[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-devel] Solution for "non-administrator on Windows" ?


  • Subject: [Openvpn-devel] Solution for "non-administrator on Windows" ?
  • From: Melis van Deelen <deelen@xxxxxxxxx>
  • Date: Mon, 16 May 2005 21:02:21 +0200

Hello,

My OpenVPN connection on Windows works perfect if it is started by an administrator or system (=service) user. When i try to start the program by a non-administrator is gives the error:

CreateFile failed on TAP device: \\.\Global\{5B277664-435A-420B-97A3-454BC5A65CB0}.tap

This i a know problem. See http://openvpn.net/archive/openvpn-users/2004-07/msg00484.html

Unfortunately this this is a big problem for the "road warrior vpn" solution we try to implement. We cannot give the road warrior administrator access, and don't want to use services because passwords must be entered.

I did a intensive search to try to solve the problem. As James Yonan already found out, this not easy. Then I found a possible solution in a post of 25-12-2002 microsoft.public.windowsxp.winlogo of "WHQL, NDIS, and IoCreateDeviceSecure and Security (DACL)":

Try zero access mask, when you call CreateFile. For FILE_ACCESS_ANY IOCTL, you don't need neither GENERIC_READ nor GENERIC_WRITE access mask. You can also try MAXIMUM_ALLOWED access mask.

I did some testing with MAXIMUM_ALLOWED and i think it can solve the CreateFile error problem.

I suggest tying replace GENERIC_READ | GENERIC_WRITE in tun.c by MAXIMUM_ALLOWED to solve the non-administrator connection on Windows

Regards,

Melis van Deelen
http://www.bioscrm.com


____________________________________________ Openvpn-devel mailing list Openvpn-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-devel