Forum Replies Created
-
Posts
-
Причем на VPS вижу как входящие пакеты, так и исходящие.
Похоже на то, что блокируют именно handshake response.
Соответственно у меня вопрос: возможно ли как-то настроить keenetic так, что бы он подключался к wireguard через прокси? Или же настроить wireguard сервер так, что бы запросы к нему шли через этот прокси?
Мне кажется, использование Keenetic может вызвать определенные сложности и, вероятно, потребуется модификация реализации Wireguard. К сожалению, ограничиться решением только на стороне VPS также не представляется возможным. В данной ситуации я вижу одну стратегию: вставить промежуточное звено между Keenetic и Интернетом, которое сможет перехватывать и обрабатывать Wireguard handshake. Я полагаю, что на основе Windows-хоста с двумя сетевыми интерфейсами и WinpkFilter можно было бы без больших усилий разработать подобное решение.
Could you please collect the MSI log? Here’s a step-by-step guide to enable logging for an MSI installation:
1. Open a command prompt. This can be done by searching for
cmdin the Windows search bar and selecting “Command Prompt”.2. In the command prompt, navigate to the directory where the MSI file is located using the
cdcommand. For example, if your MSI file is in the Downloads folder, you could typecd Downloads.3. Once you’re in the correct directory, enter the following command to start the installation and simultaneously enable logging:
msiexec /i NameOfYourInstaller.msi /l*v MyLog.txtReplace
NameOfYourInstaller.msiwith the name of your MSI file, andMyLog.txtwith the name you want for your log file.4. Press
Enterto run the command. The installation will proceed and a log of the installation will be created in the same directory under the name you specified.The
/l*voption in the command enables verbose logging. This records all actions that are taken during the installation, making it easier to identify any issues that may arise.Please remember that the generated logs might contain sensitive information, so handle and share them carefully.
If you have any alternative suggestions or unique insights regarding the implementation, we’d greatly appreciate your input. Please feel free to share.
Indeed, this topic is currently a subject of active discussion. To provide some context, here’s an excerpt from one of the most recent emails I’ve received regarding the matter:
In my suggestion/vision, I appreciate the options that Tunsafe provided, such that all traffic is blocked if the VPN goes down, but there is an option to allow local traffic if the VPN goes down.
Also, I appreciate the ‘service mode’ and run-at-boot features that attempt traffic-blocking at startup, also implemented in Tunsafe.KILLSWITCH DESIRED BEHAVIOR >>>
DISCONNECTED:
My hope is that WireSock disallows all network traffic while disconnected, with the option to allow local traffic (DHCP/DNS mainly). Advanced : Fine-tuned options to allow/disallow specific traffic types while disconnected.
WHILE CONNECTING:
My hope is that WireSock only allows the minimal amount of Internet Traffic (dhcp/dns/tcp/udp) while connecting, and mainly through its processes.
CONNECTED:
Once connected, my hope is that WireSock allows all traffic to occur through all processes, but only through the VPNs IP (with options to allow local traffic as described above). Additional process filters can occur with an ALG firewall, such as Simplewall/etc.Advanced Features / Not Suggested:
(1) A feature that some VPN Clients have implemented is to allow certain applications to bypass the VPN. This allows a mixed-mode operation that some people want because of IP-discrimination (their email server blocks all VPN IP addresses, or a website does endless captcha challenges for all VPN IP addresses, etc). This feature would be very difficult to implement and I am not suggesting it, but wanted to include it because it seems related.
(2) There are few more theoretical features that could be implemented, but most seem beyond the scope of “KILLSWITCH”.Hello,
I’m glad you’re finding the Wiresock VPN Client user-friendly and easy to navigate.
To answer your question, the Wiresock VPN Client itself does not have the functionality to expose itself as a local proxy server. However, you can certainly achieve your goal by setting up a local proxy server (either SOCKS or HTTP) on your device.
Once you’ve set up the local proxy server, you can add the process name of this proxy server to the “AllowedApps” list in the Wiresock VPN Client. This way, all the connections initiated through the local proxy will be tunneled via the Wireguard tunnel, while other connections will proceed as usual.
For example, if you want certain websites to automatically use the VPN in Firefox, you can set the proxy for different containers to point to the local proxy server that you have set up and added to the “AllowedApps” list.
This should enable you to use some websites via the VPN while others use a direct connection, as you mentioned in your example.
I hope this helps! If you have any more questions, feel free to ask.
While SOCKS5 is utilized solely for the Wireguard handshake, it may induce a slight delay for it. However, this should not impact the rest of your traffic, which is directed straight to your Wireguard server.
WiresockUI provides a real-time display of the Round-Trip Time (RTT) for a WireGuard tunnel, which operates using the UDP protocol. This feature allows you to monitor network latency effectively, ensuring optimal performance of your WireGuard tunnel.
show Round-trip time 1209 ms
Your considerable latency is causing the slowdown you’re experiencing. To rectify this, consider setting up a VPN server that is geographically closer to you.
At the moment, the functionality to name the virtual network adapter based on the configuration file does not exist. However, I acknowledge the value of this feature and will consider implementing it in the upcoming update.
I’m sorry, but it does not seem reasonable to rename the network interface from ‘Wiresock’ to ‘Example’. Instead, it could be more sensible to name it after the configuration file, which would provide better context and clarity.
Absolutely, you can do this. However, during initialization, WireSock identifies the instances of the virtual network adapter, selects the first one to be used for the routing purposes, and renames the selected connection to “WireSock”. This is done for your convenience, allowing you to easily recognize the network adapter currently utilized by the client. If you have any suggestions for improvement, I would be happy to consider them.
This task is achievable, albeit requiring a bit of effort. Wiresock would need to intercept and decode all DNS responses, subsequently maintaining dynamic AllowedIps/DisallowedIps tables. I concur that this could be an intriguing feature. I will endeavor to allocate some spare time to work on its implementation.
Это возможно сделать, однако есть пара моментов и видимо придется несколько пересмотреть существующую архитектуру. В настоящее время при перехвате первого пакета для новой TCP сессии и непустом списке AllowedApps/DisallowedApps в обрабатывающем потоке через IP Helper API запрашивается таблица текущих соединений и выясняется контекст процесса. Результаты этих запросов кешируются, но само по себе это довольно дорогая операция, которая при большом количестве создаваемых соединений может замедлять сеть. Если добавить сюда еще и проверку переменных окружения, это может стать неприемлемо дорого. Так что пожалуй для начала надо будет добавить отложенную обработку пакетов для новых соединений, чтобы не тормозить сеть. Постараюсь найти время поработать над этим.
In the Windows Packet Filter v3.4.0, we’ve made a minor update to the structure layout for static filters in order to comply with ARM64 memory alignment requirements. To resolve any issues with your static filters, simply rebuild your code using the updated common.h file.
At present, the WireSock VPN Client is unable to detect processes operating within containers, including those on the Universal Windows Platform (UWP) and the Windows Subsystem for Linux (WSL). Consequently, you cannot configure the WireSock VPN Client to selectively tunnel applications running within WSL, such as Firefox in your particular situation.
