PowerShell script to configure WireSock for DNS leak-proof partial tunneling using WireGuard configs.
- Modifies WireGuard config files for optimal use with WireSock partial tunneling
- Implements client-side measures to prevent DNS and traffic leaks in partial tunnel mode
- Allows custom IP ranges and domain routing through the VPN
- Adds PostUp and PostDown scripts for robust DNS management and routing control
- Handles FQDN resolution and IPv4/IPv6 differentiation
- Provides clear warnings for potential configuration issues
This PowerShell script enhances WireGuard configuration files for use with WireSock's partial tunneling feature. It addresses the challenge of maintaining a leak-proof VPN connection when using WireSock's partial tunneling, which is not inherently leak-proof like a full WireGuard tunnel. The script focuses on implementing client-side measures to prevent DNS and traffic leaks while allowing the flexibility of partial tunneling.
- Ensure you have PowerShell installed on your Windows system.
- Download the
WG2WSConverter.ps1script to your local machine. - Open a PowerShell window with administrator privileges.
- Navigate to the directory containing the script.
- Run the script using the following command: powershell.exe -ExecutionPolicy Bypass -File .\WG2WSConverter.ps1
- Follow the prompts to input your WireGuard configuration file path and specify the output path for the WireSock configuration.
- Enter the IP ranges, websites, or IPs you want to route through the VPN when prompted.
- The script will generate a new WireSock configuration file with the necessary modifications.
- Windows operating system
- PowerShell 5.1 or later
- Administrator privileges (required for modifying network routes)
- Existing WireGuard configuration file
- WireSock client installed on the system
- This script does not include options for allowing specific apps through the VPN or disallowing certain traffic. These features are not implemented as they were not required by the author.
- The script assumes that the server-side configuration is already secure and focuses on enhancing client-side security for partial tunneling scenarios.
- IPv6 addresses are not supported and will be skipped if entered.
Contributions to improve the script or extend its functionality are welcome. Please feel free to submit issues or pull requests on the GitHub repository.
This project is licensed under the GNU General Public License v2.0 - see the LICENSE file for details.
This script modifies network configurations and routing tables. While it's designed to enhance security, please ensure you understand the changes it makes to your system. Always backup your original configurations before using this script.
Anton Luu
- WireGuard® is a registered trademark of Jason A. Donenfeld.
- WireSock is developed and maintained by WireGuard LLC.