0

I have multiple computers (Win10 pro) placed at different remote locations (my partners) that I need to manage. I need to access them from a central location. So I have a central VPN server, and I want multiple Win10 pro instances to connect to it. I'm using L2TP, but I would like to migrate to wireguard. With L2TP, it is possible to start rasdial.exe in the background, from the task scheduler. The main goal is to start the tunnel as soon as the computer starts up, and automatically reconnect if the tunnel goes down. I need this BEFORE any user logs into the computer (e.g. in the background). I wonder if the same can be done with wireguard?

I noticed that there is a program called C:\Program Files\Wireguard\wg.exe and its command line options are very similar to the wg (linux) program:

C:\Program Files\WireGuard>wg.exe --help
Usage: wg.exe <cmd> [<args>]

Available subcommands:
  show: Shows the current configuration and device information
  showconf: Shows the current configuration of a given WireGuard interface, for use with `setconf'
  set: Change the current configuration, add peers, remove peers, or change peers
  setconf: Applies a configuration file to a WireGuard interface
  addconf: Appends a configuration file to a WireGuard interface
  syncconf: Synchronizes a configuration file to a WireGuard interface
  genkey: Generates a new private key and writes it to stdout
  genpsk: Generates a new preshared key and writes it to stdout
  pubkey: Reads a private key from stdin and writes a public key to stdout
You may pass `--help' to any of these subcommands to view usage.

But I think it is for configuration only. I think it cannot be used to activate a tunnel. The original documentation ( https://www.wireguard.com/quickstart/#command-line-interface ) explains that "the interface can ... be activated with ifconfig(8) or ip-link(8)" but of course that works for unix only. In that documentation, there is another note "Non-Linux users will instead write wireguard-go wg0" but I'm not sure what they mean here. There is no program name "wireguard-go" anywhere. The network adapter for the tunnel only shows up in the network adatpter list when the tunnel is already active. E.g. there is no network adapter that I could "enable" or "activate" when the tunnel is down. Finally, there is wireguard.exe. When started without parameters, it is a GUI application. It cannot be run without a logged in user and a desktop, and it does not activate any tunnel automatically. It has some interesting command line options. "wireguard.exe /managerservice" is used to start it as a windows service. "wireguard.exe /tunnelservice CONFIG_PATH" looks promising, but I was not able to start that. I get this error, that "the process could not connect to the service manager" or something similar. (I also get this error when I start it as administrator.)

I'm out of ideas. How should I do this?

nagylzs
  • 657
  • 2
  • 8
  • 21
  • you have in my mind 2 options, either use nssm as a third party software or use the wg client that could be running via a wg file from autostart or basically even untested via schedule – djdomi Mar 12 '22 at 15:30
  • Use nssm how? What should it start? – nagylzs Mar 12 '22 at 15:41
  • with the non sucking service manager you can install the service as you need – djdomi Mar 12 '22 at 15:42
  • I know what nssm is. But you need to tell a command to start. What should be the command? – nagylzs Mar 12 '22 at 15:43
  • 2
    "C:\Program Files\WireGuard\wireguard.exe" /installtunnelservice "C:\Program Files\WireGuard\Data\Configurations\NAME_OF_CONNECTION.conf.dpapi" is a common way remind that wg and wireguard is not the same – djdomi Mar 12 '22 at 15:58
  • I think that is what I needed. Testing now... – nagylzs Mar 12 '22 at 16:07
  • It seems that wireguard WIndows client saves the state of the connection, and restores when windows starts. E.g. if a connection was active when windows was shut down, then it will be activated automatically next time it starts up. (apparenty, even when the user is not logged in) I do not need to write my own scheduled task for this, after all. But it is good to know that this can be done, and how. – nagylzs Jul 25 '22 at 08:14

1 Answers1

1

I found instructions for this at https://r-pufky.github.io/docs/services/wireguard/windows-setup.html

Start-Process 'C:\Program Files\WireGuard\wireguard.exe' -ArgumentList '/installtunnelservice', 'my-tunnel.conf' -Wait -NoNewWindow -PassThru | Out-Null
Start-Process sc.exe -ArgumentList 'config', 'WireGuardTunnel$my-tunnel', 'start= delayed-auto' -Wait -NoNewWindow -PassThru | Out-Null
Start-Service -Name WireGuardTunnel$my-tunnel -ErrorAction SilentlyContinue
Roger Dueck
  • 496
  • 4
  • 14