[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN, Vista and privilege elevation


  • Subject: Re: [Openvpn-users] OpenVPN, Vista and privilege elevation
  • From: Colin Ryan <colinr@xxxxxxxx>
  • Date: Tue, 22 Jan 2008 13:30:21 -0500

To the best of my knowledge you are out of luck unless.

You jump through all the M$ hoops and sign your installer and your 
binaries, and if customized your driver. Then figure out the appropriate 
catalog and installer parameters to allow the appropriate automagic 
escalations.

Not saying I know exactly how to do all this but I am quite confident 
that unless you go down this path it's pointless.

Oh... or disable UAC.

C

Quentin Garnier wrote:
> Hi all,
>
> I've been rolling out a custom Windows installer of OpenVPN 2.0.9 and
> the GUI to my users for some time now.  While OpenVPN does connect on
> Vista, it fails to add the required routes to the internal network,
> which makes it rather useless for my users.
>
> I've been trying to work around that issue today, but so far I've
> failed.
>
> The things I considered:
>
>   * route-method exe => requires privilege elevation
>   * route-method ipapi => fails with 2.0.9, requires privilege
>     elevation with 2.1rc4
>
> At that point, I thought my only solution was to use OpenVPN as a
> service, which means I still need 2.1rc4 to get ipapi working.
>
> Alas, I'm unable to make OpenVPN-as-a-service work with a configuration
> where the private key is password-protected.  Simply starting the
> service doesn't work, of course, as it complains about not being able
> to read the passphrase, but what's more worrisome is the GUI failing
> to, I quote, "open OpenVPNService".
>
> Anyone has a solution?  The point is to have an installation package
> that ships with my own config and lets the user just click the icon,
> enter the password and connect afterwards.
>
> I'm not afraid of trying diffs, I can probably set up a MinGW
> environment to recompile openvpn.exe pretty easily.
>
> Quentin Garnier.
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>   

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users