Il 11/02/2016 22:23, Selva Nair ha scritto:
Hi,
On Thu, Feb 11, 2016 at 11:42 AM, Samuli Seppänen <sam...@openvpn.net
<mailto:sam...@openvpn.net>> wrote:
2) OpenVPN-GUI points OpenVPN config directory to a system-wide location
While OpenVPN-GUI now saves the registry keys under "HKCU" (=current
user) instead of "HKLM" (=local-machine), the default value for OpenVPN
configs is still C:\Program Files\OpenVPN\config (or equivalent). At
least on my test system the OpenVPN configuration files under that
directory could not be read by a normal user, even though listing the
files was permitted. This caused OpenVPN-GUI to see the config file, but
upon loading it just hanged.
Changing this default may break most setups as that is where the GUI
looked for configs for so long.. I was under the impression that
C:\Program FIles\ and directories & files under it are readable by all
users. And that matches with a few machines I checked (win 7, win10,
server2012). openvpn.nsis does not show any permission settings on these
folders either. May be there are some "hardened" systems where such
locations are not readable?
The reason my user was unable to read configs in C:\Program
Files\OpenVPN\config was related to ACLs. I had copied the config file
there as the main administrator account, so the owner was wrong. This
prevented the normal user from reading the file. I had to set the ACLs
properly to fix the issue.
While the above could be seen as a user mistake, the ACLs in Windows are
pretty well hidden from normal users and even admins. This could end up
being a minor support nightmare for us.
I'm don't write GUI, so anything beyond a warning popup is too hard for
me. Yet, it would be nice to have an initial configuration dialog (shown
at first run by each user) to set config_dir and possibly a few other
parameters.
That would be good. We also need to warn about lack of permissions on
the config files. Right now GUI just hangs if it can't read the OpenVPN
config file.
--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc
irc freenode net: mattock
