Changes between Version 2 and Version 3 of OpenVPNInteractiveService

Timestamp:

03/25/18 16:55:55 (6 years ago)

Author:

Selva Nair

Comment:

--

OpenVPNInteractiveService

@@ -3 +3 @@
 OpenVPN Interactive Service, also known as "iservice" or "OpenVPNServiceInteractive", is a Windows system service which allows unprivileged users to do certain privileged operations required by OpenVPN, such as adding routes. This removes the need to always run OpenVPN as administrator, which was the case for long time, and continues to be the case for OpenVPN 2.3.x.
 
-Recent Git "master" versions of OpenVPN contain the Interactive Service code, and recent [https://github.com/OpenVPN/OpenVPN-GUI OpenVPN-GUI] versions can make use of it. If you want to test this new fucntionality, please grab a recent Git "master" [http://build.openvpn.net/downloads/snapshots/ Windows snapshot installer].
+The 2.4.x release and git "master" versions of OpenVPN contain the Interactive Service code and OpenVPN-GUI is setup to use it by default. Starting from version 2.4.0, OpenVPN-GUI is expected to be started as user (do not right-click and "run as administrator" or do not set the shortcut to run as adiministrator). This ensures that OpenVPN and the GUI runs with limited privileges.
 
 = How it works =
@@ -16 +16 @@
 - if openvpn.exe wants to do ifconfig/route/dns stuff, it sends these as requests over the service pipe to the Interactive Service, which will then execute them (and clean up should openvpn crash)
 - --up scripts are run by openvpn.exe itself, which is already running as "joe", all privileges are nicely in place
+- scripts run by the GUI will run as user joe, so that automated tasks like mapping of drives work as expected
 
-This cannot be used anymore for privilege escalation to admin (by running an --up script from openvpn which is run-as-admin).
+This also avoids the use of scripts for privilege escalation to admin (as was possible by running an --up script from openvpn which is run as admin).