On Wed, Aug 24, 2016 at 4:14 AM, Jan Just Keijser <janj...@nikhef.nl> wrote:

> Hi,
> On 23/08/16 14:34, Gert Doering wrote:
> > On Tue, Aug 23, 2016 at 01:55:23AM +0100, debbie10t wrote:
> >> I need to use --up/--down/--client-connect/disconnect et al ..
> > You can, but they will run with the user privileges of the user that
> > runs openvpn-gui by default.  If you need more privileges, you need
> > to run openvpn.exe or the gui with admin privs.
> >
> >> How does one run openvpn on *windows* without these "considered"
> >> security flaws ? or are we all just "lambs to the slaughter"
> >> from here on in ?
> > You can use openvpnserv2 to run openvpn.exe with admin privs (and no
> > gui), or you can set [x] run as admin on the openvpn-gui (as it was done
> > for 2.3.x).
> >
> > Most people on windows only need privileges to add/delete routes and
> > configure IP addresses - this is what the iservice will give you, without
> > the potential dangers of running openvpn and all scripts with full
> > admin privs.
> >
> just for my understanding: how would a user run an up/down script with
> *USER* credentials (necessary to map a share or printer, for example) in
> this scenario?

This requires a non-standard setup. Before iservice was available, we
solved this issue like this: start all connections at boot-time using the
automatic service holding them using management-hold. Then MI-GUI running
as user was used to control the connection (hold release to connect, hold
on + SIGHUP to disconnect and put back on hold). In that case scripts run
by openvpn executed as admin (we allowed no such scripts) and scripts run
by the GUI ran as user. The latter was used for mapping drives.

iservice made all this much simpler --- start the GUI as user and
everything runs as user (ordinary users do not care what happens under the
hood of iservice) or start the GUI as admin and everything runs as admin
(in this case iservice will not be used, but all of that is transparent to
the user).

Going forward, I have a patch in the making (well, it works but needs some
refining) that will allow the GUI to control (connect, disconnect etc..)
prestarted instances so that more advanced users who want to start openvpn
at boot time can still control it using the GUI running as user. In this
case, the prestarted instance could use iservice or be started as admin
depending on the user's need. Obviously, such a use case would be aimed at
"clueful" users.

Openvpn-devel mailing list

Reply via email to