v1.15.0

changelog.md

@@ -1,5 +1,34 @@
 # Changelog
 
+## 2026-03-30 - 1.15.0 - feat(vpnserver)
+add nftables-backed destination policy enforcement for TUN mode
+
+- add @push.rocks/smartnftables dependency and export it through the plugin layer
+- apply destination policy rules via nftables when starting the server in TUN mode
+- add periodic nftables health checks and best-effort cleanup on server stop
+- update documentation for destination routing policy, socket transport mode, trusted client tags, events, and service generation
+
+## 2026-03-30 - 1.14.0 - feat(nat)
+add destination routing policy support for socket-mode VPN traffic
+
+- introduce configurable destinationPolicy settings in server and TypeScript interfaces
+- apply allow, block, and forceTarget routing decisions when creating TCP and UDP NAT sessions
+- export ACL IP matching helper for destination policy evaluation
+
+## 2026-03-30 - 1.13.0 - feat(client-registry)
+separate trusted server-defined client tags from client-reported tags with legacy tag compatibility
+
+- Adds distinct serverDefinedClientTags and clientDefinedClientTags fields to client registry and TypeScript interfaces.
+- Treats legacy tags values as serverDefinedClientTags during deserialization and server-side create/update flows for backward compatibility.
+- Clarifies that only server-defined tags are trusted for access control while client-defined tags are informational only.
+
+## 2026-03-30 - 1.12.0 - feat(server)
+add optional PROXY protocol v2 headers for socket-based userspace NAT forwarding
+
+- introduce a socketForwardProxyProtocol server option in Rust and TypeScript interfaces
+- pass the new setting into the userspace NAT engine and TCP bridge tasks
+- prepend PROXY protocol v2 headers on outbound TCP connections when socket forwarding is enabled
+
 ## 2026-03-30 - 1.11.0 - feat(server)
 unify WireGuard into the shared server transport pipeline
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@push.rocks/smartvpn",
-  "version": "1.11.0",
+  "version": "1.15.0",
   "private": false,
   "description": "A VPN solution with TypeScript control plane and Rust data plane daemon",
   "type": "module",
@@ -29,6 +29,7 @@
   ],
   "license": "MIT",
   "dependencies": {
+    "@push.rocks/smartnftables": "1.1.0",
     "@push.rocks/smartpath": "^6.0.0",
     "@push.rocks/smartrust": "^1.3.2"
   },

pnpm-lock.yaml

@@ -8,6 +8,9 @@ importers:
 
   .:
     dependencies:
+      '@push.rocks/smartnftables':
+        specifier: 1.1.0
+        version: 1.1.0
       '@push.rocks/smartpath':
         specifier: ^6.0.0
         version: 6.0.0
@@ -1132,6 +1135,9 @@ packages:
   '@push.rocks/smartnetwork@4.5.2':
     resolution: {integrity: sha512-lbMMyc2f/WWd5+qzZyF1ynXndjCtasxPWmj/d8GUuis9rDrW7sLIT1PlAPC2F6Qsy4H/K32JrYU+01d/6sWObg==}
 
+  '@push.rocks/smartnftables@1.1.0':
+    resolution: {integrity: sha512-7JNzerlW20HEl2wKMBIHltwneCQRpXiD2lJkXZZc02ctnfjgFejXVDIeWomhPx6PZ0Z6zmqdF6rrFDtDHyqqfA==}
+
   '@push.rocks/smartnpm@2.0.6':
     resolution: {integrity: sha512-7anKDOjX6gXWs1IAc+YWz9ZZ8gDsTwaLh+CxRnGHjAawOmK788NrrgVCg2Fb3qojrPnoxecc46F8Ivp1BT7Izw==}
 
@@ -5335,6 +5341,11 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
+  '@push.rocks/smartnftables@1.1.0':
+    dependencies:
+      '@push.rocks/smartlog': 3.2.1
+      '@push.rocks/smartpromise': 4.2.3
+
   '@push.rocks/smartnpm@2.0.6':
     dependencies:
       '@push.rocks/consolecolor': 2.0.3

readme.md

@@ -10,6 +10,7 @@ A high-performance VPN solution with a **TypeScript control plane** and a **Rust
 🔄 **Hub API**: one `createClient()` call generates keys, assigns IP, returns both SmartVPN + WireGuard configs
 📡 **Real-time telemetry**: RTT, jitter, loss ratio, link health — all via typed APIs
 🌐 **Unified forwarding pipeline**: all transports share the same engine — TUN (kernel), userspace NAT (no root), or testing mode
+🎯 **Destination routing policy**: force-target, block, or allow traffic per destination with nftables integration
 
 ## Issue Reporting and Security
 
@@ -36,11 +37,38 @@ The package ships with pre-compiled Rust binaries for **linux/amd64** and **linu
 │  Config validation           │                          │  WS + QUIC + WireGuard        │
 │  Hub: client management      │                          │  TUN device, IP pool, NAT     │
 │  WireGuard .conf generation  │                          │  Rate limiting, ACLs, QoS     │
+│  nftables destination policy │                          │  Destination routing, nftables│
 └──────────────────────────────┘                          └───────────────────────────────┘
 ```
 
 **Split-plane design** — TypeScript handles orchestration, config, and DX; Rust handles every hot-path byte with zero-copy async I/O (tokio, mimalloc).
 
+### IPC Transport Modes
+
+The bridge between TypeScript and Rust supports two transport modes:
+
+| Mode | Use Case | How It Works |
+|------|----------|-------------|
+| **stdio** | Development, testing | Spawns the Rust daemon as a child process, communicates over stdin/stdout |
+| **socket** | Production | Connects to an already-running daemon via Unix domain socket, with optional auto-reconnect |
+
+```typescript
+// Development: spawn the daemon
+const server = new VpnServer({ transport: { transport: 'stdio' } });
+
+// Production: connect to running daemon
+const server = new VpnServer({
+  transport: {
+    transport: 'socket',
+    socketPath: '/var/run/smartvpn.sock',
+    autoReconnect: true,
+    reconnectBaseDelayMs: 100,
+    reconnectMaxDelayMs: 5000,
+    maxReconnectAttempts: 10,
+  },
+});
+```
+
 ## Quick Start 🚀
 
 ### 1. Start a VPN Server (Hub)
@@ -54,8 +82,8 @@ await server.start({
   privateKey: '<server-noise-private-key-base64>',
   publicKey: '<server-noise-public-key-base64>',
   subnet: '10.8.0.0/24',
-  transportMode: 'all',  // WebSocket + QUIC + WireGuard simultaneously (default)
-  forwardingMode: 'tun', // 'tun' (kernel), 'socket' (userspace NAT), or 'testing'
+  transportMode: 'all',       // WebSocket + QUIC + WireGuard simultaneously (default)
+  forwardingMode: 'tun',      // 'tun' (kernel), 'socket' (userspace NAT), or 'testing'
   wgPrivateKey: '<server-wg-private-key-base64>', // required for WireGuard transport
   enableNat: true,
   dns: ['1.1.1.1', '8.8.8.8'],
@@ -67,7 +95,7 @@ await server.start({
 ```typescript
 const bundle = await server.createClient({
   clientId: 'alice-laptop',
-  tags: ['engineering'],
+  serverDefinedClientTags: ['engineering'],  // trusted tags for access control
   security: {
     destinationAllowList: ['10.0.0.0/8'],        // can only reach internal network
     destinationBlockList: ['10.0.0.99'],           // except this host
@@ -155,6 +183,47 @@ await server.start({
 - `remoteAddr` field on `IVpnClientInfo` exposes the real client IP for monitoring
 - **Security**: must be `false` (default) when accepting direct connections — only enable behind a trusted proxy
 
+### 🎯 Destination Routing Policy
+
+Control where decrypted VPN client traffic goes — force it to a specific target, block it, or allow it through. Evaluated per-packet before per-client ACLs.
+
+```typescript
+await server.start({
+  // ...
+  forwardingMode: 'socket', // userspace NAT mode
+  destinationPolicy: {
+    default: 'forceTarget',                    // redirect all traffic to a target
+    target: '127.0.0.1',                       // target IP for 'forceTarget' mode
+    allowList: ['10.0.0.0/8'],                 // these destinations pass through directly
+    blockList: ['10.0.0.99'],                  // always blocked (deny overrides allow)
+  },
+});
+```
+
+**Policy modes:**
+
+| Mode | Behavior |
+|------|----------|
+| `'forceTarget'` | Rewrites destination IP to `target` — funnels all traffic through a single endpoint |
+| `'block'` | Drops all traffic not explicitly in `allowList` |
+| `'allow'` | Passes all traffic through (default, backward compatible) |
+
+In **TUN mode**, destination policies are enforced via **nftables** rules (using `@push.rocks/smartnftables`). A 60-second health check automatically re-applies rules if they're removed externally.
+
+In **socket mode**, the policy is evaluated in the userspace NAT engine before per-client ACLs.
+
+### 🔗 Socket Forward Proxy Protocol
+
+When using `forwardingMode: 'socket'` (userspace NAT), you can prepend **PROXY protocol v2 headers** on outbound TCP connections. This conveys the VPN client's tunnel IP as the source address to downstream services (e.g., SmartProxy):
+
+```typescript
+await server.start({
+  // ...
+  forwardingMode: 'socket',
+  socketForwardProxyProtocol: true,  // downstream sees VPN client IP, not 127.0.0.1
+});
+```
+
 ### 📦 Packet Forwarding Modes
 
 SmartVPN supports three forwarding modes, configurable per-server and per-client:
@@ -190,6 +259,30 @@ The userspace NAT mode extracts destination IP/port from IP packets, opens a rea
 - **Dead-peer detection**: 180s inactivity timeout
 - **MTU management**: Automatic overhead calculation (IP+TCP+WS+Noise = 79 bytes)
 
+### 🏷️ Client Tags (Trusted vs Informational)
+
+SmartVPN separates server-managed tags from client-reported tags:
+
+| Field | Set By | Trust Level | Use For |
+|-------|--------|-------------|---------|
+| `serverDefinedClientTags` | Server admin (via `createClient` / `updateClient`) | ✅ Trusted | Access control, routing, billing |
+| `clientDefinedClientTags` | Client (reported after connection) | ⚠️ Informational | Diagnostics, client self-identification |
+| `tags` | *(deprecated)* | — | Legacy alias for `serverDefinedClientTags` |
+
+```typescript
+// Server-side: trusted tags
+await server.createClient({
+  clientId: 'alice-laptop',
+  serverDefinedClientTags: ['engineering', 'office-berlin'],
+});
+
+// Client-side: informational tags (reported to server)
+await client.connect({
+  // ...
+  clientDefinedClientTags: ['macOS', 'v2.1.0'],
+});
+```
+
 ### 🔄 Hub Client Management
 
 The server acts as a **hub** — one API to manage all clients:
@@ -205,7 +298,7 @@ const all   = await server.listRegisteredClients();
 // Update (ACLs, tags, description, rate limits...)
 await server.updateClient('bob-phone', {
   security: { destinationAllowList: ['0.0.0.0/0'] },
-  tags: ['mobile', 'field-ops'],
+  serverDefinedClientTags: ['mobile', 'field-ops'],
 });
 
 // Enable / Disable
@@ -243,46 +336,100 @@ const conf = WgConfigGenerator.generateClientConfig({
 // → standard WireGuard .conf compatible with wg-quick, iOS, Android
 ```
 
+Server configs too:
+
+```typescript
+const serverConf = WgConfigGenerator.generateServerConfig({
+  privateKey: '<server-wg-private-key>',
+  address: '10.8.0.1/24',
+  listenPort: 51820,
+  enableNat: true,
+  natInterface: 'eth0',
+  peers: [
+    { publicKey: '<client-wg-public-key>', allowedIps: ['10.8.0.2/32'] },
+  ],
+});
+```
+
 ### 🖥️ System Service Installation
 
+Generate systemd (Linux) or launchd (macOS) service units:
+
 ```typescript
 import { VpnInstaller } from '@push.rocks/smartvpn';
 
 const unit = VpnInstaller.generateServiceUnit({
+  binaryPath: '/usr/local/bin/smartvpn_daemon',
+  socketPath: '/var/run/smartvpn.sock',
   mode: 'server',
-  configPath: '/etc/smartvpn/server.json',
 });
-// unit.platform  → 'linux' | 'macos'
-// unit.content   → systemd unit file or launchd plist
+// unit.platform    → 'linux' | 'macos'
+// unit.content     → systemd unit file or launchd plist
 // unit.installPath → /etc/systemd/system/smartvpn-server.service
 ```
 
+You can also call `generateSystemdUnit()` or `generateLaunchdPlist()` directly for platform-specific options like custom descriptions.
+
+### 📢 Events
+
+Both `VpnServer` and `VpnClient` extend `EventEmitter` and emit typed events:
+
+```typescript
+server.on('client-connected', (info: IVpnClientInfo) => {
+  console.log(`${info.registeredClientId} connected from ${info.remoteAddr} via ${info.transportType}`);
+});
+
+server.on('client-disconnected', ({ clientId, reason }) => {
+  console.log(`${clientId} disconnected: ${reason}`);
+});
+
+client.on('status', (status: IVpnStatus) => {
+  console.log(`State: ${status.state}, IP: ${status.assignedIp}`);
+});
+
+// Both server and client emit:
+server.on('exit', ({ code, signal }) => { /* daemon process exited */ });
+server.on('reconnected', () => { /* socket transport reconnected */ });
+```
+
+| Event | Emitted By | Payload |
+|-------|-----------|---------|
+| `status` | Both | `IVpnStatus` — connection state changes |
+| `error` | Both | `{ message, code? }` |
+| `client-connected` | Server | `IVpnClientInfo` — full client info including transport type |
+| `client-disconnected` | Server | `{ clientId, reason? }` |
+| `exit` | Both | `{ code, signal }` — daemon process exited |
+| `reconnected` | Both | `void` — socket transport reconnected |
+
 ## API Reference 📖
 
 ### Classes
 
 | Class | Description |
 |-------|-------------|
-| `VpnServer` | Manages the Rust daemon in server mode. Hub methods for client CRUD. |
-| `VpnClient` | Manages the Rust daemon in client mode. Connect, disconnect, telemetry. |
-| `VpnBridge<T>` | Low-level typed IPC bridge (stdio or Unix socket). |
-| `VpnConfig` | Static config validation and file I/O. |
-| `VpnInstaller` | Generates systemd/launchd service files. |
-| `WgConfigGenerator` | Generates standard WireGuard `.conf` files. |
+| `VpnServer` | Manages the Rust daemon in server mode. Hub methods for client CRUD, telemetry, rate limits, WireGuard peer management. |
+| `VpnClient` | Manages the Rust daemon in client mode. Connect, disconnect, status, telemetry. |
+| `VpnBridge<T>` | Low-level typed IPC bridge (stdio or Unix socket). Handles spawn, connect, reconnect, and typed command dispatch. |
+| `VpnConfig` | Static config validation and JSON file I/O. Validates keys, addresses, CIDRs, MTU, etc. |
+| `VpnInstaller` | Generates systemd/launchd service files for daemon deployment. |
+| `WgConfigGenerator` | Generates standard WireGuard `.conf` files (client and server). |
 
 ### Key Interfaces
 
 | Interface | Purpose |
 |-----------|---------|
-| `IVpnServerConfig` | Server configuration (listen addr, keys, subnet, transport mode, forwarding mode, clients, proxy protocol) |
-| `IVpnClientConfig` | Client configuration (server URL, keys, transport, forwarding mode, WG options) |
-| `IClientEntry` | Server-side client definition (ID, keys, security, priority, tags, expiry) |
+| `IVpnServerConfig` | Server configuration (listen addr, keys, subnet, transport mode, forwarding mode, clients, proxy protocol, destination policy) |
+| `IVpnClientConfig` | Client configuration (server URL, keys, transport, forwarding mode, WG options, client-defined tags) |
+| `IClientEntry` | Server-side client definition (ID, keys, security, priority, server/client tags, expiry) |
 | `IClientSecurity` | Per-client ACLs and rate limits (SmartProxy-aligned naming) |
 | `IClientRateLimit` | Rate limiting config (bytesPerSec, burstBytes) |
-| `IClientConfigBundle` | Full config bundle returned by `createClient()` |
-| `IVpnClientInfo` | Connected client info (IP, stats, authenticated key, remote addr) |
+| `IClientConfigBundle` | Full config bundle returned by `createClient()` — includes SmartVPN config, WireGuard .conf, and secrets |
+| `IVpnClientInfo` | Connected client info (IP, stats, authenticated key, remote addr, transport type) |
 | `IVpnConnectionQuality` | RTT, jitter, loss ratio, link health |
+| `IVpnMtuInfo` | TUN MTU, effective MTU, overhead bytes, oversized packet stats |
 | `IVpnKeypair` | Base64-encoded public/private key pair |
+| `IDestinationPolicy` | Destination routing policy (forceTarget / block / allow with allow/block lists) |
+| `IVpnEventMap` | Typed event map for server and client EventEmitter |
 
 ### Server IPC Commands
 
@@ -317,7 +464,7 @@ const unit = VpnInstaller.generateServiceUnit({
 // All transports simultaneously (default) — WS + QUIC + WireGuard
 { transportMode: 'all', listenAddr: '0.0.0.0:443', wgPrivateKey: '...', wgListenPort: 51820 }
 
-// WS + QUIC only (backward compat)
+// WS + QUIC only
 { transportMode: 'both', listenAddr: '0.0.0.0:443', quicListenAddr: '0.0.0.0:4433' }
 
 // WebSocket only
@@ -376,7 +523,7 @@ pnpm install
 # Build (TypeScript + Rust cross-compile)
 pnpm build
 
-# Run all tests (79 TS + 132 Rust = 211 tests)
+# Run all tests
 pnpm test
 
 # Run Rust tests directly
@@ -393,6 +540,7 @@ smartvpn/
 ├── ts/                         # TypeScript control plane
 │   ├── index.ts                # All exports
 │   ├── smartvpn.interfaces.ts  # Interfaces, types, IPC command maps
+│   ├── smartvpn.plugins.ts     # Dependency imports
 │   ├── smartvpn.classes.vpnserver.ts
 │   ├── smartvpn.classes.vpnclient.ts
 │   ├── smartvpn.classes.vpnbridge.ts
@@ -417,7 +565,7 @@ smartvpn/
 │       ├── ratelimit.rs        # Token bucket
 │       ├── userspace_nat.rs    # Userspace TCP/UDP NAT proxy
 │       └── ...                 # tunnel, network, telemetry, qos, mtu, reconnect
-├── test/                       # 9 test files (79 tests)
+├── test/                       # Test files
 ├── dist_ts/                    # Compiled TypeScript
 └── dist_rust/                  # Cross-compiled binaries (linux amd64 + arm64)
 ```

rust/src/acl.rs

@@ -78,7 +78,7 @@ pub fn check_acl(security: &ClientSecurity, src_ip: Ipv4Addr, dst_ip: Ipv4Addr)
 /// Check if `ip` matches any pattern in the list.
 /// Supports: exact IP, CIDR notation, wildcard patterns (192.168.1.*),
 /// and IP ranges (192.168.1.1-192.168.1.100).
-fn ip_matches_any(ip: Ipv4Addr, patterns: &[String]) -> bool {
+pub fn ip_matches_any(ip: Ipv4Addr, patterns: &[String]) -> bool {
     for pattern in patterns {
         if ip_matches(ip, pattern) {
             return true;

rust/src/client_registry.rs

@@ -44,7 +44,12 @@ pub struct ClientEntry {
     pub priority: Option<u32>,
     /// Whether this client is enabled (default: true).
     pub enabled: Option<bool>,
-    /// Tags for grouping.
+    /// Tags assigned by the server admin — trusted, used for access control.
+    pub server_defined_client_tags: Option<Vec<String>>,
+    /// Tags reported by the connecting client — informational only.
+    pub client_defined_client_tags: Option<Vec<String>>,
+    /// Legacy tags field — treated as serverDefinedClientTags during deserialization.
+    #[serde(default)]
     pub tags: Option<Vec<String>>,
     /// Optional description.
     pub description: Option<String>,
@@ -90,7 +95,11 @@ impl ClientRegistry {
     /// Build a registry from a list of client entries.
     pub fn from_entries(entries: Vec<ClientEntry>) -> Result<Self> {
         let mut registry = Self::new();
-        for entry in entries {
+        for mut entry in entries {
+            // Migrate legacy `tags` → `serverDefinedClientTags`
+            if entry.server_defined_client_tags.is_none() && entry.tags.is_some() {
+                entry.server_defined_client_tags = entry.tags.take();
+            }
             registry.add(entry)?;
         }
         Ok(registry)
@@ -193,6 +202,8 @@ mod tests {
             security: None,
             priority: None,
             enabled: None,
+            server_defined_client_tags: None,
+            client_defined_client_tags: None,
             tags: None,
             description: None,
             expires_at: None,

rust/src/server.rs

@@ -24,6 +24,20 @@ use crate::tunnel::{self, TunConfig};
 /// Dead-peer timeout: 3x max keepalive interval (Healthy=60s).
 const DEAD_PEER_TIMEOUT: Duration = Duration::from_secs(180);
 
+/// Destination routing policy for VPN client traffic.
+#[derive(Debug, Clone, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct DestinationPolicyConfig {
+    /// Default action: "forceTarget", "block", or "allow".
+    pub default: String,
+    /// Target IP for "forceTarget" mode (e.g. "127.0.0.1").
+    pub target: Option<String>,
+    /// Destinations that pass through directly (not rewritten, not blocked).
+    pub allow_list: Option<Vec<String>>,
+    /// Destinations always blocked (overrides allowList, deny wins).
+    pub block_list: Option<Vec<String>>,
+}
+
 /// Server configuration (matches TS IVpnServerConfig).
 #[derive(Debug, Clone, Deserialize)]
 #[serde(rename_all = "camelCase")]
@@ -58,6 +72,12 @@ pub struct ServerConfig {
     pub proxy_protocol: Option<bool>,
     /// Server-level IP block list — applied at TCP accept, before Noise handshake.
     pub connection_ip_block_list: Option<Vec<String>>,
+    /// When true and forwarding_mode is "socket", the userspace NAT engine prepends
+    /// PROXY protocol v2 headers on outbound TCP connections, conveying the VPN client's
+    /// tunnel IP as the source address.
+    pub socket_forward_proxy_protocol: Option<bool>,
+    /// Destination routing policy for VPN client traffic (socket mode).
+    pub destination_policy: Option<DestinationPolicyConfig>,
     /// WireGuard: server X25519 private key (base64). Required when transport includes WG.
     pub wg_private_key: Option<String>,
     /// WireGuard: UDP listen port (default: 51820).
@@ -251,10 +271,13 @@ impl VpnServer {
             }
             ForwardingSetup::Socket { packet_tx, packet_rx, shutdown_rx } => {
                 *state.forwarding_engine.lock().await = ForwardingEngine::Socket(packet_tx);
+                let proxy_protocol = config.socket_forward_proxy_protocol.unwrap_or(false);
                 let nat_engine = crate::userspace_nat::NatEngine::new(
                     gateway_ip,
                     link_mtu as usize,
                     state.clone(),
+                    proxy_protocol,
+                    config.destination_policy.clone(),
                 );
                 tokio::spawn(async move {
                     if let Err(e) = nat_engine.run(packet_rx, shutdown_rx).await {
@@ -545,9 +568,16 @@ impl VpnServer {
             ).ok(),
             priority: partial.get("priority").and_then(|v| v.as_u64()).map(|v| v as u32),
             enabled: partial.get("enabled").and_then(|v| v.as_bool()).or(Some(true)),
-            tags: partial.get("tags").and_then(|v| {
+            server_defined_client_tags: partial.get("serverDefinedClientTags").and_then(|v| {
                 v.as_array().map(|a| a.iter().filter_map(|s| s.as_str().map(String::from)).collect())
+            }).or_else(|| {
+                // Legacy: accept "tags" as serverDefinedClientTags
+                partial.get("tags").and_then(|v| {
+                    v.as_array().map(|a| a.iter().filter_map(|s| s.as_str().map(String::from)).collect())
+                })
             }),
+            client_defined_client_tags: None, // Only set by connecting client
+            tags: None, // Legacy field — not used for new entries
             description: partial.get("description").and_then(|v| v.as_str()).map(String::from),
             expires_at: partial.get("expiresAt").and_then(|v| v.as_str()).map(String::from),
             assigned_ip: Some(assigned_ip.to_string()),
@@ -642,8 +672,11 @@ impl VpnServer {
             if let Some(enabled) = update.get("enabled").and_then(|v| v.as_bool()) {
                 entry.enabled = Some(enabled);
             }
-            if let Some(tags) = update.get("tags").and_then(|v| v.as_array()) {
-                entry.tags = Some(tags.iter().filter_map(|s| s.as_str().map(String::from)).collect());
+            if let Some(tags) = update.get("serverDefinedClientTags").and_then(|v| v.as_array()) {
+                entry.server_defined_client_tags = Some(tags.iter().filter_map(|s| s.as_str().map(String::from)).collect());
+            } else if let Some(tags) = update.get("tags").and_then(|v| v.as_array()) {
+                // Legacy: accept "tags" as serverDefinedClientTags
+                entry.server_defined_client_tags = Some(tags.iter().filter_map(|s| s.as_str().map(String::from)).collect());
             }
             if let Some(desc) = update.get("description").and_then(|v| v.as_str()) {
                 entry.description = Some(desc.to_string());

rust/src/userspace_nat.rs

@@ -13,7 +13,8 @@ use tokio::net::{TcpStream, UdpSocket};
 use tokio::sync::mpsc;
 use tracing::{debug, info, warn};
 
-use crate::server::ServerState;
+use crate::acl;
+use crate::server::{DestinationPolicyConfig, ServerState};
 use crate::tunnel;
 
 // ============================================================================
@@ -191,10 +192,25 @@ pub struct NatEngine {
     bridge_rx: mpsc::Receiver<BridgeMessage>,
     bridge_tx: mpsc::Sender<BridgeMessage>,
     start_time: std::time::Instant,
+    /// When true, outbound TCP connections prepend PROXY protocol v2 headers
+    /// with the VPN client's tunnel IP as source address.
+    proxy_protocol: bool,
+    /// Destination routing policy: forceTarget, block, or allow.
+    destination_policy: Option<DestinationPolicyConfig>,
+}
+
+/// Result of destination policy evaluation.
+enum DestinationAction {
+    /// Connect to the original destination.
+    PassThrough(SocketAddr),
+    /// Redirect to a target IP, preserving original port.
+    ForceTarget(SocketAddr),
+    /// Drop the packet silently.
+    Drop,
 }
 
 impl NatEngine {
-    pub fn new(gateway_ip: Ipv4Addr, mtu: usize, state: Arc<ServerState>) -> Self {
+    pub fn new(gateway_ip: Ipv4Addr, mtu: usize, state: Arc<ServerState>, proxy_protocol: bool, destination_policy: Option<DestinationPolicyConfig>) -> Self {
         let mut device = VirtualIpDevice::new(mtu);
         let config = Config::new(HardwareAddress::Ip);
         let now = smoltcp::time::Instant::from_millis(0);
@@ -226,6 +242,8 @@ impl NatEngine {
             bridge_rx,
             bridge_tx,
             start_time: std::time::Instant::now(),
+            proxy_protocol,
+            destination_policy,
         }
     }
 
@@ -233,6 +251,40 @@ impl NatEngine {
         smoltcp::time::Instant::from_millis(self.start_time.elapsed().as_millis() as i64)
     }
 
+    /// Evaluate destination policy for a packet's destination IP.
+    fn evaluate_destination(&self, dst_ip: Ipv4Addr, dst_port: u16) -> DestinationAction {
+        let policy = match &self.destination_policy {
+            Some(p) => p,
+            None => return DestinationAction::PassThrough(SocketAddr::new(dst_ip.into(), dst_port)),
+        };
+
+        // 1. Block list wins (deny overrides allow)
+        if let Some(ref block_list) = policy.block_list {
+            if !block_list.is_empty() && acl::ip_matches_any(dst_ip, block_list) {
+                return DestinationAction::Drop;
+            }
+        }
+
+        // 2. Allow list — pass through directly
+        if let Some(ref allow_list) = policy.allow_list {
+            if !allow_list.is_empty() && acl::ip_matches_any(dst_ip, allow_list) {
+                return DestinationAction::PassThrough(SocketAddr::new(dst_ip.into(), dst_port));
+            }
+        }
+
+        // 3. Default action
+        match policy.default.as_str() {
+            "forceTarget" => {
+                let target_ip = policy.target.as_deref()
+                    .and_then(|t| t.parse::<Ipv4Addr>().ok())
+                    .unwrap_or(Ipv4Addr::LOCALHOST);
+                DestinationAction::ForceTarget(SocketAddr::new(target_ip.into(), dst_port))
+            }
+            "block" => DestinationAction::Drop,
+            _ => DestinationAction::PassThrough(SocketAddr::new(dst_ip.into(), dst_port)),
+        }
+    }
+
     /// Inject a raw IP packet from a VPN client and handle new session creation.
     fn inject_packet(&mut self, packet: Vec<u8>) {
         let Some((ihl, src_ip, dst_ip, protocol)) = parse_ipv4_header(&packet) else {
@@ -257,7 +309,14 @@ impl NatEngine {
                 // SYN without ACK = new connection
                 let is_syn = (flags & 0x02) != 0 && (flags & 0x10) == 0;
                 if is_syn && !self.tcp_sessions.contains_key(&key) {
-                    self.create_tcp_session(&key);
+                    match self.evaluate_destination(dst_ip, dst_port) {
+                        DestinationAction::Drop => {
+                            debug!("NAT: destination policy blocked TCP {}:{} -> {}:{}", src_ip, src_port, dst_ip, dst_port);
+                            return;
+                        }
+                        DestinationAction::PassThrough(addr) => self.create_tcp_session(&key, addr),
+                        DestinationAction::ForceTarget(addr) => self.create_tcp_session(&key, addr),
+                    }
                 }
             }
             17 => {
@@ -274,7 +333,14 @@ impl NatEngine {
                 };
 
                 if !self.udp_sessions.contains_key(&key) {
-                    self.create_udp_session(&key);
+                    match self.evaluate_destination(dst_ip, dst_port) {
+                        DestinationAction::Drop => {
+                            debug!("NAT: destination policy blocked UDP {}:{} -> {}:{}", src_ip, src_port, dst_ip, dst_port);
+                            return;
+                        }
+                        DestinationAction::PassThrough(addr) => self.create_udp_session(&key, addr),
+                        DestinationAction::ForceTarget(addr) => self.create_udp_session(&key, addr),
+                    }
                 }
 
                 // Update last_activity for existing sessions
@@ -291,7 +357,7 @@ impl NatEngine {
         self.device.inject_packet(packet);
     }
 
-    fn create_tcp_session(&mut self, key: &SessionKey) {
+    fn create_tcp_session(&mut self, key: &SessionKey, connect_addr: SocketAddr) {
         // Create smoltcp TCP socket
         let tcp_rx_buf = tcp::SocketBuffer::new(vec![0u8; 65535]);
         let tcp_tx_buf = tcp::SocketBuffer::new(vec![0u8; 65535]);
@@ -319,11 +385,12 @@ impl NatEngine {
         };
         self.tcp_sessions.insert(key.clone(), session);
 
-        // Spawn bridge task that connects to the real destination
+        // Spawn bridge task that connects to the resolved destination
         let bridge_tx = self.bridge_tx.clone();
         let key_clone = key.clone();
+        let proxy_protocol = self.proxy_protocol;
         tokio::spawn(async move {
-            tcp_bridge_task(key_clone, data_rx, bridge_tx).await;
+            tcp_bridge_task(key_clone, data_rx, bridge_tx, proxy_protocol, connect_addr).await;
         });
 
         debug!(
@@ -332,7 +399,7 @@ impl NatEngine {
         );
     }
 
-    fn create_udp_session(&mut self, key: &SessionKey) {
+    fn create_udp_session(&mut self, key: &SessionKey, connect_addr: SocketAddr) {
         // Create smoltcp UDP socket
         let udp_rx_buf = udp::PacketBuffer::new(
             vec![udp::PacketMetadata::EMPTY; 32],
@@ -368,7 +435,7 @@ impl NatEngine {
         let bridge_tx = self.bridge_tx.clone();
         let key_clone = key.clone();
         tokio::spawn(async move {
-            udp_bridge_task(key_clone, data_rx, bridge_tx).await;
+            udp_bridge_task(key_clone, data_rx, bridge_tx, connect_addr).await;
         });
 
         debug!(
@@ -531,20 +598,20 @@ async fn tcp_bridge_task(
     key: SessionKey,
     mut data_rx: mpsc::Receiver<Vec<u8>>,
     bridge_tx: mpsc::Sender<BridgeMessage>,
+    proxy_protocol: bool,
+    connect_addr: SocketAddr,
 ) {
-    let addr = SocketAddr::new(key.dst_ip.into(), key.dst_port);
-
-    // Connect to real destination with timeout
-    let stream = match tokio::time::timeout(Duration::from_secs(30), TcpStream::connect(addr)).await
+    // Connect to resolved destination (may differ from key.dst_ip if policy rewrote it)
+    let stream = match tokio::time::timeout(Duration::from_secs(30), TcpStream::connect(connect_addr)).await
     {
         Ok(Ok(s)) => s,
         Ok(Err(e)) => {
-            debug!("NAT TCP connect to {} failed: {}", addr, e);
+            debug!("NAT TCP connect to {} failed: {}", connect_addr, e);
             let _ = bridge_tx.send(BridgeMessage::TcpClosed { key }).await;
             return;
         }
         Err(_) => {
-            debug!("NAT TCP connect to {} timed out", addr);
+            debug!("NAT TCP connect to {} timed out", connect_addr);
             let _ = bridge_tx.send(BridgeMessage::TcpClosed { key }).await;
             return;
         }
@@ -552,6 +619,18 @@ async fn tcp_bridge_task(
 
     let (mut reader, mut writer) = stream.into_split();
 
+    // Send PROXY protocol v2 header with VPN client's tunnel IP as source
+    if proxy_protocol {
+        let src = SocketAddr::new(key.src_ip.into(), key.src_port);
+        let dst = SocketAddr::new(key.dst_ip.into(), key.dst_port);
+        let pp_header = crate::proxy_protocol::build_pp_v2_header(src, dst);
+        if let Err(e) = writer.write_all(&pp_header).await {
+            debug!("NAT: failed to send PP v2 header to {}: {}", connect_addr, e);
+            let _ = bridge_tx.send(BridgeMessage::TcpClosed { key }).await;
+            return;
+        }
+    }
+
     // Read from real socket → send to NAT engine
     let bridge_tx2 = bridge_tx.clone();
     let key2 = key.clone();
@@ -594,6 +673,7 @@ async fn udp_bridge_task(
     key: SessionKey,
     mut data_rx: mpsc::Receiver<Vec<u8>>,
     bridge_tx: mpsc::Sender<BridgeMessage>,
+    connect_addr: SocketAddr,
 ) {
     let socket = match UdpSocket::bind("0.0.0.0:0").await {
         Ok(s) => s,
@@ -602,7 +682,7 @@ async fn udp_bridge_task(
             return;
         }
     };
-    let dest = SocketAddr::new(key.dst_ip.into(), key.dst_port);
+    let dest = connect_addr;
 
     let socket = Arc::new(socket);
     let socket2 = socket.clone();

ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@push.rocks/smartvpn',
-  version: '1.11.0',
+  version: '1.15.0',
   description: 'A VPN solution with TypeScript control plane and Rust data plane daemon'
 }

ts/smartvpn.classes.vpnserver.ts

@@ -12,6 +12,7 @@ import type {
   IWgPeerInfo,
   IClientEntry,
   IClientConfigBundle,
+  IDestinationPolicy,
   TVpnServerCommands,
 } from './smartvpn.interfaces.js';
 
@@ -21,6 +22,10 @@ import type {
 export class VpnServer extends plugins.events.EventEmitter {
   private bridge: VpnBridge<TVpnServerCommands>;
   private options: IVpnServerOptions;
+  private nft?: plugins.smartnftables.SmartNftables;
+  private nftHealthInterval?: ReturnType<typeof setInterval>;
+  private nftSubnet?: string;
+  private nftPolicy?: IDestinationPolicy;
 
   constructor(options: IVpnServerOptions) {
     super();
@@ -50,6 +55,11 @@ export class VpnServer extends plugins.events.EventEmitter {
     const cfg = config || this.options.config;
     if (cfg) {
       await this.bridge.sendCommand('start', { config: cfg });
+
+      // For TUN mode with a destination policy, set up nftables rules
+      if (cfg.forwardingMode === 'tun' && cfg.destinationPolicy) {
+        await this.setupTunDestinationPolicy(cfg.subnet, cfg.destinationPolicy);
+      }
     }
   }
 
@@ -229,10 +239,110 @@ export class VpnServer extends plugins.events.EventEmitter {
     return this.bridge.sendCommand('generateClientKeypair', {} as Record<string, never>);
   }
 
+  // ── TUN Destination Policy via nftables ──────────────────────────────
+
+  /**
+   * Set up nftables rules for TUN mode destination policy.
+   * Also starts a 60-second health check interval to re-apply if rules are removed externally.
+   */
+  private async setupTunDestinationPolicy(subnet: string, policy: IDestinationPolicy): Promise<void> {
+    this.nftSubnet = subnet;
+    this.nftPolicy = policy;
+    this.nft = new plugins.smartnftables.SmartNftables({
+      tableName: 'smartvpn_tun',
+      dryRun: process.getuid?.() !== 0,
+    });
+
+    await this.nft.initialize();
+    await this.applyDestinationPolicyRules();
+
+    // Health check: re-apply rules if they disappear
+    this.nftHealthInterval = setInterval(async () => {
+      if (!this.nft) return;
+      try {
+        const exists = await this.nft.tableExists();
+        if (!exists) {
+          console.warn('[smartvpn] nftables rules missing, re-applying destination policy');
+          this.nft = new plugins.smartnftables.SmartNftables({
+            tableName: 'smartvpn_tun',
+          });
+          await this.nft.initialize();
+          await this.applyDestinationPolicyRules();
+        }
+      } catch (err) {
+        console.warn(`[smartvpn] nftables health check failed: ${err}`);
+      }
+    }, 60_000);
+  }
+
+  /**
+   * Apply destination policy as nftables rules.
+   * Order: blockList (drop) → allowList (accept) → default action.
+   */
+  private async applyDestinationPolicyRules(): Promise<void> {
+    if (!this.nft || !this.nftSubnet || !this.nftPolicy) return;
+
+    const subnet = this.nftSubnet;
+    const policy = this.nftPolicy;
+    const family = 'ip';
+    const table = 'smartvpn_tun';
+    const commands: string[] = [];
+
+    // 1. Block list (deny wins — evaluated first)
+    if (policy.blockList) {
+      for (const dest of policy.blockList) {
+        commands.push(
+          `nft add rule ${family} ${table} prerouting ip saddr ${subnet} ip daddr ${dest} drop`
+        );
+      }
+    }
+
+    // 2. Allow list (pass through directly — skip DNAT)
+    if (policy.allowList) {
+      for (const dest of policy.allowList) {
+        commands.push(
+          `nft add rule ${family} ${table} prerouting ip saddr ${subnet} ip daddr ${dest} accept`
+        );
+      }
+    }
+
+    // 3. Default action
+    switch (policy.default) {
+      case 'forceTarget': {
+        const target = policy.target || '127.0.0.1';
+        commands.push(
+          `nft add rule ${family} ${table} prerouting ip saddr ${subnet} dnat to ${target}`
+        );
+        break;
+      }
+      case 'block':
+        commands.push(
+          `nft add rule ${family} ${table} prerouting ip saddr ${subnet} drop`
+        );
+        break;
+      case 'allow':
+        // No rule needed — kernel default allows
+        break;
+    }
+
+    if (commands.length > 0) {
+      await this.nft.applyRuleGroup('vpn-destination-policy', commands);
+    }
+  }
+
   /**
    * Stop the daemon bridge.
    */
   public stop(): void {
+    // Clean up nftables rules
+    if (this.nftHealthInterval) {
+      clearInterval(this.nftHealthInterval);
+      this.nftHealthInterval = undefined;
+    }
+    if (this.nft) {
+      this.nft.cleanup().catch(() => {}); // best-effort cleanup
+      this.nft = undefined;
+    }
     this.bridge.stop();
   }
 

ts/smartvpn.interfaces.ts

@@ -57,6 +57,8 @@ export interface IVpnClientConfig {
   wgEndpoint?: string;
   /** WireGuard: allowed IPs (CIDR strings, e.g. ['0.0.0.0/0']) */
   wgAllowedIps?: string[];
+  /** Client-defined tags reported to the server after connection (informational, not for access control) */
+  clientDefinedClientTags?: string[];
 }
 
 export interface IVpnClientOptions {
@@ -118,6 +120,32 @@ export interface IVpnServerConfig {
   /** Server-level IP block list — applied at TCP accept, before Noise handshake.
    *  Supports exact IPs, CIDR, wildcards, ranges. */
   connectionIpBlockList?: string[];
+  /** When true and forwardingMode is 'socket', the userspace NAT engine prepends
+   *  PROXY protocol v2 headers on outbound TCP connections, conveying the VPN client's
+   *  tunnel IP as the source address. This allows downstream services (e.g. SmartProxy)
+   *  to see the real VPN client identity instead of 127.0.0.1. */
+  socketForwardProxyProtocol?: boolean;
+  /** Destination routing policy for VPN client traffic (socket mode).
+   *  Controls where decrypted traffic goes: allow through, block, or redirect to a target.
+   *  Default: all traffic passes through (backward compatible). */
+  destinationPolicy?: IDestinationPolicy;
+}
+
+/**
+ * Destination routing policy for VPN client traffic.
+ * Evaluated per-packet in the NAT engine before per-client ACLs.
+ */
+export interface IDestinationPolicy {
+  /** Default action for traffic not matching allow/block lists */
+  default: 'forceTarget' | 'block' | 'allow';
+  /** Target IP address for 'forceTarget' mode (e.g. '127.0.0.1'). Required when default is 'forceTarget'. */
+  target?: string;
+  /** Destinations that pass through directly — not rewritten, not blocked.
+   *  Supports: exact IP, CIDR, wildcards (192.168.190.*), ranges. */
+  allowList?: string[];
+  /** Destinations that are always blocked. Overrides allowList (deny wins).
+   *  Supports: exact IP, CIDR, wildcards, ranges. */
+  blockList?: string[];
 }
 
 export interface IVpnServerOptions {
@@ -285,7 +313,11 @@ export interface IClientEntry {
   priority?: number;
   /** Whether this client is enabled (default: true) */
   enabled?: boolean;
-  /** Tags for grouping (e.g. ["engineering", "office"]) */
+  /** Tags assigned by the server admin — trusted, used for access control (e.g. ["engineering", "office"]) */
+  serverDefinedClientTags?: string[];
+  /** Tags reported by the connecting client — informational only, never used for access control */
+  clientDefinedClientTags?: string[];
+  /** @deprecated Use serverDefinedClientTags instead. Legacy field kept for backward compatibility. */
   tags?: string[];
   /** Optional description */
   description?: string;

ts/smartvpn.plugins.ts

@@ -8,7 +8,8 @@ import * as events from 'events';
 export { path, fs, os, url, events };
 
 // @push.rocks
+import * as smartnftables from '@push.rocks/smartnftables';
 import * as smartpath from '@push.rocks/smartpath';
 import * as smartrust from '@push.rocks/smartrust';
 
-export { smartpath, smartrust };
+export { smartnftables, smartpath, smartrust };