Edit an Endpoint

To modify the properties of an existing endpoint, follow these steps:

  1. Click the Hosts link in the app header.
  2. Find the host containing the endpoint’s interface in the list, and click the host’s name to view the host’s main status page.
  3. Find the endpoint in the Endpoints panel, and click its name to view the endpoint’s main status page.
  4. Click the “pencil” icon on the right side of the Endpoint panel to modify the endpoint’s properties.
  5. Edit the fields of this form as described below:

Allowed IPs

Enter the individual IP addresses or CIDR blocks that this interface can access through the endpoint, like “10.0.0.0/24, fd00::/64”, in the Allowed IPs field. Separate multiple addresses or blocks with commas, newlines, or other whitespace.

TIP: To send all traffic through this endpoint by default, set the Allowed IPs field to “0.0.0.0/0, ::/0”.

Disallowed IPs

Enter the individual IP addresses or CIDR blocks that should not be sent through this interface, like “10.0.0.123, fd00:0:0:0:1234::/80”, in the Disallowed IPs field. Separate multiple addresses or blocks with commas, newlines, or other whitespace.

Allowed Apps

If you want the ACSC connection to be used only by a few specific applications, enter their process names, like “chrome, firefox, msedge”, in the Allowed Apps field.

You can also specify applications by the full path to their executable file (like “C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe”), or the full path to an ancestor directory (like “C:\Program Files (x86)\Microsoft”).

TIP: Usually you should keep this field empty (so that all applications on the system will use the ACSC connection by default).

Disallowed Apps

If you want to exclude a few specific applications from using the ACSC connection, enter their process names, like “chrome, firefox, msedge”, in the Disallowed Apps field.

You can also specify applications by the full path to their executable file (like “C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe”), or the full path to an ancestor directory (like “C:\Program Files (x86)\Microsoft”).

IMPORTANT: This field should always include the “acsc-agent-service” application (to ensure that the ACSC control plane and data plane are kept separate).

Hostname

Optionally enter the remote hostname or IP address to which this interface should connect, like “vpn.example.com” or “192.0.2.1”, in the Hostname field (this corresponds to the hostname portion of the “Endpoint” setting in a wg-quick-style configuration file). Blank to remove the static hostname or IP address from the endpoint.

TIP: You need to set the hostname on one side of a ACSC connection – either on the endpoint from this host to the remote host, or the corresponding endpoint from the remote host to this host. If the remote host has a static DNS name or IP address, enter it here.

Port

If you entered a new hostname or IP address in the Hostname field, enter the destination UDP port on that remote host, like “51820”, in the Port field (this corresponds to the port portion of the “Endpoint” setting in a wg-quick-style configuration file). Otherwise, skip this field.

Persistent Keepalive

Optionally enter the number of seconds between keepalive packets to send to the endpoint, like “25”, in the Persistent Keepalive field. Blank to not send keepalive packets.

TIP: If there is a stateful firewall that doesn’t allow new inbound connections to this host (such as a firewall doing NAT, Network Address Translation) sitting between this host and the remote endpoint, and you want to allow the remote endpoint to initiate new inbound connections to this host (for example, to SSH from the remote endpoint into the host), you will need Persistent Keepalive. A value of “25” (seconds) usually works well for this purpose.

Socks5 Proxy

Optionally enter the hostname or IP address and port of a SOCKS5 proxy through which this interface should connect, like “proxy.example.com:1080”, in the Socks5 Proxy field.

TIP: Usually you should keep this field empty (unless this endpoint connects to the Anti-Cloud Hub).

Socks5 Proxy Username

If you entered a hostname or IP address in the Socks5 Proxy field, enter the SOCKS5 username to use to connect to it, like “exampleusername”, in the Socks5 Proxy Username field. Otherwise, skip this field.

Socks5 Proxy Password

If you entered a username in the Socks5 Proxy Username field, enter the SOCKS5 password to use to connect to it, like “examplepassword”, in the Socks5 Proxy Password field. Otherwise, skip this field.

Form Submit

Click the Update button to submit the form and queue the changes for the endpoint.

The next time the ACSC agent on the host pings the ACSC management server, the agent will receive the information about the endpoint update, and execute it.