Forum Replies Created
-
Posts
-
Thank you for reaching out regarding the issue you’re experiencing with Wiresock in your restricted network environment.
Please note that Wiresock does not support using localhost IP (127.0.0.1) as an endpoint. I recommend trying to specify the real local IP address instead of 127.0.0.1 for the WireGuard config endpoint.
However, I must mention that I am not certain if this change will work out-of-the-box, and some code adjustments may be necessary to ensure proper functionality of local redirect
If you encounter any issues, we recommend first trying to start the application/service with the ‘-log-level all’ command line parameter. If running the application, this will output the debug log to the console and save processed packets into PCAP files for analysis.
The method to bypass the Egyps wireguard vpn blocking won’t work any more,I just tested it.
The post was created over a year ago, so the situation may have changed since then and I am unable to verify if the information is still accurate.
BTW,is it any quick method or tools to detect if the ISP blocks UDP or not,since some ISP may block the UDP protocol so wireguard won’t work at all.It would be nice to do so before to install wireguard.
One possible solution to test whether UDP is blocked or not is to use performance measurement tools such as iperf3. These tools can help to determine if there are any issues with network performance that could be impacting the use of UDP. By conducting these tests prior to installing Wireguard, you can proactively identify any potential issues and take appropriate steps to address them.
It’s Windows Server 2016 X64
It is peculiar, but configuring the Network Category to Private can be beneficial, although it is not required.
To the best of my recollection, there was a similar issue on Windows 7, although it did not impact the overall functionality of Wiresock VPN Gateway. However, configuring the VPN network adapter as a private network (which failed according to your log) can often provide greater convenience and ease of use.
With this in mind, may I kindly inquire as to which operating system you are currently using?
In addition, I am also considering the possibility of opening the source code for wg-quick-config to facilitate the analysis of such issues in the future. By making the source code more accessible and transparent, it will be easier for users to understand and diagnose potential issues, as well as contribute to the development of the project.
To properly uninstall the service, follow these steps:
- Use the command “wiresock-service uninstall” to uninstall the service.
- Reboot your system.
- Check if the service still exists in the registry. If it does, remove it using regedit.
- Reboot your system again to ensure that all changes take effect.
After completing these steps, the service should be fully uninstalled, and you can proceed with a fresh installation.
1. Determining the root cause of the issue is challenging without access to the MSI log. If you collect one I can check.
2. It’s important to note that SHA-1 code signing reached its end-of-life on December 1, 2020, and it’s no longer possible to sign drivers for Windows Vista/2008/7/8 using this method. However, an update for Windows 7 added support for SHA-256 code signing certificates, which may also work for Windows 2008 R2. But yes, it is sometimes a real pain to sign drivers for EOL Windows versions.
Just a small update on the topic. There are two options available to you for managing the client more easily:
TunnlTo: A Rust project that starts wiresock-vpn-client.exe in the background and provides it with configuration options.
EpexGUI: A C# project that functions similarly to TunnlTo. However, I have created a fork that includes significant modifications, such as directly calling wgbooster.dll instead of wiresock-vpn-client.exe and adding a Wiresock Client installer for x86 platforms. This fork also includes support for transparent (NAT) mode, which can simplify the user experience. While it’s uncertain whether the original author will accept these changes, you can download the latest release of this fork here.
Both options offer several convenient features, such as importing and editing Wireguard configurations and switching between tunnels, which can greatly simplify the user experience when using the WireSock VPN Client.The term ‘wireguard.exe’ is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.Based on this error message, it seems that WireGuard for Windows may either not be installed or hasn’t been added to the Path environment variable. It’s important to remember to restart the CMD or PowerShell console after installing WireGuard for Windows and before running wg-quick-config. This will ensure that any changes made during the installation process take effect and allow you to run the command without any issues.
Hi,
I apologize, but I don’t have one. However, I don’t believe it would be a significant issue to port the C++ code to C#. I’m not an expert in C# but it can be something like this:
foreach (PFAST_IO_SECTION i in fast_io_section) { if (Interlocked.CompareExchange(ref i.fast_io_header.fast_io_write_union.union_.join, 0, 0) != 0) { Interlocked.Exchange(ref i.fast_io_header.read_in_progress_flag, 1); var write_union = Interlocked.CompareExchange(ref i.fast_io_header.fast_io_write_union.union_.join, 0, 0); uint current_packets_success = (uint)write_union.union_.split.number_of_packets; // // Copy packets and reset section // Buffer.BlockCopy(i.fast_io_packets, 0, packet_buffer_, (int)(fast_io_packets_success * Marshal.SizeOf<INTERMEDIATE_BUFFER>()), (int)(current_packets_success - 1) * Marshal.SizeOf<INTERMEDIATE_BUFFER>()); // For the last packet(s) wait the write completion if in progress write_union = Interlocked.CompareExchange(ref i.fast_io_header.fast_io_write_union.union_.join, 0, 0); while (write_union.union_.split.write_in_progress_flag != 0) { write_union = Interlocked.CompareExchange(ref i.fast_io_header.fast_io_write_union.union_.join, 0, 0); } // Copy the last packet(s) Buffer.BlockCopy(i.fast_io_packets, (int)(current_packets_success - 1) * Marshal.SizeOf<INTERMEDIATE_BUFFER>(), packet_buffer_, (int)(fast_io_packets_success + current_packets_success - 1) * Marshal.SizeOf<INTERMEDIATE_BUFFER>(), Marshal.SizeOf<INTERMEDIATE_BUFFER>()); if (current_packets_success < write_union.union_.split.number_of_packets) { current_packets_success = write_union.union_.split.number_of_packets; Buffer.BlockCopy(i.fast_io_packets, (int)(current_packets_success - 1) * Marshal.SizeOf<INTERMEDIATE_BUFFER>(), packet_buffer_, (int)(fast_io_packets_success + current_packets_success - 1) * Marshal.SizeOf<INTERMEDIATE_BUFFER>(), Marshal.SizeOf<INTERMEDIATE_BUFFER>()); } Interlocked.Exchange(ref i.fast_io_header.fast_io_write_union.union_.join, 0); Interlocked.Exchange(ref i.fast_io_header.read_in_progress_flag, 0); fast_io_packets_success += current_packets_success; } }The NDISAPI is a lightweight layer over the driver’s interface, and it does not have its own threads. However, if you use the NDISAPI through the simple_packet_filter class, then this class is responsible for creating the underlying thread that reads and writes packets.
You can configure access to a desired domain over VPN if it consistently resolves to the same IP addresses. For instance, ntkernel.com resolves to 95.179.146.125. In this case, you can add this IP address to the AllowedIPs to access it via VPN. However, if the domain name resolves to varying IP addresses, such as with dynamic DNS or a CDN hosted site, this method is not supported.
There are two possible approaches to Ethernet bridge implementation:
- Turn on promiscuous mode on both bridged interfaces and relay packets between these.
- Do MAC address translation. This approach is similar to how IP address NAT implemented.
EBRIDGE sample implements the first, it is a bit slower (due to using promiscuous mode) but easier to understand. The only complex part is bridging Wi-Fi to wired LAN, where you still need the MAC address translation.
I would also recommend unchecking the IPv4/IPv6 protocols on the NIC’s you are bridging, especially if you are using MAC address translation because it tends to confuse some routers (two IPs on the same MAC).
Since both your network adapters are wired, the simple approach should work. Just forward packets received from one to another and vice versa without changing them.
