m/rdp-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

рабочий вариант, но скороть 10 МБит
build / backend (push) Has been cancelled
Details
build / node-agent (push) Has been cancelled
Details
build / worker (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Mikhail
2026-05-22 21:46:49 +03:00
parent 469fa0e860
commit 20d361a886
280 changed files with 954890 additions and 18524 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/operations/VPN_BASELINE_0.2.87.md
+7 -9
View File
@@ -2,9 +2,8 @@
Date: 2026-05-05
This document freezes the current near-working VPN state. Treat it as the
rollback and comparison point before changing the Android VPN dataplane,
gateway assignment, mesh route intents, or packet relay behavior.
This archived document records the pre-fabric VPN state for comparison only.
It is not a rollback instruction for the current farm standard.
## Baseline components
@@ -23,7 +22,7 @@ gateway assignment, mesh route intents, or packet relay behavior.
- DNS from exit side: `192.168.200.210`
- Client tunnel: full tunnel, `0.0.0.0/0`, VPN address `10.77.0.2/24`
- Active gateway lease: home-1, generation `8`
- Active relay transport: `backend_http_packet_relay`
- Current farm standard: QUIC fabric packet transport only.
## Current working behavior
@@ -59,9 +58,8 @@ delays, and RDP sessions that connect and later drop.
- Do not reduce Android `TUN_WRITE_MAX_RETRIES` below `1000` without a
controlled regression test.
- Do not relax Android VPN source-address validation.
- Do not re-enable the home-1 `vpn_packets` fabric mesh route intent for this
connection until the Android client can intentionally use the fabric entry
path. The current working baseline relies on `backend_http_packet_relay`.
- Do not reintroduce direct backend packet relay. VPN packets must use the
fabric session or fabric mesh packet transport.
- Do not change the active entry/exit away from home-1 without saving packet
counters before and after.
- Do not change DNS away from `192.168.200.210` without checking full-tunnel
@@ -75,5 +73,5 @@ delays, and RDP sessions that connect and later drop.
2. Add clearer per-flow counters for long-lived TCP flows such as RDP.
3. Add a small repeatable smoke test: DNS, direct IP HTTP, 2ip.ru, Telegram-like
long connection, and RDP port reachability.
4. Only after this baseline is stable, move Android entry traffic from backend
relay to fabric mesh.
4. Keep Android entry traffic on the fabric path and compare behavior against
this archived baseline only for diagnostics.