- This topic has 8 replies, 3 voices, and was last updated 3 months, 3 weeks ago by
.
-
Posts
-
My wireguard setup works as expected when using the wireguard windows client but when using the latest wiresock, I cannot access any local devices. What could be causing this?
Thanks,
Could you please let me know the details of your AllowedIPs configuration? If your intention is to keep your LAN outside the scope of the Wireguard tunnel, you have the option to incorporate ‘DisallowedIPs’ into your configuration file. As an example, in my setup, I utilize the following configuration:
DisallowedIPs = 192.168.3.0/24, 10.10.1.0/24Hi, thanks for the reply. My intent is to allow access to all ip address including local.
I have not set any allowed ips, it’s just:
AllowedIPs = 0.0.0.0/0, ::0/0
Thanks,
If your Wireguard server is located within your LAN, it’s possible to access local devices via the tunnel. However, if this isn’t applicable in your scenario, you will need to add the addresses of these devices to the ‘DisallowedIPs’ section of your configuration.
Yes my server is within my lan.
The strange thing is when using the wireguard application, it works perfectly but using the same server and config file through wiresock does not work. I guess it must be something within the wiresock client?
Are you operating Wiresock in adapter mode (using the -lac command line option) or in adapterless mode? The former mode closely resembles the behavior of the original Wireguard client. Are you encountering this issue exclusively in one of these modes, or does it occur in both? A more detailed description of your network setup would be immensely helpful for further analysis.
I had a similar issue migrating from the Wireguard client to the Wiresock client where I couldn’t access my local network with the same Allowed IPs 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1.
To get it t work with Wiresock I had to add Disallowed IPs 172.16.0.0/24 . Perhaps this is because my LAN has an odd IP range.
I don’t really understand the Allowed IPs because they say allow an address with the top bit set or with the top bit clear. I.e. allow all addresses. This seems to be a special marker to mean all but the LAN addresses. Most LANs are 192.168.1.xx but mine isn’t.
When you connect to a VPN, it usually routes all your traffic, including LAN traffic, through the VPN tunnel by adding a default route. However, setting
0.0.0.0/1and128.0.0.0/1on your VPN adapter creates specific routes that prioritize external traffic through the VPN, while excluding local network addresses. This means local network traffic, which typically uses private IP ranges like192.168.x.x, doesn’t match these VPN routes and instead uses the default local routing. This setup allows direct access to LAN devices without routing their traffic through the VPN.The Wiresock VPN client in NAT mode operates differently from typical VPN configurations. It doesn’t set up a virtual VPN network interface or alter your routing table. Instead, it selectively routes traffic based on specified parameters like AllowedIPs, DisallowedIPs, AllowedApps, and DisallowedApps. For those seeking functionality akin to the original WireGuard for Windows, the Wiresock VPN Client can be executed with the
-laccommand line option. This mode enables Wiresock to configure a virtual network interface and modify the routing table, similar to traditional VPN clients. However, it’s important to note that while the NAT mode permits usage by non-admin users, the mode involving a virtual network interface necessitates administrative privileges or needs to be run as a Windows service.
- You must be logged in to reply to this topic.