MR> If this has changed, and there is a way
MR> to interact with the service as non-admin then I will certainly look
MR> into this...
take subinacl to change the ACL of the openvpn-service
http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en
users need the right to start/stop the service
I just replied to Carsten to thank him for pointing me to this, and then
discovered something which is a show-stopper for me - if run as a
service, OpenVPN can only do certificate authentication, not
user/password auth, since there is no way to pass the auth details to
the service:
http://www.openvpn.se/files/howto/openvpn-howto_run_openvpn_as_nonadmin-Rev1.1.html
We would prefer to use password auth instead of certificate distribution
in our environment.
However, the page given above states:
"There is work in progress to enhance the OpenVPN Service so it can be
controlled via a TCP socket. This will allow individual tunnels to
started and stopped at will, as well as supplying OpenVPN with the
password used to encrypt the private key. OpenVPN GUI 2.0 will be
rewritten to make use of this service."
which seems to cover what I would like to see in OpenVPN. Can anyone
shed any more light on this?
Matthew