How to let unprivileged user change/add route in Win7? OpenVPN client configuration

Question

I have a Win7 laptop with OpenVPN installed. The normal user is an unprivileged user without knowledge of the administrator password.

When running as an administrator, everything works fine with setting up the OpenVPN tunnel, but I cannot get a regular unprivileged user to perform the final stage (adding default route in setting up the tunnel without UAC asking for the administrator password.

By online searches I've found two possible ways:

Set up the OpenVPN client as a service
Start the OpenVPN GUI as a "scheduled task"

Both of these ways seems to have their own set of problems, so I wonder if there is no way to get the unprivileged user to get the rights to perform "add route" using the OpenVPN client without knowing and entering the admininstrator password?

score 3 · Answer 1 · answered May 13 '11 at 08:25

3

You may want to try using the OpenVPN MI GUI:

http://openvpn-mi-gui.inside-security.de/

answered May 13 '11 at 08:25

Boris

31
2

score 2 · Answer 2 · answered Sep 14 '11 at 18:15

2

NOT TESTED: Add a permanent default route via the tunnel with higher priority then the normal one. When the tunnel interface is up, this route will be used. When the tunnel is down, the normal one will be used.

answered Sep 14 '11 at 18:15

Mircea Vutcovici

17,619
4
56
83

score 1 · Answer 3 · answered Sep 14 '11 at 17:35

You wont' be able to some how grant the Regular User or Power User to be able to ADD \ DELEE a route. There is a yet another workaround that worked for me. The problem with OpenVPN is that you have to have the Certificates imported for current user. So, if you Run As Admin, OpenVPN will attemp to read certificates not from current user's but from Admin's profile.

The workaround is to:

Import all necessary certificates for Admin's profile;
Run As Admin OpenVPN GUI;
ENTER the admin password in this point;
OpenVPN will read all certificates data from Admin's profile and successfylly connect with ROUTE ADD successfull comletion.

No, you have to enter the admin password to use this, but only once the GUI app launches.

So, may be the option to set up the OpenVPN client as a service and run from NETWORK SERVICE Account is the best choice.

score 0 · Answer 4 · answered Jul 21 '11 at 20:10

0

This definitely solves that problem, but it is a bit flaky http://sourceforge.net/projects/securepoint/

answered Jul 21 '11 at 20:10

Tom Newton

4,141
2
24
28

How to let unprivileged user change/add route in Win7? OpenVPN client configuration

4 Answers4