forgot to CC: the list Hi,
On Thu, Feb 11, 2016 at 11:42 AM, Samuli Seppänen <sam...@openvpn.net> wrote: PS> C:\> openvpnserv.exe -install > PS> C:\> openvpnserv.exe -start automatic > I suppose you mean openvpnserv.exe -start interactive (-start automatic or start without any option will start the automatic service which is not a good idea.) > After this the interactive service is running, but the non-interactive > one is not: A few things to fix: > > - Revert commit 2af86368964 in openvpn-gui > We may want to do this only for 2.4 (or git master) based binary distributions. For 2.3 there is no interactive service and this "highestAvailable" may still be required (or at least expected by users). One way to handle this is to create a release branch on the GUI repo and revert the commit only in master. Then 2.3 installers can continue to use that release branch. > - Make OpenVPN-GUI fail/warn if it can't reach interactive service > In fact it may be ok to require the iservice to operate the GUI -- that is do not allow the GUI to directly start openvpn.exe -- running as admin will fail with a message then). But leave this for later? - Enable interactive service at OpenVPN install > I think the installer should include the following commands (i) openvpnserv.exe -install <- this will install both auto and interactive services this is probably there in the current NSIS installer (the user can disable it by chosing not to install any service, but its not possible to install only one of those (not yet, at least). (ii) openvpnserv.exe --start interactive Do not start the automatic service by default as that is meant for expert users. Else it will spawn-up openvpn.exe for all configs found and possibly mess-up with interactive use. - Relax OpenVPN's config file permissions, or... > - ... make OpenVPN-GUI read configs from user's home dir by default > With the pull #13, its now possible for the user to edit HKCU\Software\OpenVPN\config_dir to point the GUI to an alternate location for configs. Currently there are no access checks in the service, so any location with read access will work. Let's revisit this after the service is hardened to restrict configs and options. Then we can decide how to modify the installer to choose appropriate defaults for config_dir etc. > > Given that OpenVPNService and OpenVPNServiceInteractive have been > separated, replacing the non-interactive variant with openvpnserv2 > should not be too difficult. > While the two services can be independently stopped and started the two are installed and removed together: openvpnserv.exe --install sets up two services OpenVPNService and OpenVPNServiceInteractive. So any replacement will have to use a name distinct from those. I think openvpnserv2 uses the same name "OpenVPNService" which will cause a conflict. In the long run it may be better to remove the automatic service completely from the openvpnsev.exe code. > > Thoughts? > See above;) Cheers, Selva
