route := []ValData{{Val: "192.168.1.1/24"}}
+	route := []ValData{{Val: "192.168.1.0/24"}}
 	p3 := Policy{Username: "a3", ClientDns: []ValData{{Val: "114.114.114.114"}}, RouteInclude: route, DsExcludeDomains: "com.cn,qq.com"}
 	err = SetPolicy(&p3)
 	ast.Nil(err)
 	// 判断 IpMask
-	ast.Equal(p3.RouteInclude[0].IpMask, "192.168.1.1/255.255.255.0")
+	ast.Equal(p3.RouteInclude[0].IpMask, "192.168.1.0/255.255.255.0")
-	route2 := []ValData{{Val: "192.168.2.1/24"}}
+	route2 := []ValData{{Val: "192.168.2.0/24"}}
 	p4 := Policy{Username: "a4", ClientDns: []ValData{{Val: "114.114.114.114"}}, RouteExclude: route2, DsIncludeDomains: "com.cn,qq.com"}
 	err = SetPolicy(&p4)
 	ast.Nil(err)
 	// 判断 IpMask
-	ast.Equal(p4.RouteExclude[0].IpMask, "192.168.2.1/255.255.255.0")
+	ast.Equal(p4.RouteExclude[0].IpMask, "192.168.2.0/255.255.255.0")
 	// 判断所有数据
 	var userPolicy *Policy
--- a/server/dbdata/setting.go
+++ b/server/dbdata/setting.go
@@ -49,7 +49,6 @@ func SettingSessAdd(sess *xorm.Session, data interface{}) error {
 	v, _ := json.Marshal(data)
 	s := &Setting{Name: name, Data: v}
 	_, err := sess.InsertOne(s)
 	return err
 }
@@ -63,7 +62,7 @@ func SettingSet(data interface{}) error {
 func SettingGet(data interface{}) error {
 	name := StructName(data)
-	s := &Setting{Name: name}
+	s := &Setting{}
 	err := One("name", name, s)
 	if err != nil {
 		return err
--- a/server/dbdata/tables.go
+++ b/server/dbdata/tables.go
@@ -30,7 +30,7 @@ type User struct {
 	Email    string `json:"email" xorm:"varchar(255)"`
 	// Password  string    `json:"password"`
 	PinCode    string     `json:"pin_code" xorm:"varchar(32)"`
-	LimitTime  *time.Time `json:"limittime,omitempty" xorm:"Datetime limittime"` //值为null时，前端不显示
+	LimitTime  *time.Time `json:"limittime,omitempty" xorm:"Datetime limittime"` // 值为null时，前端不显示
 	OtpSecret  string     `json:"otp_secret" xorm:"varchar(255)"`
 	DisableOtp bool       `json:"disable_otp" xorm:"Bool"` // 禁用otp
 	Groups     []string   `json:"groups" xorm:"Text"`
@@ -56,19 +56,6 @@ type UserActLog struct {
 	CreatedAt       time.Time `json:"created_at" xorm:"DateTime created"`
 }
 type IpMap struct {
 	Id        int       `json:"id" xorm:"pk autoincr not null"`
 	IpAddr    string    `json:"ip_addr" xorm:"varchar(32) not null unique"`
 	MacAddr   string    `json:"mac_addr" xorm:"varchar(32) not null unique"`
 	UniqueMac bool      `json:"unique_mac" xorm:"Bool index"`
 	Username  string    `json:"username" xorm:"varchar(60)"`
 	Keep      bool      `json:"keep" xorm:"Bool"` // 保留 ip-mac 绑定
 	KeepTime  time.Time `json:"keep_time" xorm:"DateTime"`
 	Note      string    `json:"note" xorm:"varchar(255)"` // 备注
 	LastLogin time.Time `json:"last_login" xorm:"DateTime"`
 	UpdatedAt time.Time `json:"updated_at" xorm:"DateTime updated"`
 }
 type Setting struct {
 	Id        int             `json:"id" xorm:"pk autoincr not null"`
 	Name      string          `json:"name" xorm:"varchar(60) not null unique"`
--- a/server/dbdata/user.go
+++ b/server/dbdata/user.go
@@ -186,7 +186,7 @@ func checkOtp(name, otp, secret string) bool {
 	totp := gotp.NewDefaultTOTP(secret)
 	unix := time.Now().Unix()
-	verify := totp.Verify(otp, int(unix))
+	verify := totp.Verify(otp, unix)
 	return verify
 }
--- a/server/dbdata/user_act_log.go
+++ b/server/dbdata/user_act_log.go
@@ -22,6 +22,7 @@ const (
 	UserLogoutTimeout = 3 // 用户超时登出
 	UserLogoutAdmin   = 4 // 账号被管理员踢下线
 	UserLogoutExpire  = 5 // 账号过期被踢下线
 	UserIdleTimeout   = 6 // 用户空闲链接超时
 )
 type UserActLogProcess struct {
@@ -62,6 +63,7 @@ var (
 			UserLogoutTimeout: "Session过期被踢下线",
 			UserLogoutAdmin:   "账号被管理员踢下线",
 			UserLogoutExpire:  "账号过期被踢下线",
 			UserIdleTimeout:   "用户空闲链接超时",
 		},
 	}
 )
@@ -155,7 +157,7 @@ func (ua *UserActLogProcess) ParseUserAgent(userAgent string) (os_idx, client_id
 	} else if strings.Contains(userAgent, "anylink") {
 		client_idx = 3
 	}
-	// Verion
+	// Version
 	uaSlice := strings.Split(userAgent, " ")
 	ver = uaSlice[len(uaSlice)-1]
 	if ver[0] == 'v' {
--- a/server/dbdata/user_test.go
+++ b/server/dbdata/user_test.go
@@ -17,12 +17,12 @@ func TestCheckUser(t *testing.T) {
 	// 添加一个组
 	dns := []ValData{{Val: "114.114.114.114"}}
-	route := []ValData{{Val: "192.168.1.1/24"}}
+	route := []ValData{{Val: "192.168.1.0/24"}}
 	g := Group{Name: group, Status: 1, ClientDns: dns, RouteInclude: route}
 	err := SetGroup(&g)
 	ast.Nil(err)
 	// 判断 IpMask
-	ast.Equal(g.RouteInclude[0].IpMask, "192.168.1.1/255.255.255.0")
+	ast.Equal(g.RouteInclude[0].IpMask, "192.168.1.0/255.255.255.0")
 	// 添加一个用户
 	u := User{Username: "aaa", Groups: []string{group}, Status: 1}
@@ -59,7 +59,7 @@ func TestCheckUser(t *testing.T) {
 	}
 	// 添加用户策略
 	dns2 := []ValData{{Val: "8.8.8.8"}}
-	route2 := []ValData{{Val: "192.168.2.1/24"}}
+	route2 := []ValData{{Val: "192.168.2.0/24"}}
 	p1 := Policy{Username: "aaa", Status: 1, ClientDns: dns2, RouteInclude: route2}
 	err = SetPolicy(&p1)
 	ast.Nil(err)
@@ -75,6 +75,7 @@ func TestCheckUser(t *testing.T) {
 			"bind_name":    "userfind@abc.com",
 			"bind_pwd":     "afdbfdsafds",
 			"base_dn":      "dc=abc,dc=com",
 			"object_class": "person",
 			"search_attr":  "sAMAccountName",
 			"member_of":    "cn=vpn,cn=user,dc=abc,dc=com",
 		},
--- a/server/dbdata/userauth_ldap.go
+++ b/server/dbdata/userauth_ldap.go
@@ -20,6 +20,7 @@ type AuthLdap struct {
 	BindName    string `json:"bind_name"`
 	BindPwd     string `json:"bind_pwd"`
 	BaseDn      string `json:"base_dn"`
 	ObjectClass string `json:"object_class"`
 	SearchAttr  string `json:"search_attr"`
 	MemberOf    string `json:"member_of"`
 }
@@ -40,7 +41,7 @@ func (auth AuthLdap) checkData(authData map[string]interface{}) error {
 		return errors.New("LDAP的服务器地址(含端口)填写有误")
 	}
 	if auth.BindName == "" {
-		return errors.New("LDAP的管理员账号不能为空")
+		return errors.New("LDAP的管理员 DN不能为空")
 	}
 	if auth.BindPwd == "" {
 		return errors.New("LDAP的管理员密码不能为空")
@@ -48,6 +49,9 @@ func (auth AuthLdap) checkData(authData map[string]interface{}) error {
 	if auth.BaseDn == "" || !ValidateDN(auth.BaseDn) {
 		return errors.New("LDAP的Base DN填写有误")
 	}
 	if auth.ObjectClass == "" {
 		return errors.New("LDAP的用户对象类填写有误")
 	}
 	if auth.SearchAttr == "" {
 		return errors.New("LDAP的用户唯一ID不能为空")
 	}
@@ -94,9 +98,12 @@ func (auth AuthLdap) checkUser(name, pwd string, g *Group) error {
 	}
 	err = l.Bind(auth.BindName, auth.BindPwd)
 	if err != nil {
-		return fmt.Errorf("%s LDAP 管理员账号或密码填写有误 %s", name, err.Error())
+		return fmt.Errorf("%s LDAP 管理员 DN或密码填写有误 %s", name, err.Error())
 	}
-	filterAttr := "(objectClass=person)"
+	if auth.ObjectClass == "" {
 		auth.ObjectClass = "person"
 	}
 	filterAttr := "(objectClass=" + auth.ObjectClass + ")"
 	filterAttr += "(" + auth.SearchAttr + "=" + name + ")"
 	if auth.MemberOf != "" {
 		filterAttr += "(memberOf:=" + auth.MemberOf + ")"
--- a/server/go.mod
+++ b/server/go.mod
@@ -1,84 +1,107 @@
 module github.com/bjdgyc/anylink
-go 1.18
+go 1.20
 require (
-	github.com/arl/statsviz v0.5.1
+	github.com/arl/statsviz v0.6.0
 	github.com/deckarep/golang-set v1.8.0
-	github.com/go-co-op/gocron v1.17.0
+	github.com/go-acme/lego/v4 v4.14.2
 	github.com/go-co-op/gocron v1.37.0
 	github.com/go-ldap/ldap v3.0.3+incompatible
-	github.com/go-sql-driver/mysql v1.6.0
+	github.com/go-sql-driver/mysql v1.7.1
-	github.com/gocarina/gocsv v0.0.0-20220712153207-8b2118da4570
+	github.com/gocarina/gocsv v0.0.0-20231116093920-b87c2d0e983a
-	github.com/golang-jwt/jwt/v4 v4.0.0
+	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/google/gopacket v1.1.19
-	github.com/gorilla/handlers v1.5.1
+	github.com/gorilla/handlers v1.5.2
-	github.com/gorilla/mux v1.8.0
+	github.com/gorilla/mux v1.8.1
 	github.com/ivpusic/grpool v1.0.0
-	github.com/lib/pq v1.10.2
+	github.com/lanrenwo/lzsgo v0.0.2
-	github.com/mattn/go-sqlite3 v1.14.9
+	github.com/lib/pq v1.10.9
 	github.com/mattn/go-sqlite3 v1.14.19
 	github.com/orcaman/concurrent-map v1.0.0
-	github.com/pion/dtls/v2 v2.1.5
+	github.com/pion/dtls/v2 v2.2.9
 	github.com/pion/logging v0.2.2
-	github.com/pires/go-proxyproto v0.6.2
+	github.com/pires/go-proxyproto v0.7.0
-	github.com/shirou/gopsutil v3.21.7+incompatible
+	github.com/shirou/gopsutil v3.21.11+incompatible
 	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
 	github.com/songgao/packets v0.0.0-20160404182456-549a10cd4091
 	github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8
-	github.com/spf13/cast v1.3.1
+	github.com/spf13/cast v1.6.0
-	github.com/spf13/cobra v1.2.1
+	github.com/spf13/cobra v1.8.0
-	github.com/spf13/viper v1.8.1
+	github.com/spf13/viper v1.18.2
-	github.com/stretchr/testify v1.8.0
+	github.com/stretchr/testify v1.8.4
-	github.com/xhit/go-simple-mail/v2 v2.10.0
+	github.com/xhit/go-simple-mail/v2 v2.16.0
-	github.com/xlzd/gotp v0.0.0-20181030022105-c8557ba2c119
+	github.com/xlzd/gotp v0.1.0
-	github.com/xuri/excelize/v2 v2.6.1
+	github.com/xuri/excelize/v2 v2.8.0
-	go.uber.org/atomic v1.10.0
+	go.uber.org/atomic v1.11.0
-	golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8
+	golang.org/x/crypto v0.18.0
-	golang.org/x/net v0.0.0-20220812174116-3211cb980234
+	golang.org/x/net v0.20.0
-	golang.org/x/text v0.3.7
+	golang.org/x/text v0.14.0
-	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
+	golang.org/x/time v0.5.0
-	layeh.com/radius v0.0.0-20210819152912-ad72663a72ab
+	layeh.com/radius v0.0.0-20231213012653-1006025d24f8
-	xorm.io/xorm v1.3.2
+	xorm.io/xorm v1.3.7
 )
 require (
-	github.com/StackExchange/wmi v1.2.1 // indirect
+	github.com/aliyun/alibaba-cloud-sdk-go v1.62.664 // indirect
-	github.com/coreos/go-iptables v0.6.0
+	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/cloudflare/cloudflare-go v0.86.0 // indirect
-	github.com/felixge/httpsnoop v1.0.1 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/fsnotify/fsnotify v1.4.9 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
-	github.com/go-ole/go-ole v1.2.5 // indirect
+	github.com/go-test/deep v1.1.0 // indirect
-	github.com/goccy/go-json v0.8.1 // indirect
+	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/uuid v1.5.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/miekg/dns v1.1.58 // indirect
 	github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
 	github.com/pelletier/go-toml/v2 v2.1.1 // indirect
 	github.com/pion/transport/v2 v2.2.4 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.846 // indirect
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.846 // indirect
 	github.com/toorop/go-dkim v0.0.0-20240103092955-90b7d1423f92 // indirect
 	github.com/yusufpapurcu/wmi v1.2.3 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect
 	golang.org/x/mod v0.14.0 // indirect
 	golang.org/x/tools v0.17.0 // indirect
 )
 require (
 	github.com/coreos/go-iptables v0.7.0
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
-	github.com/gorilla/websocket v1.4.2 // indirect
+	github.com/gorilla/websocket v1.5.1 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/magiconair/properties v1.8.5 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
-	github.com/mitchellh/mapstructure v1.4.1 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
-	github.com/pelletier/go-toml v1.9.3 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/pion/transport v0.13.0 // indirect
 	github.com/pion/udp v0.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/richardlehane/mscfb v1.0.4 // indirect
 	github.com/richardlehane/msoleps v1.0.3 // indirect
 	github.com/robfig/cron/v3 v3.0.1 // indirect
-	github.com/spf13/afero v1.6.0 // indirect
+	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/subosito/gotenv v1.2.0 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/syndtr/goleveldb v1.0.0 // indirect
-	github.com/tklauser/go-sysconf v0.3.7 // indirect
+	github.com/tklauser/go-sysconf v0.3.13 // indirect
-	github.com/tklauser/numcpus v0.2.3 // indirect
+	github.com/tklauser/numcpus v0.7.0 // indirect
-	github.com/xuri/efp v0.0.0-20220603152613-6918739fd470 // indirect
+	github.com/xuri/efp v0.0.0-20231025114914-d1ff6096ae53 // indirect
-	github.com/xuri/nfp v0.0.0-20220409054826-5e722a1d9e22 // indirect
+	github.com/xuri/nfp v0.0.0-20230919160717-d98342af3f05 // indirect
-	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
+	golang.org/x/sys v0.16.0 // indirect
 	golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 // indirect
 	gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
-	gopkg.in/ini.v1 v1.62.0 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	xorm.io/builder v0.3.11-0.20220531020008-1bd24a7dc978 // indirect
+	xorm.io/builder v0.3.13 // indirect
 )
--- a/server/go.sum
+++ b/server/go.sum
--- a/server/handler/dtls.go
+++ b/server/handler/dtls.go
@@ -2,10 +2,13 @@ package handler
 import (
 	"context"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/tls"
 	"encoding/hex"
 	"errors"
 	"net"
 	"strings"
 	"time"
 	"github.com/bjdgyc/anylink/base"
@@ -20,10 +23,13 @@ func startDtls() {
 		return
 	}
-	certificate, err := selfsign.GenerateSelfSigned()
+	// rsa 兼容 open connect
 	priv, _ := rsa.GenerateKey(rand.Reader, 2048)
 	certificate, err := selfsign.SelfSign(priv)
 	if err != nil {
 		panic(err)
 	}
 	logf := logging.NewDefaultLoggerFactory()
 	logf.Writer = base.GetBaseLw()
 	// logf.DefaultLogLevel = logging.LogLevelTrace
@@ -34,9 +40,14 @@ func startDtls() {
 	config := &dtls.Config{
 		Certificates:         []tls.Certificate{certificate},
 		InsecureSkipVerify:   true,
 		ExtendedMasterSecret: dtls.DisableExtendedMasterSecret,
-		CipherSuites:         []dtls.CipherSuiteID{dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
+		CipherSuites: func() []dtls.CipherSuiteID {
 			var cs = []dtls.CipherSuiteID{}
 			for _, vv := range dtlsCipherSuites {
 				cs = append(cs, vv)
 			}
 			return cs
 		}(),
 		LoggerFactory: logf,
 		MTU:           BufferSize,
 		SessionStore:  sessStore,
@@ -98,3 +109,23 @@ func (ms *sessionStore) Get(key []byte) (dtls.Session, error) {
 func (ms *sessionStore) Del(key []byte) error {
 	return nil
 }
 // 客户端和服务端映射 X-DTLS12-CipherSuite
 var dtlsCipherSuites = map[string]dtls.CipherSuiteID{
 	// "ECDHE-ECDSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
 	// "ECDHE-ECDSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 	"ECDHE-RSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 	"ECDHE-RSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 }
 func checkDtls12Ciphersuite(ciphersuite string) string {
 	csArr := strings.Split(ciphersuite, ":")
 	for _, v := range csArr {
 		if _, ok := dtlsCipherSuites[v]; ok {
 			return v
 		}
 	}
 	// 返回默认值
 	return "ECDHE-RSA-AES128-GCM-SHA256"
 }
--- a/server/handler/link_auth.go
+++ b/server/handler/link_auth.go
@@ -1,12 +1,14 @@
 package handler
 import (
 	"bytes"
 	"crypto/md5"
 	"encoding/xml"
 	"fmt"
 	"io"
 	"net"
 	"net/http"
 	"net/http/httputil"
 	"strings"
 	"text/template"
@@ -19,9 +21,10 @@ var profileHash = ""
 func LinkAuth(w http.ResponseWriter, r *http.Request) {
 	// TODO 调试信息输出
-	//hd, _ := httputil.DumpRequest(r, true)
+	if base.GetLogLevel() == base.LogLevelTrace {
-	//base.Debug("DumpRequest: ", string(hd))
+		hd, _ := httputil.DumpRequest(r, true)
-
+		base.Trace("LinkAuth: ", string(hd))
 	}
 	// 判断anyconnect客户端
 	userAgent := strings.ToLower(r.UserAgent())
 	xAggregateAuth := r.Header.Get("X-Aggregate-Auth")
@@ -47,7 +50,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	// fmt.Printf("%+v \n", cr)
-	setCommonHeader(w)
+	// setCommonHeader(w)
 	if cr.Type == "logout" {
 		// 退出删除session信息
 		if cr.SessionToken != "" {
@@ -88,6 +91,9 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
 		data := RequestData{Group: cr.GroupSelect, Groups: dbdata.GetGroupNamesNormal(), Error: "用户名或密码错误"}
 		if base.Cfg.DisplayError {
 			data.Error = err.Error()
 		}
 		tplRequest(tpl_request, w, data)
 		return
 	}
@@ -103,7 +109,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 	sess := sessdata.NewSession("")
 	sess.Username = cr.Auth.Username
 	sess.Group = cr.GroupSelect
-	sess.MacAddr = strings.ToLower(cr.MacAddressList.MacAddress)
+	oriMac := cr.MacAddressList.MacAddress
 	sess.UniqueIdGlobal = cr.DeviceId.UniqueIdGlobal
 	sess.UserAgent = userAgent
 	sess.DeviceType = ua.DeviceType
@@ -111,7 +117,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 	sess.RemoteAddr = r.RemoteAddr
 	// 获取客户端mac地址
 	sess.UniqueMac = true
-	macHw, err := net.ParseMAC(sess.MacAddr)
+	macHw, err := net.ParseMAC(oriMac)
 	if err != nil {
 		var sum [16]byte
 		if sess.UniqueIdGlobal != "" {
@@ -125,6 +131,9 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 		sess.MacAddr = macHw.String()
 	}
 	sess.MacHw = macHw
 	// 统一macAddr的格式
 	sess.MacAddr = macHw.String()
 	other := &dbdata.SettingOther{}
 	_ = dbdata.SettingGet(other)
 	rd := RequestData{SessionId: sess.Sid, SessionToken: sess.Sid + "@" + sess.Token,
@@ -146,10 +155,12 @@ func tplRequest(typ int, w io.Writer, data RequestData) {
 		return
 	}
-	if strings.Contains(data.Banner, "\n") {
+	if data.Banner != "" {
-		// 替换xml文件的换行符
+		buf := new(bytes.Buffer)
-		data.Banner = strings.ReplaceAll(data.Banner, "\n", "&#x0A;")
+		_ = xml.EscapeText(buf, []byte(data.Banner))
 		data.Banner = buf.String()
 	}
 	t, _ := template.New("auth_complete").Parse(auth_complete)
 	_ = t.Execute(w, data)
 }
--- a/server/handler/link_base.go
+++ b/server/handler/link_base.go
@@ -3,7 +3,6 @@ package handler
 import (
 	"encoding/xml"
 	"log"
 	"net/http"
 	"os/exec"
 )
@@ -42,28 +41,6 @@ type macAddressList struct {
 	MacAddress string `xml:"mac-address"`
 }
 func setCommonHeader(w http.ResponseWriter) {
 	// Content-Length Date 默认已经存在
 	w.Header().Set("Server", "AnyLink")
 	w.Header().Set("Content-Type", "text/html; charset=utf-8")
 	w.Header().Set("Cache-Control", "no-store,no-cache")
 	w.Header().Set("Pragma", "no-cache")
 	w.Header().Set("Transfer-Encoding", "chunked")
 	w.Header().Set("Connection", "keep-alive")
 	w.Header().Set("X-Frame-Options", "deny")
 	w.Header().Set("X-Content-Type-Options", "nosniff")
 	w.Header().Set("Content-Security-Policy", "default-src 'none'")
 	w.Header().Set("X-Permitted-Cross-Domain-Policies", "none")
 	w.Header().Set("Referrer-Policy", "no-referrer")
 	w.Header().Set("Clear-Site-Data", "cache,cookies,storage")
 	w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
 	w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
 	w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
 	w.Header().Set("X-XSS-Protection", "0")
 	w.Header().Set("X-Aggregate-Auth", "1")
 	w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
 }
 func execCmd(cmdStrs []string) error {
 	for _, cmdStr := range cmdStrs {
 		cmd := exec.Command("sh", "-c", cmdStr)
--- a/server/handler/link_cstp.go
+++ b/server/handler/link_cstp.go
@@ -24,7 +24,10 @@ func LinkCstp(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessio
 		err       error
 		n         int
 		dataLen   uint16
-		dead    = time.Duration(cSess.CstpDpd+5) * time.Second
+		dead      = time.Second * time.Duration(cSess.CstpDpd+5)
 		idle      = time.Second * time.Duration(base.Cfg.IdleTimeout)
 		checkIdle = base.Cfg.IdleTimeout > 0
 		lastTime  time.Time
 	)
 	go cstpWrite(conn, bufRW, cSess)
@@ -55,18 +58,44 @@ func LinkCstp(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessio
 		case 0x07: // KEEPALIVE
 			// do nothing
 			// base.Debug("recv keepalive", cSess.IpAddr)
 			// 判断超时时间
 			if checkIdle {
 				lastTime = cSess.LastDataTime.Load()
 				if lastTime.Before(utils.NowSec().Add(-idle)) {
 					base.Warn("IdleTimeout", cSess.Username, cSess.IpAddr, "lastTime", lastTime)
 					sessdata.CloseSess(cSess.Sess.Token, dbdata.UserIdleTimeout)
 					return
 				}
 			}
 		case 0x05: // DISCONNECT
 			cSess.UserLogoutCode = dbdata.UserLogoutClient
 			base.Debug("DISCONNECT", cSess.Username, cSess.IpAddr)
 			sessdata.CloseSess(cSess.Sess.Token, dbdata.UserLogoutClient)
 			return
 		case 0x03: // DPD-REQ
 			// base.Debug("recv DPD-REQ", cSess.IpAddr)
 			pl.PType = 0x04
 			pl.Data = pl.Data[:n]
 			if payloadOutCstp(cSess, pl) {
 				return
 			}
 		case 0x04:
 		// log.Println("recv DPD-RESP")
 		case 0x08: // decompress
 			if cSess.CstpPickCmp == nil {
 				continue
 			}
 			dst := getByteFull()
 			nn, err := cSess.CstpPickCmp.Uncompress(pl.Data[8:], *dst)
 			if err != nil {
 				putByte(dst)
 				base.Error("cstp decompress error", err, nn)
 				continue
 			}
 			binary.BigEndian.PutUint16(pl.Data[4:6], uint16(nn))
 			pl.Data = append(pl.Data[:8], (*dst)[:nn]...)
 			putByte(dst)
 			fallthrough
 		case 0x00: // DATA
 			// 获取数据长度
 			dataLen = binary.BigEndian.Uint16(pl.Data[4:6]) // 4,5
@@ -83,6 +112,8 @@ func LinkCstp(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessio
 			if payloadIn(cSess, pl) {
 				return
 			}
 			// 只记录返回正确的数据时间
 			cSess.LastDataTime.Store(utils.NowSec())
 		}
 	}
 }
@@ -112,6 +143,20 @@ func cstpWrite(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessi
 		}
 		if pl.PType == 0x00 {
 			isCompress := false
 			if cSess.CstpPickCmp != nil && len(pl.Data) > base.Cfg.NoCompressLimit {
 				dst := getByteFull()
 				size, err := cSess.CstpPickCmp.Compress(pl.Data, (*dst)[8:])
 				if err == nil && size < len(pl.Data) {
 					copy((*dst)[:8], plHeader)
 					binary.BigEndian.PutUint16((*dst)[4:6], uint16(size))
 					(*dst)[6] = 0x08
 					pl.Data = append(pl.Data[:0], (*dst)[:size+8]...)
 					isCompress = true
 				}
 				putByte(dst)
 			}
 			if !isCompress {
 				// 获取数据长度
 				l := len(pl.Data)
 				// 先扩容 +8
@@ -122,8 +167,9 @@ func cstpWrite(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessi
 				copy(pl.Data[:8], plHeader)
 				// 更新头长度
 				binary.BigEndian.PutUint16(pl.Data[4:6], uint16(l))
 			}
 		} else {
-			pl.Data = append(pl.Data[:0], plHeader...)
+			// pl.Data = append(pl.Data[:0], plHeader...)
 			// 设置头类型
 			pl.Data[6] = pl.PType
 		}
--- a/server/handler/link_dtls.go
+++ b/server/handler/link_dtls.go
@@ -64,11 +64,27 @@ func LinkDtls(conn net.Conn, cSess *sessdata.ConnSession) {
 		case 0x03: // DPD-REQ
 			// base.Debug("recv DPD-REQ", cSess.IpAddr)
 			pl.PType = 0x04
 			pl.Data = pl.Data[:n]
 			if payloadOutDtls(cSess, dSess, pl) {
 				return
 			}
 		case 0x04:
 		// base.Debug("recv DPD-RESP", cSess.IpAddr)
 		case 0x08: // decompress
 			if cSess.DtlsPickCmp == nil {
 				continue
 			}
 			dst := getByteFull()
 			nn, err := cSess.DtlsPickCmp.Uncompress(pl.Data[1:], *dst)
 			if err != nil {
 				putByte(dst)
 				base.Error("dtls decompress error", err, n)
 				continue
 			}
 			pl.Data = append(pl.Data[:1], (*dst)[:nn]...)
 			putByte(dst)
 			n = nn + 1
 			fallthrough
 		case 0x00: // DATA
 			// 去除数据头
 			// copy(pl.Data, pl.Data[1:n])
@@ -78,6 +94,8 @@ func LinkDtls(conn net.Conn, cSess *sessdata.ConnSession) {
 			if payloadIn(cSess, pl) {
 				return
 			}
 			// 只记录返回正确的数据时间
 			cSess.LastDataTime.Store(utils.NowSec())
 		}
 	}
@@ -108,6 +126,19 @@ func dtlsWrite(conn net.Conn, dSess *sessdata.DtlsSession, cSess *sessdata.ConnS
 		// header = []byte{payload.PType}
 		if pl.PType == 0x00 { // data
 			isCompress := false
 			if cSess.DtlsPickCmp != nil && len(pl.Data) > base.Cfg.NoCompressLimit {
 				dst := getByteFull()
 				size, err := cSess.DtlsPickCmp.Compress(pl.Data, (*dst)[1:])
 				if err == nil && size < len(pl.Data) {
 					(*dst)[0] = 0x08
 					pl.Data = append(pl.Data[:0], (*dst)[:size+1]...)
 					isCompress = true
 				}
 				putByte(dst)
 			}
 			// 未压缩
 			if !isCompress {
 				// 获取数据长度
 				l := len(pl.Data)
 				// 先扩容 +1
@@ -116,9 +147,11 @@ func dtlsWrite(conn net.Conn, dSess *sessdata.DtlsSession, cSess *sessdata.ConnS
 				copy(pl.Data[1:], pl.Data)
 				// 添加头信息
 				pl.Data[0] = pl.PType
 			}
 		} else {
 			// 设置头类型
-			pl.Data = append(pl.Data[:0], pl.PType)
+			// pl.Data = append(pl.Data[:0], pl.PType)
 			pl.Data[0] = pl.PType
 		}
 		n, err := conn.Write(pl.Data)
 		if err != nil {
--- a/server/handler/link_home.go
+++ b/server/handler/link_home.go
@@ -13,7 +13,9 @@ func LinkHome(w http.ResponseWriter, r *http.Request) {
 	// fmt.Println(r.RemoteAddr)
 	// hu, _ := httputil.DumpRequest(r, true)
 	// fmt.Println("DumpHome: ", string(hu))
-	w.Header().Set("Server", "AnyLink")
+	w.Header().Set("Content-Type", "text/html; charset=utf-8")
 	w.Header().Del("X-Aggregate-Auth")
 	connection := strings.ToLower(r.Header.Get("Connection"))
 	userAgent := strings.ToLower(r.UserAgent())
 	if connection == "close" && (strings.Contains(userAgent, "anyconnect") || strings.Contains(userAgent, "openconnect")) {
@@ -33,6 +35,8 @@ func LinkHome(w http.ResponseWriter, r *http.Request) {
 }
 func LinkOtpQr(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Cross-Origin-Resource-Policy", "cross-origin")
 	_ = r.ParseForm()
 	idS := r.FormValue("id")
 	jwtToken := r.FormValue("jwt")
--- a/server/handler/link_tun.go
+++ b/server/handler/link_tun.go
@@ -22,22 +22,29 @@ func checkTun() {
 	defer ifce.Close()
 	// 测试ip命令
-	cmdstr := fmt.Sprintf("ip link set dev %s up mtu %s multicast off", ifce.Name(), "1399")
+	base.CheckModOrLoad("tun")
-	err = execCmd([]string{cmdstr})
+
 	cmdstr1 := fmt.Sprintf("ip link set dev %s up mtu %s multicast off", ifce.Name(), "1399")
 	err = execCmd([]string{cmdstr1})
 	if err != nil {
 		base.Fatal("testTun err: ", err)
 	}
-	//开启服务器转发
+	// 开启服务器转发
 	if err := execCmd([]string{"sysctl -w net.ipv4.ip_forward=1"}); err != nil {
-		base.Error(err)
+		base.Fatal(err)
 	}
 	if base.Cfg.IptablesNat {
-		//添加NAT转发规则
+		// 添加NAT转发规则
 		ipt, err := iptables.New()
 		if err != nil {
-			base.Error(err)
+			base.Fatal(err)
 			return
 		}
 		// 修复 rockyos nat 不生效
 		base.CheckModOrLoad("iptable_filter")
 		base.CheckModOrLoad("iptable_nat")
 		natRule := []string{"-s", base.Cfg.Ipv4CIDR, "-o", base.Cfg.Ipv4Master, "-j", "MASQUERADE"}
 		forwardRule := []string{"-j", "ACCEPT"}
 		if natExists, _ := ipt.Exists("nat", "POSTROUTING", natRule...); !natExists {
@@ -65,7 +72,9 @@ func LinkTun(cSess *sessdata.ConnSession) error {
 	// log.Printf("Interface Name: %s\n", ifce.Name())
 	cSess.SetIfName(ifce.Name())
-	cmdstr1 := fmt.Sprintf("ip link set dev %s up mtu %d multicast off", ifce.Name(), cSess.Mtu)
+	// 通过 ip link show  查看 alias 信息
 	cmdstr1 := fmt.Sprintf("ip link set dev %s up mtu %d multicast off alias %s.%s", ifce.Name(), cSess.Mtu, cSess.Group.Name, cSess.Username)
 	cmdstr2 := fmt.Sprintf("ip addr add dev %s local %s peer %s/32",
 		ifce.Name(), base.Cfg.Ipv4Gateway, cSess.IpAddr)
 	err = execCmd([]string{cmdstr1, cmdstr2})
--- a/server/handler/link_tunnel.go
+++ b/server/handler/link_tunnel.go
@@ -6,6 +6,7 @@ import (
 	"log"
 	"net"
 	"net/http"
 	"net/http/httputil"
 	"os"
 	"strings"
 	"text/template"
@@ -34,8 +35,10 @@ func HttpAddHeader(w http.ResponseWriter, key string, value string) {
 func LinkTunnel(w http.ResponseWriter, r *http.Request) {
 	// TODO 调试信息输出
-	//hd, _ := httputil.DumpRequest(r, true)
+	if base.GetLogLevel() == base.LogLevelTrace {
-	//base.Debug("DumpRequest: ", string(hd))
+		hd, _ := httputil.DumpRequest(r, true)
 		base.Trace("LinkTunnel: ", string(hd))
 	}
 	// 判断session-token的值
 	cookie, err := r.Cookie("webvpn")
@@ -89,6 +92,18 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
 	base.Debug(cSess.IpAddr, cSess.MacHw, sess.Username, mobile)
 	// 检测密码套件
 	dtlsCiphersuite := checkDtls12Ciphersuite(r.Header.Get("X-Dtls12-Ciphersuite"))
 	base.Trace("dtlsCiphersuite", dtlsCiphersuite)
 	// 压缩
 	if cmpName, ok := cSess.SetPickCmp("cstp", r.Header.Get("X-Cstp-Accept-Encoding")); ok {
 		HttpSetHeader(w, "X-CSTP-Content-Encoding", cmpName)
 	}
 	if cmpName, ok := cSess.SetPickCmp("dtls", r.Header.Get("X-Dtls-Accept-Encoding")); ok {
 		HttpSetHeader(w, "X-DTLS-Content-Encoding", cmpName)
 	}
 	// 返回客户端数据
 	HttpSetHeader(w, "Server", fmt.Sprintf("%s %s", base.APP_NAME, base.APP_VER))
 	HttpSetHeader(w, "X-CSTP-Version", "1")
@@ -121,7 +136,7 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
 		}
 		HttpAddHeader(w, "X-CSTP-Split-Include", v.IpMask)
 	}
-	// 不允许的路由
+	// 不允许的路由  X-Cstp-Remote-Address-Ip4:
 	for _, v := range cSess.Group.RouteExclude {
 		HttpAddHeader(w, "X-CSTP-Split-Exclude", v.IpMask)
 	}
@@ -153,7 +168,7 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
 	HttpSetHeader(w, "X-DTLS-Port", dtlsPort)
 	HttpSetHeader(w, "X-DTLS-DPD", fmt.Sprintf("%d", cstpDpd))
 	HttpSetHeader(w, "X-DTLS-Keepalive", fmt.Sprintf("%d", cstpKeepalive))
-	HttpSetHeader(w, "X-DTLS12-CipherSuite", "ECDHE-ECDSA-AES128-GCM-SHA256")
+	HttpSetHeader(w, "X-DTLS12-CipherSuite", dtlsCiphersuite)
 	HttpSetHeader(w, "X-CSTP-License", "accept")
 	HttpSetHeader(w, "X-CSTP-Routing-Filtering-Ignore", "false")
@@ -169,10 +184,9 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusOK)
 	hClone := w.Header().Clone()
-	headers := make([]byte, 0)
+	buf := &bytes.Buffer{}
 	buf := bytes.NewBuffer(headers)
 	_ = hClone.Write(buf)
-	base.Debug(buf.String())
+	base.Trace("LinkTunnel Response Header:", buf.String())
 	hj := w.(http.Hijacker)
 	conn, bufRW, err := hj.Hijack()
@@ -223,7 +237,11 @@ func SetPostAuthXml(g *dbdata.Group, w http.ResponseWriter) error {
 	if err != nil {
 		return err
 	}
-	HttpSetHeader(w, "X-CSTP-Post-Auth-XML", result.String())
+	xmlAuth := ""
 	for _, v := range strings.Split(result.String(), "\n") {
 		xmlAuth += strings.TrimSpace(v)
 	}
 	HttpSetHeader(w, "X-CSTP-Post-Auth-XML", xmlAuth)
 	return nil
 }
--- a/server/handler/link_vtap.go
+++ b/server/handler/link_vtap.go
@@ -33,13 +33,14 @@ func checkMacvtap() {
 	ifName := "anylinkMacvtap"
 	// 加载 macvtap
-	cmdstr0 := fmt.Sprintln("modprobe -i macvtap")
+	base.CheckModOrLoad("macvtap")
 	// 开启主网卡混杂模式
 	cmdstr1 := fmt.Sprintf("ip link set dev %s promisc on", base.Cfg.Ipv4Master)
 	// 测试 macvtap 功能
 	cmdstr2 := fmt.Sprintf("ip link add link %s name %s type macvtap mode bridge", base.Cfg.Ipv4Master, ifName)
 	cmdstr3 := fmt.Sprintf("ip link del %s", ifName)
-	err := execCmd([]string{cmdstr0, cmdstr1, cmdstr2, cmdstr3})
+	err := execCmd([]string{cmdstr1, cmdstr2, cmdstr3})
 	if err != nil {
 		base.Fatal(err)
 	}
@@ -54,7 +55,9 @@ func LinkMacvtap(cSess *sessdata.ConnSession) error {
 	cSess.SetIfName(ifName)
 	cmdstr1 := fmt.Sprintf("ip link add link %s name %s type macvtap mode bridge", base.Cfg.Ipv4Master, ifName)
-	cmdstr2 := fmt.Sprintf("ip link set dev %s up mtu %d address %s", ifName, cSess.Mtu, cSess.MacHw)
+	cmdstr2 := fmt.Sprintf("ip link set dev %s up mtu %d address %s alias %s.%s", ifName, cSess.Mtu,
 		cSess.MacHw, cSess.Group.Name, cSess.Username)
 	err := execCmd([]string{cmdstr1, cmdstr2})
 	if err != nil {
 		base.Error(err)
--- a/server/handler/payload_access_audit.go
+++ b/server/handler/payload_access_audit.go
@@ -3,6 +3,7 @@ package handler
 import (
 	"crypto/md5"
 	"encoding/binary"
 	"runtime/debug"
 	"time"
 	"github.com/bjdgyc/anylink/base"
@@ -101,11 +102,17 @@ func logAuditBatch() {
 // 解析IP包的数据
 func logAudit(userName string, pl *sessdata.Payload) {
-	defer putPayload(pl)
+	defer func() {
 		if err := recover(); err != nil {
 			base.Error("logAudit is panic: ", err, "\n", string(debug.Stack()), "\n", pl.Data)
 		}
 		putPayload(pl)
 	}()
 	if !(pl.LType == sessdata.LTypeIPData && pl.PType == 0x00) {
 		return
 	}
 	ipProto := waterutil.IPv4Protocol(pl.Data)
 	// 访问协议
 	var accessProto uint8
@@ -118,12 +125,17 @@ func logAudit(userName string, pl *sessdata.Payload) {
 	default:
 		return
 	}
-
+	// IP报文只包含头部信息时, 则打印LOG，并退出
 	ipPl := waterutil.IPv4Payload(pl.Data)
 	if len(ipPl) < 4 {
 		base.Error("ipPl len < 4", ipPl, pl.Data)
 		return
 	}
 	ipPort := (uint16(ipPl[2]) << 8) | uint16(ipPl[3])
 	ipSrc := waterutil.IPv4Source(pl.Data)
 	ipDst := waterutil.IPv4Destination(pl.Data)
 	ipPort := waterutil.IPv4DestinationPort(pl.Data)
 	b := getByte51()
 	// key格式 16字节源IP地址 + 16字节目的IP地址 + 2字节目的端口 + 1字节协议类型 + 16字节域名MD5
 	key := *b
 	copy(key[:16], ipSrc)
 	copy(key[16:32], ipDst)
@@ -178,7 +190,6 @@ func logAudit(userName string, pl *sessdata.Payload) {
 		AccessProto: accessProto,
 		Info:        info,
 	}
 	select {
 	case logBatch.LogChan <- audit:
 	default:
--- a/server/handler/payload_tcp_parser.go
+++ b/server/handler/payload_tcp_parser.go
@@ -29,7 +29,7 @@ func onTCP(payload []byte) (uint8, string) {
 }
 func sniNewParser(b []byte) (uint8, string) {
-	if len(b) < 2 || b[0] != 0x16 || b[1] != 0x03 {
+	if len(b) < 6 || b[0] != 0x16 || b[1] != 0x03 {
 		return acc_proto_tcp, ""
 	}
 	rest := b[5:]
--- a/server/handler/server.go
+++ b/server/handler/server.go
@@ -4,13 +4,14 @@ import (
 	"crypto/tls"
 	"fmt"
 	"io"
 	"log"
 	"net"
 	"net/http"
 	"os"
 	"time"
 	"github.com/bjdgyc/anylink/base"
 	"github.com/bjdgyc/anylink/dbdata"
 	"github.com/bjdgyc/anylink/pkg/utils"
 	"github.com/gorilla/mux"
 	"github.com/pires/go-proxyproto"
 )
@@ -48,30 +49,35 @@ func startTls() {
 		NextProtos:   []string{"http/1.1"},
 		MinVersion:   tls.VersionTLS12,
 		CipherSuites: selectedCipherSuites,
-		// InsecureSkipVerify: true,
+		GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
 			base.Trace("GetCertificate ServerName", chi.ServerName)
 			return dbdata.GetCertificateBySNI(chi.ServerName)
 		},
 	}
 	srv := &http.Server{
 		Addr:         addr,
 		Handler:      initRoute(),
 		TLSConfig:    tlsConfig,
-		ErrorLog:  base.GetBaseLog(),
+		ErrorLog:     base.GetServerLog(),
 		ReadTimeout:  100 * time.Second,
 		WriteTimeout: 100 * time.Second,
 	}
 	ln, err = net.Listen("tcp", addr)
 	if err != nil {
-		log.Fatal(err)
+		base.Fatal(err)
 	}
 	defer ln.Close()
 	if base.Cfg.ProxyProtocol {
 		ln = &proxyproto.Listener{
 			Listener:          ln,
-			ReadHeaderTimeout: 40 * time.Second,
+			ReadHeaderTimeout: 30 * time.Second,
 		}
 	}
 	base.Info("listen server", addr)
-	err = srv.ServeTLS(ln, base.Cfg.CertFile, base.Cfg.CertKey)
+	err = srv.ServeTLS(ln, "", "")
 	if err != nil {
 		base.Fatal(err)
 	}
@@ -79,6 +85,14 @@ func startTls() {
 func initRoute() http.Handler {
 	r := mux.NewRouter()
 	// 所有路由添加安全头
 	r.Use(func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
 			utils.SetSecureHeader(w)
 			next.ServeHTTP(w, req)
 		})
 	})
 	r.HandleFunc("/", LinkHome).Methods(http.MethodGet)
 	r.HandleFunc("/", LinkAuth).Methods(http.MethodPost)
 	r.HandleFunc("/CSCOSSLC/tunnel", LinkTunnel).Methods(http.MethodConnect)
--- a/server/main.go
+++ b/server/main.go
@@ -20,14 +20,21 @@ import (
 var uiData embed.FS
 // 程序版本
-var CommitId string
+var (
 	appVer    string
 	commitId  string
 	buildDate string
 )
 func main() {
 	base.CommitId = CommitId
 	admin.UiData = uiData
 	base.APP_VER = appVer
 	base.CommitId = commitId
 	base.BuildDate = buildDate
 	base.Start()
 	handler.Start()
 	signalWatch()
 }
@@ -35,7 +42,7 @@ func signalWatch() {
 	base.Info("Server pid: ", os.Getpid())
 	sigs := make(chan os.Signal, 1)
-	signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM, syscall.SIGALRM)
+	signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM, syscall.SIGALRM, syscall.SIGUSR2)
 	for {
 		sig := <-sigs
 		base.Info("Get signal:", sig)
--- a/server/pkg/utils/secure_header.go
+++ b/server/pkg/utils/secure_header.go
@@ -0,0 +1,32 @@
 package utils
 import "net/http"
 // SetSecureHeader 设置安全的header头
 // https://blog.csdn.net/liwan09/article/details/130248003
 // https://zhuanlan.zhihu.com/p/335165168
 func SetSecureHeader(w http.ResponseWriter) {
 	// Content-Length Date 默认已经存在
 	w.Header().Set("Server", "AnyLinkOpenSource")
 	// w.Header().Set("Content-Type", "text/html; charset=utf-8")
 	// w.Header().Set("Transfer-Encoding", "chunked")
 	w.Header().Set("X-Aggregate-Auth", "1")
 	w.Header().Set("Cache-Control", "no-store,no-cache")
 	w.Header().Set("Pragma", "no-cache")
 	w.Header().Set("Connection", "keep-alive")
 	w.Header().Set("X-Frame-Options", "SAMEORIGIN")
 	w.Header().Set("X-Content-Type-Options", "nosniff")
 	w.Header().Set("X-Download-Options", "noopen")
 	w.Header().Set("Content-Security-Policy", "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; base-uri 'self'; block-all-mixed-content")
 	w.Header().Set("X-Permitted-Cross-Domain-Policies", "none")
 	w.Header().Set("Referrer-Policy", "same-origin")
 	w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
 	w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
 	w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
 	w.Header().Set("X-XSS-Protection", "1;mode=block")
 	w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
 	// w.Header().Set("Clear-Site-Data", "cache,cookies,storage")
 }
--- a/server/sessdata/compress.go
+++ b/server/sessdata/compress.go
@@ -0,0 +1,35 @@
 package sessdata
 import (
 	"github.com/lanrenwo/lzsgo"
 )
 type CmpEncoding interface {
 	Compress(src []byte, dst []byte) (int, error)
 	Uncompress(src []byte, dst []byte) (int, error)
 }
 type LzsgoCmp struct {
 }
 func (l LzsgoCmp) Compress(src []byte, dst []byte) (int, error) {
 	n, err := lzsgo.Compress(src, dst)
 	return n, err
 }
 func (l LzsgoCmp) Uncompress(src []byte, dst []byte) (int, error) {
 	n, err := lzsgo.Uncompress(src, dst)
 	return n, err
 }
 // type Lz4Cmp struct {
 // 	c lz4.Compressor
 // }
 // func (l Lz4Cmp) Compress(src []byte, dst []byte) (int, error) {
 // 	return l.c.CompressBlock(src, dst)
 // }
 // func (l Lz4Cmp) Uncompress(src []byte, dst []byte) (int, error) {
 // 	return lz4.UncompressBlock(src, dst)
 // }
--- a/server/sessdata/compress_test.go
+++ b/server/sessdata/compress_test.go
@@ -0,0 +1,28 @@
 package sessdata
 import (
 	"strings"
 	"testing"
 	"github.com/stretchr/testify/assert"
 )
 func TestLzsCompress(t *testing.T) {
 	var (
 		n   int
 		err error
 	)
 	assert := assert.New(t)
 	c := LzsgoCmp{}
 	s := "hello anylink, you are best!"
 	src := []byte(strings.Repeat(s, 50))
 	comprBuf := make([]byte, 2048)
 	n, err = c.Compress(src, comprBuf)
 	assert.Nil(err)
 	unprBuf := make([]byte, 2048)
 	n, err = c.Uncompress(comprBuf[:n], unprBuf)
 	assert.Nil(err)
 	assert.Equal(src, unprBuf[:n])
 }
--- a/server/sessdata/ip_pool.go
+++ b/server/sessdata/ip_pool.go
@@ -14,8 +14,10 @@ var (
 	IpPool   = &ipPoolConfig{}
 	ipActive = map[string]bool{}
 	// ipKeep and ipLease  ipAddr => type
-	ipLease   = map[string]bool{}
+	// ipLease   = map[string]bool{}
 	ipPoolMux sync.Mutex
 	// 记录循环点
 	loopCurIp uint32
 )
 type ipPoolConfig struct {
@@ -36,7 +38,19 @@ func initIpPool() {
 	}
 	IpPool.Ipv4IPNet = ipNet
 	IpPool.Ipv4Mask = net.IP(ipNet.Mask)
-	IpPool.Ipv4Gateway = net.ParseIP(base.Cfg.Ipv4Gateway)
+
 	ipv4Gateway := net.ParseIP(base.Cfg.Ipv4Gateway)
 	ipStart := net.ParseIP(base.Cfg.Ipv4Start)
 	ipEnd := net.ParseIP(base.Cfg.Ipv4End)
 	if !ipNet.Contains(ipv4Gateway) || !ipNet.Contains(ipStart) || !ipNet.Contains(ipEnd) {
 		panic("ip段 设置错误")
 	}
 	// ip地址池
 	IpPool.Ipv4Gateway = ipv4Gateway
 	IpPool.IpLongMin = utils.Ip2long(ipStart)
 	IpPool.IpLongMax = utils.Ip2long(ipEnd)
 	loopCurIp = IpPool.IpLongMin
 	// 网络地址零值
 	// zero := binary.BigEndian.Uint32(ip.Mask(mask))
@@ -44,70 +58,73 @@ func initIpPool() {
 	// one, _ := ipNet.Mask.Size()
 	// max := min | uint32(math.Pow(2, float64(32-one))-1)
 	// ip地址池
 	IpPool.IpLongMin = utils.Ip2long(net.ParseIP(base.Cfg.Ipv4Start))
 	IpPool.IpLongMax = utils.Ip2long(net.ParseIP(base.Cfg.Ipv4End))
 	// 获取IpLease数据
-	//go cronIpLease()
+	// go cronIpLease()
 }
-func cronIpLease() {
+// func cronIpLease() {
-	getIpLease()
+// 	getIpLease()
-	tick := time.NewTicker(time.Minute * 30)
+// 	tick := time.NewTicker(time.Minute * 30)
-	for range tick.C {
+// 	for range tick.C {
-		getIpLease()
+// 		getIpLease()
-	}
+// 	}
-}
+// }
-
+//
-func getIpLease() {
+// func getIpLease() {
-	xdb := dbdata.GetXdb()
+// 	xdb := dbdata.GetXdb()
-	keepIpMaps := []dbdata.IpMap{}
+// 	keepIpMaps := []dbdata.IpMap{}
-	sNow := time.Now().Add(-1 * time.Duration(base.Cfg.IpLease) * time.Second)
+// 	sNow := time.Now().Add(-1 * time.Duration(base.Cfg.IpLease) * time.Second)
-	err := xdb.Cols("ip_addr").Where("keep=?", true).
+// 	err := xdb.Cols("ip_addr").Where("keep=?", true).
-		Or("unique_mac=? and last_login>?", true, sNow).Find(&keepIpMaps)
+// 		Or("unique_mac=? and last_login>?", true, sNow).Find(&keepIpMaps)
-	if err != nil {
+// 	if err != nil {
-		base.Error(err)
+// 		base.Error(err)
-	}
+// 	}
-	// fmt.Println(keepIpMaps)
+// 	// fmt.Println(keepIpMaps)
-	ipPoolMux.Lock()
+// 	ipPoolMux.Lock()
-	ipLease = map[string]bool{}
+// 	ipLease = map[string]bool{}
-	for _, v := range keepIpMaps {
+// 	for _, v := range keepIpMaps {
-		ipLease[v.IpAddr] = true
+// 		ipLease[v.IpAddr] = true
-	}
+// 	}
-	ipPoolMux.Unlock()
+// 	ipPoolMux.Unlock()
-}
+// }
 // AcquireIp 获取动态ip
-func AcquireIp(username, macAddr string, uniqueMac bool) net.IP {
+func AcquireIp(username, macAddr string, uniqueMac bool) (newIp net.IP) {
 	base.Trace("AcquireIp start:", username, macAddr, uniqueMac)
 	ipPoolMux.Lock()
-	defer ipPoolMux.Unlock()
+	defer func() {
 		ipPoolMux.Unlock()
 		base.Trace("AcquireIp end:", username, macAddr, uniqueMac, newIp)
 	}()
 	var (
 		err  error
 		tNow = time.Now()
 		leaseTime = time.Now().Add(-1 * time.Duration(base.Cfg.IpLease) * time.Second)
 	)
 	if uniqueMac {
 		// 判断是否已经分配过
 		mi := &dbdata.IpMap{}
 		err = dbdata.One("mac_addr", macAddr, mi)
 		// 查询报错
 		if err != nil {
-			if !dbdata.CheckErrNotFound(err) {
+			// 没有查询到数据
 			if dbdata.CheckErrNotFound(err) {
 				return loopIp(username, macAddr, uniqueMac)
 			}
 			// 查询报错
 			base.Error(err)
 			return nil
 		}
 		}
 		// 存在ip记录
 		base.Trace("uniqueMac:", username, mi)
 		ipStr := mi.IpAddr
 		ip := net.ParseIP(ipStr)
 		// 跳过活跃连接
 		_, ok := ipActive[ipStr]
 		// 检测原有ip是否在新的ip池内
-		if IpPool.Ipv4IPNet.Contains(ip) && !ok &&
+		// IpPool.Ipv4IPNet.Contains(ip) &&
 		if !ok &&
 			utils.Ip2long(ip) >= IpPool.IpLongMin &&
 			utils.Ip2long(ip) <= IpPool.IpLongMax {
 			mi.Username = username
@@ -118,20 +135,25 @@ func AcquireIp(username, macAddr string, uniqueMac bool) net.IP {
 			ipActive[ipStr] = true
 			return ip
 		}
 		// 删除当前macAddr
 		mi = &dbdata.IpMap{MacAddr: macAddr}
 		_ = dbdata.Del(mi)
 	} else {
 		// 没有获取到mac的情况
 		ipMaps := []dbdata.IpMap{}
 		err = dbdata.FindWhere(&ipMaps, 50, 1, "username=? and unique_mac=?", username, false)
 		// 查询报错
 		if err != nil {
-			if !dbdata.CheckErrNotFound(err) {
+			// 没有查询到数据
 			if dbdata.CheckErrNotFound(err) {
 				return loopIp(username, macAddr, uniqueMac)
 			}
 			// 查询报错
 			base.Error(err)
 			return nil
 		}
 		}
-		//遍历mac记录
+		// 遍历mac记录
 		for _, mi := range ipMaps {
 			ipStr := mi.IpAddr
 			ip := net.ParseIP(ipStr)
@@ -140,14 +162,13 @@ func AcquireIp(username, macAddr string, uniqueMac bool) net.IP {
 			if _, ok := ipActive[ipStr]; ok {
 				continue
 			}
-			//跳过保留ip
+			// 跳过保留ip
 			if mi.Keep {
 				continue
 			}
-
+			// 没有mac的 不需要验证租期
-			if IpPool.Ipv4IPNet.Contains(ip) &&
+			// mi.LastLogin.Before(leaseTime) &&
-				mi.LastLogin.Before(leaseTime) && // 说明已经超过租期，可以直接使用
+			if utils.Ip2long(ip) >= IpPool.IpLongMin &&
 				utils.Ip2long(ip) >= IpPool.IpLongMin &&
 				utils.Ip2long(ip) <= IpPool.IpLongMax {
 				mi.LastLogin = tNow
 				mi.MacAddr = macAddr
@@ -160,8 +181,40 @@ func AcquireIp(username, macAddr string, uniqueMac bool) net.IP {
 		}
 	}
 	return loopIp(username, macAddr, uniqueMac)
 }
 func loopIp(username, macAddr string, uniqueMac bool) net.IP {
 	var (
 		i  uint32
 		ip net.IP
 	)
 	i, ip = loopLong(loopCurIp, IpPool.IpLongMax, username, macAddr, uniqueMac)
 	if ip != nil {
 		loopCurIp = i
 		return ip
 	}
 	i, ip = loopLong(IpPool.IpLongMin, loopCurIp, username, macAddr, uniqueMac)
 	if ip != nil {
 		loopCurIp = i
 		return ip
 	}
 	base.Warn("no ip available, please see ip_map table row", username, macAddr)
 	return nil
 }
 func loopLong(start, end uint32, username, macAddr string, uniqueMac bool) (uint32, net.IP) {
 	var (
 		err       error
 		tNow      = time.Now()
 		leaseTime = time.Now().Add(-1 * time.Duration(base.Cfg.IpLease) * time.Second)
 	)
 	// 全局遍历超过租期和未保留的ip
-	for i := IpPool.IpLongMin; i <= IpPool.IpLongMax; i++ {
+	for i := start; i <= end; i++ {
 		ip := utils.Long2ip(i)
 		ipStr := ip.String()
@@ -172,11 +225,26 @@ func AcquireIp(username, macAddr string, uniqueMac bool) net.IP {
 		mi := &dbdata.IpMap{}
 		err = dbdata.One("ip_addr", ipStr, mi)
-		if err == nil {
+		if err != nil {
-			//跳过保留ip
+			// 没有查询到数据
 			if dbdata.CheckErrNotFound(err) {
 				// 该ip没有被使用
 				mi = &dbdata.IpMap{IpAddr: ipStr, MacAddr: macAddr, UniqueMac: uniqueMac, Username: username, LastLogin: tNow}
 				_ = dbdata.Add(mi)
 				ipActive[ipStr] = true
 				return i, ip
 			}
 			// 查询报错
 			base.Error(err)
 			return 0, nil
 		}
 		// 查询到已经使用的ip
 		// 跳过保留ip
 		if mi.Keep {
 			continue
 		}
 		// 判断租期
 		if mi.LastLogin.Before(leaseTime) {
 			// 存在记录，说明已经超过租期，可以直接使用
 			mi.LastLogin = tNow
@@ -185,27 +253,11 @@ func AcquireIp(username, macAddr string, uniqueMac bool) net.IP {
 			// 回写db数据
 			_ = dbdata.Set(mi)
 			ipActive[ipStr] = true
-				return ip
+			return i, ip
 		}
 	}
-		if dbdata.CheckErrNotFound(err) {
+	return 0, nil
 			// 该ip没有被使用
 			mi := &dbdata.IpMap{IpAddr: ipStr, MacAddr: macAddr, UniqueMac: uniqueMac, Username: username, LastLogin: tNow}
 			_ = dbdata.Add(mi)
 			ipActive[ipStr] = true
 			return ip
 		}
 		// 查询报错
 		if err != nil {
 			base.Error(err)
 			return nil
 		}
 	}
 	base.Warn("no ip available, please see ip_map table row")
 	return nil
 }
 // 回收ip
--- a/server/sessdata/ip_pool_test.go
+++ b/server/sessdata/ip_pool_test.go
@@ -6,6 +6,7 @@ import (
 	"os"
 	"path"
 	"testing"
 	"time"
 	"github.com/bjdgyc/anylink/base"
 	"github.com/bjdgyc/anylink/dbdata"
@@ -18,10 +19,12 @@ func preData(tmpDir string) {
 	base.Cfg.DbType = "sqlite3"
 	base.Cfg.DbSource = tmpDb
 	base.Cfg.Ipv4CIDR = "192.168.3.0/24"
-	base.Cfg.Ipv4Start = "192.168.3.1"
+	base.Cfg.Ipv4Gateway = "192.168.3.1"
-	base.Cfg.Ipv4End = "192.168.3.199"
+	base.Cfg.Ipv4Start = "192.168.3.100"
 	base.Cfg.Ipv4End = "192.168.3.150"
 	base.Cfg.MaxClient = 100
 	base.Cfg.MaxUserClient = 3
 	base.Cfg.IpLease = 5
 	dbdata.Start()
 	group := dbdata.Group{
@@ -46,22 +49,34 @@ func TestIpPool(t *testing.T) {
 	var ip net.IP
-	for i := 1; i <= 100; i++ {
+	for i := 100; i <= 150; i++ {
-		_ = AcquireIp("user", fmt.Sprintf("mac-%d", i), true)
+		_ = AcquireIp(getTestUser(i), getTestMacAddr(i), true)
 	}
 	ip = AcquireIp("user", "mac-new", true)
 	assert.True(net.IPv4(192, 168, 3, 101).Equal(ip))
 	for i := 102; i <= 199; i++ {
 		ip = AcquireIp("user", fmt.Sprintf("mac-%d", i), true)
 	}
 	assert.True(net.IPv4(192, 168, 3, 199).Equal(ip))
 	ip = AcquireIp("user", "mac-nil", true)
 	assert.Nil(ip)
-	ReleaseIp(net.IPv4(192, 168, 3, 88), "mac-88")
+	// 回收
-	ReleaseIp(net.IPv4(192, 168, 3, 188), "mac-188")
+	ReleaseIp(net.IPv4(192, 168, 3, 140), getTestMacAddr(140))
 	time.Sleep(time.Second * 6)
 	// 从头循环获取可用ip
-	ip = AcquireIp("user", "mac-188", true)
+	user_new := getTestUser(210)
-	t.Log("mac-188", ip)
+	mac_new := getTestMacAddr(210)
-	assert.True(net.IPv4(192, 168, 3, 188).Equal(ip))
+	ip = AcquireIp(user_new, mac_new, true)
 	t.Log("mac_new", ip)
 	assert.NotNil(ip)
 	assert.True(net.IPv4(192, 168, 3, 140).Equal(ip))
 	// 回收全部
 	for i := 100; i <= 150; i++ {
 		ReleaseIp(net.IPv4(192, 168, 3, byte(i)), getTestMacAddr(i))
 	}
 }
 func getTestUser(i int) string {
 	return fmt.Sprintf("user-%d", i)
 }
 func getTestMacAddr(i int) string {
 	// 前缀mac
 	macAddr := "02:00:00:00:00"
 	return fmt.Sprintf("%s:%x", macAddr, i)
 }
--- a/server/sessdata/session.go
+++ b/server/sessdata/session.go
@@ -49,11 +49,15 @@ type ConnSession struct {
 	BandwidthDownAll    atomic2.Uint64 // 使用下行带宽总量
 	closeOnce           sync.Once
 	CloseChan           chan struct{}
 	LastDataTime        atomic2.Time // 最后数据传输时间
 	PayloadIn           chan *Payload
 	PayloadOutCstp      chan *Payload // Cstp的数据
 	PayloadOutDtls      chan *Payload // Dtls的数据
 	// dSess *DtlsSession
 	dSess *atomic.Value
 	// compress
 	CstpPickCmp CmpEncoding
 	DtlsPickCmp CmpEncoding
 }
 type DtlsSession struct {
@@ -187,6 +191,7 @@ func (s *Session) NewConn() *ConnSession {
 	limit := LimitClient(username, false)
 	if !limit {
 		base.Warn("limit is full", username)
 		return nil
 	}
 	ip := AcquireIp(username, macAddr, uniqueMac)
@@ -215,6 +220,7 @@ func (s *Session) NewConn() *ConnSession {
 		PayloadOutDtls: make(chan *Payload, 64),
 		dSess:          &atomic.Value{},
 	}
 	cSess.LastDataTime.Store(time.Now())
 	dSess := &DtlsSession{
 		isActive: -1,
@@ -359,6 +365,30 @@ func (cs *ConnSession) RateLimit(byt int, isUp bool) error {
 	return cs.Limit.Wait(byt)
 }
 func (cs *ConnSession) SetPickCmp(cate, encoding string) (string, bool) {
 	var cmpName string
 	if !base.Cfg.Compression {
 		return cmpName, false
 	}
 	var cmp CmpEncoding
 	switch {
 	// case strings.Contains(encoding, "oc-lz4"):
 	// 	cmpName = "oc-lz4"
 	// 	cmp = Lz4Cmp{}
 	case strings.Contains(encoding, "lzs"):
 		cmpName = "lzs"
 		cmp = LzsgoCmp{}
 	default:
 		return cmpName, false
 	}
 	if cate == "cstp" {
 		cs.CstpPickCmp = cmp
 	} else {
 		cs.DtlsPickCmp = cmp
 	}
 	return cmpName, true
 }
 func SToken2Sess(stoken string) *Session {
 	stoken = strings.TrimSpace(stoken)
 	sarr := strings.Split(stoken, "@")
--- a/server/sessdata/session_test.go
+++ b/server/sessdata/session_test.go
@@ -1,8 +1,11 @@
 package sessdata
 import (
 	"fmt"
 	"testing"
 	"time"
 	"github.com/bjdgyc/anylink/base"
 	"github.com/stretchr/testify/assert"
 )
@@ -22,11 +25,15 @@ func TestConnSession(t *testing.T) {
 	preData(tmp)
 	defer cleardata(tmp)
 	time.Sleep(time.Second * 10)
 	sess := NewSession("")
 	sess.Username = "user-test"
 	sess.Group = "group1"
 	sess.MacAddr = "00:15:5d:50:14:43"
 	cSess := sess.NewConn()
 	// base.Info("cSess", cSess)
 	err := cSess.RateLimit(100, true)
 	ast.Nil(err)
@@ -34,5 +41,26 @@ func TestConnSession(t *testing.T) {
 	err = cSess.RateLimit(200, false)
 	ast.Nil(err)
 	ast.Equal(cSess.BandwidthDown.Load(), uint32(200))
 	var (
 		cmpName string
 		ok      bool
 	)
 	base.Cfg.Compression = true
 	cmpName, ok = cSess.SetPickCmp("cstp", "oc-lz4,lzs")
 	fmt.Println(cmpName, ok)
 	ast.True(ok)
 	ast.Equal(cmpName, "lzs")
 	cmpName, ok = cSess.SetPickCmp("dtls", "lzs")
 	ast.True(ok)
 	ast.Equal(cmpName, "lzs")
 	cmpName, ok = cSess.SetPickCmp("dtls", "test")
 	ast.False(ok)
 	ast.Equal(cmpName, "")
 	cSess.Close()
 	// 等待日志执行完成
 	time.Sleep(time.Second * 10)
 }
--- a/systemd/anylink.service
+++ b/systemd/anylink.service
@@ -1,15 +0,0 @@
 [Unit]
 Description=AnyLink Server Service
 Documentation=https://github.com/bjdgyc/anylink
 After=network-online.target
 [Service]
 Type=simple
 User=root
 WorkingDirectory=/usr/local/anylink-deploy
 Restart=on-failure
 RestartSec=5s
 ExecStart=/usr/local/anylink-deploy/anylink --conf=/usr/local/anylink-deploy/conf/server.toml
 [Install]
 WantedBy=multi-user.target
--- a/1
+++ b/1
@@ -0,0 +1 @@
 0.11.1
--- a/1
+++ b/1
@@ -0,0 +1 @@
 version_info
--- a/web/package.json
+++ b/web/package.json
@@ -12,6 +12,7 @@
    "core-js": "^3.6.5",
    "echarts": "^4.9.0",
    "element-ui": "^2.4.5",
    "qs": "^6.11.1",
    "vue": "^2.6.11",
    "vue-count-to": "^1.0.13",
    "vue-router": "^3.5.2"
--- a/web/public/批量添加用户模版.xlsx
+++ b/web/public/批量添加用户模版.xlsx
--- a/web/src/pages/Home.vue
+++ b/web/src/pages/Home.vue
@@ -230,6 +230,9 @@ export default {
                case "mem": this.formatMem(data); break;
            }
        }).catch(error => {
            if (error.response.status === 401) {
               return ;
            }            
            this.$message.error('哦，请求出错');
            console.log(error);
        });
--- a/web/src/pages/group/List.vue
+++ b/web/src/pages/group/List.vue
@@ -47,7 +47,12 @@
        <el-table-column
            prop="bandwidth"
-            label="带宽限制">
+            label="带宽限制"
            width="90">
            <template slot-scope="scope">
                <el-row v-if="scope.row.bandwidth > 0">{{ convertBandwidth(scope.row.bandwidth, 'BYTE', 'Mbps') }} Mbps</el-row>
                <el-row v-else>不限</el-row>
            </template>            
        </el-table-column>
        <el-table-column
@@ -62,7 +67,7 @@
        <el-table-column
            prop="route_include"
            label="路由包含"
-            width="200">
+            width="180">
          <template slot-scope="scope">
            <el-row v-for="(item,inx) in scope.row.route_include.slice(0, readMinRows)" :key="inx">{{ item.val }}</el-row>
            <div v-if="scope.row.route_include.length > readMinRows">
@@ -77,7 +82,7 @@
        <el-table-column
            prop="route_exclude"
            label="路由排除"
-            width="200">
+            width="180">
          <template slot-scope="scope">
            <el-row v-for="(item,inx) in scope.row.route_exclude.slice(0, readMinRows)" :key="inx">{{ item.val }}</el-row>
            <div v-if="scope.row.route_exclude.length > readMinRows">
@@ -92,7 +97,7 @@
        <el-table-column
            prop="link_acl"
            label="LINK-ACL"
-            min-width="200">
+            min-width="180">
          <template slot-scope="scope">
            <el-row v-for="(item,inx) in scope.row.link_acl.slice(0, readMinRows)" :key="inx">
              {{ item.action }} => {{ item.val }} : {{ item.port }}
@@ -186,14 +191,15 @@
                <el-input v-model="ruleForm.note"></el-input>
                </el-form-item>
-                <el-form-item label="带宽限制" prop="bandwidth">
+                <el-form-item label="带宽限制" prop="bandwidth_format" style="width:260px;">
-                <el-input v-model.number="ruleForm.bandwidth">
+                <el-input v-model="ruleForm.bandwidth_format" oninput="value= value.match(/\d+(\.\d{0,2})?/) ? value.match(/\d+(\.\d{0,2})?/)[0] : ''">
-                    <template slot="append">BYTE/S</template>
+                    <template slot="append">Mbps</template>
                </el-input>
                </el-form-item>
                <el-form-item label="排除本地网络" prop="allow_lan">
                <el-switch
-                    v-model="ruleForm.allow_lan">
+                    v-model="ruleForm.allow_lan"
                    active-text="开启后 用户本地所在网段将不通过anylink加密传输">
                </el-switch>
                </el-form-item>
@@ -235,23 +241,23 @@
                        <el-radio label="ldap" border>LDAP</el-radio>
                    </el-radio-group>
                </el-form-item>   
-                <templete v-if="ruleForm.auth.type == 'radius'">
+                <template v-if="ruleForm.auth.type == 'radius'">
                  <el-form-item label="服务器地址" prop="auth.radius.addr" :rules="this.ruleForm.auth.type== 'radius' ? this.rules['auth.radius.addr'] : [{ required: false }]">
                      <el-input v-model="ruleForm.auth.radius.addr" placeholder="例如 ip:1812"></el-input>
                  </el-form-item>                
                  <el-form-item label="密钥" prop="auth.radius.secret" :rules="this.ruleForm.auth.type== 'radius' ? this.rules['auth.radius.secret'] : [{ required: false }]">
                      <el-input v-model="ruleForm.auth.radius.secret" placeholder=""></el-input>
                  </el-form-item>               
-                </templete>
+                </template>
-                <templete v-if="ruleForm.auth.type == 'ldap'">
+                <template v-if="ruleForm.auth.type == 'ldap'">
                  <el-form-item label="服务器地址" prop="auth.ldap.addr" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.addr'] : [{ required: false }]">
                      <el-input v-model="ruleForm.auth.ldap.addr" placeholder="例如 ip:389 / 域名:389"></el-input>    
                  </el-form-item> 
                  <el-form-item label="开启TLS" prop="auth.ldap.tls">
                    <el-switch v-model="ruleForm.auth.ldap.tls"></el-switch>                      
                  </el-form-item>
-                  <el-form-item label="管理员账号" prop="auth.ldap.bind_name" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.bind_name'] : [{ required: false }]">
+                  <el-form-item label="管理员 DN" prop="auth.ldap.bind_name" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.bind_name'] : [{ required: false }]">
                    <el-input v-model="ruleForm.auth.ldap.bind_name" placeholder="例如 CN=bindadmin,DC=abc,DC=COM"></el-input>
                  </el-form-item>
                  <el-form-item label="管理员密码" prop="auth.ldap.bind_pwd" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.bind_pwd'] : [{ required: false }]">
@@ -260,24 +266,32 @@
                  <el-form-item label="Base DN" prop="auth.ldap.base_dn" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.base_dn'] : [{ required: false }]">
                    <el-input v-model="ruleForm.auth.ldap.base_dn" placeholder="例如 DC=abc,DC=com"></el-input>
                  </el-form-item>
                  <el-form-item label="用户对象类" prop="auth.ldap.object_class" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.object_class'] : [{ required: false }]">
                    <el-input v-model="ruleForm.auth.ldap.object_class" placeholder="例如 person / user / posixAccount"></el-input>
                  </el-form-item>                  
                  <el-form-item label="用户唯一ID" prop="auth.ldap.search_attr" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.search_attr'] : [{ required: false }]">
-                    <el-input v-model="ruleForm.auth.ldap.search_attr" placeholder="例如 sAMAccountName 或 uid"></el-input>
+                    <el-input v-model="ruleForm.auth.ldap.search_attr" placeholder="例如 sAMAccountName / uid / cn"></el-input>
                  </el-form-item>
                  <el-form-item label="受限用户组" prop="auth.ldap.member_of">
                    <el-input v-model="ruleForm.auth.ldap.member_of" placeholder="选填, 只允许指定组登入, 例如 CN=HomeWork,DC=abc,DC=com"></el-input>
                  </el-form-item>                                                                      
-                </templete>                 
+                </template>                 
            </el-tab-pane>  
            <el-tab-pane label="路由设置" name="route">
                <el-form-item label="包含路由" prop="route_include">
                <el-row class="msg-info">
-                    <el-col :span="20">输入CIDR格式如: 192.168.1.0/24</el-col>
+                    <el-col :span="18">输入CIDR格式如: 192.168.1.0/24</el-col>
-                    <el-col :span="4">
+                    <el-col :span="2">
                    <el-button size="mini" type="success" icon="el-icon-plus" circle
                                @click.prevent="addDomain(ruleForm.route_include)"></el-button>
                    </el-col>
                    <el-col :span="4">
                      <el-button size="mini" type="info" icon="el-icon-edit" circle
                                @click.prevent="openIpListDialog('route_include')"></el-button>
                    </el-col>                    
                </el-row>
                <templete v-if="activeTab == 'route'">
                    <el-row v-for="(item,index) in ruleForm.route_include"
                            :key="index" style="margin-bottom: 5px" :gutter="10">
                        <el-col :span="10">
@@ -291,16 +305,22 @@
                                    @click.prevent="removeDomain(ruleForm.route_include,index)"></el-button>
                        </el-col>
                    </el-row>
                </templete>
                </el-form-item>
                <el-form-item label="排除路由" prop="route_exclude">
                <el-row class="msg-info">
-                    <el-col :span="20">输入CIDR格式如: 192.168.2.0/24</el-col>
+                    <el-col :span="18">输入CIDR格式如: 192.168.2.0/24</el-col>
-                    <el-col :span="4">
+                    <el-col :span="2">
                    <el-button size="mini" type="success" icon="el-icon-plus" circle
                                @click.prevent="addDomain(ruleForm.route_exclude)"></el-button>
                    </el-col>
                    <el-col :span="4">
                      <el-button size="mini" type="info" icon="el-icon-edit" circle
                                @click.prevent="openIpListDialog('route_exclude')"></el-button>
                    </el-col>                    
                </el-row>
                <templete v-if="activeTab == 'route'">
                    <el-row v-for="(item,index) in ruleForm.route_exclude"
                            :key="index" style="margin-bottom: 5px" :gutter="10">
                        <el-col :span="10">
@@ -314,6 +334,7 @@
                                    @click.prevent="removeDomain(ruleForm.route_exclude,index)"></el-button>
                        </el-col>
                    </el-row>
                </templete>
                </el-form-item>
            </el-tab-pane>
            <el-tab-pane label="权限控制" name="link_acl">
@@ -356,16 +377,59 @@
                </el-form-item>                
                <el-form-item label="排除域名" prop="ds_exclude_domains">
                    <el-input type="textarea" :rows="5" v-model="ruleForm.ds_exclude_domains" placeholder="输入域名用,号分隔，默认匹配所有子域名, 如baidu.com,163.com"></el-input>
                    <div class="msg-info">注：域名拆分隧道，仅支持AnyConnect的桌面客户端，不支持移动端.</div>
                </el-form-item>
            </el-tab-pane>
            <el-form-item>
                <templete v-if="activeTab == 'authtype' && ruleForm.auth.type != 'local'">
                    <el-button @click="openAuthLoginDialog()" style="margin-right:10px">测试登录</el-button>
                </templete>
                <el-button type="primary" @click="submitForm('ruleForm')">保存</el-button>
                <el-button @click="closeDialog">取消</el-button>
            </el-form-item>
          </el-tabs>
        </el-form> 
    </el-dialog>
-
+    <!--测试用户登录弹出框-->
    <el-dialog
        :close-on-click-modal="false"
        title="测试用户登录"
        :visible.sync="authLoginDialog"
        width="600px"
        custom-class="valgin-dialog"
        center>
        <el-form :model="authLoginForm" :rules="authLoginRules" ref="authLoginForm" label-width="100px">
            <el-form-item label="账号" prop="name">
                <el-input v-model="authLoginForm.name" ref="authLoginFormName" @keydown.enter.native="testAuthLogin"></el-input>
            </el-form-item>
            <el-form-item label="密码" prop="pwd">
                <el-input type="password" v-model="authLoginForm.pwd" @keydown.enter.native="testAuthLogin"></el-input>
            </el-form-item>
            <el-form-item>
                <el-button type="primary" @click="testAuthLogin()" :loading="authLoginLoading">登录</el-button>
                <el-button @click="authLoginDialog = false">取 消</el-button>
            </el-form-item>
        </el-form>
    </el-dialog> 
    <!--编辑模式弹窗-->
    <el-dialog
    :close-on-click-modal="false"
    title="编辑模式"
    :visible.sync="ipListDialog"
    width="650px"
    custom-class="valgin-dialog"
    center>
      <el-form ref="ipEditForm" label-width="80px">
          <el-form-item label="路由表" prop="ip_list">
              <el-input type="textarea" :rows="10" v-model="ipEditForm.ip_list" placeholder="每行一条路由，例：192.168.1.0/24,备注 或 192.168.1.0/24"></el-input>
              <div class="msg-info">当前共 {{ ipEditForm.ip_list.trim() === '' ? 0 : ipEditForm.ip_list.trim().split("\n").length }} 条（注：AnyConnect客户端最多支持{{ this.maxRouteRows }}条路由）</div>
          </el-form-item>
          <el-form-item>
              <el-button type="primary" @click="ipEdit()" :loading="ipEditLoading">更新</el-button>
              <el-button @click="ipListDialog = false">取 消</el-button>
          </el-form-item>
      </el-form>
    </el-dialog>
  </div>
 </template>
@@ -392,6 +456,7 @@ export default {
      activeTab : "general",
      readMore: {},
      readMinRows : 5,
      maxRouteRows : 2500,
      defAuth : {
                type:'local', 
                radius:{addr:"", secret:""},
@@ -399,6 +464,7 @@ export default {
                      addr:"", 
                      tls:false,
                      base_dn:"",
                      object_class:"person",
                      search_attr:"sAMAccountName",
                      member_of:"",
                      bind_name:"",
@@ -407,6 +473,7 @@ export default {
      },          
      ruleForm: {
        bandwidth: 0,
        bandwidth_format: '0',
        status: 1,
        allow_lan: true,
        client_dns: [{val: '114.114.114.114'}],
@@ -415,14 +482,35 @@ export default {
        link_acl: [],
        auth : {},
      },
      authLoginDialog : false,
      ipListDialog : false,
      authLoginLoading : false,      
      authLoginForm : {
        name : "",
        pwd : "",
      },
      ipEditForm: {
        ip_list: "",
        type : "",
      },
      ipEditLoading : false,
      authLoginRules: {
        name: [
          {required: true, message: '请输入账号', trigger: 'blur'},
        ],
        pwd: [
          {required: true, message: '请输入密码', trigger: 'blur'},
          {min: 6, message: '长度至少 6 个字符', trigger: 'blur'}
        ],
      },         
      rules: {
        name: [
          {required: true, message: '请输入组名', trigger: 'blur'},
          {max: 30, message: '长度小于 30 个字符', trigger: 'blur'}
        ],
-        bandwidth: [
+        bandwidth_format: [
          {required: true, message: '请输入带宽限制', trigger: 'blur'},
-          {type: 'number', message: '带宽限制必须为数字值'}
+          {type: 'string', message: '带宽限制必须为数字值'}
        ],
        status: [
          {required: true}
@@ -437,7 +525,7 @@ export default {
          {required: true, message: '请输入服务器地址(含端口)', trigger: 'blur'}
        ],  
        "auth.ldap.bind_name": [
-          {required: true, message: '请输入管理员账号', trigger: 'blur'}
+          {required: true, message: '请输入管理员 DN', trigger: 'blur'}
        ],
        "auth.ldap.bind_pwd": [
          {required: true, message: '请输入管理员密码', trigger: 'blur'}
@@ -445,6 +533,9 @@ export default {
        "auth.ldap.base_dn": [
          {required: true, message: '请输入Base DN值', trigger: 'blur'}
        ],
        "auth.ldap.object_class": [
          {required: true, message: '请输入用户对象类', trigger: 'blur'}
        ],        
        "auth.ldap.search_attr": [
          {required: true, message: '请输入用户唯一ID', trigger: 'blur'}
        ],
@@ -457,6 +548,9 @@ export default {
        this.ruleForm.auth = JSON.parse(JSON.stringify(this.defAuth));
        return ;
      }
      if (row.auth.type == "ldap" && ! row.auth.ldap.object_class) {
        row.auth.ldap.object_class = this.defAuth.ldap.object_class;
      }      
      this.ruleForm.auth = Object.assign(JSON.parse(JSON.stringify(this.defAuth)), row.auth);
    },
    handleDel(row) {
@@ -487,6 +581,7 @@ export default {
          id: row.id,
        }
      }).then(resp => {
        resp.data.data.bandwidth_format = this.convertBandwidth(resp.data.data.bandwidth, 'BYTE', 'Mbps').toString();
        this.ruleForm = resp.data.data;        
        this.setAuthData(resp.data.data);
      }).catch(error => {
@@ -533,6 +628,7 @@ export default {
          console.log('error submit!!');
          return false;
        }
        this.ruleForm.bandwidth = this.convertBandwidth(this.ruleForm.bandwidth_format, 'Mbps', 'BYTE');
        axios.post('/group/set', this.ruleForm).then(resp => {
          const rdata = resp.data;
          if (rdata.code === 0) {
@@ -549,6 +645,108 @@ export default {
        });
      });
    },
    testAuthLogin() {
        this.$refs["authLoginForm"].validate((valid) => {
            if (!valid) {
                console.log('error submit!!');
                return false;
            }        
            this.authLoginLoading = true;
            axios.post('/group/auth_login', {name:this.authLoginForm.name,
                                            pwd:this.authLoginForm.pwd,
                                            auth:this.ruleForm.auth}).then(resp => {
                    const rdata = resp.data;
                    if (rdata.code === 0) {
                        this.$message.success("登录成功");
                    } else {
                        this.$message.error(rdata.msg);                
                    }
                    this.authLoginLoading = false;
                    console.log(rdata);
                }).catch(error => {
                    this.$message.error('哦，请求出错');
                    console.log(error);
                    this.authLoginLoading = false;
            });
        });
    },
    openAuthLoginDialog() {
      this.$refs["ruleForm"].validate((valid) => {
        if (!valid) {
          console.log('error submit!!');
          return false;
        }        
        this.authLoginDialog = true;
        // set authLoginFormName focus
        this.$nextTick(() => {
            this.$refs['authLoginFormName'].focus();
        });
      });
    },
    openIpListDialog(type) {
      this.ipListDialog = true;
      this.ipEditForm.type = type;
      this.ipEditForm.ip_list = this.ruleForm[type].map(item => item.val + (item.note ? "," + item.note : "")).join("\n");      
    },
    ipEdit() {
        this.ipEditLoading = true;
        let ipList = [];
        if (this.ipEditForm.ip_list.trim() !== "") {
            ipList = this.ipEditForm.ip_list.trim().split("\n");
        }        
        let arr = [];
        for (let i = 0; i < ipList.length; i++) {
          let item = ipList[i];
          if (item.trim() === "") {
            continue;
          }
          let ip = item.split(",");
          if (ip.length > 2) {
            ip[1] = ip.slice(1).join(",");
          }
          let note = ip[1] ? ip[1] : "";
          const pushToArr = () => {
            arr.push({val: ip[0], note: note});
          };
          if (this.ipEditForm.type == "route_include" && ip[0] == "all") {
            pushToArr();
            continue;  
          }
          let valid = this.isValidCIDR(ip[0]);
          if (!valid.valid) {
                this.$message.error("错误：CIDR格式错误，建议 " + ip[0] + " 改为 " + valid.suggestion);
                this.ipEditLoading = false;
                return;
          }
          pushToArr();
        }
        this.ruleForm[this.ipEditForm.type] = arr;
        this.ipEditLoading = false;
        this.ipListDialog = false;
    },
    isValidCIDR(input) {
        const cidrRegex = /^((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)\/([12]?\d|3[0-2])$/;
        if (!cidrRegex.test(input)) {
            return { valid: false, suggestion: null };
        }
        const [ip, mask] = input.split('/');
        const maskNum = parseInt(mask);
        const ipParts = ip.split('.').map(part => parseInt(part));
        const binaryIP = ipParts.map(part => part.toString(2).padStart(8, '0')).join('');
        for (let i = maskNum; i < 32; i++) {
            if (binaryIP[i] === '1') {
                const binaryNetworkPart = binaryIP.substring(0, maskNum).padEnd(32, '0');
                const networkIPParts = [];
                for (let j = 0; j < 4; j++) {
                    const octet = binaryNetworkPart.substring(j * 8, (j + 1) * 8);
                    networkIPParts.push(parseInt(octet, 2));
                }
                const suggestedIP = networkIPParts.join('.');
                return { valid: false, suggestion: `${suggestedIP}/${mask}` };
            }
        }
        return { valid: true, suggestion: null };
    },
    resetForm(formName) {
      this.$refs[formName].resetFields();
    },
@@ -579,6 +777,18 @@ export default {
    closeDialog() {
      this.user_edit_dialog = false;
      this.activeTab = "general";
    },
    convertBandwidth(bandwidth, fromUnit, toUnit) {
        const units = {
            bps: 1,
            Kbps: 1000,
            Mbps: 1000000,
            Gbps: 1000000000,
            BYTE: 8,
        };
        const result = bandwidth * units[fromUnit] / units[toUnit];
        const fixedResult = result.toFixed(2);
        return parseFloat(fixedResult);
    }
  },
 }
@@ -598,4 +808,20 @@ export default {
 .el-select {
  width: 80px;
 }
 ::v-deep .valgin-dialog{
    display: flex;
    flex-direction: column;
    margin:0 !important;
    position:absolute;
    top:50%;
    left:50%;
    transform:translate(-50%,-50%);
    max-height:calc(100% - 30px);
    max-width:calc(100% - 30px);
 }
 ::v-deep  .valgin-dialog .el-dialog__body{
    flex:1;
    overflow: auto;
 }
 </style>
--- a/web/src/pages/set/Other.vue
+++ b/web/src/pages/set/Other.vue
@@ -2,7 +2,13 @@
  <el-card>
    <el-tabs v-model="activeName" @tab-click="handleClick">
      <el-tab-pane label="邮件配置" name="dataSmtp">
-        <el-form :model="dataSmtp" ref="dataSmtp" :rules="rules" label-width="100px" class="tab-one">
+        <el-form
          :model="dataSmtp"
          ref="dataSmtp"
          :rules="rules"
          label-width="100px"
          class="tab-one"
        >
          <el-form-item label="服务器地址" prop="host">
            <el-input v-model="dataSmtp.host"></el-input>
          </el-form-item>
@@ -13,7 +19,11 @@
            <el-input v-model="dataSmtp.username"></el-input>
          </el-form-item>
          <el-form-item label="密码" prop="password">
-            <el-input type="password" v-model="dataSmtp.password" placeholder="密码为空则不修改"></el-input>
+            <el-input
              type="password"
              v-model="dataSmtp.password"
              placeholder="密码为空则不修改"
            ></el-input>
          </el-form-item>
          <el-form-item label="加密类型" prop="encryption">
            <el-radio-group v-model="dataSmtp.encryption">
@@ -26,21 +36,49 @@
            <el-input v-model="dataSmtp.from"></el-input>
          </el-form-item>
          <el-form-item>
-            <el-button type="primary" @click="submitForm('dataSmtp')">保存</el-button>
+            <el-button type="primary" @click="submitForm('dataSmtp')"
              >保存</el-button
            >
            <el-button @click="resetForm('dataSmtp')">重置</el-button>
          </el-form-item>
        </el-form>
      </el-tab-pane>
      <el-tab-pane label="审计日志" name="dataAuditLog">
-        <el-form :model="dataAuditLog" ref="dataAuditLog" :rules="rules" label-width="100px" class="tab-one">
+        <el-form
          :model="dataAuditLog"
          ref="dataAuditLog"
          :rules="rules"
          label-width="100px"
          class="tab-one"
        >
          <el-form-item label="审计去重间隔" prop="audit_interval">
-                <el-input-number v-model="dataAuditLog.audit_interval" :min="-1" size="small" label="秒" :disabled="true"></el-input-number>  秒
+            <el-input-number
-                <p class="input_tip">请手动修改配置文件中的 audit_interval 参数后，再重启服务, <strong style="color:#EA3323;">-1 代表关闭审计日志</strong></p>
+              v-model="dataAuditLog.audit_interval"
              :min="-1"
              size="small"
              label="秒"
              :disabled="true"
            ></el-input-number>
            秒
            <p class="input_tip">
              请手动修改配置文件中的 audit_interval 参数后，再重启服务,
              <strong style="color: #ea3323">-1 代表关闭审计日志</strong>
            </p>
          </el-form-item>
          <el-form-item label="存储时长" prop="life_day">
-                <el-input-number v-model="dataAuditLog.life_day" :min="0" :max="365" size="small" label="天数"></el-input-number>  天
+            <el-input-number
-                <p class="input_tip">范围: 0 ~ 365天 , <strong style="color:#EA3323;">0 代表永久保存</strong></p>
+              v-model="dataAuditLog.life_day"
              :min="0"
              :max="365"
              size="small"
              label="天数"
            ></el-input-number>
            天
            <p class="input_tip">
              范围: 0 ~ 365天 ,
              <strong style="color: #ea3323">0 代表永久保存</strong>
            </p>
          </el-form-item>
          <el-form-item label="清理时间" prop="clear_time">
            <el-time-select
@@ -48,27 +86,152 @@
              :picker-options="{
                start: '00:00',
                step: '01:00',
-                    end: '23:00'
+                end: '23:00',
              }"
-                editable=false,
+              editable="false,"
              size="small"
              placeholder="请选择"
-                style="width:130px;">
+              style="width: 130px"
            >
            </el-time-select>
          </el-form-item>
          <el-form-item>
-            <el-button type="primary" @click="submitForm('dataAuditLog')">保存</el-button>
+            <el-button type="primary" @click="submitForm('dataAuditLog')"
              >保存</el-button
            >
            <el-button @click="resetForm('dataAuditLog')">重置</el-button>
          </el-form-item>
        </el-form>
      </el-tab-pane>
      <el-tab-pane label="证书设置" name="datacertManage">
        <el-tabs
          tab-position="left"
          v-model="datacertManage"
          @tab-click="handleClick"
        >
          <el-tab-pane label="自定义证书" name="customCert">
            <el-form
              ref="customCert"
              :model="customCert"
              label-width="100px"
              size="small"
              class="tab-one"
            >
              <el-form-item>
                <el-upload
                  class="uploadCert"
                  :before-upload="beforeCertUpload"
                  :action="certUpload"
                  :limit="1"
                >
                  <el-button size="mini" icon="el-icon-plus" slot="trigger"
                    >证书文件</el-button
                  >
                  <el-tooltip
                    class="item"
                    effect="dark"
                    content="请上传 .pem 格式的 cert 文件"
                    placement="top"
                  >
                    <i class="el-icon-info"></i>
                  </el-tooltip>
                </el-upload>
              </el-form-item>
              <el-form-item>
                <el-upload
                  class="uploadCert"
                  :before-upload="beforeKeyUpload"
                  :action="certUpload"
                  :limit="1"
                >
                  <el-button size="mini" icon="el-icon-plus" slot="trigger"
                    >私钥文件</el-button
                  >
                  <el-tooltip
                    class="item"
                    effect="dark"
                    content="请上传 .pem 格式的 key 文件"
                    placement="top"
                  >
                    <i class="el-icon-info"></i>
                  </el-tooltip>
                </el-upload>
              </el-form-item>
              <el-form-item>
                <el-button
                  size="small"
                  icon="el-icon-upload"
                  type="primary"
                  @click="submitForm('customCert')"
                  >上传</el-button
                >
              </el-form-item>
            </el-form>
          </el-tab-pane>
          <el-tab-pane label="Let's Encrypt证书" name="letsCert">
            <el-form
              :model="letsCert"
              ref="letsCert"
              :rules="rules"
              label-width="120px"
              size="small"
              class="tab-one"
            >
              <el-form-item label="域名" prop="domain">
                <el-input v-model="letsCert.domain"></el-input>
              </el-form-item>
              <el-form-item label="邮箱" prop="legomail">
                <el-input v-model="letsCert.legomail"></el-input>
              </el-form-item>
              <el-form-item label="域名服务商" prop="name">
                <el-radio-group v-model="letsCert.name">
                  <el-radio label="aliyun">阿里云</el-radio>
                  <el-radio label="txcloud">腾讯云</el-radio>
                  <el-radio label="cfcloud">cloudflare</el-radio>
                </el-radio-group>
              </el-form-item>
              <el-form-item
                v-for="component in dnsProvider[letsCert.name]"
                :key="component.prop"
                :label="component.label"
                :rules="component.rules"
              >
                <component
                  :is="component.component"
                  :type="component.type"
                  v-model="letsCert[letsCert.name][component.prop]"
                ></component>
              </el-form-item>
              <el-form-item>
                <el-switch
                  style="display: block"
                  v-model="letsCert.renew"
                  active-color="#13ce66"
                  inactive-color="#ff4949"
                  inactive-text="自动续期"
                >
                </el-switch>
              </el-form-item>
              <el-form-item>
                <el-button type="primary" @click="submitForm('letsCert')"
                  >申请</el-button
                >
                <el-button @click="resetForm('letsCert')">重置</el-button>
              </el-form-item>
            </el-form>
          </el-tab-pane>
        </el-tabs>
      </el-tab-pane>
      <el-tab-pane label="其他设置" name="dataOther">
-        <el-form :model="dataOther" ref="dataOther" :rules="rules" label-width="100px" class="tab-one">
+        <el-form
-
+          :model="dataOther"
          ref="dataOther"
          :rules="rules"
          label-width="100px"
          class="tab-one"
        >
          <el-form-item label="vpn对外地址" prop="link_addr">
-            <el-input
+            <el-input placeholder="请输入内容" v-model="dataOther.link_addr">
                placeholder="请输入内容"
                v-model="dataOther.link_addr">
            </el-input>
          </el-form-item>
@@ -77,17 +240,22 @@
              type="textarea"
              :rows="5"
              placeholder="请输入内容"
-                v-model="dataOther.banner">
+              v-model="dataOther.banner"
            >
            </el-input>
          </el-form-item>
          <el-form-item label="自定义首页" prop="homeindex">
            <el-input
              type="textarea"
-                :rows="5"
+              :rows="10"
              placeholder="请输入内容"
-                v-model="dataOther.homeindex">
+              v-model="dataOther.homeindex"
            >
            </el-input>
            <el-tooltip content="自定义内容可以参考 home 目录下的文件" placement="top">
              <i class="el-icon-question"></i>
            </el-tooltip>
          </el-form-item>
          <el-form-item label="账户开通邮件" prop="account_mail">
@@ -95,7 +263,8 @@
              type="textarea"
              :rows="10"
              placeholder="请输入内容"
-                v-model="dataOther.account_mail">
+              v-model="dataOther.account_mail"
            >
            </el-input>
          </el-form-item>
@@ -103,17 +272,19 @@
            <iframe
              width="500px"
              height="300px"
-                :srcdoc="dataOther.account_mail">
+              :srcdoc="dataOther.account_mail"
            >
            </iframe>
          </el-form-item>
          <el-form-item>
-            <el-button type="primary" @click="submitForm('dataOther')">保存</el-button>
+            <el-button type="primary" @click="submitForm('dataOther')"
              >保存</el-button
            >
            <el-button @click="resetForm('dataOther')">重置</el-button>
          </el-form-item>
        </el-form>
      </el-tab-pane>
    </el-tabs>
  </el-card>
 </template>
@@ -124,25 +295,123 @@ import axios from "axios";
 export default {
  name: "Other",
  created() {
-    this.$emit('update:route_path', this.$route.path)
+    this.$emit("update:route_path", this.$route.path);
-    this.$emit('update:route_name', ['基础信息', '其他设置'])
+    this.$emit("update:route_name", ["基础信息", "其他设置"]);
  },
  mounted() {
-    this.getSmtp()
+    this.getSmtp();
  },
  data() {
    return {
-      activeName: 'dataSmtp',
+      activeName: "dataSmtp",
      datacertManage: "customCert",
      dataSmtp: {},
      dataAuditLog: {},
      letsCert: {
        domain: ``,
        legomail: ``,
        name: "",
        renew: "",
        aliyun: {
          apiKey: "",
          secretKey: "",
        },
        txcloud: {
          secretId: "",
          secretKey: "",
        },
        cfcloud: {
          authToken: "",
        },
      },
      customCert: { cert: "", key: "" },
      dataOther: {},
      rules: {
-        host: {required: true, message: '请输入服务器地址', trigger: 'blur'},
+        host: { required: true, message: "请输入服务器地址", trigger: "blur" },
        port: [
-          {required: true, message: '请输入服务器端口', trigger: 'blur'},
+          { required: true, message: "请输入服务器端口", trigger: "blur" },
-          {type: 'number', message: '请输入正确的服务器端口', trigger: ['blur', 'change']}
+          {
            type: "number",
            message: "请输入正确的服务器端口",
            trigger: ["blur", "change"],
          },
        ],
        issuer: { required: true, message: "请输入系统名称", trigger: "blur" },
        domain: {
          required: true,
          message: "请输入需要申请证书的域名",
          trigger: "blur",
        },
        legomail: {
          required: true,
          message: "请输入申请证书的邮箱地址",
          trigger: "blur",
        },
        name: { required: true, message: "请选择域名服务商", trigger: "blur" },
      },
      certUpload: "/set/other/customcert",
      dnsProvider: {
        aliyun: [
          {
            label: "APIKey",
            prop: "apiKey",
            component: "el-input",
            type: "password",
            rules: {
              required: true,
              message: "请输入正确的APIKey",
              trigger: "blur",
            },
          },
          {
            label: "SecretKey",
            prop: "secretKey",
            component: "el-input",
            type: "password",
            rules: {
              required: true,
              message: "请输入正确的SecretKey",
              trigger: "blur",
            },
          },
        ],
        txcloud: [
          {
            label: "SecretID",
            prop: "secretId",
            component: "el-input",
            type: "password",
            rules: {
              required: true,
              message: "请输入正确的APIKey",
              trigger: "blur",
            },
          },
          {
            label: "SecretKey",
            prop: "secretKey",
            component: "el-input",
            type: "password",
            rules: {
              required: true,
              message: "请输入正确的APIKey",
              trigger: "blur",
            },
          },
        ],
        cfcloud: [
          {
            label: "AuthToken",
            prop: "authToken",
            component: "el-input",
            type: "password",
            rules: {
              required: true,
              message: "请输入正确的AuthToken",
              trigger: "blur",
            },
          },
        ],
        issuer: {required: true, message: '请输入系统名称', trigger: 'blur'},
      },
    };
  },
@@ -151,108 +420,184 @@ export default {
      window.console.log(tab.name, event);
      switch (tab.name) {
        case "dataSmtp":
-          this.getSmtp()
+          this.getSmtp();
-          break
+          break;
        case "dataAuditLog":
-          this.getAuditLog()
+          this.getAuditLog();
-          break          
+          break;
        case "letsCert":
          this.getletsCert();
          break;
        case "dataOther":
-          this.getOther()
+          this.getOther();
-          break          
+          break;
      }
    },
    beforeCertUpload(file) {
      // if (file.type !== 'application/x-pem-file') {
      //   this.$message.error('只能上传 .pem 格式的证书文件')
      //   return false
      // }
      this.customCert.cert = file;
    },
    beforeKeyUpload(file) {
      // if (file.type !== 'application/x-pem-file') {
      //   this.$message.error('只能上传 .pem 格式的私钥文件')
      //   return false
      // }
      this.customCert.key = file;
    },
    getSmtp() {
-      axios.get('/set/other/smtp').then(resp => {
+      axios
-        let rdata = resp.data
+        .get("/set/other/smtp")
-        console.log(rdata)
+        .then((resp) => {
          let rdata = resp.data;
          console.log(rdata);
          if (rdata.code !== 0) {
            this.$message.error(rdata.msg);
            return;
          }
-        this.dataSmtp = rdata.data
+          this.dataSmtp = rdata.data;
-      }).catch(error => {
+        })
-        this.$message.error('哦，请求出错');
+        .catch((error) => {
          this.$message.error("哦，请求出错");
          console.log(error);
        });
    },
    getAuditLog() {
-      axios.get('/set/other/audit_log').then(resp => {
+      axios
-        let rdata = resp.data
+        .get("/set/other/audit_log")
-        console.log(rdata)
+        .then((resp) => {
          let rdata = resp.data;
          console.log(rdata);
          if (rdata.code !== 0) {
            this.$message.error(rdata.msg);
            return;
          }
-        this.dataAuditLog = rdata.data
+          this.dataAuditLog = rdata.data;
-      }).catch(error => {
+        })
-        this.$message.error('哦，请求出错');
+        .catch((error) => {
          this.$message.error("哦，请求出错");
          console.log(error);
        });
    },
    getletsCert() {
      axios
        .get("/set/other/getcertset")
        .then((resp) => {
          let rdata = resp.data;
          console.log(rdata);
          if (rdata.code !== 0) {
            this.$message.error(rdata.msg);
            return;
          }
          this.letsCert = Object.assign({}, this.letsCert, rdata.data);
        })
        .catch((error) => {
          this.$message.error("哦，请求出错");
          console.log(error);
        });
    },
    getOther() {
-      axios.get('/set/other').then(resp => {
+      axios
-        let rdata = resp.data
+        .get("/set/other")
-        console.log(rdata)
+        .then((resp) => {
          let rdata = resp.data;
          console.log(rdata);
          if (rdata.code !== 0) {
            this.$message.error(rdata.msg);
            return;
          }
-        this.dataOther = rdata.data
+          this.dataOther = rdata.data;
-      }).catch(error => {
+        })
-        this.$message.error('哦，请求出错');
+        .catch((error) => {
          this.$message.error("哦，请求出错");
          console.log(error);
        });
    },
    submitForm(formName) {
      this.$refs[formName].validate((valid) => {
        if (!valid) {
-          alert('error submit!');
+          alert("error submit!");
        }
        switch (formName) {
          case "dataSmtp":
-            axios.post('/set/other/smtp/edit', this.dataSmtp).then(resp => {
+            axios.post("/set/other/smtp/edit", this.dataSmtp).then((resp) => {
-              var rdata = resp.data
+              var rdata = resp.data;
              console.log(rdata);
              if (rdata.code === 0) {
                this.$message.success(rdata.msg);
              } else {
                this.$message.error(rdata.msg);
              }
-
+            });
            })
            break;
          case "dataAuditLog":
-            axios.post('/set/other/audit_log/edit', this.dataAuditLog).then(resp => {
+            axios
-              var rdata = resp.data
+              .post("/set/other/audit_log/edit", this.dataAuditLog)
              .then((resp) => {
                var rdata = resp.data;
                console.log(rdata);
                if (rdata.code === 0) {
                  this.$message.success(rdata.msg);
                } else {
                  this.$message.error(rdata.msg);
                }
-            })
+              });
            break;
          case "letsCert":
            var loading = this.$loading({
              lock: true,
              text: "证书申请中...",
              spinner: "el-icon-loading",
              background: "rgba(0, 0, 0, 0.7)",
            });
            axios.post("/set/other/createcert", this.letsCert).then((resp) => {
              var rdata = resp.data;
              console.log(rdata);
              if (rdata.code === 0) {
                loading.close();
                this.$message.success(rdata.msg);
              } else {
                loading.close();
                this.$message.error(rdata.msg);
              }
            });
            break;
          case "customCert":
            var formData = new FormData();
            formData.append("cert", this.customCert.cert);
            formData.append("key", this.customCert.key);
            axios.post(this.certUpload, formData).then((resp) => {
              var rdata = resp.data;
              console.log(rdata);
              if (rdata.code === 0) {
                this.$message.success(rdata.msg);
              } else {
                this.$message.error(rdata.msg);
              }
            });
            break;
          case "dataOther":
-            axios.post('/set/other/edit', this.dataOther).then(resp => {
+            axios.post("/set/other/edit", this.dataOther).then((resp) => {
-              var rdata = resp.data
+              var rdata = resp.data;
              console.log(rdata);
              if (rdata.code === 0) {
                this.$message.success(rdata.msg);
              } else {
                this.$message.error(rdata.msg);
              }
-            })
+            });
            break;
        }
      });
    },
    resetForm(formName) {
      this.$refs[formName].resetFields();
    }
    },
-}
+  },
 };
 </script>
 <style scoped>
@@ -262,7 +607,6 @@ export default {
 .input_tip {
  line-height: 1.428;
-    margin:2px 0 0 0;
+  margin: 2px 0 0 0;
 }
 </style>
--- a/web/src/pages/user/IpMap.vue
+++ b/web/src/pages/user/IpMap.vue
@@ -11,6 +11,14 @@
                            @click="handleEdit('')">添加
                    </el-button>
                </el-form-item>
                <!--
                <el-form-item>
                    <el-alert
                            title="直接操作数据库增删改数据后，请重启anylink服务"
                            type="warning">
                    </el-alert>
                </el-form-item>
                -->
            </el-form>
            <el-table
@@ -160,7 +168,7 @@ import axios from "axios";
 export default {
    name: "IpMap",
    components: {},
-  mixins:[],
+    mixins: [],
    created() {
        this.$emit('update:route_path', this.$route.path)
        this.$emit('update:route_name', ['用户信息', 'IP映射'])
--- a/web/src/pages/user/List.vue
+++ b/web/src/pages/user/List.vue
@@ -23,13 +23,16 @@
            </el-upload>
            <el-dropdown-menu slot="dropdown">
              <el-dropdown-item>
-              <el-link style="font-size:12px;" type="success" href="批量添加用户模版.xlsx"><i class="el-icon-download"></i>下载模版</el-link>
+                <el-link style="font-size:12px;" type="success" href="批量添加用户模版.xlsx"><i
                    class="el-icon-download"></i>下载模版
                </el-link>
              </el-dropdown-item>
            </el-dropdown-menu>
          </el-dropdown>
        </el-form-item>
-        <el-form-item label="用户名:">
+        <el-form-item label="用户名或姓名或邮箱:">
-          <el-input size="small" v-model="searchData" placeholder="请输入内容" @keydown.enter.native="searchEnterFun"></el-input>
+          <el-input size="small" v-model="searchData" placeholder="请输入内容"
                    @keydown.enter.native="searchEnterFun"></el-input>
        </el-form-item>
        <el-form-item>
@@ -105,7 +108,7 @@
          <template slot-scope="scope">
            <el-tag v-if="scope.row.status === 1" type="success">可用</el-tag>
            <el-tag v-if="scope.row.status === 0" type="danger">停用</el-tag>
-            <el-tag v-if="scope.row.status === 2" >过期</el-tag>
+            <el-tag v-if="scope.row.status === 2">过期</el-tag>
          </template>
        </el-table-column>
--- a/web/yarn.lock
+++ b/web/yarn.lock
@@ -6759,6 +6759,13 @@ qs@6.9.7:
  resolved "https://registry.yarnpkg.com/qs/-/qs-6.9.7.tgz#4610846871485e1e048f44ae3b94033f0e675afe"
  integrity sha512-IhMFgUmuNpyRfxA90umL7ByLlgRXu6tIfKPpF5TmcfRLlLCckfP/g3IQmju6jjpu+Hh8rA+2p6A27ZSPOOHdKw==
 qs@^6.11.1:
  version "6.11.1"
  resolved "https://registry.npmmirror.com/qs/-/qs-6.11.1.tgz#6c29dff97f0c0060765911ba65cbc9764186109f"
  integrity sha512-0wsrzgTz/kAVIeuxSjnpGC56rzYtr6JT/2BwEvMaPhFIoYa1aGO8LbzuU1R0uUYQkLpWBTOj0l/CLAJB64J6nQ==
  dependencies:
    side-channel "^1.0.4"
 qs@~6.5.2:
  version "6.5.3"
  resolved "https://registry.yarnpkg.com/qs/-/qs-6.5.3.tgz#3aeeffc91967ef6e35c0e488ef46fb296ab76aad"
--- a/yarn.lock
+++ b/yarn.lock
@@ -0,0 +1,4 @@
 # THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
 # yarn lockfile v1
Author	SHA1	Message	Date
bjdgy	5d4a9c0082	test	2024-02-04 19:57:07 +08:00
bjdgy	8bd8651fd7	删除armv7	2024-02-04 00:01:24 +08:00
bjdgy	545ddb337f	删除静态编译	2024-02-02 19:24:02 +08:00
bjdgy	d53ab80848	删除静态编译	2024-02-02 19:22:13 +08:00
bjdgyc	6c1f29ba3a	修复build错误	2024-02-02 18:59:34 +08:00
bjdgyc	947339384b	更新版本	2024-02-01 17:27:00 +08:00
bjdgyc	0849c6049b	更新版本	2024-02-01 17:20:44 +08:00
bjdgyc	936c44e866	优化编译脚本	2024-02-01 17:18:16 +08:00
bjdgyc	02bc75b27a	优化编译脚本	2024-02-01 16:12:41 +08:00
bjdgy	1aa8c83d58	修复go test报错	2024-01-31 22:56:59 +08:00
bjdgy	7554876259	修复go test报错	2024-01-31 22:47:54 +08:00
bjdgyc	2fc3c33880	添加 deploy 部署脚本优化应用易用性	2024-01-31 17:44:35 +08:00
bjdgy	d45ecbf3b7	添加 Release	2024-01-30 21:26:09 +08:00
bjdgy	54c2d95dd5	添加 Release	2024-01-30 21:21:42 +08:00
bjdgy	7eb8cc2077	添加 Release	2024-01-30 21:03:28 +08:00
bjdgyc	fbd799f9f9	添加 Release	2024-01-30 18:23:09 +08:00
bjdgyc	f9ff92d73d	修改 docker 编译	2024-01-30 11:06:15 +08:00
bjdgy	10a335dc3d	修改 docker 编译	2024-01-29 22:25:41 +08:00
bjdgy	cd5652215f	修改 docker 编译	2024-01-29 22:17:01 +08:00
bjdgy	b153997cf1	修改 docker 编译	2024-01-29 22:13:40 +08:00
bjdgy	d5046a4f53	修改 docker 编译	2024-01-29 22:11:15 +08:00
bjdgy	b7fbbdc58c	修改 docker 编译	2024-01-29 22:07:52 +08:00
bjdgy	39b28f23c0	修改 docker 编译	2024-01-29 21:47:42 +08:00
bjdgy	aa09d928c3	修改 docker 编译	2024-01-29 21:34:03 +08:00
bjdgy	9099aea122	修改 docker 编译	2024-01-29 21:26:38 +08:00
bjdgy	ef3f2aba4c	修改 docker 编译	2024-01-29 21:11:40 +08:00
bjdgy	3c015651ef	修改 docker 编译	2024-01-29 20:59:34 +08:00
bjdgy	6a598b2570	修改 docker 编译	2024-01-29 20:50:55 +08:00
bjdgyc	1f47e3e254	修改 docker 编译	2024-01-29 17:56:39 +08:00
bjdgyc	79b7f0c88e	修改 docker 编译	2024-01-29 17:50:28 +08:00
bjdgyc	289f748543	修改 docker 编译	2024-01-29 17:47:46 +08:00
bjdgyc	4f77fd9013	添加 release.sh 脚本	2024-01-29 15:11:10 +08:00
bjdgyc	769c304e9a	添加 release.sh 脚本	2024-01-29 14:40:12 +08:00
bjdgyc	a5d9764d35	添加 release.sh 脚本	2024-01-29 14:32:41 +08:00
bjdgyc	f47fbd0252	添加 release.sh 脚本	2024-01-29 14:30:15 +08:00
bjdgyc	41278f722d	Update build.sh	2024-01-29 00:25:18 +08:00
bjdgyc	87e50e8e0d	Update build.sh	2024-01-29 00:21:51 +08:00
bjdgyc	5371e4530f	Update release-tag-version.yml	2024-01-29 00:19:56 +08:00
bjdgyc	9d5f5719d8	Merge pull request #290 from bjdgyc/dev 添加github action编译	2024-01-29 00:15:27 +08:00
bjdgy	911b96cc74	修改readme	2024-01-29 00:09:48 +08:00
bjdgyc	13de601474	修改readme	2024-01-24 10:08:48 +08:00
bjdgyc	56576cb22a	修改配置参数	2024-01-23 17:38:48 +08:00
bjdgyc	70f3e46ef7	修改配置参数	2024-01-23 14:28:11 +08:00
bjdgy	1592a1f01b	fix	2024-01-22 22:49:27 +08:00
bjdgy	279498e37e	更改 http server log	2024-01-22 21:18:26 +08:00
bjdgyc	9ed8b1a9f1	更新证书信息	2024-01-22 15:12:10 +08:00
bjdgyc	31a1035267	更新证书信息	2024-01-22 15:06:05 +08:00
bjdgyc	5731d9a01c	修复otp二维码不显示的问题	2024-01-22 13:21:12 +08:00
bjdgyc	c63604aba3	修复otp二维码不显示的问题	2024-01-22 10:38:20 +08:00
bjdgyc	7c3ed549d0	增加用户名或姓名或邮箱搜索支持	2024-01-15 17:46:47 +08:00
bjdgyc	4a33b42726	Merge remote-tracking branch 'origin/dev' into dev	2024-01-15 17:31:48 +08:00
bjdgyc	da92c111e7	增加用户名或姓名或邮箱搜索支持	2024-01-15 17:30:58 +08:00
bjdgyc	634c8c8145	Update go-update.yml	2024-01-15 15:50:39 +08:00
bjdgyc	3408198d2d	修改说明文件	2024-01-15 15:21:39 +08:00
bjdgyc	1df0f60ed3	Update go-update.yml	2024-01-15 10:10:30 +08:00
bjdgyc	1f5d7d0dab	Merge pull request #288 from Potterli20/patch-1 update go.mod 7day	2024-01-15 10:07:09 +08:00
trli	e73504b4b6	Create go-update.yml	2024-01-15 09:52:44 +08:00
bjdgy	2e86547e97	修复 DPD-REQ 协议	2023-12-31 22:39:29 +08:00
bjdgyc	970213f269	Merge pull request #285 from itviewer/dev 遵循 DPD-REQ 协议，修复 OpenConnect DTLS 的 MTU 探测	2023-12-31 21:53:03 +08:00
XinJun Ma	ffd68d6c81	遵循 DPD-REQ 协议，修复 OpenConnect DTLS 的 MTU 探测	2023-12-31 18:36:02 +08:00
bjdgyc	3f072242f4	添加空闲链接超时自动断开	2023-12-29 16:17:50 +08:00
bjdgyc	ef1e20a558	添加空闲链接超时自动断开	2023-12-29 15:51:49 +08:00
bjdgy	42142d95b7	修改报错信息	2023-12-27 21:24:24 +08:00
bjdgy	638a99275e	fix	2023-12-26 13:00:55 +08:00
bjdgyc	edc7a4a4a3	Merge pull request #283 from bjdgyc/dev 修复容器频繁重启的问题	2023-12-26 12:13:03 +08:00
bjdgy	17492d8172	修复容器频繁重启的问题	2023-12-26 11:24:01 +08:00
bjdgyc	65de1a58cf	Merge pull request #282 from bjdgyc/dev 添加问题信息	2023-12-25 15:39:43 +08:00
bjdgyc	dfb25718f7	添加问题信息	2023-12-25 15:38:59 +08:00
bjdgyc	3deda4d77f	Merge pull request #281 from bjdgyc/dev 合并新版	2023-12-25 14:56:58 +08:00
bjdgyc	2af524f87b	Merge pull request #274 from aiminickwong/main 解决电信DNS Let's Encrypt证书刷新缓慢问题	2023-12-25 14:55:14 +08:00
bjdgyc	1b6abeb849	修复 modprobe 报错	2023-12-25 14:47:30 +08:00
bjdgyc	e3b303744b	修复 modprobe 报错	2023-12-25 14:34:21 +08:00
bjdgyc	d3f16eb2ad	修复 modprobe 报错	2023-12-25 14:31:35 +08:00
bjdgyc	64404ea94b	修改readme	2023-12-13 16:50:35 +08:00
bjdgyc	ededfddff4	Merge pull request #278 from lanrenwo/group_ip_list 新增路由设置的编辑模式	2023-12-04 18:38:17 +08:00
lanrenwo	8a3d34b737	优化isValidCIDR函数，解决部分格式检测有误，并给予建议提示。	2023-12-04 18:32:09 +08:00
lanrenwo	7c040e2a0f	过滤文本框内的空行	2023-12-04 13:44:06 +08:00
lanrenwo	3d03f6adb8	解决大量路由导致弹窗卡顿的问题（当点击“路由设置”时，才加载路由）	2023-12-04 13:08:37 +08:00
lanrenwo	5d24eda7fc	不限制路由的数量，并检测CIDR格式的正确性	2023-12-03 22:09:46 +08:00
lanrenwo	ea92857524	新增路由设置的编辑模式	2023-12-02 15:38:18 +08:00
bjdgyc	b521dddb98	Merge pull request #276 from lanrenwo/banner_special_chars 优化处理Banner特殊字符的代码	2023-11-27 10:18:31 +08:00
lanrenwo	2bd94aef2b	优化处理Banner特殊字符的代码	2023-11-20 12:24:44 +08:00
bjdgyc	3879c3a4bc	修复Banner特殊字符	2023-11-15 11:57:12 +08:00
bjdgyc	aa2b89855f	添加 DTLS12-CipherSuite 筛选	2023-11-09 10:52:10 +08:00
bjdgyc	9e1969e3d0	添加 DTLS12-CipherSuite 筛选	2023-11-08 18:07:32 +08:00
bjdgyc	5b1d86282a	fix	2023-11-06 16:51:32 +08:00
bjdgyc	bfc39fe4ea	默认显示错误信息	2023-11-02 15:54:59 +08:00
bjdgyc	9019a5f03a	添加网卡 alias 信息	2023-10-30 13:04:07 +08:00
bjdgyc	38d268e999	添加网卡 alias 信息	2023-10-30 11:46:53 +08:00
bjdgyc	57990d3d2a	添加网卡 alias	2023-10-30 11:38:31 +08:00
bjdgyc	6788a875a2	优化	2023-10-24 17:49:13 +08:00
bjdgyc	a9ad21b3b5	修改dtls加密套件	2023-10-17 16:30:45 +08:00
bjdgyc	43ca09e985	修改dtls加密套件	2023-10-17 16:01:31 +08:00
aiminick	b7da567cee	解决电信DNS Let's Encrypt证书刷新缓慢问题解决电信DNS Let's Encrypt证书刷新缓慢问题，改为阿里DNS后问题改善	2023-10-17 00:54:49 +08:00
bjdgyc	6eea265b15	添加自定义首页	2023-10-11 17:21:26 +08:00
bjdgyc	06c8ee1197	添加自定义首页	2023-10-11 17:20:57 +08:00
bjdgyc	ebc7cc85c0	添加nginx stream示例	2023-10-11 16:00:53 +08:00
bjdgyc	012f636cf7	修改 profile.xml	2023-10-11 10:19:23 +08:00
bjdgyc	4f9cc2074a	Merge remote-tracking branch 'origin/dev' into dev	2023-09-22 16:19:10 +08:00
bjdgyc	bbc5877eb9	修复header	2023-09-22 16:18:38 +08:00
bjdgyc	c6b85c7d66	Merge pull request #270 from lanrenwo/dev 修复logAudit的panic	2023-09-12 08:40:50 +08:00
lanrenwo	8e843d5eae	Update payload_access_audit.go	2023-09-08 21:01:03 +08:00
lanrenwo	7b9be9377f	修复logAudit的panic	2023-09-08 20:33:30 +08:00
bjdgyc	f03264faf3	Merge pull request #268 from shikaiguo/main 修改邮件内容的参数	2023-09-06 15:57:08 +08:00
bjdgyc	b19ff321ad	Merge pull request #267 from lanrenwo/dev 修复sniNewParser的panic	2023-09-06 15:54:22 +08:00
lanrenwo	f6980261d4	logAudit引入recover, 防止主程序崩溃.	2023-09-03 11:18:52 +08:00
lanrenwo	7651b69ed6	删除sniNewParser多余的空格	2023-09-02 10:46:01 +08:00
lanrenwo	2af2d273e4	简化sniNewParser代码	2023-09-02 10:44:47 +08:00
K	ff54abc5d5	增加邮件内容的昵称参数	2023-09-01 22:49:07 +08:00
lanrenwo	a168c96a93	修复sniNewParser的panic	2023-09-01 18:10:20 +08:00
bjdgyc	6127c41aea	修复 panic	2023-09-01 17:55:15 +08:00
bjdgyc	da1d6c6c6d	添加安全的header头	2023-08-25 13:56:04 +08:00
bjdgyc	08de4fe086	添加安全的header头	2023-08-24 16:59:35 +08:00
bjdgyc	7714c2a3e8	debug信息需要鉴权后显示	2023-08-24 14:27:12 +08:00
bjdgyc	78a8b06467	变更qq群	2023-08-17 16:27:12 +08:00
bjdgyc	28ffda2371	修复上传文件漏洞	2023-08-08 15:17:05 +08:00
bjdgyc	c23b120e90	更新	2023-08-08 15:01:15 +08:00
bjdgyc	287355de54	Merge pull request #260 from bjdgyc/dev Dev	2023-08-04 17:52:26 +08:00
bjdgyc	01f90e5bb5	管理用户支持otp	2023-07-24 17:36:03 +08:00
bjdgyc	91a9190379	管理用户支持otp	2023-07-24 17:26:52 +08:00
bjdgyc	0a9fe8f96c	Merge pull request #258 from bjdgyc/dev Dev	2023-07-23 15:45:04 +08:00
bjdgy	254110ebff	修改readme	2023-07-23 15:07:14 +08:00
bjdgyc	9c706a7d0d	升级dtls	2023-07-20 11:14:14 +08:00
bjdgyc	d228e224cd	修改readme	2023-07-17 18:26:45 +08:00
bjdgyc	6e95ea5441	修改server信息	2023-07-14 17:25:43 +08:00
bjdgyc	ce61401304	Merge pull request #247 from bjdgyc/main pull main	2023-06-14 16:47:22 +08:00
bjdgyc	d7d2696790	Merge pull request #246 from lanrenwo/bandwidth_to_mbps 用户组列表-带宽限制的单位从BYTE修改为Mbps	2023-06-14 16:43:17 +08:00
bjdgyc	9a6aaa87e5	Merge pull request #244 from xnow-me/main 强制使用规范的网络路由地址	2023-06-14 16:39:03 +08:00
lanrenwo	e31b5d83d4	用户组列表-带宽限制的单位从BYTE修改为Mbps	2023-06-14 14:30:18 +08:00
lihz	fc2920e140	强制使用规范的网络路由地址	2023-06-13 13:22:00 +08:00
bjdgyc	d36e2fe85a	修改参数比较	2023-06-08 17:09:19 +08:00
bjdgyc	14efb14a9a	修改配置文件报错，停止程序	2023-05-30 15:52:20 +08:00
bjdgyc	92de727db8	Merge pull request #240 from wsczx/dev 修复腾讯云因DNS解析生效时间导致无法成功申请证书的bug	2023-05-15 09:45:40 +08:00
wsczx	c63e4f33d5	申请证书前端添加等待效果，避免无法及时获取后端结果	2023-05-04 23:32:16 +08:00
wsczx	60095fbc9b	优化验证DNS超时时间和轮训间隔，避免申请证书失败	2023-05-04 22:24:53 +08:00
wsczx	fe9b84ce98	修改cf使用authToken的方式申请证书，修复因前后端cf名称不一致导致的指针错误	2023-05-04 19:08:40 +08:00
wsczx	fd5ec7f86a	修复腾讯云因DNS解析生效时间导致无法成功申请证书的bug	2023-05-02 00:38:17 +08:00
bjdgyc	50bc864fdd	添加版本显示	2023-04-26 21:14:40 +08:00
bjdgyc	a9e798f203	修改版本打印	2023-04-26 21:05:18 +08:00
bjdgyc	165d4ef8a0	修改捐赠列表	2023-04-26 20:47:24 +08:00
bjdgyc	65c24c4e27	Merge pull request #237 from bjdgyc/dev Dev	2023-04-26 20:39:36 +08:00
bjdgyc	b81bc5c283	修复test报错	2023-04-25 21:48:54 +08:00
bjdgyc	b52b8598df	修复test报错	2023-04-25 15:49:56 +08:00
bjdgyc	22fda0f6a1	修改systemd文件	2023-04-23 10:49:02 +08:00
bjdgyc	fed9066f22	修改ip分配的错误	2023-04-21 18:27:49 +08:00
bjdgyc	91ce4752f3	兼容不支持SNI的情况	2023-04-21 15:57:12 +08:00
bjdgyc	c05ec9ab36	兼容不支持SNI的情况	2023-04-21 14:44:53 +08:00
bjdgyc	6ee80d32ea	修改证书设置	2023-04-21 11:39:51 +08:00
bjdgyc	cc5aff08ad	修改ip pool策略	2023-04-21 10:17:51 +08:00
bjdgyc	690b4460ad	修改ip pool策略	2023-04-20 21:07:02 +08:00
bjdgyc	9dff39d299	Merge pull request #235 from wsczx/dev 修复直接升级anylink无法创建证书数据库信息，导致无法申请证书的BUG	2023-04-20 12:40:00 +08:00
bjdgyc	638c601c02	修改ip pool策略	2023-04-19 18:12:50 +08:00
wsczx	c2129af104	修复升级anylink无法创建证书数据库信息，导致无法申请证书的BUG	2023-04-19 15:37:55 +08:00
bjdgyc	bc9248e16b	添加allow_lan 提示	2023-04-19 15:24:41 +08:00
bjdgyc	8028b73d81	Merge branch 'main' into dev	2023-04-18 18:11:38 +08:00
bjdgyc	214311e80c	修改版本	2023-04-18 18:11:08 +08:00
bjdgyc	43de8148a0	添加pnpm支持	2023-04-18 16:52:14 +08:00
bjdgyc	150fff328f	Merge pull request #233 from denymz/sni feat:根据SNI返回SSL证书	2023-04-18 10:16:15 +08:00
deny	609a893feb	feat:根据SNI返回SSL证书	2023-04-17 11:07:39 +00:00
bjdgyc	9cb8c97af9	Merge pull request #229 from DimitriPapadopoulos/codespell Fix typos found by codespell	2023-04-17 10:13:12 +08:00
bjdgyc	8798de0d6d	Merge pull request #226 from wsczx/dev 增加证书相关功能	2023-04-17 10:12:37 +08:00
Dimitri Papadopoulos	26d20c0b40	Fix typos found by codespell	2023-04-11 17:42:30 +02:00
wsczx	19e99b7648	修复检查证书文件是否存在失败的bug	2023-04-07 23:59:44 +08:00
wsczx	5dc8114167	更新go mod文件	2023-04-06 14:51:25 +08:00
wsczx	4b83bd7ccf	修改Let's Encrypt注册地址为生产模式	2023-04-06 14:16:36 +08:00
wsczx	bc7c61c337	优化代码	2023-04-06 12:29:21 +08:00
wsczx	b3e7212b03	增加校验证书合法性，不合法或不存在则创建一个自签名证书，保证服务正常启动	2023-04-05 02:00:57 +08:00
wsczx	748adadd1e	保存Lego注册信息，避免重复注册导致失败优化动态加载TLS证书性能	2023-04-04 22:35:40 +08:00
bjdgyc	c646f79ef8	添加问题说明	2023-04-04 15:33:25 +08:00
wsczx	061f6f222b	Let's Encrypt添加Cloudflare接口，优化DNS服务商信息的存储方式和前端显示	2023-04-02 00:43:17 +08:00
wsczx	9bac773961	* 新增支持自定义上传证书功能 * 新增支持申请和自动续期Let's Encrypt证书（暂只支持阿里云和腾讯云）功能 * 新增支持动态加载证书（更换证书不需重启）功能	2023-03-31 20:34:29 +08:00
bjdgyc	4d15fe286a	Create FUNDING.yml add Sponsors	2023-02-27 14:42:46 +08:00
bjdgyc	df52087473	Merge pull request #219 from lanrenwo/add_lzs_compress 新增压缩功能-LZS算法	2023-02-16 16:01:19 +08:00
lanrenwo	9533ecd6c5	优化压缩的代码	2023-02-16 14:35:55 +08:00
bjdgyc	8608c6acee	Merge pull request #216 from lanrenwo/add_auth_test_login 新增后台测试登录的功能	2023-02-06 11:39:12 +08:00
lanrenwo	768e137ff9	新增压缩功能-LZS算法	2023-01-17 12:09:04 +08:00
lanrenwo	ef314c891b	让测试用户登录框垂直居中	2023-01-17 10:34:45 +08:00
lanrenwo	4d9919d43c	优化前端监控图表的报错逻辑	2023-01-13 18:02:13 +08:00
lanrenwo	262ad49df6	增加object_class的处理逻辑	2023-01-13 15:00:14 +08:00
lanrenwo	6cfa92944c	新增后台测试登录的功能	2023-01-13 14:14:47 +08:00
`@@ -1,2 +1,2 @@`
	`客户端软件需放置在files目录内，`	`客户端软件需放置在files目录内，`
	`如需要帮助请加QQ群：567510628`	`如需要帮助请加QQ群：567510628 、739072205`
		`@@ -0,0 +1,4 @@`
							`# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.`
							`# yarn lockfile v1`