[IXSoul]

Thank you so much for clearing that up for me!

[IXSoul]

I suppose my question was where does this protection against DPI occur. Does it help against Wireguard detection at the sender, the receiver, or only in between them (such as for passing through the GFW)?

[IXSoul]

I can do the functionality with the GUI version as well as I mentioned. However it being handled automatically by PostUp PostDown would be advantageous in terms of ease of use. But I understand, thank you

[IXSoul]

Thank you!

Last question about that. Does this help at an end-to-end level? Such as at the client and at/after the server? Or would the DPI done here happen hop-to-hop, and the advantage would be to avoid like firewalls before the wireguard server?

[IXSoul]

Also, correct me if I’m wrong but in this case you are saying the SOCKS5 proxy should be remote (possibly under the same machine of the VPN server), not local correct? Otherwise if it was local you would be sending handshakes via your own internet connection?

[IXSoul]

I forgot to mention, in this use case the list of IPs is not known ahead of time or is too large, so it needs to be retrieved dynamically, so DisallowedIPs would not be an efficient solution here.

[IXSoul]

I understand, my question was more regarding which SOCKS5 proxy to use for this, that WireSock would connect to. If it’s specific or any SOCKS5 proxy would be efficient, such as https://mitmproxy.org

[IXSoul]

The ability to use powershell scripts on connecting and disconnecting from the VPN would be beneficial for my particular use case. For example if I want to allow only some traffic from an executable to pass via the base connection and not the VPN originating only from a subset of IPs the executable uses, I can’t do this currently with WireSock. Putting the executable in the DisallowedApps list would allow all traffic. With a powershell command, I could perform DNS queries among other things, and add these routes manually via powershell as well. This isn’t to say that I couldn’t just connect to WireSockUI and run these commands separately in powershell, because I believe you totally could. However, having it done automatically integrated into WireSock would be much more convenient!

The practical example/use case for this is imagine you are using a VPN to connect to some service in which you to mask your IP and geolocation, such as a foreign game. However, the download of the game does not send any identifying information and is handled separately (although through the same exe). Routing the download of the game to use your base internet would generally get you better throughput, but also avoid using a lot of data on the remote VPN server.

[IXSoul]

Sounds like a good solution! Thank you for your hard work

[IXSoul]

Is there a way to currently achieve that killswitch behavior with WireSock/WireSockUI?

[Author]

Posts