search

wiresock / WireSockUI

GUI to use Wiresock VPN Client in application mode
https://www.wiresock.net/
205 stars 11 forks source link

DisallowedApps not working #21

Closed kuitog closed 7 months ago

kuitog commented 11 months ago

DisallowedApps doesn't work for me. DisallowedApps = putty, chrome Still passing through the vpn

RileyXX commented 11 months ago

Did you reconnect after saving the config file?

You could also try modifying the config file in a text editor and add the path to the .exe file instead.

kuitog commented 10 months ago

Tried, again doesn't work even with full path in brackets. DisallowedApps = "C:\Program Files\Google\Chrome\Application\chrome.exe"

RileyXX commented 10 months ago

How does your config file look? Here's an example of my config file that is working for me:

[Interface]
Address = {removed}
PrivateKey = {removed}
MTU = 1420
DNS = {removed}

[Peer]
PublicKey = {removed}
PresharedKey = {removed}
Endpoint = {removed}
AllowedIPs = 0.0.0.0/0, ::/0
DisallowedIPs = 192.168.0.0/24
PersistentKeepalive = 15

DisallowedApps = C:\Windows\System32\spoolsv.exe, C:\Program Files\Steam\steamapps\common\, C:\Program Files\Epic Games\

Also, make sure not to use quotes or brackets in the DisallowedApps field.

kuitog commented 10 months ago

Gotcha! Found out why: disallowedapps should be entered on the last line, I put it in the [Interface] section and it didn't work. Dev: please put this info on the main page, it made me go crazy to find out.

Also please write that paths are also accepted but:

  1. Must be entered with notepad as the gui won't let you enter them (C:\Windows\System32\spoolsv.exe)
  2. They must be entered without quotation marks
  3. They can be entire folders C:\Windows\System32\
artshade commented 10 months ago
  1. Must be entered with notepad as the gui won't let you enter them (C:\Windows\System32\spoolsv.exe)
  2. They must be entered without quotation marks
  3. They can be entire folders C:\Windows\System32\
  1. I am curious why won't we use the quotes and what if the path contains a comma?
  2. Are you sure the path setting allows to process entire directories? Does it affect every executable recursively or the ones in sub-directories? What if there is a symlink inside? Is it possible to allows everything recursively in that directory and disallow only something specific in some sub-directory of it?
  3. Why does it prohibit submitting a config file with that option specified?
wiresock commented 10 months ago

The goal was to simplify this option. The application name pattern from the configuration is matched either with the executable name, like 'Firefox.exe', or the full path, such as 'C:\Program Files (x86)\Mozilla Firefox\Firefox.exe', depending on whether the pattern has slashes or backslashes. The matching process searches for a case-insensitive substring.

The approach, while it may seem counterintuitive, is highly effective. It caters to scenarios where you might want to tunnel an entire folder or only executables with a specific pattern in their names. If this method doesn't meet a particular use case you have in mind, please share it with us.