feat(vpn): add per-client routing controls and bridge forwarding support for VPN clients

2026-04-01 05:13:01 +00:00
parent 81f8e543e1
commit c1452131fa
13 changed files with 483 additions and 25 deletions
--- a/ts/opsserver/handlers/vpn.handler.ts
+++ b/ts/opsserver/handlers/vpn.handler.ts
@@ -31,6 +31,14 @@ export class VpnHandler {
            createdAt: c.createdAt,
            updatedAt: c.updatedAt,
            expiresAt: c.expiresAt,
+            forceDestinationSmartproxy: c.forceDestinationSmartproxy ?? true,
+            destinationAllowList: c.destinationAllowList,
+            destinationBlockList: c.destinationBlockList,
+            useHostIp: c.useHostIp,
+            useDhcp: c.useDhcp,
+            staticIp: c.staticIp,
+            forceVlan: c.forceVlan,
+            vlanId: c.vlanId,
          }));
          return { clients };
        },
@@ -114,8 +122,21 @@ export class VpnHandler {
              clientId: dataArg.clientId,
              serverDefinedClientTags: dataArg.serverDefinedClientTags,
              description: dataArg.description,
+              forceDestinationSmartproxy: dataArg.forceDestinationSmartproxy,
+              destinationAllowList: dataArg.destinationAllowList,
+              destinationBlockList: dataArg.destinationBlockList,
+              useHostIp: dataArg.useHostIp,
+              useDhcp: dataArg.useDhcp,
+              staticIp: dataArg.staticIp,
+              forceVlan: dataArg.forceVlan,
+              vlanId: dataArg.vlanId,
            });

+            // Retrieve the persisted doc to get dcrouter-level fields
+            const persistedClient = manager.listClients().find(
+              (c) => c.clientId === bundle.entry.clientId,
+            );
+
            return {
              success: true,
              client: {
@@ -127,6 +148,14 @@ export class VpnHandler {
                createdAt: Date.now(),
                updatedAt: Date.now(),
                expiresAt: bundle.entry.expiresAt,
+                forceDestinationSmartproxy: persistedClient?.forceDestinationSmartproxy ?? true,
+                destinationAllowList: persistedClient?.destinationAllowList,
+                destinationBlockList: persistedClient?.destinationBlockList,
+                useHostIp: persistedClient?.useHostIp,
+                useDhcp: persistedClient?.useDhcp,
+                staticIp: persistedClient?.staticIp,
+                forceVlan: persistedClient?.forceVlan,
+                vlanId: persistedClient?.vlanId,
              },
              wireguardConfig: bundle.wireguardConfig,
            };
@@ -151,6 +180,14 @@ export class VpnHandler {
            await manager.updateClient(dataArg.clientId, {
              description: dataArg.description,
              serverDefinedClientTags: dataArg.serverDefinedClientTags,
+              forceDestinationSmartproxy: dataArg.forceDestinationSmartproxy,
+              destinationAllowList: dataArg.destinationAllowList,
+              destinationBlockList: dataArg.destinationBlockList,
+              useHostIp: dataArg.useHostIp,
+              useDhcp: dataArg.useDhcp,
+              staticIp: dataArg.staticIp,
+              forceVlan: dataArg.forceVlan,
+              vlanId: dataArg.vlanId,
            });
            return { success: true };
          } catch (err: unknown) {