diff --git a/Makefile b/Makefile
index c8cac51..e891ee7 100644
--- a/Makefile
+++ b/Makefile
@@ -9,19 +9,19 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openwrt-ssr
-PKG_VERSION:=1.2.1
-#PKG_RELEASE:=1
+PKG_VERSION:=3.0.8
+PKG_RELEASE:=3
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://github.com/ywb94/shadowsocks-libev
-PKG_SOURCE_VERSION:=11db1d5e48f539855ea1a66947eba9bb9bc82150
+PKG_SOURCE_URL:=https://github.com/shadowsocksrr/shadowsocksr-libev.git
+PKG_SOURCE_VERSION:=d4904568c0bd7e0861c0cbfeaa43740f404db214
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 
 PKG_LICENSE:=GPLv3
 PKG_LICENSE_FILES:=LICENSE
-PKG_MAINTAINER:=yushi studio <ywb94@qq.com>
+PKG_MAINTAINER:=Akkariiin
 
 #PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
@@ -38,7 +38,7 @@ define Package/openwrt-ssr/Default
 	CATEGORY:=LuCI
 	SUBMENU:=3. Applications
 	TITLE:=shadowsocksR-libev LuCI interface
-	URL:=https://github.com/ywb94/openwrt-ssr
+	URL:=https://github.com/lededev/openwrt-ssr
 	VARIANT:=$(1)
 	DEPENDS:=$(3)	
 	PKGARCH:=all
@@ -152,16 +152,18 @@ define Install/common
 	$(INSTALL_DATA) ./files/shadowsocksr.config $(1)/etc/config/shadowsocksr
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/shadowsocksr.init $(1)/etc/init.d/shadowsocksr
+	$(INSTALL_DIR) $(1)/usr/share/rpcd/acl.d
+	$(INSTALL_DATA) ./files/root/usr/share/rpcd/acl.d/luci-app-shadowsocksr.json $(1)/usr/share/rpcd/acl.d/luci-app-shadowsocksr.json
 endef
 
 define Package/openwrt-ssr/install
 	$(call Install/common,$(1))
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-redir $(1)/usr/bin/ssr-redir
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-tunnel $(1)/usr/bin/ssr-tunnel
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-local $(1)/usr/bin/ssr-local	
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-server $(1)/usr/bin/ssr-server		
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-check $(1)/usr/bin/ssr-check
+	$(LN) /usr/bin/ssr-local $(1)/usr/bin/ssr-tunnel
+	#$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-server $(1)/usr/bin/ssr-server		
+	#$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-check $(1)/usr/bin/ssr-check
 	$(INSTALL_BIN) ./files/shadowsocksr.rule $(1)/usr/bin/ssr-rules
 	$(INSTALL_BIN) ./files/shadowsocksr.monitor $(1)/usr/bin/ssr-monitor
 	$(INSTALL_BIN) ./files/shadowsocksr.switch $(1)/usr/bin/ssr-switch
@@ -175,9 +177,9 @@ define Package/luci-app-shadowsocksR-Client/install
 	$(call Install/common,$(1))
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-redir $(1)/usr/bin/ssr-redir
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-tunnel $(1)/usr/bin/ssr-tunnel	
+	#$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-tunnel $(1)/usr/bin/ssr-tunnel	
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-local $(1)/usr/bin/ssr-local
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-check $(1)/usr/bin/ssr-check
+	#$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-check $(1)/usr/bin/ssr-check
 	$(INSTALL_BIN) ./files/shadowsocksr.rule $(1)/usr/bin/ssr-rules
 	$(INSTALL_BIN) ./files/shadowsocksr.monitor $(1)/usr/bin/ssr-monitor
 	$(INSTALL_BIN) ./files/shadowsocksr.switch $(1)/usr/bin/ssr-switch
@@ -197,10 +199,10 @@ define Package/luci-app-shadowsocksR-GFW/install
 	$(call Install/common,$(1))
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-redir $(1)/usr/bin/ssr-redir
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-tunnel $(1)/usr/bin/ssr-tunnel
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-local $(1)/usr/bin/ssr-local	
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-server $(1)/usr/bin/ssr-server		
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-check $(1)/usr/bin/ssr-check
+	$(LN) /usr/bin/ssr-local $(1)/usr/bin/ssr-tunnel
+	#$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-server $(1)/usr/bin/ssr-server		
+	#$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/ss-check $(1)/usr/bin/ssr-check
 	$(INSTALL_BIN) ./files/shadowsocksr.rule $(1)/usr/bin/ssr-rules
 	$(INSTALL_BIN) ./files/shadowsocksr.monitor $(1)/usr/bin/ssr-monitor
 	$(INSTALL_BIN) ./files/shadowsocksr.gfw $(1)/usr/bin/ssr-gfw
diff --git a/README.md b/README.md
index 2c84a02..a3ced18 100644
--- a/README.md
+++ b/README.md
@@ -26,6 +26,8 @@ ShadowsocksR-libev for OpenWrt
 
 客户端兼容运行SS或SSR的服务器，使用SS服务器时，传输协议需设置为origin，混淆插件需设置为plain
 
+支持 ssr:// url格式导入和导出服务器配置信息
+
 运行模式介绍
 ---
 【IP路由模式】
@@ -149,6 +151,7 @@ GFW版本支持IP路由模式和GFW列表模式，需卸载原有的dnsmasq，
    password       | 字符串     | 服务端设置的密码
    encrypt_method | 字符串     | 加密方式, [详情参考][2]
    protocol       | 字符串     | 传输协议，默认"origin"[详情参考][3]
+   protocol_param | 字符串     | 传输协议插件参数(可选)
    obfs           | 字符串     | 混淆插件，默认"plain" [详情参考][3]
    obfs_param     | 字符串     | 混淆插件参数 [详情参考][3]
    fast_open      | 布尔型     | TCP快速打开 [详情参考][3]
diff --git a/files/luci/i18n/shadowsocksr.zh-cn.lmo b/files/luci/i18n/shadowsocksr.zh-cn.lmo
index 3878244..20f57d0 100644
Binary files a/files/luci/i18n/shadowsocksr.zh-cn.lmo and b/files/luci/i18n/shadowsocksr.zh-cn.lmo differ
diff --git a/files/luci/i18n/shadowsocksr.zh-cn.po b/files/luci/i18n/shadowsocksr.zh-cn.po
index ef67fab..1c1399a 100644
--- a/files/luci/i18n/shadowsocksr.zh-cn.po
+++ b/files/luci/i18n/shadowsocksr.zh-cn.po
@@ -61,6 +61,9 @@ msgstr "加密方式"
 msgid "Protocol"
 msgstr "传输协议"
 
+msgid "Protocol param(optional)"
+msgstr "传输协议参数（可选）"
+
 msgid "Obfs"
 msgstr "混淆插件"
 
@@ -322,3 +325,27 @@ msgstr "使用DNS隧道"
 
 msgid "Use Pdnsd"
 msgstr "使用Pdnsd"
+
+msgid "Import SSR"
+msgstr "导入ssr配置信息"
+
+msgid "Export SSR"
+msgstr "导出ssr配置信息"
+
+msgid "Import SSR successfully."
+msgstr "成功导入SSR。"
+
+msgid "Invalid SSR format."
+msgstr "无效的SSR格式。"
+
+msgid "User cancelled."
+msgstr "用户已取消。"
+
+msgid "Paste ssr url here"
+msgstr "在此处粘贴ssr://网址"
+
+msgid "Unable to copy SSR to clipboard."
+msgstr "无法复制SSR网址到剪贴板。"
+
+msgid "Copy SSR to clipboard successfully."
+msgstr "成功复制SSR网址到剪贴板。"
diff --git a/files/luci/model/cbi/shadowsocksr/client-config.lua b/files/luci/model/cbi/shadowsocksr/client-config.lua
index 5298d1f..eb1ef32 100644
--- a/files/luci/model/cbi/shadowsocksr/client-config.lua
+++ b/files/luci/model/cbi/shadowsocksr/client-config.lua
@@ -20,12 +20,12 @@ end
 
 
 local server_table = {}
-local arp_table = luci.sys.net.arptable() or {}
 local encrypt_methods = {
+	"none",
 	"table",
 	"rc4",
-	"rc4-md5",
 	"rc4-md5-6",
+	"rc4-md5",
 	"aes-128-cfb",
 	"aes-192-cfb",
 	"aes-256-cfb",
@@ -48,20 +48,23 @@ local encrypt_methods = {
 
 local protocol = {
 	"origin",
-	"verify_simple",
-	"verify_sha1",		
-	"auth_sha1",
-	"auth_sha1_v2",
+	"verify_deflate",
 	"auth_sha1_v4",
 	"auth_aes128_sha1",
 	"auth_aes128_md5",
+	"auth_chain_a",
+	"auth_chain_b",
+	"auth_chain_c",
+	"auth_chain_d",
+	"auth_chain_e",
+	"auth_chain_f",
 }
 
 obfs = {
 	"plain",
 	"http_simple",
 	"http_post",
-	"tls_simple",	
+	"random_head",
 	"tls1.2_ticket_auth",
 }
 
@@ -115,6 +118,7 @@ o = s:option(ListValue, "protocol", translate("Protocol"))
 for _, v in ipairs(protocol) do o:value(v) end
 o.rmempty = false
 
+o = s:option(Value, "protocol_param", translate("Protocol param(optional)"))
 
 o = s:option(ListValue, "obfs", translate("Obfs"))
 for _, v in ipairs(obfs) do o:value(v) end
@@ -153,4 +157,9 @@ o = s:option(Value, "kcp_param", translate("KcpTun Param"))
 o.default = "--nocomp"
 
 
+o = s:option(DummyValue,"ssr_url","SSR URL") 
+o.rawhtml  = true
+o.template = "shadowsocksr/ssrurl"
+o.value =sid
+
 return m
diff --git a/files/luci/model/cbi/shadowsocksr/client.lua b/files/luci/model/cbi/shadowsocksr/client.lua
index 3dd2f33..fec3255 100644
--- a/files/luci/model/cbi/shadowsocksr/client.lua
+++ b/files/luci/model/cbi/shadowsocksr/client.lua
@@ -23,12 +23,12 @@ end
 m = Map(shadowsocksr, translate("ShadowSocksR Client"))
 
 local server_table = {}
-local arp_table = luci.sys.net.arptable() or {}
 local encrypt_methods = {
+	"none",
 	"table",
 	"rc4",
-	"rc4-md5",
 	"rc4-md5-6",
+	"rc4-md5",
 	"aes-128-cfb",
 	"aes-192-cfb",
 	"aes-256-cfb",
@@ -51,20 +51,23 @@ local encrypt_methods = {
 
 local protocol = {
 	"origin",
-	"verify_simple",
-	"verify_sha1",		
-	"auth_sha1",
-	"auth_sha1_v2",
+	"verify_deflate",		
 	"auth_sha1_v4",
 	"auth_aes128_sha1",
 	"auth_aes128_md5",
+	"auth_chain_a",
+	"auth_chain_b",
+	"auth_chain_c",
+	"auth_chain_d",
+	"auth_chain_e",
+	"auth_chain_f",
 }
 
 obfs = {
 	"plain",
 	"http_simple",
 	"http_post",
-	"tls_simple",	
+	"random_head",	
 	"tls1.2_ticket_auth",
 }
 
@@ -201,6 +204,10 @@ o = s:option(Value, "tunnel_forward", translate("DNS Server IP and Port"))
 o.default = "8.8.4.4:53"
 o.rmempty = false
 
+o = s:option(Value, "mtu_value", "MTU")
+o.default = "1492"
+o.rmempty = false
+
 -- [[ SOCKS5 Proxy ]]--
 s = m:section(TypedSection, "socks5_proxy", translate("SOCKS5 Proxy"))
 s.anonymous = true
@@ -253,6 +260,9 @@ o.rmempty = false
 
 o = s:taboption("lan_ac", DynamicList, "lan_ac_ips", translate("LAN Host List"))
 o.datatype = "ipaddr"
-for _, v in ipairs(arp_table) do o:value(v["IP address"]) end
-
+luci.ip.neighbors({ family = 4 }, function(entry)
+       if entry.reachable then
+               o:value(entry.dest:string())
+       end
+end)
 return m
diff --git a/files/luci/model/cbi/shadowsocksr/server-config.lua b/files/luci/model/cbi/shadowsocksr/server-config.lua
index eb25e9c..cf263b5 100644
--- a/files/luci/model/cbi/shadowsocksr/server-config.lua
+++ b/files/luci/model/cbi/shadowsocksr/server-config.lua
@@ -32,15 +32,20 @@ local encrypt_methods = {
 
 local protocol = {
 	"origin",
-	"verify_simple",
-	"verify_sha1",		
+	"verify_deflate",
+	"auth_sha1_v4",
+	"auth_aes128_sha1",
+	"auth_aes128_md5",
+	"auth_chain_a",
 }
 
 obfs = {
 	"plain",
 	"http_simple",
 	"http_post",
+	"random_head",
 	"tls1.2_ticket_auth",
+	"tls1.2_ticket_fastauth",
 }
 
 m = Map(shadowsocksr, translate("Edit ShadowSocksR Server"))
diff --git a/files/luci/model/cbi/shadowsocksr/server.lua b/files/luci/model/cbi/shadowsocksr/server.lua
index 9a6ea28..2157a75 100644
--- a/files/luci/model/cbi/shadowsocksr/server.lua
+++ b/files/luci/model/cbi/shadowsocksr/server.lua
@@ -36,15 +36,20 @@ local encrypt_methods = {
 
 local protocol = {
 	"origin",
-	"verify_simple",
-	"verify_sha1",		
+	"verify_deflate",
+	"auth_sha1_v4",
+	"auth_aes128_sha1",
+	"auth_aes128_md5",
+	"auth_chain_a",
 }
 
 obfs = {
 	"plain",
 	"http_simple",
 	"http_post",
+	"random_head",
 	"tls1.2_ticket_auth",
+	"tls1.2_ticket_fastauth",
 }
 
 
diff --git a/files/luci/model/cbi/shadowsocksr/status.lua b/files/luci/model/cbi/shadowsocksr/status.lua
index 1b147e6..c54a37d 100644
--- a/files/luci/model/cbi/shadowsocksr/status.lua
+++ b/files/luci/model/cbi/shadowsocksr/status.lua
@@ -1,7 +1,7 @@
 -- Copyright (C) 2017 yushi studio <ywb94@qq.com>
 -- Licensed to the public under the GNU General Public License v3.
 
-local IPK_Version="1.2.1"
+local IPK_Version="3.0.6-7"
 local m, s, o
 local redir_run=0
 local reudp_run=0
diff --git a/files/luci/view/shadowsocksr/ssrurl.htm b/files/luci/view/shadowsocksr/ssrurl.htm
new file mode 100644
index 0000000..6bcc8bb
--- /dev/null
+++ b/files/luci/view/shadowsocksr/ssrurl.htm
@@ -0,0 +1,139 @@
+<%+cbi/valueheader%>
+
+<script type="text/javascript">//<![CDATA[
+	function padright(str, cnt, pad){
+		return str + Array(cnt+1).join(pad);
+	}
+	function b64EncodeUnicode(str) {
+		return btoa(encodeURIComponent(str).replace(/%([0-9A-F]{2})/g, function(match, p1) {
+			return String.fromCharCode('0x' + p1);
+		}));
+	}
+	function b64encutf8safe(str) {
+		return b64EncodeUnicode(str).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/g,'');
+	}
+	function b64DecodeUnicode(str) {
+		return decodeURIComponent(Array.prototype.map.call(atob(str), function(c) {
+			return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
+		}).join(''));
+	}
+	function b64decutf8safe(str) {
+		var l;
+		str = str.replace(/-/g,"+").replace(/_/g,"/");
+		l = str.length;
+		l = (4 - l % 4)%4;
+		if( l )
+			str = padright(str,l,"=");
+		return b64DecodeUnicode(str);
+	}
+	function b64encsafe(str){
+		return btoa(str).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/g,'')
+	}
+	function b64decsafe(str){
+		var l;
+		str = str.replace(/-/g,"+").replace(/_/g,"/");
+		l = str.length;
+		l = (4 - l % 4)%4;
+		if( l )
+			str = padright(str,l,"=");
+		return atob(str);
+	}
+	function dictvalue(d,key)	{
+		var v = d[key];
+		if( typeof(v)=='undefined' || v=='' )
+			return '';
+		return b64decsafe(v);
+	}
+	function export_ssr_url(btn,urlname,sid) {
+		var s = document.getElementById(urlname+'-status');
+		if(!s)
+			return false;
+		var v_server = document.getElementById('cbid.shadowsocksr.'+sid+'.server');
+		var v_port = document.getElementById('cbid.shadowsocksr.'+sid+'.server_port');
+		var v_protocol = document.getElementById('cbid.shadowsocksr.'+sid+'.protocol');
+		var v_method = document.getElementById('cbid.shadowsocksr.'+sid+'.encrypt_method');
+		var v_obfs = document.getElementById('cbid.shadowsocksr.'+sid+'.obfs');
+		var v_password = document.getElementById('cbid.shadowsocksr.'+sid+'.password');
+		var v_obfs_param = document.getElementById('cbid.shadowsocksr.'+sid+'.obfs_param');
+		var v_protocol_param = document.getElementById('cbid.shadowsocksr.'+sid+'.protocol_param');
+		var v_alias = document.getElementById('cbid.shadowsocksr.'+sid+'.alias');
+
+		var ssr_str = v_server.value+":"+
+		v_port.value+":"+
+		v_protocol.value+":"+
+		v_method.value+":"+
+		v_obfs.value+":"+
+		b64encsafe(v_password.value)+
+		"/?obfsparam="+b64encsafe(v_obfs_param.value)+
+		"&protoparam="+b64encsafe(v_protocol_param.value)+
+		"&remarks="+b64encutf8safe(v_alias.value);
+		var textarea = document.createElement("textarea");
+		textarea.textContent = "ssr://"+b64encsafe(ssr_str);
+		textarea.style.position = "fixed";
+		document.body.appendChild(textarea);
+		textarea.select();
+		try {
+			document.execCommand("copy");  // Security exception may be thrown by some browsers.
+			s.innerHTML = "<font color='green'><%:Copy SSR to clipboard successfully.%></font>";
+		} catch (ex) {
+			s.innerHTML = "<font color='red'><%:Unable to copy SSR to clipboard.%></font>";
+		} finally {
+			document.body.removeChild(textarea);
+		}
+		return false;
+	}
+	function import_ssr_url(btn,urlname,sid) {
+		var s = document.getElementById(urlname+'-status');
+		if(!s)
+			return false;
+		var ssrurl = prompt("<%:Paste ssr url here%>", "ssr://");
+		if (ssrurl == null || ssrurl == "") {
+			s.innerHTML = "<font color='red'><%:User cancelled.%></font>";
+			return false;
+		}
+		s.innerHTML = "<font color='red'><%:Invalid SSR format.%></font>";
+		var ssu = ssrurl.match(/ssr:\/\/([A-Za-z0-9_-]+)/i);
+		if( !ssu || ssu.length<2 )
+			return false;
+		var sstr = b64decsafe(ssu[1]);
+		var ploc = sstr.indexOf("/?");
+		var url0, param="";
+		if( ploc>0 ) {
+			url0 = sstr.substr(0,ploc);
+			param = sstr.substr(ploc+2);
+		}
+		var ssm = url0.match(/^(.+):([^:]+):([^:]*):([^:]+):([^:]*):([^:]+)/);
+		if( !ssm || ssm.length<7 )
+			return false;
+		var pdict = {};
+		if( param.length>2 )
+		{
+			var a = param.split('&');
+			for( var i=0;i<a.length; i++ ) {
+				var b = a[i].split('=');
+				pdict[decodeURIComponent(b[0])] = decodeURIComponent(b[1] || '');
+			}
+		}
+		document.getElementById('cbid.shadowsocksr.'+sid+'.server').value = ssm[1];
+		document.getElementById('cbid.shadowsocksr.'+sid+'.server_port').value = ssm[2];
+		document.getElementById('cbid.shadowsocksr.'+sid+'.protocol').value = ssm[3];
+		document.getElementById('cbid.shadowsocksr.'+sid+'.encrypt_method').value = ssm[4];
+		document.getElementById('cbid.shadowsocksr.'+sid+'.obfs').value = ssm[5];
+		document.getElementById('cbid.shadowsocksr.'+sid+'.password').value = b64decsafe(ssm[6]);
+		document.getElementById('cbid.shadowsocksr.'+sid+'.obfs_param').value = dictvalue(pdict,'obfsparam');
+		document.getElementById('cbid.shadowsocksr.'+sid+'.protocol_param').value = dictvalue(pdict,'protoparam');
+
+		var rem = pdict['remarks'];
+		if( typeof(rem)!='undefined' && rem!='' && rem.length>0 )
+			document.getElementById('cbid.shadowsocksr.'+sid+'.alias').value = b64decutf8safe(rem);
+
+		s.innerHTML = "<font color='green'><%:Import SSR successfully.%></font>";
+		return false;
+	}
+//]]></script>
+
+<input type="button" class="cbi-button cbi-button-apply" value="<%:Import SSR%>" onclick="return import_ssr_url(this,'<%=self.option%>','<%=self.value%>')" />
+<input type="button" class="cbi-button cbi-button-apply" value="<%:Export SSR%>" onclick="return export_ssr_url(this,'<%=self.option%>','<%=self.value%>')" />
+<span id="<%=self.option%>-status"><%:ssr://%></span>
+
+<%+cbi/valuefooter%>
diff --git a/files/root/usr/share/rpcd/acl.d/luci-app-shadowsocksr.json b/files/root/usr/share/rpcd/acl.d/luci-app-shadowsocksr.json
new file mode 100644
index 0000000..2c441c4
--- /dev/null
+++ b/files/root/usr/share/rpcd/acl.d/luci-app-shadowsocksr.json
@@ -0,0 +1,22 @@
+{
+  "luci-app-shadowsocksr": {
+    "description": "Grant access to ShadowsocksR",
+    "read": {
+      "file": {
+        "/etc/china_ssr.txt": [ "read" ],
+        "/etc/dnsmasq.ssr/*": [ "read" ],
+	"/var/etc/shadowsocksr.include": [ "read" ]
+      },
+      "uci": [ "dhcp", "firewall", "shadowsocksr" ]
+    },
+    "write": {
+      "file": {
+        "/etc/china_ssr.txt": [ "write" ],
+        "/etc/dnsmasq.ssr/*": [ "write" ],
+	"/var/etc/shadowsocksr.include": [ "write" ],
+        "/usr/bin/ssr-*": [ "exec" ]
+      },
+      "uci": [ "dhcp", "firewall", "shadowsocksr" ]
+    }
+  }
+}
diff --git a/files/shadowsocksr.config b/files/shadowsocksr.config
index d3694b9..2fee9e2 100644
--- a/files/shadowsocksr.config
+++ b/files/shadowsocksr.config
@@ -2,9 +2,11 @@
 config global
 	option global_server 'nil'
 	option monitor_enable '1'
+	option ssrdns_disable '0'
 	option tunnel_enable '0'
 	option tunnel_port '5300'
 	option tunnel_forward '8.8.4.4:53'
+        option tunnel_address '0.0.0.0'
 		
 config servers
 	option auth_enable '0'
@@ -27,6 +29,7 @@ config servers
 config socks5_proxy
 	option server 'nil'
 	option local_port '1080'	
+	option local_address '0.0.0.0'
 
 config access_control
 	option lan_ac_mode '0'
diff --git a/files/shadowsocksr.init b/files/shadowsocksr.init
index ec6667a..117e27e 100644
--- a/files/shadowsocksr.init
+++ b/files/shadowsocksr.init
@@ -27,7 +27,7 @@ gfw_enable=0
 dns_enable_flag=0
 switch_enable=0
 switch_server=$1
-
+MAXFD=32768
 
 uci_get_by_name() {
 	local ret=$(uci get $NAME.$1.$2 2>/dev/null)
@@ -69,6 +69,10 @@ gen_config_file() {
          else
          fastopen="false";
          fi
+        mtuval=$(uci_get_by_type global mtu_value)
+        if [ -z $mtuval ] ;then
+        mtuval="1492"
+        fi
 	cat <<-EOF >$config_file
 		{
 		    
@@ -80,9 +84,11 @@ gen_config_file() {
 		    "timeout": $(uci_get_by_name $1 timeout 60),
 		    "method": "$(uci_get_by_name $1 encrypt_method)",
 		    "protocol": "$(uci_get_by_name $1 protocol)",
+		    "protocol_param": "$(uci_get_by_name $1 protocol_param)",
 		    "obfs": "$(uci_get_by_name $1 obfs)",
 		    "obfs_param": "$(uci_get_by_name $1 obfs_param)",
-		    "fast_open": $fastopen
+		    "fast_open": $fastopen ,
+		    "mtu": $mtuval
 		}
 EOF
 }
@@ -263,8 +269,15 @@ start_redir() {
 	#deal with dns
 	if  [ -n "$gfw_enable" ] ;then
 	 if [ "$(uci_get_by_type global pdnsd_enable)" != "1" ] ;then
-	  service_start /usr/bin/ssr-tunnel -c $CONFIG_FILE -b 0.0.0.0 -u -l 5353 -L $(uci_get_by_type global tunnel_forward 8.8.4.4:53) -f /var/run/ssr-dns.pid
-	  dns_enable_flag=1
+	  # set ssrdns_disable to 1 when using chinadns or unbound
+	  if [ "$(uci_get_by_type global ssrdns_disable)" != "1" ] ;then
+	   service_start /usr/bin/ssr-tunnel -c $CONFIG_FILE -u \
+                -l $(uci_get_by_type global tunnel_port 5353) \
+                -b $(uci_get_by_type global tunnel_address 0.0.0.0) \
+                -L $(uci_get_by_type global tunnel_forward 8.8.4.4:53) \
+                -f /var/run/ssr-dns.pid
+	   dns_enable_flag=1
+	  fi
 	 else
 	  local dnsstr="$(uci_get_by_type global tunnel_forward 8.8.4.4:53)"
 	  local dnsserver=`echo "$dnsstr"|awk -F ':'  '{print $1}'`
@@ -293,7 +306,11 @@ gen_service_file() {
 	fastopen="true";
 	else
 	fastopen="false";
-	fi       
+	fi
+	mtuval=$(uci_get_by_type global mtu_value)
+	if [ -z $mtuval ] ;then
+	mtuval="1492"
+	fi
 	cat <<-EOF >$2
 		{
 		    "server": "$(uci_get_by_name $1 server)",
@@ -302,9 +319,11 @@ gen_service_file() {
 		    "timeout": $(uci_get_by_name $1 timeout 60),
 		    "method": "$(uci_get_by_name $1 encrypt_method)",
 		    "protocol": "$(uci_get_by_name $1 protocol)",
+		    "protocol_param": "$(uci_get_by_name $1 protocol_param)",
 		    "obfs": "$(uci_get_by_name $1 obfs)",
 		    "obfs_param": "$(uci_get_by_name $1 obfs_param)",
-		    "fast_open": $fastopen
+		    "fast_open": $fastopen,
+		    "mtu": $mtuval
 		}
 EOF
 }
@@ -355,13 +374,19 @@ start_server() {
 }
 
 start_tunnel() {
+        case "$(uci_get_by_type global tunnel_enable)" in
+                1|on|true|yes|enabled)
 	/usr/bin/ssr-tunnel \
 		-c $CONFIG_FILE $ARG_OTA ${ARG_UDP:="-u"} \
 		-l $(uci_get_by_type global tunnel_port 5300) \
+		-b $(uci_get_by_type global tunnel_address 0.0.0.0) \
 		-L $(uci_get_by_type global tunnel_forward 8.8.4.4:53) \
 		-f /var/run/ssr-tunnel.pid
 	tunnel_enable=1	
 	return $?
+                        ;;
+        esac
+	return 1
 }
 
 start_local() {
@@ -371,6 +396,7 @@ start_local() {
 	gen_config_file $local_server 2
 	/usr/bin/ssr-local -c $CONFIG_SOCK5_FILE -u  \
 		-l $(uci_get_by_type socks5_proxy local_port 1080) \
+		-b $(uci_get_by_type socks5_proxy local_address 0.0.0.0) \
 		-f /var/run/ssr-local.pid
 	local_enable=1	
 }
@@ -415,6 +441,7 @@ EOF
 	fi
 	start_server	
 	start_local
+	start_tunnel
 	if [ $(uci_get_by_type global monitor_enable) = 1 ] ;then
 	let total_count=server_count+redir_tcp+redir_udp+tunnel_enable+kcp_enable_flag+local_enable+dns_enable_flag+switch_enable
 	if [ $total_count -gt 0 ]