Skip to content
This repository was archived by the owner on Nov 18, 2025. It is now read-only.

WireSock Client CLI Windows service – AllowedApps Not Restricting Traffic to specific app – All Traffic Routed Through VPN #93

Open
Open
WireSock Client CLI Windows service – AllowedApps Not Restricting Traffic to specific app – All Traffic Routed Through VPN#93
@abstarstrong

Description

@abstarstrong
abstarstrong
opened on Dec 13, 2024

I don't know where WireSock Client CLI issues are supposed to be written. But I'm facing a peculiar issue when testing this WireSock setup.

  • Windows 11 – Version 10.0.26100 Build 26100 (VM)

  • WireSock Client CLI v1.4.7 x64

  • I have WireSock Client CLI set up as a Windows service

  • In the WireSock/Wiregaurd configuration, I’ve specified Microsoft Edge msedge as an AllowedApps, so only Edge’s traffic should go through the VPN, while all other applications should use the system’s default connection.

WireSock/Wiregaurd .conf file:

[Peer] 
...
AllowedApps = msedge

The WireSock Client CLI is running as a service:

wiresock-client.exe install -start-type 2 -config [config_full_path_name] -log-level info

The Issue:

  • When I run curl from the command line, i can tell that all the systems traffic is routed through the VPN, not through the system’s default connection as I expected.
  • This happens even though Edge should be the only app using the VPN, according to the AllowedApps setting.

Additional Observations:

  • Both logs show that DNS requests outside of Edge (msedge) are routed through the VPN interface.
  • When the WireSock network interface fails to establish a connection with its WireGuard server, all traffic appears to stop. If the handshake cannot complete or the connection is lost, it seems that the filtering stops working due to the network interface being in an error state caused by the lack of connection to the WireGuard server.

Questions:

  1. Why is all traffic being routed through the VPN, even though I’ve specified that only Edge should use it in the AllowedApps section of the config file?
  2. How can I configure WireSock so that only Edge uses the VPN, and everything else uses the default system connection (/network adapter)?
  3. If I use WireSockUI can I have it run as a service on windows even if I don't login?

Logs:
wiresock-vpn-client-f_redacted.log
wiresock-vpn-client-j_redacted.log

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions