[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN, Vista and privilege elevation


  • Subject: Re: [Openvpn-users] OpenVPN, Vista and privilege elevation
  • From: Quentin Garnier <qgarnier@xxxxxxxxxxxx>
  • Date: Tue, 22 Jan 2008 19:37:49 +0100

Le Tue, 22 Jan 2008 13:30:21 -0500,
Colin Ryan <colinr@xxxxxxxx> a écrit :

> To the best of my knowledge you are out of luck unless.
> 
> You jump through all the M$ hoops and sign your installer and your 
> binaries, and if customized your driver. Then figure out the
> appropriate catalog and installer parameters to allow the appropriate
> automagic escalations.
> 
> Not saying I know exactly how to do all this but I am quite confident 
> that unless you go down this path it's pointless.
> 
> Oh... or disable UAC.

I could live with UAC asking for authorization to do the task, but it
doesn't do that.  I just get the error in the logs when it adds the
routes.

And that's non-service mode.  The "failed to open OpenVPNService" error
from the GUI in service mode probably isn't an UAC failure.  Or is it?

Quentin Garnier.

> Quentin Garnier wrote:
> > Hi all,
> >
> > I've been rolling out a custom Windows installer of OpenVPN 2.0.9
> > and the GUI to my users for some time now.  While OpenVPN does
> > connect on Vista, it fails to add the required routes to the
> > internal network, which makes it rather useless for my users.
> >
> > I've been trying to work around that issue today, but so far I've
> > failed.
> >
> > The things I considered:
> >
> >   * route-method exe => requires privilege elevation
> >   * route-method ipapi => fails with 2.0.9, requires privilege
> >     elevation with 2.1rc4
> >
> > At that point, I thought my only solution was to use OpenVPN as a
> > service, which means I still need 2.1rc4 to get ipapi working.
> >
> > Alas, I'm unable to make OpenVPN-as-a-service work with a
> > configuration where the private key is password-protected.  Simply
> > starting the service doesn't work, of course, as it complains about
> > not being able to read the passphrase, but what's more worrisome is
> > the GUI failing to, I quote, "open OpenVPNService".
> >
> > Anyone has a solution?  The point is to have an installation package
> > that ships with my own config and lets the user just click the icon,
> > enter the password and connect afterwards.
> >
> > I'm not afraid of trying diffs, I can probably set up a MinGW
> > environment to recompile openvpn.exe pretty easily.
> >
> > Quentin Garnier.
> >
> > -------------------------------------------------------------------------______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users