On 24/08/16 10:45, Samuli Seppänen wrote:
> Il 24/08/2016 11:14, Jan Just Keijser ha scritto:
>> Hi,
>> On 23/08/16 14:34, Gert Doering wrote:
>>> On Tue, Aug 23, 2016 at 01:55:23AM +0100, debbie10t wrote:
>>>> I need to use --up/--down/--client-connect/disconnect et al ..
>>> You can, but they will run with the user privileges of the user that
>>> runs openvpn-gui by default.  If you need more privileges, you need
>>> to run openvpn.exe or the gui with admin privs.
>>>> How does one run openvpn on *windows* without these "considered"
>>>> security flaws ? or are we all just "lambs to the slaughter"
>>>> from here on in ?
>>> You can use openvpnserv2 to run openvpn.exe with admin privs (and no
>>> gui), or you can set [x] run as admin on the openvpn-gui (as it was 
>>> done
>>> for 2.3.x).
>>> Most people on windows only need privileges to add/delete routes and
>>> configure IP addresses - this is what the iservice will give you, 
>>> without
>>> the potential dangers of running openvpn and all scripts with full
>>> admin privs.
>> just for my understanding: how would a user run an up/down script with
>> *USER* credentials (necessary to map a share or printer, for example) in
>> this scenario?
> You mean when running OpenVPN-GUI as admin, but wanting the map a 
> share as a non-privileged user?
Actually, how would a (clueless) user do this at all, using the 
interactive service?  which part should be run with admin privs, which 
part shouldn't ?    which credentials are available to the interactive 
service (and any up/down scripts it may run) ?   should a user use a GUI 
up/down script (I know the old GUI supported this) instead?


Openvpn-devel mailing list

Reply via email to