push.rocks/smartvpn
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(server): add bridge forwarding mode and per-client destination policy overrides

Browse Source
This commit is contained in:
Jürgen Kunz
2026-03-31 21:34:49 +00:00
parent 17af7ab289
commit fdeba5eeb5
12 changed files with 583 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
ts/smartvpn.interfaces.ts
View File

@@ -93,7 +93,7 @@ export interface IVpnServerConfig {
enableNat?: boolean;
/** Forwarding mode: 'tun' (kernel TUN, requires root), 'socket' (userspace NAT),
* or 'testing' (monitoring only). Default: 'testing'. */
forwardingMode?: 'tun' | 'socket' | 'testing';
forwardingMode?: 'tun' | 'socket' | 'bridge' | 'testing';
/** Default rate limit for new clients (bytes/sec). Omit for unlimited. */
defaultRateLimitBytesPerSec?: number;
/** Default burst size for new clients (bytes). Omit for unlimited. */
@@ -137,6 +137,22 @@ export interface IVpnServerConfig {
* Controls what traffic the client routes through the VPN tunnel.
* Defaults to ['0.0.0.0/0'] (full tunnel). Set to e.g. ['10.8.0.0/24'] for split tunnel. */
clientAllowedIPs?: string[];
// Bridge mode configuration (forwardingMode: 'bridge')
/** LAN subnet CIDR for bridge mode (e.g. '192.168.1.0/24').
* VPN clients get IPs from this subnet instead of the VPN subnet.
* Required when forwardingMode is 'bridge'. */
bridgeLanSubnet?: string;
/** Physical network interface to bridge (e.g. 'eth0').
* Auto-detected from the default route if omitted. */
bridgePhysicalInterface?: string;
/** Start of VPN client IP range within the LAN subnet (host offset, e.g. 200 for .200).
* Default: 200. */
bridgeIpRangeStart?: number;
/** End of VPN client IP range within the LAN subnet (host offset, e.g. 250 for .250).
* Default: 250. */
bridgeIpRangeEnd?: number;
}
/**
@@ -310,6 +326,10 @@ export interface IClientSecurity {
maxConnections?: number;
/** Per-client rate limiting. */
rateLimit?: IClientRateLimit;
/** Per-client destination routing policy override.
* When set, overrides the server-level destinationPolicy for this client's traffic.
* Supports the same options: forceTarget, block, allow with allow/block lists. */
destinationPolicy?: IDestinationPolicy;
}
/**