nessi/NexaVPN
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add web proxy target allowlist support via NEXAVPN_ALWAYS_ALLOW_WEB_PROXY_IPS environment variable

Browse Source 
Add alwaysAllowWebProxyTargets function to parse comma-separated IPs from NEXAVPN_ALWAYS_ALLOW_WEB_PROXY_IPS environment variable with deduplication. Update mergeProfileAllowedIPs to accept webProxyTargets parameter and merge them into profile allowed IPs using /32 routes. Add WebProxyTargets field to wireguard.Peer struct and populate it in BuildSyncBundle and device enrollment/policy application
This commit is contained in:
Sascha Nesterovic
2026-03-18 09:39:40 +01:00
parent d1940e6f28
commit ab7275059f
5 changed files with 71 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
deploy/.env.example
View File

@@ -24,3 +24,4 @@ NEXAVPN_GATEWAY_INTERFACE=wg0
NEXAVPN_UPLINK_INTERFACE=eth0
NEXAVPN_ENABLE_MASQUERADE=true
NEXAVPN_BACKEND_HOST=127.0.0.1
NEXAVPN_ALWAYS_ALLOW_WEB_PROXY_IPS=172.16.0.109

4
deploy/scripts/gateway-entrypoint.sh
View File

@@ -118,6 +118,10 @@ EOF
echo " iifname \"${IFACE}\" ip saddr ${ASSIGNED_IP} ip daddr ${dns_server} udp dport 53 accept"
echo " iifname \"${IFACE}\" ip saddr ${ASSIGNED_IP} ip daddr ${dns_server} tcp dport 53 accept"
done
printf '%s' "${peer}" | jq -r '.web_proxy_targets[]?' | while read -r proxy_target; do
echo " iifname \"${IFACE}\" ip saddr ${ASSIGNED_IP} ip daddr ${proxy_target} tcp dport 80 accept"
echo " iifname \"${IFACE}\" ip saddr ${ASSIGNED_IP} ip daddr ${proxy_target} tcp dport 443 accept"
done
printf '%s' "${peer}" | jq -r '.allowed_destinations[]?' | while read -r destination; do
echo " iifname \"${IFACE}\" ip saddr ${ASSIGNED_IP} ip daddr ${destination} accept"
done