Forum Replies Created
-
AuthorPosts
-
That makes sense. The last comma inadvertently appends an empty string to the DisallowedApps list. This empty string acts as a wildcard, effectively matching every process on the machine and thereby excluding all of them from the VPN.
Благодарю за информацию! Подозреваю, что это тоже какой-то специфичный случай. Добавим в коллекцию, надо будет какой-то FAQ составить по этому топику.
I suspect that activating Mullvad VPN is altering your routing table, making your server inaccessible from the LAN (so called kill-switch). In your Mullvad configuration, check the ‘AllowedIps’ setting. To maintain LAN access while connected to the VPN, replace ‘0.0.0.0/0’ with ‘AllowedIPs=0.0.0.0/1, 128.0.0.0/1’. This split tunneling approach should allow LAN connectivity.
Could you please clarify a few details to help me understand your needs more accurately:
1. Are you inquiring about the WireSock VPN Client or the WireSock VPN Gateway?
2.Could you provide a more detailed description of your current network setup?Your responses will enable me to offer the most effective advice for your specific situation.
Thank you for the update. The logs you provided clearly indicate that there’s no response from the WireGuard server, suggesting that the issue might stem from the VPN server itself. This lack of response could be unintentional, possibly due to the server being unable to handle the workload. It’s also possible that the native client is designed to switch to another server in such scenarios. Following your report, I conducted tests by downloading large files using qBittorrent, but I didn’t encounter the same issue. It’s worth noting, however, that I used my own VPN server for these tests. To further investigate, it might be helpful to increase the number of torrents and observe any changes.
Could you share your configuration details (excluding any keys)? Based on the logs, it seems you’re using a virtual adapter mode. I’m curious to know if this issue also occurs in adapterless mode.
Сделать можно и в общем, наверное, не сильно сложно. Но не уверен насколько подобное востребовано, на первый взгляд специализированное решение под какую-то конкретную задачу. 🤔
The location of WireSock logs depends on the mode in which WireSock is operated. When running as a service, logs are stored at C:\ProgramData\NT KERNEL\WireSock VPN Client. For console application mode, logging happens directly in the console. In the case of WireSockUI, logs are only accessible in the specific tab where you attached your screenshot.
From the screenshot you’ve provided, it seems the Wireguard handshake isn’t being acknowledged, causing the tunnel to attempt restarts and continuously send new handshakes. Notably, if your VPN provider’s app connects without issue, it’s important to mention that VPN providers often use the reserved fields of the Wireguard protocol for specific purposes. Cloudflare, for instance, does this but still supports the standard Wireguard client. Without detailed information about your VPN provider, I cannot discount the possibility that they might be using similar techniques or subtly nudging users towards their own client software.
Could you please let me know which versions of WireSock VPN Client and WireSockUI you are currently using, considering there have been several software updates since then? Additionally, it would be helpful if you could reproduce the issue with logging enabled and share the logs. This would greatly assist in diagnosing the problem.
- This reply was modified 1 year, 1 month ago by Vadim Smirnov.
1069 – это logon error. У пользователя ornamau\hmmmk есть все необходимые права (SeServiceLogonRight?), чтобы запускать под ним сервисы? Под LocalSystem запустить пробовали?
Indeed, it’s been observed that the Terminal can encounter peculiar difficulties when dealing with SC. For a more stable experience, I suggest running the Command Prompt (CMD) with Administrator rights as an alternative.
I’ve updated the functionality to include support for encrypted configurations within setups where the WireSock VPN Client service operates under a user account that differs from the LocalSystem account:
https://www.wiresock.net/downloads/wiresock-vpn-client-x64-1.2.32.1.msi
https://www.wiresock.net/downloads/wiresock-vpn-client-x86-1.2.32.1.msi
https://www.wiresock.net/downloads/wiresock-vpn-client-ARM64-1.2.32.1.msi
I’ve implemented the feature you requested. The command-line client now includes an additional ‘import’ command. This command securely encrypts the specified configuration using LocalSystem credentials and stores it in a specially secured folder. Once encrypted, the configuration can be conveniently utilized through a shortened path reference., e.g.
C:\test>wiresock-client.exe import C:\test\test.conf Imported WireGuard configuration: C:\Program Files\WireSock VPN Client\conf\test.conf.dpapi C:\test>wiresock-client.exe install -start-type 2 -config test.conf.dpapi -log-level none
Please find attached the updated MSI packages, version 1.2.31, for your review. I invite you to test it out and share your feedback to ensure it meets your expectations.
https://www.wiresock.net/downloads/wiresock-vpn-client-x64-1.2.31.1.msi
https://www.wiresock.net/downloads/wiresock-vpn-client-x86-1.2.31.1.msi
https://www.wiresock.net/downloads/wiresock-vpn-client-ARM64-1.2.31.1.msi
Thank you for the clarification. To achieve the behavior you’re looking for, you could place the configuration file within the ‘bin’ subdirectory of Wiresock. This way, users lacking Administrator privileges will have read-only access and won’t be able to modify the file. To install the service in this setup, you can use the command:
wiresock-client.exe install --start-type 2 --config config_file_name.conf --log-level none
.If your preference is to prevent users from even viewing the configuration settings, I believe I can incorporate an option to encrypt the configuration file. Would this solution meet your requirements?
I haven’t verified this personally, but I believe that the standard WireGuard client employs the credentials of the current user to encrypt its configuration file. Integrating a comparable feature into Wiresock wouldn’t be particularly challenging, but the specifics of its implementation would vary based on how you intend to use it. Are you interested in having this encryption feature in the command-line interface (CLI) client? Additionally, how do you foresee utilizing the CLI client—would you run it manually as an application, or would you prefer it to operate as a background service? Alternatively, would the WireSockUI be your preferred interface for this functionality?
Thanks for the update!
While I understand that installing the NDIS filter driver might not be feasible in WinPE, encountering issues with the standard Wireguard for Windows is surprising. Given that it’s essentially just another network interface driver, I would anticipate that it should be possible to get it working.
-
AuthorPosts