Hi, On Thu, Sep 10, 2020 at 12:10:25AM -0700, Marvin Adeff wrote: > Please allow me to back up a moment and restate this:
As a matter of mailing list etiquette - could you please not post
this with
Subject: Re: [Openvpn-devel] [PATCH] Fix client's poor man NCP fallback
I do try to figure out what is "patch related" and what is "new problems",
and *this* is certainly not related to the NCP PATCH.
> 1. I installed the beta3 msi from the web site logged in as a user that has
> admin privileges. But no elevation was used to install it, just double-click
> on the file.
> 2. I only used the GUI as installed, with no elevation, to start OpenVPN.
> 3. With TAP selected in my .ovpn config file, everything works normally.
> 4. I am reporting that (from the same login) if I change the .ovpn to use
> wintun (all edits done through the GUI selection), it fails with the error I
> showed below.
Is the interactive service running?
If tap is used, do you see "routes installed using service" or do you
see netsh commands in the openvpn log?
> Is 4. what you are saying is not supported? In our use, as we have done for
> the past decade, the client boxes are used for M2M monitoring. OpenVPN has
> to connect on bootup (.ovpn config file contains inline certificates)
> regardless if there is a user logged in or not as M2M monitoring occurs in
> the background. And if a user does login, most often it is with credentials
> that have admin privileges. I am trying to understand if what you???re
> telling me is that this will no longer work, or if we will need to do
> something different now? My testing used the GUI to see how things will work
> with wintun so we can continue testing.
>
> Do I need to NOT use the GUI to get wintun to work?
Wintun needs SYSTEM privileges.
To get such, you either need to run OpenVPN "at boot" via openvpnsrv2
(which has SYSTEM privileges), *or* you need to use the interactive service
via the GUI.
Due to some Vista-related quirks in the GUI, the GUI will not use the
iservice if it's run elevated (run-as-admin). If I understand Selva
right, it *should* work if you "just run it", even if the user has
admin privs, as long as UAC is active (as Win10 runs user processes
unprivileged, even if the user is part of the Admin group).
The error message you have posted hints at "the interactive service is
not being used" - which could be due to "it is not running" or "GUI is
running elevated".
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
