2012/2/29 Heiko Hund <heiko.h...@sophos.com> > > On Wednesday 29 February 2012 11:38:17 Carsten Krüger wrote: > > > You forgot the GUI in this picture. If the service is connected to the > > > management interface the GUI can't connect anymore. > > > > ? > > If I understand you correctly it works this way: > > > > openvpnserv.exe spawns openvpn.exe > > openvpnhelperserv.exe spawns openvpnhelper.exe > > It's completely different. =) There will be a new service, I called it > interactive service. The GUI/client connects to a named pipe of that > service. > It passes the working directory, command line options and stdin input for > openpvn to the service. The service impersonates the client, creates > another > named pipe and starts openvpn. Besides the stuff from the GUI it also > passes > to client end of the created pipe to openvpn. The GUI may now connect the > the > management interface. If openvpn needs to perform a privileged operation > it > request it through the named pipe that was passed by the interactive > service. > There's only a limited and well defined set of privileged operations that > are > serviced through the pipe. Currently only setting of IPv4 and IPv6 routes, > but > that will be extended to whatever makes sense e.g. ARP table flush is the > next > thing that will come.
This is way too complex solution for a simple problem. A proper design and discussion should take place before advancing in this route. Alon.
