On Wed, Dec 9, 2015 at 7:26 PM, <debbie...@gmail.com> wrote: > I am curious to know: > > 1. Do you mean "installation of OpenVPN app to the host system" > without "admin/root" privs .?
No. > 2. Do you mean "configure the Tap/Tun network device" > without "admin/root" privs .? Not sure what you mean. Tunnelblick can create Tun/Tap network device that is in a configuration authorized by an admin earlier. Or (I think) that on OS X the built-in "utun" tun device can be used without admin privileges > 3. Do you mean to "install suitable routes to the host system" > without "admin/root" privs .? Again, Tunnelblick does this with pre-authorized setups; most are usually "pushed" by the server. >> As I understand it MacOS(Tunnelblick) > is more secure than _say_ Debian or arch(openvpn) running as root I'm not sure why except in the sense (if true) that OS X is more secure than Debian. > So I fail to see how you can achieve *any* of your goals. As I wrote to Selva, it looks like I can't. > I can only presume you have the "privilege separation" idea in mind, > which *still* requires "admin/root" for application installation .. > does it not ? ( I am just assuming some basic security principles ) Yes, as described above. > OpenVPN-Portable-App has the same underlying flaw > and why it was, no doubt, discontinued. > > Sorry .. I don't mean to be rude (on this occasion) but > there is little point wasting time on security restrictions imposed by OS .. No problem. Thanks for your comments. ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
