how to use wiresock?

Home Forums Discussions Support Portal how to use wiresock?

Viewing 15 posts - 1 through 15 (of 15 total)
  • Author
    Posts
  • #12243
    terijapl
    Participant

    hello, i have a wireguard VPN set up with algo and i’m trying to do application based split tunneling. i found out about wiresock, which looked like a perfect solution for my problems, but i’m having trouble setting it up.

    i have started by adding the “AllowedApps = firefox” to the config file, then launched wiresock. when the service is up, firefox no longer opens pages, showing “server not found”. what went wrong? the same config works properly on the official wireguard client. log: https://pastebin.com/qQmZ9wZH

    additionally, some questions:

    – can i specify paths to programs in the “AllowedApps” variable, instead of only providing process names?

    – does this app expose a proxy i can use as a safety measure to prevent the browser from connecting anywhere in case the VPN connection is down?

    thank you 🙂

    #12244
    Vadim Smirnov
    Keymaster

    Hello, could you please provide the generated PCAP files in addition to the application log? Also, could you check if using-lac makes a difference? With the latter option, Wiresock works closer to the stock client. One more question, do you have DNS specified in the config file (‘server not found’ points to DNS problem)?

    Currently, only the process name is checked, the path is ignored. It’s easy to change the check to a fully qualified pathname, but in the current implementation with a config file, this can lead to unwanted collisions. I plan to add an advanced configuration that will allow this.

    You definitely read in my mind! I really was considering adding a proxy (as a dedicated process) that would be connected and intercepted by Wiresock. I implemented a similar thing for one side project.

    #12245
    terijapl
    Participant

    sorry, but if PCAP files are what I think they are (captured network traffic), are they safe to share here? how can i sent them to you privately?

    using -lac ends up with this in the logs:

    [TUN]: Failed to rename WireSock virtual adapter connection! lasterror: 0
    [TUN]: WireSock virtual adapter is not available!
    [MGR]: Tunnel has failed to start
    [TUN]: cancel_notify_ip_interface_change has failed, lasterror: 6

    i do have dns servers specified in the config file, but it’s probably not something dns related, because i cannot load sites using direct IP addresses either (testing on a site that does load via IP otherwise).

    PS: this anti-vpn mechanism of this site is so getting in my way right now 🙁

    #12246
    Vadim Smirnov
    Keymaster

    Problems with -lac options are caused by insufficient user privileges, please note that Wiresock should be run as administrator.

    You can email PCAP files directly to support@ntkernel.com. We can continue to review the issue privately, after which I will post the final solution here. Unfortunately, without anti-spam, I would have to delete too many users/spam daily…

    #12247
    terijapl
    Participant

    i figured it could be a permission problem, but running wiresock from an elevated command prompt results in the same error.

    i’ll send an e-mail in just a minute, thanks 🙂

    #12248
    Vadim Smirnov
    Keymaster

    Please check if you have received my reply email.

    #12249
    Vadim Smirnov
    Keymaster

    The problem was parsing a configuration that expected the Address parameter to have a specified netmask, e.g. Address = 10.10.0.4/32, 2001:dc8:a260::4/128 while in your configuration the Address parameter looked like Address = 10.10.0.4 , 2001:dc8:a260::4.

    I have fixed the configuration parser in 1.2.8. Please give it a try.

    #12250
    terijapl
    Participant

    brilliant, it works now! thank you <3

    somewhat of a relief it was actually a bug and not just me misconfiguring something as I usually happen to do – but glad I helped to find and squash a bug 🙂

    the proxy thing is now the only feature i’m missing in this “private tunnel” setup, gotta be careful now since i assume if the WG connection fails for any kind of reason, it can leak my “true” IP at any time without warning, which is kind of spooky. once that’s sorted out, i can wave my commercial VPN goodbye 🙂

    #12251
    terijapl
    Participant

    sorry for a double post but forgot to ask, maybe a silly question, but does wiresock require the official wireguard client to be installed in order to work properly?

    #12252
    Vadim Smirnov
    Keymaster

    I will add a proxy option. This can be really useful.

    Wiresock VPN Client is standalone, you don’t need the official Wireguard client to make it work.

    WireSock VPN Gateway needs an official Wireguard client and allows it to act as a WireGuard server.

     

    #12255
    SomeoneOnLine
    Participant

    So, I stumbled across this month ago or so and just got around to playing with it the last few days. first off, AWESOME. second off, THANKS. third off, Please keep this project going. 🙂

    That all said. A few things I figured out the good old hard way (trial and error).

    in my case I had to remove the netmask from the Address= field in order for the tun adapter to start. also had to have a DNS entry or the tun adapter would not start got the same errors as above post mentions even with admin permissions.

    I am currently trying to find a way to limit process names from going through the tunnel though. in my case I have multiple mysqld.exe process’s running on the same windows box listening on different physical interface ips. 1 or more of those mysqld.exe process I want to go through the tunnel while not other mysqld.exe process’s. atm it seems to be all mysqld.exe process’s or nothing as an example?

    Currently playing with v1.2.8.1

    Anyhows. Thanks again for everything!

    ~SOL

     

    • This reply was modified 6 months, 2 weeks ago by SomeoneOnLine.
    #12262
    Vadim Smirnov
    Keymaster

    Could you share the config file you are having trouble with? Another question, did you test adapter (-lac) or adapterless mode?

    Regarding mysqld, do you mean that it initiates an outgoing connection? Because otherwise, i.e. mysqld listen for the incoming connections and needs to be reachable through the tunnel, binding to the address of the VPN adapter will probably suffice.

    #12706
    Sr-Rm
    Participant

    Приветствую! Не могу понять, что я делаю не так.

    Запускаю из консоли под администратором используя следующую команду: “wiresock-client.exe run -config [с:\wg.conf] -log-level all”

    В ответ получаю:
    WireSock Service has Started
    failed to open the cinfiguration file!

    Interface section is non present!

    Failed to initialize Wireguard tunnel
    Конф. файл работает с оф. клиентом
    Подскажите пожалуйста чего конкретно не хватает в конф. файле

    [Interface]
    Address = 10.7.0.4/24, fddd:2c4:2c4:2c4::4/64
    DNS = 94.140.14.14, 94.140.15.15
    PrivateKey = ***********************************=

    [Peer]
    PublicKey = ***********************************=
    PresharedKey = ************************************=
    AllowedIPs = 0.0.0.0/0, ::/0
    Endpoint = *.***.**.***:443
    PersistentKeepalive = 25

     

    • This reply was modified 1 month, 2 weeks ago by Sr-Rm.
    #12708
    Vadim Smirnov
    Keymaster

    Путь к файлу конфигурации не нужно ставить в квадратные скобки. Скорее всего из-за этого клиент не может его найти.

    #12715
    Sr-Rm
    Participant

    Заработало! К сожалению, без Вас я так бы и не понял, что скобки не часть синтаксиса. Спасибо огромное за быстрый ответ!

Viewing 15 posts - 1 through 15 (of 15 total)
  • You must be logged in to reply to this topic.