I need help creating a properly working wireguard zone. They work the same on every Virtual Network so I just need help with the rules.
Since there is no MAC on WG setups I don’t exactly know what to add to my zone to allow a per app setup.
I love how CIS works, especially the CFW default deny part an have been a paying member for years. I rarely ask for help but could use some now.
If I 1) had your exact problem and 2) had solved it, rest assured I would have told you by now.
I use a different VPN (Surfshark) which sets up a WAN Miniport interface. This was detected by CIS on the first connection attempt and it automatically set up a network zone and associated rules.
Similarly, when I was testing a VPN server with the OpenVPN client, - it set up a TAP adaptor which was correctly detected by CIS on the first connection attempt and the appropriate zones and rules were created automatically.
Hopefully, the official support centre will be able to assist you with your Wireguard per-app requirements.
I used surfshark a while, idk, it didn’t speed things up much, the log policy is the same and the country is in the same 13 eyes so “meh” don’t have that much to hide anyway.
What PIA seems to do is add a new driver, just like a tap/tun but without a MAC, it seems to route everything through a program they wrote, I seriously have no idea.
It seems to still route the traffic through the normal protocol (10.x.x.x) but no MAC available so my network zone is useless.
You could (if you feel like it and have the time) pick up any free email and add a 30 day free sub, then just ignore afterwards and get a refund (depending on your experience, you might like it, my speed was faster with PIA then it was with Surf on WG, and evne if they got bought by KAPE, the logs still show no logs provided in court).