> 1. The documentation implies that if I executed the following command > from a command line "wireguard.exe" that it will start the Manager > Service and show the UI. It then states that calling wireguard.exe > /installmanagerservice is suitable for silent installation but what I > find is that the Management GUI is still activated and shown on the > desktop. > Is there anyway to start the service without the GUI window appearing? > And is there anyway to prevent the UI in the system tray from being > installed?
Try wireguard.exe /installtunnelservice mytunnel.conf and wireguard.exe /uninstalltunnelservice mytunnel.conf. > 2. If for any reason the Wireguard peer is not reachable then the > Handshake does not complete. When using the GUI the tunnel is shows > Active but it is the tunnelservice that is active not the connection. Is > there a way to limit the number of handshake retries before giving up on > trying to connect? WireGuard is connection-less. Only after there is a packet for a peer, it'll perform handshake with the peer and sent the packet to it. See it as on-demand connection. Now, if you insist on verifying if the connection is possible over the VPN tunnel, send a ping thru the tunnel and see if the handshake occurs and succeeds. > 3. From time to time the endpoint address of the peer system may have > changed (I do not use a dynamic DNS service) so when trying to connect I > hit the problem described in 2 above. I know what the new endpoint > address is and can set it dynamically using the wg set command and the > connection is then made. I would like to be able to programmatically > save this change without having to manually edit the client config > files. I tried using wg syncconf but get a permissions error because of > the properties around the dpapi config files. > Is there an alternative way to doing this short of deleting the existing > dpapi file and adding a new .conf file and have the manager service > encrypt it but that approach means I need to keep the private key in the > clear somewhere in order to create the new conf file.\ Jason suggested me to add a Scheduled Task to call wg.exe set mytunnel peer pubkey endpoint 1.2.3.4:11111 on a few minute basis. It works like a charm when roaming back and forth between local and remote networks. It's way more efficient than deactivating the tunnel, updating config and reactivating the tunnel. > 4. There are 2 option listed under wireguard command line options namely > /managerservice and /tunnelservice CONFIG_PATH - can someone tell me > what they are supposed to do every time I try running one of them I get > an error popup that says - The service process could not connect to the > service controller.wireguard Those options are to be used by Windows SCM when wireguard.exe runs as a service. If you are familiar with programming, you might want to take a look into the embeddable-dll-service folder in the wireguard-windows repo. Regards, Simon
