Introduction

OpenVPN Interactive Service, also known as "iservice" or "OpenVPNServiceInteractive", is a Windows system service which allows unprivileged users to do certain privileged operations required by OpenVPN, such as adding routes. This removes the need to always run OpenVPN as administrator, which was the case for long time, and continues to be the case for OpenVPN 2.3.x.

The 2.4.x release and git "master" versions of OpenVPN contain the Interactive Service code and OpenVPN-GUI is setup to use it by default. Starting from version 2.4.0, OpenVPN-GUI is expected to be started as user (do not right-click and "run as administrator" or do not set the shortcut to run as adiministrator). This ensures that OpenVPN and the GUI runs with limited privileges.

How it works

Here is a brief explanation of how the Interactive Service works, based on ​Gert's email to openvpn-devel mailing list. The example user, "joe", is not an administrator, and does not have any other extra privileges.

• OpenVPN-GUI runs as an "joe"
• Interactive Service runs as a local Windows service with maximum privileges
• OpenVPN-GUI connects to the Interactive Service and asks it "run openvpn.exe with the following arguments, using the "joe"'s credentials
  • Windows can do this - pass credentials across a pipe, which you can't fake
• Interactive Service forks openvpn.exe, and runs this as user ("joe"), and keeps a "service pipe" between Interactive Service and openvpn.exe
• if openvpn.exe wants to do ifconfig/route/dns stuff, it sends these as requests over the service pipe to the Interactive Service, which will then execute them (and clean up should openvpn crash)
• --up scripts are run by openvpn.exe itself, which is already running as "joe", all privileges are nicely in place
• scripts run by the GUI will run as user joe, so that automated tasks like mapping of drives work as expected

This also avoids the use of scripts for privilege escalation to admin (as was possible by running an --up script from openvpn which is run as admin).