feat(vpn): add destination-based VPN routing policy and standardize socket proxy forwarding
This commit is contained in:
@@ -14,8 +14,6 @@ export interface IVpnManagerConfig {
|
||||
dns?: string[];
|
||||
/** Server endpoint hostname for client configs (e.g. 'vpn.example.com') */
|
||||
serverEndpoint?: string;
|
||||
/** Override forwarding mode. Default: auto-detect (tun if root, socket otherwise) */
|
||||
forwardingMode?: 'tun' | 'socket';
|
||||
/** Pre-defined VPN clients created on startup (idempotent — skips already-persisted clients) */
|
||||
initialClients?: Array<{
|
||||
clientId: string;
|
||||
@@ -24,6 +22,13 @@ export interface IVpnManagerConfig {
|
||||
}>;
|
||||
/** Called when clients are created/deleted/toggled — triggers route re-application */
|
||||
onClientChanged?: () => void;
|
||||
/** Destination routing policy override. Default: forceTarget to 127.0.0.1 */
|
||||
destinationPolicy?: {
|
||||
default: 'forceTarget' | 'block' | 'allow';
|
||||
target?: string;
|
||||
allowList?: string[];
|
||||
blockList?: string[];
|
||||
};
|
||||
}
|
||||
|
||||
interface IPersistedServerKeys {
|
||||
@@ -58,19 +63,10 @@ export class VpnManager {
|
||||
private vpnServer?: plugins.smartvpn.VpnServer;
|
||||
private clients: Map<string, IPersistedClient> = new Map();
|
||||
private serverKeys?: IPersistedServerKeys;
|
||||
private _forwardingMode: 'tun' | 'socket';
|
||||
|
||||
constructor(storageManager: StorageManager, config: IVpnManagerConfig) {
|
||||
this.storageManager = storageManager;
|
||||
this.config = config;
|
||||
// Auto-detect forwarding mode: tun if root, socket otherwise
|
||||
this._forwardingMode = config.forwardingMode
|
||||
?? (process.getuid?.() === 0 ? 'tun' : 'socket');
|
||||
}
|
||||
|
||||
/** The effective forwarding mode (tun or socket). */
|
||||
public get forwardingMode(): 'tun' | 'socket' {
|
||||
return this._forwardingMode;
|
||||
}
|
||||
|
||||
/** The VPN subnet CIDR. */
|
||||
@@ -123,12 +119,14 @@ export class VpnManager {
|
||||
publicKey: this.serverKeys.noisePublicKey,
|
||||
subnet,
|
||||
dns: this.config.dns,
|
||||
forwardingMode: this._forwardingMode,
|
||||
forwardingMode: 'socket',
|
||||
transportMode: 'all',
|
||||
wgPrivateKey: this.serverKeys.wgPrivateKey,
|
||||
wgListenPort,
|
||||
clients: clientEntries,
|
||||
socketForwardProxyProtocol: this._forwardingMode === 'socket',
|
||||
socketForwardProxyProtocol: true,
|
||||
destinationPolicy: this.config.destinationPolicy
|
||||
?? { default: 'forceTarget' as const, target: '127.0.0.1' },
|
||||
};
|
||||
|
||||
await this.vpnServer.start(serverConfig);
|
||||
@@ -147,7 +145,7 @@ export class VpnManager {
|
||||
}
|
||||
}
|
||||
|
||||
logger.log('info', `VPN server started: mode=${this._forwardingMode}, subnet=${subnet}, wg=:${wgListenPort}, clients=${this.clients.size}`);
|
||||
logger.log('info', `VPN server started: subnet=${subnet}, wg=:${wgListenPort}, clients=${this.clients.size}`);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user