Provision for kill switch in WireSock client

Home Forums Discussions Support Portal Provision for kill switch in WireSock client

Tagged: 

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #11954
    kill-switch
    Participant

    Hey,
    I just discovered your WireSock VPN client through SuperUser. Love the application specific tunneling functionality. Was using a VM to separate network traffic, this really improves my workflow. I have a couple of questions:

    1) Is there any way to block untunneled traffic of the application in case client crashes or doesn’t load on system startup?

    2) The client doesn’t report statistics in Windows data usage settings menu. Is there a way to see how much data is being used by the client?

    3) Can you further explain how does the client use the partial names of the application? Is it based on the process name, windows title or file name? If I allow a three letter application, will it tunnel the traffic of all the applications starting with those three letters?

    Hope you’re doing well.

    #11955
    Vadim Smirnov
    Keymaster

    First, thank you for your interest and valuable feedback, it is really appreciated.

    1. Wiresock VPN client is based on WinpkFilter driver which has the registry parameter (can be set using https://www.ntkernel.com/docs/windows-packet-filter-documentation/ndisapi-c-2/setadaptersstartupmode/) and defines the default adapters filter mode. For example, if set this parameter to MSTCP_FLAG_SENT_TUNNEL | MSTCP_FLAG_RECV_TUNNEL then network traffic will be blocked by default and can be re-enabled only by the application.

    So if you create a DWORD value named StartupMode under HTLM\CurrentControlSet\Services\ndiswgc\Parameters, assign to 3 and reboot, then it will result in the desired behavior. However, this is a global setting that affects all network interfaces, so it may result in undesired effects on other network interfaces (if you have more than one). I will consider adding this option in the next version in some more convenient form.

    2. Meanwhile, the amount of data sent/received over the tunnel is not reported (although it is available). I think to add a simple tray icon-based application to report the tunnel stats. If you have other options in mind, then please let me know.

    3. Current implementation is simple, the given name pattern is checked for being a substring in the process name. For example, ‘chrome’ covers any process which contains ‘chrome’ substring as a part of its name, e.g. WinChrome.exe, AxChromeAi.exe etc.

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.