feat(server): add configurable client endpoint and allowed IPs for generated VPN configs

2026-03-30 17:55:27 +00:00
parent cfa91fd419
commit a1b62f6b62
4 changed files with 62 additions and 13 deletions
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@push.rocks/smartvpn',
-  version: '1.15.0',
+  version: '1.16.0',
  description: 'A VPN solution with TypeScript control plane and Rust data plane daemon'
 }
--- a/ts/smartvpn.interfaces.ts
+++ b/ts/smartvpn.interfaces.ts
@@ -129,6 +129,14 @@ export interface IVpnServerConfig {
   *  Controls where decrypted traffic goes: allow through, block, or redirect to a target.
   *  Default: all traffic passes through (backward compatible). */
  destinationPolicy?: IDestinationPolicy;
+  /** Public endpoint address for generated client configs (e.g. 'vpn.example.com:51820').
+   *  Used as the WireGuard `Endpoint =` and SmartVPN `serverUrl` host.
+   *  Defaults to listenAddr (which is typically wrong for remote clients). */
+  serverEndpoint?: string;
+  /** AllowedIPs for generated WireGuard client configs.
+   *  Controls what traffic the client routes through the VPN tunnel.
+   *  Defaults to ['0.0.0.0/0'] (full tunnel). Set to e.g. ['10.8.0.0/24'] for split tunnel. */
+  clientAllowedIPs?: string[];
 }

 /**