fix(vpn): configure SmartVPN client exports with explicit server endpoint and split-tunnel allowed IPs
This commit is contained in:
@@ -3,6 +3,6 @@
|
||||
*/
|
||||
export const commitinfo = {
|
||||
name: '@serve.zone/dcrouter',
|
||||
version: '11.19.0',
|
||||
version: '11.19.1',
|
||||
description: 'A multifaceted routing service handling mail and SMS delivery functions.'
|
||||
}
|
||||
|
||||
@@ -127,6 +127,10 @@ export class VpnManager {
|
||||
socketForwardProxyProtocol: true,
|
||||
destinationPolicy: this.config.destinationPolicy
|
||||
?? { default: 'forceTarget' as const, target: '127.0.0.1' },
|
||||
serverEndpoint: this.config.serverEndpoint
|
||||
? `${this.config.serverEndpoint}:${wgListenPort}`
|
||||
: undefined,
|
||||
clientAllowedIPs: [subnet],
|
||||
};
|
||||
|
||||
await this.vpnServer.start(serverConfig);
|
||||
@@ -184,15 +188,6 @@ export class VpnManager {
|
||||
description: opts.description,
|
||||
});
|
||||
|
||||
// Update WireGuard config endpoint if serverEndpoint is configured
|
||||
if (this.config.serverEndpoint && bundle.wireguardConfig) {
|
||||
const wgPort = this.config.wgListenPort ?? 51820;
|
||||
bundle.wireguardConfig = bundle.wireguardConfig.replace(
|
||||
/Endpoint\s*=\s*.+/,
|
||||
`Endpoint = ${this.config.serverEndpoint}:${wgPort}`,
|
||||
);
|
||||
}
|
||||
|
||||
// Persist client entry (without private keys)
|
||||
const persisted: IPersistedClient = {
|
||||
clientId: bundle.entry.clientId,
|
||||
@@ -270,15 +265,6 @@ export class VpnManager {
|
||||
if (!this.vpnServer) throw new Error('VPN server not running');
|
||||
const bundle = await this.vpnServer.rotateClientKey(clientId);
|
||||
|
||||
// Update endpoint in WireGuard config
|
||||
if (this.config.serverEndpoint && bundle.wireguardConfig) {
|
||||
const wgPort = this.config.wgListenPort ?? 51820;
|
||||
bundle.wireguardConfig = bundle.wireguardConfig.replace(
|
||||
/Endpoint\s*=\s*.+/,
|
||||
`Endpoint = ${this.config.serverEndpoint}:${wgPort}`,
|
||||
);
|
||||
}
|
||||
|
||||
// Update persisted entry with new public keys
|
||||
const client = this.clients.get(clientId);
|
||||
if (client) {
|
||||
@@ -296,18 +282,7 @@ export class VpnManager {
|
||||
*/
|
||||
public async exportClientConfig(clientId: string, format: 'smartvpn' | 'wireguard'): Promise<string> {
|
||||
if (!this.vpnServer) throw new Error('VPN server not running');
|
||||
let config = await this.vpnServer.exportClientConfig(clientId, format);
|
||||
|
||||
// Update endpoint in WireGuard config
|
||||
if (format === 'wireguard' && this.config.serverEndpoint) {
|
||||
const wgPort = this.config.wgListenPort ?? 51820;
|
||||
config = config.replace(
|
||||
/Endpoint\s*=\s*.+/,
|
||||
`Endpoint = ${this.config.serverEndpoint}:${wgPort}`,
|
||||
);
|
||||
}
|
||||
|
||||
return config;
|
||||
return this.vpnServer.exportClientConfig(clientId, format);
|
||||
}
|
||||
|
||||
// ── Tag-based access control ───────────────────────────────────────────
|
||||
|
||||
Reference in New Issue
Block a user