feat(rust-server, rust-client, ts-interfaces): add configurable packet forwarding with TUN and userspace NAT modes

2026-03-29 23:33:44 +00:00
parent e9cf575271
commit 9d105e8034
12 changed files with 1130 additions and 24 deletions
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@push.rocks/smartvpn',
-  version: '1.9.0',
+  version: '1.10.0',
  description: 'A VPN solution with TypeScript control plane and Rust data plane daemon'
 }
--- a/ts/smartvpn.interfaces.ts
+++ b/ts/smartvpn.interfaces.ts
@@ -40,6 +40,9 @@ export interface IVpnClientConfig {
  transport?: 'auto' | 'websocket' | 'quic' | 'wireguard';
  /** For QUIC: SHA-256 hash of server certificate (base64) for cert pinning */
  serverCertHash?: string;
+  /** Forwarding mode: 'tun' (TUN device, requires root) or 'testing' (no TUN).
+   *  Default: 'testing'. */
+  forwardingMode?: 'tun' | 'testing';
  /** WireGuard: client private key (base64, X25519) */
  wgPrivateKey?: string;
  /** WireGuard: client TUN address (e.g. 10.8.0.2) */
@@ -86,6 +89,9 @@ export interface IVpnServerConfig {
  keepaliveIntervalSecs?: number;
  /** Enable NAT/masquerade for client traffic */
  enableNat?: boolean;
+  /** Forwarding mode: 'tun' (kernel TUN, requires root), 'socket' (userspace NAT),
+   *  or 'testing' (monitoring only). Default: 'testing'. */
+  forwardingMode?: 'tun' | 'socket' | 'testing';
  /** Default rate limit for new clients (bytes/sec). Omit for unlimited. */
  defaultRateLimitBytesPerSec?: number;
  /** Default burst size for new clients (bytes). Omit for unlimited. */