On 20/08/16 19:41, David Sommerseth wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 19/08/16 18:13, debbie10t wrote: >> Hi, >> >> On 05/08/16 03:04, Selva Nair wrote: >>> On Thu, Aug 4, 2016 at 6:53 PM, debbie10t <debbie...@gmail.com> >>> wrote: >>> >>>> Hi >>>> >>>> So windows 10 as a Server. >>>> >>>> === >>>> >>>> General details: Non admin Win10 unmodified user Using OVPN >>>> GUI OVPN Interactive service started and used Win10 Tun Server >>>> (auto + manual) IPv4 + IPv6 In average constant use ~20 Clients >>>> virtual, local and remote win xp/7/10 +linux >>>> >>>> >>>> Selva, >>>> >>>> If you have any specific tests please send me details. >> You are probably aware but for completeness: >> >> --up/--down scripts are *not* run with elevated privs and so they >> fail .. even when logged in as administrator and when using GUI + >> Interactive service. > This was an explicit design detail which was strived for with the new > interactive service - as a security enhancements. Otherwise it would > be trivial for non-admins to get elevated privileges when they should > not have that (think larger companies/enterprises with centrally > managed policies). > >> The /good old/ openvpnservice works fine. > Which is considered not secure for many reasons. > As is "par for the course" ..
On 22/08/16 21:49, David Sommerseth wrote: It is fully accepted to ask again if something is unclear and the questions are reasonably well asked. I need to use --up/--down/--client-connect/disconnect et al .. How does one run openvpn on *windows* without these "considered" security flaws ? or are we all just "lambs to the slaughter" from here on in ? Digging my own ****ing grave ... -- ------------------------------------------------------------------------------ _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel