Windows kill-switch with IP exceptions

blurt_overkill882 at simplelogin.com blurt_overkill882 at simplelogin.com
Sun Oct 29 16:20:04 UTC 2023


Howdy WireGuard team!

I was wondering if it is at all possible to enable the kill-switch on the Windows client with exceptions for local IP addresses. I have noticed the kill-switch will automatically enable when you specify the allowed IPs 0.0.0.0/0.

Unfortunately this is not ideal for my machine as I would like to allow all LAN connections to bypass the VPN. One way I can achieve this is by disabling the kill-switch, which sets the allowed IPs 0.0.0.0/1 and 128.0.0.0/1. This does work, however some apps on Windows can still bind themselves to the non VPN adapter, which completely bypasses the VPN even on these IP ranges.

The kill-switch feature works great at stopping apps binding to the non VPN tunnel. I was hoping that it might be possible to have the kill-switch continue to do this baring all local addresses.

Surfshark have implemented this with their kill-switch feature, it would be nice to be able to replicate the same with the WireGuard client.

Is this at all possible, please may you explain why or why not if you have the time?

Thanks for the software, and more importantly thanks for reading my query!

Regards, avid WireGuard user.



More information about the WireGuard mailing list