Comments (5)
i haven't found any infos about that. here is a list of known cve:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=wireguard
perhaps it make sense to contact the developers of wireguard windows client. will you contact them too?
from wgserverforwindows.
I have a similar issue in regards the Windows Firewall.
Even if I implement a Firewall rule (on the Windows Server that hosts Wireguard) that blocks ALL outgoing traffic, the Wireguard clients can still reach out to the network.
Any ideas what might be the issue or how we can control Wireguard clients that under Windows NAT?
from wgserverforwindows.
Hey @comsyspro I'll admit I don't know a ton about Windows Firewall. or how custom network adapters interact (although I would think it's just the WireGuard server application listening on that port, shouldn't be anything special). Just looking through the rule options, a few (probably obvious) questions come to mind.
- Did you make an inbound rule?
- Did you pick
51820
as the local port and "All" for remote? - Did you select all profiles (or at least the one that matches your WG interface, most likely Private)?
I'm sure the answer is yes to all, so I'm not sure how helpful that is. I'd be interested to hear if the community has any other ideas.
from wgserverforwindows.
you can make following experiment. when you remove all incoming rules in the windows firewall - so nothing can come in and all traffic is blocked - and than you start wireguard as a vpn server with any port e.g. 51820 then it is still possible to connect clients to this server. so i can't understand how and why this can be possible to bypass the firewall. the normal behavior would be to first open the udp port for e.g. 51820 before anything can go through. but it seems that the traffic of wireguard for windows goes somehow not through the firewall but passes. on linux it works like it should. it makes no difference if you have a private or public wireguard networkinterface, the firewall gets passed. normally this should not be a security hole because you need to open the wireguard port to the public either way but it feels unnormal when you can't control it and you don't know what happens under the hood or what's going wrong in the windows firewall.
from wgserverforwindows.
I agree, it absolutely feels like a security hole. It shouldn't matter if a application to can bind to a port directly if it's blocked by the firewall. Is there anything else out there about this? I wonder if you discovered a CVE. 🤔 Unless we're missing something.
from wgserverforwindows.
Related Issues (20)
- Enable Internet Sharing: An event was unable to invoke any of the subscribers (0x80040201) HOT 1
- Enable configuration of PersistentKeepalive in client configuration HOT 7
- It closes by itself after a while of not using it (Win11). HOT 3
- [Feature Request] Add a removal tool incase the tunnel is incorrectly installed HOT 4
- My server does not have NAT related functions here HOT 2
- [Feature Request] Server MTU Size setting
- route wireguard server hosts file HOT 1
- error
- What's the difference between clients_data/ and clients_wg/ directories? HOT 1
- Invalid class error after splash [already solved] HOT 2
- Client Connection HOT 1
- Enable NAT Failed
- Server keeps trying to handshake after client disconnects HOT 1
- No Internet HOT 2
- Installer does nothing on w2k16 server HOT 1
- Logging or CLI client status HOT 1
- Manually change MTU and restart the service HOT 1
- wgServerforWindows How to uninstall it? HOT 1
- Autorun HOT 1
- NAT routing issue HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wgserverforwindows.