Forum Replies Created
-
Posts
-
The location of WireSock logs depends on the mode in which WireSock is operated. When running as a service, logs are stored at C:\ProgramData\NT KERNEL\WireSock VPN Client. For console application mode, logging happens directly in the console. In the case of WireSockUI, logs are only accessible in the specific tab where you attached your screenshot.
From the screenshot you’ve provided, it seems the Wireguard handshake isn’t being acknowledged, causing the tunnel to attempt restarts and continuously send new handshakes. Notably, if your VPN provider’s app connects without issue, it’s important to mention that VPN providers often use the reserved fields of the Wireguard protocol for specific purposes. Cloudflare, for instance, does this but still supports the standard Wireguard client. Without detailed information about your VPN provider, I cannot discount the possibility that they might be using similar techniques or subtly nudging users towards their own client software.
Could you please let me know which versions of WireSock VPN Client and WireSockUI you are currently using, considering there have been several software updates since then? Additionally, it would be helpful if you could reproduce the issue with logging enabled and share the logs. This would greatly assist in diagnosing the problem.
1069 – это logon error. У пользователя ornamau\hmmmk есть все необходимые права (SeServiceLogonRight?), чтобы запускать под ним сервисы? Под LocalSystem запустить пробовали?
Indeed, it’s been observed that the Terminal can encounter peculiar difficulties when dealing with SC. For a more stable experience, I suggest running the Command Prompt (CMD) with Administrator rights as an alternative.
I’ve updated the functionality to include support for encrypted configurations within setups where the WireSock VPN Client service operates under a user account that differs from the LocalSystem account:
https://www.wiresock.net/downloads/wiresock-vpn-client-x64-1.2.32.1.msi
https://www.wiresock.net/downloads/wiresock-vpn-client-x86-1.2.32.1.msi
https://www.wiresock.net/downloads/wiresock-vpn-client-ARM64-1.2.32.1.msi
I’ve implemented the feature you requested. The command-line client now includes an additional ‘import’ command. This command securely encrypts the specified configuration using LocalSystem credentials and stores it in a specially secured folder. Once encrypted, the configuration can be conveniently utilized through a shortened path reference., e.g.
C:\test>wiresock-client.exe import C:\test\test.conf Imported WireGuard configuration: C:\Program Files\WireSock VPN Client\conf\test.conf.dpapi C:\test>wiresock-client.exe install -start-type 2 -config test.conf.dpapi -log-level nonePlease find attached the updated MSI packages, version 1.2.31, for your review. I invite you to test it out and share your feedback to ensure it meets your expectations.
https://www.wiresock.net/downloads/wiresock-vpn-client-x64-1.2.31.1.msi
https://www.wiresock.net/downloads/wiresock-vpn-client-x86-1.2.31.1.msi
https://www.wiresock.net/downloads/wiresock-vpn-client-ARM64-1.2.31.1.msi
Thank you for the clarification. To achieve the behavior you’re looking for, you could place the configuration file within the ‘bin’ subdirectory of Wiresock. This way, users lacking Administrator privileges will have read-only access and won’t be able to modify the file. To install the service in this setup, you can use the command:
wiresock-client.exe install --start-type 2 --config config_file_name.conf --log-level none.If your preference is to prevent users from even viewing the configuration settings, I believe I can incorporate an option to encrypt the configuration file. Would this solution meet your requirements?
I haven’t verified this personally, but I believe that the standard WireGuard client employs the credentials of the current user to encrypt its configuration file. Integrating a comparable feature into Wiresock wouldn’t be particularly challenging, but the specifics of its implementation would vary based on how you intend to use it. Are you interested in having this encryption feature in the command-line interface (CLI) client? Additionally, how do you foresee utilizing the CLI client—would you run it manually as an application, or would you prefer it to operate as a background service? Alternatively, would the WireSockUI be your preferred interface for this functionality?
Thanks for the update!
While I understand that installing the NDIS filter driver might not be feasible in WinPE, encountering issues with the standard Wireguard for Windows is surprising. Given that it’s essentially just another network interface driver, I would anticipate that it should be possible to get it working.
Штатный клиент WireGuard требует повышения прав до Network Configuration Operators.
Это объяснимо, нужно поднять сетевой интерфейс и задать ему конфигурацию.
У WireSock есть два режима, с виртуальным адаптером и без. Во втором случае нового сетевого адаптера в систему не добавляется, его наличие эмулируется сетевым драйвером, который перехватывает пакеты, делает NAT и заворачивает в Wireguard туннель. Прав пользователя в этом случае вполне достаточно, я сейчас специально проверил с консольным клиентом.
Единственный момент, который надо учитывать при создании конфигураций для таких клиентов, касается используемых IP протоколов. Если дефолтовый сетевой интерфейс у клиента уже имеет маршрутизируемые IPv4 и IPv6 адреса, то туннель будет работать и для IPv4 и для IPv6 (разумеется если оба заданы в конфигурации). Если же какой-то из этих адресов отсутствует, то wiresock попытается добавить к дефолтовому интерфейсу адрес из Wireguard конфигурации, чтобы система начала маршрутизировать на него трафик. Без наличия соответствующих прав это не получится, клиент будет работать, но отсутствующий протокол работать не будет.
Over the past weekend, I conducted experiments with Windows PE and can corroborate your findings. It seems there might be a component essential for NDIS filter drivers that could be missing or not functioning as expected in Windows PE. Installing such a driver leads to a network shutdown. This is merely a hypothesis, and I’m uncertain about a solution, if one exists.
Добрый день!
Технически права Администратора нужны только в трех случаях:
1. Для установки драйвера (и сервиса, если wiresock vpn client используется как сервис). Другими словами, без прав Администратора нельзя установить WireSock VPN Client.
2. Для возможности видеть сетевые соединения приложений запущенных всеми пользователями, а не только текущим. Собственно это определяет требование WireSockUI прав Администратора, если контроль над приложениями всех пользователей не нужен, то технически его можно использовать и без админских прав в режиме NAT (см. следующий пункт).
3. Для конфигурирования виртуального сетевого адаптера если используется соответствующий режим.
То есть в целом все зависит от конкретного сценария использования.
One user was able to successfully install WireSock after uninstalling Kaspersky. Might you consider uninstalling Kaspersky, installing WireSock, and then reinstalling Kaspersky? On a personal note, I believe Windows Defender is a superior choice as it’s better integrated into the OS.
