Good day, this is my first posting on this list. I have read many of the past messages in the Archives but cannot find the answers I'm looking for and hoped I could get help from this list. I currently have a set up on multiple Windows PC's where the user needs to access services on multiple remote systems. Depending on the service the underlying network settings of the system may need to be changed and in some cases require connecting to a VPN server. Currently there are 2 possible VPN services (OpenVPN and SoftEtherVPN). I now need to add a 3rd option which is Wireguard.
The interfaces to the VPN's are completely hidden from the users. They simply double click on an icon for the service they want to connect to and my code under the covers takes care of disconnecting any active sessions and connecting to the new one. I have read the documentation on the wireguard.exe options to see if I can develop a similar hidden mechanism to connect and disconnect from a Wireguard peer and have the following questions. 1. The documentation implies that if I executed the following command from a command line "wireguard.exe" that it will start the Manager Service and show the UI. It then states that calling wireguard.exe /installmanagerservice is suitable for silent installation but what I find is that the Management GUI is still activated and shown on the desktop. Is there anyway to start the service without the GUI window appearing? And is there anyway to prevent the UI in the system tray from being installed? 2. If for any reason the Wireguard peer is not reachable then the Handshake does not complete. When using the GUI the tunnel is shows Active but it is the tunnelservice that is active not the connection. Is there a way to limit the number of handshake retries before giving up on trying to connect? 3. From time to time the endpoint address of the peer system may have changed (I do not use a dynamic DNS service) so when trying to connect I hit the problem described in 2 above. I know what the new endpoint address is and can set it dynamically using the wg set command and the connection is then made. I would like to be able to programmatically save this change without having to manually edit the client config files. I tried using wg syncconf but get a permissions error because of the properties around the dpapi config files. Is there an alternative way to doing this short of deleting the existing dpapi file and adding a new .conf file and have the manager service encrypt it but that approach means I need to keep the private key in the clear somewhere in order to create the new conf file.\ 4. There are 2 option listed under wireguard command line options namely /managerservice and /tunnelservice CONFIG_PATH - can someone tell me what they are supposed to do every time I try running one of them I get an error popup that says - The service process could not connect to the service controller.wireguard Thanks in advance for any guidance you can give me. Regards Mike
