Merge pull request #283 from bjdgyc/dev

修复容器频繁重启的问题
2025-09-28 16:15:17 +08:00 · 2023-12-26 12:13:03 +08:00 · 2023-12-26 11:24:01 +08:00 · 2023-12-25 15:39:43 +08:00 · 2023-12-25 15:38:59 +08:00 · 2023-12-25 14:56:58 +08:00
45 changed files with 830 additions and 245 deletions
--- a/README.md
+++ b/README.md
@@ -24,7 +24,8 @@ AnyLink 基于 [ietf-openconnect](https://tools.ietf.org/html/draft-mavrogiannop
 AnyLink 使用 TLS/DTLS 进行数据加密，因此需要 RSA 或 ECC 证书，可以通过 Let's Encrypt 和 TrustAsia 申请免费的 SSL 证书。
-AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试通过，如需要安装在其他系统，需要服务端支持 tun/tap 功能、ip 设置命令。
+AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试通过，如需要安装在其他系统，需要服务端支持 tun/tap
 功能、ip 设置命令。
 ## Screenshot
@@ -52,19 +53,27 @@ AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试
 >
 > 对于线上环境，必须申请安全的 https 证书，不支持私有证书连接
 >
 > 服务端安装 yum install iproute 或者 apt-get install iproute2
 >
 > 客户端请使用群共享文件的版本，其他版本没有测试过，不保证使用正常
-> 
+>
 > 其他问题 [前往查看](doc/question.md)
-> 
+>
 > 首次使用，请在浏览器访问 https://域名:443，浏览器提示安全后，在客户端输入 【域名:443】 即可
 ### 自行编译安装
-> 需要提前安装好 golang >= 1.19 和 nodejs >= 14.x 和 yarn >= v1.22.x
+> 需要提前安装好 golang >= 1.19 和 nodejs >= 16.x 和 yarn >= v1.22.x
 ```shell
 git clone https://github.com/bjdgyc/anylink.git
 # 编译参考软件版本
 # go 1.20.12
 # node v16.20.2
 # yarn 1.22.19
 cd anylink
 sh build.sh
@@ -121,7 +130,7 @@ sudo ./anylink
 > 数据库配置示例
 | db_type  | db_source                                              |
-| -------- | ------------------------------------------------------ |
+|----------|--------------------------------------------------------|
 | sqlite3  | ./conf/anylink.db                                      |
 | mysql    | user:password@tcp(127.0.0.1:3306)/anylink?charset=utf8 |
 | postgres | user:password@localhost/anylink?sslmode=verify-full    |
@@ -134,9 +143,11 @@ sudo ./anylink
 > 以下参数必须设置其中之一
-网络模式选择，需要配置 `link_mode` 参数，如 `link_mode="tun"`,`link_mode="macvtap"`,`link_mode="tap"(不推荐)` 等参数。 不同的参数需要对服务器做相应的设置。
+网络模式选择，需要配置 `link_mode` 参数，如 `link_mode="tun"`,`link_mode="macvtap"`,`link_mode="tap"(不推荐)` 等参数。
 不同的参数需要对服务器做相应的设置。
-建议优先选择 tun 模式，其次选择 macvtap 模式，因客户端传输的是 IP 层数据，无须进行数据转换。 tap 模式是在用户态做的链路层到 IP 层的数据互相转换，性能会有所下降。 如果需要在虚拟机内开启 tap
+建议优先选择 tun 模式，其次选择 macvtap 模式，因客户端传输的是 IP 层数据，无须进行数据转换。 tap 模式是在用户态做的链路层到
 IP 层的数据互相转换，性能会有所下降。 如果需要在虚拟机内开启 tap
 模式，请确认虚拟机的网卡开启混杂模式。
 ### tun 设置
@@ -190,7 +201,6 @@ https://cloud.tencent.com/document/product/216/62007
 ```
 3. 使用 AnyConnect 客户端连接即可
 ### macvtap 设置
@@ -204,6 +214,9 @@ https://cloud.tencent.com/document/product/216/62007
 # 首先关闭nat转发功能
 iptables_nat = false
 # master网卡需要打开混杂模式
 ip link set dev eth0 promisc on
 #内网主网卡名称
 ipv4_master = "eth0"
 #以下网段需要跟ipv4_master网卡设置成一样
@@ -213,7 +226,6 @@ ipv4_start = "10.1.2.100"
 ipv4_end = "10.1.2.200"
 ```
 ## Systemd
 1. 添加 anylink 程序
@@ -281,7 +293,7 @@ ipv4_end = "10.1.2.200"
       -c=/etc/server.toml --ip_lease=1209600 # IP地址租约时长
   ```
-7. 构建镜像
+7. 构建镜像 (非必需)
   ```bash
   #获取仓库源码
@@ -290,14 +302,15 @@ ipv4_end = "10.1.2.200"
   docker build -t anylink -f docker/Dockerfile .
   ```
 ## 常见问题
 请前往 [问题地址](doc/question.md) 查看具体信息
 ## Discussion
-添加QQ群: 567510628
+添加QQ群(1): 567510628
 添加QQ群(2): 739072205
 群共享文件有相关软件下载
@@ -307,7 +320,6 @@ ipv4_end = "10.1.2.200"
 ![contact_me_qr](doc/screenshot/contact_me_qr.png)
 -->
 ## Contribution
 欢迎提交 PR、Issues，感谢为 AnyLink 做出贡献。
--- a/build.sh
+++ b/build.sh
@@ -12,6 +12,9 @@ function RETVAL() {
 #当前目录
 cpath=$(pwd)
 ver=`cat server/base/app_ver.go | grep APP_VER | awk '{print $3}' | sed 's/"//g'`
 echo "当前版本 $ver"
 echo "编译前端项目"
 cd $cpath/web
 #国内可替换源加快速度
@@ -33,7 +36,7 @@ cp -rf $cpath/web/ui .
 #国内可替换源加快速度
 export GOPROXY=https://goproxy.io
 go mod tidy
-go build -v -o anylink -ldflags "-X main.CommitId=$(git rev-parse HEAD)"
+go build -v -o anylink -ldflags "-s -w -X main.CommitId=$(git rev-parse HEAD)"
 RETVAL $?
 cd $cpath
@@ -49,6 +52,7 @@ cp -r server/conf $deploy
 cp -r systemd $deploy
 cp -r LICENSE $deploy
 cp -r home $deploy
 tar zcvf ${deploy}.tar.gz $deploy
--- a/build_docker.sh
+++ b/build_docker.sh
@@ -6,10 +6,13 @@ echo $ver
 #docker login -u bjdgyc
 #docker build -t bjdgyc/anylink .
-docker build -t bjdgyc/anylink -f docker/Dockerfile .
+
 docker build -t bjdgyc/anylink --build-arg GitCommitId=$(git rev-parse HEAD) -f docker/Dockerfile .
 docker tag bjdgyc/anylink:latest bjdgyc/anylink:$ver
 exit 0
 docker push bjdgyc/anylink:$ver
 docker push bjdgyc/anylink:latest
--- a/doc/README.md
+++ b/doc/README.md
@@ -9,33 +9,40 @@
 ## Donator
 > 感谢以下同学的打赏，AnyLink 有你更美好！
-> 
+>
-> 需要展示主页的同学，可以在QQ群(567510628) 直接联系我添加。
+> 需要展示主页的同学，可以在QQ群 直接联系我添加。
-| 昵称      | 主页                         |
+| 昵称        | 主页 / 留言                      |
-|---------| ---------------------------- |
+|-----------|------------------------------|
-| 代码 oo8  |                              |
+| 代码 oo8    |                              |
-| 甘磊      | https://github.com/ganlei333 |
+| 甘磊        | https://github.com/ganlei333 |
-| Oo@     | https://github.com/chooop    |
+| Oo@       | https://github.com/chooop    |
-| 虚极静笃    |                              |
+| 虚极静笃      |                              |
-| 请喝可乐    |                              |
+| 请喝可乐      |                              |
-| 加油加油    |                              |
+| 加油加油      |                              |
-| 李建      |                              |
+| 李建        |                              |
-| lanbin  |                              |
+| lanbin    |                              |
-| 乐在东途    |                              |
+| 乐在东途      |                              |
-| 孤鸿      |                              |
+| 孤鸿        |                              |
-| 刘国华     |                              |
+| 刘国华       |                              |
-| 改名好无聊   |                              |
+| 改名好无聊     |                              |
-| 全能互联网专家 |                              |
+| 全能互联网专家   |                              |
-| JCM     |                              |
+| JCM       |                              |
-| Eh...   |                              |
+| Eh...     |                              |
-| 沉       |                              |
+| 沉         |                              |
-| 刘国华     |                              |
+| 刘国华       |                              |
-| 忧郁的豚骨拉面 |                              |
+| 忧郁的豚骨拉面   |                              |
-| 张小旋当爹地  |                              |
+| 张小旋当爹地    |                              |
-| Ronny   |                              |
+| 对方正在输入    |                              |
-| 奔跑的少年   |                              |
+| Ronny     |                              |
-| ZBW     |                              |
+| 奔跑的少年     |                              |
 | ZBW       |                              |
 | 悲鸣        |                              |
 | 谢谢        |                              |
 | 云思科技      |                              |
 | 哆啦A伟(张佳伟) | 嘿嘿                           |
 | 人类的悲欢并不相通 | 开源不易，感谢分享                    |
 | 做人要低调     |                              |
--- a/doc/question.md
+++ b/doc/question.md
@@ -1,36 +1,55 @@
 ## 常见问题
 ### anyconnect 客户端问题
 > 客户端请使用群共享文件的版本，其他版本没有测试过，不保证使用正常
-> 
+>
 > 添加QQ群: 567510628
 ### OTP 动态码
 > 请使用手机安装 freeotp ，然后扫描otp二维码，生成的数字即是动态码
 ### 远程桌面连接
 > 本软件已经支持远程桌面里面连接anyconnect。
 ### 私有证书问题
 > anylink 默认不支持私有证书
-> 
+>
 > 其他使用私有证书的问题，请自行解决
 ### 客户端连接名称
 > 客户端连接名称需要修改 [profile.xml](../server/conf/profile.xml) 文件
 ```xml
 <HostEntry>
    <HostName>VPN</HostName>
    <HostAddress>localhost</HostAddress>
 </HostEntry>
 ```
 ### dpd timeout 设置问题
-```
+
 ```yaml
 #客户端失效检测时间(秒) dpd > keepalive
-cstp_keepalive = 6
+cstp_keepalive = 4
-cstp_dpd = 10
+cstp_dpd = 9
-mobile_keepalive = 15
+mobile_keepalive = 7
-mobile_dpd = 20
+mobile_dpd = 15
 ```
 > 以上dpd参数为客户端的超时检测时间, 如一段时间内，没有数据传输，防火墙会主动关闭连接
-> 
+>
 > 如经常出现 timeout 的错误信息，应根据当前防火墙的设置，适当减小dpd数值
 ### 反向代理问题
 > anylink 仅支持四层反向代理，不支持七层反向代理
-> 
+>
 > 如Nginx请使用 stream模块
 ```conf
@@ -46,7 +65,36 @@ stream {
 }
 ```
 > nginx实现 共用443端口 示例
 ```conf
 stream {
    map $ssl_preread_server_name $name {
        vpn.xx.com        myvpn;
        default     defaultpage;
    }
    # upstream pool
    upstream myvpn {
        server 127.0.0.1:8443;
    }
    upstream defaultpage {
        server 127.0.0.1:8080;
    }
    server {
        listen 443 so_keepalive=on;
        ssl_preread on;
        #接收端也需要设置 proxy_protocol
        #proxy_protocol on;
        proxy_pass $name;
    }
 }
 ```
 ### 性能问题
 ```
 内网环境测试数据
 虚拟服务器：  centos7 4C8G
@@ -55,6 +103,7 @@ anylink:    tun模式 tcp传输
 客户端网卡下载速度：270Mb/s
 服务端网卡上传速度：280Mb/s
 ```
 > 客户端tls加密协议、隧道header头都会占用一定带宽
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,40 +1,49 @@
 #node:16-bullseye
 #golang:1.20-bullseye
 #debian:bullseye-slim
 #sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
 # web
-FROM node:16.17.1-alpine3.15 as builder_node
+FROM node:16-alpine3.18 as builder_node
 WORKDIR /web
 COPY ./web /web
 RUN yarn install \
    && yarn run build \
    && ls /web/ui
 # server
-FROM golang:1.19-alpine as builder_golang
+FROM golang:1.20-alpine3.18 as builder_golang
 #TODO 本地打包时使用镜像
-ENV GOPROXY=https://goproxy.io
+ENV GOPROXY=https://goproxy.cn
 ENV GOOS=linux
 ARG GitCommitId="gitCommitId"
 WORKDIR /anylink
-COPY . /anylink
+COPY server /anylink
-COPY --from=builder_node /web/ui  /anylink/server/ui
+COPY --from=builder_node /web/ui  /anylink/ui
 #TODO 本地打包时使用镜像
 RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
-RUN apk add --no-cache git gcc musl-dev
+RUN apk add gcc musl-dev
-RUN cd /anylink/server;go mod tidy;go build -o anylink -ldflags "-X main.CommitId=$(git rev-parse HEAD)" \
+RUN cd /anylink;go mod tidy;go build -o anylink -ldflags "-s -w -X main.CommitId=${GitCommitId}" \
-    && /anylink/server/anylink tool -v
+    && /anylink/anylink tool -v
 # anylink
-FROM alpine
+FROM alpine:3.18
 LABEL maintainer="github.com/bjdgyc"
-#ENV IPV4_CIDR="192.168.10.0/24"
+ENV ANYLINK_IN_CONTAINER=true
 WORKDIR /app
-COPY --from=builder_golang /anylink/server/anylink  /app/
+COPY --from=builder_golang /anylink/anylink  /app/
 COPY docker/docker_entrypoint.sh  /app/
-
+COPY ./server/bridge-init.sh /app/
 #COPY ./server/bridge-init.sh /app/
 COPY ./server/conf  /app/conf
 COPY ./LICENSE  /app/LICENSE
-
+COPY ./home  /app/home
 #TODO 本地打包时使用镜像
 RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
--- a/docker/docker_entrypoint.sh
+++ b/docker/docker_entrypoint.sh
@@ -14,7 +14,7 @@ case $var1 in
  ;;
 *)
-  sysctl -w net.ipv4.ip_forward=1
+  #sysctl -w net.ipv4.ip_forward=1
  #iptables -t nat -A POSTROUTING -s "${IPV4_CIDR}" -o eth0+ -j MASQUERADE
  #iptables -nL -t nat
--- a/home/自定义首页1.html
+++ b/home/自定义首页1.html
@@ -0,0 +1,101 @@
 <!DOCTYPE html>
 <html>
 <head>
  <meta charset="UTF-8">
  <title>AnyLink - 企业级远程办公 SSL VPN</title>
  <style>
    /* CSS样式表 */
    body {
      font-family: Arial, sans-serif;
      margin: 0;
      padding: 0;
    }
    header {
      background-color: #333;
      color: #fff;
      padding: 20px;
      text-align: center;
    }
    h1 {
      margin: 0;
      font-size: 32px;
    }
    main {
      max-width: 960px;
      margin: 20px auto;
      padding: 0 20px;
 	  margin-bottom: 100px;
    }
    p {
      line-height: 1.5;
    }
 	/* 设置页脚固定在底部，并且占满横向宽度 */
 	footer {
 		position: fixed;
 		bottom: 0;
 		left: 0;
 		width: 100%;
 	}
    footer {
      background-color: #f2f2f2;
      padding: 20px;
      text-align: center;
    }
    .cta-button {
      display: inline-block;
      background-color: #007bff;
      color: #fff;
      padding: 10px 20px;
      text-decoration: none;
      border-radius: 4px;
      font-weight: bold;
      margin-right: 10px;
    }
  </style>
 </head>
 <body>
  <header>
    <h1>欢迎使用 AnyLink</h1>
  </header>
  <main>
    <h2>什么是 AnyLink？</h2>
    <p>AnyLink 是一款面向企业级的远程办公 SSL VPN 软件，支持多人同时在线使用。它提供安全、便捷的访问内部网络资源的方式，使远程工作者能够有效协作。</p>
    <h2>核心功能</h2>
    <ul>
      <li>安全远程访问：AnyLink 使用 SSL/TLS 加密技术，确保远程用户与企业网络之间的连接安全可靠。</li>
      <li>多用户支持：多个用户可以同时连接 VPN，实现不同地点团队的无缝协作。</li>
      <li>灵活网络访问：AnyLink 能够安全地让远程工作者访问内部资源，如文件、应用程序和数据库。</li>
      <li>集中化管理：该 VPN 解决方案提供集中化管理控制台，便于用户管理、访问控制和监控。</li>
    </ul>
    <h2>开始使用 AnyLink</h2>
    <p>体验 AnyLink 为您的企业远程办公需求所带来的便利和安全。</p>
    <h2>下载客户端</h2>
    <a href="/files/anyconnect-win-4.10.05111.msi" class="cta-button">Windows 客户端</a>
    <a href="/files/anyconnect-macos-4.10.05111.dmg" class="cta-button">Mac 客户端</a>
    <a href="https://apps.apple.com/cn/app/cisco-secure-client/id1135064690" class="cta-button">iOS 客户端</a>
    <a href="/files/CiscoSecureClientAnyConnect_v5.0.00247.apk" class="cta-button">Android 客户端</a>
    <a href="/files/freeotp.apk" class="cta-button">Android FreeOTP客户端</a>
    <a href="https://apps.apple.com/cn/app/freeotp-authenticator/id872559395" class="cta-button">iOS FreeOTP客户端</a>
    <h2>使用手册</h2>
    <a href="/files/anylink_doc.pdf" class="cta-button">使用手册(Windows)</a>
  </main>
  <footer>
    &copy; 2023 AnyLink. 保留所有权利。
  </footer>
 </body>
 </html>
--- a/server/admin/api_base.go
+++ b/server/admin/api_base.go
@@ -8,6 +8,7 @@ import (
 	"github.com/bjdgyc/anylink/base"
 	"github.com/bjdgyc/anylink/pkg/utils"
 	"github.com/gorilla/mux"
 	"github.com/xlzd/gotp"
 )
 // Login 登陆接口
@@ -20,10 +21,35 @@ func Login(w http.ResponseWriter, r *http.Request) {
 	adminUser := r.PostFormValue("admin_user")
 	adminPass := r.PostFormValue("admin_pass")
 	// 启用otp验证
 	if base.Cfg.AdminOtp != "" {
 		pwd := adminPass
 		pl := len(pwd)
 		if pl < 6 {
 			RespError(w, RespUserOrPassErr)
 			base.Error(adminUser, "管理员otp错误")
 			return
 		}
 		// 判断otp信息
 		adminPass = pwd[:pl-6]
 		otp := pwd[pl-6:]
 		totp := gotp.NewDefaultTOTP(base.Cfg.AdminOtp)
 		unix := time.Now().Unix()
 		verify := totp.Verify(otp, int(unix))
 		if !verify {
 			RespError(w, RespUserOrPassErr)
 			base.Error(adminUser, "管理员otp错误")
 			return
 		}
 	}
 	// 认证错误
 	if !(adminUser == base.Cfg.AdminUser &&
 		utils.PasswordVerify(adminPass, base.Cfg.AdminPass)) {
 		RespError(w, RespUserOrPassErr)
 		base.Error(adminUser, "管理员用户名或密码错误")
 		return
 	}
@@ -41,6 +67,14 @@ func Login(w http.ResponseWriter, r *http.Request) {
 	data["admin_user"] = adminUser
 	data["expires_at"] = expiresAt
 	ck := &http.Cookie{
 		Name:     "jwt",
 		Value:    tokenString,
 		Path:     "/",
 		HttpOnly: true,
 	}
 	http.SetCookie(w, ck)
 	RespSucess(w, data)
 }
@@ -50,13 +84,15 @@ func authMiddleware(next http.Handler) http.Handler {
 		w.Header().Set("Access-Control-Allow-Methods", "GET,POST,OPTIONS")
 		w.Header().Set("Access-Control-Allow-Headers", "*")
 		if r.Method == http.MethodOptions {
 			// 正式环境不支持 OPTIONS
 			w.WriteHeader(http.StatusForbidden)
 			return
 		}
 		route := mux.CurrentRoute(r)
 		name := route.GetName()
 		// fmt.Println("bb", r.URL.Path, name)
-		if utils.InArrStr([]string{"login", "index", "static", "debug"}, name) {
+		if utils.InArrStr([]string{"login", "index", "static"}, name) {
 			// 不进行鉴权
 			next.ServeHTTP(w, r)
 			return
@@ -67,6 +103,12 @@ func authMiddleware(next http.Handler) http.Handler {
 		if jwtToken == "" {
 			jwtToken = r.FormValue("jwt")
 		}
 		if jwtToken == "" {
 			cc, err := r.Cookie("jwt")
 			if err == nil {
 				jwtToken = cc.Value
 			}
 		}
 		data, err := GetJwtData(jwtToken)
 		if err != nil || base.Cfg.AdminUser != fmt.Sprint(data["admin_user"]) {
 			w.WriteHeader(http.StatusUnauthorized)
--- a/server/admin/api_uploaduser.go
+++ b/server/admin/api_uploaduser.go
@@ -5,11 +5,11 @@ import (
 	"io"
 	"net/http"
 	"os"
 	"path"
 	"strconv"
 	"strings"
 	"time"
 	"github.com/bjdgyc/anylink/base"
 	"github.com/bjdgyc/anylink/dbdata"
 	"github.com/bjdgyc/anylink/pkg/utils"
 	mapset "github.com/deckarep/golang-set"
@@ -25,21 +25,27 @@ func UserUpload(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	defer file.Close()
-	newFile, err := os.Create(base.Cfg.FilesPath + header.Filename)
+
 	// go/path-injection
 	// base.Cfg.FilesPath 可以直接对外访问，不能上传文件到此
 	fileName := path.Join(os.TempDir(), utils.RandomRunes(10))
 	newFile, err := os.Create(fileName)
 	if err != nil {
 		RespError(w, RespInternalErr, "创建文件失败:", err)
 		return
 	}
 	defer newFile.Close()
 	io.Copy(newFile, file)
 	if err = UploadUser(newFile.Name()); err != nil {
 		RespError(w, RespInternalErr, err)
-		os.Remove(base.Cfg.FilesPath + header.Filename)
+		os.Remove(fileName)
 		return
 	}
-	os.Remove(base.Cfg.FilesPath + header.Filename)
+	os.Remove(fileName)
 	RespSucess(w, "批量添加成功")
 }
 func UploadUser(file string) error {
 	f, err := excelize.OpenFile(file)
 	if err != nil {
--- a/server/admin/api_user.go
+++ b/server/admin/api_user.go
@@ -205,6 +205,7 @@ type userAccountMailData struct {
 	LinkAddr     string
 	Group        string
 	Username     string
 	Nickname     string
 	PinCode      string
 	OtpImg       string
 	OtpImgBase64 string
@@ -251,9 +252,11 @@ func userAccountMail(user *dbdata.User) error {
 	otpData, _ := userOtpQr(user.Id, true)
 	data := userAccountMailData{
 		Issuer:       base.Cfg.Issuer,
 		LinkAddr:     setting.LinkAddr,
 		Group:        strings.Join(user.Groups, ","),
 		Username:     user.Username,
 		Nickname:     user.Nickname,
 		PinCode:      user.PinCode,
 		OtpImg:       fmt.Sprintf("https://%s/otp_qr?id=%d&jwt=%s", setting.LinkAddr, user.Id, tokenString),
 		OtpImgBase64: "data:image/png;base64," + otpData,
--- a/server/admin/server.go
+++ b/server/admin/server.go
@@ -10,6 +10,7 @@ import (
 	"github.com/arl/statsviz"
 	"github.com/bjdgyc/anylink/base"
 	"github.com/bjdgyc/anylink/dbdata"
 	"github.com/bjdgyc/anylink/pkg/utils"
 	"github.com/gorilla/handlers"
 	"github.com/gorilla/mux"
 )
@@ -20,6 +21,13 @@ var UiData embed.FS
 func StartAdmin() {
 	r := mux.NewRouter()
 	// 所有路由添加安全头
 	r.Use(func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
 			utils.SetSecureHeader(w)
 			next.ServeHTTP(w, req)
 		})
 	})
 	r.Use(authMiddleware)
 	r.Use(handlers.CompressHandler)
--- a/server/base/app_ver.go
+++ b/server/base/app_ver.go
@@ -3,5 +3,5 @@ package base
 const (
 	APP_NAME = "AnyLink"
 	// app版本号
-	APP_VER = "0.9.3"
+	APP_VER = "0.10.1"
 )
--- a/server/base/cfg.go
+++ b/server/base/cfg.go
@@ -49,6 +49,7 @@ type ServerConfig struct {
 	Issuer         string `json:"issuer"`
 	AdminUser      string `json:"admin_user"`
 	AdminPass      string `json:"admin_pass"`
 	AdminOtp       string `json:"admin_otp"`
 	JwtSecret      string `json:"jwt_secret"`
 	LinkMode    string `json:"link_mode"`    // tun tap macvtap ipvtap
--- a/server/base/cmd.go
+++ b/server/base/cmd.go
@@ -3,14 +3,17 @@ package base
 import (
 	"errors"
 	"fmt"
 	"io"
 	"os"
 	"reflect"
 	"runtime"
 	"strings"
 	"github.com/bjdgyc/anylink/pkg/utils"
 	"github.com/skip2/go-qrcode"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"github.com/xlzd/gotp"
 )
 var (
@@ -18,6 +21,8 @@ var (
 	CommitId string
 	// pass明文
 	passwd string
 	// 生成otp
 	otp bool
 	// 生成密钥
 	secret bool
 	// 显示版本信息
@@ -80,7 +85,6 @@ func initCmd() {
 	linkViper.SetEnvPrefix("link")
 	// 基础配置
 	for _, v := range configs {
 		if v.Typ == cfgStr {
 			rootCmd.Flags().StringP(v.Name, v.Short, v.ValStr, v.Usage)
@@ -113,7 +117,7 @@ func initCmd() {
 		linkViper.SetConfigFile(conf)
 		err = linkViper.ReadInConfig()
 		if err != nil {
-			fmt.Println("Using config file:", err)
+			panic("config file err:" + err.Error())
 		}
 	})
 }
@@ -128,6 +132,7 @@ func initToolCmd() *cobra.Command {
 	toolCmd.Flags().BoolVarP(&rev, "version", "v", false, "display version info")
 	toolCmd.Flags().BoolVarP(&secret, "secret", "s", false, "generate a random jwt secret")
 	toolCmd.Flags().StringVarP(&passwd, "passwd", "p", "", "convert the password plaintext")
 	toolCmd.Flags().BoolVarP(&otp, "otp", "o", false, "generate a random otp secret")
 	toolCmd.Flags().BoolVarP(&debug, "debug", "d", false, "list the config viper.Debug() info")
 	toolCmd.Run = func(cmd *cobra.Command, args []string) {
@@ -138,6 +143,13 @@ func initToolCmd() *cobra.Command {
 			s, _ := utils.RandSecret(40, 60)
 			s = strings.Trim(s, "=")
 			fmt.Printf("Secret:%s\n", s)
 		case otp:
 			s := gotp.RandomSecret(32)
 			fmt.Printf("Otp:%s\n\n", s)
 			qrstr := fmt.Sprintf("otpauth://totp/%s:%s?issuer=%s&secret=%s", "anylink_admin", "admin@anylink", "anylink_admin", s)
 			qr, _ := qrcode.New(qrstr, qrcode.High)
 			ss := qr.ToSmallString(false)
 			io.WriteString(os.Stderr, ss)
 		case passwd != "":
 			pass, _ := utils.PasswordHash(passwd)
 			fmt.Printf("Passwd:%s\n", pass)
--- a/server/base/config.go
+++ b/server/base/config.go
@@ -38,6 +38,7 @@ var configs = []config{
 	{Typ: cfgStr, Name: "issuer", Usage: "系统名称", ValStr: "XX公司VPN"},
 	{Typ: cfgStr, Name: "admin_user", Usage: "管理用户名", ValStr: "admin"},
 	{Typ: cfgStr, Name: "admin_pass", Usage: "管理用户密码", ValStr: defaultPwd},
 	{Typ: cfgStr, Name: "admin_otp", Usage: "管理用户otp,生成命令 ./anylink tool -o", ValStr: ""},
 	{Typ: cfgStr, Name: "jwt_secret", Usage: "JWT密钥", ValStr: defaultJwt},
 	{Typ: cfgStr, Name: "link_mode", Usage: "虚拟网络类型[tun tap macvtap ipvtap]", ValStr: "tun"},
 	{Typ: cfgStr, Name: "ipv4_master", Usage: "ipv4主网卡名称", ValStr: "eth0"},
@@ -52,7 +53,7 @@ var configs = []config{
 	{Typ: cfgInt, Name: "max_client", Usage: "最大用户连接", ValInt: 200},
 	{Typ: cfgInt, Name: "max_user_client", Usage: "最大单用户连接", ValInt: 3},
 	{Typ: cfgInt, Name: "cstp_keepalive", Usage: "keepalive时间(秒)", ValInt: 4},
-	{Typ: cfgInt, Name: "cstp_dpd", Usage: "死链接检测时间(秒)", ValInt: 10},
+	{Typ: cfgInt, Name: "cstp_dpd", Usage: "死链接检测时间(秒)", ValInt: 9},
 	{Typ: cfgInt, Name: "mobile_keepalive", Usage: "移动端keepalive接检测时间(秒)", ValInt: 7},
 	{Typ: cfgInt, Name: "mobile_dpd", Usage: "移动端死链接检测时间(秒)", ValInt: 15},
 	{Typ: cfgInt, Name: "mtu", Usage: "最大传输单元MTU", ValInt: 1460},
--- a/server/base/log.go
+++ b/server/base/log.go
@@ -103,7 +103,7 @@ func logLevel2Int(l string) int {
 	}
 	lvl := LogLevelInfo
 	for k, v := range levels {
-		if strings.EqualFold(strings.ToLower(l), strings.ToLower(v)) {
+		if strings.ToLower(l) == strings.ToLower(v) {
 			lvl = k
 		}
 	}
--- a/server/base/mod.go
+++ b/server/base/mod.go
@@ -0,0 +1,77 @@
 package base
 import (
 	"bufio"
 	"fmt"
 	"log"
 	"os"
 	"os/exec"
 	"strings"
 )
 const (
 	procModulesPath = "/proc/modules"
 	inContainerKey  = "ANYLINK_IN_CONTAINER"
 	tunPath         = "/dev/net/tun"
 )
 var (
 	InContainer = false
 	modMap      = map[string]struct{}{}
 )
 func initMod() {
 	container := os.Getenv(inContainerKey)
 	if container == "true" {
 		InContainer = true
 	}
 	log.Println("InContainer", InContainer)
 	file, err := os.Open(procModulesPath)
 	if err != nil {
 		err = fmt.Errorf("[ERROR] Problem with open file: %s", err)
 		panic(err)
 	}
 	defer file.Close()
 	scanner := bufio.NewScanner(file)
 	scanner.Split(bufio.ScanLines)
 	for scanner.Scan() {
 		splited := strings.Split(scanner.Text(), " ")
 		if len(splited[0]) > 0 {
 			modMap[splited[0]] = struct{}{}
 		}
 	}
 }
 func CheckModOrLoad(mod string) {
 	log.Println("CheckModOrLoad", mod)
 	if _, ok := modMap[mod]; ok {
 		return
 	}
 	if mod == "tun" || mod == "tap" {
 		_, err := os.Stat(tunPath)
 		if err == nil {
 			// 文件存在
 			return
 		}
 		panic("Linux tunFile is null " + tunPath)
 	}
 	if InContainer {
 		err := fmt.Errorf("Linux module %s is not loaded, please run `modprobe %s`", mod, mod)
 		// log.Println(err)
 		// return
 		panic(err)
 	}
 	cmdstr := fmt.Sprintln("modprobe", mod)
 	cmd := exec.Command("sh", "-c", cmdstr)
 	b, err := cmd.CombinedOutput()
 	if err != nil {
 		log.Println(string(b))
 		panic(err)
 	}
 }
--- a/server/base/start.go
+++ b/server/base/start.go
@@ -4,6 +4,7 @@ func Start() {
 	execute()
 	initCfg()
 	initLog()
 	initMod()
 }
 func Test() {
--- a/server/conf/files/info.txt
+++ b/server/conf/files/info.txt
@@ -1,2 +1,2 @@
 客户端软件需放置在files目录内，
-如需要帮助请加QQ群：567510628
+如需要帮助请加QQ群：567510628 、739072205
--- a/server/conf/profile.xml
+++ b/server/conf/profile.xml
@@ -8,6 +8,7 @@
        <RestrictPreferenceCaching>false</RestrictPreferenceCaching>
        <RestrictTunnelProtocols>IPSec</RestrictTunnelProtocols>
        <BypassDownloader>true</BypassDownloader>
        <AutoUpdate UserControllable="false">false</AutoUpdate>
        <WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
        <LinuxVPNEstablishment>AllowRemoteUsers</LinuxVPNEstablishment>
        <CertEnrollmentPin>pinAllowed</CertEnrollmentPin>
@@ -20,15 +21,19 @@
            </ExtendedKeyUsage>
        </CertificateMatch>
        <BackupServerList>
            <HostAddress>localhost</HostAddress>
        </BackupServerList>
    </ClientInitialization>
    <ServerList>
        <HostEntry>
-            <HostName>VPN Server</HostName>
+            <HostName>VPN</HostName>
            <HostAddress>localhost</HostAddress>
        </HostEntry>
        <HostEntry>
            <HostName>VPN2</HostName>
            <HostAddress>localhost2</HostAddress>
        </HostEntry>
    </ServerList>
 </AnyConnectProfile>
--- a/server/conf/server-sample.toml
+++ b/server/conf/server-sample.toml
@@ -23,6 +23,9 @@ issuer = "XX公司VPN"
 admin_user = "admin"
 #pass 123456
 admin_pass = "$2a$10$UQ7C.EoPifDeJh6d8.31TeSPQU7hM/NOM2nixmBucJpAuXDQNqNke"
 # 留空表示不开启 otp, 开启otp后密码为  pass + 6位otp
 # 生成 ./anylink tool -o
 admin_otp = ""
 jwt_secret = "abcdef.0123456789.abcdef"
--- a/server/conf/server.toml
+++ b/server/conf/server.toml
@@ -18,6 +18,9 @@ issuer = "XX公司VPN"
 admin_user = "admin"
 #pass 123456
 admin_pass = "$2a$10$UQ7C.EoPifDeJh6d8.31TeSPQU7hM/NOM2nixmBucJpAuXDQNqNke"
 # 留空表示不开启 otp, 开启otp后密码为  pass + 6位otp
 # 生成 ./anylink tool -o
 admin_otp = ""
 jwt_secret = "abcdef.0123456789.abcdef"
 #服务监听地址
@@ -38,6 +41,6 @@ iptables_nat = true
 #客户端显示详细错误信息(线上环境慎开启)
-display_error = false
+display_error = true
--- a/server/dbdata/cert.go
+++ b/server/dbdata/cert.go
@@ -64,8 +64,7 @@ type DNSProvider struct {
 		SecretKey string `json:"secretKey"`
 	} `json:"txcloud"`
 	CfCloud struct {
-		AuthEmail string `json:"authEmail"`
+		AuthToken string `json:"authToken"`
 		AuthKey   string `json:"authKey"`
 	} `json:"cfcloud"`
 }
 type LegoUserData struct {
@@ -89,15 +88,15 @@ type LeGoClient struct {
 func GetDNSProvider(l *SettingLetsEncrypt) (Provider challenge.Provider, err error) {
 	switch l.Name {
 	case "aliyun":
-		if Provider, err = alidns.NewDNSProviderConfig(&alidns.Config{APIKey: l.DNSProvider.AliYun.APIKey, SecretKey: l.DNSProvider.AliYun.SecretKey, TTL: 600}); err != nil {
+		if Provider, err = alidns.NewDNSProviderConfig(&alidns.Config{APIKey: l.DNSProvider.AliYun.APIKey, SecretKey: l.DNSProvider.AliYun.SecretKey, PropagationTimeout: 60 * time.Second, PollingInterval: 2 * time.Second, TTL: 600}); err != nil {
 			return
 		}
 	case "txcloud":
-		if Provider, err = tencentcloud.NewDNSProviderConfig(&tencentcloud.Config{SecretID: l.DNSProvider.TXCloud.SecretID, SecretKey: l.DNSProvider.TXCloud.SecretKey, TTL: 600}); err != nil {
+		if Provider, err = tencentcloud.NewDNSProviderConfig(&tencentcloud.Config{SecretID: l.DNSProvider.TXCloud.SecretID, SecretKey: l.DNSProvider.TXCloud.SecretKey, PropagationTimeout: 60 * time.Second, PollingInterval: 2 * time.Second, TTL: 600}); err != nil {
 			return
 		}
-	case "cloudflare":
+	case "cfcloud":
-		if Provider, err = cloudflare.NewDNSProviderConfig(&cloudflare.Config{AuthEmail: l.DNSProvider.CfCloud.AuthEmail, AuthKey: l.DNSProvider.CfCloud.AuthKey, TTL: 600}); err != nil {
+		if Provider, err = cloudflare.NewDNSProviderConfig(&cloudflare.Config{AuthToken: l.DNSProvider.CfCloud.AuthToken, PropagationTimeout: 60 * time.Second, PollingInterval: 2 * time.Second, TTL: 600}); err != nil {
 			return
 		}
 	}
@@ -199,7 +198,7 @@ func (c *LeGoClient) NewClient(l *SettingLetsEncrypt) error {
 	if err != nil {
 		return err
 	}
-	if err := client.Challenge.SetDNS01Provider(Provider, dns01.AddRecursiveNameservers([]string{"114.114.114.114", "114.114.115.115"})); err != nil {
+	if err := client.Challenge.SetDNS01Provider(Provider, dns01.AddRecursiveNameservers([]string{"223.6.6.6", "223.5.5.5"})); err != nil {
 		return err
 	}
 	if legouser.Registration == nil {
--- a/server/dbdata/db.go
+++ b/server/dbdata/db.go
@@ -115,9 +115,8 @@ func addInitData() error {
 				SecretKey string `json:"secretKey"`
 			}{SecretID: "", SecretKey: ""},
 			CfCloud: struct {
-				AuthEmail string `json:"authEmail"`
+				AuthToken string `json:"authToken"`
-				AuthKey   string `json:"authKey"`
+			}{AuthToken: ""}},
 			}{AuthEmail: "", AuthKey: ""}},
 	}
 	err = SettingSessAdd(sess, provider)
 	if err != nil {
--- a/server/dbdata/group.go
+++ b/server/dbdata/group.go
@@ -117,11 +117,18 @@ func SetGroup(g *Group) error {
 				continue
 			}
-			ipMask, _, err := parseIpNet(v.Val)
+			ipMask, ipNet, err := parseIpNet(v.Val)
 			if err != nil {
 				return errors.New("RouteInclude 错误" + err.Error())
 			}
 			// 给Mac系统下发路由时，必须是标准的网络地址
 			if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
 				errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误，建议： %s 改为 %s", v.Val, ipNet)
 				return errors.New(errMsg)
 			}
 			v.IpMask = ipMask
 			routeInclude = append(routeInclude, v)
 		}
@@ -130,10 +137,16 @@ func SetGroup(g *Group) error {
 	routeExclude := []ValData{}
 	for _, v := range g.RouteExclude {
 		if v.Val != "" {
-			ipMask, _, err := parseIpNet(v.Val)
+			ipMask, ipNet, err := parseIpNet(v.Val)
 			if err != nil {
 				return errors.New("RouteExclude 错误" + err.Error())
 			}
 			if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
 				errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误，建议： %s 改为 %s", v.Val, ipNet)
 				return errors.New(errMsg)
 			}
 			v.IpMask = ipMask
 			routeExclude = append(routeExclude, v)
 		}
--- a/server/dbdata/policy.go
+++ b/server/dbdata/policy.go
@@ -2,6 +2,7 @@ package dbdata
 import (
 	"errors"
 	"fmt"
 	"net"
 	"strings"
 	"time"
@@ -31,11 +32,16 @@ func SetPolicy(p *Policy) error {
 				continue
 			}
-			ipMask, _, err := parseIpNet(v.Val)
+			ipMask, ipNet, err := parseIpNet(v.Val)
 			if err != nil {
 				return errors.New("RouteInclude 错误" + err.Error())
 			}
 			if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
 				errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误，建议： %s 改为 %s", v.Val, ipNet)
 				return errors.New(errMsg)
 			}
 			v.IpMask = ipMask
 			routeInclude = append(routeInclude, v)
 		}
@@ -45,10 +51,15 @@ func SetPolicy(p *Policy) error {
 	routeExclude := []ValData{}
 	for _, v := range p.RouteExclude {
 		if v.Val != "" {
-			ipMask, _, err := parseIpNet(v.Val)
+			ipMask, ipNet, err := parseIpNet(v.Val)
 			if err != nil {
 				return errors.New("RouteExclude 错误" + err.Error())
 			}
 			if strings.Split(ipMask, "/")[0] != ipNet.IP.String() {
 				errMsg := fmt.Sprintf("RouteInclude 错误: 网络地址错误，建议： %s 改为 %s", v.Val, ipNet)
 				return errors.New(errMsg)
 			}
 			v.IpMask = ipMask
 			routeExclude = append(routeExclude, v)
 		}
--- a/server/dbdata/policy_test.go
+++ b/server/dbdata/policy_test.go
@@ -21,19 +21,19 @@ func TestGetPolicy(t *testing.T) {
 	err = SetPolicy(&p2)
 	ast.Nil(err)
-	route := []ValData{{Val: "192.168.1.1/24"}}
+	route := []ValData{{Val: "192.168.1.0/24"}}
 	p3 := Policy{Username: "a3", ClientDns: []ValData{{Val: "114.114.114.114"}}, RouteInclude: route, DsExcludeDomains: "com.cn,qq.com"}
 	err = SetPolicy(&p3)
 	ast.Nil(err)
 	// 判断 IpMask
-	ast.Equal(p3.RouteInclude[0].IpMask, "192.168.1.1/255.255.255.0")
+	ast.Equal(p3.RouteInclude[0].IpMask, "192.168.1.0/255.255.255.0")
-	route2 := []ValData{{Val: "192.168.2.1/24"}}
+	route2 := []ValData{{Val: "192.168.2.0/24"}}
 	p4 := Policy{Username: "a4", ClientDns: []ValData{{Val: "114.114.114.114"}}, RouteExclude: route2, DsIncludeDomains: "com.cn,qq.com"}
 	err = SetPolicy(&p4)
 	ast.Nil(err)
 	// 判断 IpMask
-	ast.Equal(p4.RouteExclude[0].IpMask, "192.168.2.1/255.255.255.0")
+	ast.Equal(p4.RouteExclude[0].IpMask, "192.168.2.0/255.255.255.0")
 	// 判断所有数据
 	var userPolicy *Policy
--- a/server/dbdata/user_test.go
+++ b/server/dbdata/user_test.go
@@ -17,12 +17,12 @@ func TestCheckUser(t *testing.T) {
 	// 添加一个组
 	dns := []ValData{{Val: "114.114.114.114"}}
-	route := []ValData{{Val: "192.168.1.1/24"}}
+	route := []ValData{{Val: "192.168.1.0/24"}}
 	g := Group{Name: group, Status: 1, ClientDns: dns, RouteInclude: route}
 	err := SetGroup(&g)
 	ast.Nil(err)
 	// 判断 IpMask
-	ast.Equal(g.RouteInclude[0].IpMask, "192.168.1.1/255.255.255.0")
+	ast.Equal(g.RouteInclude[0].IpMask, "192.168.1.0/255.255.255.0")
 	// 添加一个用户
 	u := User{Username: "aaa", Groups: []string{group}, Status: 1}
@@ -59,7 +59,7 @@ func TestCheckUser(t *testing.T) {
 	}
 	// 添加用户策略
 	dns2 := []ValData{{Val: "8.8.8.8"}}
-	route2 := []ValData{{Val: "192.168.2.1/24"}}
+	route2 := []ValData{{Val: "192.168.2.0/24"}}
 	p1 := Policy{Username: "aaa", Status: 1, ClientDns: dns2, RouteInclude: route2}
 	err = SetPolicy(&p1)
 	ast.Nil(err)
--- a/server/go.mod
+++ b/server/go.mod
@@ -19,7 +19,7 @@ require (
 	github.com/lib/pq v1.10.2
 	github.com/mattn/go-sqlite3 v1.14.9
 	github.com/orcaman/concurrent-map v1.0.0
-	github.com/pion/dtls/v2 v2.2.6
+	github.com/pion/dtls/v2 v2.2.7
 	github.com/pion/logging v0.2.2
 	github.com/pires/go-proxyproto v0.6.2
 	github.com/shirou/gopsutil v3.21.7+incompatible
@@ -29,14 +29,14 @@ require (
 	github.com/spf13/cast v1.3.1
 	github.com/spf13/cobra v1.2.1
 	github.com/spf13/viper v1.8.1
-	github.com/stretchr/testify v1.8.1
+	github.com/stretchr/testify v1.8.3
 	github.com/xhit/go-simple-mail/v2 v2.10.0
 	github.com/xlzd/gotp v0.0.0-20181030022105-c8557ba2c119
 	github.com/xuri/excelize/v2 v2.6.1
 	go.uber.org/atomic v1.10.0
-	golang.org/x/crypto v0.5.0
+	golang.org/x/crypto v0.8.0
-	golang.org/x/net v0.7.0
+	golang.org/x/net v0.9.0
-	golang.org/x/text v0.7.0
+	golang.org/x/text v0.9.0
 	golang.org/x/time v0.3.0
 	layeh.com/radius v0.0.0-20210819152912-ad72663a72ab
 	xorm.io/xorm v1.3.2
@@ -54,13 +54,12 @@ require (
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/miekg/dns v1.1.50 // indirect
-	github.com/pion/transport/v2 v2.0.2 // indirect
+	github.com/pion/transport/v2 v2.2.1 // indirect
 	github.com/pion/udp/v2 v2.0.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490 // indirect
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.490 // indirect
-	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
+	golang.org/x/mod v0.8.0 // indirect
-	golang.org/x/tools v0.1.12 // indirect
+	golang.org/x/tools v0.6.0 // indirect
 )
 require (
@@ -94,8 +93,8 @@ require (
 	github.com/tklauser/numcpus v0.2.3 // indirect
 	github.com/xuri/efp v0.0.0-20220603152613-6918739fd470 // indirect
 	github.com/xuri/nfp v0.0.0-20220409054826-5e722a1d9e22 // indirect
-	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect
+	golang.org/x/sync v0.1.0 // indirect
-	golang.org/x/sys v0.5.0 // indirect
+	golang.org/x/sys v0.7.0 // indirect
 	gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
 	gopkg.in/ini.v1 v1.66.6 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
--- a/server/go.sum
+++ b/server/go.sum
@@ -472,14 +472,12 @@ github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCko
 github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac=
 github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
 github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
-github.com/pion/dtls/v2 v2.2.6 h1:yXMxKr0Skd+Ub6A8UqXTRLSywskx93ooMRHsQUtd+Z4=
+github.com/pion/dtls/v2 v2.2.7 h1:cSUBsETxepsCSFSxC3mc/aDo14qQLMSL+O6IjG28yV8=
-github.com/pion/dtls/v2 v2.2.6/go.mod h1:t8fWJCIquY5rlQZwA2yWxUS1+OCrAdXrhVKXB5oD/wY=
+github.com/pion/dtls/v2 v2.2.7/go.mod h1:8WiMkebSHFD0T+dIU+UeBaoV7kDhOW5oDCzZ7WZ/F9s=
 github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY=
 github.com/pion/logging v0.2.2/go.mod h1:k0/tDVsRCX2Mb2ZEmTqNa7CWsQPc+YYCB7Q+5pahoms=
-github.com/pion/transport/v2 v2.0.2 h1:St+8o+1PEzPT51O9bv+tH/KYYLMNR5Vwm5Z3Qkjsywg=
+github.com/pion/transport/v2 v2.2.1 h1:7qYnCBlpgSJNYMbLCKuSY9KbQdBFoETvPNETv0y4N7c=
-github.com/pion/transport/v2 v2.0.2/go.mod h1:vrz6bUbFr/cjdwbnxq8OdDDzHf7JJfGsIRkxfpZoTA0=
+github.com/pion/transport/v2 v2.2.1/go.mod h1:cXXWavvCnFF6McHTft3DWS9iic2Mftcz1Aq29pGcU5g=
 github.com/pion/udp/v2 v2.0.1 h1:xP0z6WNux1zWEjhC7onRA3EwwSliXqu1ElUZAQhUP54=
 github.com/pion/udp/v2 v2.0.1/go.mod h1:B7uvTMP00lzWdyMr/1PVZXtV3wpPIxBRd4Wl6AksXn8=
 github.com/pires/go-proxyproto v0.6.2 h1:KAZ7UteSOt6urjme6ZldyFm4wDe/z0ZUP0Yv0Dos0d8=
 github.com/pires/go-proxyproto v0.6.2/go.mod h1:Odh9VFOZJCf9G8cLW5o435Xf1J95Jw9Gw5rnCjcwzAY=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -578,8 +576,8 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
+github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE=
@@ -663,8 +661,8 @@ golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm
 golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE=
+golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
-golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
+golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -702,8 +700,9 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -750,9 +749,9 @@ golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220812174116-3211cb980234/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
-golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
+golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
-golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -776,8 +775,9 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -843,14 +843,14 @@ golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
 golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -860,9 +860,9 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -929,8 +929,9 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
--- a/server/handler/dtls.go
+++ b/server/handler/dtls.go
@@ -2,10 +2,13 @@ package handler
 import (
 	"context"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/tls"
 	"encoding/hex"
 	"errors"
 	"net"
 	"strings"
 	"time"
 	"github.com/bjdgyc/anylink/base"
@@ -20,10 +23,13 @@ func startDtls() {
 		return
 	}
-	certificate, err := selfsign.GenerateSelfSigned()
+	// rsa 兼容 open connect
 	priv, _ := rsa.GenerateKey(rand.Reader, 2048)
 	certificate, err := selfsign.SelfSign(priv)
 	if err != nil {
 		panic(err)
 	}
 	logf := logging.NewDefaultLoggerFactory()
 	logf.Writer = base.GetBaseLw()
 	// logf.DefaultLogLevel = logging.LogLevelTrace
@@ -34,12 +40,17 @@ func startDtls() {
 	config := &dtls.Config{
 		Certificates:         []tls.Certificate{certificate},
 		InsecureSkipVerify:   true,
 		ExtendedMasterSecret: dtls.DisableExtendedMasterSecret,
-		CipherSuites:         []dtls.CipherSuiteID{dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
+		CipherSuites: func() []dtls.CipherSuiteID {
-		LoggerFactory:        logf,
+			var cs = []dtls.CipherSuiteID{}
-		MTU:                  BufferSize,
+			for _, vv := range dtlsCipherSuites {
-		SessionStore:         sessStore,
+				cs = append(cs, vv)
 			}
 			return cs
 		}(),
 		LoggerFactory: logf,
 		MTU:           BufferSize,
 		SessionStore:  sessStore,
 		ConnectContextMaker: func() (context.Context, func()) {
 			return context.WithTimeout(context.Background(), 5*time.Second)
 		},
@@ -98,3 +109,23 @@ func (ms *sessionStore) Get(key []byte) (dtls.Session, error) {
 func (ms *sessionStore) Del(key []byte) error {
 	return nil
 }
 // 客户端和服务端映射 X-DTLS12-CipherSuite
 var dtlsCipherSuites = map[string]dtls.CipherSuiteID{
 	// "ECDHE-ECDSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
 	// "ECDHE-ECDSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 	"ECDHE-RSA-AES256-GCM-SHA384": dtls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 	"ECDHE-RSA-AES128-GCM-SHA256": dtls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 }
 func checkDtls12Ciphersuite(ciphersuite string) string {
 	csArr := strings.Split(ciphersuite, ":")
 	for _, v := range csArr {
 		if _, ok := dtlsCipherSuites[v]; ok {
 			return v
 		}
 	}
 	// 返回默认值
 	return "ECDHE-RSA-AES128-GCM-SHA256"
 }
--- a/server/handler/link_auth.go
+++ b/server/handler/link_auth.go
@@ -1,6 +1,7 @@
 package handler
 import (
 	"bytes"
 	"crypto/md5"
 	"encoding/xml"
 	"fmt"
@@ -49,7 +50,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	// fmt.Printf("%+v \n", cr)
-	setCommonHeader(w)
+	// setCommonHeader(w)
 	if cr.Type == "logout" {
 		// 退出删除session信息
 		if cr.SessionToken != "" {
@@ -154,10 +155,12 @@ func tplRequest(typ int, w io.Writer, data RequestData) {
 		return
 	}
-	if strings.Contains(data.Banner, "\n") {
+	if data.Banner != "" {
-		// 替换xml文件的换行符
+		buf := new(bytes.Buffer)
-		data.Banner = strings.ReplaceAll(data.Banner, "\n", "&#x0A;")
+		xml.EscapeText(buf, []byte(data.Banner))
 		data.Banner = buf.String()
 	}
 	t, _ := template.New("auth_complete").Parse(auth_complete)
 	_ = t.Execute(w, data)
 }
--- a/server/handler/link_base.go
+++ b/server/handler/link_base.go
@@ -3,7 +3,6 @@ package handler
 import (
 	"encoding/xml"
 	"log"
 	"net/http"
 	"os/exec"
 )
@@ -42,28 +41,6 @@ type macAddressList struct {
 	MacAddress string `xml:"mac-address"`
 }
 func setCommonHeader(w http.ResponseWriter) {
 	// Content-Length Date 默认已经存在
 	w.Header().Set("Server", "AnyLink")
 	w.Header().Set("Content-Type", "text/html; charset=utf-8")
 	w.Header().Set("Cache-Control", "no-store,no-cache")
 	w.Header().Set("Pragma", "no-cache")
 	w.Header().Set("Transfer-Encoding", "chunked")
 	w.Header().Set("Connection", "keep-alive")
 	w.Header().Set("X-Frame-Options", "deny")
 	w.Header().Set("X-Content-Type-Options", "nosniff")
 	w.Header().Set("Content-Security-Policy", "default-src 'none'")
 	w.Header().Set("X-Permitted-Cross-Domain-Policies", "none")
 	w.Header().Set("Referrer-Policy", "no-referrer")
 	w.Header().Set("Clear-Site-Data", "cache,cookies,storage")
 	w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
 	w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
 	w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
 	w.Header().Set("X-XSS-Protection", "0")
 	w.Header().Set("X-Aggregate-Auth", "1")
 	w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
 }
 func execCmd(cmdStrs []string) error {
 	for _, cmdStr := range cmdStrs {
 		cmd := exec.Command("sh", "-c", cmdStr)
--- a/server/handler/link_home.go
+++ b/server/handler/link_home.go
@@ -13,7 +13,7 @@ func LinkHome(w http.ResponseWriter, r *http.Request) {
 	// fmt.Println(r.RemoteAddr)
 	// hu, _ := httputil.DumpRequest(r, true)
 	// fmt.Println("DumpHome: ", string(hu))
-	w.Header().Set("Server", "AnyLinkOpenSource")
+	w.Header().Set("Content-Type", "text/html; charset=utf-8")
 	connection := strings.ToLower(r.Header.Get("Connection"))
 	userAgent := strings.ToLower(r.UserAgent())
 	if connection == "close" && (strings.Contains(userAgent, "anyconnect") || strings.Contains(userAgent, "openconnect")) {
--- a/server/handler/link_tun.go
+++ b/server/handler/link_tun.go
@@ -22,22 +22,29 @@ func checkTun() {
 	defer ifce.Close()
 	// 测试ip命令
-	cmdstr := fmt.Sprintf("ip link set dev %s up mtu %s multicast off", ifce.Name(), "1399")
+	base.CheckModOrLoad("tun")
-	err = execCmd([]string{cmdstr})
+
 	cmdstr1 := fmt.Sprintf("ip link set dev %s up mtu %s multicast off", ifce.Name(), "1399")
 	err = execCmd([]string{cmdstr1})
 	if err != nil {
 		base.Fatal("testTun err: ", err)
 	}
-	//开启服务器转发
+	// 开启服务器转发
 	if err := execCmd([]string{"sysctl -w net.ipv4.ip_forward=1"}); err != nil {
-		base.Error(err)
+		base.Fatal(err)
 	}
 	if base.Cfg.IptablesNat {
-		//添加NAT转发规则
+		// 添加NAT转发规则
 		ipt, err := iptables.New()
 		if err != nil {
-			base.Error(err)
+			base.Fatal(err)
 			return
 		}
 		// 修复 rockyos nat 不生效
 		base.CheckModOrLoad("iptable_filter")
 		base.CheckModOrLoad("iptable_nat")
 		natRule := []string{"-s", base.Cfg.Ipv4CIDR, "-o", base.Cfg.Ipv4Master, "-j", "MASQUERADE"}
 		forwardRule := []string{"-j", "ACCEPT"}
 		if natExists, _ := ipt.Exists("nat", "POSTROUTING", natRule...); !natExists {
@@ -65,7 +72,13 @@ func LinkTun(cSess *sessdata.ConnSession) error {
 	// log.Printf("Interface Name: %s\n", ifce.Name())
 	cSess.SetIfName(ifce.Name())
 	// 通过 ip link show  查看 alias 信息
 	cmdstr1 := fmt.Sprintf("ip link set dev %s up mtu %d multicast off", ifce.Name(), cSess.Mtu)
 	if !base.InContainer {
 		// 容器默认 iproute 不支持 alias
 		cmdstr1 += fmt.Sprintf(" alias %s.%s", cSess.Group.Name, cSess.Username)
 	}
 	cmdstr2 := fmt.Sprintf("ip addr add dev %s local %s peer %s/32",
 		ifce.Name(), base.Cfg.Ipv4Gateway, cSess.IpAddr)
 	err = execCmd([]string{cmdstr1, cmdstr2})
--- a/server/handler/link_tunnel.go
+++ b/server/handler/link_tunnel.go
@@ -92,6 +92,10 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
 	base.Debug(cSess.IpAddr, cSess.MacHw, sess.Username, mobile)
 	// 检测密码套件
 	dtlsCiphersuite := checkDtls12Ciphersuite(r.Header.Get("X-Dtls12-Ciphersuite"))
 	base.Trace("dtlsCiphersuite", dtlsCiphersuite)
 	// 压缩
 	if cmpName, ok := cSess.SetPickCmp("cstp", r.Header.Get("X-Cstp-Accept-Encoding")); ok {
 		HttpSetHeader(w, "X-CSTP-Content-Encoding", cmpName)
@@ -164,7 +168,7 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
 	HttpSetHeader(w, "X-DTLS-Port", dtlsPort)
 	HttpSetHeader(w, "X-DTLS-DPD", fmt.Sprintf("%d", cstpDpd))
 	HttpSetHeader(w, "X-DTLS-Keepalive", fmt.Sprintf("%d", cstpKeepalive))
-	HttpSetHeader(w, "X-DTLS12-CipherSuite", "ECDHE-ECDSA-AES128-GCM-SHA256")
+	HttpSetHeader(w, "X-DTLS12-CipherSuite", dtlsCiphersuite)
 	HttpSetHeader(w, "X-CSTP-License", "accept")
 	HttpSetHeader(w, "X-CSTP-Routing-Filtering-Ignore", "false")
@@ -234,7 +238,11 @@ func SetPostAuthXml(g *dbdata.Group, w http.ResponseWriter) error {
 	if err != nil {
 		return err
 	}
-	HttpSetHeader(w, "X-CSTP-Post-Auth-XML", result.String())
+	xmlAuth := ""
 	for _, v := range strings.Split(result.String(), "\n") {
 		xmlAuth += strings.TrimSpace(v)
 	}
 	HttpSetHeader(w, "X-CSTP-Post-Auth-XML", xmlAuth)
 	return nil
 }
--- a/server/handler/link_vtap.go
+++ b/server/handler/link_vtap.go
@@ -33,13 +33,14 @@ func checkMacvtap() {
 	ifName := "anylinkMacvtap"
 	// 加载 macvtap
-	cmdstr0 := fmt.Sprintln("modprobe -i macvtap")
+	base.CheckModOrLoad("macvtap")
 	// 开启主网卡混杂模式
 	cmdstr1 := fmt.Sprintf("ip link set dev %s promisc on", base.Cfg.Ipv4Master)
 	// 测试 macvtap 功能
 	cmdstr2 := fmt.Sprintf("ip link add link %s name %s type macvtap mode bridge", base.Cfg.Ipv4Master, ifName)
 	cmdstr3 := fmt.Sprintf("ip link del %s", ifName)
-	err := execCmd([]string{cmdstr0, cmdstr1, cmdstr2, cmdstr3})
+	err := execCmd([]string{cmdstr1, cmdstr2, cmdstr3})
 	if err != nil {
 		base.Fatal(err)
 	}
@@ -55,6 +56,10 @@ func LinkMacvtap(cSess *sessdata.ConnSession) error {
 	cmdstr1 := fmt.Sprintf("ip link add link %s name %s type macvtap mode bridge", base.Cfg.Ipv4Master, ifName)
 	cmdstr2 := fmt.Sprintf("ip link set dev %s up mtu %d address %s", ifName, cSess.Mtu, cSess.MacHw)
 	if !base.InContainer {
 		// 容器默认 iproute 不支持 alias
 		cmdstr2 += fmt.Sprintf(" alias %s.%s", cSess.Group.Name, cSess.Username)
 	}
 	err := execCmd([]string{cmdstr1, cmdstr2})
 	if err != nil {
 		base.Error(err)
--- a/server/handler/payload_access_audit.go
+++ b/server/handler/payload_access_audit.go
@@ -3,6 +3,7 @@ package handler
 import (
 	"crypto/md5"
 	"encoding/binary"
 	"runtime/debug"
 	"time"
 	"github.com/bjdgyc/anylink/base"
@@ -101,11 +102,17 @@ func logAuditBatch() {
 // 解析IP包的数据
 func logAudit(userName string, pl *sessdata.Payload) {
-	defer putPayload(pl)
+	defer func() {
 		if err := recover(); err != nil {
 			base.Error("logAudit is panic: ", err, "\n", string(debug.Stack()), "\n", pl.Data)
 		}
 		putPayload(pl)
 	}()
 	if !(pl.LType == sessdata.LTypeIPData && pl.PType == 0x00) {
 		return
 	}
 	ipProto := waterutil.IPv4Protocol(pl.Data)
 	// 访问协议
 	var accessProto uint8
@@ -118,11 +125,15 @@ func logAudit(userName string, pl *sessdata.Payload) {
 	default:
 		return
 	}
-
+	// IP报文只包含头部信息时, 则打印LOG，并退出
 	ipPl := waterutil.IPv4Payload(pl.Data)
 	if len(ipPl) < 4 {
 		base.Error("ipPl len < 4", ipPl, pl.Data)
 		return
 	}
 	ipPort := (uint16(ipPl[2]) << 8) | uint16(ipPl[3])
 	ipSrc := waterutil.IPv4Source(pl.Data)
 	ipDst := waterutil.IPv4Destination(pl.Data)
 	ipPort := waterutil.IPv4DestinationPort(pl.Data)
 	b := getByte51()
 	key := *b
 	copy(key[:16], ipSrc)
@@ -178,7 +189,6 @@ func logAudit(userName string, pl *sessdata.Payload) {
 		AccessProto: accessProto,
 		Info:        info,
 	}
 	select {
 	case logBatch.LogChan <- audit:
 	default:
--- a/server/handler/payload_tcp_parser.go
+++ b/server/handler/payload_tcp_parser.go
@@ -29,7 +29,7 @@ func onTCP(payload []byte) (uint8, string) {
 }
 func sniNewParser(b []byte) (uint8, string) {
-	if len(b) < 2 || b[0] != 0x16 || b[1] != 0x03 {
+	if len(b) < 6 || b[0] != 0x16 || b[1] != 0x03 {
 		return acc_proto_tcp, ""
 	}
 	rest := b[5:]
--- a/server/handler/server.go
+++ b/server/handler/server.go
@@ -12,6 +12,7 @@ import (
 	"github.com/bjdgyc/anylink/base"
 	"github.com/bjdgyc/anylink/dbdata"
 	"github.com/bjdgyc/anylink/pkg/utils"
 	"github.com/gorilla/mux"
 	"github.com/pires/go-proxyproto"
 )
@@ -53,7 +54,6 @@ func startTls() {
 			base.Trace("GetCertificate", chi.ServerName)
 			return dbdata.GetCertificateBySNI(chi.ServerName)
 		},
 		// InsecureSkipVerify: true,
 	}
 	srv := &http.Server{
 		Addr:         addr,
@@ -86,6 +86,14 @@ func startTls() {
 func initRoute() http.Handler {
 	r := mux.NewRouter()
 	// 所有路由添加安全头
 	r.Use(func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
 			utils.SetSecureHeader(w)
 			next.ServeHTTP(w, req)
 		})
 	})
 	r.HandleFunc("/", LinkHome).Methods(http.MethodGet)
 	r.HandleFunc("/", LinkAuth).Methods(http.MethodPost)
 	r.HandleFunc("/CSCOSSLC/tunnel", LinkTunnel).Methods(http.MethodConnect)
--- a/server/pkg/utils/secure_header.go
+++ b/server/pkg/utils/secure_header.go
@@ -0,0 +1,32 @@
 package utils
 import "net/http"
 // SetSecureHeader 设置安全的header头
 // https://blog.csdn.net/liwan09/article/details/130248003
 // https://zhuanlan.zhihu.com/p/335165168
 func SetSecureHeader(w http.ResponseWriter) {
 	// Content-Length Date 默认已经存在
 	w.Header().Set("Server", "AnyLinkOpenSource")
 	// w.Header().Set("Content-Type", "text/html; charset=utf-8")
 	// w.Header().Set("Transfer-Encoding", "chunked")
 	w.Header().Set("X-Aggregate-Auth", "1")
 	w.Header().Set("Cache-Control", "no-store,no-cache")
 	w.Header().Set("Pragma", "no-cache")
 	w.Header().Set("Connection", "keep-alive")
 	w.Header().Set("X-Frame-Options", "SAMEORIGIN")
 	w.Header().Set("X-Content-Type-Options", "nosniff")
 	w.Header().Set("X-Download-Options", "noopen")
 	w.Header().Set("Content-Security-Policy", "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; base-uri 'self'; block-all-mixed-content")
 	w.Header().Set("X-Permitted-Cross-Domain-Policies", "none")
 	w.Header().Set("Referrer-Policy", "same-origin")
 	w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
 	w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
 	w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
 	w.Header().Set("X-XSS-Protection", "1;mode=block")
 	w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
 	// w.Header().Set("Clear-Site-Data", "cache,cookies,storage")
 }
--- a/systemd/anylink.service
+++ b/systemd/anylink.service
@@ -11,12 +11,14 @@ Restart=on-failure
 RestartSec=5s
 ExecStart=/usr/local/anylink-deploy/anylink --conf=/usr/local/anylink-deploy/conf/server.toml
 # systemctl --version
 # systemd older than v236
 # ExecStart=/bin/bash -c 'exec /usr/local/anylink-deploy/anylink --conf=/usr/local/anylink-deploy/conf/server.toml >> /usr/local/anylink-deploy/log/anylink.log 2>&1'
-
+# systemd new than v236
-StandardOutput=file:/usr/local/anylink-deploy/log/anylink.log
+# StandardOutput=file:/usr/local/anylink-deploy/log/anylink.log
-StandardError=file:/usr/local/anylink-deploy/log/anylink.log
+# StandardError=file:/usr/local/anylink-deploy/log/anylink.log
 [Install]
 WantedBy=multi-user.target
--- a/web/src/pages/group/List.vue
+++ b/web/src/pages/group/List.vue
@@ -47,7 +47,12 @@
        <el-table-column
            prop="bandwidth"
-            label="带宽限制">
+            label="带宽限制"
            width="90">
            <template slot-scope="scope">
                <el-row v-if="scope.row.bandwidth > 0">{{ convertBandwidth(scope.row.bandwidth, 'BYTE', 'Mbps') }} Mbps</el-row>
                <el-row v-else>不限</el-row>
            </template>            
        </el-table-column>
        <el-table-column
@@ -62,7 +67,7 @@
        <el-table-column
            prop="route_include"
            label="路由包含"
-            width="200">
+            width="180">
          <template slot-scope="scope">
            <el-row v-for="(item,inx) in scope.row.route_include.slice(0, readMinRows)" :key="inx">{{ item.val }}</el-row>
            <div v-if="scope.row.route_include.length > readMinRows">
@@ -77,7 +82,7 @@
        <el-table-column
            prop="route_exclude"
            label="路由排除"
-            width="200">
+            width="180">
          <template slot-scope="scope">
            <el-row v-for="(item,inx) in scope.row.route_exclude.slice(0, readMinRows)" :key="inx">{{ item.val }}</el-row>
            <div v-if="scope.row.route_exclude.length > readMinRows">
@@ -92,7 +97,7 @@
        <el-table-column
            prop="link_acl"
            label="LINK-ACL"
-            min-width="200">
+            min-width="180">
          <template slot-scope="scope">
            <el-row v-for="(item,inx) in scope.row.link_acl.slice(0, readMinRows)" :key="inx">
              {{ item.action }} => {{ item.val }} : {{ item.port }}
@@ -186,9 +191,9 @@
                <el-input v-model="ruleForm.note"></el-input>
                </el-form-item>
-                <el-form-item label="带宽限制" prop="bandwidth">
+                <el-form-item label="带宽限制" prop="bandwidth_format" style="width:260px;">
-                <el-input v-model.number="ruleForm.bandwidth">
+                <el-input v-model="ruleForm.bandwidth_format" oninput="value= value.match(/\d+(\.\d{0,2})?/) ? value.match(/\d+(\.\d{0,2})?/)[0] : ''">
-                    <template slot="append">BYTE/S</template>
+                    <template slot="append">Mbps</template>
                </el-input>
                </el-form-item>
                <el-form-item label="排除本地网络" prop="allow_lan">
@@ -266,7 +271,7 @@
                  </el-form-item>                  
                  <el-form-item label="用户唯一ID" prop="auth.ldap.search_attr" :rules="this.ruleForm.auth.type== 'ldap' ? this.rules['auth.ldap.search_attr'] : [{ required: false }]">
                    <el-input v-model="ruleForm.auth.ldap.search_attr" placeholder="例如 sAMAccountName / uid / cn"></el-input>
-                  </el-form-item>    
+                  </el-form-item>
                  <el-form-item label="受限用户组" prop="auth.ldap.member_of">
                    <el-input v-model="ruleForm.auth.ldap.member_of" placeholder="选填, 只允许指定组登入, 例如 CN=HomeWork,DC=abc,DC=com"></el-input>
                  </el-form-item>                                                                      
@@ -276,48 +281,60 @@
            <el-tab-pane label="路由设置" name="route">
                <el-form-item label="包含路由" prop="route_include">
                <el-row class="msg-info">
-                    <el-col :span="20">输入CIDR格式如: 192.168.1.0/24</el-col>
+                    <el-col :span="18">输入CIDR格式如: 192.168.1.0/24</el-col>
-                    <el-col :span="4">
+                    <el-col :span="2">
                    <el-button size="mini" type="success" icon="el-icon-plus" circle
                                @click.prevent="addDomain(ruleForm.route_include)"></el-button>
                    </el-col>
                    <el-col :span="4">
                      <el-button size="mini" type="info" icon="el-icon-edit" circle
                                @click.prevent="openIpListDialog('route_include')"></el-button>
                    </el-col>                    
                </el-row>
-                <el-row v-for="(item,index) in ruleForm.route_include"
+                <templete v-if="activeTab == 'route'">
-                        :key="index" style="margin-bottom: 5px" :gutter="10">
+                    <el-row v-for="(item,index) in ruleForm.route_include"
-                    <el-col :span="10">
+                            :key="index" style="margin-bottom: 5px" :gutter="10">
-                    <el-input v-model="item.val"></el-input>
+                        <el-col :span="10">
-                    </el-col>
+                        <el-input v-model="item.val"></el-input>
-                    <el-col :span="12">
+                        </el-col>
-                    <el-input v-model="item.note" placeholder="备注"></el-input>
+                        <el-col :span="12">
-                    </el-col>
+                        <el-input v-model="item.note" placeholder="备注"></el-input>
-                    <el-col :span="2">
+                        </el-col>
-                    <el-button size="mini" type="danger" icon="el-icon-minus" circle
+                        <el-col :span="2">
-                                @click.prevent="removeDomain(ruleForm.route_include,index)"></el-button>
+                        <el-button size="mini" type="danger" icon="el-icon-minus" circle
-                    </el-col>
+                                    @click.prevent="removeDomain(ruleForm.route_include,index)"></el-button>
-                </el-row>
+                        </el-col>
                    </el-row>
                </templete>
                </el-form-item>
                <el-form-item label="排除路由" prop="route_exclude">
                <el-row class="msg-info">
-                    <el-col :span="20">输入CIDR格式如: 192.168.2.0/24</el-col>
+                    <el-col :span="18">输入CIDR格式如: 192.168.2.0/24</el-col>
-                    <el-col :span="4">
+                    <el-col :span="2">
                    <el-button size="mini" type="success" icon="el-icon-plus" circle
                                @click.prevent="addDomain(ruleForm.route_exclude)"></el-button>
                    </el-col>
                    <el-col :span="4">
                      <el-button size="mini" type="info" icon="el-icon-edit" circle
                                @click.prevent="openIpListDialog('route_exclude')"></el-button>
                    </el-col>                    
                </el-row>
-                <el-row v-for="(item,index) in ruleForm.route_exclude"
+                <templete v-if="activeTab == 'route'">
-                        :key="index" style="margin-bottom: 5px" :gutter="10">
+                    <el-row v-for="(item,index) in ruleForm.route_exclude"
-                    <el-col :span="10">
+                            :key="index" style="margin-bottom: 5px" :gutter="10">
-                    <el-input v-model="item.val"></el-input>
+                        <el-col :span="10">
-                    </el-col>
+                        <el-input v-model="item.val"></el-input>
-                    <el-col :span="12">
+                        </el-col>
-                    <el-input v-model="item.note" placeholder="备注"></el-input>
+                        <el-col :span="12">
-                    </el-col>
+                        <el-input v-model="item.note" placeholder="备注"></el-input>
-                    <el-col :span="2">
+                        </el-col>
-                    <el-button size="mini" type="danger" icon="el-icon-minus" circle
+                        <el-col :span="2">
-                                @click.prevent="removeDomain(ruleForm.route_exclude,index)"></el-button>
+                        <el-button size="mini" type="danger" icon="el-icon-minus" circle
-                    </el-col>
+                                    @click.prevent="removeDomain(ruleForm.route_exclude,index)"></el-button>
-                </el-row>
+                        </el-col>
                    </el-row>
                </templete>
                </el-form-item>
            </el-tab-pane>
            <el-tab-pane label="权限控制" name="link_acl">
@@ -328,7 +345,7 @@
                    <el-button size="mini" type="success" icon="el-icon-plus" circle
                                @click.prevent="addDomain(ruleForm.link_acl)"></el-button>
                    </el-col>
-                </el-row>
+                </el-row>  
                <el-row v-for="(item,index) in ruleForm.link_acl"
                        :key="index" style="margin-bottom: 5px" :gutter="5">
@@ -360,6 +377,7 @@
                </el-form-item>                
                <el-form-item label="排除域名" prop="ds_exclude_domains">
                    <el-input type="textarea" :rows="5" v-model="ruleForm.ds_exclude_domains" placeholder="输入域名用,号分隔，默认匹配所有子域名, 如baidu.com,163.com"></el-input>
                    <div class="msg-info">注：域名拆分隧道，仅支持AnyConnect的桌面客户端，不支持移动端.</div>
                </el-form-item>
            </el-tab-pane>
            <el-form-item>
@@ -393,6 +411,25 @@
            </el-form-item>
        </el-form>
    </el-dialog> 
    <!--编辑模式弹窗-->
    <el-dialog
    :close-on-click-modal="false"
    title="编辑模式"
    :visible.sync="ipListDialog"
    width="650px"
    custom-class="valgin-dialog"
    center>
      <el-form ref="ipEditForm" label-width="80px">
          <el-form-item label="路由表" prop="ip_list">
              <el-input type="textarea" :rows="10" v-model="ipEditForm.ip_list" placeholder="每行一条路由，例：192.168.1.0/24,备注 或 192.168.1.0/24"></el-input>
              <div class="msg-info">当前共 {{ ipEditForm.ip_list.trim() === '' ? 0 : ipEditForm.ip_list.trim().split("\n").length }} 条（注：AnyConnect客户端最多支持{{ this.maxRouteRows }}条路由）</div>
          </el-form-item>
          <el-form-item>
              <el-button type="primary" @click="ipEdit()" :loading="ipEditLoading">更新</el-button>
              <el-button @click="ipListDialog = false">取 消</el-button>
          </el-form-item>
      </el-form>
    </el-dialog>
  </div>
 </template>
@@ -419,6 +456,7 @@ export default {
      activeTab : "general",
      readMore: {},
      readMinRows : 5,
      maxRouteRows : 2500,
      defAuth : {
                type:'local', 
                radius:{addr:"", secret:""},
@@ -435,6 +473,7 @@ export default {
      },          
      ruleForm: {
        bandwidth: 0,
        bandwidth_format: '0',
        status: 1,
        allow_lan: true,
        client_dns: [{val: '114.114.114.114'}],
@@ -444,11 +483,17 @@ export default {
        auth : {},
      },
      authLoginDialog : false,
-      authLoginLoading : false,
+      ipListDialog : false,
      authLoginLoading : false,      
      authLoginForm : {
        name : "",
        pwd : "",
-      },   
+      },
      ipEditForm: {
        ip_list: "",
        type : "",
      },
      ipEditLoading : false,
      authLoginRules: {
        name: [
          {required: true, message: '请输入账号', trigger: 'blur'},
@@ -463,9 +508,9 @@ export default {
          {required: true, message: '请输入组名', trigger: 'blur'},
          {max: 30, message: '长度小于 30 个字符', trigger: 'blur'}
        ],
-        bandwidth: [
+        bandwidth_format: [
          {required: true, message: '请输入带宽限制', trigger: 'blur'},
-          {type: 'number', message: '带宽限制必须为数字值'}
+          {type: 'string', message: '带宽限制必须为数字值'}
        ],
        status: [
          {required: true}
@@ -493,7 +538,7 @@ export default {
        ],        
        "auth.ldap.search_attr": [
          {required: true, message: '请输入用户唯一ID', trigger: 'blur'}
-        ],                                       
+        ],
      },
    }
  },
@@ -536,7 +581,8 @@ export default {
          id: row.id,
        }
      }).then(resp => {
-        this.ruleForm = resp.data.data;
+        resp.data.data.bandwidth_format = this.convertBandwidth(resp.data.data.bandwidth, 'BYTE', 'Mbps').toString();
        this.ruleForm = resp.data.data;        
        this.setAuthData(resp.data.data);
      }).catch(error => {
        this.$message.error('哦，请求出错');
@@ -582,6 +628,7 @@ export default {
          console.log('error submit!!');
          return false;
        }
        this.ruleForm.bandwidth = this.convertBandwidth(this.ruleForm.bandwidth_format, 'Mbps', 'BYTE');
        axios.post('/group/set', this.ruleForm).then(resp => {
          const rdata = resp.data;
          if (rdata.code === 0) {
@@ -636,6 +683,70 @@ export default {
        });
      });
    },
    openIpListDialog(type) {
      this.ipListDialog = true;
      this.ipEditForm.type = type;
      this.ipEditForm.ip_list = this.ruleForm[type].map(item => item.val + (item.note ? "," + item.note : "")).join("\n");      
    },
    ipEdit() {
        this.ipEditLoading = true;
        let ipList = [];
        if (this.ipEditForm.ip_list.trim() !== "") {
            ipList = this.ipEditForm.ip_list.trim().split("\n");
        }        
        let arr = [];
        for (let i = 0; i < ipList.length; i++) {
          let item = ipList[i];
          if (item.trim() === "") {
            continue;
          }
          let ip = item.split(",");
          if (ip.length > 2) {
            ip[1] = ip.slice(1).join(",");
          }
          let note = ip[1] ? ip[1] : "";
          const pushToArr = () => {
            arr.push({val: ip[0], note: note});
          };
          if (this.ipEditForm.type == "route_include" && ip[0] == "all") {
            pushToArr();
            continue;  
          }
          let valid = this.isValidCIDR(ip[0]);
          if (!valid.valid) {
                this.$message.error("错误：CIDR格式错误，建议 " + ip[0] + " 改为 " + valid.suggestion);
                this.ipEditLoading = false;
                return;
          }
          pushToArr();
        }
        this.ruleForm[this.ipEditForm.type] = arr;
        this.ipEditLoading = false;
        this.ipListDialog = false;
    },
    isValidCIDR(input) {
        const cidrRegex = /^((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)\/([12]?\d|3[0-2])$/;
        if (!cidrRegex.test(input)) {
            return { valid: false, suggestion: null };
        }
        const [ip, mask] = input.split('/');
        const maskNum = parseInt(mask);
        const ipParts = ip.split('.').map(part => parseInt(part));
        const binaryIP = ipParts.map(part => part.toString(2).padStart(8, '0')).join('');
        for (let i = maskNum; i < 32; i++) {
            if (binaryIP[i] === '1') {
                const binaryNetworkPart = binaryIP.substring(0, maskNum).padEnd(32, '0');
                const networkIPParts = [];
                for (let j = 0; j < 4; j++) {
                    const octet = binaryNetworkPart.substring(j * 8, (j + 1) * 8);
                    networkIPParts.push(parseInt(octet, 2));
                }
                const suggestedIP = networkIPParts.join('.');
                return { valid: false, suggestion: `${suggestedIP}/${mask}` };
            }
        }
        return { valid: true, suggestion: null };
    },
    resetForm(formName) {
      this.$refs[formName].resetFields();
    },
@@ -666,6 +777,18 @@ export default {
    closeDialog() {
      this.user_edit_dialog = false;
      this.activeTab = "general";
    },
    convertBandwidth(bandwidth, fromUnit, toUnit) {
        const units = {
            bps: 1,
            Kbps: 1000,
            Mbps: 1000000,
            Gbps: 1000000000,
            BYTE: 8,
        };
        const result = bandwidth * units[fromUnit] / units[toUnit];
        const fixedResult = result.toFixed(2);
        return parseFloat(fixedResult);
    }
  },
 }
--- a/web/src/pages/set/Other.vue
+++ b/web/src/pages/set/Other.vue
@@ -248,11 +248,14 @@
          <el-form-item label="自定义首页" prop="homeindex">
            <el-input
              type="textarea"
-              :rows="5"
+              :rows="10"
              placeholder="请输入内容"
              v-model="dataOther.homeindex"
            >
            </el-input>
            <el-tooltip content="自定义内容可以参考 home 目录下的文件" placement="top">
              <i class="el-icon-question"></i>
            </el-tooltip>
          </el-form-item>
          <el-form-item label="账户开通邮件" prop="account_mail">
@@ -318,8 +321,7 @@ export default {
          secretKey: "",
        },
        cfcloud: {
-          authEmail: "",
+          authToken: "",
          authKey: "",
        },
      },
      customCert: { cert: "", key: "" },
@@ -399,19 +401,13 @@ export default {
        ],
        cfcloud: [
          {
-            label: "Email",
+            label: "AuthToken",
-            prop: "email",
+            prop: "authToken",
            component: "el-input",
            type: "text",
          },
          {
            label: "AuthKey",
            prop: "authKey",
            component: "el-input",
            type: "password",
            rules: {
              required: true,
-              message: "请输入正确的APIKey",
+              message: "请输入正确的AuthToken",
              trigger: "blur",
            },
          },
@@ -551,12 +547,20 @@ export default {
              });
            break;
          case "letsCert":
            var loading = this.$loading({
              lock: true,
              text: "证书申请中...",
              spinner: "el-icon-loading",
              background: "rgba(0, 0, 0, 0.7)",
            });
            axios.post("/set/other/createcert", this.letsCert).then((resp) => {
              var rdata = resp.data;
              console.log(rdata);
              if (rdata.code === 0) {
                loading.close();
                this.$message.success(rdata.msg);
              } else {
                loading.close();
                this.$message.error(rdata.msg);
              }
            });
Author	SHA1	Message	Date
bjdgyc	edc7a4a4a3	Merge pull request #283 from bjdgyc/dev 修复容器频繁重启的问题	2023-12-26 12:13:03 +08:00
bjdgy	17492d8172	修复容器频繁重启的问题	2023-12-26 11:24:01 +08:00
bjdgyc	65de1a58cf	Merge pull request #282 from bjdgyc/dev 添加问题信息	2023-12-25 15:39:43 +08:00
bjdgyc	dfb25718f7	添加问题信息	2023-12-25 15:38:59 +08:00
bjdgyc	3deda4d77f	Merge pull request #281 from bjdgyc/dev 合并新版	2023-12-25 14:56:58 +08:00
bjdgyc	2af524f87b	Merge pull request #274 from aiminickwong/main 解决电信DNS Let's Encrypt证书刷新缓慢问题	2023-12-25 14:55:14 +08:00
bjdgyc	1b6abeb849	修复 modprobe 报错	2023-12-25 14:47:30 +08:00
bjdgyc	e3b303744b	修复 modprobe 报错	2023-12-25 14:34:21 +08:00
bjdgyc	d3f16eb2ad	修复 modprobe 报错	2023-12-25 14:31:35 +08:00
bjdgyc	64404ea94b	修改readme	2023-12-13 16:50:35 +08:00
bjdgyc	ededfddff4	Merge pull request #278 from lanrenwo/group_ip_list 新增路由设置的编辑模式	2023-12-04 18:38:17 +08:00
lanrenwo	8a3d34b737	优化isValidCIDR函数，解决部分格式检测有误，并给予建议提示。	2023-12-04 18:32:09 +08:00
lanrenwo	7c040e2a0f	过滤文本框内的空行	2023-12-04 13:44:06 +08:00
lanrenwo	3d03f6adb8	解决大量路由导致弹窗卡顿的问题（当点击“路由设置”时，才加载路由）	2023-12-04 13:08:37 +08:00
lanrenwo	5d24eda7fc	不限制路由的数量，并检测CIDR格式的正确性	2023-12-03 22:09:46 +08:00
lanrenwo	ea92857524	新增路由设置的编辑模式	2023-12-02 15:38:18 +08:00
bjdgyc	b521dddb98	Merge pull request #276 from lanrenwo/banner_special_chars 优化处理Banner特殊字符的代码	2023-11-27 10:18:31 +08:00
lanrenwo	2bd94aef2b	优化处理Banner特殊字符的代码	2023-11-20 12:24:44 +08:00
bjdgyc	3879c3a4bc	修复Banner特殊字符	2023-11-15 11:57:12 +08:00
bjdgyc	aa2b89855f	添加 DTLS12-CipherSuite 筛选	2023-11-09 10:52:10 +08:00
bjdgyc	9e1969e3d0	添加 DTLS12-CipherSuite 筛选	2023-11-08 18:07:32 +08:00
bjdgyc	5b1d86282a	fix	2023-11-06 16:51:32 +08:00
bjdgyc	bfc39fe4ea	默认显示错误信息	2023-11-02 15:54:59 +08:00
bjdgyc	9019a5f03a	添加网卡 alias 信息	2023-10-30 13:04:07 +08:00
bjdgyc	38d268e999	添加网卡 alias 信息	2023-10-30 11:46:53 +08:00
bjdgyc	57990d3d2a	添加网卡 alias	2023-10-30 11:38:31 +08:00
bjdgyc	6788a875a2	优化	2023-10-24 17:49:13 +08:00
bjdgyc	a9ad21b3b5	修改dtls加密套件	2023-10-17 16:30:45 +08:00
bjdgyc	43ca09e985	修改dtls加密套件	2023-10-17 16:01:31 +08:00
aiminick	b7da567cee	解决电信DNS Let's Encrypt证书刷新缓慢问题解决电信DNS Let's Encrypt证书刷新缓慢问题，改为阿里DNS后问题改善	2023-10-17 00:54:49 +08:00
bjdgyc	6eea265b15	添加自定义首页	2023-10-11 17:21:26 +08:00
bjdgyc	06c8ee1197	添加自定义首页	2023-10-11 17:20:57 +08:00
bjdgyc	ebc7cc85c0	添加nginx stream示例	2023-10-11 16:00:53 +08:00
bjdgyc	012f636cf7	修改 profile.xml	2023-10-11 10:19:23 +08:00
bjdgyc	4f9cc2074a	Merge remote-tracking branch 'origin/dev' into dev	2023-09-22 16:19:10 +08:00
bjdgyc	bbc5877eb9	修复header	2023-09-22 16:18:38 +08:00
bjdgyc	c6b85c7d66	Merge pull request #270 from lanrenwo/dev 修复logAudit的panic	2023-09-12 08:40:50 +08:00
lanrenwo	8e843d5eae	Update payload_access_audit.go	2023-09-08 21:01:03 +08:00
lanrenwo	7b9be9377f	修复logAudit的panic	2023-09-08 20:33:30 +08:00
bjdgyc	f03264faf3	Merge pull request #268 from shikaiguo/main 修改邮件内容的参数	2023-09-06 15:57:08 +08:00
bjdgyc	b19ff321ad	Merge pull request #267 from lanrenwo/dev 修复sniNewParser的panic	2023-09-06 15:54:22 +08:00
lanrenwo	f6980261d4	logAudit引入recover, 防止主程序崩溃.	2023-09-03 11:18:52 +08:00
lanrenwo	7651b69ed6	删除sniNewParser多余的空格	2023-09-02 10:46:01 +08:00
lanrenwo	2af2d273e4	简化sniNewParser代码	2023-09-02 10:44:47 +08:00
K	ff54abc5d5	增加邮件内容的昵称参数	2023-09-01 22:49:07 +08:00
lanrenwo	a168c96a93	修复sniNewParser的panic	2023-09-01 18:10:20 +08:00
bjdgyc	6127c41aea	修复 panic	2023-09-01 17:55:15 +08:00
bjdgyc	da1d6c6c6d	添加安全的header头	2023-08-25 13:56:04 +08:00
bjdgyc	08de4fe086	添加安全的header头	2023-08-24 16:59:35 +08:00
bjdgyc	7714c2a3e8	debug信息需要鉴权后显示	2023-08-24 14:27:12 +08:00
bjdgyc	78a8b06467	变更qq群	2023-08-17 16:27:12 +08:00
bjdgyc	28ffda2371	修复上传文件漏洞	2023-08-08 15:17:05 +08:00
bjdgyc	c23b120e90	更新	2023-08-08 15:01:15 +08:00
bjdgyc	287355de54	Merge pull request #260 from bjdgyc/dev Dev	2023-08-04 17:52:26 +08:00
bjdgyc	01f90e5bb5	管理用户支持otp	2023-07-24 17:36:03 +08:00
bjdgyc	91a9190379	管理用户支持otp	2023-07-24 17:26:52 +08:00
bjdgyc	0a9fe8f96c	Merge pull request #258 from bjdgyc/dev Dev	2023-07-23 15:45:04 +08:00
bjdgy	254110ebff	修改readme	2023-07-23 15:07:14 +08:00
bjdgyc	9c706a7d0d	升级dtls	2023-07-20 11:14:14 +08:00
bjdgyc	d228e224cd	修改readme	2023-07-17 18:26:45 +08:00
bjdgyc	6e95ea5441	修改server信息	2023-07-14 17:25:43 +08:00
bjdgyc	ce61401304	Merge pull request #247 from bjdgyc/main pull main	2023-06-14 16:47:22 +08:00
bjdgyc	d7d2696790	Merge pull request #246 from lanrenwo/bandwidth_to_mbps 用户组列表-带宽限制的单位从BYTE修改为Mbps	2023-06-14 16:43:17 +08:00
bjdgyc	9a6aaa87e5	Merge pull request #244 from xnow-me/main 强制使用规范的网络路由地址	2023-06-14 16:39:03 +08:00
lanrenwo	e31b5d83d4	用户组列表-带宽限制的单位从BYTE修改为Mbps	2023-06-14 14:30:18 +08:00
lihz	fc2920e140	强制使用规范的网络路由地址	2023-06-13 13:22:00 +08:00
bjdgyc	d36e2fe85a	修改参数比较	2023-06-08 17:09:19 +08:00
bjdgyc	14efb14a9a	修改配置文件报错，停止程序	2023-05-30 15:52:20 +08:00
bjdgyc	92de727db8	Merge pull request #240 from wsczx/dev 修复腾讯云因DNS解析生效时间导致无法成功申请证书的bug	2023-05-15 09:45:40 +08:00
wsczx	c63e4f33d5	申请证书前端添加等待效果，避免无法及时获取后端结果	2023-05-04 23:32:16 +08:00
wsczx	60095fbc9b	优化验证DNS超时时间和轮训间隔，避免申请证书失败	2023-05-04 22:24:53 +08:00
wsczx	fe9b84ce98	修改cf使用authToken的方式申请证书，修复因前后端cf名称不一致导致的指针错误	2023-05-04 19:08:40 +08:00
wsczx	fd5ec7f86a	修复腾讯云因DNS解析生效时间导致无法成功申请证书的bug	2023-05-02 00:38:17 +08:00
bjdgyc	50bc864fdd	添加版本显示	2023-04-26 21:14:40 +08:00
`@@ -1,2 +1,2 @@`
	`客户端软件需放置在files目录内，`	`客户端软件需放置在files目录内，`
	`如需要帮助请加QQ群：567510628`	`如需要帮助请加QQ群：567510628 、739072205`