This howto seems really usefull. It present temporary solutions for people who wants to start tunnels as non-admin.
Your article shows too that some features are still missing in the field to make openvpn a professional software of choice.
- Full certificate support: actually, the SYSTEM account can't access to users certificates and private keys which are located into IE cert store. People with smart cards are actually unable to use them as users only.
But really big thanks to Peter for is initial release of the cryptoapi patch.
- You talk about the enhanced service wrapper, it's not yet clear for me what are it's job with openvpn and the GUI. I've understand that the service should be always running, able to receive GUI orders to start/stop required tunnels. the service wrapper assign a management port to the starting openvpn process and then give it to the GUI in order to make it albe to monitor the tunnel startup. If the tunnel need to decrypt a private key, the way the password is given depends on the config file. If the private key is on disk, openvpn will ask the the GUI to give it using the management socket, and if the private key is into the IE cert store, it's windows or the manufacturer CSP that will ask for the password throw a windows based window.
So, each one of the 3 components, openvpn binary, the gui and the service, has to talk to the two others. Is that right?
After 2.0 release, this ability to make non-admin users able to connect to remote network with great security features will probably be a major challenge.
Mathias Sundman wrote:
I've written a small HowTo on running OpenVPN / OpenVPN GUI as a non-admin user in Windows.
____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users