Hi, On 24/08/16 10:45, Samuli Seppänen wrote: > Il 24/08/2016 11:14, Jan Just Keijser ha scritto: >> Hi, >> >> On 23/08/16 14:34, Gert Doering wrote: >>> On Tue, Aug 23, 2016 at 01:55:23AM +0100, debbie10t wrote: >>>> I need to use --up/--down/--client-connect/disconnect et al .. >>> You can, but they will run with the user privileges of the user that >>> runs openvpn-gui by default. If you need more privileges, you need >>> to run openvpn.exe or the gui with admin privs. >>> >>>> How does one run openvpn on *windows* without these "considered" >>>> security flaws ? or are we all just "lambs to the slaughter" >>>> from here on in ? >>> You can use openvpnserv2 to run openvpn.exe with admin privs (and no >>> gui), or you can set [x] run as admin on the openvpn-gui (as it was >>> done >>> for 2.3.x). >>> >>> Most people on windows only need privileges to add/delete routes and >>> configure IP addresses - this is what the iservice will give you, >>> without >>> the potential dangers of running openvpn and all scripts with full >>> admin privs. >>> >> just for my understanding: how would a user run an up/down script with >> *USER* credentials (necessary to map a share or printer, for example) in >> this scenario? > > You mean when running OpenVPN-GUI as admin, but wanting the map a > share as a non-privileged user? > Actually, how would a (clueless) user do this at all, using the interactive service? which part should be run with admin privs, which part shouldn't ? which credentials are available to the interactive service (and any up/down scripts it may run) ? should a user use a GUI up/down script (I know the old GUI supported this) instead?
JJK ------------------------------------------------------------------------------ _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
