Documentation space

Appearance

WireSock VPN Client Advanced Configuration Parameters

The WireSock VPN Client offers advanced configuration parameters to help you customize your VPN tunnel. These parameters allow you to:

  • Define the scope of traffic that should be tunneled
  • Specify which applications can use the VPN
  • Exclude certain IP addresses and ranges from the tunnel
  • Configure a SOCKS5 proxy to route the WireGuard handshake through a proxy server

WireSock VPN Client-specific parameters are defined in the WireGuard configuration file. A full description of the WireGuard configuration file can be found here.

Below are only the WireSock parameters:

AllowedApps (Optional)

Define the applications that are authorized to use the VPN tunnel.

Specify your applications by listing them separated by commas. It’s not necessary to include the .exe extension for process names. If your entry includes slashes (/) or backslashes (\), the system will recognize it as a full pathname. Providing a full pathname allows you to target a specific folder, automatically including all executables within that directory for convenience.

NOTE

If not set, the VPN tunnel is available to all applications.

Examples:

  • Full path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  • Process names: chrome, msoffice, firefox
  • All applications in Program Files folder: C:\Program Files

Dependency: Must be paired with AllowedIPs to define the scope of traffic for these applications.

Example of confuguration:

ini
[Interface]
PrivateKey = [Your Private Key Here]
Address = 10.66.66.2/32, fd42:42:42::2/128
DNS = 94.140.14.14, 94.140.15.15
MTU = 1420

[Peer]
PublicKey = [Peer Public Key Here]
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = [VPN Endpoint Here]:51820
AllowedApps = chrome, msoffice
DisallowedIPs = 192.168.1.0/24

DisallowedApps (Optional)

List the applications that are barred from using the VPN tunnel.

Provide your applications by listing them separated by commas. Including the .exe extension for process names is not necessary. If an entry contains slashes (/) or backslashes (\), the system will interpret it as a full pathname. Specifying a full pathname allows you to target a specific folder, automatically excluding all executables within that directory for convenience.

NOTE

If both AllowedApps and DisallowedApps are specified, AllowedApps is prioritized and evaluated first.

Examples:

  • Full path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  • Process names: chrome, msoffice, firefox
  • All applications in Program Files folder: C:\Program Files

Example of configuration:

ini
[Interface]
PrivateKey = [Your Private Key Here]
Address = 10.66.66.2/32, fd42:42:42::2/128
DNS = 94.140.14.14, 94.140.15.15
MTU = 1420

[Peer]
PublicKey = [Peer Public Key Here]
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = [VPN Endpoint Here]:51820
AllowedApps = C:\Program Files
DisallowedApps = msoffice
DisallowedIPs = 192.168.1.0/24

DisallowedIPs (Optional)

Identify IP addresses and ranges that should not use the VPN tunnel.

This parameter excludes specified IP addresses and ranges from the tunnel.

List the IPs and ranges separated by commas, such as 1.1.1.1, 192.168.1.0/24.

For example, if you want to access your local network, you can exclude it from the tunnel by adding 192.168.1.0/24 to the DisallowedIPs parameter.

NOTE

If AllowedApps is configured, DisallowedIPs will prevent the listed IPs and ranges from being tunneled for those applications.

Example of configuration:

ini
[Interface]
PrivateKey = [Your Private Key Here]
Address = 10.66.66.2/32, fd42:42:42::2/128
DNS = 94.140.14.14, 94.140.15.15
MTU = 1420

[Peer]
PublicKey = [Peer Public Key Here]
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = [VPN Endpoint Here]:51820
AllowedApps = C:\Program Files
DisallowedIPs = 192.168.1.0/24, 1.1.1.1

SOCKS5 Proxy

For users needing to route their WireGuard handshake through a SOCKS5 proxy, additional parameters are provided:

  • Socks5Proxy: Set the SOCKS5 proxy endpoint, e.g., socks5.sshvpn.me:1080 or an IP-based endpoint like 13.134.12.31:1080.
  • Socks5ProxyUsername: (Optional) Specify the proxy username.
  • Socks5ProxyPassword: (Optional) Specify the proxy password.
  • Socks5ProxyAllTraffic: (Optional) When set to true (e.g., Socks5ProxyAllTraffic = true), it forces all WireGuard traffic through the SOCKS5 proxy, effectively masking it from DPI detection.

Example of configuration:

ini
[Interface]
PrivateKey = [Your Private Key Here]
Address = 10.66.66.2/32, fd42:42:42::2/128
DNS = 94.140.14.14, 94.140.15.15
MTU = 1420

[Peer]
PublicKey = [Peer Public Key Here]
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = [VPN Endpoint Here]:51820
Socks5Proxy = socks5.sshvpn.me:1080
Socks5ProxyUsername = myusername
Socks5ProxyPassword = mypassword
Socks5ProxyAllTraffic = true