To All 3, Thank you with your help I found the issue. UAC was disabled in the registry on this image. IIRC we had trouble updating some software by automated script and turning UAC off was required.
After re-enabling UAC, wintun started normally. On Thu, Sep 10, 2020 at 12:33 AM Gert Doering <g...@greenie.muc.de> wrote: > Hi, > > On Thu, Sep 10, 2020 at 12:10:25AM -0700, Marvin Adeff wrote: > > Please allow me to back up a moment and restate this: > > As a matter of mailing list etiquette - could you please not post > this with > > Subject: Re: [Openvpn-devel] [PATCH] Fix client's poor man NCP fallback > > I do try to figure out what is "patch related" and what is "new problems", > and *this* is certainly not related to the NCP PATCH. > > > > 1. I installed the beta3 msi from the web site logged in as a user that > has admin privileges. But no elevation was used to install it, just > double-click on the file. > > 2. I only used the GUI as installed, with no elevation, to start > OpenVPN. > > 3. With TAP selected in my .ovpn config file, everything works > normally. > > 4. I am reporting that (from the same login) if I change the .ovpn to > use wintun (all edits done through the GUI selection), it fails with the > error I showed below. > > Is the interactive service running? > > If tap is used, do you see "routes installed using service" or do you > see netsh commands in the openvpn log? > > > Is 4. what you are saying is not supported? In our use, as we have done > for the past decade, the client boxes are used for M2M monitoring. OpenVPN > has to connect on bootup (.ovpn config file contains inline certificates) > regardless if there is a user logged in or not as M2M monitoring occurs in > the background. And if a user does login, most often it is with > credentials that have admin privileges. I am trying to understand if what > you???re telling me is that this will no longer work, or if we will need to > do something different now? My testing used the GUI to see how things will > work with wintun so we can continue testing. > > > > Do I need to NOT use the GUI to get wintun to work? > > Wintun needs SYSTEM privileges. > > To get such, you either need to run OpenVPN "at boot" via openvpnsrv2 > (which has SYSTEM privileges), *or* you need to use the interactive service > via the GUI. > > Due to some Vista-related quirks in the GUI, the GUI will not use the > iservice if it's run elevated (run-as-admin). If I understand Selva > right, it *should* work if you "just run it", even if the user has > admin privs, as long as UAC is active (as Win10 runs user processes > unprivileged, even if the user is part of the Admin group). > > > The error message you have posted hints at "the interactive service is > not being used" - which could be due to "it is not running" or "GUI is > running elevated". > > gert > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never > doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh > Mistress > > Gert Doering - Munich, Germany > g...@greenie.muc.de >
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
