Hi Simon, A quick reply:
> > IMO, the right approach on Windows is to run a bare minimal code as a > > service to get SYSTEM rights and the rest with limited privileges. > > Selva, those are two different use-cases. And none is "right" or "wrong". > OpenVPN can or should have both. :) > > 1. I need to run VPN tunnel as a persistent service - something that comes up > with computer (Group Policy Client service waits for about 30 seconds on boot > to get network access to AD server). And stays on all the time - any user > signed in or not. I connect computers with VPN. I too use OpenVPN like this, so I do understand the use case. And, the point was that the exe can be started through interactive service even in this case. That would allow running openvpn.exe at boot from a service with low privileges that delegates all privileged actions to iservice. Years ago when iservice was introduced we did briefly discuss this (with Heiko) but left it as a future enhancement which of course no one had time for. Unless I'm missing some scenario where this wont work. Anyway, this is beyond the scope of the current patch. Selva _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel