Local Resources Not Accessible by Hostname

Issue

Even when the "Bypass LAN Traffic" option is enabled in WireSock Secure Connect, local resources—such as shared folders, printers, or router web interfaces—may not be accessible using hostnames (e.g., asusrouter.com). However, these resources are typically reachable via their IP addresses.

Cause

WireSock always routes DNS requests through the VPN tunnel, regardless of the Bypass LAN Traffic setting. This behavior ensures maximum privacy, but it also means that locally-resolved hostnames (e.g., those that your router or local DNS provides) cannot be resolved while connected to the VPN.

For example:

The hostname asusrouter.com is usually resolved locally by the router.

But since DNS requests are tunneled, the VPN’s DNS server cannot resolve this name, resulting in a failure—unless you access the router via its IP address (e.g., 192.168.1.1).

By contrast, the WireGuard app uses the system’s DNS resolver, allowing local DNS responses—but also exposing users to DNS leaks, where some queries bypass the tunnel and go through the local network.

WireSock takes a stricter, privacy-focused approach: no DNS queries escape the tunnel.

Workaround

Use the IP address of the local device (e.g., \192.168.1.10\share instead of \NAS.local).

Long-term Solution

We are actively evaluating split DNS support or smarter DNS resolution techniques. However, the current behavior is intentional by design to ensure strong privacy and leak prevention.