Forum Replies Created
-
Posts
-
Have you encountered any issues installing Windows Packet Filter or WireSock on Windows 7/8? While HCK/WHQL certification is beneficial, it is not required.
Thanks for your openness and understanding. I appreciate your perspective on keeping end-user costs to a minimum—it’s a crucial factor in any project. However, I must emphasize that kernel mode software, while powerful, carries significant risks for end users if not thoroughly tested and vetted. We’ve seen cases like CrowdStrike that underscore the importance of using well-tested, reliable solutions.
That said, I understand the need to explore cost-effective options, and it’s great that you’re considering all possibilities. If you find that other options don’t meet your needs, please feel free to reach out. We’re here to provide a well-tested and robust solution that you can trust.
Thanks for reaching out, and I’m glad to hear that you got the NdisApiDotNet example working the way you want.
Regarding your question, the behavior you’re observing when you introduce latency or debug the Task is expected. Pausing the packet reading, processing, and re-injecting loop will indeed cause the network adapter to “freeze” because the driver depends on that continuous loop to maintain traffic flow. When the loop is interrupted, the driver is essentially left waiting, which stops the traffic.
If you need to extract packets for out-of-band processing, this should be handled in a dedicated thread. This way, the main loop can continue processing and re-injecting packets while your separate thread manages the additional processing. This approach ensures that network traffic continues to flow smoothly without interruption.
And yes, when you modify packets, recalculating checksums is necessary to ensure the integrity of the data. If checksums are not recalculated, the modified packets may be rejected or cause issues further down the line.
Thank you for reaching out and for your interest in the NDISAPI project. I completely understand the confusion—licensing details can sometimes be tricky.
You’re correct that the NDISAPI library source code is open-source under the MIT license, which allows for a lot of flexibility. However, the Windows Packet NDIS drivers are a bit different—they’re free for personal and non-commercial use, but if you’re planning to use them for commercial purposes, I believe it’s fair to share a portion of the revenue.
I understand that as a small business, you might have a tight budget. If the licensing costs are a concern, I’m open to discussing flexible options, such as installment payments or perhaps a profit-sharing arrangement. My goal is to find a solution that works for both of us.
Looking forward to hearing your thoughts.
Do you have Virtual Adapter mode enabled in the WireSockUI settings?
I’m also a bit confused about the
AllowedIPsvalue. In this context,0.0.0.0/24represents the IP range from0.0.0.0to0.0.0.255. However, this is typically not a useful or valid range because0.0.0.0is a non-routable meta-address used to designate an invalid, unknown, or non-applicable target (often referred to as the default route).Usually,
AllowedIPswould be set to a range of IPs that are meaningful for the network, such as192.168.1.0/24to route a local network, or0.0.0.0/0to route all traffic through the VPN. Therefore,0.0.0.0/24is likely a mistake and should be corrected to reflect the intended IP range.Could you share your Wireguard configuration, excluding the keys and server endpoint? Additionally, I have a question: Are you using WireSock in transparent mode or virtual adapter mode (-lac)?
In this context, “no-UWP” simply means that a few classes unavailable on Windows 7 are excluded from this build. These classes are specifically used for Toast notifications and checking for new releases on GitHub. Aside from these exclusions, the builds are identical.
С этим действительно существует ряд сложностей. В целом, добавить еще один или несколько тоннелей в так называемом прозрачном режиме несложно: пакеты в этом случае маршрутизируются вручную. Однако сделать то же самое в режиме с виртуальными адаптерами гораздо сложнее. Для каждого адаптера добавляются соответствующие записи в таблицу маршрутизации, что может создать значительную путаницу, и определить, на какой адаптер в итоге пойдет трафик, будет очень сложно. Скорее всего, придется ограничиться одним сетевым интерфейсом, а для дополнительных тоннелей использовать трансляцию адресов. Дополнительно возникают сложности с конфигурированием, приоритезацией, поддержкой в UI и т.д.
В общем, работы много, а свободного времени у меня очень мало.☺️
Thank you for your kind words. I believe users are requesting a specific ‘kill switch’ UI control. For instance, the official WireGuard for Windows includes a checkbox for this feature, which impacts the AllowedIPs settings.
Regarding the notifications, I noticed that you are using a WireSock UI build without UWP. This version lacks certain features, including notifications, and was designed for compatibility with Windows 7.
Hi Roberts,
Thank you for your question.
This is how VPNs are generally designed. However, the WireSock VPN Client allows you to stay connected to both your LAN and VPN simultaneously through split tunneling features. This should enable you to access both networks without issue.
It’s worth noting that the WireSock VPN Client is currently only available for Windows and does not have a client for smartphones.
I hope this helps.
While the WireSock client does not support this feature at the moment, it looks interesting and aligns with some of our future goals. I am considering a configuration deployment system that would involve an appliance on the server side and support in the WireSock client.
Currently, you would need to create and configure the client files manually. However, the idea of automatically generating client WireGuard files and making adjustments for specific IP assignments is compelling. I will keep this in mind for future developments.
I’ve heard about it and I’m genuinely interested in exploring it further. However, my schedule is quite tight, and I’m not sure if I’ll have enough time to dedicate to it.
I have some ideas about what might be happening and just need to allocate some time to address this issue. I also suspect the problem does not occur in Transparent Mode (without the -lac command line switch). Can you confirm this?
The setup depends on the type of machine you intend to use for the WireGuard server. If you’re using a Windows machine, you can set it up with WireSock VPN Gateway. I’ve personally set up several Intel NUC machines with Windows for personal use using it. If you’re using a Linux machine, I recommend using this script to install and manage your WireGuard server.
Please check this post https://www.ntkernel.com/wireguard-vpn-server-on-windows/
