update-12.17

luci-app-ipsec-server/Makefile

@@ -6,10 +6,10 @@
 include $(TOPDIR)/rules.mk
 
 LUCI_TITLE:=LuCI support for IPSec VPN Server
-LUCI_DEPENDS:=+strongswan +strongswan-minimal +strongswan-mod-kernel-libipsec +strongswan-mod-openssl +strongswan-mod-xauth-generic +xl2tpd +luci-lib-jsonc
+LUCI_DEPENDS:=+strongswan +strongswan-minimal +strongswan-mod-kernel-libipsec +strongswan-mod-openssl +strongswan-mod-xauth-generic +xl2tpd +luci-lib-jsonc +kmod-tun
 LUCI_PKGARCH:=all
 PKG_VERSION:=20211216
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 include $(TOPDIR)/feeds/luci/luci.mk
 

luci-app-ipsec-server/luasrc/controller/ipsec-server.lua

@@ -8,6 +8,7 @@ function index()
     entry({"admin", "vpn", "ipsec-server"}, alias("admin", "vpn", "ipsec-server", "settings"), _("IPSec VPN Server"), 49).dependent = false
     entry({"admin", "vpn", "ipsec-server", "settings"}, cbi("ipsec-server/settings"), _("General Settings"), 10).leaf = true
     entry({"admin", "vpn", "ipsec-server", "users"}, cbi("ipsec-server/users"), _("Users Manager"), 20).leaf = true
+    entry({"admin", "vpn", "ipsec-server", "l2tp_user"}, cbi("ipsec-server/l2tp_user")).leaf = true
     entry({"admin", "vpn", "ipsec-server", "online"}, cbi("ipsec-server/online"), _("L2TP Online Users"), 30).leaf = true
     entry({"admin", "vpn", "ipsec-server", "status"}, call("status")).leaf = true
 end

luci-app-ipsec-server/luasrc/model/cbi/ipsec-server/l2tp_user.lua

@@ -0,0 +1,35 @@
+local d = require "luci.dispatcher"
+local sys = require "luci.sys"
+
+m = Map("luci-app-ipsec-server", "L2TP/IPSec PSK " .. translate("Users Manager"))
+m.redirect = d.build_url("admin", "vpn", "ipsec-server", "users")
+
+if sys.call("command -v xl2tpd > /dev/null") == 0 then
+    s = m:section(NamedSection, arg[1], "l2tp_users", "")
+    s.addremove = false
+    s.anonymous = true
+
+    o = s:option(Flag, "enabled", translate("Enabled"))
+    o.default = 1
+    o.rmempty = false
+
+    o = s:option(Value, "username", translate("Username"))
+    o.placeholder = translate("Username")
+    o.rmempty = false
+
+    o = s:option(Value, "password", translate("Password"))
+    o.placeholder = translate("Password")
+    o.rmempty = false
+
+    o = s:option(Value, "ipaddress", translate("IP address"))
+    o.placeholder = translate("Automatically")
+    o.datatype = "ip4addr"
+    o.rmempty = true
+
+    o = s:option(DynamicList, "routes", translate("Static Routes"))
+    o.placeholder = "192.168.10.0/24"
+    o.datatype = "ipmask4"
+    o.rmempty = true
+end
+
+return m

luci-app-ipsec-server/luasrc/model/cbi/ipsec-server/users.lua

@@ -1,3 +1,4 @@
+local d = require "luci.dispatcher"
 local sys = require "luci.sys"
 
 m = Map("luci-app-ipsec-server")
@@ -9,14 +10,16 @@ s.anonymous = true
 s.template = "cbi/tblsection"
 
 o = s:option(Flag, "enabled", translate("Enabled"))
+o.default = 1
 o.rmempty = false
 
-o = s:option(Value, "username", translate("User name"))
-o.placeholder = translate("User name")
-o.rmempty = true
+o = s:option(Value, "username", translate("Username"))
+o.placeholder = translate("Username")
+o.rmempty = false
 
 o = s:option(Value, "password", translate("Password"))
-o.rmempty = true
+o.placeholder = translate("Password")
+o.rmempty = false
 
 if sys.call("command -v xl2tpd > /dev/null") == 0 then
     s = m:section(TypedSection, "l2tp_users", "L2TP/IPSec PSK " .. translate("Users Manager"))
@@ -24,16 +27,23 @@ if sys.call("command -v xl2tpd > /dev/null") == 0 then
     s.addremove = true
     s.anonymous = true
     s.template = "cbi/tblsection"
+    s.extedit = d.build_url("admin", "vpn", "ipsec-server", "l2tp_user", "%s")
+    function s.create(e, t)
+        t = TypedSection.create(e, t)
+        luci.http.redirect(e.extedit:format(t))
+    end
 
     o = s:option(Flag, "enabled", translate("Enabled"))
+    o.default = 1
     o.rmempty = false
 
-    o = s:option(Value, "username", translate("User name"))
-    o.placeholder = translate("User name")
-    o.rmempty = true
+    o = s:option(Value, "username", translate("Username"))
+    o.placeholder = translate("Username")
+    o.rmempty = false
 
     o = s:option(Value, "password", translate("Password"))
-    o.rmempty = true
+    o.placeholder = translate("Password")
+    o.rmempty = false
 
     o = s:option(Value, "ipaddress", translate("IP address"))
     o.placeholder = translate("Automatically")

luci-app-ipsec-server/po/zh-cn/ipsec.po

@@ -13,11 +13,8 @@ msgstr "当前状态"
 msgid "General settings"
 msgstr "基本设置"
 
-msgid "Online Users"
-msgstr "在线用户"
-
-msgid "L2TP Online Users"
-msgstr "L2TP 在线用户"
+msgid "Enabled"
+msgstr "启用"
 
 msgid "VPN Client IP"
 msgstr "VPN客户端地址段"
@@ -37,6 +34,42 @@ msgstr "VPN客户端获取IP范围，例如：192.168.101.10-20"
 msgid "L2TP/IPSec is not compatible with kernel-libipsec, which will disable this module."
 msgstr "L2TP/IPSec不兼容kernel-libipsec，开启将会禁用此模块。"
 
+msgid "Users Manager"
+msgstr "用户管理"
+
+msgid "Username"
+msgstr "用户名"
+
+msgid "Password"
+msgstr "密码"
+
+msgid "IP address"
+msgstr "IP 地址"
+
+msgid "Automatically"
+msgstr "自动分配"
+
+msgid "Online Users"
+msgstr "在线用户"
+
+msgid "L2TP Online Users"
+msgstr "L2TP 在线用户"
+
+msgid "Login Time"
+msgstr "登录时间"
+
+msgid "Blacklist"
+msgstr "黑名单"
+
+msgid "Add to Blacklist"
+msgstr "加入黑名单"
+
+msgid "Remove from Blacklist"
+msgstr "移出黑名单"
+
+msgid "Forced offline"
+msgstr "强制下线"
+
 msgid "NOT RUNNING"
 msgstr "未运行"
 

luci-app-ipsec-server/root/etc/init.d/luci-app-ipsec-server

@@ -135,7 +135,9 @@ start() {
 		local l2tp_users=$(get_enabled_anonymous_secs "@l2tp_users")
 		[ -n "$l2tp_users" ] && {
 			for user in $l2tp_users; do
-				eval $(uci -q show "${CONFIG}.${user}" | cut -d'.' -sf 3-)
+				for i in $(uci -q show "${CONFIG}.${user}" | cut -d '.' -sf 3- | cut -d '=' -sf 1); do
+					eval $i=\"$(uci -q get "${CONFIG}.${user}".$i)\"
+				done
 				[ "$enabled" -eq 1 ] || return 0
 				[ -n "$username" ] || return 0
 				[ -n "$password" ] || return 0
@@ -203,7 +205,9 @@ start() {
 	local ipsec_users=$(get_enabled_anonymous_secs "@ipsec_users")
 	[ -n "$ipsec_users" ] && {
 		for user in $ipsec_users; do
-			eval $(uci -q show "${CONFIG}.${user}" | cut -d'.' -sf 3-)
+			for i in $(uci -q show "${CONFIG}.${user}" | cut -d '.' -sf 3- | cut -d '=' -sf 1); do
+				eval $i=\"$(uci -q get "${CONFIG}.${user}".$i)\"
+			done
 			[ "$enabled" -eq 1 ] || return 0
 			[ -n "$username" ] || return 0
 			[ -n "$password" ] || return 0

luci-app-ipsec-server/root/usr/share/xl2tpd/ip-down

@@ -1,6 +1,9 @@
 #!/bin/sh
 
 _LOGOUT_TIME="$(date "+%Y-%m-%d %H:%M:%S")"
+CONFIG="luci-app-ipsec-server"
+L2TP_PATH=/var/etc/xl2tpd
+L2TP_SESSION_PATH=${L2TP_PATH}/session
 
 _USERNAME=${PEERNAME}
 _IFACE=${1}
@@ -13,7 +16,7 @@ _BYTES_SENT=${BYTES_SENT}
 _BYTES_RCVD=${BYTES_RCVD}
 _CONNECT_TIME=${CONNECT_TIME}
 
-rm -f /var/etc/xl2tpd/session/${_USERNAME}.${_IFACE}
+rm -f ${L2TP_SESSION_PATH}/${_USERNAME}.${_IFACE}
 rm -f /var/run/${_IFACE}.pid
 
 #可根据退出的账号自定义脚本，如静态路由表，组网等。

luci-app-ipsec-server/root/usr/share/xl2tpd/ip-up

@@ -1,6 +1,9 @@
 #!/bin/sh
 
 _LOGIN_TIME="$(date "+%Y-%m-%d %H:%M:%S")"
+CONFIG="luci-app-ipsec-server"
+L2TP_PATH=/var/etc/xl2tpd
+L2TP_SESSION_PATH=${L2TP_PATH}/session
 
 _USERNAME=${PEERNAME}
 _IFACE=${1}
@@ -12,9 +15,9 @@ _PEERIP=${5}
 _PID=$(cat /var/run/${_IFACE}.pid 2>/dev/null)
 _REMOTEIP=$(cat /var/etc/xl2tpd/xl2tpd.log 2>/dev/null | grep "PID: ${_PID}" | grep -o -E '([0-9]{1,3}[\.]){3}[0-9]{1,3}')
 
-mkdir -p /var/etc/xl2tpd/session
+mkdir -p ${L2TP_SESSION_PATH}
 
-cat <<-EOF > /var/etc/xl2tpd/session/${_USERNAME}.${_IFACE}
+cat <<-EOF > ${L2TP_SESSION_PATH}/${_USERNAME}.${_IFACE}
 	{
 	    "username": "${_USERNAME}",
 	    "interface": "${_IFACE}",
@@ -27,25 +30,27 @@ cat <<-EOF > /var/etc/xl2tpd/session/${_USERNAME}.${_IFACE}
 	}
 EOF
 
-#如果给用户绑定了IP地址，仅只能单用户。
-cfgid=$(uci show luci-app-ipsec-server | grep "@l2tp_users" | grep "\.username='${_USERNAME}'" | cut -d '.' -sf 2)
+#只能单用户使用
+cfgid=$(uci show ${CONFIG} | grep "@l2tp_users" | grep "\.username='${_USERNAME}'" | cut -d '.' -sf 2)
 [ -n "$cfgid" ] && {
-	
-	ip=$(uci -q get luci-app-ipsec-server.${cfgid}.ipaddress)
-	[ -n "$ip" ] && {
-		HAS_LOGIN=$(ls /var/etc/xl2tpd/session | grep "^${_USERNAME}\.ppp" | grep -v "${_IFACE}")
-		[ -n "$HAS_LOGIN" ] && {
-			#踢出之前的用户
-			KO_IFACE=$(echo $HAS_LOGIN | awk -F '.' '{print $2}')
-			KO_PID=$(cat /var/run/${KO_IFACE}.pid 2>/dev/null)
-			[ -n "$KO_PID" ] && kill -9 ${KO_PID} >/dev/null 2>&1
-			rm -f /var/etc/xl2tpd/session/${HAS_LOGIN}
-			rm -f /var/run/${KO_IFACE}.pid
-		}
+	HAS_LOGIN=$(ls ${L2TP_SESSION_PATH} | grep "^${_USERNAME}\.ppp" | grep -v "${_IFACE}")
+	[ -n "$HAS_LOGIN" ] && {
+		#踢出之前的用户
+		KO_IFACE=$(echo $HAS_LOGIN | awk -F '.' '{print $2}')
+		KO_PID=$(cat /var/run/${KO_IFACE}.pid 2>/dev/null)
+		[ -n "$KO_PID" ] && kill -9 ${KO_PID} >/dev/null 2>&1
+		rm -f ${L2TP_SESSION_PATH}/${HAS_LOGIN}
+		rm -f /var/run/${KO_IFACE}.pid
+	}
+	routes=$(uci -q get ${CONFIG}.${cfgid}.routes)
+	[ -n "$routes" ] && {
+		for router in ${routes}; do
+			route add -net ${router} dev ${_IFACE} >/dev/null 2>&1
+		done
 	}
 }
 
-#可根据登录的账号自定义脚本，如静态路由表，组网等。
+#可根据登录的账号自定义脚本，如组网、日志、限速、权限等特殊待遇。
 SCRIPT="/usr/share/xl2tpd/ip-up.d/${_USERNAME}"
 [ -s "$SCRIPT" ] && {
 	[ ! -x "$SCRIPT" ] && chmod 0755 "$SCRIPT"

luci-app-pptp-server/Makefile

@@ -9,7 +9,7 @@ LUCI_TITLE:=LuCI support for PPTP VPN Server
 LUCI_DEPENDS:=+pptpd +kmod-mppe +ppp +luci-lib-jsonc
 LUCI_PKGARCH:=all
 PKG_VERSION:=20211216
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 include $(TOPDIR)/feeds/luci/luci.mk
 

luci-app-pptp-server/luasrc/controller/pptpd.lua

@@ -5,14 +5,11 @@ function index()
     if not nixio.fs.access("/etc/config/luci-app-pptp-server") then return end
 
     entry({"admin", "vpn"}, firstchild(), "VPN", 45).dependent = false
-    entry({"admin", "vpn", "pptpd"}, alias("admin", "vpn", "pptpd", "settings"),
-          _("PPTP VPN Server"), 48)
-    entry({"admin", "vpn", "pptpd", "settings"}, cbi("pptpd/settings"),
-          _("General Settings"), 10).leaf = true
-    entry({"admin", "vpn", "pptpd", "users"}, cbi("pptpd/users"),
-          _("Users Manager"), 20).leaf = true
-    entry({"admin", "vpn", "pptpd", "online"}, cbi("pptpd/online"),
-          _("Online Users"), 30).leaf = true
+    entry({"admin", "vpn", "pptpd"}, alias("admin", "vpn", "pptpd", "settings"), _("PPTP VPN Server"), 48)
+    entry({"admin", "vpn", "pptpd", "settings"}, cbi("pptpd/settings"), _("General Settings"), 10).leaf = true
+    entry({"admin", "vpn", "pptpd", "users"}, cbi("pptpd/users"),  _("Users Manager"), 20).leaf = true
+    entry({"admin", "vpn", "pptpd", "user"}, cbi("pptpd/user")).leaf = true
+    entry({"admin", "vpn", "pptpd", "online"}, cbi("pptpd/online"), _("Online Users"), 30).leaf = true
     entry({"admin", "vpn", "pptpd", "status"}, call("status")).leaf = true
 end
 

luci-app-pptp-server/luasrc/model/cbi/pptpd/settings.lua

@@ -13,7 +13,7 @@ o = s:option(DummyValue, "pptpd_status", translate("Current Condition"))
 o.template = "pptpd/status"
 o.value = translate("Collecting data...")
 
-o = s:option(Flag, "enabled", translate("Enable VPN Server"))
+o = s:option(Flag, "enabled", translate("Enabled"))
 o.rmempty = false
 
 o = s:option(Value, "localip", translate("Server IP"), translate("VPN Server IP address, it not required."))

luci-app-pptp-server/luasrc/model/cbi/pptpd/user.lua

@@ -0,0 +1,32 @@
+local d = require "luci.dispatcher"
+
+m = Map("luci-app-pptp-server", translate("Users Manager"))
+m.redirect = d.build_url("admin", "vpn", "pptpd", "users")
+
+s = m:section(NamedSection, arg[1], "users", "")
+s.addremove = false
+s.anonymous = true
+
+o = s:option(Flag, "enabled", translate("Enabled"))
+o.default = 1
+o.rmempty = false
+
+o = s:option(Value, "username", translate("Username"))
+o.placeholder = translate("Username")
+o.rmempty = false
+
+o = s:option(Value, "password", translate("Password"))
+o.placeholder = translate("Password")
+o.rmempty = false
+
+o = s:option(Value, "ipaddress", translate("IP address"))
+o.placeholder = translate("Automatically")
+o.datatype = "ip4addr"
+o.rmempty = true
+
+o = s:option(DynamicList, "routes", translate("Static Routes"))
+o.placeholder = "192.168.10.0/24"
+o.datatype = "ipmask4"
+o.rmempty = true
+
+return m

luci-app-pptp-server/luasrc/model/cbi/pptpd/users.lua

@@ -1,3 +1,5 @@
+local d = require "luci.dispatcher"
+
 m = Map("luci-app-pptp-server", translate("PPTP VPN Server"))
 m.description = translate("Simple, quick and convenient PPTP VPN, universal across the platform")
 
@@ -5,20 +7,27 @@ s = m:section(TypedSection, "users", translate("Users Manager"))
 s.addremove = true
 s.anonymous = true
 s.template = "cbi/tblsection"
+s.extedit = d.build_url("admin", "vpn", "pptpd", "user", "%s")
+function s.create(e, t)
+    t = TypedSection.create(e, t)
+    luci.http.redirect(e.extedit:format(t))
+end
 
 o = s:option(Flag, "enabled", translate("Enabled"))
+o.default = 1
 o.rmempty = false
 
-o = s:option(Value, "username", translate("User name"))
-o.placeholder = translate("User name")
-o.rmempty = true
+o = s:option(Value, "username", translate("Username"))
+o.placeholder = translate("Username")
+o.rmempty = false
 
 o = s:option(Value, "password", translate("Password"))
-o.rmempty = true
+o.placeholder = translate("Password")
+o.rmempty = false
 
 o = s:option(Value, "ipaddress", translate("IP address"))
 o.placeholder = translate("Automatically")
-o.datatype = "ipaddr"
+o.datatype = "ip4addr"
 o.rmempty = true
 
 return m

luci-app-pptp-server/po/zh-cn/pptpd.po

@@ -4,17 +4,14 @@ msgstr "PPTP VPN 服务器"
 msgid "Simple, quick and convenient PPTP VPN, universal across the platform"
 msgstr "简单快捷方便的PPTP VPN，全平台通用。"
 
-msgid "PPTP VPN Server status"
-msgstr "PPTP VPN 服务器运行状态"
-
 msgid "Current Condition"
 msgstr "当前状态"
 
 msgid "General settings"
 msgstr "基本设置"
 
-msgid "Enable VPN Server"
-msgstr "启用 VPN 服务器"
+msgid "Enabled"
+msgstr "启用"
 
 msgid "Server IP"
 msgstr "服务器 IP 地址"
@@ -28,34 +25,16 @@ msgstr "客户端 IP 地址"
 msgid "VPN Client IP address, it not required."
 msgstr "分配给客户端的 IP 地址范围，留空将自动设置。"
 
-msgid "DNS IP address"
-msgstr "DNS IP 地址"
-
-msgid "This will be sent to the client, it not required."
-msgstr "设置 VPN 服务器默认 DNS 服务器，该设置非必须。"
-
 msgid "Enable MPPE Encryption"
 msgstr "启用MPPE 加密"
 
 msgid "Allows 128-bit encrypted connection."
 msgstr "允许使用 128 位加密连接。"
 
-msgid "is_nat"
-msgstr "NAT转发"
-
-msgid "Interface"
-msgstr "接口"
-
-msgid "Specify interface forwarding traffic."
-msgstr "指定接口转发流量。"
-
 msgid "Users Manager"
 msgstr "用户管理"
 
-msgid "Enabled"
-msgstr "启用"
-
-msgid "User name"
+msgid "Username"
 msgstr "用户名"
 
 msgid "Password"

luci-app-pptp-server/root/etc/init.d/luci-app-pptp-server

@@ -88,7 +88,9 @@ start() {
 	local pptp_users=$(get_enabled_anonymous_secs "@users")
 	[ -n "$pptp_users" ] && {
 		for user in $pptp_users; do
-			eval $(uci -q show "${CONFIG}.${user}" | cut -d'.' -sf 3-)
+			for i in $(uci -q show "${CONFIG}.${user}" | cut -d '.' -sf 3- | cut -d '=' -sf 1); do
+				eval $i=\"$(uci -q get "${CONFIG}.${user}".$i)\"
+			done
 			[ "$enabled" -eq 1 ] || return 0
 			[ -n "$username" ] || return 0
 			[ -n "$password" ] || return 0

luci-app-pptp-server/root/usr/share/pptpd/ip-down

@@ -1,6 +1,9 @@
 #!/bin/sh
 
 _LOGOUT_TIME="$(date "+%Y-%m-%d %H:%M:%S")"
+CONFIG="luci-app-pptp-server"
+PPTP_PATH=/var/etc/pptpd
+PPTP_SESSION_PATH=${PPTP_PATH}/session
 
 _USERNAME=${PEERNAME}
 _IFACE=${1}
@@ -13,7 +16,7 @@ _BYTES_SENT=${BYTES_SENT}
 _BYTES_RCVD=${BYTES_RCVD}
 _CONNECT_TIME=${CONNECT_TIME}
 
-rm -f /var/etc/pptpd/session/${_USERNAME}.${_IFACE}
+rm -f ${PPTP_SESSION_PATH}/${_USERNAME}.${_IFACE}
 rm -f /var/run/${_IFACE}.pid
 
 #可根据退出的账号自定义脚本，如静态路由表，组网等。

luci-app-pptp-server/root/usr/share/pptpd/ip-up

@@ -1,6 +1,9 @@
 #!/bin/sh
 
 _LOGIN_TIME="$(date "+%Y-%m-%d %H:%M:%S")"
+CONFIG="luci-app-pptp-server"
+PPTP_PATH=/var/etc/pptpd
+PPTP_SESSION_PATH=${PPTP_PATH}/session
 
 _USERNAME=${PEERNAME}
 _IFACE=${1}
@@ -12,9 +15,9 @@ _REMOTEIP=${6}
 
 _PID="$(cat /var/run/${_IFACE}.pid 2>/dev/null)"
 
-mkdir -p /var/etc/pptpd/session
+mkdir -p ${PPTP_SESSION_PATH}
 
-cat <<-EOF > /var/etc/pptpd/session/${_USERNAME}.${_IFACE}
+cat <<-EOF > ${PPTP_SESSION_PATH}/${_USERNAME}.${_IFACE}
 	{
 	    "username": "${_USERNAME}",
 	    "interface": "${_IFACE}",
@@ -27,24 +30,27 @@ cat <<-EOF > /var/etc/pptpd/session/${_USERNAME}.${_IFACE}
 	}
 EOF
 
-#如果给用户绑定了IP地址，仅只能单用户。
-cfgid=$(uci show luci-app-pptp-server | grep "\.username='${_USERNAME}'" | cut -d '.' -sf 2)
+#只能单用户使用
+cfgid=$(uci show ${CONFIG} | grep "@users" | grep "\.username='${_USERNAME}'" | cut -d '.' -sf 2)
 [ -n "$cfgid" ] && {
-	ip=$(uci -q get luci-app-pptp-server.${cfgid}.ipaddress)
-	[ -n "$ip" ] && {
-		HAS_LOGIN=$(ls /var/etc/pptpd/session | grep "^${_USERNAME}\.ppp" | grep -v "${_IFACE}")
-		[ -n "$HAS_LOGIN" ] && {
-			#踢出之前的用户
-			KO_IFACE=$(echo $HAS_LOGIN | awk -F '.' '{print $2}')
-			KO_PID=$(cat /var/run/${KO_IFACE}.pid 2>/dev/null)
-			[ -n "$KO_PID" ] && kill -9 ${KO_PID} >/dev/null 2>&1
-			rm -f /var/etc/pptpd/session/${HAS_LOGIN}
-			rm -f /var/run/${KO_IFACE}.pid
-		}
+	HAS_LOGIN=$(ls ${PPTP_SESSION_PATH} | grep "^${_USERNAME}\.ppp" | grep -v "${_IFACE}")
+	[ -n "$HAS_LOGIN" ] && {
+		#踢出之前的用户
+		KO_IFACE=$(echo $HAS_LOGIN | awk -F '.' '{print $2}')
+		KO_PID=$(cat /var/run/${KO_IFACE}.pid 2>/dev/null)
+		[ -n "$KO_PID" ] && kill -9 ${KO_PID} >/dev/null 2>&1
+		rm -f ${PPTP_SESSION_PATH}/${HAS_LOGIN}
+		rm -f /var/run/${KO_IFACE}.pid
+	}
+	routes=$(uci -q get ${CONFIG}.${cfgid}.routes)
+	[ -n "$routes" ] && {
+		for router in ${routes}; do
+			route add -net ${router} dev ${_IFACE} >/dev/null 2>&1
+		done
 	}
 }
 
-#可根据登录的账号自定义脚本，如静态路由表，组网等。
+#可根据登录的账号自定义脚本，如组网、日志、限速、权限等特殊待遇。
 SCRIPT="/usr/share/pptpd/ip-up.d/${_USERNAME}"
 [ -s "$SCRIPT" ] && {
 	[ ! -x "$SCRIPT" ] && chmod 0755 "$SCRIPT"