Hi, On Tue, Oct 21, 2014 at 10:26 AM, Gert Doering <g...@greenie.muc.de> wrote:
> On Tue, Oct 21, 2014 at 09:55:09AM -0400, Selva Nair wrote: >> Currently OpneVPN-MI-GUI does work without elevated privileges using >> openvpn service and the management interface. I have a small user-base who >> have been happily using it this way for more than a year now. In my view if >> OpenVPN distribution could bundle the MI-GUI, it would be of great help. >Well, that works, but runs OpenVPN as privileged user - so a bug in >OpenVPN (or a config that runs scripts) could be used to attack the >system... Sure, the "log term" plan of having OpenVPN run as a normal user is great, but the current situation of every windows user needing admin privilege to run the UI is hard to meet in many installations. The MI-GUI solves that problem right now as opposed to sometime in future. (Plus, traditionally using the service will not work with username+password input, but if MI does that via management interface, it can be done) That's exactly what MI-GUI it does -- both certificate password and username/password are passed through the management interface. Locally, I have patched it to pass the certificate key as well although we don't normally use that option. Selva