Connection Profiles
A WireGuard profile is the configuration text file (.conf) used to set up and define the parameters of a WireGuard VPN connection. It contains the necessary information to establish a secure connection between devices or peers, such as cryptographic keys, network settings, and other connection details.
WireGuard's configuration is typically divided into two main sections: [Interface] and [Peer]. See the details about configuration file is structure here.
How to Get Your Connection Profile
You need a connection profile to connect to an WireGuard protocol-compatible VPN server or service. This file contains the directives, parameters, and keys required to establish the client-server VPN connection.
Below, you'll find the options for getting your connection profile.
Using a VPN at work?
Your business might use one of WireGurad server products. If you installed WireSock Secure Connect at the request of your IT department, contact them at this point for further instructions. They'll be able to help you get your connection profile.
Using an WireGuard VPN service or private server?
Request WireGuard configuration file from your VPN provider or check WireGuard site to understand how to configure your own WireGuard server and get config with client's profile.
Working with connection profiles
Wiresock Secure Connect allows to import, edit and delete connection profile.
You can select the connection profile using the combobox in the main window, the context menu in the profile list, or by double-clicking the profile name.
The selection of the connection profile is also available in the system tray context menu.
Import a Profile
You must import a connection profile to connect to a WireGuard server with WireSock Secure Connect from a file downloaded to your device.
To establish a connection to a server, you can import a connection profile file into WireSock Secure Connect by browsing for the file, or dragging and dropping it. Follow the steps below for the process of your choice.
Obtain the WireGuard .conf file from the VPN server or provider.
Save it to a location on your device.
Launch WireSock Secure Connect.
Click on Import profile icon
The Import Profile screen displays.
click Browse to navigate to the .conf file and upload.
or drag and drop your .conf file to the screen.
The Imported Profile screen displays with the profile name, server hostname and port
Delete a Profile
To delete a profile:
Click or tap 'Preferences' button to open 'Preferences' window and select 'Profiles' tab
Select the profile that you want to delete and press 'Delete' button or use context menu
Edit a Profile
Click or tap 'Preferences' button to open 'Preferences' window and select 'Profiles' tab.
Select the profile that you want to edit and press 'Edit' button at toolbar or button on profile window or use context menu at profiles list:
In the "Profile Edit" window, you can modify standard WireGuard parameters such as remote peers, DNS, and more, as well as advanced settings specific to WireSock Secure Connect. For detailed information about WireGuard profile parameters, refer to our online documentation. You can also hover over the tooltips in the WireSock Secure Connect interface for explanations of each parameter.
Advanced Configuration Parameters
The WireSock Secure Connect offers advanced configuration parameters to help you customize your VPN tunnel. These parameters allow you to:
- Define the scope of traffic that should be tunneled
- Specify which applications can use the VPN
- Exclude certain IP addresses and ranges from the tunnel
- Configure a SOCKS5 proxy to route the WireGuard handshake through a proxy server
AllowedApps (Optional)
Define the applications that are authorized to use the VPN tunnel.
Specify your applications by listing them separated by commas. It's not necessary to include the .exe extension for process names. If your entry includes slashes (/) or backslashes (\), the system will recognize it as a full pathname. Providing a full pathname allows you to target a specific folder, automatically including all executables within that directory for convenience.
NOTE
If not set, the VPN tunnel is available to all applications.
Examples:
- Full path:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - Process names:
discord, chrome, firefox - All applications in Program Files folder:
C:\Program Files
Dependency: Must be paired with AllowedIPs to define the scope of traffic for these applications.
Example of confuguration:
Type your application name in the edit box and tap 
to add it to the list of allowed apps or use the buttoms from toolbar:
browse folder on the filesystem
browse application executable file on the filesystem
select running process name or path
Use the following buttons to move application up/down on the list of allowed apps or delete it from the list:
move application up in the list of allowed applications
move application down in the list of allowed applications
remove application from the list of allowed applications
DisallowedApps (Optional)
List the applications that are barred from using the VPN tunnel.
Provide your applications by listing them separated by commas. Including the .exe extension for process names is not necessary. If an entry contains slashes (/) or backslashes (\), the system will interpret it as a full pathname. Specifying a full pathname allows you to target a specific folder, automatically excluding all executables within that directory for convenience.
NOTE
If both AllowedApps and DisallowedApps are specified, AllowedApps is prioritized and evaluated first.
Examples:
- Full path:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - Process names:
chrome, msoffice, firefox - All applications in Program Files folder:
C:\Program Files
Example of configuration:
Type your application name in the edit box and tap to add it to the list of disallowed apps or use the buttoms from toolbar:
- browse folder on the filesystem
- browse application executable file on the filesystem
- select running process name or path
Use the following buttons to move application up/down on the list of disallowed apps or delete it from the list:
- move application up in the list of disallowed applications
- move application down in the list of disallowed applications
- remove application from the list of disallowed applications
DisallowedIPs (Optional)
Identify IP addresses and ranges that should not use the VPN tunnel.
This parameter excludes specified IP addresses and ranges from the tunnel.
List the IPs and ranges separated by commas, such as 1.1.1.1, 192.168.1.0/24.
For example, if you want to access your local network, you can exclude it from the tunnel by adding 192.168.1.0/24 to the DisallowedIPs parameter.
NOTE
If AllowedApps is configured, DisallowedIPs will prevent the listed IPs and ranges from being tunneled for those applications.
Example of configuration:
Type ip/network in the edit box and tap to add it to the list of disallowed ips.
Use the following buttons to move ip/networkip range up/down on the list of disallowed ips or delete it from the list:
- move ip/network up in the list of disallowed ips
- move ip/network down in the list of disallowed ips
- remove ip/network from the list of disallowed ips
SOCKS5 Proxy
For users needing to route their WireGuard handshake through a SOCKS5 proxy, additional parameters are provided:
- Socks5Proxy: Set the SOCKS5 proxy endpoint, e.g.,
socks5.sshvpn.me:1080or an IP-based endpoint like13.134.12.31:1080. - Socks5ProxyUsername: (Optional) Specify the proxy username.
- Socks5ProxyPassword: (Optional) Specify the proxy password.
- Socks5ProxyAllTraffic: (Optional) When set to
true(e.g.,Socks5ProxyAllTraffic = true), it forces all WireGuard traffic through the SOCKS5 proxy, effectively masking it from DPI detection.