You can use fwknop to automate this type of sysadmin level changes in a
secure manner.
-Reuben
On Tue, Dec 3, 2019, 3:09 PM CHRIZTOFFER HANSEN
wrote:
>
> Jason A. Donenfeld wrote on 27/11/2019 13:29:
> > On Wed, Nov 27, 2019 at 10:07 AM Chris Bennett
> wrote:
> >> However I've found the logged in user needs local Administrator access
> to activate and de-activate a tunnel. Is there any way around this? Is it
> in the roadmap to remove this requirement?
> >
> > No intention of reducing the security of the system, no. WireGuard
> > requires administrator access because redirecting an entire machine's
> > network traffic is certainly an administrator's task.
>
> What if you this functionality is coded as opt-in, for e.g. a org/corp
> sysadmin to enable for the users, and *not* opt-out?
>
> The the default knob will still be secure, and the sysadmin has the
> conscious possibility to put power in the hand of the users. And it will
> be the sysadm's choice. Not the team behind pushing the development of
> WireGuard forward, taking a choice on behalf of the consumer/user base.
>
> Chriztoffer
> ___
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
