| 134 | |
| 135 | * windows and the interactive service |
| 136 | * privileged service running |
| 137 | * GUI talks to service, service runs openvpn process with user rights, but restricted permissions against access from elsewhere |
| 138 | * routes get installed by having openvpn signal the service that routes should be installed/removed/... |
| 139 | |
| 140 | * gain: users do not need to run gui with admin rights, and openvpn process does not run with admin rights |
| 141 | * remaining attack angle: install unauthorized routes |
| 142 | * it can be locked down by only permitting .ovpn profiles from a given non-user-writeable path (registry setting at installation) |
| 143 | |
| 144 | * on XP, this is actually not needed (only Vista and up), so the installer could decide to not install the service at all, as network programming on XP needs "netsh" while Vista and up have a decent API for that. |
| 145 | * "do not put any extra effort on XP, but do not break it on purpose" |