Forum Replies Created
-
Posts
-
Indeed, it’s been observed that the Terminal can encounter peculiar difficulties when dealing with SC. For a more stable experience, I suggest running the Command Prompt (CMD) with Administrator rights as an alternative.
I’ve updated the functionality to include support for encrypted configurations within setups where the WireSock VPN Client service operates under a user account that differs from the LocalSystem account:
https://www.wiresock.net/downloads/wiresock-vpn-client-x64-1.2.32.1.msi
https://www.wiresock.net/downloads/wiresock-vpn-client-x86-1.2.32.1.msi
https://www.wiresock.net/downloads/wiresock-vpn-client-ARM64-1.2.32.1.msi
I’ve implemented the feature you requested. The command-line client now includes an additional ‘import’ command. This command securely encrypts the specified configuration using LocalSystem credentials and stores it in a specially secured folder. Once encrypted, the configuration can be conveniently utilized through a shortened path reference., e.g.
C:\test>wiresock-client.exe import C:\test\test.conf Imported WireGuard configuration: C:\Program Files\WireSock VPN Client\conf\test.conf.dpapi C:\test>wiresock-client.exe install -start-type 2 -config test.conf.dpapi -log-level nonePlease find attached the updated MSI packages, version 1.2.31, for your review. I invite you to test it out and share your feedback to ensure it meets your expectations.
https://www.wiresock.net/downloads/wiresock-vpn-client-x64-1.2.31.1.msi
https://www.wiresock.net/downloads/wiresock-vpn-client-x86-1.2.31.1.msi
https://www.wiresock.net/downloads/wiresock-vpn-client-ARM64-1.2.31.1.msi
Thank you for the clarification. To achieve the behavior you’re looking for, you could place the configuration file within the ‘bin’ subdirectory of Wiresock. This way, users lacking Administrator privileges will have read-only access and won’t be able to modify the file. To install the service in this setup, you can use the command:
wiresock-client.exe install --start-type 2 --config config_file_name.conf --log-level none.If your preference is to prevent users from even viewing the configuration settings, I believe I can incorporate an option to encrypt the configuration file. Would this solution meet your requirements?
I haven’t verified this personally, but I believe that the standard WireGuard client employs the credentials of the current user to encrypt its configuration file. Integrating a comparable feature into Wiresock wouldn’t be particularly challenging, but the specifics of its implementation would vary based on how you intend to use it. Are you interested in having this encryption feature in the command-line interface (CLI) client? Additionally, how do you foresee utilizing the CLI client—would you run it manually as an application, or would you prefer it to operate as a background service? Alternatively, would the WireSockUI be your preferred interface for this functionality?
Thanks for the update!
While I understand that installing the NDIS filter driver might not be feasible in WinPE, encountering issues with the standard Wireguard for Windows is surprising. Given that it’s essentially just another network interface driver, I would anticipate that it should be possible to get it working.
Штатный клиент WireGuard требует повышения прав до Network Configuration Operators.
Это объяснимо, нужно поднять сетевой интерфейс и задать ему конфигурацию.
У WireSock есть два режима, с виртуальным адаптером и без. Во втором случае нового сетевого адаптера в систему не добавляется, его наличие эмулируется сетевым драйвером, который перехватывает пакеты, делает NAT и заворачивает в Wireguard туннель. Прав пользователя в этом случае вполне достаточно, я сейчас специально проверил с консольным клиентом.
Единственный момент, который надо учитывать при создании конфигураций для таких клиентов, касается используемых IP протоколов. Если дефолтовый сетевой интерфейс у клиента уже имеет маршрутизируемые IPv4 и IPv6 адреса, то туннель будет работать и для IPv4 и для IPv6 (разумеется если оба заданы в конфигурации). Если же какой-то из этих адресов отсутствует, то wiresock попытается добавить к дефолтовому интерфейсу адрес из Wireguard конфигурации, чтобы система начала маршрутизировать на него трафик. Без наличия соответствующих прав это не получится, клиент будет работать, но отсутствующий протокол работать не будет.
Over the past weekend, I conducted experiments with Windows PE and can corroborate your findings. It seems there might be a component essential for NDIS filter drivers that could be missing or not functioning as expected in Windows PE. Installing such a driver leads to a network shutdown. This is merely a hypothesis, and I’m uncertain about a solution, if one exists.
Добрый день!
Технически права Администратора нужны только в трех случаях:
1. Для установки драйвера (и сервиса, если wiresock vpn client используется как сервис). Другими словами, без прав Администратора нельзя установить WireSock VPN Client.
2. Для возможности видеть сетевые соединения приложений запущенных всеми пользователями, а не только текущим. Собственно это определяет требование WireSockUI прав Администратора, если контроль над приложениями всех пользователей не нужен, то технически его можно использовать и без админских прав в режиме NAT (см. следующий пункт).
3. Для конфигурирования виртуального сетевого адаптера если используется соответствующий режим.
То есть в целом все зависит от конкретного сценария использования.
One user was able to successfully install WireSock after uninstalling Kaspersky. Might you consider uninstalling Kaspersky, installing WireSock, and then reinstalling Kaspersky? On a personal note, I believe Windows Defender is a superior choice as it’s better integrated into the OS.
Hello,
Something on your system is preventing the driver installation. Do you have any third-party antivirus software or security tools installed?
To switch from default PROXY mode to NAT mode. Start a command prompt as Administrator and run the following commands:
wiresock-service uninstall wiresock-service install -start-type 2 -mode nat -interface wiresock -log-level none sc start wiresock-serviceThe WireSock VPN Gateway is capable of functioning in two distinct modes: NAT and Proxy. It is imperative to understand that the PING command is operational exclusively in NAT mode, given that Proxy mode is restricted to supporting only the TCP and UDP protocols. Nonetheless, any protocols that are based on UDP and TCP are expected to perform seamlessly in either mode.
the driver is not intended for this platform
Is it possible that you attempted to install the x86 build of the driver on an x64 platform?
I haven’t touched this driver for four years, and it likely needs an update to function correctly with the latest versions of Windows. My schedule is quite packed, but I’ll make an effort to find some time to update it.
