diff --git a/omr-admin.py b/omr-admin.py
index 34649d4..548ec59 100755
--- a/omr-admin.py
+++ b/omr-admin.py
@@ -7,6 +7,7 @@
 
 import json
 import base64
+import secrets
 import uuid
 import configparser
 import subprocess
@@ -67,11 +68,28 @@ def get_bytes_ss(port):
 
 def add_ss_user(port,key):
     ss_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM);
-    ss_socket.sendto('add: {"server_port": ' + port + ',"key": "' + key + '"}'.encode(), ("127.0.0.1",8839));
+    data = 'add: {"server_port": ' + port + ',"key": "' + key + '"}'
+    ss_socket.sendto(data.encode(), ("127.0.0.1",8839));
+    with open('/etc/shadowsocks-libev/manager.json') as f:
+        content = f.read()
+    content = re.sub(",\s*}","}",content)
+    data = json.loads(content)
+    data['port_key'][port] = key
+    with open('/etc/shadowsocks-libev/manager.json','w') as f:
+        json.dump(data,f, indent=4)
 
-def remove_ss_user(port,key):
+
+def remove_ss_user(port):
     ss_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM);
-    ss_socket.sendto('remove: {"server_port": ' + port + '}'.encode(), ("127.0.0.1",8839));
+    data = 'remove: {"server_port": ' + port + '}'
+    ss_socket.sendto(data.encode(), ("127.0.0.1",8839));
+    with open('/etc/shadowsocks-libev/manager.json') as f:
+        content = f.read()
+    content = re.sub(",\s*}","}",content)
+    data = json.loads(content)
+    del data['port_key'][port]
+    with open('/etc/shadowsocks-libev/manager.json','w') as f:
+        json.dump(data,f, indent=4)
 
 def ordered(obj):
     if isinstance(obj, dict):
@@ -253,9 +271,14 @@ def status(current_user: User = Depends(get_current_user)):
     vps_kernel = os.popen('uname -r').read().rstrip()
     vps_omr_version = os.popen("grep -s 'OpenMPTCProuter VPS' /etc/* | awk '{print $4}'").read().rstrip()
     mptcp_enabled = os.popen('sysctl -n net.mptcp.mptcp_enabled').read().rstrip()
+    shadowsocks_port = current_user.shadowsocks_port
+    if not shadowsocks_port == None:
+        ss_traffic = get_bytes_ss(current_user.shadowsocks_port)
+    else:
+        ss_traffic = 0
 
     if iface:
-        return {'vps': {'time': vps_current_time,'loadavg': vps_loadavg,'uptime': vps_uptime,'mptcp': mptcp_enabled,'hostname': vps_hostname,'kernel': vps_kernel, 'vps_omr_version': vps_omr_version}, 'network': {'tx': get_bytes('tx',iface),'rx': get_bytes('rx',iface)}, 'shadowsocks': {'traffic': get_bytes_ss(current_user.shadowsocks_port)}}
+        return {'vps': {'time': vps_current_time,'loadavg': vps_loadavg,'uptime': vps_uptime,'mptcp': mptcp_enabled,'hostname': vps_hostname,'kernel': vps_kernel, 'vps_omr_version': vps_omr_version}, 'network': {'tx': get_bytes('tx',iface),'rx': get_bytes('rx',iface)}, 'shadowsocks': {'traffic': ss_traffic}}
     else:
         return {'error': 'No iface defined','route': 'status'}
 
@@ -276,7 +299,10 @@ def config(current_user: User = Depends(get_current_user)):
         data = {'key': '', 'server_port': 65101, 'method': 'chacha20'}
     #shadowsocks_port = data["server_port"]
     shadowsocks_port = current_user.shadowsocks_port
-    shadowsocks_key = data["port_key"][str(shadowsocks_port)]
+    if not shadowsocks_port == None:
+        shadowsocks_key = data["port_key"][str(shadowsocks_port)]
+    else:
+        shadowsocks_key = ''
     shadowsocks_method = data["method"]
     if 'fast_open' in data:
         shadowsocks_fast_open = data["fast_open"]
@@ -375,21 +401,21 @@ def config(current_user: User = Depends(get_current_user)):
     #else:
     #    openvpn_key = ''
     openvpn_key = ''
-    if os.path.isfile('/etc/openvpn/client/client.key'):
-        with open('/etc/openvpn/client/client.key',"rb") as ovpnkey_file:
+    if os.path.isfile('/etc/openvpn/ca/pki/private/' + current_user.username + '.key'):
+        with open('/etc/openvpn/ca/pki/private/' + current_user.username + '.key',"rb") as ovpnkey_file:
             openvpn_keyb = base64.b64encode(ovpnkey_file.read())
             openvpn_client_key = openvpn_keyb.decode('utf-8')
     else:
         openvpn_client_key = ''
-    if os.path.isfile('/etc/openvpn/client/client.crt'):
-        with open('/etc/openvpn/client/client.crt',"rb") as ovpnkey_file:
+    if os.path.isfile('/etc/openvpn/ca/issued/' + current_user.username + '.crt'):
+        with open('/etc/openvpn/ca/issued/' + current_user.username + '.crt',"rb") as ovpnkey_file:
             openvpn_keyb = base64.b64encode(ovpnkey_file.read())
             openvpn_client_crt = openvpn_keyb.decode('utf-8')
         available_vpn.append("openvpn")
     else:
         openvpn_client_crt = ''
-    if os.path.isfile('/etc/openvpn/server/ca.crt'):
-        with open('/etc/openvpn/server/ca.crt',"rb") as ovpnkey_file:
+    if os.path.isfile('/etc/openvpn/ca/pki/ca.crt'):
+        with open('/etc/openvpn/ca/pki/ca.crt',"rb") as ovpnkey_file:
             openvpn_keyb = base64.b64encode(ovpnkey_file.read())
             openvpn_client_ca = openvpn_keyb.decode('utf-8')
     else:
@@ -875,20 +901,53 @@ def edit_backup(params,current_user: User = Depends(get_current_user)):
 
 class NewUser(BaseModel):
     username: str
-    permission: str
-
+    permission: str = None
+    shadowsocks_port: int = None
+    vpn: str = None
 
 @app.post('/add_user')
 def add_user(*, params: NewUser,current_user: User = Depends(get_current_user)):
     if not current_user.permissions == "admin":
         return {'result': 'permission','reason': 'Need admin user','route': 'shadowsocks'}
-    user_json = json.loads('"'+ params.username + '": {"username":"'+ params.username +'","permission":"'+params.permission+'","disabled":"false"}')
+    user_key = secrets.token_hex(32)
+    user_json = json.loads('{"'+ params.username + '": {"username":"'+ params.username +'","permission":"'+params.permission+'","user_password": "'+user_key.upper()+'","disabled":"false"}}')
+    if params.shadowsocks_port is not None:
+        shadowsocks_key = base64.urlsafe_b64encode(secrets.token_hex(16).encode())
+        add_ss_user(str(params.shadowsocks_port),shadowsocks_key.decode('utf-8'))
+        user_json[params.username].update({"shadowsocks_port": params.shadowsocks_port})
+    if params.vpn is not None:
+        user_json[params.username].update({"vpn": params.vpn})
     with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
         content = json.load(f)
-    content['users'][0].update(changes)
+    content['users'][0].update(user_json)
     with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json','w') as f:
-        json.dump(content,f)
+        json.dump(content,f,indent=4)
+    os.popen('EASYRSA_CERT_EXPIRE=3650 /etc/openvpn/ca/easyrsa build-client-full "' + params.username + '" nopass')
 
+class RemoveUser(BaseModel):
+    username: str
+
+@app.post('/remove_user')
+def remove_user(*, params: RemoveUser,current_user: User = Depends(get_current_user)):
+    if not current_user.permissions == "admin":
+        return {'result': 'permission','reason': 'Need admin user','route': 'shadowsocks'}
+    with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
+        content = json.load(f)
+    shadowsocks_port = content['users'][0][params.username]['shadowsocks_port']
+    del content['users'][0][params.username]
+    remove_ss_user(str(shadowsocks_port))
+    with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json','w') as f:
+        json.dump(content,f,indent=4)
+    os.remove('/etc/openvpn/ca/pki/issued/' + params.username + '.crt')
+    os.remove('/etc/openvpn/ca/pki/private/' + params.username + '.key')
+
+@app.post('/list_users')
+def list_users(current_user: User = Depends(get_current_user)):
+    if not current_user.permissions == "admin":
+        return {'result': 'permission','reason': 'Need admin user','route': 'shadowsocks'}
+    with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
+        content = json.load(f)
+    return json.dumps(content)
 
 if __name__ == '__main__':
     with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
@@ -896,6 +955,9 @@ if __name__ == '__main__':
     omrport=65500
     if 'port' in omr_config_data:
         omrport = omr_config_data["port"]
+    omrhost='0.0.0.0'
+    if 'host' in omr_config_data:
+        omrhost = omr_config_data["host"]
 #    uvicorn.run(app,host='0.0.0.0',port=omrport,log_level='debug',ssl_certfile='/etc/openmptcprouter-vps-admin/cert.pem',ssl_keyfile='/etc/openmptcprouter-vps-admin/key.pem')
-    uvicorn.run(app,host='0.0.0.0',port=omrport,log_level='error',ssl_certfile='/etc/openmptcprouter-vps-admin/cert.pem',ssl_keyfile='/etc/openmptcprouter-vps-admin/key.pem')
+    uvicorn.run(app,host=omrhost,port=omrport,log_level='error',ssl_certfile='/etc/openmptcprouter-vps-admin/cert.pem',ssl_keyfile='/etc/openmptcprouter-vps-admin/key.pem')
 #    uvicorn.run(app,host='0.0.0.0',port=omrport,ssl_context=('/etc/openmptcprouter-vps-admin/cert.pem','/etc/openmptcprouter-vps-admin/key.pem'),threaded=True)