[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN client on Vista


  • Subject: Re: [Openvpn-users] OpenVPN client on Vista
  • From: Colin Ryan <colinr@xxxxxxxx>
  • Date: Tue, 02 Oct 2007 22:34:57 -0400

Absolutely, a painful fact. The Tap driver itself can be opened and 
connect without explicit "Run as Administrator" properties but the 
routing can't be.

I believe there are ways to sign and register executable for privilege 
escalation, but in my first reading it was obscure, looked messy and 
needed some tool set's that I not being much of a developer - especially 
a Windoze developer - couldn't seem to get a firm handle on.

So for now, until I find the time this is the reality. But if you run 
openvpn or the openvpn-gui executable's properties tab, select 
"Compatibility Mode" and check the "Run as Administrator" at least you 
don't have to worry about this all the time. However this will still 
break if you attempt to have OpenVPN GUI - for example - startup on 
login/boot. I do NOT know what happens when you try to run as a service, 
but I do know it is documented in Openvpn-Gui that service mode makes 
the log output and status difficult to get at so it's troublesome from a 
support perspective.

C

Dave Green wrote:
> Top posting to follow exisitng trend...
>
> I think that in Vista, even the admin accounts don't have full admin 
> privileges. I had a similar problem with OpenVPN on a vista laptop and 
> the fix was to assign administrative privileges to the Openvpn 
> executable itself. I think it was done via the properties page.
>
> Dave
>
> Paul Harlow wrote:
>   
>> Apologies, I failed to mention that yes I am an administrator. Domain 
>> administrator to be exact so permissions should not be an issue 
>> however I run into permission issues all the time with Vista.
>>
>> I know that in order to add routes to Vista even an administrator must 
>> run the CMD tool in an ‘administrative mode’.
>>
>> Thanks for the response. J
>>
>> Paul Harlow
>>
>> 303.695.3861 - desk
>>
>> 303.913.2804 - cell
>>
>> *From:* Leonardo Rodrigues Magalhães [mailto:leolistas@xxxxxxxxxxxxxx]
>> *Sent:* Tuesday, October 02, 2007 3:33 PM
>> *To:* Paul Harlow
>> *Cc:* openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>> *Subject:* Re: [Openvpn-users] OpenVPN client on Vista
>>
>>
>> You're running with non-admin user. OpenVPN needs some network 
>> privileges for adding the new (and required) routes for traffic 
>> flowing through the VPN tunnel.
>>
>> You have to run with some admin user OR get the right permissions on 
>> your non-admin user. I dont know what's the right privilege on Vista 
>> neither how to give privileges on Vista. But that's the point, you 
>> dont have right for creating new routes and, thus, nothing will flow 
>> through the vpn tunnel.
>>
>>
>> Paul Harlow escreveu:
>>
>> Hello,
>>
>> I keep seeing that it’s possible to run OpenVPN on Vista however I 
>> cannot get it to work on a laptop with Vista Business installed. 
>> OpenVPN 2.1_rc4 installs flawlessly and the drivers appear to install 
>> without issues as well. Initially I’ve tested this client/server setup 
>> on Windows XP and it works flawlessly.
>>
>> When I connect the client on Vista (using the GUI tool) it appears to 
>> connect successfully however no traffic will route via the ‘new’ 
>> interface. When I look in the log I get the following errors:
>>
>> NOTE: FlushIpNetTable failed on interface [18] 
>> {CE78FFF2-3B21-4A7F-931E-6D07AE329934} (status=5) : Access is denied.
>>
>> TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
>>
>> route ADD 10.9.1.0 MASK 255.255.255.0 10.10.9.5
>>
>> ROUTE: route addition failed using CreateIpForwardEntry: Access is 
>> denied. [status=5 if_index=18]
>>
>> Route addition via IPAPI failed [adaptive]
>>
>> Route addition fallback to route.exe
>>
>> The requested operation requires elevation.
>>
>> ERROR: Windows route add command failed [adaptive]: system() returned 
>> error code 1
>>
>> route ADD 10.10.9.1 MASK 255.255.255.255 10.10.9.5
>>
>> ROUTE: route addition failed using CreateIpForwardEntry: Access is 
>> denied. [status=5 if_index=18]
>>
>> Route addition via IPAPI failed [adaptive]
>>
>> Route addition fallback to route.exe
>>
>> The requested operation requires elevation.
>>
>> ERROR: Windows route add command failed [adaptive]: system() returned 
>> error code 1
>>
>> Initialization Sequence Completed
>>
>> Are there fixes or work arounds to this? I cannot find anything and 
>> the archives only go back to April.
>>
>> Paul
>>
>>
>>
>> -- 
>>  
>>  
>>         Atenciosamente / Sincerily,
>>         Leonardo Rodrigues
>>         Solutti Tecnologia
>>         http://www.solutti.com.br
>>  
>>         Minha armadilha de SPAM, NÃO mandem email
>>         gertrudes@xxxxxxxxxxxxxx <mailto:gertrudes@xxxxxxxxxxxxxx>
>>         My SPAMTRAP, do not email it
>>  
>>  
>> ------------------------------------------------------------------------
>>
>> -------------------------------------------------------------------------
>> This SF.net email is sponsored by: Microsoft
>> Defy all challenges. Microsoft(R) Visual Studio 2005.
>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Openvpn-users mailing list
>> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>>   
>>     
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>   

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users