Re: [Openvpn-users] Allowing all OpenVPN 2.4.x Windows users to run OpenVPN by default?

2016-03-05 Thread blz
On 3/5/2016 4:35 AM, David Sommerseth wrote: > On 05/03/16 11:35, Németh Tamás NET wrote: Hi, On Thu, Mar 03, 2016 at 02:06:30PM +0200, Samuli Seppänen wrote: > Do we want let any non-admin user on a system launch OpenVPN connections > by default? Or do we want the administra

Re: [Openvpn-users] Allowing all OpenVPN 2.4.x Windows users to run OpenVPN by default?

2016-03-05 Thread Selva Nair
Hi, Thanks for the comments. On Sat, Mar 5, 2016 at 6:40 PM, Németh Tamás NET wrote: > What if you add a config option to profile files which is similar to > "valid users" of samba's smb.conf? This option might be mandatory in > systemwide profiles and optional in personal profiles. Only users

Re: [Openvpn-users] Allowing all OpenVPN 2.4.x Windows users to run OpenVPN by default?

2016-03-05 Thread Németh Tamás NET
Hi, So, any thougts? Yes, a few minutes after I sent my mail, I realized it's not a good idea to have a group which allows for its members to use both systemwide and personal VPN profiles, because this model does not give enough control to sysadmins and it's insecure. Your original idea of

Re: [Openvpn-users] Allowing all OpenVPN 2.4.x Windows users to run OpenVPN by default?

2016-03-05 Thread Selva Nair
Hi, On Sat, Mar 5, 2016 at 5:35 AM, Németh Tamás wrote: > > > Well, what if there would be a checkbox in the installer labeled with > something like "Only members of this group are allowed to use OpenVPN:" and > then a dropdown list of local(?) Windows groups. One of the listed groups > migh > b

Re: [Openvpn-users] Another architecture question

2016-03-05 Thread Gert Doering
Hi, On Sat, Mar 05, 2016 at 09:55:23AM -0600, Leroy Tennison wrote: > I have been asked to set up a site-to-site OpenVPN instead of using > IPSec and there are some things I'm not sure about. I'm mostly familiar > with "road warrior" implementations. Assuming a tun implementation, how > does

[Openvpn-users] Another architecture question

2016-03-05 Thread Leroy Tennison
I have been asked to set up a site-to-site OpenVPN instead of using IPSec and there are some things I'm not sure about. I'm mostly familiar with "road warrior" implementations. Assuming a tun implementation, how does site-to-site work as far as routing is concerned? I've searched the web and

Re: [Openvpn-users] Allowing all OpenVPN 2.4.x Windows users to run OpenVPN by default?

2016-03-05 Thread David Sommerseth
On 05/03/16 11:35, Németh Tamás NET wrote: >>> Hi, >>> >>> On Thu, Mar 03, 2016 at 02:06:30PM +0200, Samuli Seppänen wrote: Do we want let any non-admin user on a system launch OpenVPN connections by default? Or do we want the administrator of the system to specifically grant permiss

Re: [Openvpn-users] Allowing all OpenVPN 2.4.x Windows users to run OpenVPN by default?

2016-03-05 Thread Németh Tamás NET
>> Hi, >> >> On Thu, Mar 03, 2016 at 02:06:30PM +0200, Samuli Seppänen wrote: >>> Do we want let any non-admin user on a system launch OpenVPN connections >>> by default? Or do we want the administrator of the system to >>> specifically grant permissions to OpenVPN to each non-admin user? >> >> I t