push.rocks/smartvpn
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(userspace-nat): add VPN metadata to PROXY protocol forwarding

Browse Source
This commit is contained in:
Jürgen Kunz
2026-05-24 01:23:53 +00:00
parent 10f9c2e609
commit 90d7f0903b
5 changed files with 204 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ts/smartvpn.interfaces.ts
+8 -3
View File
@@ -122,10 +122,15 @@ export interface IVpnServerConfig {
* Supports exact IPs, CIDR, wildcards, ranges. */
connectionIpBlockList?: string[];
/** When true and forwardingMode is 'socket', the userspace NAT engine prepends
* PROXY protocol v2 headers on outbound TCP connections, conveying the VPN client's
* tunnel IP as the source address. This allows downstream services (e.g. SmartProxy)
* to see the real VPN client identity instead of 127.0.0.1. */
* PROXY protocol v2 headers on outbound TCP connections. */
socketForwardProxyProtocol?: boolean;
/** Source address to place into outbound PROXY v2 headers.
* 'tunnelIp' preserves legacy behavior. 'remoteIp' exposes the VPN client's
* real connecting IP when known, with tunnel IP fallback. */
socketForwardProxyProtocolSource?: 'tunnelIp' | 'remoteIp';
/** When true, outbound PROXY v2 headers include authenticated SmartVPN metadata
* in a vendor TLV: clientId, assignedIp, transportType, and remoteAddr. */
socketForwardProxyProtocolVpnMetadata?: boolean;
/** Destination routing policy for VPN client traffic (socket mode).
* Controls where decrypted traffic goes: allow through, block, or redirect to a target.
* Default: all traffic passes through (backward compatible). */