We add them to the Windows built-in "Network Configuration Operators" group, and that gives them enough privilege to add routes, and we use the standard Openvpn client & GUI. We need for our end users to be able to bring up/down the tunnel, and so auto-starting as a service proved not workable.
Gordon Russell Clarke County IT 540 955 5135 ----- Original Message ----- > From: "Karl Fife" <karlf...@gmail.com> > To: "ESF - Electric Sheep Fencing pfSense Support" <list@lists.pfsense.org> > Sent: Monday, December 1, 2014 3:37:25 PM > Subject: [pfSense] OpenVPN & Non-admin users. > > I'd like to poll how others have dealt with the issue of non-admin > Windows users running OpenVPN (TUN) for remote access. > > If you recall, non-admin users don't have the privileged of inserting a > routes, so even though the tunnel is is established, it won't be used > without an explicit route. > > I've read all of the scenarios, from running the client as a service, > disabling username/password, creating client shortcuts with elevated > privilege etc, using the Viscosity client for windows (only needs admin > to be installed, not to be used). > > If you feel like showing off your astute reasoning, which route did you > take and why? > > > _______________________________________________ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list > _______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
