Hi all,
I generated new installers which include the latest version of the PR:
<http://build.openvpn.net/downloads/temp/openvpn-install-2.3_guipr13v2-I603-i686.exe>
<http://build.openvpn.net/downloads/temp/openvpn-install-2.3_guipr13v2-I603-x86_64.exe>
These installers contain a manually patched openvpn-gui which reverts
commit 2af86368964 ("Run with highest privilege available"), so that
users with administrator privileges can launch OpenVPN-GUI with
non-elevated privileges. I tested the latter installer on a Windows 7
Pro 64-bit laptop and there were two issues.
1) Interactive service not installed by default
First, OpenVPN-GUI would silently fail to create routes when launched as
a normal user, as if interactive service was not present. And indeed it
is not out of the box. The fix was fairly simple (but not obvious):
PS> C:\> openvpnserv.exe -install
PS> C:\> openvpnserv.exe -start automatic
After this the interactive service is running, but the non-interactive
one is not:
PS> C:\> Get-Service|Where-Object { $_.DisplayName -like "*openvpn*" }
Status Name DisplayName
------ ---- -----------
Stopped OpenVPNService OpenVPN Service
Running OpenVPNServiceI... OpenVPN Interactive Service
When OpenVPN-GUI is now launched, it can now communicate with the
interactive service and the VPN works properly.
2) OpenVPN-GUI points OpenVPN config directory to a system-wide location
While OpenVPN-GUI now saves the registry keys under "HKCU" (=current
user) instead of "HKLM" (=local-machine), the default value for OpenVPN
configs is still C:\Program Files\OpenVPN\config (or equivalent). At
least on my test system the OpenVPN configuration files under that
directory could not be read by a normal user, even though listing the
files was permitted. This caused OpenVPN-GUI to see the config file, but
upon loading it just hanged.
---
A few things to fix:
- Revert commit 2af86368964 in openvpn-gui
- Make OpenVPN-GUI fail/warn if it can't reach interactive service
- Enable interactive service at OpenVPN install
- Relax OpenVPN's config file permissions, or...
- ... make OpenVPN-GUI read configs from user's home dir by default
Given that OpenVPNService and OpenVPNServiceInteractive have been
separated, replacing the non-interactive variant with openvpnserv2
should not be too difficult.
Thoughts?
--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc
irc freenode net: mattock
Hi,
Selva has a pending pull request to openvpn-gui, which completes the
integration of interactive service into OpenVPN installers:
<https://github.com/OpenVPN/openvpn-gui/pull/13>
The pull request contains several changes which need testing:
<https://github.com/OpenVPN/openvpn-gui/pull/13/commits>
I built test installers which include the new openvpn-gui code:
<http://build.openvpn.net/downloads/temp/openvpn-install-2.3_guipr13-I601-i686.exe>
<http://build.openvpn.net/downloads/temp/openvpn-install-2.3_guipr13-I601-x86_64.exe>
If you test these installers please report back and tell how things
went. I'll try to do testing on my own later today.
Best regards,
