On 20/08/16 19:41, David Sommerseth wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 19/08/16 18:13, debbie10t wrote:
>> Hi,
>>
>> On 05/08/16 03:04, Selva Nair wrote:
>>> On Thu, Aug 4, 2016 at 6:53 PM, debbie10t <debbie...@gmail.com>
>>> wrote:
>>>
>>>> Hi
>>>>
>>>> So windows 10 as a Server.
>>>>
>>>> ===
>>>>
>>>> General details: Non admin Win10 unmodified user Using OVPN
>>>> GUI OVPN Interactive service started and used Win10 Tun Server
>>>> (auto + manual) IPv4 + IPv6 In average constant use ~20 Clients
>>>> virtual, local and remote win xp/7/10 +linux
>>>>
>>>>
>>>> Selva,
>>>>
>>>> If you have any specific tests please send me details.
>> You are probably aware but for completeness:
>>
>> --up/--down scripts are *not* run with elevated privs and so they
>> fail .. even when logged in as administrator and when using GUI +
>> Interactive service.
> This was an explicit design detail which was strived for with the new
> interactive service - as a security enhancements.  Otherwise it would
> be trivial for non-admins to get elevated privileges when they should
> not have that (think larger companies/enterprises with centrally
> managed policies).
>
>> The /good old/ openvpnservice works fine.
> Which is considered not secure for many reasons.
>
As is "par for the course" ..


On 22/08/16 21:49, David Sommerseth wrote:

It is fully accepted to ask again if something is unclear and the
questions are reasonably well asked.


I need to use --up/--down/--client-connect/disconnect et al ..

How does one run openvpn on *windows* without these "considered"
security flaws ? or are we all just "lambs to the slaughter"
from here on in ?


Digging my own ****ing grave ...

-- 


------------------------------------------------------------------------------
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to